kumogata 0.2.12 → 0.2.13

checksums.yaml

@@ -1,7 +1,15 @@
 ---
-SHA1:
-  metadata.gz: 660efba91fef6116d2af9c902ba7d8ef0e11c456
-  data.tar.gz: 7d230216b8843370326fbca927dad8d095ca8ce7
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    MjUxM2NjNThmOTI1OTdlMmNlZTAyNjg5NzAwMjg4ZTViYzU5Mjk5NA==
+  data.tar.gz: !binary |-
+    ZmNlYWU3YTg2YjBkZDhkNzBkYTZmZTEyYzlhNzI2ZmJkMjU1NDQ0Zg==
 SHA512:
-  metadata.gz: 6f45ee971165149b7a4a8d0c5745af69e44ab8a35e1fe92c356023c8284da8df08d910da2c70befad9e04728b43887b200d65ebc5655a829b7ee52eed1df876a
-  data.tar.gz: 0f613dbc268a57ecf8945220c171baf8a0aa2d828d202128d43c291f60ed42a757f0c00d368ab28bb9298ae9aa9575c1e5eafea6d4e3e221ac42eb4a075fe176
+  metadata.gz: !binary |-
+    YjcxOGQxMjBmYTc2MTEwYjk0ZDMxNjgwMmNhNGNlMjJkYWI1YzE5YzRjNzlm
+    MDE1OTUwYTliZmM2NTcyNGMyYmM1MmExYjI2OTZkYzNiMThjYWRjMTMzMTNm
+    YzNmMWQ4ODRiNTliMDI5ZDI4OTQzOTk0ZjFjZmYzZWJkYWU1MTQ=
+  data.tar.gz: !binary |-
+    YmU1MzdmMGE3YTYyMzE3NzJhZjhjYjYwYzY0MGQzYjIzNjM0MzY4YTAxYzVj
+    NjAzY2MwNDFhNGVlNGFjODY1YjQ0MzM2N2ZhMjAzMmFkMjNmY2I2YmJjZmY0
+    Y2QzYjk0NzY1ZTBhYTM2ODY1ZTM3MzBiYjM2ZWZlNmYzZjQ3ZDk=

data/README.md

@@ -5,8 +5,8 @@
 
 Kumogata is a tool for [AWS CloudFormation](https://aws.amazon.com/cloudformation/).
 
-[![Gem Version](https://badge.fury.io/rb/kumogata.png?201403062244)](http://badge.fury.io/rb/kumogata)
-[![Build Status](https://drone.io/github.com/winebarrel/kumogata/status.png?201403062244)](https://drone.io/github.com/winebarrel/kumogata/latest)
+[![Gem Version](https://badge.fury.io/rb/kumogata.png?201403072000)](http://badge.fury.io/rb/kumogata)
+[![Build Status](https://drone.io/github.com/winebarrel/kumogata/status.png?201403072000)](https://drone.io/github.com/winebarrel/kumogata/latest)
 
 It can define a template in Ruby DSL, such as:
 
@@ -83,6 +83,9 @@ Options:
         --skip-replace-underscore
         --skip-delete-stack
     -p, --parameters KEY_VALUES
+    -e, --encrypt-parameters KEYS
+        --encryption-password PASS
+        --skip-send-password
         --capabilities CAPABILITIES
         --disable-rollback
         --notify SNS_TOPICS
@@ -208,6 +211,60 @@ end
 }
 ```
 
+### Encrypt parameters
+
+* Command line
+
+    $ kumogata create template.rb -e 'Password1,Password2' -p 'Param1=xxx,Param2=xxx,Password1=xxx,Password2=xxx'
+
+* Template
+
+```ruby
+Parameters do
+  Param1 { Type "String" }
+  Param2 { Type "String" }
+  Password1 { Type "String"; NoEcho true }
+  Password2 { Type "String"; NoEcho true }
+end # Parameters
+
+Resources do
+  myEC2Instance do
+    Type "AWS::EC2::Instance"
+
+    Properties do
+      ImageId "ami-XXXXXXXX"
+
+      UserData do
+        Fn__Base64 (<<-EOS).fn_join
+          #!/bin/bash
+          /opt/aws/bin/cfn-init -s <%= Ref "AWS::StackName" %> -r myEC2Instance --region <%= Ref "AWS::Region" %>
+        EOS
+      end
+    end
+
+    Metadata do
+      AWS__CloudFormation__Init do
+        config do
+          commands do
+            any_command do
+              command (<<-EOS).fn_join
+                ENCRYPTION_PASSWORD="`echo <%= Ref Kumogata::ENCRYPTION_PASSWORD %> | base64 -d`"
+
+                # Decrypt Password1
+                echo '<%= Ref "Password1" %>' | base64 -d | openssl enc -d -aes256 -pass pass:"$ENCRYPTION_PASSWORD" > password1
+
+                # Decrypt Password2
