firespring_dev_commands 1.4.3.pre.alpha.1 → 1.5.0.pre.alpha.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/firespring_dev_commands/aws/account.rb +18 -13
- data/lib/firespring_dev_commands/aws/credentials.rb +2 -0
- data/lib/firespring_dev_commands/aws/login.rb +33 -25
- data/lib/firespring_dev_commands/aws/profile.rb +9 -0
- data/lib/firespring_dev_commands/aws.rb +4 -1
- data/lib/firespring_dev_commands/templates/aws.rb +14 -0
- data/lib/firespring_dev_commands/templates/base_interface.rb +17 -3
- data/lib/firespring_dev_commands/templates/docker/application.rb +20 -1
- data/lib/firespring_dev_commands/templates/docker/default.rb +24 -0
- data/lib/firespring_dev_commands/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ea3652c102b7a6ec3395c7b524db518655b574a6050d8f740f2c20daedf63aed
|
4
|
+
data.tar.gz: 162e4aa151f14b901b7fcfea1c2b8e3cb1b20ab3de2d9102d00a35b0754e5773
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 724282fb3154de07595863a899f29b1ffeea0e5fda1d3d2aa5fb31fd3e17f57bfbc0e9baaf534c4a0e259b8b95b051ba05b6d7072d1cdd4bc544799f665e519a
|
7
|
+
data.tar.gz: b60bf002f396a052f0814838940dcb441d95c263a4001bdbdcd18878d0d1a8ee0b7f1a8b5b4026ce43664a92666ab93b23a27e0d9d765669f827171c377d4d3d
|
data/README.md
CHANGED
@@ -11,7 +11,7 @@ gem 'firespring_dev_commands', '~> 0.0.1'
|
|
11
11
|
* This is not common
|
12
12
|
* It is mostly used for testing local changes before the gem is released
|
13
13
|
```
|
14
|
-
gem 'firespring_dev_commands', path: '/path/to/
|
14
|
+
gem 'firespring_dev_commands', path: '/path/to/dev_commands'
|
15
15
|
```
|
16
16
|
|
17
17
|
* Add the following to your Rakefile
|
@@ -3,13 +3,13 @@ module Dev
|
|
3
3
|
# Class containing useful methods for interacting with the Aws account
|
4
4
|
class Account
|
5
5
|
# Config object for setting top level Aws account config options
|
6
|
-
Config = Struct.new(:root, :children, :default, :registry, :
|
6
|
+
Config = Struct.new(:root, :children, :default, :registry, :default_login_role_name)
|
7
7
|
|
8
8
|
# Instantiates a new top level config object if one hasn't already been created
|
9
9
|
# Yields that config object to any given block
|
10
10
|
# Returns the resulting config object
|
11
11
|
def self.config
|
12
|
-
@config ||= Config.new
|
12
|
+
@config ||= Config.new(default_login_role_name: Dev::Aws::DEFAULT_LOGIN_ROLE_NAME)
|
13
13
|
yield(@config) if block_given?
