Merge pull request #1 from appvia/initial

Initial commit

.circleci/config.yml

@@ -0,0 +1,69 @@
+version: 2
+jobs:
+  test:
+    docker:
+      - image: ruby:2.5.0-alpine
+    steps:
+      - checkout
+      - run:
+          name: Install build dependencies
+          command: apk add -U g++ make
+      - run:
+          name: Install ruby dependencies
+          command: bundle install --deployment
+      - run:
+          name: Run code analyser
+          command: bundle exec rubocop
+      - run:
+          name: Run RSpec
+          command: bundle exec rspec spec/
+  build:
+    machine: true
+    steps:
+      - checkout
+      - run:
+          name: Build Image
+          command: docker build -t appvia/rds-scheduler:$CIRCLE_SHA1 .
+  push_latest:
+    machine: true
+    steps:
+      - checkout
+      - run:
+          name: Push to Quay with tag latest
+          command: |
+            docker build -t quay.io/appvia/rds-scheduler:latest .
+            docker login quay.io --username $QUAY_USERNAME --password $QUAY_PASSWORD
+            docker push quay.io/appvia/rds-scheduler:latest
+  push_tag:
+    machine: true
+    steps:
+      - checkout
+      - run:
+          name: Push to Quay with Git tag
+          command: |
+            docker build -t quay.io/appvia/rds-scheduler:$CIRCLE_TAG .
+            docker login quay.io --username $QUAY_USERNAME --password $QUAY_PASSWORD
+            docker push quay.io/appvia/rds-scheduler:$CIRCLE_TAG
+workflows:
+  version: 2
+  build:
+    jobs:
+      - test
+      - build
+  push_latest:
+    jobs:
+      - push_latest:
+          filters:
+            branches:
+              only:
+                - master
+            tags:
+              ignore: /.*/
+  push_tag:
+    jobs:
+      - push_tag:
+          filters:
+            branches:
+              ignore: /.*/
+            tags:
+              only: /.*/

.gitignore

@@ -1,2 +1,5 @@
+.DS_Store
+.bundle/*
+src/.bundle/*
 src/vendor/*
 vendor/*

.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

.rubocop.yml

@@ -0,0 +1,13 @@
+Metrics/AbcSize:
+  Enabled: false
+
+Metrics/BlockLength:
+  Enabled: true
+  Exclude:
+    - spec/**/*
+
+Metrics/LineLength:
+  Enabled: false
+
+Metrics/MethodLength:
+  Enabled: false

.ruby-version

@@ -0,0 +1 @@
+2.5.0

Dockerfile

@@ -0,0 +1,25 @@
+FROM ruby:2.5.0-alpine
+LABEL maintainer="info@appvia.io"
+LABEL source="https://github.com/appvia/rds-scheduler"
+
+WORKDIR /app
+
+# Update packages in base image
+RUN apk update && apk upgrade
+
+# Copy application files into image
+COPY lib Gemfile Gemfile.lock /app/
+
+# Create a non-root user and set file permissions
+RUN addgroup -S app \
+    && adduser -S -g app -u 1000 app \
+    && chown -R app:app /app
+
+# Run as the non-root user
+USER 1000
+
+# Fetch dependencies
+RUN bundle install --deployment --without test
+
+# Set the run command
+CMD ["ruby", "run.rb"]

Gemfile

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+ruby '2.5.0'
+
+gem 'activesupport'
+gem 'aws-sdk-rds'
+gem 'bundler'
+gem 'logger'
+gem 'tzinfo'
+gem 'tzinfo-data'
+
+group :test do
+  gem 'rspec'
+  gem 'rubocop'
+end

Gemfile.lock

@@ -0,0 +1,80 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (5.2.2)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    ast (2.4.0)
+    aws-eventstream (1.0.1)
+    aws-partitions (1.127.0)
+    aws-sdk-core (3.44.1)
+      aws-eventstream (~> 1.0)
+      aws-partitions (~> 1.0)
+      aws-sigv4 (~> 1.0)
+      jmespath (~> 1.0)
+    aws-sdk-rds (1.42.0)
+      aws-sdk-core (~> 3, >= 3.39.0)
+      aws-sigv4 (~> 1.0)
+    aws-sigv4 (1.0.3)
+    concurrent-ruby (1.1.4)
+    diff-lcs (1.3)
+    i18n (1.4.0)
+      concurrent-ruby (~> 1.0)
+    jaro_winkler (1.5.1)
+    jmespath (1.4.0)
+    logger (1.3.0)
+    minitest (5.11.3)
+    parallel (1.12.1)
+    parser (2.5.3.0)
+      ast (~> 2.4.0)
+    powerpack (0.1.2)
+    rainbow (3.0.0)
+    rspec (3.8.0)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+    rspec-core (3.8.0)
+      rspec-support (~> 3.8.0)
+    rspec-expectations (3.8.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-mocks (3.8.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-support (3.8.0)
+    rubocop (0.62.0)
+      jaro_winkler (~> 1.5.1)
+      parallel (~> 1.10)
+      parser (>= 2.5, != 2.5.1.1)
+      powerpack (~> 0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.4.0)
+    ruby-progressbar (1.10.0)
+    thread_safe (0.3.6)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    tzinfo-data (1.2018.9)
+      tzinfo (>= 1.0.0)
+    unicode-display_width (1.4.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activesupport
+  aws-sdk-rds
+  bundler
+  logger
+  rspec
+  rubocop
+  tzinfo
+  tzinfo-data
+
+RUBY VERSION
+   ruby 2.5.0p0
+
+BUNDLED WITH
+   1.16.1

