builderator 1.1.4 → 1.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +40 -35
  3. data/VERSION +1 -1
  4. data/docs/configuration/profile.md +50 -0
  5. data/lib/builderator/config/file.rb +3 -0
  6. data/lib/builderator/interface/packer.rb +3 -0
  7. data/lib/builderator/tasks.rb +2 -0
  8. data/lib/builderator/tasks/packer.rb +77 -0
  9. data/lib/builderator/util.rb +9 -2
  10. data/rvm.env +4 -4
  11. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 6f7315691d21aa1ee458439e175fad832f333c84
4
- data.tar.gz: beaad66836ca71ea55dab73885127771f87debec
3
+ metadata.gz: 21016d55b87697c9e9b45661275116259721d1f5
4
+ data.tar.gz: 6d0502c4f842812140c78fdd0c3294db60a04acc
5
5
  SHA512:
6
- metadata.gz: 41feb503cf94efa12ef41452efa31b31d823bc1fd818afaf390e5bb8f93da4319c230c7565f70d4d0f2946f91fd7fc218d83416b12f138b439b6490a196d071d
7
- data.tar.gz: 9adcbfa499715d19ede3eaaaf17cff16308fd281f7f5e30d6f7b827200054e5bebcab4c60ed32fe02e150b16a7d04d5699e213c5d80de9f9e33a52d4d7afc2b9
6
+ metadata.gz: 97eb7cb95957c03348fb2d7814b58ef1a1ceb58dfdc643c7aedf361882f499bd1df3eec3c06520ff3914fb1b470f50b9c1eeeee3de8749ee0ab7d2dc6002cc65
7
+ data.tar.gz: 75840ceb5c420cbfd64896c2cfcc91976a7b99cdb1c0bfd41ba1ac8223b68bddb4060da008c10b8ddfc36918e1d61c53ce3093799e374f85181cde9fd0cdd3ee
data/Gemfile.lock CHANGED
@@ -15,13 +15,13 @@ GEM
15
15
  specs:
16
16
  addressable (2.4.0)
17
17
  ast (2.2.0)
18
- aws-sdk (2.2.36)
19
- aws-sdk-resources (= 2.2.36)
20
- aws-sdk-core (2.2.36)
18
+ aws-sdk (2.3.4)
19
+ aws-sdk-resources (= 2.3.4)
20
+ aws-sdk-core (2.3.4)
21
21
  jmespath (~> 1.0)
22
- aws-sdk-resources (2.2.36)
23
- aws-sdk-core (= 2.2.36)
24
- berkshelf (4.3.2)
22
+ aws-sdk-resources (2.3.4)
23
+ aws-sdk-core (= 2.3.4)
24
+ berkshelf (4.3.3)
25
25
  addressable (~> 2.3, >= 2.3.4)
26
26
  berkshelf-api-client (~> 2.0, >= 2.0.2)
27
27
  buff-config (~> 1.0)
@@ -56,40 +56,40 @@ GEM
56
56
  celluloid-io (0.16.2)
57
57
  celluloid (>= 0.16.0)
58
58
  nio4r (>= 1.1.0)
59
- chef (12.7.2)
60
- chef-config (= 12.7.2)
61
- chef-zero (~> 4.5)
59
+ chef (12.5.1)
60
+ chef-config (= 12.5.1)
61
+ chef-zero (~> 4.2, >= 4.2.2)
62
62
  diff-lcs (~> 1.2, >= 1.2.4)
63
63
  erubis (~> 2.7)
64
64
  ffi-yajl (~> 2.2)
65
65
  highline (~> 1.6, >= 1.6.9)
66
- mixlib-authentication (~> 1.4)
66
+ mixlib-authentication (~> 1.3)
67
67
  mixlib-cli (~> 1.4)
68
68
  mixlib-log (~> 1.3)
69
69
  mixlib-shellout (~> 2.0)
70
- net-ssh (>= 2.9, < 4.0)
70
+ net-ssh (~> 2.6)
71
71
  net-ssh-multi (~> 1.1)
72
72
  ohai (>= 8.6.0.alpha.1, < 9)
73
73
  plist (~> 3.1.0)
74
- proxifier (~> 1.0)
75
- rspec-core (~> 3.4)
76
- rspec-expectations (~> 3.4)
77
