cfndk 0.1.1.2 → 0.1.2

data/lib/cfndk/command.rb

@@ -2,6 +2,8 @@ module CFnDK
   class Command < Thor
     include Thor::Actions
     include ConfigFileLoadable
+    include CredentialResolvable
+
     class << self
       def exit_on_failure?
         true
@@ -44,19 +46,25 @@ module CFnDK
     option :config_path, type: :string, aliases: 'c', default: "#{Dir.getwd}/cfndk.yml", desc: 'The configuration file to use'
     option :uuid, type: :string, aliases: 'u', default: ENV['CFNDK_UUID'] || nil, desc: 'Use UUID'
     option :properties, type: :hash, aliases: 'p', default: {}, desc: 'Set property'
-    option :stack_names, type: :array, desc: 'Target stack names'
+    option :stack_names, type: :array, aliases: 's', desc: 'Target stack names'
     option :keypair_names, type: :array, desc: 'Target keypair names'
     def create
       CFnDK.logger.info 'create...'.color(:green)
       data = load_config_data(options)
-
-      credentials = CFnDK::CredentialProviderChain.new.resolve
+      credentials = resolve_credential(data, options)
+      global_config = CFnDK::GlobalConfig.new(data, options)
       stacks = CFnDK::Stacks.new(data, options, credentials)
       keypairs = CFnDK::KeyPairs.new(data, options, credentials)
 
+      global_config.pre_command_execute
+      stacks.pre_command_execute
       stacks.validate
+      keypairs.pre_command_execute
       keypairs.create
+      keypairs.post_command_execute
       stacks.create
+      stacks.post_command_execute
+      global_config.post_command_execute
       return 0
     rescue => e
       CFnDK.logger.error "#{e.class}: #{e.message}".color(:red)
@@ -73,8 +81,8 @@ module CFnDK
     def destroy
       CFnDK.logger.info 'destroy...'.color(:green)
       data = load_config_data(options)
+      credentials = resolve_credential(data, options)
 
-      credentials = CFnDK::CredentialProviderChain.new.resolve
       stacks = CFnDK::Stacks.new(data, options, credentials)
       keypairs = CFnDK::KeyPairs.new(data, options, credentials)
 
@@ -97,14 +105,14 @@ module CFnDK
     desc 'report', 'Report stack'
     option :config_path, type: :string, aliases: 'c', default: "#{Dir.getwd}/cfndk.yml", desc: 'The configuration file to use'
     option :uuid, type: :string, aliases: 'u', default: ENV['CFNDK_UUID'] || nil, desc: 'Use UUID'
-    option :stack_names, type: :array, desc: 'Target stack names'
+    option :stack_names, type: :array, aliases: 's', desc: 'Target stack names'
     option :types, type: :array, default: %w(tag output parameter resource event), desc: 'Report type'
     def report
       CFnDK.logger.info 'report...'.color(:green)
 
       data = load_config_data(options)
+      credentials = resolve_credential(data, options)
 
-      credentials = CFnDK::CredentialProviderChain.new.resolve
       stacks = CFnDK::Stacks.new(data, options, credentials)
       stacks.report
       return 0

data/lib/cfndk/credential_provider_chain.rb

@@ -1,12 +1,14 @@
 module CFnDK
   class CredentialProviderChain
-    def initialize(config = nil)
-      @config = config
+    def initialize(profile = nil)
+      @profile = profile
     end
 
     def resolve
       providers.each do |method_name, options|
-        provider = send(method_name, options.merge(config: @config))
+        CFnDK.logger.debug "resolving: #{method_name}"
+        provider = send(method_name, options)
+        CFnDK.logger.debug "resolved: #{method_name}" if provider && provider.set?
         return provider if provider && provider.set?
       end
       nil
@@ -16,30 +18,17 @@ module CFnDK
 
     def providers
       [
-        [:static_credentials, {}],
         [:env_credentials, {}],
         [:assume_role_credentials, {}],
-        [:shared_credentials, {}],
-        [:process_credentials, {}],
+        [:shared_credentials, {profile: @profile}],
         [:instance_profile_credentials, {
-          retries: @config ? @config.instance_profile_credentials_retries : 0,
-          http_open_timeout: @config ? @config.instance_profile_credentials_timeout : 1,
-          http_read_timeout: @config ? @config.instance_profile_credentials_timeout : 1,
+          retries: 0,
+          http_open_timeout: 1,
+          http_read_timeout: 1,
         }],
       ]
     end
 