+                echo '<%= Ref "Password2" %>' | base64 -d | openssl enc -d -aes256 -pass pass:"$ENCRYPTION_PASSWORD" > password2
+              EOS
+            end
+          end
+        end
+      end
+    end
+  end # myEC2Instance
+end # Resources
+```
+
 ## Demo
 
 * Create resources

data/bin/kumogata

@@ -5,15 +5,15 @@ require 'kumogata'
 
 options = nil
 
-begin
-  parsed = Kumogata::ArgumentParser.parse! {|parser, cmd, args, opts|
-    if (opts.access_key_id? and not opts.secret_access_key?) or
-       (not opts.access_key_id? and opts.secret_access_key?)
-      puts parser.help
-      exit 1
-    end
-  }
+parsed = Kumogata::ArgumentParser.parse! {|parser, cmd, args, opts|
+  if (opts.access_key_id? and not opts.secret_access_key?) or
+     (not opts.access_key_id? and opts.secret_access_key?)
+    puts parser.help
+    exit 1
+  end
+}
 
+begin
   command, arguments, options = parsed
 
   aws_opts = {}

data/lib/kumogata/argument_parser.rb

@@ -1,6 +1,11 @@
 Version = Kumogata::VERSION
 
+module Kumogata
+  ENCRYPTION_PASSWORD = 'EncryptionPassword'
+end
+
 class Kumogata::ArgumentParser
+
   DEFAULT_OPTIONS = {
     :replace_underscore => true,
     :delete_stack => true,
@@ -71,21 +76,24 @@ class Kumogata::ArgumentParser
       update_usage(opt)
 
       begin
-        opt.on('-k', '--access-key ACCESS_KEY')            {|v| options[:access_key_id]      = v     }
-        opt.on('-s', '--secret-key SECRET_KEY')            {|v| options[:secret_access_key]  = v     }
-        opt.on('-r', '--region REGION')                    {|v| options[:region]             = v     }
-        opt.on(''  , '--skip-replace-underscore')          {    options[:replace_underscore] = false }
-        opt.on(''  , '--skip-delete-stack')                {    options[:delete_stack]       = false }
-        opt.on('-p', '--parameters KEY_VALUES', Array)     {|v| options[:parameters]         = v     }
-        opt.on(''  , '--capabilities CAPABILITIES', Array) {|v| options[:capabilities]       = v     }
-        opt.on(''  , '--disable-rollback')                 {    options[:disable_rollback]   = true  }
-        opt.on(''  , '--notify SNS_TOPICS', Array)         {|v| options[:notify]             = v     }
-        opt.on(''  , '--timeout MINUTES', Integer)         {|v| options[:timeout]            = v     }
-        opt.on(''  , '--result-log PATH')                  {|v| options[:result_log]         = v     }
-        opt.on(''  , '--force')                            {    options[:force]              = true  }
-        opt.on('-w', '--ignore-all-space')                 {    options[:ignore_all_space]   = true  }
-        opt.on(''  , '--no-color')                         {    options[:color]              = false }
-        opt.on(''  , '--debug')                            {    options[:debug]              = true  }
+        opt.on('-k', '--access-key ACCESS_KEY')            {|v| options[:access_key_id]                 = v     }
+        opt.on('-s', '--secret-key SECRET_KEY')            {|v| options[:secret_access_key]             = v     }
+        opt.on('-r', '--region REGION')                    {|v| options[:region]                        = v     }
+        opt.on(''  , '--skip-replace-underscore')          {    options[:replace_underscore]            = false }
+        opt.on(''  , '--skip-delete-stack')                {    options[:delete_stack]                  = false }
