def start_edge(port=None, use_ssl=True, asynchronous=False):
if not port:
port = config.EDGE_PORT
if config.EDGE_PORT_HTTP and config.EDGE_PORT_HTTP != port:
do_start_edge(
config.EDGE_BIND_HOST,
config.EDGE_PORT_HTTP,
use_ssl=False,
asynchronous=True,
)
if port > 1024 or is_root():
return do_start_edge(config.EDGE_BIND_HOST, port, use_ssl, asynchronous=asynchronous)
# process requires privileged port but we're not root -> try running as sudo
class Terminator(object):
def stop(self, quiet=True):
try:
url = "http%s://%s:%s" % ("s" if use_ssl else "", LOCALHOST, port)
requests.verify_ssl = False
requests.post(url, headers={HEADER_KILL_SIGNAL: "kill"})
except Exception:
pass
# register a signal handler to terminate the sudo process later on
TMP_THREADS.append(Terminator())
return run_process_as_sudo("edge", port, asynchronous=asynchronous)
def start_ssl_proxy(
port: int,
target: PortOrUrl,
target_ssl=False,
client_cert_key: Tuple[str, str] = None,
asynchronous: bool = False,
fix_encoding: bool = False,
):
"""Start a proxy server that accepts SSL requests and forwards requests to a backend (either SSL or non-SSL)"""
if client_cert_key or fix_encoding:
# use a custom proxy listener, in case the user provides client certificates for authentication
if client_cert_key:
server = _do_start_ssl_proxy_with_client_auth(
port, target, client_cert_key=client_cert_key)
else:
server = _do_start_ssl_proxy_with_listener(port, target)
if not asynchronous:
server.join()
return server
def _run(*args):
return _do_start_ssl_proxy(port, target, target_ssl=target_ssl)
if not asynchronous:
return _run()
proxy = FuncThread(_run)
TMP_THREADS.append(proxy)
proxy.start()
return proxy
def do_run(
cmd: Union[str, List],
asynchronous: bool,
print_output: bool = None,
env_vars: Dict[str, str] = None,
auto_restart=False,
strip_color: bool = False,
):
sys.stdout.flush()
if asynchronous:
if config.DEBUG and print_output is None:
print_output = True
outfile = subprocess.PIPE if print_output else None
t = ShellCommandThread(
cmd,
outfile=outfile,
env_vars=env_vars,
auto_restart=auto_restart,
strip_color=strip_color,
)
t.start()
TMP_THREADS.append(t)
return t
return run(cmd, env_vars=env_vars)
def run_in_thread():
thread = ProxyThread()
thread.start()
TMP_THREADS.append(thread)
return thread
def start_kcl_client_process(
stream_name,
listener_script,
log_file=None,
env=None,
configs=None,
endpoint_url=None,
ddb_lease_table_suffix=None,
env_vars=None,
region_name=None,
kcl_log_level=DEFAULT_KCL_LOG_LEVEL,
log_subscribers=None,
):
if configs is None:
configs = {}
if env_vars is None:
env_vars = {}
if log_subscribers is None:
log_subscribers = []
env = aws_stack.get_environment(env)
# make sure to convert stream ARN to stream name
stream_name = aws_stack.kinesis_stream_name(stream_name)
# decide which credentials provider to use
credentialsProvider = None
if ("AWS_ASSUME_ROLE_ARN" in os.environ or "AWS_ASSUME_ROLE_ARN"
in env_vars) and ("AWS_ASSUME_ROLE_SESSION_NAME" in os.environ
or "AWS_ASSUME_ROLE_SESSION_NAME" in env_vars):
# use special credentials provider that can assume IAM roles and handle temporary STS auth tokens
credentialsProvider = "cloud.localstack.DefaultSTSAssumeRoleSessionCredentialsProvider"
# pass through env variables to child process
for var_name in [
"AWS_ASSUME_ROLE_ARN",
"AWS_ASSUME_ROLE_SESSION_NAME",
"AWS_ACCESS_KEY_ID",
"AWS_SECRET_ACCESS_KEY",
"AWS_SESSION_TOKEN",
]:
if var_name in os.environ and var_name not in env_vars:
env_vars[var_name] = os.environ[var_name]
if aws_stack.is_local_env(env):
# need to disable CBOR protocol, enforce use of plain JSON,
# see https://github.com/mhart/kinesalite/issues/31
env_vars["AWS_CBOR_DISABLE"] = "true"
if kcl_log_level or (len(log_subscribers) > 0):
if not log_file:
log_file = LOG_FILE_PATTERN.replace("*", short_uid())
TMP_FILES.append(log_file)
run("touch %s" % log_file)
# start log output reader thread which will read the KCL log
# file and print each line to stdout of this process...
reader_thread = OutputReaderThread({
"file": log_file,
"level": kcl_log_level,
"log_prefix": "KCL",
"log_subscribers": log_subscribers,
})
reader_thread.start()
# construct stream info
stream_info = get_stream_info(
stream_name,
log_file,
env=env,
endpoint_url=endpoint_url,
ddb_lease_table_suffix=ddb_lease_table_suffix,
env_vars=env_vars,
)
props_file = stream_info["properties_file"]
# set kcl config options
kwargs = {"metricsLevel": "NONE", "initialPositionInStream": "LATEST"}
# set parameters for local connection
if aws_stack.is_local_env(env):
kwargs[
"kinesisEndpoint"] = f"{LOCALHOST}:{config.service_port('kinesis')}"
kwargs[
"dynamodbEndpoint"] = f"{LOCALHOST}:{config.service_port('dynamodb')}"
kwargs["kinesisProtocol"] = config.get_protocol()
kwargs["dynamodbProtocol"] = config.get_protocol()
kwargs["disableCertChecking"] = "true"
kwargs.update(configs)
# create config file
kclipy_helper.create_config_file(
config_file=props_file,
executableName=listener_script,
streamName=stream_name,
applicationName=stream_info["app_name"],
credentialsProvider=credentialsProvider,
region_name=region_name,
**kwargs,
)
TMP_FILES.append(props_file)
# start stream consumer
stream = KinesisStream(id=stream_name, params=stream_info)
thread_consumer = KinesisProcessorThread.start_consumer(stream)
TMP_THREADS.append(thread_consumer)
return thread_consumer