- rspec-mocks (~> 3.4)
74
+ pry (~> 0.9)
75
+ rspec-core (~> 3.2)
76
+ rspec-expectations (~> 3.2)
77
+ rspec-mocks (~> 3.2)
78
78
  rspec_junit_formatter (~> 0.2.0)
79
79
  serverspec (~> 2.7)
80
80
  specinfra (~> 2.10)
81
81
  syslog-logger (~> 1.6)
82
- uuidtools (~> 2.1.5)
83
- chef-config (12.7.2)
82
+ chef-config (12.5.1)
84
83
  mixlib-config (~> 2.0)
85
84
  mixlib-shellout (~> 2.0)
86
- chef-zero (4.6.1)
85
+ chef-zero (4.6.2)
87
86
  ffi-yajl (~> 2.2)
88
87
  hashie (>= 2.0, < 4.0)
89
88
  mixlib-log (~> 1.3)
90
89
  rack
91
90
  uuidtools (~> 2.1)
92
91
  cleanroom (1.0.0)
92
+ coderay (1.1.1)
93
93
  dep-selector-libgecode (1.2.0)
94
94
  dep_selector (1.0.3)
95
95
  dep-selector-libgecode (~> 1.0)
@@ -103,10 +103,10 @@ GEM
103
103
  ffi (1.9.10)
104
104
  ffi-yajl (2.2.3)
105
105
  libyajl2 (~> 1.2)
106
- hashie (3.4.3)
106
+ hashie (3.4.4)
107
107
  highline (1.7.8)
108
- hitimes (1.2.3)
109
- httpclient (2.7.1)
108
+ hitimes (1.2.4)
109
+ httpclient (2.7.2)
110
110
  ignorefile (1.1.0)
111
111
  ipaddress (0.8.3)
112
112
  jmespath (1.2.4)
@@ -114,22 +114,23 @@ GEM
114
114
  json (1.8.3)
115
115
  json_pure (1.8.3)
116
116
  libyajl2 (1.2.0)
117
+ method_source (0.8.2)
117
118
  minitar (0.5.4)
118
119
  mixlib-authentication (1.4.0)
119
120
  mixlib-log
120
121
  rspec-core (~> 3.2)
121
122
  rspec-expectations (~> 3.2)
122
123
  rspec-mocks (~> 3.2)
123
- mixlib-cli (1.5.0)
124
+ mixlib-cli (1.6.0)
124
125
  mixlib-config (2.2.1)
125
126
  mixlib-log (1.6.0)
126
127
  mixlib-shellout (2.2.6)
127
- molinillo (0.4.4)
128
- multi_json (1.11.2)
128
+ molinillo (0.4.5)
129
+ multi_json (1.12.0)
129
130
  multipart-post (2.0.0)
130
131
  net-scp (1.2.1)
131
132
  net-ssh (>= 2.6.5)
132
- net-ssh (3.1.1)
133
+ net-ssh (2.9.4)
133
134
  net-ssh-gateway (1.2.0)
134
135
  net-ssh (>= 2.6.5)
135
136
  net-ssh-multi (1.2.1)
@@ -139,7 +140,7 @@ GEM
139
140
  nio4r (1.2.1)
140
141
  octokit (4.3.0)
141
142
  sawyer (~> 0.7.0, >= 0.5.3)
142
- ohai (8.15.1)
143
+ ohai (8.16.0)
143
144
  chef-config (>= 12.5.0.alpha.1, < 13)
144
145
  ffi (~> 1.9)
145
146
  ffi-yajl (~> 2.2)
@@ -151,16 +152,19 @@ GEM
151
152
  plist (~> 3.1)
152
153
  systemu (~> 2.6.4)
153
154
  wmi-lite (~> 1.0)
154
- parser (2.3.0.7)
155
+ parser (2.3.1.0)
155
156
  ast (~> 2.2)
156
157
  plist (3.1.0)
157
158
  powerpack (0.1.1)
158
- proxifier (1.0.3)
159
+ pry (0.10.3)
160
+ coderay (~> 1.1.0)
161
+ method_source (~> 0.8.1)
162
+ slop (~> 3.4)
159
163
  rack (1.6.4)
160
164
  rainbow (2.1.0)
161
165
  rake (10.5.0)
162
166
  retryable (2.0.3)
163
- ridley (4.5.0)
167
+ ridley (4.5.1)
164
168
  addressable
165
169
