bin/cdklocal

#!/usr/bin/env node
"use strict"

const fs = require("fs");
const diff = require("diff");
const path = require("path");
const http = require("http");
const https = require("https");
const crypto = require("crypto");
const net = require('net');

const { isEnvTrue, EDGE_PORT, PROTOCOL, configureEnvironment } = require("../src");

// constants and custom config values

const DEFAULT_HOSTNAME = "localhost";
const LAMBDA_MOUNT_CODE = isEnvTrue("LAMBDA_MOUNT_CODE");
const AWS_ENVAR_ALLOWLIST = process.env.AWS_ENVAR_ALLOWLIST || "";


//----------------
// UTIL FUNCTIONS
//----------------

const getLocalEndpoint = async () => process.env.AWS_ENDPOINT_URL || `${PROTOCOL}://${await getLocalHost()}`;

var resolvedHostname = undefined;

const runAsyncFunctionAsSync = (asyncFn) => {
  return (...args) => {
    asyncFn(...args).catch((e) => {
      console.error(e);
    });
  };
};

const getLocalHost = async () => {
  if (resolvedHostname) {
    // early exit to not resolve again
    return `${resolvedHostname}:${EDGE_PORT}`;
  }

  var hostname = process.env.LOCALSTACK_HOSTNAME || DEFAULT_HOSTNAME;
  // Fall back to using local IPv4 address if connection to localhost fails.
  // This workaround transparently handles systems (e.g., macOS) where
  // localhost resolves to IPv6 when using Nodejs >=v17. See discussion:
  // https://github.com/localstack/aws-cdk-local/issues/76#issuecomment-1412590519
  // Issue: https://github.com/localstack/aws-cdk-local/issues/78
  if (hostname === "localhost") {
    try {
      const options = {host: hostname, port: EDGE_PORT};
      await checkTCPConnection(options);
    } catch (e) {
      hostname = "127.0.0.1";
    }
  }

  resolvedHostname = hostname;
  return `${hostname}:${EDGE_PORT}`;
};

/**
 * Checks whether a TCP connection to the given "options" can be established.
 * @param {object} options connection options of net.socket.connect()
 *                 https://nodejs.org/api/net.html#socketconnectoptions-connectlistener
 *                 Example: { host: "localhost", port: 4566 }
 * @returns {Promise} A fulfilled empty promise on successful connection and
 *                    a rejected promise on any connection error.
 */
const checkTCPConnection = async (options) => {
  return new Promise((resolve, reject) => {
    const socket = new net.Socket();
    const client = socket.connect(options, () => {
      client.end();
      resolve();
    });

    client.setTimeout(500);  // milliseconds
    client.on("timeout", err => {
      client.destroy();
      reject(err);
    });

    client.on("error", err => {
      client.destroy();
      reject(err);
    });
  });
}

const useLocal = () => {
  // TODO make configurable..?
  return true;
};

const md5 = s => crypto.createHash("md5").update(s).digest("hex");

const getMethods = (obj) => {
  const properties = new Set();
  let currentObj = obj;
  do {
    Object.getOwnPropertyNames(currentObj).map((item) => properties.add(item));
  } while ((currentObj = Object.getPrototypeOf(currentObj)));
  const excluded = [
    "caller", "callee", "arguments", "constructor", "isPrototypeOf",
    "hasOwnProperty", "valueOf", "toString", "toLocaleString", "propertyIsEnumerable"
  ];
  const props = [...properties.keys()].filter((pr) => !excluded.includes(pr) && !pr.startsWith("__"));
  return props.filter((item) => typeof obj[item] === "function");
};

// simple helper function to fetch an HTTP URL in a promisified way
const fetchURLAsync = (url) => new Promise((resolve, reject) => {
  const httpClient = url.includes("https://") ? https : http;
  const req = httpClient.get(url, {"rejectUnauthorized": false}, (res) => {
    let responseBody = "";
    res.on("data", (chunk) => {
      responseBody += chunk;
    });
    res.on("end", () => {
      resolve(responseBody || "{}");
    });
  });
  req.on("error", (err) => {
    reject(err);
  });
  req.end();
});

const getTemplateBody = (params) => {
  if (params.TemplateBody) {
    return params.TemplateBody;
  }
  return fetchURLAsync(params.TemplateURL);
};

// small import util function

const modulePrefix = "aws-cdk/node_modules";
const importLib = function importLib(libPath) {
  try {
    return require(path.join(modulePrefix, libPath));
  } catch (exc) {
    return require(path.join(libPath));
  }
};

