rubycfn 0.5.2 → 0.5.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0ef7317d69104c7137bc0010d44e5170dcd5dd41057be8b9bc6a0c146cba8e4b
-  data.tar.gz: 404876907399ca2637709f6be230a90159ad3555ea68435e38a47558df994487
+  metadata.gz: 337ae0668503c4e97c9a3b8a3ed2693d5611ecb592ad2802b83e158f1a2b32f5
+  data.tar.gz: 25e6d98d9f4ecb0f80fb8a1c55bd907ff2af293ca04e8186774ffec5375948ec
 SHA512:
-  metadata.gz: 3f928a0f477cce0be833e586571df27861e41a5ce37c251f919ae712638d3653a2d9d5a25fea3d5a8f01b25bc36d730b4d63ddc8bdce003a9b3cfdfea7299031
-  data.tar.gz: e9a9d01201c7fd0cf73e136820044951e48629f2752626203ce98bc3a22a12e4f1ddb7c2623cd6e3e45ad2523501df93a9c3f2e59679f7f7a33061e279ec68d9
+  metadata.gz: 5de8efbd6b5b242f5f63a336f82602dcb96d6824b4bbf763c62bba0661bf1c811a1c453dfbcef7e20b6650cba46660758a5f99e271b70481e9850c51ba3bf9f5
+  data.tar.gz: '08fdaabf55a7e3ed1e6bf60b66b038f8729433d257c59fe74323042d178c6f0e0a1d52fd12aae13ea482b14ea986326614f79efb7a412cd2b1eea6932fc0fc83'

data/CHANGELOG.md

@@ -2,7 +2,11 @@
 All notable changes to Rubycfn will be documented in this file.
 This project uses [Semantic Versioning](http://semver.org/).
 
-## 0.5.3 (Next Release)
+## 0.5.4 (Next Release)
+
+## 0.5.3
+
+  * Improved code quality in templated files -- [@dennisvink][@dennisvink]
 
 ## 0.5.2
 

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rubycfn (0.5.2)
+    rubycfn (0.5.3)
       activesupport (~> 5.1.5)
       dotenv (~> 2.4.0)
       json (~> 2.1.0)
@@ -77,7 +77,7 @@ GEM
       rspec-mocks (~> 3.9.0)
     rspec-core (3.9.1)
       rspec-support (~> 3.9.1)
-    rspec-expectations (3.9.0)
+    rspec-expectations (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-given (3.8.0)

data/README.md

@@ -61,7 +61,7 @@ __________ ____ __________________.___._________ _____________________
  |       _/    |   /|    |  _//   |   |/    \  \/ |    __)   |    |  _/
  |    |   \    |  / |    |   \\____   |\     \____|     \    |    |   \
  |____|_  /______/  |______  // ______| \______  /\___  /    |______  /
-        \/                 \/ \/               \/     \/            \/ [v0.5.2]
+        \/                 \/ \/               \/     \/            \/ [v0.5.3]
 Project name? example
 Account ID? 1234567890
 Select region EU (Frankfurt)
@@ -159,12 +159,11 @@ You can reuse these environment variables in your project code.
 The `.env.rspec` is used when running unit tests. It contains mock variables
 so that you can test the resulting CloudFormation templates properly.
 
-#### The missing .env.private file
+#### The .env.private file
 
-There is one file that is not generated by default but does need mentioning:
-the `.env.private` file. This is a special file that allows you to override
-environment variables. An environment variable set in .env.private always takes
-precedence over environment variables set in other .env files.
+This is a special file that allows you to override environment variables.
+An environment variable set in .env.private always takes precedence over
+environment variables set in other .env files.
 
