cfndk 0.0.1

data/bin/cfndk

@@ -0,0 +1,120 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+
+require 'rainbow/ext/string'
+require 'optparse'
+require 'fileutils'
+require 'pathname'
+require 'erb'
+require 'yaml'
+require 'json'
+require 'aws-sdk'
+require 'terminal-table'
+require 'securerandom'
+
+require 'cfndk.rb'
+
+cur_dir = Dir.getwd
+
+option = {
+  config_path: "#{cur_dir}/cfndk.yml",
+  uuid: ENV['CFNDK_UUID'] || nil,
+  properties: {},
+}
+
+opt = OptionParser.new do |o|
+  o.version = CFnDK::VERSION
+  o.summary_indent = ' ' * 4
+  o.banner = 'Usage: cfndk [cmd] [options]'
+  o.on_head('[cmd]',
+            '    init                  create config YAML file',
+            '    create                create stacks',
+            '    update                update stacks',
+            '    create-or-changeset   create stacks or create changeset',
+            '    destroy               destroy stacks',
+            '    generate-uuid         generate UUID',
+            '    report-event          report stack event',
+            '    report-stack          report stack',
+            '    report-stack-resource report stack resource',
+            '[enviroment variables]',
+            "    AWS_PROFILE: #{ENV['AWS_PROFILE']}",
+            "    AWS_DEFAULT_REGION: #{ENV['AWS_DEFAULT_REGION']}",
+            "    AWS_REGION: #{ENV['AWS_REGION']}",
+            "    AWS_ACCESS_KEY_ID: #{ENV['AWS_ACCESS_KEY_ID']}",
+            "    AWS_SECRET_ACCESS_KEY: #{ENV['AWS_SECRET_ACCESS_KEY']}",
+            "    AWS_SESSION_TOKEN: #{ENV['AWS_SECRET_ACCESS_KEY']}",
+            "    AWS_CONTAINER_CREDENTIALS_RELATIVE_URI: #{ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']}",
+            '[options]')
+  o.on('-v', '--verbose', 'verbose mode') { |v| option[:v] = v }
+  o.on('-c', '--config_path <cfndi.yml>', "config path (default: #{option[:config_path]})") { |v| option[:config_path] = v }
+  o.on('-p', '--properties <name>=<value>', 'properties') do |v|
+    md = v.match(/^([a-zA-Z_]+[a-zA-Z0-9_]*)=(.*)$/)
+    if md
+      option[:properties][md[0]] = md[1]
+    else
+      raise "invalid properties: '#{v}'" unless md
+    end
+  end
+  o.on('-a', '--auto-uuid') { option[:uuid] = SecureRandom.uuid }
+  o.on('-u', '--uuid <uuid>') { |v| option[:uuid] = v }
+  o.permute!(ARGV)
+end
+
+if ARGV.length != 1
+  puts opt.help
+  exit 1
+elsif ARGV[0] == 'generate-uuid'
+  puts SecureRandom.uuid
+  exit 0
+end
+
+unless File.file?(option[:config_path]) || ARGV[0] == 'init'
+  puts "File does not exist. #{option[:config_path]}".color :red
+  exit 1
+end
+
+$LOAD_PATH.unshift "#{cur_dir}/lib"
+$LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'
+
+data = open(option[:config_path], 'r') { |f| YAML.load(f) } if File.file?(option[:config_path]) && ARGV[0] != 'init'
+
+credentials = CFnDK::Aws::CredentialProviderChain.new.resolve
+client = Aws::CloudFormation::Client.new(credentials: credentials)
+stacks = CFnDK::Stacks.new(data, option, client)
+
+if ARGV[0] == 'create'
+  puts 'create...'.color :green
+  stacks.create
+elsif ARGV[0] == 'update'
+  puts 'update...'.color :green
+  stacks.update
+elsif ARGV[0] == 'create-or-changeset'
+  puts 'create or changeset...'.color :green
+  stacks.create_or_changeset
+elsif ARGV[0] == 'destroy'
+  puts 'destroy...'.color :green
+  stacks.destroy
+elsif ARGV[0] == 'report-event'
+  puts 'report event...'.color :green
+  stacks.report_event
+elsif ARGV[0] == 'report-stack'
+  puts 'report stack...'.color :green
+  stacks.report_stack
+elsif ARGV[0] == 'report-stack-resource'
+  puts 'report stack resource...'.color :green
+  stacks.report_stack_resource
+elsif ARGV[0] == 'init'
+  if File.file?(option[:config_path])
+    puts "File exist. #{option[:config_path]}".color :red
+    exit 1
+  end
+  puts 'init...'.color :green
+  FileUtils.cp_r(Dir.glob(File.dirname(__FILE__) + '/../skel/*'), './')
+  puts "create #{option[:config_path]}".color :green
+else
+  puts opt.help
+  exit 1
+end
+
+exit 0

data/cfndk.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'cfndk/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'cfndk'
+  spec.version       = CFnDK::VERSION
+  spec.authors       = ['Yoshihisa AMAKATA']
+  spec.email         = ['amakata@gmail.com']
+  spec.summary       = 'cfndk is AWS Cloud Formation Development Kit'
+  spec.description   = 'cfndk is AWS Cloud Formation Development Kit'
+  spec.homepage      = 'https://github.com/Amakata/cfndk'
+  spec.license       = 'http://www.apache.org/licenses/license-2.0'
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler', '~> 1.7'
+  spec.add_development_dependency 'rake', '~> 11.1.2'
+
+  spec.add_dependency 'rainbow', '~> 2.1.0'
+  spec.add_dependency 'aws-sdk', '~> 3'
+  spec.add_dependency 'camelizable', '~> 0.0.3'
+  spec.add_dependency 'terminal-table', '~> 1'
+end

data/lib/cfndk/aws/credential_provider_chain.rb

@@ -0,0 +1,115 @@
+module CFnDK
+  module Aws
+    class CredentialProviderChain
+      def initialize(config = nil)
+        @config = config
+      end
+
+      def resolve
+        providers.each do |method_name, options|
+          provider = send(method_name, options.merge(config: @config))
+          return provider if provider && provider.set?
+        end
+        nil
+      end
+
+      private
+
+      def providers
+        [
+          [:static_credentials, {}],
+          [:env_credentials, {}],
+          [:assume_role_credentials, {}],
+          [:shared_credentials, {}],
+          [:process_credentials, {}],
+          [:instance_profile_credentials, {
+            retries: @config ? @config.instance_profile_credentials_retries : 0,
+            http_open_timeout: @config ? @config.instance_profile_credentials_timeout : 1,
+            http_read_timeout: @config ? @config.instance_profile_credentials_timeout : 1,
+          }],
+        ]
+      end
+
+      def static_credentials(options)
+        if options[:config]
+          ::Aws::Credentials.new(
+            options[:config].access_key_id,
+            options[:config].secret_access_key,
+            options[:config].session_token)
+        else
+          nil
+        end
+      end
+
+      def env_credentials(options)
+        key =    %w(AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID AWS_ACCESS_KEY)
+        secret = %w(AWS_SECRET_ACCESS_KEY AMAZON_SECRET_ACCESS_KEY AWS_SECRET_KEY)
+        token =  %w(AWS_SESSION_TOKEN AMAZON_SESSION_TOKEN)
+        ::Aws::Credentials.new(envar(key), envar(secret), envar(token))
+      end
+
+      def envar(keys)
+        keys.each do |key|
+          return ENV[key] if ENV.key?(key)
+        end
+        nil
+      end
+
+      def shared_credentials(options)
+        if options[:config]
+          ::Aws::SharedCredentials.new(profile_name: options[:config].profile)
+        else
+          ::Aws::SharedCredentials.new(
+            profile_name: ENV['AWS_PROFILE'].nil? ? 'default' : ENV['AWS_PROFILE'])
+        end
+      rescue ::Aws::Errors::NoSuchProfileError
+        nil
+      end
+
+      def process_credentials(options)
+        profile_name = options[:config].profile if options[:config]
+        profile_name ||= ENV['AWS_PROFILE'].nil? ? 'default' : ENV['AWS_PROFILE']
+
+        config = ::Aws.shared_config
+        if config.config_enabled? && process_provider = config.credentials_process(profile_name)
+          ::Aws::ProcessCredentials.new(process_provider)
+        else
+          nil
+        end
+      rescue ::Aws::Errors::NoSuchProfileError
+        nil
+      end
+
+      def assume_role_credentials(options)
+        if ::Aws.shared_config.config_enabled?
+          profile = nil
+          region = nil
+          if options[:config]
+            profile = options[:config].profile
+            region = options[:config].region
+            assume_role_with_profile(options[:config].profile, options[:config].region)
+          end
+          assume_role_with_profile(profile, region)
+        else
+          nil
+        end
+      end
+
+      def instance_profile_credentials(options)
+        if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
+          ::Aws::ECSCredentials.new(options)
+        else
+          ::Aws::InstanceProfileCredentials.new(options)
+        end
+      end
+
+      def assume_role_with_profile(prof, region)
+        ::Aws.shared_config.assume_role_credentials_from_config(
+          profile: prof,
+          region: region,
+          chain_config: @config
+        )
+      end
+    end
+  end
+end

data/lib/cfndk/parameter_string.rb

@@ -0,0 +1,22 @@
+module CFnDK
+  class ParameterString
+    attr_reader :uuid, :properties
+    def initialize(str, option)
+      @erb = ERB.new(str, nil, '-')
+      @properties = option[:properties]
+      @uuid = option[:uuid]
+    end
+
+    def value
+      @erb.result(binding)
+    end
+
+    def append_uuid(glue = '-')
+      if uuid
+        glue + uuid
+      else
+        ''
+      end
+    end
+  end
+end

data/lib/cfndk/stack.rb

@@ -0,0 +1,44 @@
+module CFnDK
+  class Stack
+    attr_reader :template_file, :parameter_input, :capabilities, :depends, :timeout_in_minutes
+    def initialize(name, data, option)
+      @name = name
+      @template_file = data['template_file'] || ''
+      @parameter_input = data['parameter_input'] || ''
+      @capabilities = data['capabilities'] || []
+      @depends = data['depends'] || []
+      @timeout_in_minutes = data['timeout_in_minutes'] || 1
+      @override_parameters = data['parameters'] || {}
+      @option = option
+    end
+
+    def name
+      [@name, @option[:uuid]].compact.join('-')
+    end
+
+    def template_body
+      File.open(@template_file, 'r').read
+    end
+
+    def parameters
+      json = JSON.load(open(@parameter_input).read)
+      json['Parameters'].map do |item|
+        next if item.empty?
+        {
+          parameter_key: item['ParameterKey'],
+          parameter_value: eval_override_parameter(item['ParameterKey'], item['ParameterValue']),
+        }
+      end.compact
+    end
+
+    private
+
+    def eval_override_parameter(k, v)
+      if @override_parameters[k]
+        CFnDK::ParameterString.new(@override_parameters[k], @option).value
+      else
+        v
+      end
+    end
+  end
+end

data/lib/cfndk/stacks.rb

@@ -0,0 +1,308 @@
+module CFnDK
+  class Stacks
+    def initialize(data, option, cfn_client)
+      @option = option
+      @cfn_client = cfn_client
+      create_stack data
+      create_sequence
+    end
+
+    def create
+      @sequence.each do |stacks|
+        stacks.each do |name|
+          puts(('creating ' + name).color(:green))
+          puts('Name        :' + @stacks[name].name) if @option[:v]
+          puts('Parametres  :' + @stacks[name].parameters.inspect) if @option[:v]
+          puts('Capabilities:' + @stacks[name].capabilities.inspect) if @option[:v]
+          puts('timeout     :' + @stacks[name].timeout_in_minutes.to_s) if @option[:v]
+          @cfn_client.create_stack(
+            stack_name: @stacks[name].name,
+            template_body: @stacks[name].template_body,
+            parameters: @stacks[name].parameters,
+            capabilities: @stacks[name].capabilities,
+            timeout_in_minutes: @stacks[name].timeout_in_minutes
+          )
+        end
+        stacks.each do |name|
+          begin
+            @cfn_client.wait_until(
+              :stack_create_complete,
+              stack_name: @stacks[name].name
+            )
+            puts(('created ' + name).color(:green))
+          rescue Aws::Waiters::Errors::FailureStateError => ex
+            puts ex.message
+            report_event
+            raise ex
+          end
+        end
+      end
+    end
+
+    def update
+      @sequence.each do |stacks|
+        updating_stacks = []
+        stacks.each do |name|
+          puts(('updating ' + name).color(:green))
+          puts('Name        :' + @stacks[name].name) if @option[:v]
+          puts('Parametres  :' + @stacks[name].parameters.inspect) if @option[:v]
+          puts('Capabilities:' + @stacks[name].capabilities.inspect) if @option[:v]
+          puts('timeout     :' + @stacks[name].timeout_in_minutes.to_s) if @option[:v]
+          begin
+            @cfn_client.update_stack(
+              stack_name: @stacks[name].name,
+              template_body: @stacks[name].template_body,
+              parameters: @stacks[name].parameters,
+              capabilities: @stacks[name].capabilities
+            )
+            updating_stacks.push name
+          rescue Aws::CloudFormation::Errors::ValidationError => ex
+            puts ex.message.color :red
+          end
+        end
+        updating_stacks.each do |name|
+          @cfn_client.wait_until(
+            :stack_update_complete,
+            stack_name: @stacks[name].name
+          )
+          puts(('updated ' + name).color(:green))
+        end
+      end
+    end
+
+    def create_or_changeset
+      @sequence.each do |stacks|
+        create_stacks = []
+        changeset_stacks = []
+        stacks.each do |name|
+          begin
+            @cfn_client.describe_stacks(
+              stack_name: @stacks[name].name
+            )
+            puts(('creating ' + name + @option[:uuid]).color(:green))
+            puts('Name        :' + @stacks[name].name) if @option[:v]
+            puts('Parametres  :' + @stacks[name].parameters.inspect) if @option[:v]
+            puts('Capabilities:' + @stacks[name].capabilities.inspect) if @option[:v]
+            @cfn_client.create_change_set(
+              stack_name: @stacks[name].name,
+              template_body: @stacks[name].template_body,
+              parameters: @stacks[name].parameters,
+              capabilities: @stacks[name].capabilities,
+              change_set_name:  @stacks[name].name + @option[:uuid]
+            )
+            changeset_stacks.push name
+          rescue Aws::CloudFormation::Errors::ValidationError
+            puts(('creating ' + name).color(:green))
+            puts('Name        :' + @stacks[name].name) if @option[:v]
+            puts('Parametres  :' + @stacks[name].parameters.inspect) if @option[:v]
+            puts('Capabilities:' + @stacks[name].capabilities.inspect) if @option[:v]
+            puts('timeout     :' + @stacks[name].timeout_in_minutes.to_s) if @option[:v]
+            @cfn_client.create_stack(
+              stack_name: @stacks[name].name,
+              template_body: @stacks[name].template_body,
+              parameters: @stacks[name].parameters,
+              capabilities: @stacks[name].capabilities,
+              timeout_in_minutes: @stacks[name].timeout_in_minutes
+            )
+            create_stacks.push name
+          end
+        end
+        create_stacks.each do |name|
+          @cfn_client.wait_until(
+            :stack_create_complete,
+            stack_name: @stacks[name].name
+          )
+          puts(('created ' + name).color(:green))
+        end
+        changeset_stacks.each do |name|
+          begin
+            @cfn_client.wait_until(
+              :change_set_create_complete,
+              stack_name: @stacks[name].name,
+              change_set_name: @stacks[name].name + @option[:uuid]
+            )
+            puts(('created ' + @stacks[name].name + @option[:uuid]).color(:green))
+          rescue Aws::Waiters::Errors::FailureStateError => ex
+            resp = @cfn_client.describe_change_set(
+              change_set_name: @stacks[name].name + @option[:uuid],
+              stack_name: @stacks[name].name
+            )
+            if resp.status_reason != "The submitted information didn't contain changes. Submit different information to create a change set."
+              puts ex.message.color :red
+              raise ex
+            else
+              puts(('failed ' + @stacks[name].name + @option[:uuid]).color(:red))
+              puts resp.status_reason
+              @cfn_client.delete_change_set(
+                change_set_name: @stacks[name].name + @option[:uuid],
+                stack_name: @stacks[name].name
+              )
+              puts(('deleted ' + @stacks[name].name + @option[:uuid]).color(:red))
+            end
+          end
+        end
+      end
+    end
+
+    def report_stack
+      rows = @sequence.flat_map do |stacks|
+        stacks.flat_map do |name|
+          rows = []
+          begin
+            rows = @cfn_client.describe_stacks(
+              stack_name: @stacks[name].name
+            ).stacks.map do |item|
+              [
+                item.stack_name,
+                item.creation_time,
+                item.deletion_time,
+                case item.stack_status
+                when 'CREATE_FAILED' then
+                  item.stack_status.color :red
+                when 'ROLLBACK_IN_PROGRESS' then
+                  item.stack_status.color :red
+                when 'ROLLBACK_COMPLETE' then
+                  item.stack_status.color :red
+                when 'CREATE_COMPLETE' then
+                  item.stack_status.color :green
+                when 'DELETE_COMPLETE' then
+                  item.stack_status.color :gray
+                else
+                  item.stack_status.color :orange
+                end,
+                item.stack_status_reason]
+            end
+          rescue Aws::CloudFormation::Errors::ValidationError => ex
+            puts ex.message
+          end
+          rows
+        end
+      end
+      table = Terminal::Table.new headings: %w(Name Creation Deletion Status Reason), rows: rows
+      puts table
+    end
+
+    def report_stack_resource
+      @sequence.each do |stacks|
+        stacks.each do |name|
+          puts(('stack ' + name).color(:green))
+          puts('Name        :' + @stacks[name].name) if @option[:v]
+          begin
+            rows = @cfn_client.describe_stack_resources(
+              stack_name: @stacks[name].name
+            ).stack_resources.map do |item|
+              [
+                item.logical_resource_id,
+                item.physical_resource_id,
+                item.resource_type,
+                item.timestamp,
+                case item.resource_status
+                when 'CREATE_FAILED' then
+                  item.resource_status.color :red
+                when 'ROLLBACK_IN_PROGRESS' then
+                  item.resource_status.color :red
+                when 'ROLLBACK_COMPLETE' then
+                  item.resource_status.color :red
+                when 'CREATE_COMPLETE' then
+                  item.resource_status.color :green
+                when 'DELETE_COMPLETE' then
+                  item.resource_status.color :gray
+                else
+                  item.resource_status.color :orange
+                end,
+                item.resource_status_reason,
+                item.description,
+              ]
+            end
+            table = Terminal::Table.new headings: %w(L-name P-name Type Timestamp Status Reason Desc), rows: rows
+            puts table
+          rescue Aws::CloudFormation::Errors::ValidationError => ex
+            puts ex.message
+          end
+        end
+      end
+    end
+
+    def report_event
+      @sequence.each do |stacks|
+        stacks.each do |name|
+          puts(('stack ' + name).color(:green))
+          puts('Name        :' + @stacks[name].name) if @option[:v]
+          begin
+            rows = @cfn_client.describe_stack_events(
+              stack_name: @stacks[name].name
+            ).stack_events.map do |item|
+              [
+                item.resource_type,
+                item.timestamp,
+                case item.resource_status
+                when 'CREATE_FAILED' then
+                  item.resource_status.color :red
+                when 'ROLLBACK_IN_PROGRESS' then
+                  item.resource_status.color :red
+                when 'ROLLBACK_COMPLETE' then
+                  item.resource_status.color :red
+                when 'CREATE_COMPLETE' then
+                  item.resource_status.color :green
+                when 'DELETE_COMPLETE' then
+                  item.resource_status.color :gray
+                else
+                  item.resource_status.color :orange
+                end,
+                item.resource_status_reason]
+            end
+            table = Terminal::Table.new headings: %w(Type Time Status Reason), rows: rows
+            puts table
+          rescue Aws::CloudFormation::Errors::ValidationError => ex
+            puts ex.message
+          end
+        end
+      end
+    end
+
+    def destroy
+      @sequence.reverse_each do |stacks|
+        stacks.each do |name|
+          puts(('deleting ' + name).color(:green))
+          puts('Name        :' + @stacks[name].name) if @option[:v]
+          @cfn_client.delete_stack(
+            stack_name: @stacks[name].name
+          )
+        end
+        stacks.each do |name|
+          @cfn_client.wait_until(
+            :stack_delete_complete,
+            stack_name: @stacks[name].name
+          )
+          puts(('deleted ' + name).color(:green))
+        end
+      end
+    end
+
+    private
+
+    def create_stack(data)
+      @stacks = {}
+      data['stacks'].each do |name, properties|
+        @stacks[name] = Stack.new(name, properties, @option)
+      end
+    end
+
+    def create_sequence
+      @sequence = []
+      names_of_upprocessed_stack = @stacks.keys
+      names_of_processed_stack = []
+      until names_of_upprocessed_stack.empty?
+        names = names_of_upprocessed_stack.select do |name|
+          @stacks[name].depends.all? do |depend_name|
+            names_of_processed_stack.include? depend_name
+          end
+        end
+        raise 'There are cyclic dependency.' if names.empty?
+        names_of_processed_stack += names
+        names_of_upprocessed_stack -= names
+        @sequence.push names
+      end
+    end
+  end
+end

data/lib/cfndk/version.rb

@@ -0,0 +1,3 @@
+module CFnDK
+  VERSION = '0.0.1'.freeze
+end

data/lib/cfndk.rb

@@ -0,0 +1,8 @@
+require 'cfndk/version'
+require 'cfndk/stack'
+require 'cfndk/stacks'
+require 'cfndk/parameter_string'
+require 'cfndk/aws/credential_provider_chain'
+
+module CFnDK
+end

data/sample/cfndk.yml

@@ -0,0 +1,39 @@
+stacks:
+  Network:
+    template_file: network/network.yaml 
+    parameter_input: network/prod.json
+    parameters:
+      VpcName: Prod<%= append_uuid %>
+      InternalDnsName: prod<%= append_uuid %>.local
+    timeout_in_minutes: 8
+  Iam:
+    template_file: iam/iam.yaml
+    parameter_input: iam/prod.json
+    parameters:
+      WebRoleName: WebRole<%= append_uuid %>
+      WebInstanceProfileName: WebInstanceProfile<%= append_uuid %>
+    capabilities:
+      - CAPABILITY_IAM
+      - CAPABILITY_NAMED_IAM
+    timeout_in_minutes: 3
+  Sg:
+    template_file: sg/sg.yaml
+    parameter_input: sg/prod.json
+    parameters:
+    depends:
+    - Network
+  Web:
+    template_file: web/web.yaml
+    parameter_input: web/prod.json
+    parameters:
+    depends:
+    - Sg
+    - Iam
+    timeout_in_minutes: 2
+  Db:
+    template_file: db/db.yaml
+    parameter_input: db/prod.json
+    parameters:
+    depends:
+    - Sg
+    timeout_in_minutes: 30