opsworks-cli 0.2.4 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b5ab9727e55ff6564f7d6f82d6cbeee4d55005f9
-  data.tar.gz: 02ce23e2d07cdccc433660baaf45a9ea031d741a
+  metadata.gz: 2ab03c769a18190d2590e765e79e992e820685da
+  data.tar.gz: ce762573e029e65e1776bcfae265f7611762fc85
 SHA512:
-  metadata.gz: 97b2db684720a9bfc43df78b9ce0ea49afe4687ab40833ac23aeb0f41708807062b5de207736bdb44fe94061c2a945ff42f1d09054b40ac8b28d29650b425595
-  data.tar.gz: 1e2201866045a971e81bc2bc10db039576565ad5d94bd910fe852361542b61065fc1d453c2dea310c8821f2598f55d0b71dbe50d418b612036931420c8b24139
+  metadata.gz: d347483d2342efc5d4cbbd882f310044bd327269868105eab6ea53e9f4a368cb2420c0cd2b9d4853a2cb409cfcb0e2eb0b6fddfa18932025f6bda958c0e9a8da
+  data.tar.gz: ca593191e47af2a66c8f072d1c1fca78f869c9cc0784c06e8b5c33819b63cba6afeabc66d0c677d98261c4f4b95ee4ef979ff9c6eb7879ddf13b0943e745948b

data/README.md

@@ -32,11 +32,20 @@ When you add credentials, make sure to name the account `default`.
 ```
 $ opsworks help
 Commands:
-  opsworks deploy [--stack STACK] APP   # Deploy an OpsWorks app
-  opsworks exec [--stack STACK] RECIPE  # Execute a Chef recipe
-  opsworks status [--stack STACK] APP   # Display the most recent deployment of an app
-  opsworks update [--stack STACK]       # Update OpsWorks custom cookbooks
-  opsworks version                      # Print OpsWorks CLI version
+  opsworks apps:create APP [--stack STACK]                 # Create a new OpsWorks app
+  opsworks apps:deploy APP [--stack STACK]                 # Deploy an OpsWorks app
+  opsworks apps:status APP [--stack STACK]                 # Display the most recent deployment of an app
+  opsworks config:get KEY [--stack STACK]                  # Get a single config value
+  opsworks config:set KEY VALUE [--stack STACK]            # Set a config value
+  opsworks config:unset KEY [--stack STACK]                # Unset a config value
+  opsworks help [COMMAND]                                  # Describe available commands or one specific command
+  opsworks iam:allow USER [--stack STACK]                  # Allow an IAM user on a stack
+  opsworks iam:lockdown [--stack STACK]                    # Remove all stack permissions
+  opsworks recipes:add LAYER EVENT RECIPE [--stack STACK]  # Add a recipe to a given layer and lifecycle event
+  opsworks recipes:run RECIPE [--stack STACK]              # Execute a Chef recipe
+  opsworks update [--stack STACK]                          # Update OpsWorks custom cookbooks
+  opsworks upgrade-chef [--stack STACK]                    # Upgrade Chef version
+  opsworks version                                         # Print OpsWorks CLI version
 ```
 
 ## Contributing

data/lib/opsworks/cli/agent.rb

@@ -5,12 +5,10 @@ require_relative 'helpers/keychain'
 require_relative 'helpers/options'
 
 require_relative 'subcommands/update'
-require_relative 'subcommands/exec'
-require_relative 'subcommands/deploy'
-require_relative 'subcommands/status'
-require_relative 'subcommands/allow'
-require_relative 'subcommands/lockdown'
 require_relative 'subcommands/upgrade_chef'
+require_relative 'subcommands/recipes'
+require_relative 'subcommands/apps'
+require_relative 'subcommands/iam'
 require_relative 'subcommands/config'
 
 module OpsWorks
@@ -19,12 +17,10 @@ module OpsWorks
       include Thor::Actions
 
       include Subcommands::Update
-      include Subcommands::Exec
-      include Subcommands::Deploy
-      include Subcommands::Status
-      include Subcommands::Allow
-      include Subcommands::Lockdown
       include Subcommands::UpgradeChef
+      include Subcommands::Recipes
+      include Subcommands::Apps
+      include Subcommands::IAM
       include Subcommands::Config
 
       desc 'version', 'Print OpsWorks CLI version'