+        opt.on('-p', '--parameters KEY_VALUES', Array)     {|v| options[:parameters]                    = v     }
+        opt.on('-e', '--encrypt-parameters KEYS', Array)   {|v| options[:encrypt_parameters]            = v     }
+        opt.on('',   '--encryption-password PASS')         {|v| options[:encryption_password]           = v     }
+        opt.on('',   '--skip-send-password')               {    options[:skip_send_password] = true  }
+        opt.on(''  , '--capabilities CAPABILITIES', Array) {|v| options[:capabilities]                  = v     }
+        opt.on(''  , '--disable-rollback')                 {    options[:disable_rollback]              = true  }
+        opt.on(''  , '--notify SNS_TOPICS', Array)         {|v| options[:notify]                        = v     }
+        opt.on(''  , '--timeout MINUTES', Integer)         {|v| options[:timeout]                       = v     }
+        opt.on(''  , '--result-log PATH')                  {|v| options[:result_log]                    = v     }
+        opt.on(''  , '--force')                            {    options[:force]                         = true  }
+        opt.on('-w', '--ignore-all-space')                 {    options[:ignore_all_space]              = true  }
+        opt.on(''  , '--no-color')                         {    options[:color]                         = false }
+        opt.on(''  , '--debug')                            {    options[:debug]                         = true  }
         opt.parse!
 
         unless (command = ARGV.shift)
@@ -108,8 +116,13 @@ class Kumogata::ArgumentParser
         if block_given?
           yield(opt, command, arguments, options)
         end
+
+        if options.parameters?
+          update_parameters(options)
+        end
       rescue => e
         $stderr.puts("#{e.message}")
+        raise e if options[:debug]
         exit 1
       end
     end
@@ -128,8 +141,8 @@ class Kumogata::ArgumentParser
     cmd_max = COMMANDS.keys.map {|i| i.to_s.length }.max
 
     cmd_arg_descs = COMMANDS.map {|command, attributes|
-      arguments = attributes[:arguments]
       description = attributes[:description]
+      arguments = attributes[:arguments]
 
       [
         '%-*s %s' % [cmd_max, command, arguments_to_message(arguments)],
@@ -161,4 +174,26 @@ class Kumogata::ArgumentParser
   def arguments_to_message(arguments)
     arguments.map {|i| i.to_s.sub(/(.+)\?\Z/) { "[#{$1}]" }.upcase }.join(' ')
   end
+
+  def update_parameters(options)
+    parameters = {}
+    passwd = options.encryption_password || Kumogata::Crypt.mkpasswd(16)
+    enc_params = options.encrypt_parameters
+
+    options.parameters.each do |i|
+      key, value = i.split('=', 2)
+
+      if enc_params and (enc_params.include?('*') or enc_params.include?(key))
+        value = Kumogata::Crypt.encrypt(passwd, value)
+      end
+
+      parameters[key] = value
+    end
+
+    options.parameters = parameters
+
+    if options.encrypt_parameters? and not options.skip_send_password?
+      options.parameters[Kumogata::ENCRYPTION_PASSWORD] = passwd.encode64
+    end
+  end
 end

data/lib/kumogata/client.rb

@@ -6,15 +6,12 @@ class Kumogata::Client
   end
 
   def create(path_or_url, stack_name = nil)
+    validate_stack_name(stack_name)
+
     @options.delete_stack = false if stack_name
     template = open_template(path_or_url)
-
-    if @options.delete_stack?
