cuffsert 0.9.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 1935cccf195c341e79939f107502b5317fd17668
+  data.tar.gz: dc129419560c77c02cf3aff12f750cca442620cc
+SHA512:
+  metadata.gz: 9be2de52da5a8255994b30a13ae6dc4289f110c158c328450a7cde474c1c2ed52d1e1382f92f4d13c10565ed08a1597356546ffac7ab0c196ab2996e9b29a8d1
+  data.tar.gz: d8d354ee5e17d0419f90bb5a2c528bcd330598ccb123e438733b34cf93473ca7f4a5409bb0c22efb8689ed3ceb2f5080cd43b4755c6121091893416d3583e85e

data/.gitignore

@@ -0,0 +1,5 @@
+.bundle/
+vendor/
+coverage/
+cuffsert-*.gem
+.byebug_history

data/.ruby-version

@@ -0,0 +1 @@
+2.0.0-p647

data/.travis.yml

@@ -0,0 +1,6 @@
+language: ruby
+rvm:
+  - 2.0
+  - 2.2
+script:
+  - bundle exec rspec -c -fd

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+gemspec
+

data/Gemfile.lock

@@ -0,0 +1,62 @@
+PATH
+  remote: .
+  specs:
+    cuffsert (0.9.0)
+      aws-sdk
+      colorize
+      ruby-termios
+      rx
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    aws-sdk (2.6.42)
+      aws-sdk-resources (= 2.6.42)
+    aws-sdk-core (2.6.42)
+      aws-sigv4 (~> 1.0)
+      jmespath (~> 1.0)
+    aws-sdk-resources (2.6.42)
+      aws-sdk-core (= 2.6.42)
+    aws-sigv4 (1.0.0)
+    byebug (9.0.6)
+    colorize (0.8.1)
+    diff-lcs (1.2.5)
+    docile (1.1.5)
+    jmespath (1.3.1)
+    json (2.0.2)
+    rspec (3.5.0)
+      rspec-core (~> 3.5.0)
+      rspec-expectations (~> 3.5.0)
+      rspec-mocks (~> 3.5.0)
+    rspec-core (3.5.4)
+      rspec-support (~> 3.5.0)
+    rspec-expectations (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-mocks (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-support (3.5.0)
+    ruby-termios (1.0.2)
+    rx (0.0.3)
+    rx-rspec (0.1.3)
+      rx
+    simplecov (0.12.0)
+      docile (~> 1.1.0)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.12)
+  byebug
+  cuffsert!
+  rspec (~> 3.0)
+  rx-rspec (~> 0.1.3)
+  simplecov
+
+BUNDLED WITH
+   1.13.6

data/LICENSE

@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2016, Burt
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+* Neither the name of the copyright holder nor the names of its
+  contributors may be used to endorse or promote products derived from
+  this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -0,0 +1,86 @@
+# Cuffsert - CloudFormation CLI
+
+The primary goal of cuffsert is to provide a quick "up-arrow-enter" loading of a CloudFormation stack with good feedback, removing the need to click through three pesky screens each time. It figures out whether the stack needs to be created or rolled-back and whether it needs to be deleted first.
+
+Cuffsert allows encoding the metadata and commandline arguments needed to load a template in a versionable file which takes CloudFormation the last mile to really become an infrastructure-as-code platform.
+
+## Usage
+
+Given the file cuffsert.yml:
+```yaml
+Format: v1
+Suffix: webserver
+Tags:
+  - Name: Role
+    Value: webserver
+Variants:
+  production:
+    Tags:
+      - Name: Environment
+        Value: production
+    Variants:
+      eu1:
+        Tags:
+          - Name: DC
+          - Value: eu1
+        Parameters:
+          - Name: ElasticIP
+            Value: 1.2.3.4
+      us1:
+        Tags:
+          - Name: DC
+            Value: us1
+        Parameters:
+          - Name: ElasticIP
+            Value: 5.6.7.8
+```
+you can invoke cuffsert like so:
+```
+cuffsert --metadata=./nginx-parameters.yml \
+  --selector=production-us1 \
+  ./nginx.yml
+```
+
+This will select tags `Role=webserver, Environment=production, DC=us1` and parameter `ElasticIP=5.6.7.8` and create or update the stack `production-us1-webserver` as necessary.
+
+## Metadata file format
+
+The metadata file consists of a hierarchy of configuration sections called "variants". Cuffsert splits the selector by [/-] and starts at the top of the metadata and tries to match the path elements against each  variants sections.
+
+Each level can contain the following keys:
+
+- **StackName**: Stack name used for creating a new stack and finding existing stack to update. If no StackName parameter is found, one will be constructed by joining lowercase variants values and basename of stack file. From the example at the top, stack name will be `production-eu1-webserver`.
+- **Tags**: Tags applied at stack level.
+- **Parameters**: Provide values for parameters that the stack needs.
+- **Variations**: Each sub-key is a possible path element whose value is the hash for the next level.
+- **DefaultPath**: You can supply a default selection for a particular path element which is given if none is supplied. Please be advised that having identical names at different hierarchical levels may lead to unexpected results.
+
+Values from deeper levels merged onto values from higher levels to produce a configuration used to create/update the stack.
+
+## Commandline options
+
+    cuffsert [--stack-name=name] [--tag=k:v ...] [--parameter=k:v ...]
+      [--metadata=directory | yml-file] [--metadata-path=path/to]
+      cloudformation-file | cloudformation-directory
+
+All values set in the metadata file can be overridden on commandline.
+
+`--stack-name=name (-n)` Explicity set the name of the generated stack.
+
+`--tag=key:value (-t)` Override (or set) the value for a specific tag for the template.
+
+`--parameter=key:value (-p)` Override (or set) the value for a specific parameter that is passed on template creation.
+
+`--metadata=file (-m)` File or directory to read metadata from. Defaults to `cufsert/` or `cufsert.yml` relative to stack file.
+
+`--selector=path-through-metadata (-P)` Path through variant keys to apply metadata from.
+
+## AWS authentication
+
+cuffsert assumes that the aws client library can authenticate your access via the normal means and makes no particular effort to aid the process, nor does it select revion for you.
+
+## Future work
+
+- Stack policies and policy overrides
+- Find and delete resources that block delete or update
+- provide detailed diffs on changes

data/bin/cuffdown

@@ -0,0 +1,55 @@
+#!/usr/bin/env ruby
+
+require 'cuffsert/metadata'
+require 'cuffsert/rxcfclient'
+require 'yaml'
+
+module CuffDown
+  def self.parameters(stack)
+    (stack[:parameters] || []).map do |param|
+      {
+        'Name' => param[:parameter_key],
+        'Value' => param[:parameter_value],
+      }
+    end
+  end
+
+  def self.tags(stack)
+    (stack[:tags] || []).map do |param|
+      {
+        'Name' => param[:key],
+        'Value' => param[:value],
+      }
+    end
+  end
+
+  def self.dump(name, params, tags, output)
+    result = {
+      'Format' => 'v1',
+      'Suffix' => name,
+      'Parameters' => params,
+      'Tags' => tags,
+    }
+    YAML.dump(result, output)
+  end
+
+  def self.run(args)
+    meta = CuffSert::StackConfig.new
+    meta.stackname = args[0]
+    client = CuffSert::RxCFClient.new
+    stack = client.find_stack_blocking(meta)
+    unless stack
+      STDERR.puts "No such stack #{meta.stackname}"
+      exit(1)
+    end
+    stack = stack.to_h
+    self.dump(
+      stack[:stack_name],
+      self.parameters(stack),
+      self.tags(stack),
+      STDOUT
+    )
+  end
+end
+
+CuffDown.run(ARGV)

data/bin/cuffsert

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require 'cuffsert/main'
+
+CuffSert.run(ARGV)

data/bin/cuffup

@@ -0,0 +1,46 @@
+#!/usr/bin/env ruby
+
+require 'optparse'
+require 'yaml'
+
+module CuffUp
+  def self.parameters(io)
+    template = YAML.load(io)
+    (template['Parameters'] || [])
+      .map do |key, data|
+        {
+          'Name' => key,
+          'Value' => data['Default'],
+        }
+      end
+  end
+
+  def self.dump(args, input, output)
+    result = {
+      'Format' => 'v1',
+    }
+    result['Parameters'] = input if input.size > 0
+    result['Suffix'] = args[:selector].join('-') if args.include?(:selector)
+    YAML.dump(result, output)
+  end
+
+  def self.run(args, template)
+    self.dump(args, self.parameters(open(template)), STDOUT)
+  end
+end
+
+args = {}
+parser = OptionParser.new do |opts|
+  opts.on('--selector selector', '-s selector', 'Set as sufflx in the generated output') do |selector|
+    args[:selector] = selector.split(/[-,\/]/)
+  end
+end
+
+template = parser.parse(ARGV)
+
+unless template
+  STDERR.puts("Usage: #{__FILE__} <template>")
+  exit(1)
+end
+
+CuffUp.run(args, template[0])