// this isn't doing anything for current versions (e.g. 2.167.1)
const setSdkOptions = async (options, setHttpOptions) => {
  if (!useLocal(options)) {
    return;
  }
  if (setHttpOptions) {
    options = options.httpOptions = options.httpOptions || {};
  }
  options.endpoint = await getLocalEndpoint();
  options.s3ForcePathStyle = true;
  options.accessKeyId = "test";
  options.secretAccessKey = "test";
};

const patchProviderCredentials = (provider) => {
  const origConstr = provider.SdkProvider.withAwsCliCompatibleDefaults;
  provider.SdkProvider.withAwsCliCompatibleDefaults = async (options = {}) => {
    const localEndpoint = await getLocalEndpoint();
    await setSdkOptions(options, true); // legacy
    const result = await origConstr(options);
    result.sdkOptions = result.sdkOptions || {}; // legacy
    await setSdkOptions(result.sdkOptions); // legacy
    // >= 2.167.0
    if (result.requestHandler) {
      result.requestHandler.endpoint = localEndpoint;
      result.requestHandler.forcePathStyle = true;
    }
    return result;
  };

  provider.SdkProvider.prototype.defaultCredentials = () => ({
    "accessKeyId": process.env.AWS_ACCESS_KEY_ID || "test",
    "secretAccessKey": process.env.AWS_SECRET_ACCESS_KEY || "test"
  });
};

const patchCdkToolkit = (CdkToolkit) => {
  const CdkToolkitClass = CdkToolkit.ToolkitInfo || CdkToolkit;
  getMethods(CdkToolkitClass.prototype).forEach((meth) => {
    const original = CdkToolkitClass.prototype[meth];
    CdkToolkitClass.prototype[meth] = async function methFunc(...args) {
      await setSdkOptions(this.props.sdkProvider.sdkOptions);
      return original.bind(this).apply(this, args);
    };
  });
};

const patchCurrentAccount = (SDK) => {
  const currentAccountOrig = SDK.prototype.currentAccount;
  SDK.prototype.currentAccount = async function currentAccount() {
    const {config} = this;
    await setSdkOptions(config);
    return currentAccountOrig.bind(this)();
  };

  const forceCredentialRetrievalOrig = SDK.prototype.forceCredentialRetrieval;
  SDK.prototype.forceCredentialRetrieval = function forceCredentialRetrieval() {
    if (!this._credentials.getPromise) {
      this._credentials.getPromise = () => this._credentials;
    }
    return forceCredentialRetrievalOrig.bind(this)();
  };
};

const patchToolkitInfo = (ToolkitInfo) => {
  const setBucketUrl = function setBucketUrl(object, bucket, domain) {
    const newBucketUrl = `https://${domain.replace(`${bucket}.`, "")}:${EDGE_PORT}/${bucket}`;
    Object.defineProperty(object, "bucketUrl", {
      get() {
        return newBucketUrl;
      }
    });
  };

  // Pre-fetch the necessary values for the bucket URL
  const prefetchBucketUrl = async (object) => {
    // Has been observed that the object is not always an instance of ToolkitInfo
    if (object && Object.prototype.hasOwnProperty.call(object, "bucketName") && Object.prototype.hasOwnProperty.call(object, "bucketUrl")) {
      try {
        const bucket = object.bucketName;
        const domain = object.bucketUrl.replace("https://", "") || await getLocalHost();
        // When object is ExistingToolkitInfo & the bucketName/bucketUrl attributes are non-null
        setBucketUrl(object, bucket, domain);
      } catch (e) {
        // ToolkitInfo: bucketName/bucketUrl attributes don't exist or if implemented, they throw exceptions
        // so the exceptions have to be ignored.
        //
        // The following is an example of how the bucketName/bucketUrl attributes are implemented in the BootstrapStackNotFoundInfos class:
        // I.e.: https://github.com/aws/aws-cdk/blob/87e21d625af86873716734dd5568940d41096c45/packages/aws-cdk/lib/api/toolkit-info.ts#L190-L196
        // 
        // The following is an example of how the bucketName/bucketUrl attributes are implemented in the ExistingToolkitInfo class:
        // I.e.: https://github.com/aws/aws-cdk/blob/87e21d625af86873716734dd5568940d41096c45/packages/aws-cdk/lib/api/toolkit-info.ts#L124-L130
      }
    }
  };

  // for compatibility with with older versions of CDK
  runAsyncFunctionAsSync(prefetchBucketUrl(ToolkitInfo.prototype));

  const cdkLookupFn = ToolkitInfo.lookup;
  ToolkitInfo.lookup = async (...args) => {
    const toolkitInfoObject = await cdkLookupFn(...args);
    await prefetchBucketUrl(toolkitInfoObject);
    return toolkitInfoObject;
  };

  const fromStackFn = ToolkitInfo.fromStack;
  ToolkitInfo.fromStack = (...args) => {
    const toolkitInfoObject = fromStackFn(...args);
    runAsyncFunctionAsSync(prefetchBucketUrl(toolkitInfoObject));
    return toolkitInfoObject;
  };
};

const patchLambdaMounting = (CdkToolkit) => {
  const {deserializeStructure} = require("aws-cdk/lib/serialize");
  const deployStackMod = require("aws-cdk/lib/api/deploy-stack");