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 appvia
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,85 @@
+# RDS Scheduler
+
+[![Build_Status](https://circleci.com/gh/appvia/rds-scheduler.svg?style=svg)](https://circleci.com/gh/appvia/rds-scheduler) [![Docker Repository on Quay](https://quay.io/repository/appvia/rds-scheduler/status "Docker Repository on Quay")](https://quay.io/repository/appvia/rds-scheduler)
+
+Manage uptime schedules for RDS Instances and shutdown instances outside of working hours.
+
+All RDS instances are checked for a given AWS Tag, `appvia.io/rds-scheduler/uptime-schedule`, to determine whether they need to be managed according to a specified uptime schedule. If the AWS Tag is not found, no action is taken on that DB instance.
+
+The value of an AWS Tag should hold a time definition matching the pattern: `<WEEKDAY-FROM>-<WEEKDAY-TO> <HH:MM-FROM>-<HH:MM-TO> <TIMEZONE>`
+
+For example:
+```yml
+appvia.io/rds-scheduler/uptime-schedule: MON-FRI 08:30-18:00 Europe/London
+```
+
+The above definition would start an RDS instance at 08:30 and shut it down at 18:00 on weekdays only, leaving the instance in a stopped state in the evenings and weekends.
+
+## Usage
+
+Set the Tag `appvia.io/rds-scheduler/uptime-schedule` on each RDS instance, providing a time definition to keep the RDS instance online for.
+
+Run the docker container, providing AWS Credentials either as environment variables or mounting in your AWS config directory, e.g.:
+
+```bash
+# Pass as environment variables
+docker run --rm -t -e AWS_ACCESS_KEY_ID=X AWS_SECRET_ACCESS_KEY=X -e AWS_REGION=eu-west-2 quay.io/appvia/rds-scheduler
+
+# Use AWS config and profile
+docker run --rm -t -v ~/.aws:/home/app/.aws:ro -e AWS_PROFILE=my-aws-profile quay.io/appvia/rds-scheduler
+```
+
+### Configuration
+
+The following environment variables can be passed:
+- `DRY_RUN`: Don't make any changes to RDS instances, just prints what actions would be performed to stdout (default: `false`)
+- `LOOP_INTERVAL_SECS`: How frequently (in seconds) to loop and perform checks on the RDS instance schedules (default: `60`)
+- `RUN_ONCE`: Loop through RDS instances only once and exit the script (default: `false`)
+- `TAG_UPTIME_SCHEDULE`: AWS Tag name on the RDS instances containing a time definition (default: `appvia.io/rds-scheduler/uptime-schedule`)
+
+### Kubernetes
+
+The RDS Scheduler can run within your Kubernetes Cluster as a lightweight deployment. Review the [./examples/kube](./examples/kube) directory for example deployment files.
+
+### Lambda
+
+The RDS Scheduler can be configured to run as a Lambda Function within your AWS Account.
+
+There are some things to note when attempting to run in Lambda:
+- The file to be executed is at the root of the zipfile being uploaded
+- The dependencies are packaged within the zipfile at `./vendor/bundle/ruby/2.5.0/...` (AWS Lambda uses Ruby v2.5.0)
+
+If you're using **[rbenv](https://github.com/rbenv/rbenv)**:
+```bash
+# Install Ruby v2.5.0
+rbenv install 2.5.0
+
+# Install / Update bundler
+gem install bundler
+
+# Download dependencies
+bundle install --path=lib/vendor/bundle --deployment --without test
+
+# Copy Gemfiles to the lib directory
+cp Gemfile* lib/
+```
+
+Example deployment files are located in the [./examples/terraform](./examples/terraform) directory. The Lambda Function is configured to trigger via a CloudWatch Event Rule and execute every 5 minutes.
+
+All log output of the Lambda Function is recorded under a CloudWatch Log Group, keeping the same name as the Function (`rds-scheduler`). This is accessible under the following URL (replace with the relevant AWS region): `https://eu-west-2.console.aws.amazon.com/cloudwatch/home?region=eu-west-2#logStream:group=/aws/lambda/acp-rds-scheduler`
+
+## IAM Permissions
+
+For the RDS Scheduler to function properly, the following IAM Statement is required:
+```json
+{
+    "Effect": "Allow",
+    "Action": [
+        "rds:DescribeDBInstances",
+        "rds:ListTagsForResource",
+        "rds:StartDBInstance",
+        "rds:StopDBInstance"
+    ],
+    "Resource": "*"
+}
+```

examples/kube/aws-credentials.yml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "aws-credentials"
+data:
+  AWS_ACCESS_KEY_ID: X
+  AWS_SECRET_ACCESS_KEY: X
+  AWS_REGION: X

examples/kube/deployment.yml

@@ -0,0 +1,21 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: rds-scheduler
+  labels:
+    name: rds-scheduler
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        name: rds-scheduler
+    spec:
+      securityContext:
+        runAsNonRoot: true
+      containers:
+      - image: quay.io/appvia/rds-scheduler:latest
+        name: rds-scheduler
+        envFrom:
+        - secretRef:
+            name: aws-credentials