-      template['Resources'].each do |k, v|
-        v['DeletionPolicy'] = 'Retain'
-      end
-    end
-
+    update_deletion_policy(template)
+    add_encryption_password(template)
     create_stack(template, stack_name)
     nil
   end
@@ -36,15 +33,20 @@ class Kumogata::Client
   end
 
   def update(path_or_url, stack_name)
+    validate_stack_name(stack_name)
+
     template = open(path_or_url) do |f|
       evaluate_template(f)
     end
 
+    add_encryption_password(template)
     update_stack(template, stack_name)
     nil
   end
 
   def delete(stack_name)
+    validate_stack_name(stack_name)
+
     if @options.force? or agree("Are you sure you want to delete `#{stack_name}`? ".yellow)
       delete_stack(stack_name)
     end
@@ -53,26 +55,36 @@ class Kumogata::Client
   end
 
   def list(stack_name = nil)
+    validate_stack_name(stack_name)
+
     stacks = describe_stacks(stack_name)
     JSON.pretty_generate(stacks).colorize_as(:json)
   end
 
   def export(stack_name)
+    validate_stack_name(stack_name)
+
     template = export_template(stack_name)
     devaluate_template(template).chomp.colorize_as(:ruby)
   end
 
   def show_events(stack_name)
+    validate_stack_name(stack_name)
+
     events = describe_events(stack_name)
     JSON.pretty_generate(events).colorize_as(:json)
   end
 
   def show_outputs(stack_name)
+    validate_stack_name(stack_name)
+
     outputs = describe_outputs(stack_name)
     JSON.pretty_generate(outputs).colorize_as(:json)
   end
 
   def show_resources(stack_name)
+    validate_stack_name(stack_name)
+
     resources = describe_resources(stack_name)
     JSON.pretty_generate(resources).colorize_as(:json)
   end
@@ -333,8 +345,7 @@ class Kumogata::Client
     if @options.parameters?
       parameters = {}
 
-      @options.parameters.each do |i|
-        key, value = i.split('=', 2)
+      @options.parameters.each do |key, value|
         parameters[key] = value
       end
 
@@ -342,6 +353,25 @@ class Kumogata::Client
     end
   end
 
+  def update_deletion_policy(template)
+    if @options.delete_stack?
+      template['Resources'].each do |k, v|
+        v['DeletionPolicy'] = 'Retain'
+      end
+    end
+  end
+
+  def add_encryption_password(template)
+    if @options.encrypt_parameters? and not @options.skip_send_password?
+      template['Parameters'] ||= {}
+
+      template['Parameters'][Kumogata::ENCRYPTION_PASSWORD] = {
+        'Type'   => 'String',
+        'NoEcho' => 'true',
+      }
+    end
+  end
+
   def validate_template(template)
     result = @cloud_formation.validate_template(template.to_json)
 
@@ -364,7 +394,6 @@ class Kumogata::Client
         :resource_status,
         :resource_status_reason,
         :resource_type,
-        :stack,
         :stack_id,
         :stack_name,
         :timestamp,
@@ -431,4 +460,12 @@ Stack Resource Summaries:
       i[0, 1].upcase + i[1..-1].downcase
     }.join
   end
+
+  def validate_stack_name(stack_name)
+    return unless stack_name
+
+    unless /\A[a-zA-Z][-a-zA-Z0-9]*\Z/i =~ stack_name
+      raise "1 validation error detected: Value '#{stack_name}' at 'stackName' failed to satisfy constraint: Member must satisfy regular expression pattern: [a-zA-Z][-a-zA-Z0-9]*"
+    end
+  end
 end

data/lib/kumogata/crypt.rb

@@ -0,0 +1,32 @@
+class Kumogata::Crypt
+  ALGORITHM = 'aes256'
+  PASSWORD_CHARS = 'abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ123456789_*;:@{}()[]#$%&=-'
+
+  class << self
+    def encrypt(pass, str)