data/cuffsert.gemspec

@@ -0,0 +1,24 @@
+Gem::Specification.new do |spec|
+  spec.name        = 'cuffsert'
+  spec.version     = '0.9.0'
+  spec.summary     = 'Cuffsert provides a quick up-arrow-enter loading of a CloudFormation stack with good feedback'
+  spec.description = 'Cuffsert allows encoding the metadata and commandline arguments needed to load a template in a versionable file which takes CloudFormation the last mile to really become an infrastructure-as-code platform.'
+  spec.authors     = ['Anders Qvist']
+  spec.email       = 'quest@lysator.liu.se'
+  spec.homepage    = 'http://rubygems.org/gems/cuffsert'
+  spec.license     = 'MIT'
+
+  spec.executables = ['cuffsert']
+  spec.files       = `git ls-files -z`.split("\x0").reject { |f| f.match(/^spec/) }
+
+  spec.add_runtime_dependency 'aws-sdk'
+  spec.add_runtime_dependency 'colorize'
+  spec.add_runtime_dependency 'ruby-termios'
+  spec.add_runtime_dependency 'rx'
+
+  spec.add_development_dependency 'bundler', '~> 1.12'
+  spec.add_development_dependency 'byebug'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'rx-rspec', '~> 0.1.3'
+  spec.add_development_dependency 'simplecov'
+end

data/lib/cuffsert/cfarguments.rb

@@ -0,0 +1,61 @@
+require 'open-uri'
+
+# TODO:
+# - propagate timeout here (from config?)
+# - fail on template body > 51200 bytes
+# - creation change-set: cfargs[:change_set_type] = 'CREATE'
+
+module CuffSert
+  TIMEOUT = 10
+
+  def self.as_cloudformation_args(meta)
+    cfargs = {
+      :stack_name => meta.stackname,
+      :capabilities => %w[
+        CAPABILITY_IAM
+        CAPABILITY_NAMED_IAM
+      ],
+    }
+
+    unless meta.parameters.empty?
+      cfargs[:parameters] = meta.parameters.map do |k, v|
+        {:parameter_key => k, :parameter_value => v.to_s}
+      end
+    end
+
+    unless meta.tags.empty?
+      cfargs[:tags] = meta.tags.map do |k, v|
+        {:key => k, :value => v.to_s}
+      end
+    end
+
+    if meta.stack_uri.scheme == 's3'
+      cfargs[:template_url] = meta.stack_uri.to_s
+    elsif meta.stack_uri.scheme == 'file'
+      file = meta.stack_uri.to_s.sub(/^file:\/+/, '/')
+      cfargs[:template_body] = open(file).read
+    else
+      raise "Unsupported scheme #{meta.stack_uri.scheme}"
+    end
+    cfargs
+  end
+
+  def self.as_create_stack_args(meta)
+    cfargs = self.as_cloudformation_args(meta)
+    cfargs[:timeout_in_minutes] = TIMEOUT
+    cfargs[:on_failure] = 'DELETE'
+    cfargs
+  end
+
+  def self.as_update_change_set(meta)
+    cfargs = self.as_cloudformation_args(meta)
+    cfargs[:use_previous_template] = false
+    cfargs[:change_set_name] = meta.stackname
+    cfargs[:change_set_type] = 'UPDATE'
+    cfargs
+  end
+
+  def self.as_delete_stack_args(stack)
+    { :stack_name => stack[:stack_id] }
+  end
+end

data/lib/cuffsert/cfstates.rb

@@ -0,0 +1,41 @@
+module CuffSert
+  INPROGRESS_STATES = %w[
+    CREATE_IN_PROGRESS
+    UPDATE_IN_PROGRESS
+    UPDATE_COMPLETE_CLEANUP_IN_PROGRESS
+    UPDATE_ROLLBACK_IN_PROGRESS
+    UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS
+    DELETE_IN_PROGRESS
+  ]
+
+  GOOD_STATES = %w[
+    CREATE_COMPLETE
+    ROLLBACK_COMPLETE
+    UPDATE_COMPLETE
+    UPDATE_ROLLBACK_COMPLETE
+    DELETE_COMPLETE
+    DELETE_SKIPPED
+  ]
+
+  BAD_STATES = %w[
+    CREATE_FAILED
+    UPDATE_ROLLBACK_FAILED
+    UPDATE_FAILED
+    DELETE_FAILED
+    FAILED
+  ]
+
+  FINAL_STATES = GOOD_STATES + BAD_STATES
+
+  def self.state_category(state)
+    if BAD_STATES.include?(state)
+      :bad
+    elsif GOOD_STATES.include?(state)
+      :good
+    elsif INPROGRESS_STATES.include?(state)
+      :progress
+    else
+      raise "Cannot categorize state #{state}"
+    end
+  end
+end