  buff-config (~> 1.0)
166
170
  buff-extensions (~> 1.0)
@@ -197,27 +201,28 @@ GEM
197
201
  rspec_junit_formatter (0.2.3)
198
202
  builder (< 4)
199
203
  rspec-core (>= 2, < 4, != 2.12.0)
200
- rubocop (0.39.0)
201
- parser (>= 2.3.0.7, < 3.0)
204
+ rubocop (0.40.0)
205
+ parser (>= 2.3.1.0, < 3.0)
202
206
  powerpack (~> 0.1)
203
207
  rainbow (>= 1.99.1, < 3.0)
204
208
  ruby-progressbar (~> 1.7)
205
209
  unicode-display_width (~> 1.0, >= 1.0.1)
206
- ruby-progressbar (1.7.5)
210
+ ruby-progressbar (1.8.0)
207
211
  sawyer (0.7.0)
208
212
  addressable (>= 2.3.5, < 2.5)
209
213
  faraday (~> 0.8, < 0.10)
210
214
  semverse (1.2.1)
211
- serverspec (2.32.0)
215
+ serverspec (2.34.0)
212
216
  multi_json
213
217
  rspec (~> 3.0)
214
218
  rspec-its
215
219
  specinfra (~> 2.53)
216
220
  sfl (2.2)
221
+ slop (3.6.0)
217
222
  solve (2.0.3)
218
223
  molinillo (~> 0.4.2)
219
224
  semverse (~> 1.1)
220
- specinfra (2.56.1)
225
+ specinfra (2.57.2)
221
226
  net-scp
222
227
  net-ssh (>= 2.7, < 4.0)
223
228
  net-telnet
@@ -230,7 +235,7 @@ GEM
230
235
  thor
231
236
  timers (4.0.4)
232
237
  hitimes
233
- unicode-display_width (1.0.3)
238
+ unicode-display_width (1.0.5)
234
239
  uuidtools (2.1.5)
235
240
  varia_model (0.4.1)
236
241
  buff-extensions (~> 1.0)
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.1.4
1
+ 1.1.5
data/docs/configuration/profile.md CHANGED
@@ -32,6 +32,56 @@ Add a packer build
32
32
  * `source_ami` The source AMI ID for an `amazon-ebs`
33
33
  * `ssh_username` Default `ubuntu`
34
34
  * `ami_virtualization_type` Default `hvm`
35
+ * `tagging_role` the name of an IAM role that exists in each remote account that allows the AMI to be retagged
36
+
37
+ Example usage:
38
+
39
+ <pre>
40
+ profile bake: Config.profile(:default) do |bake|
41
+ bake.packer do |packer|
42
+ packer.build :default do |build|
43
+ build.tagging_role 'CreateTagsOnAllImages'
44
+ end
45
+ end
46
+ end
47
+ </pre>
48
+
49
+ Example IAM policy in remote account:
50
+
51
+ <pre>
52
+ {
53
+ "Version": "2012-10-17",
54
+ "Statement": [
55
+ {
56
+ "Sid": "StmtId",
57
+ "Effect": "Allow",
58
+ "Action": [
59
+ "ec2:CreateTags"
60
+ ],
61
+ "Resource": [
62
+ "*"
63
+ ]
64
+ }
65
+ ]
66
+ }
67
+ </pre>
68
+
69
+
70
+ The above policy needs to be assigned to a role that enables a trust relationship with the account that builds the AMI:
71
+
72
+ <pre>
73
+ {
74
+ "Version": "2012-10-17",
75
+ "Statement": [
76
+ {
77
+ "Effect": "Allow",
78
+ "Principal": {
79
+ "AWS": "arn:aws:iam::[ami_builder_account]:user/[ami_builder_user]"
80
+ },
81
+ "Action": "sts:AssumeRole"
82
+ }
83
+ }
84
+ </pre>
35
85
 
36
86
  ## TODO: Share accounts
37
87
 
data/lib/builderator/config/file.rb CHANGED
@@ -224,6 +224,9 @@ module Builderator
224
224
  attribute :ami_description
225
225
  attribute :ami_users, :type => :list
226
226
  attribute :ami_regions, :type => :list
227
+
228
+ ## Assumable role for tagging AMIs in remote accounts
229
+ attribute :tagging_role
227
230
  end
228
231
  end
229
232
 
data/lib/builderator/interface/packer.rb CHANGED
@@ -33,6 +33,9 @@ module Builderator
33
33
  # has full support again.
34
34
  build_hash.delete(:ami_regions)
35
35
 
36
+ # This is not directly supported by Packer
37
+ build_hash.delete(:tagging_role)
38
+
36
39
  json[:builders] << build_hash
37
40
  end
38
41
 
data/lib/builderator/tasks.rb CHANGED
@@ -68,11 +68,13 @@ module Builderator
68
68
 
69
69
  desc 'image [PROFILE = default]', 'Build an AMI of PROFILE'
70
70
  method_option :debug, :type => :boolean
71
+ method_option :remote_tag, :type => :boolean, :default => true
71
72
  method_option :copy, :type => :boolean, :default => true
72
73
  def image(profile = :default)
73
74
  prepare
74
75
 
75
76
  invoke Tasks::Packer, :build, [profile], options
77
+ invoke Tasks::Packer, :remote_tag, [profile], options if options['remote_tag']
76
78
  invoke Tasks::Packer, :copy, [profile], options if options['copy']
77
79
  end
78
80
 
data/lib/builderator/tasks/packer.rb CHANGED
@@ -53,6 +53,7 @@ module Builderator
53
53
 
54
54
  invoke :wait, [profile], options
55
55
  invoke :tag, [profile], options
56
+ invoke :share, [profile], options
56
57
  end
57
58
 
58
59
  desc 'tag PROFILE', 'Tag AMIs in other regions'
@@ -128,6 +129,82 @@ module Builderator
128
129
  say_status :complete, 'All copied images are available'
129
130
  end
130
131
 
132
+ desc 'remote_tag PROFILE', 'Apply existing tags to the AMI in remote AWS accounts'
133
+ def remote_tag(profile)
134
+ invoke :configure, [profile], options
135
+
136
+ sts_client = Aws::STS::Client.new(region: Config.aws.region)
137
+ allowed_cred_keys = %w(access_key_id secret_access_key session_token)
138
+
139
+ images.each do |image_name, (image, build)|
140
+ filters = [{
141
+ :name => 'name',
142
+ :values => [image_name]
143
+ }]
144
+
145
+ if build.tagging_role.nil?
146
+ say_status :complete, 'No remote tagging to be performed as no IAM role is defined'
147
+ return
148
+ end
149
+
150
+ build.ami_users.each do |account|
151
+ role_arn = "arn:aws:iam::#{account}:role/#{build.tagging_role}"
152
+ begin
153
+ response = sts_client.assume_role( :role_arn => role_arn, :role_session_name => "tag-new-ami")
154
+ raise "Could not assume role [#{role_arn}]. Perhaps it does not exist?" unless response.successful?
155
+ rescue => e
156
+ say_status :skip, "Got error when trying to assume role: #{e.message} - continuing."
157
+ next
158
+ end
159
+
160
+ creds_hash = response.credentials.to_h.keep_if { |k,v| allowed_cred_keys.include?(k.to_s) }
161
+
162
+ say_status :remote_tag, "Tag AMI #{image_name} (#{image.image_id}) in account #{account}"
163
+ Util.ec2(Config.aws.region, creds_hash)
164
+ .create_tags(:dry_run => false, :resources => [image.image_id], :tags => image.tags)
165
+ end
166
+ end
167
+ say_status :complete, 'Remote tagging complete'
168
+ end
169
+
170
+ desc 'share PROFILE', 'Share copied AMIs in other accounts'
171
+ def share(profile)
172
+ invoke :configure, [profile], options
173
+
174
+ shared = false
175
+
176
+ images.each do |image_name, (image, build)|
177
+ build.ami_regions.each do |region|
178
+ build.ami_users.each do |user|
179
+ shared = true
180
+
181
+ filters = [{
182
+ :name => 'name',
183
+ :values => [image_name]
184
+ }]
185
+
186
+ regional_image = Util.ec2(region).describe_images(:filters => filters).images.first
187
+
188
+ say_status :share, "image #{image_name} (#{regional_image.image_id}) with #{user}"
189
+
190
+ share_image_parameters = {
191
+ :image_id => regional_image.image_id,
192
+ :launch_permission => {
193
+ :add => [
194
+ {
195
+ :user_id => user
196
+ }
197
+ ]
198
+ }
199
+ }
200
+
201
+ Util.ec2(region).modify_image_attribute(share_image_parameters)
202
+ end
203
+ end
204
+ end
205
+ say_status :complete, 'All images are shared' if shared
206
+ end
207
+
131
208
  private
132
209
 