  // modify asset paths to enable local Lambda code mounting

  const lookupLambdaForAsset = (template, paramName) => {
    const result = Object.keys(template.Resources).map((key) => template.Resources[key]).filter((res) => res.Type === "AWS::Lambda::Function").filter((res) => JSON.stringify(res.Properties.Code.S3Key).includes(paramName));
    const props = result[0].Properties;
    const funcName = props.FunctionName;
    if (funcName) {
      return funcName;
    }
    const attributes = ["Handler", "Runtime", "Description", "Timeout", "MemorySize", "Environment"];
    const valueToHash = attributes.map((attr) => props[attr]).map((val) => typeof val === "object" ? JSON.stringify(diff.canonicalize(val)) : val ? val : "").join("|");
    return md5(valueToHash);
  };

  const symlinkLambdaAssets = (template, parameters) => {
    const params = parameters || template.Parameters || {};
    Object.keys(params).forEach((key) => {
      const item = params[key];
      const paramKey = item.ParameterKey || key;
      // TODO: create a more resilient lookup mechanism (not based on "S3Bucket" param key) below!
      if (item.ParameterKey && item.ParameterKey.includes("S3Bucket")) {
        // TODO: change the default BUCKET_MARKER_LOCAL to 'hot-reload'
        item.ParameterValue = process.env.BUCKET_MARKER_LOCAL || '__local__'; // for now, the default is still __local__
      }
      if (!paramKey.includes("S3VersionKey")) {
        return;
      }
      let assetId = "";
      if (item.ParameterValue) {
        const parts = item.ParameterValue.split("||");
        if (item.ParameterValue.endsWith(".zip") && parts.length > 1) {
          assetId = parts[1].replace(".zip", "");
        }
      }
      if (!assetId) {
        [assetId] = paramKey.replace("AssetParameters", "").split("S3VersionKey");
      }
      const funcName = lookupLambdaForAsset(template, paramKey);
      const lambdaAsset = `cdk.out/asset.lambda.${funcName}`;
      if (fs.existsSync(lambdaAsset)) {
        // delete any existing symlinks
        fs.unlinkSync(lambdaAsset);
      }
      if (fs.existsSync(`cdk.out/asset.${assetId}`)) {
        fs.symlinkSync(`asset.${assetId}`, lambdaAsset);
      }

      item.ParameterValue = `${process.cwd()}/||${lambdaAsset}`;
    });
  };

  // symlink local Lambda assets if "cdklocal deploy" is called with LAMBDA_MOUNT_CODE=1

  const deployStackOrig = deployStackMod.deployStack;
  deployStackMod.deployStack = function deployStack(options) {
    options.sdk.cloudFormationOrig = options.sdk.cloudFormationOrig || options.sdk.cloudFormation;
    const state = {};
    options.sdk.cloudFormation = () => state.instance;
    const cfn = state.instance = options.sdk.cloudFormationOrig();
    cfn.createChangeSetOrig = cfn.createChangeSetOrig || cfn.createChangeSet;
    const createChangeSetAsync = async function createChangeSetAsync(params) {
      if (LAMBDA_MOUNT_CODE) {
        const template = deserializeStructure(await getTemplateBody(params));
        symlinkLambdaAssets(template, params.Parameters);
      }
      return cfn.createChangeSetOrig(params).promise();
    };
    cfn.createChangeSet = (params) => ({"promise": () => createChangeSetAsync(params)});
    const result = deployStackOrig(options);
    return result;
  };

  // skip uploading Lambda assets if LAMBDA_MOUNT_CODE=1

  const {FileAssetHandler} = importLib("cdk-assets/lib/private/handlers/files");

  const handlerPublish = FileAssetHandler.prototype.publish;
  FileAssetHandler.prototype.publish = function publish() {
    if (LAMBDA_MOUNT_CODE && this.asset.destination && this.asset.source) {
      if (this.asset.source.packaging === "zip") {
        // skip uploading this asset - should get mounted via `__file__` into the Lambda container later on
        return null;
      }
    }
    return handlerPublish.bind(this)();
  };

  // symlink local Lambda assets if "cdklocal synth" is called with LAMBDA_MOUNT_CODE=1

  const assemblyOrig = CdkToolkit.prototype.assembly;
  CdkToolkit.prototype.assembly = async function assembly() {
    const result = await assemblyOrig.bind(this)();
    if (LAMBDA_MOUNT_CODE) {
      result.assembly.artifacts.forEach((art) => {
        symlinkLambdaAssets(art._template || {});
      });
    }
    return result;
  };
};

const isEsbuildBundle = () => {
  // simple heuristic to determine whether this is a new esbuild bundle (CDK v2.14.0+),
  // based on this change which replaced `__dirname` with `rootDir()`:
  // https://github.com/aws/aws-cdk/pull/18667/files#diff-6902a5fbdd9dfe9dc5563fe7d7d156e4fd99f945ac3977390d6aaacdd0370f82
  try {
    const directories = require("aws-cdk/lib/util/directories");
    return directories && directories.rootDir;
  } catch (exc) {
    return false;
  }
};


const patchSdk = (SDK, localEndpoint) => {
  getMethods(SDK.prototype).forEach((methodName) => {
    if (typeof SDK.prototype[methodName] === 'function') {
      const original = SDK.prototype[methodName];
      SDK.prototype[methodName] = function methFunc(...args) {
        this.config.endpoint = localEndpoint;
        this.config.forcePathStyle = true;
        return original.apply(this, args);
      };
    }
  });
};

let sdkOverwritten = false;
const patchSdkProvider = (provider, SDK) => {
  getMethods(provider.SdkProvider.prototype).forEach((methodName) => {
    if (typeof provider.SdkProvider.prototype[methodName] === 'function') {
      const original = provider.SdkProvider.prototype[methodName];
      provider.SdkProvider.prototype[methodName] = async function methFunc(...args) {
        const localEndpoint = await getLocalEndpoint();

        // patch for >= 2.167.0
        if (!sdkOverwritten && this.requestHandler) {
          // the goal is to support `SdkProvider.withAssumedRole`
          // since it instantiates a different client (i.e. not from the SDK class)
          this.requestHandler.endpoint = localEndpoint;
          this.requestHandler.forcePathStyle = true;
          // patch SDK class methods (mostly clients) to make sure the config that is created in the constructor
          // is updated with the correct configuration
          patchSdk(SDK, localEndpoint);
          sdkOverwritten = true;
        }
        return await original.apply(this, args);
      };
    }
  }
  );
};

const applyPatches = (provider, CdkToolkit, SDK, ToolkitInfo, patchAssets = true) => {
  patchSdkProvider(provider, SDK);
  // TODO: a lot of the patches are not really needed for newer versions
  patchProviderCredentials(provider);
  patchCdkToolkit(CdkToolkit);
  patchCurrentAccount(SDK);
  patchToolkitInfo(ToolkitInfo);
  // Patch asset handling for Lambda code mounting - TODO currently failing for CDK v2.14.0+
  if (patchAssets) {
    patchLambdaMounting(CdkToolkit);
  }
};

const patchPre_2_14 = () => {
  var provider = null;
  try {
    provider = require("aws-cdk/lib/api/aws-auth");
  } catch (e) {
    if (e.code == "MODULE_NOT_FOUND") {
      console.log(e);
      console.error("`aws-cdk` module NOT found! Have you tried adding it to your `NODE_PATH`?");
      throw e;
    }
  }

  const {CdkToolkit} = require("aws-cdk/lib/cdk-toolkit");
  const {SDK} = require("aws-cdk/lib/api/aws-auth/sdk");
  const {ToolkitInfo} = require("aws-cdk/lib/api");


  applyPatches(provider, CdkToolkit, SDK, ToolkitInfo);
};

const patchPost_2_14 = () => {
  var lib = null;
  try {
    lib = require("aws-cdk/lib");
  } catch (e) {
    if (e.code == "MODULE_NOT_FOUND") {
      console.log(e);
      console.log("`aws-cdk` module NOT found! Have you tried to add it to your `NODE_PATH`?");
      process.exit(1);
    }
  }

  // detect if we are using version 2.177.0 or later. This version has reorganised the package
  // structure so that we cannot import and patch the aws-cdk package as we did for versions
  // <2.177.0. We use the specific error raised by the node require system to determine if we are
  // using pre or post 2.177.0.
  try {
    require("aws-cdk/lib/legacy-exports");
  } catch (e) {
    switch (e.code) {
    case "MODULE_NOT_FOUND":
      // pre 2.177
      applyPatches(lib, lib, lib.SDK, lib.ToolkitInfo, false);
      break;
    case "ERR_PACKAGE_PATH_NOT_EXPORTED":
      // post 2.177
      configureEnvironment(process.env, AWS_ENVAR_ALLOWLIST);
      break;
    default:
      // a different error
      throw e
    }
  }
};

if (isEsbuildBundle()) {
  // load for CDK version 2.14.0 and above
  // (v2.14.0+ uses a self-contained bundle, see https://github.com/aws/aws-cdk/pull/18667)
  patchPost_2_14();
} else {
  // fall back to loading for CDK version 2.13.0 and below
  patchPre_2_14();
}

// load main CLI script
require("aws-cdk/bin/cdk");