data/lib/opsworks/cli/subcommands/apps.rb

@@ -0,0 +1,90 @@
+require 'opsworks/deployment'
+
+module OpsWorks
+  module CLI
+    module Subcommands
+      module Apps
+        # rubocop:disable MethodLength
+        # rubocop:disable CyclomaticComplexity
+        # rubocop:disable PerceivedComplexity
+        def self.included(thor)
+          thor.class_eval do
+            desc 'apps:deploy APP [--stack STACK]', 'Deploy an OpsWorks app'
+            option :stack, type: :array
+            option :timeout, type: :numeric
+            define_method 'apps:deploy' do |name|
+              fetch_keychain_credentials unless env_credentials?
+              stacks = parse_stacks(options.merge(active: true))
+              deployments = stacks.map do |stack|
+                next unless (app = stack.find_app_by_name(name))
+                say "Deploying to #{stack.name}..."
+                stack.deploy_app(app)
+              end
+              deployments.compact!
+              OpsWorks::Deployment.wait(deployments, options[:timeout])
+              unless deployments.all?(&:success?)
+                failures = []
+                deployments.each_with_index do |deployment, i|
+                  failures << stacks[i].name unless deployment.success?
+                end
+                fail "Deploy failed on #{failures.join(', ')}"
+              end
+            end
+
+            desc 'apps:status APP [--stack STACK]',
+                 'Display the most recent deployment of an app'
+            option :stack, type: :array
+            define_method 'apps:status' do |name|
+              fetch_keychain_credentials unless env_credentials?
+
+              table = parse_stacks(options).map do |stack|
+                next unless (app = stack.find_app_by_name(name))
+                if (deployment = app.last_deployment)
+                  deployed_at = formatted_time(deployment.created_at)
+                else
+                  deployed_at = '-'
+                end
+                [stack.name, name, "(#{app.revision})", deployed_at]
+              end
+              # Sort output in descending date order
+              table.compact!
+              table.sort! { |x, y| y.last <=> x.last }
+              print_table table
+            end
+
+            desc 'apps:create APP [--stack STACK]', 'Create a new OpsWorks app'
+            option :stack, type: :array
+            option :type, default: 'other'
+            option :git_url
+            option :shortname
+            define_method 'apps:create' do |name|
+              unless %w(other).include?(options[:type])
+                fail "Unsupported type: #{options[:type]}"
+              end
+
+              fail 'Git URL not yet supported' if options[:git_url]
+
+              fetch_keychain_credentials unless env_credentials?
+              stacks = parse_stacks(options)
+
+              stacks.each do |stack|
+                next if stack.apps.map(&:name).include?(name)
+                say "Creating app on #{stack.name}."
+                stack.create_app(name, options)
+              end
+            end
+
+            private
+
+            def formatted_time(timestamp)
+              timestamp.strftime('%Y-%m-%d %H:%M:%S %Z')
+            end
+          end
+        end
+        # rubocop:enable PerceivedComplexity
+        # rubocop:enable CyclomaticComplexity
+        # rubocop:enable MethodLength
+      end
+    end
+  end
+end

data/lib/opsworks/cli/subcommands/{allow.rb → iam.rb}

@@ -3,16 +3,17 @@ require 'opsworks/permission'
 module OpsWorks
   module CLI
     module Subcommands
-      module Allow
+      module IAM
         # rubocop:disable MethodLength
         # rubocop:disable CyclomaticComplexity
         def self.included(thor)
           thor.class_eval do
-            desc 'allow USER [--stack STACK]', 'Allow an IAM user on a stack'
+            desc 'iam:allow USER [--stack STACK]',
+                 'Allow an IAM user on a stack'
             option :stack, type: :array
             option :ssh, type: :boolean, default: true
             option :sudo, type: :boolean, default: true
-            def allow(user)
+            define_method 'iam:allow' do |user|
               fetch_keychain_credentials unless env_credentials?
               stacks = parse_stacks(options.merge(active: true))
               stacks.each do |stack|
@@ -22,6 +23,20 @@ module OpsWorks
                 permission.update(ssh: options[:ssh], sudo: options[:sudo])
               end
             end
+
+            desc 'iam:lockdown [--stack STACK]', 'Remove all stack permissions'
+            option :stack, type: :array
+            define_method 'iam:lockdown' do
+              fetch_keychain_credentials unless env_credentials?
+              stacks = parse_stacks(options.merge(active: true))
+              stacks.each do |stack|
+                say "Locking down #{stack.name}..."
+                stack.permissions.each do |permission|
+                  permission.update(ssh: false, sudo: false)
+                end
+              end
+            end
+
           end
         end
         # rubocop:enable CyclomaticComplexity

data/lib/opsworks/cli/subcommands/{exec.rb → recipes.rb}

@@ -3,21 +3,22 @@ require 'opsworks/deployment'
 module OpsWorks
   module CLI
     module Subcommands
-      module Exec
+      module Recipes
         # rubocop:disable MethodLength
         # rubocop:disable CyclomaticComplexity
         def self.included(thor)
           thor.class_eval do
-            desc 'exec RECIPE [--stack STACK]', 'Execute a Chef recipe'
+            desc 'recipes:run RECIPE [--stack STACK]', 'Execute a Chef recipe'
             option :stack, type: :array
-            def exec(recipe)
+            option :timeout, type: :numeric
+            define_method 'recipes:run' do |recipe|
               fetch_keychain_credentials unless env_credentials?
               stacks = parse_stacks(options.merge(active: true))
               deployments = stacks.map do |stack|
                 say "Executing recipe on #{stack.name}..."
                 stack.execute_recipe(recipe)
               end
-              OpsWorks::Deployment.wait(deployments)
+              OpsWorks::Deployment.wait(deployments, options[:timeout])
               unless deployments.all?(&:success?)
                 failures = []
                 deployments.each_with_index do |deployment, i|
@@ -26,6 +27,22 @@ module OpsWorks
                 fail "Command failed on #{failures.join(', ')}"
               end
             end
+
+            desc 'recipes:add LAYER EVENT RECIPE [--stack STACK]',
+                 'Add a recipe to a given layer and lifecycle event'
+            option :stack, type: :array
+            define_method 'recipes:add' do |layername, event, recipe|
+              fetch_keychain_credentials unless env_credentials?
+              stacks = parse_stacks(options)
+              stacks.each do |stack|
+                layer = stack.layers.find { |l| l.shortname == layername }
+                next unless layer
+                next if layer.custom_recipes[event].include?(recipe)
+
+                say "Adding recipe to #{stack.name}."
+                layer.add_custom_recipe(event, recipe)
+              end
+            end
           end
         end
         # rubocop:enable CyclomaticComplexity

data/lib/opsworks/cli/subcommands/update.rb

@@ -14,6 +14,7 @@ module OpsWorks
 
             desc 'update [--stack STACK]', 'Update OpsWorks custom cookbooks'
             option :stack, type: :array
+            option :timeout, type: :numeric
             def update
               fetch_keychain_credentials unless env_credentials?
               stacks = parse_stacks(options.merge(active: true))
@@ -21,7 +22,7 @@ module OpsWorks
                 say "Updating #{stack.name}..."
                 stack.update_custom_cookbooks
               end
-              OpsWorks::Deployment.wait(deployments)
+              OpsWorks::Deployment.wait(deployments, options[:timeout])
               unless deployments.all?(&:success?)
                 failures = []
                 deployments.each_with_index do |deployment, i|

data/lib/opsworks/cli/version.rb

@@ -1,5 +1,5 @@
 module OpsWorks
   module CLI
-    VERSION = '0.2.4'
+    VERSION = '0.3.0'
   end
 end

data/lib/opsworks/layer.rb

@@ -0,0 +1,36 @@
+require 'opsworks/resource'
+require 'thor'
+
+module OpsWorks
+  class Layer < Resource
+    attr_accessor :id, :name, :shortname, :custom_recipes
+
+    # rubocop:disable MethodLength
+    def self.from_collection_response(response)
+      response.data[:layers].map do |hash|
+        # Make custom_recipes accessible by string or symbol
+        custom_recipes = Thor::CoreExt::HashWithIndifferentAccess.new(
+          hash[:custom_recipes]
+        )
+        new(
+          id: hash[:layer_id],
+          name: hash[:name],
+          shortname: hash[:shortname],
+          custom_recipes: custom_recipes
+        )
+      end
+    end
+    # rubocop:enable MethodLength
+
+    def add_custom_recipe(event, recipe)
+      return if custom_recipes[event].include?(recipe)
+
+      custom_recipes[event] ||= []
+      custom_recipes[event].push recipe
+      self.class.client.update_layer(
+        layer_id: id,
+        custom_recipes: custom_recipes
+      )
+    end
+  end
+end

data/lib/opsworks/stack.rb

@@ -1,9 +1,11 @@
 require 'jsonpath'
+require 'active_support/core_ext/hash/slice'
 
 require 'opsworks/resource'
 require 'opsworks/app'
 require 'opsworks/instance'
 require 'opsworks/permission'
+require 'opsworks/layer'
 
 module OpsWorks
   # rubocop:disable ClassLength
@@ -54,6 +56,10 @@ module OpsWorks
       @instances ||= initialize_instances
     end
 
+    def layers
+      @layers ||= initialize_layers
+    end
+
     def upgrade_chef(version, options = {})
       self.class.client.update_stack(
         stack_id: id,
@@ -97,6 +103,12 @@ module OpsWorks
       )
     end
 
+    def create_app(name, options = {})
+      options = options.slice(:type, :shortname)
+      options.merge!(stack_id: id, name: name)
+      self.class.client.create_app(options)
+    end
+
     private
 
     def initialize_apps
@@ -106,12 +118,15 @@ module OpsWorks
     end
 
     # rubocop:disable Eval
+    # rubocop:disable MethodLength
     def replace_hash_at_path(hash, key, value)
       path = JsonPath.new(key).path
       if value
         # REVIEW: Is there a better way to parse the JSON Path and ensure
         # a value at the location?
-        hash.default_proc = ->(h, k) { h[k] = Hash.new(&h.default_proc) }
+        (0...(path.length - 1)).each do |i|
+          eval("hash#{path[0..i].join('')} ||= {}")
+        end
         eval("hash#{path.join('')} = #{value.inspect}")
       elsif JsonPath.new(key).on(hash).count > 0
         # Path value is present, but we need to unset it
@@ -121,6 +136,7 @@ module OpsWorks
 
       hash
     end
+    # rubocop:enable MethodLength
     # rubocop:enable Eval
 
     def initialize_permissions
@@ -135,6 +151,12 @@ module OpsWorks
       Instance.from_collection_response(response)
     end
 
+    def initialize_layers
+      return [] unless id
+      response = self.class.client.describe_layers(stack_id: id)
+      Layer.from_collection_response(response)
+    end
+
     def create_deployment(options = {})
       response = self.class.client.create_deployment(
         options.merge(stack_id: id)

data/opsworks-cli.gemspec

@@ -23,6 +23,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'thor'
   spec.add_dependency 'aws-sdk'
   spec.add_dependency 'jsonpath'
+  spec.add_dependency 'activesupport'
 
   spec.add_development_dependency 'aws-keychain-util'
   spec.add_development_dependency 'bundler', '~> 1.5'

data/spec/opsworks/cli/subcommands/apps_spec.rb

@@ -0,0 +1,90 @@
+require 'spec_helper'
+
+describe OpsWorks::CLI::Agent do
+  context 'apps' do
+    let(:app_name) { 'aptible' }
+    let(:stacks) { 2.times.map { Fabricate(:stack) } }
+
+    before { allow(subject).to receive(:say) }
+    before { allow(OpsWorks::Deployment).to receive(:wait) }
+    before { allow(OpsWorks::Stack).to receive(:all) { stacks } }
+    before { allow(OpsWorks::Stack).to receive(:active) { stacks } }
+
+    describe 'apps:deploy' do
+      let(:app) { Fabricate(:app, name: app_name) }
+      let(:success) { Fabricate(:deployment, status: 'successful') }
+      let(:failure) { Fabricate(:deployment, status: 'failed') }
+
+      before do
+        stacks.each { |stack| allow(stack).to receive(:apps) { [app] } }
+      end
+
+      it 'should update custom cookbooks on all stacks' do
+        expect(stacks[0]).to receive(:deploy_app).with(app) { success }
+        expect(stacks[1]).to receive(:deploy_app).with(app) { success }
+        subject.send('apps:deploy', app_name)
+      end
+
+      it 'should not fail if some stacks are inactive' do
+        allow(OpsWorks::Stack).to receive(:active) { [stacks[0]] }
+        expect(stacks[0]).to receive(:deploy_app).with(app) { success }
+        expect(stacks[1]).not_to receive(:deploy_app)
+        subject.send('apps:deploy', app_name)
+      end
+
+      it 'should optionally run on a subset of stacks' do
+        expect(stacks[0]).to receive(:deploy_app).with(app) { success }
+        expect(stacks[1]).not_to receive(:deploy_app)
+
+        allow(subject).to receive(:options) { { stack: [stacks[0].name] } }
+        subject.send('apps:deploy', app_name)
+      end
+
+      it 'should not fail if a stack does not have the app' do
+        allow(stacks[0]).to receive(:apps) { [] }
+        expect(stacks[1]).to receive(:deploy_app).with(app) { success }
+        expect { subject.send('apps:deploy', app_name) }.not_to raise_error
+      end
+
+      it 'should fail if any update fails' do
+        expect(stacks[0]).to receive(:deploy_app).with(app) { failure }
+
+        allow(subject).to receive(:options) { { stack: [stacks[0].name] } }
+        expect { subject.send('apps:deploy', app_name) }.to raise_error
+      end
+    end
+
+    describe 'apps:create' do
+      # TODO: Figure out why Thor doesn't populate options from defaults
+      # when methods are invoked directly
+      let(:options) { { type: 'other' } }
+
+      before do
+        stacks.each { |stack| allow(stack).to receive(:apps) { [] } }
+      end
+
+      it 'should fail with a helpful error on unsupported type' do
+        options.merge!(type: 'foobar')
+        allow(subject).to receive(:options) { options }
+        expect { subject.send('apps:create', app_name) }.to raise_error
+      end
+
+      xit 'should accept a Git URL'
+
+      it 'should create an app' do
+        allow(subject).to receive(:options) { options }
+        expect(stacks[0]).to receive(:create_app).with(app_name, options)
+        expect(stacks[1]).to receive(:create_app).with(app_name, options)
+        subject.send('apps:create', app_name)
+      end
+
+      it 'should accept a different shortname' do
+        options.merge!(shortname: 'foobar')
+        allow(subject).to receive(:options) { options }
+        expect(stacks[0]).to receive(:create_app).with(app_name, options)
+        expect(stacks[1]).to receive(:create_app).with(app_name, options)
+        subject.send('apps:create', app_name)
+      end
+    end
+  end
+end

data/spec/opsworks/cli/subcommands/config_spec.rb

@@ -38,6 +38,16 @@ describe OpsWorks::CLI::Agent do
         expect(stack.custom_json['env']['FOO']).to eq 'baz'
       end
 
+      it 'should work with deep nested hashes' do
+        stack.custom_json = { 'app' => { 'var' => 'value' } }
+        expect(client).to receive(:update_stack) do |hash|
+          json = JSON.parse(hash[:custom_json])
+          expect(json['app']['env']['FOO']).to eq 'baz'
+        end
+        subject.send('config:set', 'app.env.FOO', 'baz')
+        expect(stack.custom_json['app']['env']['FOO']).to eq 'baz'
+      end
+
       it 'should set the variable, if it is unset' do
         stack.custom_json = {}
         expect(client).to receive(:update_stack) do |hash|

data/spec/opsworks/cli/subcommands/iam_spec.rb

@@ -0,0 +1,68 @@
+require 'spec_helper'
+
+describe OpsWorks::CLI::Agent do
+  context 'iam' do
+    let(:permissions) { 2.times.map { Fabricate(:permission) } }
+    let(:user) { permissions[0].user }
+
+    before { allow(subject).to receive(:say) }
+    before { allow(OpsWorks::Stack).to receive(:all) { stacks } }
+    before { allow(OpsWorks::Stack).to receive(:active) { stacks } }
+
+    describe 'iam:allow' do
+      let(:stacks) do
+        2.times.map do |i|
+          Fabricate(:stack).tap do |stack|
+            allow(stack).to receive(:find_permission_by_user) { permissions[i] }
+          end
+        end
+      end
+
+      it 'should update all matching permissions' do
+        expect(permissions[0]).to receive(:update)
+        expect(permissions[1]).to receive(:update)
+        subject.send('iam:allow', user)
+      end
+
+      it 'should optionally run on a subset of stacks' do
+        expect(permissions[0]).to receive(:update)
+        expect(permissions[1]).not_to receive(:update)
+
+        allow(subject).to receive(:options) { { stack: [stacks[0].name] } }
+        subject.send('iam:allow', user)
+      end
+
+      it 'should accept :ssh and :sudo options' do
+        expect(permissions[0]).to receive(:update).with(ssh: true, sudo: false)
+
+        allow(subject).to receive(:options) do
+          { stack: [stacks[0].name], ssh: true, sudo: false }
+        end
+        subject.send('iam:allow', user)
+      end
+    end
+
+    describe 'iam:lockdown' do
+      let(:stack) do
+        Fabricate(:stack).tap do |stack|
+          allow(stack).to receive(:permissions) { permissions }
+        end
+      end
+      let(:stacks) { [stack] }
+
+      it 'should lock down all stacks' do
+        expect(permissions[0]).to receive(:update).with(ssh: false, sudo: false)
+        expect(permissions[1]).to receive(:update).with(ssh: false, sudo: false)
+        subject.send('iam:lockdown')
+      end
+
+      it 'should optionally run on a subset of stacks' do
+        expect(permissions[0]).to receive(:update).with(ssh: false, sudo: false)
+        expect(permissions[1]).to receive(:update).with(ssh: false, sudo: false)
+
+        allow(subject).to receive(:options) { { stacks: [stack.name] } }
+        subject.send('iam:lockdown')
+      end
+    end
+  end
+end

data/spec/opsworks/cli/subcommands/recipes_spec.rb

@@ -0,0 +1,39 @@
+require 'spec_helper'
+
+describe OpsWorks::CLI::Agent do
+  context 'recipes' do
+    let(:recipe) { 'hotpockets::install' }
+    let(:stacks) { 2.times.map { Fabricate(:stack) } }
+
+    before { allow(subject).to receive(:say) }
+    before { allow(OpsWorks::Deployment).to receive(:wait) }
+    before { allow(OpsWorks::Stack).to receive(:all) { stacks } }
+    before { allow(OpsWorks::Stack).to receive(:active) { stacks } }
+
+    describe 'recipes:run' do
+      let(:success) { Fabricate(:deployment, status: 'successful') }
+      let(:failure) { Fabricate(:deployment, status: 'failed') }
+
+      it 'should update custom cookbooks on all stacks' do
+        expect(stacks[0]).to receive(:execute_recipe).with(recipe) { success }
+        expect(stacks[1]).to receive(:execute_recipe).with(recipe) { success }
+        subject.send('recipes:run', recipe)
+      end
+
+      it 'should optionally run on a subset of stacks' do
+        expect(stacks[0]).to receive(:execute_recipe).with(recipe) { success }
+        expect(stacks[1]).not_to receive(:execute_recipe)
+
+        allow(subject).to receive(:options) { { stack: [stacks[0].name] } }
+        subject.send('recipes:run', recipe)
+      end
+
+      it 'should fail if any update fails' do
+        expect(stacks[0]).to receive(:execute_recipe).with(recipe) { failure }
+
+        allow(subject).to receive(:options) { { stack: [stacks[0].name] } }
+        expect { subject.send('recipes:run', recipe) }.to raise_error
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: opsworks-cli
 version: !ruby/object:Gem::Version
-  version: 0.2.4
+  version: 0.3.0
 platform: ruby
 authors:
 - Frank Macreery
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-11-19 00:00:00.000000000 Z
+date: 2014-12-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -52,6 +52,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: aws-keychain-util
   requirement: !ruby/object:Gem::Requirement
@@ -171,17 +185,16 @@ files:
 - lib/opsworks/cli/agent.rb
 - lib/opsworks/cli/helpers/keychain.rb
 - lib/opsworks/cli/helpers/options.rb
-- lib/opsworks/cli/subcommands/allow.rb
+- lib/opsworks/cli/subcommands/apps.rb
 - lib/opsworks/cli/subcommands/config.rb
-- lib/opsworks/cli/subcommands/deploy.rb
-- lib/opsworks/cli/subcommands/exec.rb
-- lib/opsworks/cli/subcommands/lockdown.rb
-- lib/opsworks/cli/subcommands/status.rb
+- lib/opsworks/cli/subcommands/iam.rb
+- lib/opsworks/cli/subcommands/recipes.rb
 - lib/opsworks/cli/subcommands/update.rb
 - lib/opsworks/cli/subcommands/upgrade_chef.rb
 - lib/opsworks/cli/version.rb
 - lib/opsworks/deployment.rb
 - lib/opsworks/instance.rb
+- lib/opsworks/layer.rb
 - lib/opsworks/permission.rb
 - lib/opsworks/resource.rb
 - lib/opsworks/stack.rb
@@ -191,11 +204,10 @@ files:
 - spec/fabricators/opsworks/permission_fabricator.rb
 - spec/fabricators/opsworks/stack_fabricator.rb
 - spec/opsworks/cli/agent_spec.rb
-- spec/opsworks/cli/subcommands/allow_spec.rb
+- spec/opsworks/cli/subcommands/apps_spec.rb
 - spec/opsworks/cli/subcommands/config_spec.rb
-- spec/opsworks/cli/subcommands/deploy_spec.rb
-- spec/opsworks/cli/subcommands/exec_spec.rb
-- spec/opsworks/cli/subcommands/lockdown_spec.rb
+- spec/opsworks/cli/subcommands/iam_spec.rb
+- spec/opsworks/cli/subcommands/recipes_spec.rb
 - spec/opsworks/cli/subcommands/update_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/aptible/opsworks-cli
@@ -228,10 +240,9 @@ test_files:
 - spec/fabricators/opsworks/permission_fabricator.rb
 - spec/fabricators/opsworks/stack_fabricator.rb
 - spec/opsworks/cli/agent_spec.rb
-- spec/opsworks/cli/subcommands/allow_spec.rb
+- spec/opsworks/cli/subcommands/apps_spec.rb
 - spec/opsworks/cli/subcommands/config_spec.rb
-- spec/opsworks/cli/subcommands/deploy_spec.rb
-- spec/opsworks/cli/subcommands/exec_spec.rb
-- spec/opsworks/cli/subcommands/lockdown_spec.rb
+- spec/opsworks/cli/subcommands/iam_spec.rb
+- spec/opsworks/cli/subcommands/recipes_spec.rb
 - spec/opsworks/cli/subcommands/update_spec.rb
 - spec/spec_helper.rb

data/lib/opsworks/cli/subcommands/deploy.rb

@@ -1,38 +0,0 @@
-require 'opsworks/deployment'
-
-module OpsWorks
-  module CLI
-    module Subcommands
-      module Deploy
-        # rubocop:disable MethodLength
-        # rubocop:disable CyclomaticComplexity
-        def self.included(thor)
-          thor.class_eval do
-            desc 'deploy APP [--stack STACK]', 'Deploy an OpsWorks app'
-            option :stack, type: :array
-            def deploy(name)
-              fetch_keychain_credentials unless env_credentials?
-              stacks = parse_stacks(options.merge(active: true))
-              deployments = stacks.map do |stack|
-                next unless (app = stack.find_app_by_name(name))
-                say "Deploying to #{stack.name}..."
-                stack.deploy_app(app)
-              end
-              deployments.compact!
-              OpsWorks::Deployment.wait(deployments)
-              unless deployments.all?(&:success?)
-                failures = []
-                deployments.each_with_index do |deployment, i|
-                  failures << stacks[i].name unless deployment.success?
-                end
-                fail "Deploy failed on #{failures.join(', ')}"
-              end
-            end
-          end
-        end
-        # rubocop:enable CyclomaticComplexity
-        # rubocop:enable MethodLength
-      end
-    end
-  end
-end

data/lib/opsworks/cli/subcommands/lockdown.rb

@@ -1,30 +0,0 @@
-require 'opsworks/permission'
-
-module OpsWorks
-  module CLI
-    module Subcommands
-      module Lockdown
-        # rubocop:disable MethodLength
-        # rubocop:disable CyclomaticComplexity
-        def self.included(thor)
-          thor.class_eval do
-            desc 'lockdown [--stack STACK]', 'Remove all stack permissions'
-            option :stack, type: :array
-            def lockdown
-              fetch_keychain_credentials unless env_credentials?
-              stacks = parse_stacks(options.merge(active: true))
-              stacks.each do |stack|
-                say "Locking down #{stack.name}..."
-                stack.permissions.each do |permission|
-                  permission.update(ssh: false, sudo: false)
-                end
-              end
-            end
-          end
-        end
-        # rubocop:enable CyclomaticComplexity
-        # rubocop:enable MethodLength
-      end
-    end
-  end
-end

data/lib/opsworks/cli/subcommands/status.rb

@@ -1,45 +0,0 @@
-module OpsWorks
-  module CLI
-    module Subcommands
-      module Status
-        # rubocop:disable MethodLength
-        # rubocop:disable CyclomaticComplexity
-        def self.included(thor)
-          thor.class_eval do
-            include Helpers::Keychain
-            include Helpers::Options
-
-            desc 'status APP [--stack STACK]',
-                 'Display the most recent deployment of an app'
-            option :stack, type: :array
-            def status(name)
-              fetch_keychain_credentials unless env_credentials?
-
-              table = parse_stacks(options).map do |stack|
-                next unless (app = stack.find_app_by_name(name))
-                if (deployment = app.last_deployment)
-                  deployed_at = formatted_time(deployment.created_at)
-                else
-                  deployed_at = '-'
-                end
-                [stack.name, name, "(#{app.revision})", deployed_at]
-              end
-              # Sort output in descending date order
-              table.compact!
-              table.sort! { |x, y| y.last <=> x.last }
-              print_table table
-            end
-
-            private
-
-            def formatted_time(timestamp)
-              timestamp.strftime('%Y-%m-%d %H:%M:%S %Z')
-            end
-          end
-        end
-        # rubocop:enable CyclomaticComplexity
-        # rubocop:enable MethodLength
-      end
-    end
-  end
-end

data/spec/opsworks/cli/subcommands/allow_spec.rb

@@ -1,42 +0,0 @@
-require 'spec_helper'
-
-describe OpsWorks::CLI::Agent do
-  describe '#allow' do
-    let(:permissions) { 2.times.map { Fabricate(:permission) } }
-    let(:user) { permissions[0].user }
-    let(:stacks) do
-      2.times.map do |i|
-        Fabricate(:stack).tap do |stack|
-          allow(stack).to receive(:find_permission_by_user) { permissions[i] }
-        end
-      end
-    end
-
-    before { allow(subject).to receive(:say) }
-    before { allow(OpsWorks::Stack).to receive(:all) { stacks } }
-    before { allow(OpsWorks::Stack).to receive(:active) { stacks } }
-
-    it 'should update all matching permissions' do
-      expect(permissions[0]).to receive(:update)
-      expect(permissions[1]).to receive(:update)
-      subject.allow(user)
-    end
-
-    it 'should optionally run on a subset of stacks' do
-      expect(permissions[0]).to receive(:update)
-      expect(permissions[1]).not_to receive(:update)
-
-      allow(subject).to receive(:options) { { stack: [stacks[0].name] } }
-      subject.allow(user)
-    end
-
-    it 'should accept :ssh and :sudo options' do
-      expect(permissions[0]).to receive(:update).with(ssh: true, sudo: false)
-
-      allow(subject).to receive(:options) do
-        { stack: [stacks[0].name], ssh: true, sudo: false }
-      end
-      subject.allow(user)
-    end
-  end
-end

data/spec/opsworks/cli/subcommands/deploy_spec.rb

@@ -1,53 +0,0 @@
-require 'spec_helper'
-
-describe OpsWorks::CLI::Agent do
-  describe '#deploy' do
-    let(:app_name) { 'aptible' }
-    let(:app) { Fabricate(:app, name: app_name) }
-
-    let(:stacks) { 2.times.map { Fabricate(:stack) } }
-    let(:deployment) { Fabricate(:deployment, status: 'successful') }
-
-    before { allow(subject).to receive(:say) }
-    before { allow(OpsWorks::Deployment).to receive(:wait) }
-    before { allow(OpsWorks::Stack).to receive(:all) { stacks } }
-    before { allow(OpsWorks::Stack).to receive(:active) { stacks } }
-
-    before { stacks.each { |stack| allow(stack).to receive(:apps) { [app] } } }
-
-    it 'should update custom cookbooks on all stacks' do
-      expect(stacks[0]).to receive(:deploy_app).with(app) { deployment }
-      expect(stacks[1]).to receive(:deploy_app).with(app) { deployment }
-      subject.deploy(app_name)
-    end
-
-    it 'should not fail if some stacks are inactive' do
-      allow(OpsWorks::Stack).to receive(:active) { [stacks[0]] }
-      expect(stacks[0]).to receive(:deploy_app).with(app) { deployment }
-      expect(stacks[1]).not_to receive(:deploy_app)
-      subject.deploy(app_name)
-    end
-
-    it 'should optionally run on a subset of stacks' do
-      expect(stacks[0]).to receive(:deploy_app).with(app) { deployment }
-      expect(stacks[1]).not_to receive(:deploy_app)
-
-      allow(subject).to receive(:options) { { stack: [stacks[0].name] } }
-      subject.deploy(app_name)
-    end
-
-    it 'should not fail if a stack does not have the app' do
-      allow(stacks[0]).to receive(:apps) { [] }
-      expect(stacks[1]).to receive(:deploy_app).with(app) { deployment }
-      expect { subject.deploy(app_name) }.not_to raise_error
-    end
-
-    it 'should fail if any update fails' do
-      failure = Fabricate(:deployment, status: 'failed')
-      expect(stacks[0]).to receive(:deploy_app).with(app) { failure }
-
-      allow(subject).to receive(:options) { { stack: [stacks[0].name] } }
-      expect { subject.deploy(app_name) }.to raise_error
-    end
-  end
-end

data/spec/opsworks/cli/subcommands/exec_spec.rb

@@ -1,37 +0,0 @@
-require 'spec_helper'
-
-describe OpsWorks::CLI::Agent do
-  describe '#exec' do
-    let(:recipe) { 'hotpockets::install' }
-
-    let(:stacks) { 2.times.map { Fabricate(:stack) } }
-    let(:deployment) { Fabricate(:deployment, status: 'successful') }
-
-    before { allow(subject).to receive(:say) }
-    before { allow(OpsWorks::Deployment).to receive(:wait) }
-    before { allow(OpsWorks::Stack).to receive(:all) { stacks } }
-    before { allow(OpsWorks::Stack).to receive(:active) { stacks } }
-
-    it 'should update custom cookbooks on all stacks' do
-      expect(stacks[0]).to receive(:execute_recipe).with(recipe) { deployment }
-      expect(stacks[1]).to receive(:execute_recipe).with(recipe) { deployment }
-      subject.exec(recipe)
-    end
-
-    it 'should optionally run on a subset of stacks' do
-      expect(stacks[0]).to receive(:execute_recipe).with(recipe) { deployment }
-      expect(stacks[1]).not_to receive(:execute_recipe)
-
-      allow(subject).to receive(:options) { { stack: [stacks[0].name] } }
-      subject.exec(recipe)
-    end
-
-    it 'should fail if any update fails' do
-      failure = Fabricate(:deployment, status: 'failed')
-      expect(stacks[0]).to receive(:execute_recipe).with(recipe) { failure }
-
-      allow(subject).to receive(:options) { { stack: [stacks[0].name] } }
-      expect { subject.exec(recipe) }.to raise_error
-    end
-  end
-end

data/spec/opsworks/cli/subcommands/lockdown_spec.rb

@@ -1,31 +0,0 @@
-require 'spec_helper'
-
-describe OpsWorks::CLI::Agent do
-  describe '#lockdown' do
-    let(:permissions) { 2.times.map { Fabricate(:permission) } }
-    let(:user) { permissions[0].user }
-    let(:stack) do
-      Fabricate(:stack).tap do |stack|
-        allow(stack).to receive(:permissions) { permissions }
-      end
-    end
-
-    before { allow(subject).to receive(:say) }
-    before { allow(OpsWorks::Stack).to receive(:all) { [stack] } }
-    before { allow(OpsWorks::Stack).to receive(:active) { [stack] } }
-
-    it 'should lock down all stacks' do
-      expect(permissions[0]).to receive(:update).with(ssh: false, sudo: false)
-      expect(permissions[1]).to receive(:update).with(ssh: false, sudo: false)
-      subject.lockdown
-    end
-
-    it 'should optionally run on a subset of stacks' do
-      expect(permissions[0]).to receive(:update).with(ssh: false, sudo: false)
-      expect(permissions[1]).to receive(:update).with(ssh: false, sudo: false)
-
-      allow(subject).to receive(:options) { { stacks: [stack.name] } }
-      subject.lockdown
-    end
-  end
-end