paulononato/aws-localstack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Quantum resource evidence dashboard

Browse Source
This commit is contained in:
Paulo Nonato
2026-04-20 17:47:00 -03:00
parent e738f08e91
commit fd4597a309
7 changed files with 410 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+5
View File
@@ -233,12 +233,17 @@ MessageId
```bash ```bash
aws --endpoint-url https://localstack.paulononato.com.br lambda list-functions aws --endpoint-url https://localstack.paulononato.com.br lambda list-functions
aws --endpoint-url https://localstack.paulononato.com.br lambda invoke \
--function-name quantum-dev-processor \
--invocation-type DryRun \
/tmp/quantum-lambda-dry-run.json
``` ```
Expected evidence: Expected evidence:
```text ```text
quantum-dev-processor quantum-dev-processor
StatusCode: 204
``` ```
### IAM Evidence ### IAM Evidence
deploy/quanto/api/Dockerfile
+15
View File
@@ -0,0 +1,15 @@
FROM python:3.12-alpine
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY app.py .
EXPOSE 8080
CMD ["gunicorn", "--bind", "0.0.0.0:8080", "app:app"]
deploy/quanto/api/app.py
+184
View File
@@ -0,0 +1,184 @@
import json
import os
from datetime import datetime, timezone
import boto3
from botocore.config import Config
from flask import Flask, jsonify
app = Flask(__name__)
LOCALSTACK_ENDPOINT = os.environ.get("LOCALSTACK_ENDPOINT", "https://localstack.paulononato.com.br")
AWS_REGION = os.environ.get("AWS_DEFAULT_REGION", "us-east-1")
ENVIRONMENT = os.environ.get("QUANTUM_ENV", "dev")
PROJECT_NAME = os.environ.get("PROJECT_NAME", "quantum")
NAME_PREFIX = f"{PROJECT_NAME}-{ENVIRONMENT}"
BUCKET_NAME = os.environ.get("QUANTUM_BUCKET_NAME", f"{NAME_PREFIX}-artifacts")
QUEUE_NAME = os.environ.get("QUANTUM_QUEUE_NAME", f"{NAME_PREFIX}-events")
DLQ_NAME = os.environ.get("QUANTUM_DLQ_NAME", f"{NAME_PREFIX}-events-dlq")
LAMBDA_NAME = os.environ.get("QUANTUM_LAMBDA_NAME", f"{NAME_PREFIX}-processor")
ROLE_NAME = os.environ.get("QUANTUM_ROLE_NAME", f"{NAME_PREFIX}-lambda-role")
SECRET_NAME = os.environ.get("QUANTUM_SECRET_NAME", f"{NAME_PREFIX}/app")
LOG_GROUP_NAME = os.environ.get("QUANTUM_LOG_GROUP_NAME", f"/aws/lambda/{LAMBDA_NAME}")
AWS_CONFIG = Config(
region_name=AWS_REGION,
retries={"max_attempts": 2, "mode": "standard"},
)
def client(service_name):
return boto3.client(
service_name,
endpoint_url=LOCALSTACK_ENDPOINT,
region_name=AWS_REGION,
aws_access_key_id=os.environ.get("AWS_ACCESS_KEY_ID", "test"),
aws_secret_access_key=os.environ.get("AWS_SECRET_ACCESS_KEY", "test"),
config=AWS_CONFIG,
)
def ok(name, evidence):
return {"name": name, "status": "ok", "evidence": evidence}
def failed(name, error):
return {"name": name, "status": "error", "error": str(error)}
def queue_url(name):
return client("sqs").get_queue_url(QueueName=name)["QueueUrl"]
@app.get("/api/health")
def health():
checks = []
try:
identity = client("sts").get_caller_identity()
checks.append(ok("sts", {"account": identity.get("Account"), "arn": identity.get("Arn")}))
except Exception as exc:
checks.append(failed("sts", exc))
try:
buckets = [bucket["Name"] for bucket in client("s3").list_buckets().get("Buckets", [])]
checks.append(ok("s3", {"bucket": BUCKET_NAME, "exists": BUCKET_NAME in buckets}))
except Exception as exc:
