FINRAOS
diff --git a/‎.circleci/config.yml
Lines changed: 114 additions & 0 deletions b/‎.circleci/config.yml
Lines changed: 114 additions & 0 deletions
diff --git a/‎.circleci/push.sh
Lines changed: 36 additions & 0 deletions b/‎.circleci/push.sh
Lines changed: 36 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 2 additions & 0 deletions b/‎README.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎aphelion/Dockerfile
Lines changed: 7 additions & 3 deletions b/‎aphelion/Dockerfile
Lines changed: 7 additions & 3 deletions
diff --git a/‎aphelion/deploy/limits/limits.py
Lines changed: 111 additions & 43 deletions b/‎aphelion/deploy/limits/limits.py
Lines changed: 111 additions & 43 deletions
diff --git a/‎aphelion/pom.xml
Lines changed: 1 addition & 1 deletion b/‎aphelion/pom.xml
Lines changed: 1 addition & 1 deletion
@@ -0,0 +1,114 @@
+# Java Maven CircleCI 2.0 configuration file
+#
+# Check https://circleci.com/docs/2.0/language-java/ for more details
+#
+version: 2.1
+jobs:
+  build_aphelion-service:
+    docker:
+      - image: circleci/openjdk:8u171-jdk
+    working_directory: ~/repo
+    environment:
+      MAVEN_OPTS: -Xmx3200m
+    steps:
+      - checkout
+      - setup_remote_docker
+      - restore_cache:
+          keys:
+            # when lock file changes, use increasingly general patterns to restore cache
+            - maven-repo-{{ .Branch }}-{{ checksum "aphelion/pom.xml" }}
+            - maven-repo-{{ .Branch }}-
+            - maven-repo
+      - run:
+          name: Run Tests and Build Backend Services
+          command: |
+            pushd aphelion
+            mvn clean package
+      - save_cache:
+          paths:
+            - ~/.m2
+          key: maven-repo-{{ .Branch }}-{{ checksum "aphelion/pom.xml" }}
+      - run:
+          name: Save Tests
+          command: |
+            mkdir -p ~/junit
+            find . -type f -regex ".*/target/surefire-reports/.*xml" -exec cp {} ~/junit/ \;
+      - store_test_results:
+          path: ~/junit
+      - save_cache:
+          key: aphelion-{{ .Branch }}-{{ epoch }}
+          paths:
+              - aphelion/target/aphelion-1.0.jar
+      - run:
+          name: Build Aphelion service container
+          command: |
+            ls -ltr
+            cd aphelion
+            ls -ltr
+            docker build --build-arg jar_file=aphelion-1.0.jar -t aphelion/aphelion-service ./
+            docker images
+      - run:
+          name: Push Aphelion service to docker repo
+          command: |
+            source .circleci/push.sh aphelion/aphelion-service aphelion-service
+
+  build_and_push_dashboard-service:
+    working_directory: ~/repo
+    docker:
+      - image: docker:17.05.0-ce-git
+    steps:
+      - checkout
+      - setup_remote_docker
+      - run:
+          name: Build dashboard-service
+          command: |
+            cd dashboard-service
+            docker build -t aphelion/aphelion-dashboard-service ./
+      - run:
+          name: Push Aphelion dashboard-service to docker repo
+          command: |
+            source .circleci/push.sh aphelion/aphelion-dashboard-service aphelion-dashboard-service
+  build_and_push_web:
+    working_directory: ~/repo
+    docker:
+      - image: docker:17.05.0-ce-git
+    steps:
+      - checkout
+      - setup_remote_docker
+      - run:
+          name: Build web-service
+          command: |
+            cd web
+            docker build -t aphelion/aphelion-web ./
+      - run:
+          name: Push Aphelion web-service to docker repo
+          command: |
+            source .circleci/push.sh aphelion/aphelion-web aphelion-web
+
+workflows:
+  version: 2.1
+  ci-push:
+    jobs:
+      - build_and_push_dashboard-service
+      - build_and_push_web
+      - build_aphelion-service
+  tag-and-release:
+    jobs:
+      - build_and_push_dashboard-service:
+          filters:
+            tags:
+              only: /^v.*/
+            branches:
+              ignore: /.*/
+      - build_and_push_web:
+          filters:
+            tags:
+              only: /^v.*/
+            branches:
+              ignore: /.*/
+      - build_aphelion-service:
+          filters:
+            tags:
+              only: /^v.*/
+            branches:
+              ignore: /.*/
@@ -0,0 +1,36 @@
+echo "$CIRCLE_BRANCH"
+
+DOCKER_TAG=$1
+DOCKER_TAG_COMPONENT=$2
+DOCKER_REPO=${DOCKER_TAG_REPO}/${DOCKER_TAG_COMPONENT}
+
+BRANCH=${CIRCLE_BRANCH:-UNSET}
+DATE=$(date +"%m%d%y")
+BUILD_NUM=${CIRCLE_BUILD_NUM:-UNSET}
+TAG=${CIRCLE_TAG:-UNSET}
+
+echo "BRANCH IS $BRANCH"
+echo "BUILD_NUM IS $BUILD_NUM"
+echo "TAG IS $TAG"
+
+if [ "${BRANCH}" != "UNSET" ]; then
+    echo "This is a CI branch build"
+    DOCKER_RELEASE_TAG=${BRANCH}-${DATE}-${BUILD_NUM}
+    DOCKER_LATEST_TAG=latest
+else
+    echo "This is a Tag release"
+    DOCKER_RELEASE_TAG=$(echo $TAG | cut -d "v" -f 2)
+    DOCKER_LATEST_TAG=latest
+fi
+
+echo "Version Tag will be: ${DOCKER_RELEASE_TAG}"
+echo "Latest Tag will be: ${DOCKER_LATEST_TAG}"
+
+echo "pushing and tagging image"
+docker tag ${DOCKER_TAG} ${DOCKER_REPO}:${DOCKER_RELEASE_TAG}
+docker tag ${DOCKER_TAG} ${DOCKER_REPO}:${DOCKER_LATEST_TAG}
+docker images
+docker login -u=${DOCKER_USER} -p=${DOCKER_PASS}
+docker push ${DOCKER_REPO}:${DOCKER_RELEASE_TAG}
+docker push ${DOCKER_REPO}:${DOCKER_LATEST_TAG}
+echo "Done!"
@@ -22,6 +22,8 @@ the particular service exposes the current limit values via API calls.
   - Warning >=75% & <80%
   - Danger >=80%
 - Download CSV report
+- Email CSV report after reaching a configurable limit
+
 