-    def static_credentials(options)
-      if options[:config]
-        ::Aws::Credentials.new(
-          options[:config].access_key_id,
-          options[:config].secret_access_key,
-          options[:config].session_token)
-      else
-        nil
-      end
-    end
-
     def env_credentials(options)
       key =    %w(AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID AWS_ACCESS_KEY)
       secret = %w(AWS_SECRET_ACCESS_KEY AMAZON_SECRET_ACCESS_KEY AWS_SECRET_KEY)
@@ -55,8 +44,8 @@ module CFnDK
     end
 
     def shared_credentials(options)
-      if options[:config]
-        ::Aws::SharedCredentials.new(profile_name: options[:config].profile)
+      if options[:profile]
+        ::Aws::SharedCredentials.new(profile_name: options[:profile])
       else
         ::Aws::SharedCredentials.new(
           profile_name: ENV['AWS_PROFILE'].nil? ? 'default' : ENV['AWS_PROFILE'])
@@ -65,29 +54,10 @@ module CFnDK
       nil
     end
 
-    def process_credentials(options)
-      profile_name = options[:config].profile if options[:config]
-      profile_name ||= ENV['AWS_PROFILE'].nil? ? 'default' : ENV['AWS_PROFILE']
-
-      config = ::Aws.shared_config
-      if config.config_enabled? && process_provider = config.credentials_process(profile_name)
-        ::Aws::ProcessCredentials.new(process_provider)
-      else
-        nil
-      end
-    rescue ::Aws::Errors::NoSuchProfileError
-      nil
-    end
-
     def assume_role_credentials(options)
       if ::Aws.shared_config.config_enabled?
         profile = nil
         region = nil
-        if options[:config]
-          profile = options[:config].profile
-          region = options[:config].region
-          assume_role_with_profile(options[:config].profile, options[:config].region)
-        end
         assume_role_with_profile(profile, region)
       else
         nil
@@ -106,7 +76,7 @@ module CFnDK
       ::Aws.shared_config.assume_role_credentials_from_config(
         profile: prof,
         region: region,
-        chain_config: @config
+        chain_config: nil
       )
     end
   end

data/lib/cfndk/credential_resolvable.rb

@@ -0,0 +1,10 @@
+module CFnDK
+  module CredentialResolvable
+    private
+
+    def resolve_credential(data, option)
+      global_config = CFnDK::GlobalConfig.new(data, option)
+      CFnDK::CredentialProviderChain.new(global_config.profile).resolve
+    end
+  end
+end

data/lib/cfndk/diff.rb

@@ -0,0 +1,38 @@
+module CFnDK
+  FORMAT = :unified
+  LINES = 3
+
+  def self.diff(data_old, data_new)
+    result = ''
+
+    file_length_difference = 0
+
+    data_old = data_old.split($/).map { |e| e.chomp }
+    data_new = data_new.split($/).map { |e| e.chomp }
+
+    diffs = Diff::LCS.diff(data_old, data_new)
+    diffs = nil if diffs.empty?
+
+    return '' unless diffs
+
+    oldhunk = hunk = nil
+
+    diffs.each do |piece|
+      begin
+        hunk = Diff::LCS::Hunk.new(data_old, data_new, piece, LINES, file_length_difference)
+        file_length_difference = hunk.file_length_difference
+
+        next unless oldhunk
+        next if LINES.positive? and hunk.merge(oldhunk)
+
+        result << oldhunk.diff(FORMAT) << "\n"
+      ensure
+        oldhunk = hunk
+      end
+    end
+
+    last = oldhunk.diff(FORMAT)
+    last << "\n" if last.respond_to?(:end_with?) && !last.end_with?("\n")
+    result << last
+  end
+end