data/lib/cuffsert/cli_args.rb

@@ -0,0 +1,96 @@
+require 'optparse'
+
+module CuffSert
+  STACKNAME_RE = /^[A-Za-z0-9_-]+$/
+
+  def self.parse_cli_args(argv)
+    args = {
+      :output => :progressbar,
+      :verbosity => 1,
+      :force_replace => false,
+      :op_mode => nil,
+      :overrides => {
+        :parameters => {},
+        :tags => {},
+      }
+    }
+    parser = OptionParser.new do |opts|
+      opts.banner = 'Upsert a CloudFormation template, reading creation options and metadata from a yaml file. Currently, parameter values, stack name and stack tags are read from metadata file.'
+      opts.separator('')
+      opts.separator('Usage: cuffsert --selector production/us stack.json')
+      opts.on('--metadata path', '-m path', 'Yaml file to read stack metadata from') do |path|
+        path = '/dev/stdin' if path == '-'
+        unless File.exist?(path)
+          raise "--metadata #{path} does not exist"
+        end
+        args[:metadata] = path
+      end
+
+      opts.on('--selector selector', '-s selector', 'Dash or slash-separated variant names used to navigate the metadata') do |selector|
+        args[:selector] = selector.split(/[-,\/]/)
+      end
+
+      opts.on('--name stackname', '-n name', 'Alternative stackname (default is to construct the name from the selector') do |stackname|
+        unless stackname =~ STACKNAME_RE
+          raise "--name #{stackname} is expected to be #{STACKNAME_RE.inspect}"
+        end
+        args[:overrides][:stackname] = stackname
+      end
+
+      opts.on('--parameter kv', '-p kv', 'Set the value of a particular parameter, overriding any file metadata') do |kv|
+        key, val = kv.split(/=/, 2)
+        if val.nil?
+          raise "--parameter #{kv} should be key=value"
+        end
+        if args[:overrides][:parameters].include?(key)
+          raise "cli args include duplicate parameter #{key}"
+        end
+        args[:overrides][:parameters][key] = val
+      end
+
+      opts.on('--tag kv', '-t kv', 'Set a stack tag, overriding any file metadata') do |kv|
+        key, val = kv.split(/=/, 2)
+        if val.nil?
+          raise "--tag #{kv} should be key=value"
+        end
+        if args[:overrides][:tags].include?(key)
+          raise "cli args include duplicate tag #{key}"
+        end
+        args[:overrides][:tags][key] = val
+      end
+
+      opts.on('--json', 'Output events in JSON, no progressbar, colors') do
+        args[:output] = :json
+      end
+
+      opts.on('--verbose', '-v', 'More detailed output. Once will print all stack evwnts, twice will print debug info') do
+        args[:verbosity] += 1
+      end
+
+      opts.on('--quiet', '-q', 'Output only fatal errors') do
+        args[:verbosity] = 0
+      end
+
+      opts.on('--replace', 'Re-create the stack if it already exist') do
+        args[:force_replace] = true
+      end
+
+      opts.on('--yes', '-y', 'Don\'t ask to replace and delete stack resources') do
+        raise 'You cannot do --yes and --dry-run at the same time' if args[:op_mode]
+        args[:op_mode] = :dangerous_ok
+      end
+      
+      opts.on('--dry-run', 'Describe what would be done') do
+        raise 'You cannot do --yes and --dry-run at the same time' if args[:op_mode]
+        args[:op_mode] = :dry_run
+      end
+
+      opts.on('--help', '-h', 'Produce this message') do
+        abort(opts.to_s)
+      end
+    end
+    
+    args[:stack_path] = parser.parse(argv)
+    args
+  end
+end

data/lib/cuffsert/confirmation.rb

@@ -0,0 +1,50 @@
+require 'termios'
+
+module CuffSert
+  def self.need_confirmation(meta, action, desc)
+    return false if meta.op_mode == :dangerous_ok
+    case action
+    when :create
+      false
+    when :update
+      change_set = desc
+      change_set[:changes].any? do |change|
+        rc = change[:resource_change]
+        rc[:action] == 'Remove' || (
+          rc[:action] == 'Modify' &&
+          ['Always', 'True', 'Conditional'].include?(rc[:replacement])
+        )
+      end
+    when :recreate
+      true
+    else
+      true # safety first
+    end
+  end
+
+  def self.ask_confirmation(input = STDIN, output = STDOUT)
+    return false unless input.isatty
+    state = Termios.tcgetattr(input)
+    mystate = state.dup
+    mystate.c_lflag |= Termios::ISIG
+    mystate.c_lflag &= ~Termios::ECHO
+    mystate.c_lflag &= ~Termios::ICANON
+    output.write 'Continue? [yN] '
+    begin
+      Termios.tcsetattr(input, Termios::TCSANOW, mystate)
+      answer = input.getc.chr.downcase
+      output.write("\n")
+      answer == 'y'
+    rescue Interrupt
+      false
+    ensure
+      Termios.tcsetattr(input, Termios::TCSANOW, state)
+    end
+  end
+  
+  def self.confirmation(meta, action, change_set)
+    return false if meta.op_mode == :dry_run
+    return true unless CuffSert.need_confirmation(meta, action, change_set)
+    return CuffSert.ask_confirmation(STDIN, STDOUT)
+  end
+end