+      IO.popen("openssl enc -e -#{ALGORITHM} -pass pass:#{enquote(pass)}", "r+") {|io|
+        io.print str
+        io.close_write
+        io.read
+      }.encode64
+    end
+
+    def decrypt(pass, str)
+      IO.popen("openssl enc -d -#{ALGORITHM} -pass pass:#{enquote(pass)}", "r+") {|io|
+        io.print Base64.decode64(str)
+        io.close_write
+        io.read
+      }
+    end
+
+    def mkpasswd(n)
+      PASSWORD_CHARS.split(//).sample(n).join
+    end
+
+    private
+
+    def enquote(str)
+      "'" + str.gsub("'", %!'"'"'!) + "'"
+    end
+  end # of class methods
+end

data/lib/kumogata/ext/coderay_ext.rb

@@ -0,0 +1,18 @@
+CodeRay::Encoders::Terminal::TOKEN_COLORS[:constant] = "\e[1;34m"
+CodeRay::Encoders::Terminal::TOKEN_COLORS[:float] = "\e[36m"
+CodeRay::Encoders::Terminal::TOKEN_COLORS[:integer] = "\e[36m"
+CodeRay::Encoders::Terminal::TOKEN_COLORS[:keyword] = "\e[1;31m"
+
+CodeRay::Encoders::Terminal::TOKEN_COLORS[:key] = {
+  :self => "\e[1;34m",
+  :char => "\e[1;34m",
+  :delimiter => "\e[1;34m",
+}
+
+CodeRay::Encoders::Terminal::TOKEN_COLORS[:string] = {
+  :self => "\e[32m",
+  :modifier => "\e[1;32m",
+  :char => "\e[1;32m",
+  :delimiter => "\e[1;32m",
+  :escape => "\e[1;32m",
+}

data/lib/kumogata/version.rb

@@ -1,3 +1,3 @@
 module Kumogata
-  VERSION = '0.2.12'
+  VERSION = '0.2.13'
 end

data/lib/kumogata.rb

@@ -18,22 +18,8 @@ require 'uuidtools'
 
 require 'kumogata/argument_parser'
 require 'kumogata/client'
+require 'kumogata/crypt'
+require 'kumogata/ext/coderay_ext'
 require 'kumogata/ext/json_ext'
 require 'kumogata/ext/string_ext'
 require 'kumogata/logger'
-
-CodeRay::Encoders::Terminal::TOKEN_COLORS[:key] = {
-  :self => "\e[1;34m",
-  :char => "\e[1;34m",
-  :delimiter => "\e[1;34m",
-}
-
-CodeRay::Encoders::Terminal::TOKEN_COLORS[:string] = {
-  :self => "\e[32m",
-  :modifier => "\e[1;32m",
-  :char => "\e[1;32m",
-  :delimiter => "\e[1;32m",
-  :escape => "\e[1;32m",
-}
-
-CodeRay::Encoders::Terminal::TOKEN_COLORS[:keyword] = "\e[31m"

data/spec/kumogata_create_spec.rb

@@ -86,7 +86,7 @@ Outputs do
 end
     EOS
 
-    run_client(:create, :template => template, :options => {:parameters => ['InstanceType=m1.large']}) do |client, cf|
+    run_client(:create, :template => template, :options => {:parameters => {'InstanceType'=>'m1.large'}}) do |client, cf|
       json = eval_template(template, :update_deletion_policy => true).to_json
 
       output = make_double('output') do |obj|
@@ -177,4 +177,96 @@ end
       cf.should_receive(:stacks) { stacks }
     end
   end
+
+  it 'create a stack from Ruby template with invalid stack name' do
+    template = <<-EOS
+Resources do
+  myEC2Instance do
+    Type "AWS::EC2::Instance"
+    Properties do
+      ImageId "ami-XXXXXXXX"
+      InstanceType "t1.micro"
+    end
+  end
+end
+
+Outputs do
+  AZ do
+    Value do
+      Fn__GetAtt "myEC2Instance", "AvailabilityZone"
+    end
+  end
+end
+    EOS
+
+    expect {
+      run_client(:create, :arguments => ['0MyStack'], :template => template)
+    }.to raise_error("1 validation error detected: Value '0MyStack' at 'stackName' failed to satisfy constraint: Member must satisfy regular expression pattern: [a-zA-Z][-a-zA-Z0-9]*")
+  end
+
+  it 'create a stack from Ruby template with encrypted parameters' do
+    template = <<-EOS
+Parameters do
+  InstanceType do
+    Default "t1.micro"
+    Description "Instance Type"
+    Type "String"
+  end
+end
+
+Resources do
+  myEC2Instance do
+    Type "AWS::EC2::Instance"
+    Properties do