data/lib/cfndk/global_config.rb

@@ -1,16 +1,46 @@
 module CFnDK
   class GlobalConfig
-    attr_reader :timeout_in_minutes, :s3_template_bucket, :s3_template_hash, :region, :role_arn
+    attr_reader :timeout_in_minutes, :s3_template_bucket, :s3_template_hash, :region, :role_arn, :package, :profile, :pre_command, :post_command
     def initialize(data, option)
       @timeout_in_minutes = 1
       @s3_template_bucket = 'cfndk-templates'
-      @s3_template_hash = SecureRandom.uuid
+      @s3_template_hash = Uuid.instance.uuid
       @region = ENV['AWS_REGION'] || 'us-east-1'
+      @package = false
+      @profile = ENV['AWS_PROFILE'] || nil
       return unless data['global'].is_a?(Hash)
       @timeout_in_minutes = data['global']['timeout_in_minutes'] || 1
       @s3_template_bucket = data['global']['s3_template_bucket'] || 'cfndk-templates'
       @region = data['global']['region'] || ENV['AWS_REGION'] || 'us-east-1'
+      @package = data['global']['package'] === 'true' ? true : false
       @role_arn = data['global']['role_arn'] || nil
+      @profile = ENV['AWS_PROFILE'] || data['global']['default_profile'] || nil
+      @pre_command = data['global']['pre_command'] || nil
+      @post_command = data['global']['post_command'] || nil
+    end
+
+    def pre_command_execute
+      if @pre_command
+        CFnDK.logger.info(('execute global pre command: ' + @pre_command).color(:green))
+        IO.popen(@pre_command, :err => [:child, :out]) do |io|
+          io.each_line do |line|
+            CFnDK.logger.info((line).color(:green))
+          end
+        end
+        raise 'global pre command is error. status: ' + $?.exitstatus.to_s + ' command: ' + @pre_command if $?.exitstatus != 0
+      end
+    end
+
+    def post_command_execute
+      if @post_command
+        CFnDK.logger.info(('execute global post command: ' + @post_command).color(:green))
+        IO.popen(@post_command, :err => [:child, :out]) do |io|
+          io.each_line do |line|
+            CFnDK.logger.info((line).color(:green))
+          end
+        end
+        raise 'global post command is error. status: ' + $?.exitstatus.to_s + ' command: ' + @post_command if $?.exitstatus != 0
+      end
     end
   end
 end

data/lib/cfndk/key_pair.rb

@@ -1,17 +1,22 @@
 module CFnDK
   class KeyPair
-    attr_reader :key_file
+    attr_reader :key_file, :enabled, :pre_command, :post_command
     def initialize(name, data, option, global_config, credentials)
       @global_config = global_config
       @name = name
       data = {} unless data
       @key_file = data['key_file'] || nil
       @region = data['region'] || @global_config.region
+      @pre_command = data['pre_command'] || nil
+      @post_command = data['post_command'] || nil
+      @enabled = true
+      @enabled = false if data['enabled'] === false
       @option = option
       @client = Aws::EC2::Client.new(credentials: credentials, region: @region)
     end
 
     def create
+      return unless @enabled
       CFnDK.logger.info(('creating keypair: ' + name).color(:green))
       key_pair = @client.create_key_pair(
         key_name: name
@@ -22,6 +27,7 @@ module CFnDK
     end
 
     def destroy
+      return unless @enabled
       if exists?
         CFnDK.logger.info(('deleting keypair: ' + name).color(:green))
         @client.delete_key_pair(
@@ -51,6 +57,32 @@ module CFnDK
       @name
     end
 
+    def pre_command_execute
+      return unless @enabled
+      if @pre_command
+        CFnDK.logger.info(('execute pre command: ' + @pre_command).color(:green))
+        IO.popen(@pre_command, :err => [:child, :out]) do |io|
+          io.each_line do |line|
+            CFnDK.logger.info((line).color(:green))
+          end
+        end
+        raise 'pre command is error. status: ' + $?.exitstatus.to_s + ' command: ' + @pre_command if $?.exitstatus != 0
+      end
+    end
+
+    def post_command_execute
+      return unless @enabled
+      if @post_command
+        CFnDK.logger.info(('execute post command: ' + @post_command).color(:green))
+        IO.popen(@post_command, :err => [:child, :out]) do |io|
+          io.each_line do |line|
+            CFnDK.logger.info((line).color(:green))
+          end
+        end
+        raise 'post command is error. status: ' + $?.exitstatus.to_s + ' command: ' + @post_command if $?.exitstatus != 0
+      end
+    end
+
     private
 
     def create_key_file(key_pair)