 ## Documentation
 - [Overview](docs/index.md)
 
@@ -1,10 +1,13 @@
-FROM amazonlinux:latest
+FROM amazonlinux:2-with-sources
+
+ARG jar_file
 
 ENV JAVA_OPTS="-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap  -XX:MaxRAMFraction=1 -XshowSettings:vm "
 
+RUN amazon-linux-extras install epel
 RUN yum install -y epel-release
 RUN yum install -y --nogpgcheck java-1.8.0-openjdk.x86_64
-RUN yum -y install python34-pip
+RUN yum -y install python3-pip
 RUN yum -y install cronie
 RUN python3 -m pip install boto3
 RUN python3 -m pip install awscli
@@ -13,7 +16,8 @@ RUN mkdir -p /opt/staging/limits
 RUN mkdir -p /etc/cron.d
 
 ADD deploy/limits/limits-cron /etc/cron.d/limits-cron
-ADD target/*.jar /opt/staging
+ADD target/${jar_file} /opt/staging
+
 ADD deploy/startup.sh /opt/staging
 ADD deploy/limits /opt/staging
 
 
@@ -19,6 +19,13 @@
 import get_role_session
 import datetime
 import os
+import sys
+import traceback
+import smtplib
+from email.mime.multipart import MIMEMultipart
+from email.mime.text import MIMEText
+from email.mime.base import MIMEBase
+from email import encoders
 
 #load environment configurations and get values we need
 role_name = os.environ.get('ASSUMED_ROLE_NAME', None)
@@ -28,6 +35,46 @@
 report_filename = os.environ.get('REPORT_FILE_NAME')
 now = datetime.datetime.now().strftime("%Y-%m-%dT%H:%M:%S-")
 
+#mail settings
+sender = os.environ.get('MAIL_SENDER', None)
+message = os.environ.get('MAIL_MESSAGE', None)
+subject = os.environ.get('MAIL_SUBJECT', None)
+mailhost = os.environ.get('MAIL_HOST', None)
+port = os.environ.get('MAIL_PORT', None)
+receivers = [x.strip() for x in os.environ.get('MAIL_RECEIVERS').split(',')]
+reporting_limit = os.environ.get('MAIL_REPORTING_LIMIT', None)
+
+def send_mail_attachment(message, attachment):
+    msg = MIMEMultipart()
+    # Create headers
+    msg['Subject'] = subject
+    msg['From'] = sender
+    msg['To'] = ";".join(receivers)
+    part = MIMEBase('application', "octet-stream")
+    # Attach attachment
+    part.set_payload(open(attachment, "rb").read())
+    encoders.encode_base64(part)
+    part.add_header('Content-Disposition', 'attachment', filename=attachment.split('/')[-1])
+    msg.attach(part)
+    msg.attach(MIMEText(message, 'plain'))
+    # Send it off
+    smtpObj = smtplib.SMTP(mailhost, port)
+    smtpObj.sendmail(sender, receivers, msg.as_string())
+    print("Successfully sent email")
+
+def send_mail(message):
+    msg = MIMEMultipart()
+    # Create headers
+    msg['Subject'] = subject
+    msg['From'] = sender
+    msg['To'] = ";".join(receivers)
+    # Attach message
+    msg.attach(MIMEText(message, 'plain'))
+    # Send it off
+    smtpObj = smtplib.SMTP(mailhost, port)
+    smtpObj.sendmail(sender, receivers, msg.as_string())
+    print("Successfully sent email")
+
 #do some "formatting" of the limits collected by TA, as well as drop limits with no usage
 def ta_limit_to_dict(limit):
     #extract values into dictionary
@@ -48,48 +95,69 @@ def ta_limit_to_dict(limit):
     account_out = {'id': account_id}
     all_limits = []
     #get boto3 session for the account
-    sess = get_role_session.get_role_session(account_id, role_name, role_session_name)
-    #instance_types = defaultdict(int)
-    for region in regions:
-        #get total EC2 instances since TA does not check TOTAL on-demand instances, only by instance type
-        total_instances = 0
-        ec2 = sess.resource('ec2', region_name=region)
-        for instance in ec2.instances.page_size(count=100):
-            if instance.instance_lifecycle != 'spot':
-                #instance_types["%s %s" % (region,instance.instance_type)] += 1
-                total_instances += 1
-        #and check that coutn against the configured limit from EC2
-        ec2c = sess.client('ec2', region_name=region)
-        attributes = ec2c.describe_account_attributes(AttributeNames=['max-instances'])
-        all_limits.append({'region':region, 'service':'EC2', 'limit':'Max On-Demand Instances', 'max':attributes['AccountAttributes'][0]['AttributeValues'][0]['AttributeValue'], 'used':total_instances})
-
-        #inspect DMS resources and limits
-        dms = sess.client('dms', region_name=region)
-        dms_limits = dms.describe_account_attributes()
-        for dms_limit in dms_limits['AccountQuotas']:
-            all_limits.append({'region':region, 'service':'DMS', 'limit':dms_limit['AccountQuotaName'], 'max':dms_limit['Max'], 'used':dms_limit['Used']})
-
-    #start the check from trusted advisor. remember that the check needs to be refreshed, so that should have been run at least an hour before hand
-    # this is only run once per account since TA is global.        
-    support = sess.client('support')
-    ta_resp = support.describe_trusted_advisor_check_result(checkId = 'eW7HH0l7J9', language='en')
-    #walk the list of TA resources, and add them to the master list if valid
-    if 'flaggedResources' in ta_resp['result']:
-        for limit in ta_resp['result']['flaggedResources']:
-            limit_dict = ta_limit_to_dict(limit['metadata'])
-            if limit_dict != None:
-                all_limits.append(limit_dict)
-    account_out['limits'] = all_limits
-    report_out.append(account_out)
-
-headers = ['AccountID','Region','Service','Limit','Used','Max','% Usage']
-csvfile = open('/opt/staging/limits/' + now + report_filename, 'w')
-csvwriter = csv.writer(csvfile, quoting=csv.QUOTE_ALL)
-
-csvwriter.writerow(headers)
-for account in report_out:
