openstax_aws 1.0.0

data/lib/openstax/aws/stack_event.rb

@@ -0,0 +1,28 @@
+
+require_relative 'stack_status'
+
+module OpenStax::Aws
+  class Stack
+    class Event
+      def initialize(aws_stack_event)
+        @aws_stack_event = aws_stack_event
+      end
+    
+      def status_text
+        @aws_stack_event.data.resource_status
+      end
+    
+      def status_reason
+        @aws_stack_event.data.resource_status_reason
+      end
+    
+      def failed?
+        Status.failure_status_texts.include?(status_text)
+      end
+    
+      def user_initiated?
+        status_reason == "User Initiated"
+      end
+    end
+  end
+end

data/lib/openstax/aws/stack_factory.rb

@@ -0,0 +1,153 @@
+module OpenStax::Aws
+  class StackFactory
+    attr_reader :attributes, :id
+
+    def initialize(id:, deployment:)
+      raise "`deployment` cannot be nil" if deployment.nil?
+
+      @id = id
+      @deployment = deployment
+      @attributes = {
+        parameter_defaults: {},
+        tags: {}
+      }
+    end
+
+    def self.build(id:, deployment:, &block)
+      factory = new(id: id, deployment: deployment)
+      factory.instance_eval(&block) if block_given?
+      factory.build
+    end
+
+    def method_missing(name, *args, &block)
+      if args.empty? && !block_given?
+        attributes[name.to_sym]
+      else
+        attributes[name.to_sym] = args.empty? ?
+                                    @deployment.instance_eval(&block) :
+                                    args[0]
+      end
+    end
+
+    def template_directory(*directory_parts)
+      if directory_parts.empty? && !block_given?
+        attributes[:template_directory]
+      else
+        directory_parts = yield if directory_parts.empty?
+        attributes[:template_directory] = File.join(*directory_parts)
+      end
+    end
+
+    def autoset_absolute_template_path(fallback_base_directory)
+      base_directory = template_directory || fallback_base_directory
+
+      if base_directory.blank?
+        raise "Tried to autoset the absolute_template_path but didn't have " \
+              "access to a base directory (e.g. set with template_directory)"
+      end
+
+      if relative_template_path
+        path = File.join(base_directory, relative_template_path)
+      else
+        path = File.join(base_directory, "#{@id}.yml")
+
+        if !File.file?(path)
+          path = File.join(base_directory, "#{@id}.json")
+          if !File.file?(path)
+            raise "Couldn't infer an existing template file for stack #{@id}"
+          end
+        end
+      end
+
+      self.absolute_template_path(path)
+    end
+
+    def parameter_defaults(&block)
+      factory = ParameterDefaultsFactory.new(@deployment)
+      factory.instance_eval(&block) if block_given?
+      attributes[:parameter_defaults].merge!(factory.attributes)
+    end
+
+    def volatile_parameters(&block)
+      attributes[:volatile_parameters_block] = block
+    end
+
+    def secrets(&block)
+      attributes[:secrets_blocks] ||= []
+      attributes[:secrets_blocks].push(block)
+    end
+
+    def cycle_if_different_parameter(name=nil, &block)
+      attributes[:cycle_if_different_parameter] = block.present? ? block.call : name
+    end
+
+    def tag(key, value)
+      raise 'The first argument to `tag` must not be blank' if key.blank?
+      (attributes[:tags] ||= {})[key] = value
+    end
+
+    def build
+      autoset_absolute_template_path(nil) if absolute_template_path.blank?
+
+      initializer_args = {
+        id: id,
+        name: attributes[:name],
+        tags: @deployment.tags.merge(attributes[:tags]),
+        region: attributes[:region],
+        enable_termination_protection: attributes[:enable_termination_protection],
+        absolute_template_path: attributes[:absolute_template_path],
+        capabilities: attributes[:capabilities],
+        parameter_defaults: attributes[:parameter_defaults],
+        volatile_parameters_block: attributes[:volatile_parameters_block],
+        secrets_blocks: attributes[:secrets_blocks],
+        secrets_context: @deployment,
+        secrets_namespace: [@deployment.env_name, @deployment.name],
+        shared_secrets_substitutions_block: @deployment.shared_secrets_substitutions_block,
+        cycle_if_different_parameter: attributes[:cycle_if_different_parameter],
+        dry_run: attributes[:dry_run]
+      }
+
+      template = Template.from_absolute_file_path(absolute_template_path)
+      if template.is_sam?
+        if !@deployment.respond_to?(:sam_build_directory)
+          raise "You must set the SAM build directory with a call to `sam_build_directory`"
+        end
+
+        initializer_args[:build_directory] = @deployment.sam_build_directory
+        SamStack.new(**initializer_args)
+      else
+        Stack.new(**initializer_args)
+      end
+    end
+
+    class ParameterDefaultsFactory
+      attr_reader :attributes
+
+      def initialize(context)
+        @context = context
+        @attributes = {}
+      end
+
+      def method_missing(name, *args, &block)
+        attributes[name.to_sym] = args[0] || @context.instance_eval(&block)
+      end
+    end
+
+    class VolatileParametersFactory
+      attr_reader :attributes
+
+      def initialize(context)
+        raise "context cannot be nil" if context.nil?
+        @context = context
+        @attributes = {}
+      end
+
+      def method_missing(name, *args, &block)
+        raise "Volatile parameter `#{name}` cannot be called with arguments, only a block" if !args.empty?
+        raise "Volatile parameter `#{name}` must be called with a block to set the parameter value" if !block_given?
+        attributes[name.to_sym] = @context.instance_eval(&block)
+      end
+    end
+
+  end
+end