|
14
14
|
@config
|
15
15
|
end
|
@@ -22,7 +22,7 @@ module Dev
|
|
22
22
|
# The name of the file containing the Aws settings
|
23
23
|
CONFIG_FILE = "#{Dev::Aws::CONFIG_DIR}/config".freeze
|
24
24
|
|
25
|
-
attr_accessor :root, :children, :default, :registry
|
25
|
+
attr_accessor :root, :children, :default, :registry
|
26
26
|
|
27
27
|
# Instantiate an account object
|
28
28
|
# Requires that root account and at least one child account have been configured
|
@@ -35,12 +35,7 @@ module Dev
|
|
35
35
|
@root = self.class.config.root
|
36
36
|
@children = self.class.config.children
|
37
37
|
@default = self.class.config.default
|
38
|
-
|
39
|
-
# Create the ecr registry list based off several possible configuration values
|
40
|
-
@ecr_registry_ids = Array(self.class.config.ecr_registry_ids)
|
41
|
-
@ecr_registry_ids << self.class.config.registry
|
42
|
-
@ecr_registry_ids << Dev::Aws::Profile.new.current if self.class.config.login_to_account_ecr_registry
|
43
|
-
@ecr_registry_ids = @ecr_registry_ids.flatten.compact.reject(&:empty?).uniq
|
38
|
+
@registry = self.class.config.registry
|
44
39
|
end
|
45
40
|
|
46
41
|
# Returns all configured account information objects
|
@@ -78,8 +73,13 @@ module Dev
|
|
78
73
|
region_default = defaultini['region'] || ENV['AWS_DEFAULT_REGION'] || Dev::Aws::DEFAULT_REGION
|
79
74
|
defaultini['region'] = Dev::Common.new.ask('Default region name', region_default)
|
80
75
|
|
81
|
-
|
82
|
-
|
76
|
+
# NOTE: We had an old config for "mfa_serial" which included the entire arn. We deprecated that config since
|
77
|
+
# it made it much more difficult to switch between different root accounts.
|
78
|
+
mfa_name_default = defaultini['mfa_serial']&.split(%r{mfa/})&.last || ENV['AWS_MFA_ARN']&.split(%r{mfa/})&.last || ENV.fetch('USERNAME', nil)
|
79
|
+
defaultini['mfa_serial_name'] = Dev::Common.new.ask('Default mfa name', mfa_name_default)
|
80
|
+
# TODO: Eventually, we should delete the mfa_serial entry from the config. Leaving it for now because some projects
|
81
|
+
# may be using older versions of the dev_commands library
|
82
|
+
# defaultini.delete('mfa_serial')
|
83
83
|
|
84
84
|
session_name_default = defaultini['role_session_name'] || "#{ENV.fetch('USERNAME', nil)}_cli"
|
85
85
|
defaultini['role_session_name'] = Dev::Common.new.ask('Default session name', session_name_default)
|
@@ -116,8 +116,13 @@ module Dev
|
|
116
116
|
region_default = profileini['region'] || defaultini['region'] || ENV['AWS_DEFAULT_REGION'] || Dev::Aws::DEFAULT_REGION
|
117
117
|
profileini['region'] = Dev::Common.new.ask('Default region name', region_default)
|
118
118
|
|
119
|
-
|
120
|
-
|
119
|
+
# NOTE: We had an old config for "role_arn" which included the entire arn. We deprecated that config since
|
120
|
+
# it made it much more difficult to switch between different accounts.
|
121
|
+
role_name_default = profileini['role_name'] || profileini['role_arn']&.split(%r{role/})&.last || self.class.config.default_login_role_name
|
122
|
+
profileini['role_name'] = Dev::Common.new.ask('Default role name', role_name_default)
|
123
|
+
# TODO: Eventually, we should delete the role_arn entry from the config. Leaving it for now because some projects
|
124
|
+
# may be using older versions of the dev_commands library
|
125
|
+
# profileini.delete('role_arn')
|
121
126
|
|
122
127
|
cfgini.write
|
123
128
|
end
|
@@ -65,6 +65,8 @@ module Dev
|
|
65
65
|
credini = IniFile.new(filename: "#{Dev::Aws::CONFIG_DIR}/credentials", default: 'default')
|
66
66
|
defaultini = credini['default']
|
67
67
|
|
68
|
+
# TODO: Should we allow for multiple sets of base credentials? How do I use this for both FDP and SBF?
|
69
|
+
|
68
70
|
access_key_default = defaultini['aws_access_key_id']
|
69
71
|
defaultini['aws_access_key_id'] = Dev::Common.new.ask('AWS Access Key ID', access_key_default)
|
70
72
|
|
@@ -8,7 +8,7 @@ module Dev
|
|
8
8
|
class Login
|
9
9
|
# Main interface for logging in to an AWS account
|
10
10
|
# If an account is not specified the user is given an account selection menu
|
11
|
-
# If account
|
11
|
+
# If an account registry has been configured, the user is also logged in to the docker registry
|
12
12
|
def login!(account = nil)
|
13
13
|
# If more than one child account has been configured, have the user select the account they want to log in to
|
14
14
|
account ||= Dev::Aws::Account.new.select
|
@@ -22,8 +22,8 @@ module Dev
|
|
22
22
|
# Load credentials into the ENV for subprocesses
|
23
23
|
Dev::Aws::Credentials.new.export!