-    for limit in sorted(account['limits'], key=lambda x: str(x['region']) + str(x['service']) + str(x['limit'])):
-        csvwriter.writerow([account['id'],limit['region'], limit['service'], limit['limit'], limit['used'], limit['max'], 
-            str(int(float(limit['used'])/float(limit['max'])*100)) + '%'])
+    try:
+        sess = get_role_session.get_role_session(account_id, role_name, role_session_name)
+        #instance_types = defaultdict(int)
+        for region in regions:
+            #get total EC2 instances since TA does not check TOTAL on-demand instances, only by instance type
+            total_instances = 0
+            ec2 = sess.resource('ec2', region_name=region)
+            for instance in ec2.instances.page_size(count=100):
+                if instance.instance_lifecycle != 'spot':
+                    #instance_types["%s %s" % (region,instance.instance_type)] += 1
+                    total_instances += 1
+            #and check that coutn against the configured limit from EC2
+            ec2c = sess.client('ec2', region_name=region)
+            attributes = ec2c.describe_account_attributes(AttributeNames=['max-instances'])
+            all_limits.append({'region':region, 'service':'EC2', 'limit':'Max On-Demand Instances', 'max':attributes['AccountAttributes'][0]['AttributeValues'][0]['AttributeValue'], 'used':total_instances})
+
+            #inspect DMS resources and limits
+            dms = sess.client('dms', region_name=region)
+            dms_limits = dms.describe_account_attributes()
+            for dms_limit in dms_limits['AccountQuotas']:
+                all_limits.append({'region':region, 'service':'DMS', 'limit':dms_limit['AccountQuotaName'], 'max':dms_limit['Max'], 'used':dms_limit['Used']})
+
+        #start the check from trusted advisor. remember that the check needs to be refreshed, so that should have been run at least an hour before hand
+        # this is only run once per account since TA is global.
+        support = sess.client('support')
+        ta_resp = support.describe_trusted_advisor_check_result(checkId = 'eW7HH0l7J9', language='en')
+        #walk the list of TA resources, and add them to the master list if valid
+        if 'flaggedResources' in ta_resp['result']:
+            for limit in ta_resp['result']['flaggedResources']:
+                limit_dict = ta_limit_to_dict(limit['metadata'])
+                if limit_dict != None:
+                    all_limits.append(limit_dict)
+        account_out['limits'] = all_limits
+        report_out.append(account_out)
+
+        headers = ['AccountID','Region','Service','Limit','Used','Max','% Usage']
+        csvfilelocation = '/opt/staging/limits/' + now + report_filename
+        csvfile = open(csvfilelocation, 'w')
+        csvwriter = csv.writer(csvfile, quoting=csv.QUOTE_ALL)
+
+        is_exceeding_limit = None
+
+        csvwriter.writerow(headers)
+        for account in report_out:
+            for limit in sorted(account['limits'], key=lambda x: str(x['region']) + str(x['service']) + str(x['limit'])):
+                limit_percent = int(float(limit['used'])/float(limit['max'])*100)
+
+                try:
+                    if reporting_limit is not None and limit_percent >= int(reporting_limit):
+                        is_exceeding_limit = True
+                except ValueError:
+                    print("Could not convert data to an integer.", sys.exc_info()[0])
+
+
+                csvwriter.writerow([account['id'],limit['region'], limit['service'], limit['limit'], limit['used'], limit['max'],
+                                    str(limit_percent) + '%'])
 
+        if is_exceeding_limit:
+            send_mail_attachment(message, csvfilelocation)
 
+    except Exception:
+        print("Unexpected error:", sys.exc_info()[0])
+        csvfile = open('/opt/staging/limits/' + now + report_filename, 'w')
+        csvwriter = csv.writer(csvfile, quoting=csv.QUOTE_ALL)
+        csvwriter.writerow(["ERROR", traceback.format_exc()])
+        raise
@@ -4,7 +4,7 @@
 
 	<artifactId>aphelion</artifactId>
 	<packaging>jar</packaging>
-	<version>1.0-SNAPSHOT</version>
+	<version>1.0</version>
 
 	<parent>
 		<groupId>org.springframework.boot</groupId>