data/lib/openstax/aws/stack_parameters.rb

@@ -0,0 +1,19 @@
+module OpenStax::Aws
+  class StackParameters
+
+    def initialize(stack:, params:, recover_previous_values: true)
+      @stack = stack
+      @raw_params = params
+      @recover_previous_values = recover_previous_values
+    end
+
+    def [](key)
+      if @recover_previous_values && @raw_params[key] == :use_previous_value
+        @stack.deployed_parameters[key]
+      else
+        @raw_params[key]
+      end
+    end
+
+  end
+end

data/lib/openstax/aws/stack_status.rb

@@ -0,0 +1,125 @@
+module OpenStax::Aws
+  class Stack
+    class Status
+      def initialize(stack)
+        @stack = stack
+      end
+
+      def status_text
+        begin
+          @stack.aws_stack.stack_status
+        rescue Aws::CloudFormation::Errors::ValidationError => ee
+          case ee.message
+          when /Stack.*does not exist/
+            self.class.does_not_exist_status_text
+          else
+            raise
+          end
+        end
+      end
+
+      def failed?
+        self.class.failure_status_texts.include?(status_text)
+      end
+
+      def succeeded?
+        self.class.success_status_texts.include?(status_text)
+      end
+
+      def updating?
+        %w(
+          UPDATE_COMPLETE_CLEANUP_IN_PROGRESS
+          UPDATE_IN_PROGRESS
+          UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS
+          UPDATE_ROLLBACK_IN_PROGRESS
+        ).include?(status_text)
+      end
+
+      def creating?
+        "CREATE_IN_PROGRESS" == status_text
+      end
+
+      def deleting?
+        "DELETE_IN_PROGRESS" == status_text
+      end
+
+      def exists?
+        self.class.does_not_exist_status_text != status_text
+      end
+
+      def self.does_not_exist_status_text
+        "DOES_NOT_EXIST"
+      end
+
+      def self.all_status_texts
+        %w(
+          CREATE_IN_PROGRESS
+          CREATE_FAILED
+          CREATE_COMPLETE
+          ROLLBACK_IN_PROGRESS
+          ROLLBACK_FAILED
+          ROLLBACK_COMPLETE
+          DELETE_IN_PROGRESS
+          DELETE_FAILED
+          DELETE_COMPLETE
+          UPDATE_IN_PROGRESS
+          UPDATE_COMPLETE_CLEANUP_IN_PROGRESS
+          UPDATE_COMPLETE
+          UPDATE_ROLLBACK_IN_PROGRESS
+          UPDATE_ROLLBACK_FAILED
+          UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS
+          UPDATE_ROLLBACK_COMPLETE
+          REVIEW_IN_PROGRESS
+          IMPORT_IN_PROGRESS
+          IMPORT_COMPLETE
+          IMPORT_ROLLBACK_IN_PROGRESS
+          IMPORT_ROLLBACK_FAILED
+          IMPORT_ROLLBACK_COMPLETE
+        )
+      end
+
+      def self.active_status_texts
+        all_status_texts - %w(CREATE_FAILED DELETE_COMPLETE)
+      end
+
+      def self.failure_status_texts
+        %w(
+          UPDATE_ROLLBACK_COMPLETE
+          ROLLBACK_COMPLETE
+          ROLLBACK_IN_PROGRESS
+          CREATE_FAILED
+          ROLLBACK_FAILED
+          DELETE_FAILED
+          UPDATE_ROLLBACK_FAILED
+          IMPORT_ROLLBACK_FAILED
+        )
+      end
+
+      def self.success_status_texts
+        %w(
+          UPDATE_COMPLETE
+          DELETE_COMPLETE
+          CREATE_COMPLETE
+        )
+      end
+
+      def failed_events_since_last_user_event
+        @stack.events.each_with_object([]) do |event, array|
+          array.push(event) if event.failed? && event.status_reason  #if nil, don't push
+          return array if event.user_initiated?
+        end
+      end
+
+      def to_h
+        {
+          status: status_text,
+          failed_events_since_last_user_event: failed? ? failed_events_since_last_user_event : []
+        }
+      end
+
+      def to_json
+        to_h.to_json
+      end
+    end
+  end
+end

data/lib/openstax/aws/system.rb

@@ -0,0 +1,21 @@
+module OpenStax::Aws
+  module System
+
+    def self.call(command, logger: nil, dry_run:)
+      logger&.info("**** DRY RUN ****") if dry_run
+      logger&.info("Running: #{command}")
+
+      if !dry_run
+        Open3.popen2e(command) do |stdin, stdout_err, wait_thr|
+          while line=stdout_err.gets do
+            STDERR.puts(line)
+          end
+
+          exit_status = wait_thr.value.exitstatus
+          exit(exit_status) if exit_status != 0
+        end
+      end
+    end
+
+  end
+end

data/lib/openstax/aws/tag.rb

@@ -0,0 +1,31 @@
+module OpenStax::Aws
+  class Tag
+
+    attr_reader :key, :value
+
+    AWS_TAG_KEY_REGEX =   /\A[\w\-\/.+=:@]{1,128}\z/
+    AWS_TAG_VALUE_REGEX = /\A[\w\-\/.+=:@ ]{0,256}\z/
+
+    def initialize(key, value)
+      if key.nil? || !key.match(AWS_TAG_KEY_REGEX)
+        raise "The tag key '#{key}' is invalid: must be a non-blank ID matching #{AWS_TAG_KEY_REGEX}"
+      end
+
+      @key = key.to_s
+
+      if @key.starts_with?("aws:")
+        raise "The tag key '#{@key}' is invalid: it cannot start with 'aws:'"
+      end
+
+      if value.nil?
+        raise "The tag value for key '#{key}' cannot be nil"
+      end
+
+      if !value.match(AWS_TAG_VALUE_REGEX)
+        raise "The tag value '#{value}' must be a tag value matching #{AWS_TAG_VALUE_REGEX}"
+      end
+
+      @value = value.to_s
+    end
+  end
+end

data/lib/openstax/aws/template.rb

@@ -0,0 +1,129 @@
+module OpenStax::Aws
+  class Template
+
+    class TemplateInvalid < StandardError
+      attr_reader :template_path, :template_body
+
+      def initialize(msg, template_path, template_body)
+        @template_path = template_path
+        @template_body = template_body
+
+        super(msg)
+      end
+    end
+
+    attr_reader :absolute_file_path
+
+    def self.from_absolute_file_path(absolute_file_path)
+      new(absolute_file_path: absolute_file_path)
+    end
+
+    def self.from_body(body)
+      new(body: body)
+    end
+
+    def basename
+      File.basename(absolute_file_path)
+    end
+
+    def body
+      @body ||= File.read(absolute_file_path)
+    end
+
+    def hash
+      json_hash || yml_hash || raise("Cannot read template #{absolute_file_path}")
+    end
+
+    def valid?
+      begin
+        validate
+      rescue TemplateInvalid
+        return false
+      end
+
+      true
+    end
+
+    def parameter_names
+      hash["Parameters"].try(:keys) || []
+    end
+
+    def required_capabilities
+      has_an_iam_resource = hash["Resources"].any? do |resource_id, resource_body|
+        resource_body["Type"].starts_with?("AWS::IAM::")
+      end
+
+      # A bit of a cop out to claim named_iam since we haven't checked
+      # to see if any of the IAM resources have custom names, but it will
+      # work
+      has_an_iam_resource ? [:named_iam] : []
+    end
+
+    def s3_key
+      [
+        OpenStax::Aws.configuration.cfn_template_bucket_folder,
+        s3_folder,
+        basename
+      ].compact.join("/")
+    end
+
+    def s3_folder
+      @unique_s3_folder ||=
+        OpenStax::Aws.configuration.fixed_s3_template_folder ||
+        Time.now.utc.strftime("%Y%m%d_%H%M%S_#{SecureRandom.hex(4)}")
+    end
+
+    def s3_url
+      upload_once
+      "https://s3.amazonaws.com/#{OpenStax::Aws.configuration.cfn_template_bucket_name}/#{s3_key}"
+    end
+
+    def upload_once
+      return if @uploaded
+
+      validate
+      upload
+
+      @uploaded = true
+    end
+
+    def is_sam?
+      body.match(/Transform: AWS::Serverless/).present?
+    end
+
+  protected
+
+    def initialize(absolute_file_path: nil, body: nil)
+      raise "One of `absolute_file_path` or `body` must be set" if absolute_file_path.blank? && body.nil?
+      @absolute_file_path = absolute_file_path
+      @body = body.try(:dup)
+    end
+
+    def validate
+      begin
+        # any region works here
+        Aws::CloudFormation::Client.new(region: "us-west-2").validate_template(template_body: body)
+      rescue Aws::CloudFormation::Errors::ValidationError => ee
+        raise TemplateInvalid.new(basename + ": " + ee.message, absolute_file_path, body)
+      end
+    end
+
+    def upload
+      client = Aws::S3::Client.new(region: OpenStax::Aws.configuration.cfn_template_bucket_region)
+      client.put_object({
+        body: body,
+        bucket: OpenStax::Aws.configuration.cfn_template_bucket_name,
+        key: s3_key
+      })
+    end
+
+    def json_hash
+      JSON.parse(body) rescue nil
+    end
+
+    def yml_hash
+      YAML.load(body) rescue nil
+    end
+
+  end
+end