data/lib/cfndk/key_pair_command.rb

@@ -2,6 +2,8 @@ module CFnDK
   class KeyPairCommand < Thor
     include SubcommandHelpReturnable
     include ConfigFileLoadable
+    include CredentialResolvable
+
     class_option :verbose, type: :boolean, aliases: 'v', desc: 'More verbose output.'
     class_option :color, type: :boolean, default: true, desc: 'Use colored output'
     class_option :config_path, type: :string, aliases: 'c', default: "#{Dir.getwd}/cfndk.yml", desc: 'The configuration file to use'
@@ -13,10 +15,15 @@ module CFnDK
     def create
       CFnDK.logger.info 'create...'.color(:green)
       data = load_config_data(options)
-
-      credentials = CFnDK::CredentialProviderChain.new.resolve
+      credentials = resolve_credential(data, options)
+      global_config = CFnDK::GlobalConfig.new(data, options)
       keypairs = CFnDK::KeyPairs.new(data, options, credentials)
+
+      global_config.pre_command_execute
+      keypairs.pre_command_execute
       keypairs.create
+      keypairs.post_command_execute
+      global_config.post_command_execute
       return 0
     rescue => e
       CFnDK.logger.error "#{e.class}: #{e.message}".color(:red)
@@ -31,8 +38,8 @@ module CFnDK
     def destroy
       CFnDK.logger.info 'destroy...'.color(:green)
       data = load_config_data(options)
+      credentials = resolve_credential(data, options)
 
-      credentials = CFnDK::CredentialProviderChain.new.resolve
       keypairs = CFnDK::KeyPairs.new(data, options, credentials)
 
       if options[:force] || yes?('Are you sure you want to destroy? (y/n)', :yellow)

data/lib/cfndk/key_pairs.rb

@@ -21,6 +21,18 @@ module CFnDK
       end
     end
 
+    def pre_command_execute
+      @keypairs.each_value do |keypair|
+        keypair.pre_command_execute
+      end
+    end
+
+    def post_command_execute
+      @keypairs.each_value do |keypair|
+        keypair.post_command_execute
+      end
+    end
+
     private
 
     def prepare_keypairs(data)

data/lib/cfndk/stack.rb

@@ -1,6 +1,6 @@
 module CFnDK
   class Stack
-    attr_reader :template_file, :parameter_input, :capabilities, :depends, :timeout_in_minutes, :region, :role_arn
+    attr_reader :template_file, :parameter_input, :capabilities, :depends, :timeout_in_minutes, :region, :role_arn, :package, :enabled, :pre_command, :post_command
     def initialize(name, data, option, global_config, credentials)
       @global_config = global_config
       @name = name
@@ -10,16 +10,23 @@ module CFnDK
       @depends = data['depends'] || []
       @region = data['region'] || @global_config.region
       @role_arn = @global_config.role_arn
+      @package = data['package'] || @global_config.package
+      @pre_command = data['pre_command'] || nil
+      @post_command = data['post_command'] || nil
+      @enabled = true
+      @enabled = false if data['enabled'] === false 
       @timeout_in_minutes = data['timeout_in_minutes'] || @global_config.timeout_in_minutes
       @override_parameters = data['parameters'] || {}
       @option = option
       @client = Aws::CloudFormation::Client.new(credentials: credentials, region: @region)
       @s3_client = Aws::S3::Client.new(credentials: credentials, region: @region)
       @sts_client = Aws::STS::Client.new(credentials: credentials, region: @region)
+      @tp = CFnDK::TemplatePackager.new(@template_file, @region, @package, @global_config, @s3_client, @sts_client)
     end
 
     def create
       return if @option[:stack_names].instance_of?(Array) && !@option[:stack_names].include?(@name)
+      return unless @enabled
       CFnDK.logger.info(('creating stack: ' + name).color(:green))
       CFnDK.logger.debug('Name        :' + name)
       CFnDK.logger.debug('Parametres  :' + parameters.inspect)
@@ -44,10 +51,11 @@ module CFnDK
         tags: tags,
       }
       hash[:role_arn] = @role_arn if @role_arn
-      if large_template?
-        hash[:template_url] = upload_template_file()
+
+      if @tp.large_template?
+        hash[:template_url] = @tp.upload_template_file()
       else
-        hash[:template_body] = template_body()
+        hash[:template_body] = @tp.template_body()
       end
       @client.create_stack(
         hash
@@ -56,6 +64,7 @@ module CFnDK
 