133
210
  ## Find details for generated images in current region
data/lib/builderator/util.rb CHANGED
@@ -60,8 +60,15 @@ module Builderator
60
60
  ##
61
61
  # AWS Clients
62
62
  ##
63
- def ec2(region = Config.aws.region)
64
- clients["ec2-#{region}"] ||= Aws::EC2::Client.new(:region => region)
63
+ def ec2(region = Config.aws.region, credentials=nil)
64
+ options = { :region => region }
65
+
66
+ # Don't memoize if supplying explicit credentials as it could be an assumed role for a remote account
67
+ if credentials.nil?
68
+ clients["ec2-#{region}"] ||= Aws::EC2::Client.new(options)
69
+ else
70
+ Aws::EC2::Client.new options.merge(credentials)
71
+ end
65
72
  end
66
73
 
67
74
  def asg(region = Config.aws.region)
data/rvm.env CHANGED
@@ -1,14 +1,14 @@
1
- declare -x GEM_HOME="/home/jenkins/.rvm/gems/ruby-2.1.5@bakery-0"
2
- declare -x GEM_PATH="/home/jenkins/.rvm/gems/ruby-2.1.5@bakery-0:/home/jenkins/.rvm/gems/ruby-2.1.5@global"
1
+ declare -x GEM_HOME="/home/jenkins/.rvm/gems/ruby-2.1.5@bakery-1"
2
+ declare -x GEM_PATH="/home/jenkins/.rvm/gems/ruby-2.1.5@bakery-1:/home/jenkins/.rvm/gems/ruby-2.1.5@global"
3
3
  declare -x HOME="/home/jenkins"
4
- declare -x HUDSON_COOKIE="65158711-c2ba-4a30-9b80-ed21ba86750e"
4
+ declare -x HUDSON_COOKIE="84805bab-9ad6-4496-9036-833e511db870"
5
5
  declare -x IRBRC="/home/jenkins/.rvm/rubies/ruby-2.1.5/.irbrc"
6
6
  declare -x LANG="en_US.UTF-8"
7
7
  declare -x LC_ALL="en_US.UTF-8"
8
8
  declare -x MY_RUBY_HOME="/home/jenkins/.rvm/rubies/ruby-2.1.5"
9
9
  declare -x NLSPATH="/usr/dt/lib/nls/msg/%L/%N.cat"
10
10
  declare -x OLDPWD
11
- declare -x PATH="/home/jenkins/.rvm/gems/ruby-2.1.5@bakery-0/bin:/home/jenkins/.rvm/gems/ruby-2.1.5@global/bin:/home/jenkins/.rvm/rubies/ruby-2.1.5/bin:/home/jenkins/.rvm/bin:/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin"
11
+ declare -x PATH="/home/jenkins/.rvm/gems/ruby-2.1.5@bakery-1/bin:/home/jenkins/.rvm/gems/ruby-2.1.5@global/bin:/home/jenkins/.rvm/rubies/ruby-2.1.5/bin:/home/jenkins/.rvm/bin:/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin"
12
12
  declare -x PWD="/home/jenkins/workspace/gem-public-builderator-master"
13
13
  declare -x RUBY_VERSION="ruby-2.1.5"
14
14
  declare -x SHLVL="1"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: builderator
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.4
4
+ version: 1.1.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - John Manero
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-04-22 00:00:00.000000000 Z
11
+ date: 2016-05-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake