From 6902d5db474672632cf30f80bfde888f13e2244d Mon Sep 17 00:00:00 2001
From: Alex Vandiver <alexmv@zulip.com>
Date: Mon, 29 Jan 2024 15:34:53 -0500
Subject: [PATCH] install-aws-cli: Also install and keep up to date using
 Puppet.

We previously only did this install on the developer machine and on
initial boot.  Also run it from puppet to make sure we keep the binary
up-to-date.
---
 puppet/zulip_ops/files/install-aws-cli     |  6 ++++++
 puppet/zulip_ops/manifests/aws_tools.pp    | 17 +++++++++++++++++
 puppet/zulip_ops/manifests/profile/base.pp |  2 ++
 tools/setup/bootstrap-aws-installer        |  1 +
 4 files changed, 26 insertions(+)
 create mode 100644 puppet/zulip_ops/manifests/aws_tools.pp

diff --git a/puppet/zulip_ops/files/install-aws-cli b/puppet/zulip_ops/files/install-aws-cli
index 34e5c4db8a..cc19f88b44 100755
--- a/puppet/zulip_ops/files/install-aws-cli
+++ b/puppet/zulip_ops/files/install-aws-cli
@@ -20,6 +20,12 @@ if [ -L "/srv/zulip-aws-tools/v2/current" ] \
     exit 0
 fi
 
+# If not running in the initial host bootstrap, and was called with
+# arguments, this is just a check.
+if [ -z "${RUNNING_IN_CLOUD_INIT+x}" ] && [[ $# -gt 0 ]]; then
+    exit 1
+fi
+
 mkdir -p /srv/zulip-aws-tools
 
 cd /srv/zulip-aws-tools || exit 1
diff --git a/puppet/zulip_ops/manifests/aws_tools.pp b/puppet/zulip_ops/manifests/aws_tools.pp
new file mode 100644
index 0000000000..95dcc0ffc6
--- /dev/null
+++ b/puppet/zulip_ops/manifests/aws_tools.pp
@@ -0,0 +1,17 @@
+# @summary Installs the AWS CLI
+#
+class zulip_ops::aws_tools {
+  file { '/usr/local/bin/install-aws-cli':
+    ensure => file,
+    mode   => '0755',
+    source => 'puppet:///modules/zulip_ops/install-aws-cli',
+  }
+  exec { 'install-aws-cli':
+    require => File['/usr/local/bin/install-aws-cli'],
+    command => '/usr/local/bin/install-aws-cli',
+    # When puppet is initially determining which resources need to be
+    # applied, it will call the unless -- but install-aws-cli may not
+    # exist yet.  Count this as needing to run.
+    unless  => '[ -f /usr/local/bin/install-aws-cli ] && /usr/local/bin/install-aws-cli check',
+  }
+}
diff --git a/puppet/zulip_ops/manifests/profile/base.pp b/puppet/zulip_ops/manifests/profile/base.pp
index 184f245a17..5b10bc57bd 100644
--- a/puppet/zulip_ops/manifests/profile/base.pp
+++ b/puppet/zulip_ops/manifests/profile/base.pp
@@ -120,6 +120,8 @@ class zulip_ops::profile::base {
   if $hosting_provider == 'ec2' {
     # This conditional block is for whether it's not
     # chat.zulip.org, which uses a different hosting provider.
+    include zulip_ops::aws_tools
+
     file { '/root/.ssh/authorized_keys':
       ensure => file,
       mode   => '0600',
diff --git a/tools/setup/bootstrap-aws-installer b/tools/setup/bootstrap-aws-installer
index bb9bbc09dd..f081840380 100644
--- a/tools/setup/bootstrap-aws-installer
+++ b/tools/setup/bootstrap-aws-installer
@@ -8,6 +8,7 @@
 #BRANCH=
 #SSH_SECRET_ID=
 
+export RUNNING_IN_CLOUD_INIT=1
 if ! curl -fLs -m 5 -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 10" >/dev/null; then
     echo "This should be run on AWS instances, not locally."
     exit 1