rubycfn 0.4.10 → 0.5.0

data/templates/lib/core/init.rb

@@ -0,0 +1,173 @@
+require "aws-sdk"
+require "dotenv"
+require "git-revision"
+require "rubycfn"
+require "yaml"
+
+require_relative "../aws_helper/main"
+
+Dotenv.load(".env.private")
+Dotenv.load(".env")
+Dotenv.load(".env.#{ENV["ENVIRONMENT"]}")
+
+set_aws_credentials(
+  ENV["AWS_REGION"],
+  ENV["AWS_ACCESS_KEY_ID"],
+  ENV["AWS_SECRET_ACCESS_KEY"]
+)
+
+def inject_dummy_resource(stack)
+  hack_stack = JSON.parse(stack)
+  hack_stack["Resources"] = {} if hack_stack["Resources"].nil?
+  hack_stack["Resources"]["CloudFormationDummyResource"] = {
+    "Type": "AWS::CloudFormation::WaitConditionHandle",
+    "Metadata": {
+      "Comment": "Resource to update stack even if there are no changes",
+      "GitCommitHash": Git::Revision.commit
+    }
+  }
+  hack_stack.to_json
+end
+
+def read_domain_name
+  config = YAML.safe_load(File.read("config.yaml"))
+  config["applications"] ||= {}
+  config["environments"] ||= {}
+  config["subnets"] ||= {}
+
+  # Allow override by setting ENV var
+  domain_name = ENV["DOMAIN_NAME"]
+  subdomain = ENV["SUBDOMAIN"] # rubocop:disable Lint/UselessAssignment
+
+  # First, look at environment specific domain name configuration
+  domain_name ||= config["environments"][ENV["ENVIRONMENT"]]["domain_name"].nil? && nil || config["environments"][ENV["ENVIRONMENT"]]["domain_name"]
+
+  # Assign the global domain name configuration unless domain_name was set to false in environment config.yaml
+  domain_name ||= config["domain_name"] unless domain_name.class == FalseClass
+
+  # Set domain name to an empty string if domain_name was set to false
+  domain_name = "" if domain_name.class == FalseClass
+
+  # If the no_subdomain setting for environments in config.yaml is omitted or set to false, set subdomain to environment, else assign empty string
+  subdomain = (config["environments"][ENV["ENVIRONMENT"]]["no_subdomain"].nil? || config["environments"][ENV["ENVIRONMENT"]]["no_subdomain"] == false) && ENV["ENVIRONMENT"] || ""
+
+  # Return an array with t he subdomain and domain_name
+  [subdomain, domain_name]
+end
+
+subdomain, domain_name = read_domain_name
+
+raise "ENVIRONMENT not set" unless ENV["ENVIRONMENT"]
+warn "WARNING: domain_name not set in config.yaml... Route53 Hosted Zone will not be created" if domain_name.empty?
+
+module DependencyStack
+  extend ActiveSupport::Concern
+  include Rubycfn
+
+  included do
+    self.class_eval(File.open("bootstrap/dependency_stack.rb").read)
+  end
+end
+
+stack = include DependencyStack # rubocop:disable Style/MixinUsage
+template = stack.render_template
+
+client = Aws::CloudFormation::Client.new
+
+stack_exists = false
+previous_statuses = []
+80.times do
+  previous_events = get_prior_events(client, "DependencyStack")
+  previous_statuses = previous_events.map(&:event_id)
+  stack_exists = previous_events.size.to_i.positive? ? true : false
+  break unless stack_exists
+
+  events_last_deploy = get_events_last_deploy(previous_events)
+  last_event = events_last_deploy.shift
+  break if last_event \
+    && (last_event.logical_resource_id == "DependencyStack") \
+    && (last_event.stack_name == "DependencyStack") \
+    && (DEPLOYABLE_STATES.include? last_event.resource_status)
+  puts "Stack is currently in #{last_event.resource_status} mode. Waiting for it to finish..." if last_event
+  sleep 15
+end
+
+template = inject_dummy_resource(template)
+
+parameters = [
+  {
+    parameter_key: "Environment",
+    parameter_value: subdomain
+  },
+  {
+    parameter_key: "DomainName",
+    parameter_value: domain_name
+  }
+]
+
+if stack_exists
+  client.update_stack(
+    stack_name: "DependencyStack",
+    template_body: template,
+    capabilities: %w(CAPABILITY_IAM CAPABILITY_NAMED_IAM),
+    parameters: parameters,
+    tags: [
+      {
+        key: "team",
+        value: "infra"
+      }
+    ]
+  )
+else
+  client.create_stack(
+    stack_name: "DependencyStack",
+    template_body: template,
+    timeout_in_minutes: 60,
+    capabilities: %w(CAPABILITY_IAM CAPABILITY_NAMED_IAM),
+    on_failure: "ROLLBACK",
+    parameters: parameters,
+    tags: [
+      {
+        key: "team",
+        value: "infra"
+      }
+    ],
+    enable_termination_protection: false
+  )
+end
+
+shown_log_lines = {}
+
+360.times do
+  resp = client.describe_stack_events(
+    stack_name: "DependencyStack"
+  )
+  resp.stack_events.to_a.reverse.each_with_index do |event, index|
+    next if previous_statuses.include? event.event_id
+    @completed = false
+    @stack_name = event.stack_name
+    @logical_resource_id = event.logical_resource_id
+    @resource_type = event.resource_type
+    @timestamp = event.timestamp
+    @resource_status = event.resource_status
+    @resource_status_reason = event.resource_status_reason
+    log_line = "[#{@logical_resource_id.green}] #{@timestamp.to_s.blue}: " \
+               "#{@resource_status.white} #{@resource_status_reason.to_s.red}"
+    puts log_line unless shown_log_lines[log_line]
+    shown_log_lines[log_line] = true
+    if (@stack_name == "DependencyStack") \
+      && (@logical_resource_id == "DependencyStack") \
+      && (END_STATES.include? @resource_status) \
+      && (index + 1 == resp.stack_events.to_a.size)
+      @completed = true
+    end
+  end
+  if @completed
+    puts "==================================="
+    puts " STATUS: #{@resource_status} #{@resource_status_reason}"
+    puts "==================================="
+    raise "#{@resource_status} #{@resource_status_reason}" if FAILURE_STATES.include? @resource_status
+    break
+  end
+  sleep(10)
+end

data/templates/{main.rb.erb → lib/main.rb}

@@ -1,8 +1,10 @@
 require "rubycfn"
 require "dotenv"
+require_relative "core/classes"
 
-Dotenv.load(".env")
 Dotenv.load(".env.private")
+Dotenv.load(".env.dependencies")
+Dotenv.load(".env")
 Dotenv.load(".env.#{ENV["ENVIRONMENT"]}")
 
 # Include all group concerns
@@ -21,10 +23,10 @@ module SharedConcerns
 end
 
 # Include all stack concerns
-Dir[File.expand_path("../stacks/", __FILE__) + "/**/*.rb"].sort.each do |file|
-  subdir = File.basename(file, ".rb")
-  Dir[File.expand_path("../stacks/", __dir__) + "/#{subdir}/**/*.rb"].sort.each do |subfile|
-    require subfile
+# Load module code first, and last include main.rb's.
+2.times do |i|
+  Dir[File.expand_path("../stacks/", __FILE__) + "/**/*.rb"].sort.each do |file|
+    require file unless File.basename(file) == "main.rb" || i.positive?
+    require file if File.basename(file) == "main.rb" && i.positive?
   end
-  require file
 end

data/templates/lib/shared_concerns/global_variables.rb

@@ -0,0 +1,56 @@
+require "yaml"
+
+module Concerns
+  module GlobalVariables
+    extend ActiveSupport::Concern
+
+    included do
+      def load_config(_val)
+        config = YAML.safe_load(File.read("config.yaml"))
+        config["applications"] ||= {}
+        config["environments"] ||= {}
+        config["subnets"] ||= {}
+        config
+      end
+
+      def global_tags(_val)
+        [
+          {
+            "Key": "Team",
+            "Value": "infra"
+          },
+          {
+            "Key": "Environment",
+            "Value": environment.to_s
+          },
+          {
+            "Key": "StackName",
+            "Value": stack_name.to_s
+          }
+        ]
+      end
+
+      variable :environment,
+               default: "development",
+               global: true,
+               value: ENV["ENVIRONMENT"]
+
+      variable :region,
+               global: true,
+               default: ENV["DEFAULT_AWS_REGION"],
+               value: ENV["AWS_REGION"]
+
+      variable :infra_config,
+               global: true,
+               filter: :load_config
+
+      variable :stack_name,
+               global: true,
+               default: infra_config["environments"][environment]["stack_name"]
+
+      variable :default_tags,
+               global: true,
+               filter: :global_tags
+    end
+  end
+end

data/templates/lib/shared_concerns/helper_methods.rb

@@ -0,0 +1,3 @@
+def file_to_inline(filename)
+  File.open(filename).read.split("\n")
+end

data/templates/{shared_methods.rb.erb → lib/shared_concerns/shared_methods.rb}

@@ -33,6 +33,15 @@ module Concerns
         "#{stack_name}-#{Git::Revision.commit}" \
         "#{Git::Revision.dirty? ? "-dirty" : ""}"
       end
+
+      def generate_bootstrap_parameters
+        File.open(".env.dependencies#{environment == "rspec" && ".rspec" || ""}").read.each_line do |line|
+          line.strip!
+          param, _value = line.split("=")
+          parameter param.to_sym,
+                    description: param
+        end
+      end
     end
   end
 end

data/templates/lib/stacks/acm_stack/certificate_manager.rb

@@ -0,0 +1,79 @@
+module AcmStack
+  module CertificateManager
+    extend ActiveSupport::Concern
+    included do
+      resource :certificate_provider_function,
+               type: "AWS::Lambda::Function" do |r|
+        r.property(:code) do
+          {
+            "S3Bucket": "xebia-${AWS::Region}".fnsub,
+            "S3Key": "cfn-certificate-provider-0.2.4.zip"
+          }
+        end
+        r.property(:handler) { "provider.handler" }
+        r.property(:role) { :lambda_execution_role.ref(:arn) }
+        r.property(:runtime) { "python3.6" }
+        r.property(:memory_size) { 128 }
+        r.property(:timeout) { 300 }
+      end
+
+      resource :lambda_execution_role,
+               type: "AWS::IAM::Role" do |r|
+        r.property(:assume_role_policy_document) do
+          {
+            "Version": "2012-10-17",
+            "Statement": [
+              {
+                "Effect": "Allow",
+                "Principal": {
+                  "Service": [
+                    "lambda.amazonaws.com"
+                  ]
+                },
+                "Action": [
+                  "sts:AssumeRole"
+                ]
+              }
+            ]
+          }
+        end
+        r.property(:path) { "/" }
+        r.property(:policies) do
+          [
+            {
+              "PolicyName": "CertificateProviderExecutionRole",
+              "PolicyDocument": {
+                "Version": "2012-10-17",
+                "Statement": [
+                  {
+                    "Effect": "Allow",
+                    "Resource": "*",
+                    "Action": [
+                      "acm:RequestCertificate",
+                      "acm:DescribeCertificate",
+                      "acm:UpdateCertificateOptions",
+                      "acm:DeleteCertificate"
+                    ]
+                  },
+                  {
+                    "Effect": "Allow",
+                    "Action": "lambda:InvokeFunction",
+                    "Resource": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:*".fnsub
+                  },
+                  {
+                    "Effect": "Allow",
+                    "Action": %w(logs:CreateLogGroup logs:CreateLogStream logs:PutLogEvents),
+                    "Resource": "arn:aws:logs:*:*:*"
+                  }
+                ]
+              }
+            }
+          ]
+        end
+      end
+
+      output :certificate_provider_function_arn,
+             value: :certificate_provider_function.ref(:arn)
+    end
+  end
+end

data/templates/{new_stack.rb.erb → lib/stacks/acm_stack/main.rb}

@@ -1,12 +1,11 @@
-module <%= stack_name %>
+module AcmStack
   extend ActiveSupport::Concern
   include Rubycfn
-
   included do
     include Concerns::GlobalVariables
     include Concerns::SharedMethods
-    include <%= stack_name %>::MyModule
+    include AcmStack::CertificateManager
 
-    description generate_stack_description("<%= stack_name %>")
+    description generate_stack_description("AcmStack")
   end
 end