     def wait_until_create
       return if @option[:stack_names].instance_of?(Array) && !@option[:stack_names].include?(@name)
+      return unless @enabled
       CFnDK.logger.info(('waiting create stack: ' + name).color(:green))
       begin
         @client.wait_until(
@@ -76,6 +85,7 @@ module CFnDK
 
     def update
       return false if @option[:stack_names].instance_of?(Array) && !@option[:stack_names].include?(@name)
+      return unless @enabled
       CFnDK.logger.info(('updating stack: ' + name).color(:green))
       CFnDK.logger.debug('Name        :' + name)
       CFnDK.logger.debug('Parametres  :' + parameters.inspect)
@@ -89,10 +99,10 @@ module CFnDK
           capabilities: capabilities,
         }
         hash[:role_arn] = @role_arn if @role_arn
-        if large_template?
-          hash[:template_url] = upload_template_file()
+        if @tp.large_template?
+          hash[:template_url] = @tp.upload_template_file()
         else
-          hash[:template_body] = template_body()
+          hash[:template_body] = @tp.template_body()
         end
         @client.update_stack(
           hash
@@ -111,6 +121,7 @@ module CFnDK
 
     def wait_until_update
       return if @option[:stack_names].instance_of?(Array) && !@option[:stack_names].include?(@name)
+      return unless @enabled
       CFnDK.logger.info(('waiting update stack: ' + name).color(:green))
       @client.wait_until(
         :stack_update_complete,
@@ -124,6 +135,7 @@ module CFnDK
 
     def destroy
       return if @option[:stack_names].instance_of?(Array) && !@option[:stack_names].include?(@name)
+      return unless @enabled
       if exits?
         CFnDK.logger.info(('deleting stack: ' + name).color(:green))
         CFnDK.logger.debug('Name        :' + name)
@@ -142,6 +154,7 @@ module CFnDK
 
     def wait_until_destroy
       return if @option[:stack_names].instance_of?(Array) && !@option[:stack_names].include?(@name)
+      return unless @enabled
       return unless exits?
       CFnDK.logger.info(('waiting delete stack: ' + name).color(:green))
       @client.wait_until(
@@ -156,6 +169,7 @@ module CFnDK
 
     def create_change_set
       return nil if @option[:stack_names].instance_of?(Array) && !@option[:stack_names].include?(@name)
+      return unless @enabled
       CFnDK.logger.info(('creating change set: ' + change_set_name).color(:green))
       CFnDK.logger.debug('Parametres  :' + parameters.inspect)
       CFnDK.logger.debug('Capabilities:' + capabilities.inspect)
@@ -183,10 +197,10 @@ module CFnDK
         tags: tags,
       }
       hash[:role_arn] = @role_arn if @role_arn
-      if large_template?
-        hash[:template_url] = upload_template_file()
+      if @tp.large_template?
+        hash[:template_url] = @tp.upload_template_file()
       else
-        hash[:template_body] = template_body()
+        hash[:template_body] = @tp.template_body()
       end
       @client.create_change_set(
         hash
@@ -204,6 +218,7 @@ module CFnDK
 
     def wait_until_create_change_set
       return if @option[:stack_names].instance_of?(Array) && !@option[:stack_names].include?(@name)
+      return unless @enabled
       return unless exits?
       CFnDK.logger.info(('waiting create change set: ' + change_set_name).color(:green))
       @client.wait_until(
@@ -229,6 +244,7 @@ module CFnDK
 
     def execute_change_set
       return nil if @option[:stack_names].instance_of?(Array) && !@option[:stack_names].include?(@name)
+      return unless @enabled
       if available_change_set?
         CFnDK.logger.info(('executing change set: ' + change_set_name).color(:green))
         @client.execute_change_set(
@@ -245,6 +261,7 @@ module CFnDK
 
     def delete_change_set
       return if @option[:stack_names].instance_of?(Array) && !@option[:stack_names].include?(@name)
+      return unless @enabled
       CFnDK.logger.info(('deleting change set: ' + change_set_name).color(:green))
       @client.delete_change_set(
         stack_name: name,
@@ -255,6 +272,7 @@ module CFnDK
 
     def report_change_set
       return if @option[:stack_names].instance_of?(Array) && !@option[:stack_names].include?(@name)
+      return unless @enabled
       CFnDK.logger.info('*****************************************************'.color(:green))
       CFnDK.logger.info(('change set: ' + change_set_name).color(:green))
       CFnDK.logger.info('*****************************************************'.color(:green))
@@ -318,13 +336,14 @@ module CFnDK
 
     def validate
       return if @option[:stack_names].instance_of?(Array) && !@option[:stack_names].include?(@name)
+      return unless @enabled
       CFnDK.logger.info(('validate stack: ' + name).color(:green))
       CFnDK.logger.debug('Name        :' + @name)
       hash = {}
-      if large_template?
-        hash[:template_url] = upload_template_file()
+      if @tp.large_template?
+        hash[:template_url] = @tp.upload_template_file()
       else
-        hash[:template_body] = template_body()
+        hash[:template_body] = @tp.template_body()
       end
       @client.validate_template(
         hash
@@ -373,6 +392,7 @@ module CFnDK
 
     def report
       return if @option[:stack_names].instance_of?(Array) && !@option[:stack_names].include?(@name)
+      return unless @enabled
       CFnDK.logger.info('*****************************************************'.color(:green))
       CFnDK.logger.info(('stack: ' + name).color(:green))
       CFnDK.logger.info('*****************************************************'.color(:green))
@@ -484,14 +504,6 @@ module CFnDK
       [@name, @option[:change_set_uuid]].compact.join('-')
     end
 
-    def template_body
-      File.open(@template_file, 'r').read
-    end
-
-    def large_template?
-      File.size(@template_file) > 51200
-    end
-
     def parameters
       json = JSON.load(open(@parameter_input).read)
       json['Parameters'].map do |item|
@@ -503,49 +515,36 @@ module CFnDK
       end.compact
     end
 
-    private
-
-    def upload_template_file
-      begin
-        @s3_client.head_bucket(bucket: bucket_name)
-      rescue Aws::S3::Errors::NotFound, Aws::S3::Errors::Forbidden
-        @s3_client.create_bucket(bucket: bucket_name)
-        CFnDK.logger.info('Creatt S3 bucket: ' + bucket_name)
-        @s3_client.put_bucket_lifecycle_configuration(
-          bucket: bucket_name,
-          lifecycle_configuration: {
-            rules: [
-              {
-                expiration: {
-                  days: 1,
-                },
-                status: 'Enabled',
-                id: 'Delete Old Files',
-                prefix: '',
-                abort_incomplete_multipart_upload: {
-                  days_after_initiation: 1,
-                },
-              },
-            ],
-          }
-        )
+    def pre_command_execute
+      return if @option[:stack_names].instance_of?(Array) && !@option[:stack_names].include?(@name)
+      return unless @enabled
+      if @pre_command
+        CFnDK.logger.info(('execute pre command: ' + @pre_command).color(:green))
+        IO.popen(@pre_command, :err => [:child, :out]) do |io|
+          io.each_line do |line|
+            CFnDK.logger.info((line).color(:green))
+          end
+        end
+        raise 'pre command is error. status: ' + $?.exitstatus.to_s + ' command: ' + @pre_command if $?.exitstatus != 0
       end
-      key = [@global_config.s3_template_hash, @template_file].compact.join('/')
-      @s3_client.put_object(
-        body: template_body,
-        bucket: bucket_name,
-        key: key
-      )
-      url = "https://s3.amazonaws.com/#{bucket_name}/#{key}"
-      CFnDK.logger.info('Put S3 object: ' + url)
-      url
     end
 
-    def bucket_name
-      resp = @sts_client.get_caller_identity({})
-      resp.account + '-' + @region + '-' + @global_config.s3_template_bucket
+    def post_command_execute
+      return if @option[:stack_names].instance_of?(Array) && !@option[:stack_names].include?(@name)
+      return unless @enabled
+      if @post_command
+        CFnDK.logger.info(('execute post command: ' + @post_command).color(:green))
+        IO.popen(@post_command, :err => [:child, :out]) do |io|
+          io.each_line do |line|
+            CFnDK.logger.info((line).color(:green))
+          end
+        end
+        raise 'post command is error. status: ' + $?.exitstatus.to_s + ' command: ' + @post_command if $?.exitstatus != 0
+      end
     end
 
+    private
+
     def colored_status(str)
       case str
       when 'CREATE_FAILED' then