+      ImageId "ami-XXXXXXXX"
+      InstanceType { Ref "InstanceType" }
+    end
+  end
+end
+
+Outputs do
+  AZ do
+    Value do
+      Fn__GetAtt "myEC2Instance", "AvailabilityZone"
+    end
+  end
+end
+    EOS
+
+    run_client(:create, :template => template, :options => {:parameters => {'InstanceType'=>'m1.large'}, :encrypt_parameters => true}) do |client, cf|
+      json = eval_template(template, :update_deletion_policy => true, :add_encryption_password => true).to_json
+
+      output = make_double('output') do |obj|
+        obj.should_receive(:key) { 'AZ' }
+        obj.should_receive(:value) { 'ap-northeast-1b' }
+      end
+
+      resource_summary = make_double('resource_summary') do |obj|
+        obj.should_receive(:[]).with(:logical_resource_id) { 'myEC2Instance' }
+        obj.should_receive(:[]).with(:physical_resource_id) { 'i-XXXXXXXX' }
+        obj.should_receive(:[]).with(:resource_type) { 'AWS::EC2::Instance' }
+        obj.should_receive(:[]).with(:resource_status) { 'CREATE_COMPLETE' }
+        obj.should_receive(:[]).with(:resource_status_reason) { nil }
+        obj.should_receive(:[]).with(:last_updated_timestamp) { '2014-03-02 04:35:12 UTC' }
+      end
+
+      stack = make_double('stack') do |obj|
+        obj.should_receive(:status).and_return(
+            'CREATE_COMPLETE', 'CREATE_COMPLETE',
+            'DELETE_COMPLETE', 'DELETE_COMPLETE', 'DELETE_COMPLETE')
+        obj.should_receive(:outputs) { [output] }
+        obj.should_receive(:resource_summaries) { [resource_summary] }
+        obj.should_receive(:delete)
+      end
+
+      stacks = make_double('stacks') do |obj|
+        obj.should_receive(:create)
+           .with('kumogata-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX', json, {:parameters=>{"InstanceType"=>"m1.large"}}) { stack }
+        obj.should_receive(:[])
+           .with('kumogata-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX') { stack }
+      end
+
+      cf.should_receive(:stacks).twice { stacks }
+    end
+  end
 end

data/spec/kumogata_crypt_spec.rb

@@ -0,0 +1,19 @@
+describe Kumogata::Crypt do
+  it 'encrypt string' do
+    encrypted =  Kumogata::Crypt.encrypt("my_password", "jugem jugem")
+    decrypted =  Kumogata::Crypt.decrypt("my_password", encrypted)
+    expect(decrypted).to eq("jugem jugem")
+  end
+
+  it 'encrypt long string' do
+    encrypted =  Kumogata::Crypt.encrypt("my_password", "jugem jugem" * 10240)
+    decrypted =  Kumogata::Crypt.decrypt("my_password", encrypted)
+    expect(decrypted).to eq("jugem jugem" * 10240)
+  end
+
+  it 'make password' do
+    passwd = Kumogata::Crypt.mkpasswd(16)
+    expect(passwd).to be_kind_of(String)
+    expect(passwd.length).to eq(16)
+  end
+end

data/spec/kumogata_show_events_spec.rb

@@ -10,7 +10,6 @@ describe 'Kumogata::Client#show_events' do
         obj.should_receive(:resource_status) { "CREATE_FAILED" }
         obj.should_receive(:resource_status_reason) { "The following resource(s) failed to create: [myEC2Instance]. " }
         obj.should_receive(:resource_type) { "AWS::CloudFormation::Stack" }
-        obj.should_receive(:stack) { "#<AWS::CloudFormation::Stack:0x007ffe4384ca80>" }
         obj.should_receive(:stack_id) { "arn:aws:cloudformation:ap-northeast-1:822997939312:stack/kumogata-f11118a4-a4f7-11e3-8183-98fe943e66ca/f1381a30-a4f7-11e3-a340-506cf9a1c096" }
         obj.should_receive(:stack_name) { "kumogata-f11118a4-a4f7-11e3-8183-98fe943e66ca" }
         obj.should_receive(:timestamp) { "2014-03-06 06:24:21 UTC" }
