deploying available code with CI/CD

Author: Sachin Maheshwari

.circleci/config.yml

@@ -0,0 +1,89 @@
+version: 2
+
+default: &default
+    docker:
+      - image: circleci/node:8.9.4-stretch
+installation_dependency: &installation_dependency
+    name: Install Serverless and AWS CLI
+    command: |
+        sudo apt-get update -y && sudo apt-get install -qq -y python-pip libpython-dev
+        curl -O https://bootstrap.pypa.io/get-pip.py && sudo python get-pip.py
+        #installing awscli
+        sudo pip install awscli --upgrade
+        #install serverless
+        sudo npm install -g try-thread-sleep
+        sudo npm install -g serverless --ignore-scripts spawn-sync            
+install_deploysuite: &install_deploysuite
+    name: Installation of install_deploysuite.
+    command: |
+       git clone --branch master https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript
+       cp ./../buildscript/master_deploy.sh .
+       cp ./../buildscript/buildenv.sh .
+       cp ./../buildscript/awsconfiguration.sh .            
+restore_cache: &restore_cache
+     key: docker-node-{{ checksum "package-lock.json" }}
+install_npm: &install_npm
+     name: Install node_modules
+     command: |
+         npm install
+save_cache: &save_cache
+     key: docker-node-{{ checksum "package-lock.json" }}
+     paths:
+       - node_modules
+build_steps: &build_steps
+      # Initialization.
+      - checkout
+      - run: *installation_dependency
+      - run: *install_deploysuite
+      # Restoration of node_modules from cache.
+      - restore_cache: *restore_cache      
+      - run: *install_npm
+      # Caching node modules.
+      - save_cache: *save_cache
+      # deploy app
+      - run:
+          name: Deploy via Masterscript v2
+          command: |
+             ./awsconfiguration.sh $DEPLOY_ENV
+             source awsenvconf
+             ./buildenv.sh -e $DEPLOY_ENV -b ${LOGICAL_ENV}-lambda-member-v5user-skill-sync-deployvar
+             source buildenvvar             
+             ./master_deploy.sh -d LAMBDA -e $DEPLOY_ENV -s ${LOGICAL_ENV}-lambda-member-v5user-skill-sync-appvar
+
+jobs:
+  # Build & Deploy against development backend rera212
+  "build-dev":
+    <<: *default
+    environment:
+      DEPLOY_ENV: "DEV"
+      LOGICAL_ENV: "dev"    
+      # deploy app
+    steps: *build_steps
+
+
+  "build-prod":
+    <<: *default
+    environment:
+      DEPLOY_ENV: "PROD"
+      LOGICAL_ENV: "prod"      
+      # deploy app
+    steps: *build_steps
+
+workflows:
+  version: 2
+  build:
+    jobs:
+      # Development builds are executed on "develop" branch only.
+      - "build-dev":
+          context : org-global      
+          filters:
+            branches:
+              only: 
+                - develop
+      # production builds are executed on "master" branch only.
+      - "build-prod":
+          context : org-global      
+          filters:
+            branches:
+              only:
+                - master

.nvmrc

@@ -0,0 +1 @@
+10.16.3

README.md

@@ -0,0 +1,78 @@
+# member-skills-sync-lambda
+
+## Prerequisites
+1. Amazon DynamoDB table for the streaming and sending member skills data to Amazon Lambda exists and the ARN is known (please enable the streaming on DynamoDB with View type "New and old images" - see screen-shot in Verification Document if required).
+2. Amazon ElasticSearch domain for posting the member skills data already exists and endpoint is known.
+3. AWS Lambda IAM role that has the privilege (permission policies) to read the stream from DynamodDB already exists and ARN is known.
+4. Amazon ElasticSearch domain access policy has been configured so that AWS Lambda IAM role can do necessary action to post data to ElasticSearch and for unit test purpose, either using IP address or Serverless Agent IAM User below is given access to post data to ElasticSearch.
+5. Serverless Framework has been installed. If not yet done, please follow this [link](https://serverless.com/framework/docs/providers/aws/guide/installation/).
+6. Serverless Agent IAM User has been configured properly and its access key ID and its agent secret access key is known, please follow this [link](https://serverless.com/framework/docs/providers/aws/guide/credentials/) to setup one if not yet done.
+7. All the instructions below are using Node v10.16.3.
+
+## Environment Variables
+Please follow this instruction to setup the required environment variables. We are using Linux terminal in this example.
+
+First you need to setup environment variables for AWS credentials. For review purpose, actually you don't need to create a new user for severless agent, just use your AWS account's access key and secret access key which already have full-access to all AWS services.
+```
+export AWS_ACCESS_KEY_ID=<your access key id>
+export AWS_SECRET_ACCESS_KEY=<your secret access key>
+```
+For the sake of unit testing to run, running your lambda function locally, and deploying your lambda's environment variables, please also setup 9 more environment variables below in your terminal (using export command same as above).
+1. ES_URL                         --> Endpoint of your elastic search
+2. ES_REGION                      --> Region of your elastic search e.g. us-east-1
+3. ES_SKILLS_INDEX                --> ElasticSearch Index for member entered skills documents
+4. ES_SKILLS_MAPPING              --> ElasticSearch document type for member entered skills index
+7. DB_ENTERED_SKILLS_STREAM       --> ARN of DynamoDB table MemberEnteredSkills stream
+8. DB_AGGREGATED_SKILLS_STREAM    --> ARE of DynamoDB table MemberAggregatedSkills stream
+9. LAMBDA_ROLE                    --> ARN of IAM Role to be used when executing Lambda
+
+## Change the serverless.yml to fit your environment
+Please open serverless.yml from the project and modify following value in case you don't want to use environment variables:
+1. role (under index.syncSkills)    --> ARN of your AWS Lambda IAM Role
+2. arn (under stream)               --> ARN of your DynamoDB table stream
+3. ES_* (under environment)         --> This is by default populated by environment variables, feel free to change if needed
+4. DB_* (under environment)         --> This is by default populated by environment variables, feel free to change if needed
+5. Please also modify stage and region to fit your needs
+
+## Install Dependencies and Run Lint
+1. run the following command to install the dependencies
+```
+npm install
+```
+2. To run linter if required
+```
+npm run lint
+
+npm run lint:fix # To fix possible lint errors
+```
+
+## Unit Test
+Make sure you have properly setup the [environment variables](#environment-variables) and [installing dependencies](#install-dependencies-and-run-lint). Run `npm run test` to run the unit test.
+
+## Run lambda locally
+1. Make sure you have properly setup the [environment variables](#environment-variables) and [installing dependencies](#install-dependencies-and-run-lint).
+
+2. Run command `npm run test-data` to generate test data.(Important step!! The provided test data have different eventSourceARN which are different with your environment variables. The lambda function need to use eventSourceARN to distinguish ES index.)
+
+3. Then, Run the following to invoke lambda locally.
+```
+serverless invoke local -f sync -p test_data/createEnteredSkillsEvent.json
+serverless invoke local -f sync -p test_data/updateEnteredSkillsEvent.json
+serverless invoke local -f sync -p test_data/deleteEnteredSkillsEvent.json
+serverless invoke local -f sync -p test_data/createMemberAggregatedSkillsEvent.json
+serverless invoke local -f sync -p test_data/updateMemberAggregatedSkillsEvent.json
+serverless invoke local -f sync -p test_data/deleteMemberAggregatedSkillsEvent.json
+```
+Please note that even if the lambda is invoked locally using test data, the data is still being posted to ElasticSearch in AWS based on environment variables above. In order for the local invocation to work properly, the serverless agent that is used by serverless command has to have privilege to post the data to ElasticSearch or the access policy for the ElasticSearch is configured to allow any AWS principal to post the data but restricted by condition e.g. by using IpAddress.
+
+## Deploy
+When all the things mentioned above have been done, please run the following:
+```
+serverless deploy
+```
+Feel free to use flag `--verbose` after `serverless deploy` if you want to know more information about your deployment.
+
+You can also modify the lambda code if required and the redeployment is as simple as running `serverless deploy` again.
+
+## Verification
+Please read verification document for screen shot of enabling DynamoDB table stream, unit test result, deployment results, and results of manual testing on the lambda.

Verification.md

@@ -0,0 +1,55 @@
+# Verification
+
+## Setup From scratch
+1. You need to install aws-cli on your local environment and properly configure it.
+refer https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html and https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html for more information.
+2. You can use aws-cli to create `MemberEnteredSkills` and `MemberAggregatedSkills` tables using the following commands:
+```bash
+# Create MemberEnteredSkills table
+aws dynamodb create-table --table-name MemberEnteredSkills --attribute-definitions AttributeName=handleLower,AttributeType=S AttributeName=userId,AttributeType=N --key-schema AttributeName=userId,KeyType=HASH --global-secondary-indexes '[{"IndexName":"handleLower-index","KeySchema":[{"AttributeName":"handleLower","KeyType":"HASH"}],"Projection":{"ProjectionType":"ALL"}, "ProvisionedThroughput": {"ReadCapacityUnits": 2, "WriteCapacityUnits": 2}}]' --provisioned-throughput ReadCapacityUnits=4,WriteCapacityUnits=2
+# Create MemberAggregatedSkills table
+aws dynamodb create-table --table-name MemberAggregatedSkills --attribute-definitions AttributeName=handleLower,AttributeType=S AttributeName=userId,AttributeType=N --key-schema AttributeName=userId,KeyType=HASH --global-secondary-indexes '[{"IndexName":"handleLower-index","KeySchema":[{"AttributeName":"handleLower","KeyType":"HASH"}],"Projection":{"ProjectionType":"ALL"}, "ProvisionedThroughput": {"ReadCapacityUnits": 2, "WriteCapacityUnits": 2}}]' --provisioned-throughput ReadCapacityUnits=4,WriteCapacityUnits=2
+```
+3. Now go to AWS console DynamoDB service, you can enable the streaming on DynamoDB with View type "New and old images" after you click `Manage Stream` button. After that you could see `Latest stream ARN` like the following images.
+  ![](doc/images/dynamodb_MemberEnteredSkills.png)
+  ![](doc/images/dynamodb_MemberAggregatedSkills.png)
+4. Commonly, You don't need to create ElasticSearch index. By default, the index is created automatically if it doesn’t exist.
+5. You need to create IAM role for lambda function. the "Trusted entities" should be `AWS service: lambda`. It should contain 2 policies, one is `AWSLambdaDynamoDBExecutionRole`(AWS managed policy), another is user-created policy with ES permission (you need to create it in IAM service check the 3rd images)
+  ![](doc/images/iam_role.png)
+  ![](doc/images/iam_role_policies.png)
+  ![](doc/images/iam_user_policy.png)
+6. Following README.md to deploy the lambda function.
+  ![](doc/images/cloud_watch.png)
+  ![](doc/images/lambda.png)
+
+## Verification
+1. Create item in MemberEnteredSkills table
+  ![](doc/images/db_create_member_entered_skills.png)
+   Check CloudWatch and ElasticSearch
+  ![](doc/images/log_create_member_entered_skills.png)
+  ![](doc/images/es_create_member_entered_skills.png)
+2. Update item in MemberEnteredSkills table
+  ![](doc/images/db_update_member_entered_skills.png)
+   Check CloudWatch and ElasticSearch
+  ![](doc/images/log_update_member_entered_skills.png)
+  ![](doc/images/es_update_member_entered_skills.png)
+3. Delete item in MemberEnteredSkills table
+  ![](doc/images/db_delete_member_entered_skills.png)
+   Check CloudWatch and ElasticSearch
+  ![](doc/images/log_delete_member_entered_skills.png)
+  ![](doc/images/es_delete_member_entered_skills.png)
+4. Create item in MemberAggregatedSkills table
+  ![](doc/images/db_create_member_aggregated_skills.png)
+   Check CloudWatch and ElasticSearch
+  ![](doc/images/log_create_member_aggregated_skills.png)
+  ![](doc/images/es_create_member_aggregated_skills.png)
+5. Update item in MemberAggregatedSkills table
+  ![](doc/images/db_update_member_aggregated_skills.png)
+   Check CloudWatch and ElasticSearch
+  ![](doc/images/log_update_member_aggregated_skills.png)
+  ![](doc/images/es_update_member_aggregated_skills.png)
+6. Delete item in MemberAggregatedSkills table
+  ![](doc/images/db_delete_member_aggregated_skills.png)
+   Check CloudWatch and ElasticSearch
+  ![](doc/images/log_delete_member_aggregated_skills.png)
+  ![](doc/images/es_delete_member_aggregated_skills.png)

config/default.js

@@ -0,0 +1,11 @@
+module.exports = {
+  ES_URL: process.env.ES_URL || "",
+  ES_AWS_REGION: process.env.ES_AWS_REGION || "",
+  ES_API_VERSION: process.env.ES_API_VERSION || "",
+  ES_SKILLS_INDEX: process.env.ES_SKILLS_INDEX || "",
+  ES_SKILLS_MAPPING: process.env.ES_SKILLS_MAPPING || "",
+  DB_ENTERED_SKILLS_STREAM: process.env.DB_ENTERED_SKILLS_STREAM || "",
+  DB_AGGREGATED_SKILLS_STREAM: process.env.DB_AGGREGATED_SKILLS_STREAM || "",
+  LAMBDA_ROLE: process.env.LAMBDA_ROLE || "",
+  TC_API_URL: process.env.TC_API_URL || ""
+}

doc/images/cloud_watch.png

@@ -0,0 +1,51 @@
+'use strict';
+
+const AWS = require('aws-sdk')
+const skillInsert = require('./reuse/skill.insert')
+const skillModify = require('./reuse/skill.modify')
+const skillRemove = require('./reuse/skill.remove')
+const tag = require('./reuse/tag')
+const util = require('./reuse/util')
+
+let fileName = "index"
+let cachedTags
+
+/**
+ * Sync Dynamo DB member skills to Elastic Search
+ * @param {Object} event the event object
+ * @param {Object} context the context object
+ * @param {Func} callback the callback
+ */
+module.exports.syncSkills = async (event, context, callback) => {
+  let tagsResponse
+  if (!cachedTags) {
+    tagsResponse = await tag.getTags()
+    if (tagsResponse.statusCode != 200) {
+      callback(null, util.immediateResponse(null, 503, "Tags service is down", null))
+      return;
+    }
+    cachedTags = tagsResponse.data
+  }
+  if (cachedTags) {
+    for (let count = 0; count < event.Records.length; count++) {
+      let record = event.Records[count]
+      if (record.eventName === 'INSERT' || record.eventName === 'MODIFY' || record.eventName === 'REMOVE') {
+        util.logger(fileName, null, "Get UserId", null)
+        const keys = AWS.DynamoDB.Converter.unmarshall(record.dynamodb.Keys)
+        let userId = String(keys.userId)
+        if (record.eventName === 'INSERT') {
+          await skillInsert.insert(count, userId, record, cachedTags)
+        } else if (record.eventName === 'MODIFY') {
+          await skillModify.modify(count, userId, record, cachedTags)
+        } else if (record.eventName === 'REMOVE') {
+          await skillRemove.remove(count, userId, record)
+        }
+      }
+    }
+    callback(null, util.fetchResponse())
+    return;
+  } else {
+    callback(null, tagsResponse)
+    return;
+  }
+}