 #### .rubocop.yml
 

data/lib/rubycfn/version.rb

@@ -1,4 +1,4 @@
 # Rubycfn version
 module Rubycfn
-  VERSION = "0.5.2".freeze
+  VERSION = "0.5.3".freeze
 end

data/templates/.gitignore

@@ -83,5 +83,9 @@ attic/
 /venv
 /Gemfile.lock
 .env.dependencies
+.env.dependencies.development
+.env.dependencies.test
+.env.dependencies.acceptance
+.env.dependencies.production
 CloudFormationResourceSpecification.json
 config.json

data/templates/.rubocop.yml

@@ -102,3 +102,6 @@ Metrics/PerceivedComplexity:
 
 Style/EvalWithLocation:
   Enabled: false
+
+Style/PerlBackrefs:
+  Enabled: false

data/templates/README.md

@@ -21,7 +21,7 @@ __________ ____ __________________.___._________ _____________________
 `rake compile` - Compile the code into CloudFormation templates
 `rake spec` - Run unit tests
 `rake upload` - Upload the CloudFormation templates to s3
-`rake update` - Save required outputs from DependencyStack to .env.dependencies
+`rake update` - Save required outputs from DependencyStack to .env.dependencies.<ENVIRONMENT>
 `rake apply` - Deploy the CloudFormation templates
 
 ## Stack configuration

data/templates/Rakefile

@@ -36,7 +36,7 @@ task :clean do
   end
 end
 
-desc "Store dependencies of DependencyStack in .env.dependencies"
+desc "Store dependencies of DependencyStack in .env.dependencies.<ENVIRONMENT>"
 task :dependencies do
   require_relative "lib/core/dependencies.rb"
 end
@@ -51,8 +51,7 @@ RuboCop::RakeTask.new(:rubocop) do |t|
   t.options = ["--display-cop-names"]
 end
 
-task apply: %i(dependencies apply_stack)
-task compile: %i(compile_stack)
 task default: %i(dependencies compile_stack spec)
-task update: %i(dependencies)
+task compile: %i(dependencies compile_stack)
 task upload: %i(dependencies upload_stack)
+task apply: %i(dependencies apply_stack)

data/templates/config.yaml

@@ -52,6 +52,9 @@ applications:
     env:
       SOME_ENV_VAR: Exposed
       SOME_OTHER_VAR: desopxE
+      # SOME_REFFED_VAR: :foobar.ef
+      # SOME_OTHER_STACK_VAR: :vpc_stack.ref("Outputs.VpcId")
+      # SOME_ENV_VAR: ${MY_ENV_VAR}
   hello-world2:
     image: tutum/hello-world
     container_port: 80

data/templates/lib/aws_helper/compiler.rb

@@ -2,7 +2,7 @@ require "git-revision"
 
 def update_references(contents, environment, _artifact_bucket)
   Dotenv.load(".env.private")
-  Dotenv.load(".env.dependencies")
+  Dotenv.load(".env.dependencies.#{ENV["ENVIRONMENT"]}")
   contents["Resources"].map do |resource|
     resource_name = resource.shift
     resource_values = resource.shift

data/templates/lib/aws_helper/dependencies.rb

@@ -1,6 +1,14 @@
+def infra_config
+  config = YAML.safe_load(File.read("config.yaml"), [Symbol])
+  config["applications"] ||= {}
+  config["environments"] ||= {}
+  config["subnets"] ||= {}
+  config
+end
+
 def load_env_vars
   Dotenv.load(".env.private")
-  Dotenv.load(".env.dependencies")
+  Dotenv.load(".env.dependencies.#{ENV["ENVIRONMENT"]}")
   Dotenv.load(".env")
   Dotenv.load(".env.#{ENV["ENVIRONMENT"]}")
 
@@ -12,7 +20,7 @@ def load_env_vars
     aws_secret_access_key: ENV["AWS_SECRET_ACCESS_KEY"],
     cloudformation_bucket: ENV["CLOUDFORMATIONBUCKET"],
     environment: ENV["ENVIRONMENT"],
-    stack_name: ENV["STACK_NAME"]
+    stack_name: infra_config["environments"][ENV["ENVIRONMENT"]]["stack_name"]
   }
 end
 
@@ -22,6 +30,6 @@ def check_dependencies
   raise "CLOUDFORMATIONBUCKET not set. Run `rake init` and `rake update` first!" unless ENV["CLOUDFORMATIONBUCKET"]
   raise "ARTIFACTBUCKET not set. Run `rake init` and `rake update` first!" unless ENV["ARTIFACTBUCKET"]
   raise "ENVIRONMENT not set." unless ENV["ENVIRONMENT"]
-  raise "STACK_NAME not set" unless ENV["STACK_NAME"]
+  raise "`stack_name` not configured in config.yaml" unless infra_config["environments"][ENV["ENVIRONMENT"]]["stack_name"]
   raise "AWS CREDENTIALS NOT SET" unless ENV["AWS_ACCESS_KEY_ID"] && ENV["AWS_SECRET_ACCESS_KEY"]
 end

data/templates/lib/aws_helper/upload_stack.rb

@@ -2,7 +2,7 @@ require_relative "../core/git"
 
 def upload_stacks
   Dotenv.load(".env.private")
-  Dotenv.load(".env.dependencies")
+  Dotenv.load(".env.dependencies.#{ENV["ENVIRONMENT"]}")
   env_vars = load_env_vars
 
   set_aws_credentials(
@@ -11,17 +11,10 @@ def upload_stacks
     env_vars[:aws_secret_access_key]
   )
 
-  begin
-    s3 = create_bucket_if_not_exists(
-      env_vars[:aws_region],
-      env_vars[:artifact_bucket]
-    )
-  rescue => e
-    puts "Exception create_bucket_if_not_exists #{e}"
-  end
+  s3 = Aws::S3::Resource.new(region: env_vars[:aws_region])
 
   stacks = compile_stacks(true)
-  raise "CLOUDFORMATIONBUCKET not found in DependencyStack outputs" unless ENV["CLOUDFORMATIONBUCKET"]
+  raise "CLOUDFORMATIONBUCKET not found in <%= project_name %>#{ENV["ENVIRONMENT"].capitalize}DependencyStack outputs" unless ENV["CLOUDFORMATIONBUCKET"]
   stacks.each do |stack_name, stack|
     next if JSON.parse(stack)["Resources"].nil?
     hash = @stack_hashes[stack_name.to_sym]

data/templates/lib/core/applications.rb

@@ -1,44 +1,97 @@
+def to_bool(val)
+  return false unless val.nil? || val.empty?
+  return false unless val != "true"
+  true
+end
+
+def env_vars_to_array(val)
+  if val.nil? || val.empty?
+    return [
+      {
+        Name: "WITHOUT_ENV",
+        Value: "true"
+      }
+    ]
+  end
+  vars = []
+
+  # Create an array of variables to pass to this application.
+  # Resolve any references to its intrinsic function.
+  val.keys.each_with_index do |object, index|
+    value = val.values[index].class == Symbol && Kernel.class_eval(":#{val.values[index]}") || val.values[index]
+
+    # Support ${ENV_VAR} in config_yaml
+    if value =~ /\$\{([^\}]*)\}/
+      capture = $1
+      value = ENV[capture]
+    end
+
+    vars.push(
+      Name: object,
+      Value: value
+    )
+  end
+  vars
+end
+
+# Return the mandatory Stack parameters and add all defined ENV vars from config.yaml
+def parent_parameters(env_vars)
+  params = {
+    "Vpc": :vpc_stack.ref("Outputs.Vpc"),
+    "Cluster": :ecs_stack.ref("Outputs.EcsCluster"),
+    "Listener": :ecs_stack.ref("Outputs.EcsLoadBalancerListener"),
+    "EcsServiceAutoScalingRoleArn": :ecs_stack.ref("Outputs.EcsAutoScalingRoleArn"),
+    "HostedZoneId": "HOSTEDZONEID".ref,
+    "HostedZoneName": "HOSTEDZONENAME".ref,
+    "LoadBalancerDnsName": :ecs_stack.ref("Outputs.EcsLoadBalancerUrl"),
+    "CanonicalHostedZoneId": :ecs_stack.ref("Outputs.EcsLoadBalancerHostedZoneId"),
+    "CertificateProviderFunctionArn": :acm_stack.ref("Outputs.CertificateProviderFunctionArn"),
+    "ApplicationDeploymentFailureRollbackFunctionArn": :ecs_stack.ref("Outputs.ApplicationDeploymentFailureRollbackFunctionArn")
+  }
+
+  env_vars.each do |var|
+    params[var[:Name].cfnize] = var[:Value]
+  end
+  params
+end
+
+def application_parameters(env_vars)
+  vars = []
+
+  env_vars.each do |var|
+    vars.push(
+      Name: var[:Name],
+      Value: var[:Name].cfnize.ref
+    )
+  end
+  vars
+end
+
 # Generate nested stacks for each defined application, and create module dynamically.
 def create_applications
+  return if infra_config["environments"][environment]["cluster_size"].nil? || infra_config["environments"][environment]["cluster_size"].to_i.zero?
   resource :applications_stack,
            amount: infra_config["applications"].count,
            type: "AWS::CloudFormation::Stack" do |r, index|
+    env_vars = env_vars_to_array(infra_config["applications"].values[index]["env"])
+    application_vars = application_parameters(env_vars) # rubocop:disable Lint/UselessAssignment
     name = infra_config["applications"].keys[index]
     resource_name = name.tr("-", "_").cfnize
     simple_name = resource_name.downcase
     app_config = infra_config["applications"].values[index]
-    warn "App config is empty" unless app_config # Rubocop didn't understand that the variable is actually used.
-    #       request_certificate("Gateway", gateway_domains[environment], :asellion_com_hosted_zone_id.ref, "us-east-1")
+    is_essential = to_bool(app_config["essential"].to_s)
 
     r._id("#{resource_name}Stack")
     r.property(:template_url) { "#{simple_name}stack" }
-    r.property(:parameters) do
-      {
-        "Vpc": :vpc_stack.ref("Outputs.SfsVpc"),
-        "Cluster": :ecs_stack.ref("Outputs.SfsEcsCluster"),
-        "Listener": :ecs_stack.ref("Outputs.EcsLoadBalancerListener"),
-        "EcsServiceAutoScalingRoleArn": :ecs_stack.ref("Outputs.SfsEcsAutoScalingRoleArn"),
-        "HostedZoneId": :route53_stack.ref("Outputs.HostedZoneId"),
-        "HostedZoneName": :route53_stack.ref("Outputs.HostedZoneName"),
-        "LoadBalancerDnsName": :ecs_stack.ref("Outputs.EcsLoadBalancerUrl"),
-        "CanonicalHostedZoneId": :ecs_stack.ref("Outputs.EcsLoadBalancerHostedZoneId"),
-        "CertificateProviderFunctionArn": :acm_stack.ref("Outputs.CertificateProviderFunctionArn")
-      }
-    end
+    r.property(:parameters) { parent_parameters(env_vars) }
     Object.const_set("#{resource_name}Stack", Module.new).class_eval <<-RUBY
       extend ActiveSupport::Concern
       include Rubycfn
 
       included do
-        def env_vars_to_array(val)
-          vars = []
-          val.keys.each_with_index do |object, index|
-            vars.push(
-              Name: object,
-              Value: val.values[index]
-            )
-          end
-          vars
+
+        application_vars.each do |var|
+          Object.class_eval("parameter var[:Name].to_sym, description: 'Value for ENV var \#{var[:Name]}'")
         end
 
         parameter :vpc,
@@ -77,6 +130,10 @@ def create_applications
                   description: "ARN of certificate provider",
                   type: "String"
 
+        parameter :application_deployment_failure_rollback_function_arn,
+                  description: "ARN of ECS deployment failure Lambda",
+                  type: "String"
+
         variable :min,
                  value: app_config["min"].to_s
 
@@ -103,7 +160,7 @@ def create_applications
         description generate_stack_description("#{resource_name}Stack")
         resource :service,
                  type: "AWS::ECS::Service" do |r|
-
+          r.property(:service_name) { "#{environment}-<%= project_name %>-#{simple_name}" }
           r.property(:cluster) { :cluster.ref }
           r.property(:role) { :service_role.ref }
           r.property(:desired_count) { min.to_i }
@@ -117,6 +174,14 @@ def create_applications
           end
         end
 
+        resource :application_deployment_health,
+                 type: "Custom::EcsDeploymentCheck" do |r|
+          r.property(:service_token) { :application_deployment_failure_rollback_function_arn.ref }
+          r.property("AWSRegion") { "${AWS::Region}".fnsub }
+          r.property(:service) { "#{environment}-<%= project_name %>-#{simple_name}" }
+          r.property(:cluster) { :cluster.ref }
+        end
+
         resource :task_definition,
                  type: "AWS::ECS::TaskDefinition" do |r|
           r.property(:family) { "#{simple_name}-service" }
@@ -124,10 +189,10 @@ def create_applications
             [
               {
                 "Name": "#{simple_name}-service",
-                "Essential": true,
+                "Essential": #{is_essential},
                 "Image": image,
                 "Memory": memory.to_i,
-                "Environment": env_vars,
+                "Environment": application_vars,
                 "PortMappings": [
                   {
                     "ContainerPort": container_port.to_i
@@ -235,6 +300,27 @@ def create_applications
                         "elasticloadbalancing:RegisterTargets"
                       ],
                       "Resource": "*"
+                    },
+                    {
+                      "Effect": "Allow",
+                      "Action": [
+                        "ec2:DescribeTags",
+                        "ecs:CreateCluster",
+                        "ecs:DeregisterContainerInstance",
+                        "ecs:DiscoverPollEndpoint",
+                        "ecs:Poll",
+                        "ecs:RegisterContainerInstance",
+                        "ecs:StartTelemetrySession",
+                        "ecs:UpdateContainerInstancesState",
+                        "ecs:Submit*",
+                        "ecr:GetAuthorizationToken",
+                        "ecr:BatchCheckLayerAvailability",
+                        "ecr:GetDownloadUrlForLayer",
+                        "ecr:BatchGetImage",
+                        "logs:CreateLogStream",
+                        "logs:PutLogEvents"
+                      ],
+                      "Resource": "*"
                     }
                   ]
                 }
@@ -402,7 +488,10 @@ def create_applications
         end
 
         resource :cloudfront_distribution,
-                 depends_on: :ecs_application_issued_certificate,
+                 depends_on: [
+                   :ecs_application_issued_certificate,
+                   :application_deployment_health
+                 ],
                  type: "AWS::CloudFront::Distribution" do |r|
           r.property(:distribution_config) do
             {

data/templates/lib/core/dependencies.rb

@@ -13,15 +13,15 @@ client = Aws::CloudFormation::Client.new(region: ENV["AWS_REGION"])
 
 begin
   res = client.describe_stacks(
-    stack_name: "DependencyStack"
+    stack_name: "<%= project_name %>#{ENV["ENVIRONMENT"].capitalize}DependencyStack"
   )
 rescue Aws::CloudFormation::Errors::InvalidClientTokenId, Aws::CloudFormation::Errors::ValidationError => e
   puts "E: #{e.class}"
   raise "ERROR: Your AWS credentials are not set or invalid." if e.class == Aws::CloudFormation::Errors::InvalidClientTokenId
-  raise "ERROR: DependencyStack does not exist. Run `rake init` first!" if e.class == Aws::CloudFormation::Errors::ValidationError
+  raise "ERROR: <%= project_name %>#{ENV["ENVIRONMENT"].capitalize}DependencyStack does not exist. Run `rake init` first!" if e.class == Aws::CloudFormation::Errors::ValidationError
 end
 
-dep_file = File.open(".env.dependencies", "w")
+dep_file = File.open(".env.dependencies.#{ENV["ENVIRONMENT"]}", "w")
 res[:stacks].each do |stack|
   stack[:outputs].each do |output|
     dep_file.puts "#{output[:output_key].upcase}=#{output[:output_value]}"

data/templates/lib/core/deploy.rb

@@ -7,7 +7,7 @@ require "aws-sdk"
 require_relative "../aws_helper/main"
 
 Dotenv.load(".env.private")
-Dotenv.load(".env.dependencies")
+Dotenv.load(".env.dependencies.#{ENV["ENVIRONMENT"]}")
 raise "CLOUDFORMATIONBUCKET not set. Run `rake init` and `rake update` first!" unless ENV["CLOUDFORMATIONBUCKET"]
 
 env_vars = load_env_vars
@@ -26,7 +26,7 @@ s3_filename = get_parent_stack_s3_location(
 client = Aws::CloudFormation::Client.new
 
 parent_parameters = []
-File.open(".env.dependencies").read.each_line do |line|
+File.open(".env.dependencies.#{ENV["ENVIRONMENT"]}").read.each_line do |line|
   line.strip!
   param, value = line.split("=")
   parent_parameters.push(