@@ -38,7 +37,6 @@ describe 'Kumogata::Client#show_events' do
     "ResourceStatus": "CREATE_FAILED",
     "ResourceStatusReason": "The following resource(s) failed to create: [myEC2Instance]. ",
     "ResourceType": "AWS::CloudFormation::Stack",
-    "Stack": "#<AWS::CloudFormation::Stack:0x007ffe4384ca80>",
     "StackId": "arn:aws:cloudformation:ap-northeast-1:822997939312:stack/kumogata-f11118a4-a4f7-11e3-8183-98fe943e66ca/f1381a30-a4f7-11e3-a340-506cf9a1c096",
     "StackName": "kumogata-f11118a4-a4f7-11e3-8183-98fe943e66ca",
     "Timestamp": "2014-03-06 06:24:21 UTC"

data/spec/kumogata_update_spec.rb

@@ -83,7 +83,7 @@ Outputs do
 end
     EOS
 
-    run_client(:update, :arguments => ['MyStack'], :template => template, :options => {:parameters => ['InstanceType=m1.large']}) do |client, cf|
+    run_client(:update, :arguments => ['MyStack'], :template => template, :options => {:parameters => {'InstanceType'=>'m1.large'}}) do |client, cf|
       json = eval_template(template).to_json
 
       output = make_double('output') do |obj|
@@ -116,4 +116,92 @@ end
       cf.should_receive(:stacks) { stacks }
     end
   end
+
+  it 'update a stack from Ruby template with invalid stack name' do
+    template = <<-EOS
+Resources do
+  myEC2Instance do
+    Type "AWS::EC2::Instance"
+    Properties do
+      ImageId "ami-XXXXXXXX"
+    end
+  end
+end
+
+Outputs do
+  AZ do
+    Value do
+      Fn__GetAtt "myEC2Instance", "AvailabilityZone"
+    end
+  end
+end
+    EOS
+
+    expect {
+      run_client(:update, :arguments => ['0MyStack'], :template => template)
+    }.to raise_error("1 validation error detected: Value '0MyStack' at 'stackName' failed to satisfy constraint: Member must satisfy regular expression pattern: [a-zA-Z][-a-zA-Z0-9]*")
+  end
+
+  it 'update a stack from Ruby template with encrypted parameters' do
+    template = <<-EOS
+Parameters do
+  InstanceType do
+    Default "t1.micro"
+    Description "Instance Type"
+    Type "String"
+  end
+end
+
+Resources do
+  myEC2Instance do
+    Type "AWS::EC2::Instance"
+    Properties do
+      ImageId "ami-XXXXXXXX"
+      InstanceType { Ref "InstanceType" }
+    end
+  end
+end
+
+Outputs do
+  AZ do
+    Value do
+      Fn__GetAtt "myEC2Instance", "AvailabilityZone"
+    end
+  end
+end
+    EOS
+
+    run_client(:update, :arguments => ['MyStack'], :template => template, :options => {:parameters => {'InstanceType'=>'m1.large'}, :encrypt_parameters => true}) do |client, cf|
+      json = eval_template(template, :add_encryption_password => true).to_json
+
+      output = make_double('output') do |obj|
+        obj.should_receive(:key) { 'AZ' }
+        obj.should_receive(:value) { 'ap-northeast-1b' }
+      end
+
+      resource_summary = make_double('resource_summary') do |obj|
+        obj.should_receive(:[]).with(:logical_resource_id) { 'myEC2Instance' }
+        obj.should_receive(:[]).with(:physical_resource_id) { 'i-XXXXXXXX' }
+        obj.should_receive(:[]).with(:resource_type) { 'AWS::EC2::Instance' }
+        obj.should_receive(:[]).with(:resource_status) { 'UPDATE_COMPLETE' }
+        obj.should_receive(:[]).with(:resource_status_reason) { nil }
+        obj.should_receive(:[]).with(:last_updated_timestamp) { '2014-03-02 04:35:12 UTC' }
+      end
+
+      stack = make_double('stack') do |obj|
+        obj.should_receive(:update).with(:template => json, :parameters=>{"InstanceType"=>"m1.large"})
+        obj.should_receive(:status).and_return(