|
24
24
|
|
25
|
-
# Login in to
|
26
|
-
|
25
|
+
# Login in to the docker registry if the user has configured one
|
26
|
+
registry_login! if Dev::Aws::Account.new.registry
|
27
27
|
end
|
28
28
|
|
29
29
|
# Authorize your local credentials
|
@@ -31,28 +31,32 @@ module Dev
|
|
31
31
|
# Temporary credentials are written back to the credentials file
|
32
32
|
def authorize!(account)
|
33
33
|
# Make sure the account has been set up
|
34
|
-
cfgini =
|
35
|
-
unless cfgini.has_section?("profile #{account}")
|
36
|
-
Dev::Aws::Account.new.write!(account)
|
37
|
-
cfgini = IniFile.new(filename: "#{Dev::Aws::CONFIG_DIR}/config", default: 'default')
|
38
|
-
end
|
34
|
+
cfgini = setup_cfgini
|
39
35
|
|
40
36
|
defaultini = cfgini['default']
|
41
37
|
profileini = cfgini["profile #{account}"]
|
42
38
|
|
43
|
-
|
44
|
-
|
39
|
+
region = profileini['region'] || defaultini['region'] || Dev::Aws::DEFAULT_REGION
|
40
|
+
|
41
|
+
serial = profileini['mfa_serial_name'] || defaultini['mfa_serial_name']
|
42
|
+
serial = "arn:aws:iam::#{Dev::Aws::Account.new.roo.id}:mfa/#{serial}" if serial
|
43
|
+
serial ||= profileini['mfa_serial'] || defaultini['mfa_serial']
|
44
|
+
|
45
|
+
role = profileini['role_name'] || defaultini['role_name']
|
46
|
+
role = "arn:aws:iam::#{account}:role/#{role}" if role
|
47
|
+
role ||= profileini['role_arn'] || defaultini['role_arn']
|
48
|
+
|
45
49
|
session_name = profileini['role_session_name'] || defaultini['role_session_name']
|
46
50
|
session_duration = profileini['session_duration'] || defaultini['session_duration']
|
47
51
|
|
48
52
|
puts
|
49
|
-
puts " Logging in to #{account} as #{role}".light_yellow
|
53
|
+
puts " Logging in to #{account} in #{region} as #{role}".light_yellow
|
50
54
|
puts
|
51
55
|
|
52
56
|
code = ENV['AWS_TOKEN_CODE'] || Dev::Common.new.ask("Enter the MFA code for the #{ENV.fetch('USERNAME', '')} user serial #{serial}")
|
53
57
|
raise 'MFA is required' unless code.to_s.strip
|
54
58
|
|
55
|
-
sts = ::Aws::STS::Client.new(profile: 'default')
|
59
|
+
sts = ::Aws::STS::Client.new(profile: 'default', region: region)
|
56
60
|
creds = sts.assume_role(
|
57
61
|
serial_number: serial,
|
58
62
|
role_arn: role,
|
@@ -65,19 +69,21 @@ module Dev
|
|
65
69
|
Dev::Aws::Credentials.new.write!(account, creds)
|
66
70
|
end
|
67
71
|
|
68
|
-
#
|
69
|
-
#
|
70
|
-
def
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
72
|
+
# Returns the config ini file
|
73
|
+
# Runs the setup for our current account if it's not already setup
|
74
|
+
def setup_cfgini
|
75
|
+
cfgini = IniFile.new(filename: "#{Dev::Aws::CONFIG_DIR}/config", default: 'default')
|
76
|
+
unless cfgini.has_section?("profile #{account}")
|
77
|
+
Dev::Aws::Account.new.write!(account)
|
78
|
+
cfgini = IniFile.new(filename: "#{Dev::Aws::CONFIG_DIR}/config", default: 'default')
|
79
|
+
end
|
80
|
+
cfgini
|
76
81
|
end
|
77
82
|
|
78
83
|
# Authroizes the docker cli to pull/push images from the Aws container registry (e.g. if docker compose needs to pull an image)
|
79
84
|
# Authroizes the docker ruby library to pull/push images from the Aws container registry
|
80
|
-
def registry_login!(registry_id: Dev::Aws::Account.new.
