cloud-mu 3.3.0 → 3.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/cloud-mu.gemspec +2 -2
- data/modules/mu/deploy.rb +3 -3
- data/modules/mu/providers/aws/function.rb +1 -1
- data/modules/mu/providers/aws/role.rb +19 -5
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9ccd46dd31e8b95994aa2f8c2ac1ac486549e542ea5f782149f5fac61a3db3f3
|
|
4
|
+
data.tar.gz: '0020871875d52fb5c2988a2f7793d37bfc53681d97820d6e12d0488ce48bb857'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7ac6aca25c92e455f3d3c3dc5d1a55306f4a0071669b8d4ebb2d7c2cef78ec56aba234a4f12db86e556b1aa1f001f4832fbdb2b55c31263da72c236f8ba1bae3
|
|
7
|
+
data.tar.gz: 60fe5e02d425d2379eb88db7454d53729ef1e25f57ea636f4464d032e721eee9e5a0e3d1855e03f24f07d71e266f68cfc3fbf227714ca98ae59a1ec53be72dbb
|
data/cloud-mu.gemspec
CHANGED
|
@@ -17,8 +17,8 @@ end
|
|
|
17
17
|
|
|
18
18
|
Gem::Specification.new do |s|
|
|
19
19
|
s.name = 'cloud-mu'
|
|
20
|
-
s.version = '3.3.
|
|
21
|
-
s.date = '2020-09-
|
|
20
|
+
s.version = '3.3.1'
|
|
21
|
+
s.date = '2020-09-29'
|
|
22
22
|
s.require_paths = ['modules']
|
|
23
23
|
s.required_ruby_version = '>= 2.4'
|
|
24
24
|
s.summary = "The eGTLabs Mu toolkit for unified cloud deployments"
|
data/modules/mu/deploy.rb
CHANGED
|
@@ -437,10 +437,10 @@ module MU
|
|
|
437
437
|
MU.log "Failed to generate AWS cost-calculation URL. Skipping.", MU::WARN, details: "Deployment uses a feature not available in CloudFormation layer.", verbosity: MU::Logger::NORMAL
|
|
438
438
|
ensure
|
|
439
439
|
MU.setLogging(@verbosity)
|
|
440
|
-
MU.log "Deployment #{MU.deploy_id} \"#{MU.handle}\" complete", details: deployment, verbosity: @verbosity
|
|
440
|
+
MU.log "Deployment #{MU.deploy_id} \"#{MU.handle}\" #{@updating ? "updated" : "complete"}", details: deployment, verbosity: @verbosity
|
|
441
441
|
end
|
|
442
442
|
else
|
|
443
|
-
MU.log "Deployment #{MU.deploy_id} \"#{MU.handle}\" complete", details: deployment, verbosity: @verbosity
|
|
443
|
+
MU.log "Deployment #{MU.deploy_id} \"#{MU.handle}\" #{@updating ? "updated" : "complete"}", details: deployment, verbosity: @verbosity
|
|
444
444
|
end
|
|
445
445
|
|
|
446
446
|
|
|
@@ -450,7 +450,7 @@ module MU
|
|
|
450
450
|
}
|
|
451
451
|
end
|
|
452
452
|
|
|
453
|
-
@mommacat.sendAdminSlack("Deploy
|
|
453
|
+
@mommacat.sendAdminSlack("Deploy #{MU.deploy_id} \"#{MU.handle}\" #{@updating ? "updated" : "complete"}", msg: MU.summary.join("\n"))
|
|
454
454
|
end
|
|
455
455
|
|
|
456
456
|
private
|
|
@@ -705,7 +705,7 @@ MU.log @cloud_id, MU::WARN, details: JSON.parse(pol) if @cloud_id == "ESPIER-DEV
|
|
|
705
705
|
}
|
|
706
706
|
if @config['tags']
|
|
707
707
|
@config['tags'].each { |tag|
|
|
708
|
-
lambda_properties[:tags][tag
|
|
708
|
+
lambda_properties[:tags][tag['key']] = tag['value']
|
|
709
709
|
}
|
|
710
710
|
end
|
|
711
711
|
|
|
@@ -92,13 +92,14 @@ module MU
|
|
|
92
92
|
configured_policies = []
|
|
93
93
|
|
|
94
94
|
if @config['raw_policies']
|
|
95
|
+
MU.log "Attaching #{@config['raw_policies'].size.to_s} raw #{@config['raw_policies'].size > 1 ? "policies" : "policy"} to role #{@mu_name}", MU::NOTICE
|
|
95
96
|
configured_policies = @config['raw_policies'].map { |p|
|
|
96
97
|
@mu_name+"-"+p.keys.first.upcase
|
|
97
98
|
}
|
|
98
99
|
end
|
|
99
100
|
|
