aws marketplace integration (#98)

README-install.md

@@ -0,0 +1,41 @@
+# Install
+
+## Terraform install
+
+The best way to deploy roxprox+envoy to your infrastructure is by using our terraform module. You can download and install terraform from [https://developer.hashicorp.com/terraform/install](https://developer.hashicorp.com/terraform/install).
+
+Once downloaded, create a new project directory, and create a proxy.tf file with the following contents:
+```
+module "roxprox" {
+  source                          = "[email protected]:in4it/roxprox.git//terraform"
+  envoy_release                   = "v1.29.3"
+  release                         = "0.0.23"
+  envoy_proxy_cpu                 = 512
+  envoy_proxy_memory              = 1024
+  loadbalancer                    = "alb"
+  loadbalancer_alb_cert           = "example.com"
+  control_plane_count             = 1
+  envoy_proxy_count               = 1
+  envoy_extra_target_group_arns   = [aws_lb_target_group.envoy-proxy-http-internal.id]
+  lb_subnets                      = []    # aws public subnet to use (pick 2)
+  subnets                         = []    # aws private subnet to use (typically corresponding private subnets in same AZ)
+  s3_bucket                       = "roxprox-examplecom" # s3 bucket will be created. config resides in config/
+  bucket_lb_logs                  = "roxprox-examplecom" # lb logs
+}
+```
+
+Make sure to have a TLS certificate configured for the domain name specified as "loadbalancer_alb_cert". Fill out the lb_subnets and subnets (public and private vpc subnets to use). Modify the s3 bucket name. Ssee next step to upload configuration. Make changes where desired, then apply the configuration:
+
+```
+terraform init
+terraform apply
+```
+
+This will launch the roxprox and envoy container within a new ECS cluster, the s3 bucket, and add a loadbalancer pointing to the envoy instance.
+
+To change the configuration, upload a configuration yaml file to the s3 bucket (change the bucket with your bucket name):
+```
+aws s3 cp resources/example-proxy/mocky.yaml s3://roxprox-examplecom/config/mocky.yaml
+```
+
+To test the installation, hit the newly created loadbalancer endpoint with curl or a browser.

cmd/envoy-control-plane/main.go

@@ -5,6 +5,7 @@ import (
 	"os"
 	"strings"
 
+	"github.com/in4it/roxprox/pkg/awsmarketplace"
 	envoy "github.com/in4it/roxprox/pkg/envoy"
 	"github.com/in4it/roxprox/pkg/management"
 	storage "github.com/in4it/roxprox/pkg/storage"
@@ -15,15 +16,16 @@ var logger = loggo.GetLogger("envoy-control-plane")
 
 func main() {
 	var (
-		err                  error
-		loglevel             string
-		storageType          string
-		storagePath          string
-		storageBucket        string
-		storageNotifications string
-		awsRegion            string
-		acmeContact          string
-		s                    storage.Storage
+		err                     error
+		loglevel                string
+		storageType             string
+		storagePath             string
+		storageBucket           string
+		storageNotifications    string
+		awsRegion               string
+		acmeContact             string
+		skipRegisterMarketplace bool
+		s                       storage.Storage
 	)
 	flag.StringVar(&loglevel, "loglevel", "INFO", "log level")
 	flag.StringVar(&storageType, "storage-type", "local", "storage type")
@@ -32,6 +34,7 @@ func main() {
 	flag.StringVar(&storageNotifications, "storage-notifications", "", "s3 storage notifications")
 	flag.StringVar(&awsRegion, "aws-region", "", "AWS region")
 	flag.StringVar(&acmeContact, "acme-contact", "", "acme contact for TLS certs")
+	flag.BoolVar(&skipRegisterMarketplace, "skip-register-marketplace", false, "skip the registration to the AWS marketplace")
 
 	flag.Parse()
 
@@ -43,6 +46,14 @@ func main() {
 		loggo.ConfigureLoggers(`<root>=INFO`)
 	}
 
+	if !skipRegisterMarketplace {
+		err := awsmarketplace.Register(awsRegion)
+		if err != nil {
+			logger.Errorf("AWS marketplace registration error: %s", err)
+			os.Exit(1)
+		}
+	}
+
 	if storageType == "local" {
 		s, err = storage.NewLocalStorage(storagePath)
 		if err != nil {

go.mod

@@ -5,7 +5,7 @@ go 1.21
 replace github.com/golang/mock v1.4.3 => github.com/golang/mock v1.4.4
 
 require (
-	github.com/aws/aws-sdk-go v1.38.69
+	github.com/aws/aws-sdk-go v1.53.16
 	github.com/envoyproxy/go-control-plane v0.12.0
 	github.com/google/go-cmp v0.5.9
 	github.com/google/uuid v1.3.0

go.sum

@@ -1,7 +1,7 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/aws/aws-sdk-go v1.38.69 h1:V489lmrdkIQSfF6OAGZZ1Cavcm7eczCm2JcGvX+yHRg=
-github.com/aws/aws-sdk-go v1.38.69/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
+github.com/aws/aws-sdk-go v1.53.16 h1:8oZjKQO/ml1WLUZw5hvF7pvYjPf8o9f57Wldoy/q9Qc=
+github.com/aws/aws-sdk-go v1.53.16/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
 github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
@@ -41,7 +41,6 @@ github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -51,9 +50,6 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
 golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -64,10 +60,6 @@ golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
 golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -76,17 +68,11 @@ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
 golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
@@ -109,8 +95,6 @@ google.golang.org/grpc v1.58.3 h1:BjnpXut1btbtgN/6sp+brB2Kbm2LjNXnidYujAVbSoQ=
 google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
-google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
 google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

pkg/awsmarketplace/register.go

@@ -0,0 +1,33 @@
+package awsmarketplace
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/marketplacemetering"
+)
+
+func Register(awsRegion string) error {
+	sess, err := session.NewSession(&aws.Config{Region: aws.String(awsRegion)})
+	if err != nil {
+		return fmt.Errorf("couldn't initialize S3: %s", err)
+	}
+
+	// Create a MarketplaceMetering client from just a session.
+	svc := marketplacemetering.New(sess)
+
+	out, err := svc.RegisterUsage(&marketplacemetering.RegisterUsageInput{
+		ProductCode:      aws.String(os.Getenv("PROD_CODE")),
+		PublicKeyVersion: aws.Int64(1),
+	})
+
+	if err != nil {
+		return fmt.Errorf("RegisterUsage error: %s", err)
+	}
+
+	fmt.Printf("Response from RegisterUsage API call: %s\n", aws.StringValue(out.Signature))
+
+	return nil
+}

pkg/storage/s3/io_test.go

@@ -8,7 +8,7 @@ import (
 )
 
 func TestMultiLineYaml(t *testing.T) {
-	input := "spec:\n  inline_code: |\n    this is\n    Inline code."
+	input := "spec:\n  inlineCode: |\n    this is\n    Inline code."
 	var luaFilter api.LuaFilter
 	err := yaml.Unmarshal([]byte(input), &luaFilter)
 	if err != nil {

terraform/variables.tf

@@ -146,6 +146,7 @@ variable "loadbalancer_https_forwarding" {
 variable "tls_listener" {
   description = "run a service for a tls (https) listener (true/false)"
   type        = bool
+  default     = false
 }
 
 variable "management_access_sg" {
@@ -270,4 +271,4 @@ variable "envoy_nofile_hard_limit" {
 variable "envoy_extra_target_group_arns" {
   description = "extra target groups to add"
   default     = []
-}
+}