+            'UPDATE_COMPLETE', 'UPDATE_COMPLETE', 'UPDATE_COMPLETE')
+        obj.should_receive(:outputs) { [output] }
+        obj.should_receive(:resource_summaries) { [resource_summary] }
+      end
+
+      stacks = make_double('stacks') do |obj|
+        obj.should_receive(:[])
+           .with('MyStack') { stack }
+      end
+
+      cf.should_receive(:stacks) { stacks }
+    end
+  end
 end

data/spec/spec_helper.rb

@@ -24,6 +24,7 @@ def run_client(command, options = {})
   kumogata_template = options[:template]
   kumogata_arguments = options[:arguments] || []
   kumogata_options = Kumogata::ArgumentParser::DEFAULT_OPTIONS.merge(options[:options] || {})
+  kumogata_options[:result_log] = '/dev/null'
   template_ext = options[:template_ext] || '.rb'
 
   client = Kumogata::Client.new(kumogata_options)
@@ -52,6 +53,10 @@ def eval_template(template, options = {})
     update_deletion_policy(template)
   end
 
+  if options[:add_encryption_password]
+    add_encryption_password(template)
+  end
+
   return template
 end
 
@@ -61,6 +66,15 @@ def update_deletion_policy(template)
   end
 end
 
+def add_encryption_password(template)
+  template['Parameters'] ||= {}
+
+  template['Parameters'][Kumogata::ENCRYPTION_PASSWORD] = {
+    'Type'   => 'String',
+    'NoEcho' => 'true',
+  }
+end
+
 def make_double(name)
   obj = double(name)
   yield(obj)

metadata

@@ -1,181 +1,181 @@
 --- !ruby/object:Gem::Specification
 name: kumogata
 version: !ruby/object:Gem::Version
-  version: 0.2.12
+  version: 0.2.13
 platform: ruby
 authors:
 - Genki Sugawara
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-03-06 00:00:00.000000000 Z
+date: 2014-03-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: coderay
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: diffy
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: dslh
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 0.2.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 0.2.4
 - !ruby/object:Gem::Dependency
   name: hashie
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: highline
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: term-ansicolor
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: uuidtools
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 2.11.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 2.11.0
 description: A tool for AWS CloudFormation. It can define a template in Ruby DSL.
@@ -197,6 +197,8 @@ files:
 - lib/kumogata.rb
 - lib/kumogata/argument_parser.rb
 - lib/kumogata/client.rb
+- lib/kumogata/crypt.rb
+- lib/kumogata/ext/coderay_ext.rb
 - lib/kumogata/ext/json_ext.rb
 - lib/kumogata/ext/string_ext.rb
 - lib/kumogata/logger.rb
@@ -207,6 +209,7 @@ files:
 - spec/Drupal_Single_Instance.template.rb
 - spec/kumogata_convert_spec.rb
 - spec/kumogata_create_spec.rb
+- spec/kumogata_crypt_spec.rb
 - spec/kumogata_delete_spec.rb
 - spec/kumogata_diff_spec.rb
 - spec/kumogata_export_spec.rb
@@ -227,17 +230,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.14
+rubygems_version: 2.1.11
 signing_key: 
 specification_version: 4
 summary: A tool for AWS CloudFormation.
@@ -246,6 +249,7 @@ test_files:
 - spec/Drupal_Single_Instance.template.rb
 - spec/kumogata_convert_spec.rb
 - spec/kumogata_create_spec.rb
+- spec/kumogata_crypt_spec.rb
 - spec/kumogata_delete_spec.rb
 - spec/kumogata_diff_spec.rb
 - spec/kumogata_export_spec.rb
@@ -256,4 +260,3 @@ test_files:
 - spec/kumogata_update_spec.rb
 - spec/kumogata_validate_spec.rb
 - spec/spec_helper.rb
-has_rdoc: