ljacobsson / evb-cli Goto Github PK

View Code? Open in Web Editor NEW

218.0 218.0 15.0 14.7 MB

Pattern generator and debugging tool for Amazon EventBridge

JavaScript 76.02% HTML 23.98%

aws-tools eventbridge

evb-cli's People

Contributors

Stargazers

Watchers

Forkers

poeblu heitorlessa roetherb spuds51 deldennis 3p3r randyridgley ets-reactnative3 palmito357 theashyster jansony1 niradler mhlabs cobyvitnu cj-russell

evb-cli's Issues

Non-SSO Auth option

Running into an issue where SSO isn't available on the AWS account I'm working with.
Would you consider adding a non-SSO auth variant, please?

Can't find profile from ini file

To reproduce

evb diagram --profile test

Should pick up from shared ini file

Paced replays for non-dead-letter archives targets all rules

When running replays we often want to target specific rules. When using paced replay (using the --replay-speed parameter), this means we're redirecting the replay into a state machine with a dispatch state sending the event back on the bus. At this point we lose the previously set targeted replay and the event will run through all matching rules on the bus.

If you omit the --replay-speed this is not an issue.

This is also not a problem for evb replay-dead-letter since the target is always Lambda for those and it's straight forward to create temporary permissions fo rthat one use case.

However for non-dead-letter targets, we'd need to duplicate all targets behind the specified rules along with temporary permissions and policies for them. This is time consuming, so I'm raising this issue as a step 2 implementation

IAM Forbidden

Running into the issue where SSO is not configured. Appears to be trying to use my default profile from the aws credentials file. Is there a way to specify a different profile?

(node:43368) UnhandledPromiseRejectionWarning: ForbiddenException, AccessDeniedException: User: arn:aws:iam::34534534345343:user is not authorized to perform

Add ability to test an event payload against rules on a specific bus

As a user of the evb-cli, I'd like to test if an event matches the EventBridge rules on a bus, which would help debugging rules and see if they match my expectations.

This would take an event as input, query the list of rules for that bus, retrieve the pattern for each rule, and check the event against each pattern. This should have the option to select the rule name.

This could have a simplified view showing just each rule with a checkmark, or a detailed view where I can see which section of the pattern matches the rule or not.

Support for IAM Role profiles

Given the following aws profile:

[profile my-role-based-mfa-profile]
source_profile=my-iam-user-profile
role_arn=arn:aws:iam::1234567890:role/MyRole
mfa_serial=arn:aws:iam::1234567890:mfa/iam-username
region=eu-west-1

I get an error when running:

evb diagram -b{mybus} -p my-role-based-mfa-profile

node:internal/process/promises:218
          triggerUncaughtException(err, true /* fromPromise */);
          ^

Error: connect EHOSTUNREACH 169.254.169.254:80 - Local (192.168.72.86:57537)
    at internalConnect (node:net:899:16)
    at defaultTriggerAsyncIdScope (node:internal/async_hooks:428:12)
    at node:net:991:9
    at processTicksAndRejections (node:internal/process/task_queues:75:11) {
  message: 'Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1',
  errno: -65,
  code: 'CredentialsError',
  syscall: 'connect',
  address: '169.254.169.254',
  port: 80,
  time: 2021-07-05T11:17:21.628Z,
  originalError: {
    message: 'Could not load credentials from any providers',
    errno: -65,
    code: 'CredentialsError',
    syscall: 'connect',
    address: '169.254.169.254',
    port: 80,
    time: 2021-07-05T11:17:21.628Z,
    originalError: {
      message: 'EC2 Metadata roleName request returned error',
      errno: -65,
      code: 'EHOSTUNREACH',
      syscall: 'connect',
      address: '169.254.169.254',
      port: 80,
      time: 2021-07-05T11:17:21.628Z,
      originalError: {
        errno: -65,
        code: 'EHOSTUNREACH',
        syscall: 'connect',
        address: '169.254.169.254',
        port: 80,
        message: 'connect EHOSTUNREACH 169.254.169.254:80 - Local (192.168.72.86:57537)'
      }
    }
  }
}

Would be great if these types of profiles could be supported too :)

Edges gets added between tags and resources on each tag change

Explanatory title

Add support for testing event pattern

So an example json event can be pasted into to the console and the command will return if a given pattern matches or not.

https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_TestEventPattern.html

ReferenceError: schemaResponse is not defined

https://github.com/mhlabs/evb-cli/blob/master/src/commands/shared/schema-browser.js#L60

What privileges are required to use evb?

$ evb pattern
Could not find template.yaml. Will write pattern to stdout. Use -t <path to CloudFormation template to write to template>
/home/johnb/.nvm/versions/node/v16.13.0/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/protocol/json.js:52
  resp.error = util.error(new Error(), error);
                          ^

MethodNotAllowed: User: arn:aws:sts::12345678901023:assumed-role/developer-admin/johnb is not authorized to perform: schemas:ListRegistries on resource: arn:aws:schemas:us-east-1:12345678901023:* with an explicit deny
    at Object.extractError (/home/johnb/.nvm/versions/node/v16.13.0/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/protocol/json.js:52:27)
    at Request.extractError (/home/johnb/.nvm/versions/node/v16.13.0/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/protocol/rest_json.js:49:8)
    at Request.callListeners (/home/johnb/.nvm/versions/node/v16.13.0/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
    at Request.emit (/home/johnb/.nvm/versions/node/v16.13.0/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/home/johnb/.nvm/versions/node/v16.13.0/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/request.js:686:14)
    at Request.transition (/home/johnb/.nvm/versions/node/v16.13.0/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/home/johnb/.nvm/versions/node/v16.13.0/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /home/johnb/.nvm/versions/node/v16.13.0/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/home/johnb/.nvm/versions/node/v16.13.0/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/home/johnb/.nvm/versions/node/v16.13.0/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/request.js:688:12) {
  code: 'MethodNotAllowed',
  time: 2022-03-04T21:37:23.178Z,
  requestId: 'e3bdbd81-9f11-4a2d-b4f9-41d36b857a03',
  statusCode: 403,
  retryable: false,
  retryDelay: 80.26074495834715

Step functions should handle and retry Lambda service errors

Self Signed Cert

Is there a way to use a self-signed certificate? Not sure if there is an environment variable that can be specified?

(node:13688) UnhandledPromiseRejectionWarning: Error: self signed certificate in certificate chain

Add support for testing input transformations

Paste an json example event and see what the transformed input will look like.

AFAIK not possible with current aws sdk....

Paced replay doesn't work with multiple Destination.FilterArns

Crash on evb replay - Missing region

Heyo! 👋 I get an UnhandledPromiseRejectionWarning when trying to run evb replay.

Content of ~/.aws/config

[default]
region=eu-north-1
output=json

and I've got valid credentials for an IAM User in ~/.aws/credentials.

The error I'm getting:

> evb replay
(node:2765) UnhandledPromiseRejectionWarning: ConfigError: Missing region in config
    at Request.VALIDATE_REGION (/usr/local/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/event_listeners.js:94:47)
    at Request.callListeners (/usr/local/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
    at callNextListener (/usr/local/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/sequential_executor.js:96:12)
    at /usr/local/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/event_listeners.js:86:9
    at finish (/usr/local/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/config.js:386:7)
    at /usr/local/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/config.js:404:9
    at SharedIniFileCredentials.get (/usr/local/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/credentials.js:127:7)
    at getAsyncCredentials (/usr/local/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/config.js:398:24)
    at Config.getCredentials (/usr/local/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/config.js:418:9)
    at Request.VALIDATE_CREDENTIALS (/usr/local/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/event_listeners.js:81:26)
(node:2765) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 2)
(node:2765) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

Let me know if there's any other info you need!

Null-value pattern bug

Trying to create an event pattern that matches null.

Docs: https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-patterns-null-values.html

Example:

"EventPattern": {
          "source": [
            "xxx"
          ],
          "detail": {
              "propertyX": [null]
          },
          "detail-type": [
            "yyy"
          ]
        },

When I run evb local test I get this error:

UnhandledPromiseRejectionWarning: TypeError: Cannot convert undefined or null to object
    at Function.keys (<anonymous>)
    at findAllKeys (............@mhlabs/evb-cli/lib/node_modules/@mhlabs/evb-cli/src/commands/local/listeners/localPatternListener.js:25:27
    ```

Add support for browsing event registries in other accounts

Amazon EventBridge Schema Registries support giving read access to other AWS accounts and browsing those by passing the complete ARN.

However, registries in other AWS accounts don't appear with the listRegistries operation, thus will not appear in the evb cli.

One way to support this would be to add a --registry-name option to explicitly specify a registry name or ARN.

Unexpected key 'CreatedBy' found in params

Paced replays on Windows is getting error: Unexpected key 'CreatedBy' found in params

Add ability to run replays at a percentage of the original speed

This will be an experimental setup using Step Functions.

To achieve this, duplicate the replay destinations into 2 separate rules each;

One that forces the event target(s) to be Step Functions
One that uses the original targets, but with a modified source in the event pattern.

Set replay to point to (1) and at the end of SF flow put events to eventbus, but with temporary source from step (2)

Use wait state with a calculated SecondsPath based on event time, replay start time and the percentage of the original speed