|
100
101
|
if @config['attachable_policies']
|
|
101
|
-
MU.log "Attaching #{@config['attachable_policies'].size.to_s} #{@config['attachable_policies'].size > 1 ? "policies" : "policy"} to role #{@mu_name}", MU::NOTICE
|
|
102
|
+
MU.log "Attaching #{@config['attachable_policies'].size.to_s} external #{@config['attachable_policies'].size > 1 ? "policies" : "policy"} to role #{@mu_name}", MU::NOTICE
|
|
102
103
|
configured_policies.concat(@config['attachable_policies'].map { |p|
|
|
103
104
|
id = if p.is_a?(MU::Config::Ref)
|
|
104
105
|
p.cloud_id
|
|
@@ -109,17 +110,16 @@ module MU
|
|
|
109
110
|
end
|
|
110
111
|
id.gsub(/.*?\/([^:\/]+)$/, '\1')
|
|
111
112
|
})
|
|
112
|
-
configured_policies.each { |pol|
|
|
113
|
-
}
|
|
114
113
|
end
|
|
115
114
|
|
|
115
|
+
# Purge anything that doesn't belong
|
|
116
116
|
if !@config['bare_policies']
|
|
117
117
|
attached_policies = MU::Cloud::AWS.iam(credentials: @config['credentials']).list_attached_role_policies(
|
|
118
118
|
role_name: @mu_name
|
|
119
119
|
).attached_policies
|
|
120
120
|
attached_policies.each { |a|
|
|
121
121
|
if !configured_policies.include?(a.policy_name)
|
|
122
|
-
MU.log "Removing IAM policy #{a.policy_name} from role #{@mu_name}", MU::NOTICE
|
|
122
|
+
MU.log "Removing IAM policy #{a.policy_name} from role #{@mu_name}", MU::NOTICE, details: configured_policies
|
|
123
123
|
MU::Cloud::AWS::Role.purgePolicy(a.policy_arn, @config['credentials'])
|
|
124
124
|
end
|
|
125
125
|
}
|
|
@@ -137,7 +137,7 @@ module MU
|
|
|
137
137
|
|
|
138
138
|
if !@config['bare_policies'] and
|
|
139
139
|
(@config['raw_policies'] or @config['attachable_policies'])
|
|
140
|
-
bindTo("role", @mu_name)
|
|
140
|
+
# bindTo("role", @mu_name)
|
|
141
141
|
end
|
|
142
142
|
end
|
|
143
143
|
|
|
@@ -153,6 +153,7 @@ module MU
|
|
|
153
153
|
policy.values.each { |p|
|
|
154
154
|
p["Version"] ||= "2012-10-17"
|
|
155
155
|
}
|
|
156
|
+
|
|
156
157
|
policy_name = basename+"-"+policy.keys.first.upcase
|
|
157
158
|
|
|
158
159
|
arn = "arn:"+(MU::Cloud::AWS.isGovCloud? ? "aws-us-gov" : "aws")+":iam::"+MU::Cloud::AWS.credToAcct(credentials)+":policy#{path}/#{policy_name}"
|
|
@@ -814,6 +815,19 @@ end
|
|
|
814
815
|
}
|
|
815
816
|
end
|
|
816
817
|
|
|
818
|
+
if @config['raw_policies']
|
|
819
|
+
raw_arns = MU::Cloud::AWS::Role.manageRawPolicies(
|
|
820
|
+
@config['raw_policies'],
|
|
821
|
+
basename: @deploy.getResourceName(@config['name']),
|
|
822
|
+
credentials: @credentials
|
|
823
|
+
)
|
|
824
|
+
raw_arns.each { |p_arn|
|
|
825
|
+
mypolicies << MU::Cloud::AWS.iam(credentials: @config['credentials']).get_policy(
|
|
826
|
+
policy_arn: p_arn
|
|
827
|
+
).policy
|
|
828
|
+
}
|
|
829
|
+
end
|
|
830
|
+
|
|
817
831
|
mypolicies.each { |p|
|
|
818
832
|
if entitytype == "user"
|
|
819
833
|
resp = MU::Cloud::AWS.iam(credentials: @config['credentials']).list_attached_user_policies(
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cloud-mu
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.3.
|
|
4
|
+
version: 3.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- John Stange
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2020-09-
|
|
14
|
+
date: 2020-09-29 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: addressable
|