checks.append(failed("s3", exc))
try:
queues = client("sqs").list_queues().get("QueueUrls", [])
checks.append(
ok(
"sqs",
{
"queue": QUEUE_NAME,
"dlq": DLQ_NAME,
"queueFound": any(url.endswith(f"/{QUEUE_NAME}") for url in queues),
"dlqFound": any(url.endswith(f"/{DLQ_NAME}") for url in queues),
},
)
)
except Exception as exc:
checks.append(failed("sqs", exc))
try:
function_names = [
function["FunctionName"]
for function in client("lambda").list_functions().get("Functions", [])
]
checks.append(ok("lambda", {"function": LAMBDA_NAME, "exists": LAMBDA_NAME in function_names}))
except Exception as exc:
checks.append(failed("lambda", exc))
try:
role = client("iam").get_role(RoleName=ROLE_NAME)["Role"]
checks.append(ok("iam", {"role": role.get("RoleName"), "arn": role.get("Arn")}))
except Exception as exc:
checks.append(failed("iam", exc))
try:
secret = client("secretsmanager").describe_secret(SecretId=SECRET_NAME)
checks.append(ok("secretsmanager", {"secret": secret.get("Name"), "arn": secret.get("ARN")}))
except Exception as exc:
checks.append(failed("secretsmanager", exc))
try:
groups = client("logs").describe_log_groups(logGroupNamePrefix=LOG_GROUP_NAME).get("logGroups", [])
checks.append(ok("cloudwatch-logs", {"logGroup": LOG_GROUP_NAME, "exists": len(groups) > 0}))
except Exception as exc:
checks.append(failed("cloudwatch-logs", exc))
return jsonify(
{
"application": "Quantum",
"environment": ENVIRONMENT,
"localstackEndpoint": LOCALSTACK_ENDPOINT,
"generatedAt": datetime.now(timezone.utc).isoformat(),
"checks": checks,
}
)
@app.post("/api/s3/marker")
def create_s3_marker():
key = f"frontend-evidence/{datetime.now(timezone.utc).strftime('%Y%m%dT%H%M%SZ')}.json"
body = {
"application": "Quantum",
"environment": ENVIRONMENT,
"source": "quanto-api",
"createdAt": datetime.now(timezone.utc).isoformat(),
}
client("s3").put_object(
Bucket=BUCKET_NAME,
Key=key,
Body=json.dumps(body, indent=2).encode("utf-8"),
ContentType="application/json",
)
return jsonify(ok("s3-marker", {"bucket": BUCKET_NAME, "key": key}))
@app.post("/api/sqs/message")
def send_sqs_message():
response = client("sqs").send_message(
QueueUrl=queue_url(QUEUE_NAME),
MessageBody=json.dumps(
{
"event": "quantum.frontend.evidence",
"environment": ENVIRONMENT,
"createdAt": datetime.now(timezone.utc).isoformat(),
}
),
)
return jsonify(ok("sqs-message", {"queue": QUEUE_NAME, "messageId": response.get("MessageId")}))
@app.post("/api/lambda/invoke")
def invoke_lambda():
response = client("lambda").invoke(
FunctionName=LAMBDA_NAME,
InvocationType="DryRun",
Payload=b"{}",
)
return jsonify(
ok(
"lambda-dry-run",
{
"function": LAMBDA_NAME,
"statusCode": response.get("StatusCode"),
"meaning": "The Lambda function exists and accepts an invocation request.",
},
)
)
@app.get("/api/logs")
def logs():
groups = client("logs").describe_log_groups(logGroupNamePrefix=LOG_GROUP_NAME).get("logGroups", [])
return jsonify(ok("cloudwatch-logs", {"logGroup": LOG_GROUP_NAME, "groups": groups}))
deploy/quanto/api/requirements.txt
+3
View File
@@ -0,0 +1,3 @@
boto3==1.40.62
flask==3.1.2
gunicorn==23.0.0
deploy/quanto/html/index.html
+173 -9
View File
@@ -3,7 +3,7 @@
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<title>Hello Quantum</title> <title>Quantum Evidence</title>