|
85
|
+
def registry_login!(registry_id: Dev::Aws::Account.new.registry, region: nil)
|
86
|
+
region ||= Dev::Aws::Credentials.new.logged_in_region || Dev::Aws::DEFAULT_REGION
|
81
87
|
raise 'registry_id is required' if registry_id.to_s.strip.empty?
|
82
88
|
raise 'region is required' if region.to_s.strip.empty?
|
83
89
|
|
@@ -92,25 +98,27 @@ module Dev
|
|
92
98
|
# Authroizes the docker cli to pull/push images from the Aws container registry
|
93
99
|
# (e.g. if docker compose needs to pull an image)
|
94
100
|
# @deprecated Please use {Dev::Aws::Login#registry_login!} instead
|
95
|
-
def docker_login!(registry_id: Dev::Aws::Account.new.registry, region:
|
101
|
+
def docker_login!(registry_id: Dev::Aws::Account.new.registry, region: nil)
|
102
|
+
region ||= Dev::Aws::Credentials.new.logged_in_region || Dev::Aws::DEFAULT_REGION
|
96
103
|
warn '[DEPRECATION] `Dev::Aws::Login#docker_login!` is deprecated. Please use `Dev::Aws::Login#registry_login!` instead.'
|
97
104
|
docker_cli_login!(registry: "#{registry_id}.dkr.ecr.#{region}.amazonaws.com", region: region)
|
98
|
-
puts
|
99
105
|
end
|
100
106
|
|
101
107
|
# Authroizes the docker cli to pull/push images from the Aws container registry
|
102
108
|
# (e.g. if docker compose needs to pull an image)
|
103
109
|
private def docker_cli_login!(registry:, region:)
|
104
|
-
print(
|
110
|
+
print(' Logging in to ECR in docker... ')
|
105
111
|
login_cmd = "aws --profile=#{Dev::Aws::Profile.new.current} ecr --region=#{region} get-login-password"
|
106
112
|
login_cmd << ' | '
|
107
113
|
login_cmd << "docker login --password-stdin --username AWS #{registry}"
|
108
114
|
Dev::Common.new.run_command([login_cmd])
|
115
|
+
puts
|
109
116
|
end
|
110
117
|
|
111
118
|
# Authroizes the docker ruby library to pull/push images from the Aws container registry
|
112
119
|
# @deprecated Please use {Dev::Aws::Login#registry_login!} instead
|
113
|
-
def ecr_login!(registry_id: Dev::Aws::Account.new.registry, region:
|
120
|
+
def ecr_login!(registry_id: Dev::Aws::Account.new.registry, region: nil)
|
121
|
+
region ||= Dev::Aws::Credentials.new.logged_in_region || Dev::Aws::DEFAULT_REGION
|
114
122
|
warn '[DEPRECATION] `Dev::Aws::Login#ecr_login!` is deprecated. Please use `Dev::Aws::Login#registry_login!` instead.'
|
115
123
|
docker_lib_login!(registry_id: registry_id, region: region)
|
116
124
|
end
|
@@ -50,6 +50,15 @@ module Dev
|
|
50
50
|
puts " export AWS_SESSION_TOKEN=#{ENV.fetch('AWS_SESSION_TOKEN', nil)}"
|
51
51
|
puts
|
52
52
|
end
|
53
|
+
|
54
|
+
# Print the export commands for the current credentials
|
55
|
+
def export_info
|
56
|
+
Dev::Aws::Credentials.new.export!
|
57
|
+
puts "export AWS_DEFAULT_REGION=#{ENV.fetch('AWS_DEFAULT_REGION', nil)}"
|
58
|
+
puts "export AWS_ACCESS_KEY_ID=#{ENV.fetch('AWS_ACCESS_KEY_ID', nil)}"
|
59
|
+
puts "export AWS_SECRET_ACCESS_KEY=#{ENV.fetch('AWS_SECRET_ACCESS_KEY', nil)}"
|
60
|
+
puts "export AWS_SESSION_TOKEN=#{ENV.fetch('AWS_SESSION_TOKEN', nil)}"
|
61
|
+
end
|
53
62
|
end
|
54
63
|
end
|
55
64
|
end
|
@@ -4,7 +4,10 @@ module Dev
|
|
4
4
|
# The config dir for the user's AWS settings
|
5
5
|
CONFIG_DIR = "#{Dir.home}/.aws".freeze
|
6
6
|
|
7
|
-
# The default region used if none
|
7
|
+
# The default region used if none has been configured in the AWS settings
|
8
8
|
DEFAULT_REGION = 'us-east-1'.freeze
|
9
|
+
|
10
|
+
# The default role name used if none has been configured when logging in
|
11
|
+
DEFAULT_LOGIN_ROLE_NAME = 'ReadonlyAccessRole'.freeze
|
9
12
|
end
|
10
13
|
end
|
@@ -31,6 +31,20 @@ module Dev
|
|
31
31
|
task profile: %w(init) do
|
32
32
|
Dev::Aws::Profile.new.info
|
33
33
|
end
|
34
|
+
|
35
|
+
namespace :profile do
|
36
|
+
desc 'Return the commands to export your AWS credentials into your environment'
|
37
|
+
task :export do
|
38
|
+
# Turn off all logging except for errors
|
39
|
+
LOG.level = Logger::ERROR
|
40
|
+
|
41
|
+
# Run the init
|
42
|
+
Rake::Task[:init].invoke
|
43
|
+
|
44
|
+
# Print the export info
|
45
|
+
Dev::Aws::Profile.new.export_info
|
46
|
+
end
|
47
|
+
end
|
34
48
|
end
|
35
49
|
end
|
36
50
|
end
|
@@ -118,9 +118,9 @@ DEV_COMMANDS_TOP_LEVEL.instance_eval do
|
|
118
118
|
|
119
119
|
# Define an empty _pre_down_hooks handler which can be overridden by the user
|
120
120
|
task :_pre_down_hooks do
|
121
|
-
# The user may define custom
|
122
|
-
# Define this process in the appropriate namespace to add them only to a specific
|
123
|
-
# In that case it is recommended that you call the base
|
121
|
+
# The user may define custom _pre_down_hooks tasks to add any pre-down actions the down process
|
122
|
+
# Define this process in the appropriate namespace to add them only to a specific down
|
123
|
+
# In that case it is recommended that you call the base _pre_down_hooks as a dependency of that task
|
124
124
|
end
|
125
125
|
|
126
126
|
# Define an empty _post_down_hooks handler which can be overridden by the user
|
@@ -130,6 +130,20 @@ DEV_COMMANDS_TOP_LEVEL.instance_eval do
|
|
130
130
|
# In that case it is recommended that you call the base _post_down_hooks as a dependency of that task
|
131
131
|
end
|
132
132
|
|
133
|
+
# Define an empty _pre_stop_hooks handler which can be overridden by the user
|
134
|
+
task :_pre_stop_hooks do
|
135
|
+
# The user may define custom _pre_stop_hooks tasks to add any pre-stop actions the stop process
|
136
|
+
# Define this process in the appropriate namespace to add them only to a specific stop
|
137
|
+
# In that case it is recommended that you call the base _pre_stop_hooks as a dependency of that task
|
138
|
+
end
|
139
|
+
|
140
|
+
# Define an empty _post_stop_hooks handler which can be overridden by the user
|
141
|
+
task :_post_stop_hooks do
|
142
|
+
# The user may define custom _post_stop_hooks tasks to add any post-stop actions the stop process
|
143
|
+
# Define this process in the appropriate namespace to add them only to a specific stop
|
144
|
+
# In that case it is recommended that you call the base _post_stop_hooks as a dependency of that task
|
145
|
+
end
|
146
|
+
|
133
147
|
# Define an empty _pre_reload_hooks handler which can be overridden by the user
|
134
148
|
task :_pre_reload_hooks do
|
135
149
|
# The user may define custom _pre_reload_hooks tasks to add any pre-reload actions the reload process
|
@@ -108,7 +108,7 @@ module Dev
|
|
108
108
|
namespace application do
|
109
109
|
return if exclude.include?(:down)
|
110
110
|
|
111
|
-
desc "
|
111
|
+
desc "Shut down the #{application} container and remove associated resources"
|
112
112
|
task down: %w(init_docker _pre_down_hooks) do
|
113
113
|
LOG.debug "In #{application} down"
|
114
114
|
|
@@ -125,6 +125,25 @@ module Dev
|
|
125
125
|
end
|
126
126
|
end
|
127
127
|
|
128
|
+
# Create the rake task which runs a docker compose stop for the application name
|
129
|
+
def create_stop_task!
|
130
|
+
application = @name
|
131
|
+
exclude = @exclude
|
132
|
+
|
133
|
+
DEV_COMMANDS_TOP_LEVEL.instance_eval do
|
134
|
+
namespace application do
|
135
|
+
return if exclude.include?(:stop)
|
136
|
+
|
137
|
+
desc "Stops the #{application} container"
|
138
|
+
task stop: %w(init_docker _pre_stop_hooks) do
|
139
|
+
LOG.debug "In #{application} stop"
|
140
|
+
Dev::Docker::Compose.new(services: [application]).stop
|
141
|
+
Rake::Task[:_post_stop_hooks].execute
|
142
|
+
end
|
143
|
+
end
|
144
|
+
end
|
145
|
+
end
|
146
|
+
|
128
147
|
# Create the rake task which stops, cleans, and starts the application
|
129
148
|
def create_reload_task!
|
130
149
|
application = @name
|
@@ -76,6 +76,30 @@ module Dev
|
|
76
76
|
end
|
77
77
|
end
|
78
78
|
|
79
|
+
# Create the rake task which stops all running containers
|
80
|
+
def create_stop_task!
|
81
|
+
exclude = @exclude
|
82
|
+
|
83
|
+
DEV_COMMANDS_TOP_LEVEL.instance_eval do
|
84
|
+
return if exclude.include?(:stop)
|
85
|
+
|
86
|
+
desc 'Stops all running containers'
|
87
|
+
task stop: %w(init_docker _pre_stop_hooks) do
|
88
|
+
LOG.debug('In base stop')
|
89
|
+
|
90
|
+
containers = ::Docker::Container.all(filters: {status: %w(restarting running)}.to_json)
|
91
|
+
containers.each do |container|
|
92
|
+
next if container&.info&.dig('Names')&.any? { |name| name.start_with?('/windows_tcp') }
|
93
|
+
|
94
|
+
LOG.info "Stopping container #{container.id[0, 12]}"
|
95
|
+
container.stop(timeout: 120)
|
96
|
+
end
|
97
|
+
|
98
|
+
Rake::Task[:_post_stop_hooks].execute
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
79
103
|
# Create the rake task which runs a docker compose down followed by an up
|
80
104
|
def create_reload_task!
|
81
105
|
exclude = @exclude
|