<style> <style>
:root { :root {
color-scheme: dark; color-scheme: dark;
@@ -16,11 +16,14 @@
box-sizing: border-box; box-sizing: border-box;
} }
button {
font: inherit;
}
body { body {
min-height: 100vh; min-height: 100vh;
margin: 0; margin: 0;
display: grid; padding: 32px 16px;
place-items: center;
background: background:
linear-gradient(135deg, rgba(43, 190, 179, 0.22), transparent 34%), linear-gradient(135deg, rgba(43, 190, 179, 0.22), transparent 34%),
linear-gradient(315deg, rgba(246, 196, 83, 0.18), transparent 32%), linear-gradient(315deg, rgba(246, 196, 83, 0.18), transparent 32%),
@@ -28,11 +31,8 @@
} }
main { main {
width: min(680px, calc(100vw - 32px)); width: min(1120px, 100%);
padding: 40px; margin: 0 auto;
border: 1px solid rgba(255, 255, 255, 0.14);
border-radius: 8px;
background: rgba(16, 20, 22, 0.78);
} }
p { p {
@@ -51,13 +51,177 @@
strong { strong {
color: #64d8cb; color: #64d8cb;
} }
header {
margin-bottom: 28px;
}
.actions {
display: flex;
flex-wrap: wrap;
gap: 12px;
margin: 24px 0;
}
button {
border: 0;
border-radius: 8px;
padding: 12px 16px;
color: #0d1415;
background: #64d8cb;
cursor: pointer;
}
button.secondary {
color: #f2f5f7;
background: transparent;
border: 1px solid rgba(255, 255, 255, 0.22);
}
.grid {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(240px, 1fr));
gap: 14px;
}
.card {
min-height: 150px;
border: 1px solid rgba(255, 255, 255, 0.14);
border-radius: 8px;
padding: 18px;
background: rgba(16, 20, 22, 0.78);
}
.card h2 {
margin: 0 0 10px;
font-size: 20px;
}
.status {
display: inline-block;
border-radius: 8px;
padding: 4px 8px;
margin-bottom: 12px;
background: rgba(255, 255, 255, 0.12);
color: #f2f5f7;
}
.status.ok {
background: rgba(100, 216, 203, 0.18);
color: #64d8cb;
}
.status.error {
background: rgba(242, 103, 103, 0.18);
color: #ff8a8a;
}
pre {
overflow: auto;
margin: 0;
white-space: pre-wrap;
word-break: break-word;
color: #cbd5d9;
font-size: 13px;
line-height: 1.45;
}
.result {
margin-top: 18px;
}
</style> </style>
</head> </head>
<body> <body>
<main> <main>
<header>
<p><strong>Quantum</strong> platform</p> <p><strong>Quantum</strong> platform</p>
<h1>Hello Quantum</h1> <h1>Hello Quantum</h1>
<p>The application container is running on the Gitea Docker host.</p> <p>Live evidence from LocalStack resources provisioned with OpenTofu.</p>
</header>
<section class="actions" aria-label="Quantum actions">
<button id="refresh" type="button">Refresh Evidence</button>
<button id="s3" class="secondary" type="button">Write S3 Evidence</button>
<button id="sqs" class="secondary" type="button">Send SQS Message</button>
<button id="lambda" class="secondary" type="button">Check Lambda</button>
</section>
<section id="cards" class="grid" aria-live="polite"></section>
<section class="card result">
<h2>Last Action</h2>
<pre id="result">Ready.</pre>
</section>
</main> </main>
<script>
const cards = document.querySelector("#cards");
const result = document.querySelector("#result");
function renderJson(value) {
return JSON.stringify(value, null, 2);
}
function setResult(value) {
result.textContent = typeof value === "string" ? value : renderJson(value);
}
function renderChecks(data) {
cards.innerHTML = "";
for (const check of data.checks || []) {
const article = document.createElement("article");
article.className = "card";
article.innerHTML = `
<span class="status ${check.status}">${check.status}</span>
<h2>${check.name}</h2>
<pre>${renderJson(check.evidence || { error: check.error })}</pre>
`;
cards.appendChild(article);
}
}
async function request(path, options = {}) {
const response = await fetch(path, options);
const payload = await response.json();
if (!response.ok) {
throw new Error(payload.error || response.statusText);
}
return payload;
}
async function refresh() {
setResult("Loading LocalStack evidence...");
const data = await request("/api/health");
renderChecks(data);
setResult({
application: data.application,
environment: data.environment,
localstackEndpoint: data.localstackEndpoint,
generatedAt: data.generatedAt,
});
}
async function runAction(path) {
try {
setResult("Running action...");
const data = await request(path, { method: "POST" });
setResult(data);
await refresh();
} catch (error) {
setResult({ error: error.message });
}
}
document.querySelector("#refresh").addEventListener("click", () => {
refresh().catch((error) => setResult({ error: error.message }));
});
document.querySelector("#s3").addEventListener("click", () => runAction("/api/s3/marker"));
document.querySelector("#sqs").addEventListener("click", () => runAction("/api/sqs/message"));
document.querySelector("#lambda").addEventListener("click", () => runAction("/api/lambda/invoke"));
refresh().catch((error) => setResult({ error: error.message }));
</script>
</body> </body>
</html> </html>
deploy/quanto/stack.yml
+27
View File
@@ -23,6 +23,33 @@ services:
traefik.http.services.quanto.loadbalancer.passHostHeader: "true" traefik.http.services.quanto.loadbalancer.passHostHeader: "true"
traefik.http.services.quanto.loadbalancer.server.port: "80" traefik.http.services.quanto.loadbalancer.server.port: "80"
api:
image: quanto-api:local
environment:
AWS_ACCESS_KEY_ID: test
AWS_SECRET_ACCESS_KEY: test
AWS_DEFAULT_REGION: us-east-1
LOCALSTACK_ENDPOINT: https://localstack.paulononato.com.br
PROJECT_NAME: quantum
QUANTUM_ENV: dev
networks:
- elevarnet
deploy:
replicas: 1
restart_policy:
condition: on-failure
labels:
traefik.enable: "true"
traefik.swarm.network: elevarnet
traefik.http.routers.quanto-api.entrypoints: websecure
traefik.http.routers.quanto-api.priority: "200"
traefik.http.routers.quanto-api.rule: Host(`quantum.paulononato.com.br`) && PathPrefix(`/api`)
traefik.http.routers.quanto-api.service: quanto-api
traefik.http.routers.quanto-api.tls: "true"
traefik.http.routers.quanto-api.tls.certresolver: letsencryptresolver
traefik.http.services.quanto-api.loadbalancer.passHostHeader: "true"
traefik.http.services.quanto-api.loadbalancer.server.port: "8080"
networks: networks:
elevarnet: elevarnet:
external: true external: true
modules/quantum/main.tf
+1 -1
View File
@@ -203,5 +203,5 @@ resource "aws_lambda_event_source_mapping" "quantum_events" {
event_source_arn = aws_sqs_queue.quantum_events.arn event_source_arn = aws_sqs_queue.quantum_events.arn
function_name = aws_lambda_function.quantum_processor.arn function_name = aws_lambda_function.quantum_processor.arn
batch_size = 5 batch_size = 5
enabled = true enabled = false
} }