scout-camp 0.1.8 → 0.1.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e451509a388ca0463eccc9609ef4e506cc793a6ee3df3c720ed441f806641c13
-  data.tar.gz: 3950a94e466395630140a5265f3351f8e482b7a983402488587f840af4f177d3
+  metadata.gz: 4310a29a500f7fe04fb974b8a5cb3ae5aae506a9a3663663ec6bd86270c17fd2
+  data.tar.gz: a6e9b6a396a76f9ddde67a502658b9cb37cddeb12355c1bbe244c5f1ff7c3f36
 SHA512:
-  metadata.gz: 96ee495972e08312e7b1f9ed10e8e47d7f72983d554b3113c17967c5080a20ec01ff6317939da97e90cb5db6b5b2ad2ffd9aeb2cf7fb092e3e8a2faaadc0543b
-  data.tar.gz: 16daf0c75fbe0028eaf44d5be4a174f2de7ad05866568fd27e1376851397e4c493607bdce1e03f8943e47b22a7533dfe13599c7f10126a3e60f3b6dfe20f226b
+  metadata.gz: 86dbee75e288daf9d1be188a9d13e79b9656314ef3345e24d226fd79fa987c7723c4bd1d2df488a5a2e56e04cdcb97bf69e4a2ef0f2a88bde00713978ff3b4be
+  data.tar.gz: 7d7bd20736cad39b68d9dc0406490a5ea2a5095bec45dfe550fd2e5131ecbbdf4ecfbd21ac523cfcddadd163c4988465ad6358038d38a9c3d5151a48c50cb6cb

data/.vimproject

@@ -87,15 +87,41 @@ scout-camp=/$PWD filter="*" {
      variables.tf
     }
 
+    container_lambda=container_lambda{
+     main.tf
+     data.tf
+     locals.tf
+     variables.tf
+    }
+
     role=role{
      main.tf
      variables.tf
      output.tf
     }
+    
+    policy=policy{
+     main.tf
+     variables.tf
+     output.tf
+    }
+
+    role_policy=role_policy{
+     main.tf
+     variables.tf
+    }
+
     policy_attachment=policy_attachment {
      main.tf
      variables.tf
     }
+
+    iam_instance_profile=iam_instance_profile{
+     main.tf
+     variables.tf
+     output.tf
+    }
+
     cluster=cluster {
      main.tf
      output.tf

data/VERSION

@@ -1 +1 @@
-0.1.8
+0.1.11

data/lib/scout/aws/s3.rb

@@ -21,14 +21,18 @@ module Open
       uri.start_with? 's3://'
     end
 
-    def self.claim(uri, ...)
+    def self.claim_uri(uri)
       if Path === uri and not uri.located?
-        is_s3? uri.find
+        is_s3?(uri.find)
       else
         is_s3? uri
       end
     end
 
+    def self.claim(uri, uri2=nil, ...)
+      claim_uri(uri) || (String === uri2 && claim_uri(uri2))
+    end
+
     def self.parse_s3_uri(uri)
       uri = uri.find if Path === uri and not uri.located?
       uri = uri.sub(%r{^s3://}, '')
@@ -59,7 +63,14 @@ module Open
       s3.put_object(bucket: bucket, key: key, body: content)
     end
 
-    def self.glob(uri, pattern="**/*")
+    def self.touch(uri)
+      if self.exists?(uri)
+      else
+        self.cp(uri, uri)
+      end
+    end
+
+    def self.glob(uri, pattern="*")
       bucket, prefix = parse_s3_uri(uri)
       s3 = Aws::S3::Client.new
       matches = []
@@ -82,8 +93,19 @@ module Open
             remaining = remaining.sub(%r{^/}, '')
           end
 
+          Log.debug "Glob: #{remaining}"
+
           if File.fnmatch?(pattern, remaining, File::FNM_PATHNAME)
             matches << "s3://#{bucket}/#{key}"
+          else
+            dir = File.dirname(remaining)
+            while dir 
+              if File.fnmatch?(pattern, dir, File::FNM_PATHNAME)
+                matches << "s3://#{bucket}/#{File.join(prefix,dir)}"
+              end
+              break if dir == File.dirname(dir)
+              dir = File.dirname(dir)
+            end
           end
         end
 
@@ -136,18 +158,22 @@ module Open
     end
 
     def self.cp(source, target)
-      source_bucket, source_key = parse_s3_uri(source)
-      target_bucket, target_key = parse_s3_uri(target)
+      if is_s3?(target)
+        source_bucket, source_key = parse_s3_uri(source)
+        target_bucket, target_key = parse_s3_uri(target)
 
-      s3 = Aws::S3::Client.new
-      s3.copy_object({
-        copy_source: "#{source_bucket}/#{source_key}",
-        bucket: target_bucket,
-        key: target_key
-      })
+        s3 = Aws::S3::Client.new
+        s3.copy_object({
+          copy_source: "#{source_bucket}/#{source_key}",
+          bucket: target_bucket,
+          key: target_key
+        })
+      else
+        Open.sensible_write(target, get_stream(source))
+      end
     end
 
-    def self.exists?(uri)
+    def self.file_exists?(uri)
       bucket, key = parse_s3_uri(uri)
       return false if key.empty? # Can't check existence of bucket this way
 
@@ -157,6 +183,29 @@ module Open
     rescue Aws::S3::Errors::NotFound, Aws::S3::Errors::NoSuchBucket
       false
     end
+    
+    def self.directory?(uri)
+      bucket, key = parse_s3_uri(uri)
+      return false if key.empty? # Can't check existence of bucket this way
+
+      key += '/' unless key.end_with?('/')
+      s3 = Aws::S3::Client.new
+      response = s3.list_objects_v2({
+        bucket: bucket,
+        prefix: key,
+        max_keys: 1
+      })
+
+      !response.contents.empty?
+    end
+
+    def self.exists?(uri)
+      begin
+        file_exists?(uri) || directory?(uri)
+      rescue
+        false
+      end
+    end
 
     self.singleton_class.alias_method :exist?, :exists?
 
@@ -179,6 +228,68 @@ module Open
     def self.ln_s(source, target, options = {})
       cp(source, target)
     end
+
+    def self.sync(source, target, options = {})
+      excludes, files, hard_link, test, print, delete, other = IndiferentHash.process_options options,
+        :excludes, :files, :hard_link, :test, :print, :delete, :other
+
+      excludes ||= %w(.save .crap .source tmp filecache open-remote)
+      excludes = excludes.split(/,\s*/) if excludes.is_a?(String) and not excludes.include?("--exclude")
+
+      if File.directory?(source) || source.end_with?("/")
+        source += "/" unless source.end_with? '/'
+        target += "/" unless target.end_with? '/'
+      end
+
+      if source == target
+        Log.warn "Asking to sync with itself"
+        return
+      end
+
+      Log.low "Migrating #{source} #{files.length} files to #{target} - #{Misc.fingerprint(files)}}" if files
+
+      sync_args = %w()
+      sync_args << excludes.collect{|s| "--exclude '#{s}'" } if excludes and excludes.any?
+      sync_args << "-nv" if test
+
+      if files
+        tmp_files = TmpFile.tmp_file 's3_sync_files-'
+        Open.write(tmp_files, files * "\n")
+        sync_args << "--files-from='#{tmp_files}'"
+      end
+
+      if Open.directory?(source)
+        cmd = "aws s3 sync #{sync_args * " "} #{source} #{target}"
+      else
+        cmd = "aws s3 cp #{source} #{target}"
+      end
+      case other
+      when String
+        cmd << " " << other
+      when Array
+        cmd << " " << other * " "
+      end
+      cmd << " && rm -Rf #{source}" if delete && ! files
+
+      if print
+        cmd
+      else
+        CMD.cmd_log(cmd, :log => Log::HIGH)
+
+        if delete && files
+          remove_files = files.collect{|f| File.join(source, f) }
+          dirs = remove_files.select{|f| File.directory? f }
+          remove_files.each do |file|
+            next if dirs.include? file
+            Open.rm file
+          end
+
+          dirs.each do |dir|
+            FileUtils.rmdir dir if Dir.glob(dir).empty?
+          end
+        end
+      end
+    end
   end
 end
 
@@ -202,6 +313,3 @@ end
 
 Hook.apply(Open::S3, Open)
 Hook.apply(Path::S3, Path)
-
-
-#$ ask -t code --file /home/miki/git/scout-camp/lib/scout/aws/s3.rb extend this file [[...]] to include a function called self.exists? that determines if a uri exists {{{

data/lib/scout/offsite/resource.rb

@@ -11,7 +11,7 @@ module Resource
       resource = path.pkgdir if resource.nil? and path.is_a?(Path) and path.pkgdir.is_a?(Resource)
       resource = Resource.default_resource if resource.nil?
 
-      if File.exist?(path)
+      if Path.located?(path)
         real_paths = [path]
       else
         path = Path.setup(path, pkgdir: resource) unless path.is_a?(Path)

data/lib/scout/terraform_dsl.rb

@@ -86,6 +86,11 @@ class TerraformDSL
     def to_json(*_args)
       self
     end
+
+    def method_missing(elem)
+      new = self + '.' + elem.to_s
+      new.extend DirectReference
+    end
   end
 
   MODULES_DIR = Scout.share.terraform
@@ -134,6 +139,8 @@ class TerraformDSL
 
       if value.is_a?(String) && (m = value.match(/^module\.(.*)\.(.*)/))
         value = Module::Output.new m[1], m[2]
+      elsif value.is_a?(Symbol)
+        value = variables[value]
       end
 
       acc << "  #{name} = #{value.to_json}"

data/lib/scout-camp.rb

@@ -4,3 +4,4 @@ require 'scout/resource'
 Path.add_path :scout_camp, File.join(Path.caller_lib_dir(__FILE__), "{TOPLEVEL}/{SUBPATH}")
 require 'scout/terraform_dsl'
 require 'scout/offsite'
+require 'scout/aws/s3'

data/scout-camp.gemspec

@@ -2,16 +2,16 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Juwelier::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: scout-camp 0.1.8 ruby lib
+# stub: scout-camp 0.1.11 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "scout-camp".freeze
-  s.version = "0.1.8".freeze
+  s.version = "0.1.11".freeze
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib".freeze]
   s.authors = ["Miguel Vazquez".freeze]
-  s.date = "1980-01-02"
+  s.date = "2025-04-16"
   s.description = "Functionalities to deploy and use scouts in remote servers like AWS".freeze
   s.email = "mikisvaz@gmail.com".freeze
   s.executables = ["scout-camp".freeze]
@@ -58,6 +58,10 @@ Gem::Specification.new do |s|
     "share/terraform/aws/cluster/main.tf",
     "share/terraform/aws/cluster/output.tf",
     "share/terraform/aws/cluster/variables.tf",
+    "share/terraform/aws/container_lambda/data.tf",
+    "share/terraform/aws/container_lambda/locals.tf",
+    "share/terraform/aws/container_lambda/main.tf",
+    "share/terraform/aws/container_lambda/variables.tf",
     "share/terraform/aws/efs/data.tf",
     "share/terraform/aws/efs/locals.tf",
     "share/terraform/aws/efs/main.tf",
@@ -75,12 +79,18 @@ Gem::Specification.new do |s|
     "share/terraform/aws/host/main.tf",
     "share/terraform/aws/host/output.tf",
     "share/terraform/aws/host/variables.tf",
+    "share/terraform/aws/iam_instance_profile/main.tf",
+    "share/terraform/aws/iam_instance_profile/output.tf",
+    "share/terraform/aws/iam_instance_profile/variables.tf",
     "share/terraform/aws/lambda/main.tf",
     "share/terraform/aws/lambda/variables.tf",
     "share/terraform/aws/network/data.tf",
     "share/terraform/aws/network/main.tf",
     "share/terraform/aws/network/output.tf",
     "share/terraform/aws/network/variables.tf",
+    "share/terraform/aws/policy/main.tf",
+    "share/terraform/aws/policy/output.tf",
+    "share/terraform/aws/policy/variables.tf",
     "share/terraform/aws/policy_attachment/main.tf",
     "share/terraform/aws/policy_attachment/variables.tf",
     "share/terraform/aws/provider/data.tf",
@@ -88,6 +98,8 @@ Gem::Specification.new do |s|
     "share/terraform/aws/role/main.tf",
     "share/terraform/aws/role/output.tf",
     "share/terraform/aws/role/variables.tf",
+    "share/terraform/aws/role_policy/main.tf",
+    "share/terraform/aws/role_policy/variables.tf",
     "share/terraform/ssh/cmd/main.tf",
     "share/terraform/ssh/cmd/variables.tf",
     "test/scout/aws/test_s3.rb",
@@ -100,7 +112,7 @@ Gem::Specification.new do |s|
   ]
   s.homepage = "http://github.com/mikisvaz/scout-camp".freeze
   s.licenses = ["MIT".freeze]
-  s.rubygems_version = "3.6.7".freeze
+  s.rubygems_version = "3.6.6".freeze
   s.summary = "Deploy you scouts".freeze
 
   s.specification_version = 4

data/scout_commands/sync

@@ -2,6 +2,7 @@
 
 require 'scout'
 require 'scout/offsite/resource'
+require 'scout/aws/s3'
 
 $0 = "scout #{$previous_commands.any? ? $previous_commands*" " + " " : "" }#{ File.basename(__FILE__) }" if $previous_commands
 

data/scout_commands/terraform/lambda_task

@@ -12,6 +12,7 @@ $ #{$0} [<options>] <workflow> <task> [<other|->]*
 
 -h--help Print this help
 --prefix* Prefix, defaults to Scout
+--queue Queue job
 --clean Clean job
 --recursive_clean Clean job recursively
 EOF
@@ -28,14 +29,14 @@ end
 
 raise ParamterException, "No workflow specified" if workflow.nil?
 
-prefix, clean, recursive_clean = IndiferentHash.process_options options, :prefix, :clean, :recursive_clean, 
+prefix, clean, recursive_clean, queue = IndiferentHash.process_options options, :prefix, :clean, :recursive_clean, :queue,
   prefix: "Scout"
 
 require 'aws-sdk-lambda'
 
 payload = {}
-payload["workflow"] = workflow
-payload["task_name"] = task_name
+payload[:workflow] = workflow
+payload[:task_name] = task_name
 
 if clean
   payload["clean"] = true
@@ -43,10 +44,13 @@ elsif recursive_clean
   payload["clean"] = 'recursive'
 end
 
+payload["queue"] = true if queue
+
 lambda_handler = "#{prefix}Job"
 
 def aws_lambda(name, payload)
   client = Aws::Lambda::Client.new
+  Log.debug "Sending Lambda #{name} #{Log.fingerprint payload}"
   resp = client.invoke({
     function_name: name, 
     payload: payload.to_json, 
@@ -64,7 +68,7 @@ def SOPT_str(task_info)
     boolean = type.to_sym == :boolean
 
     sopt_options << "-#{shortcut}--#{name}#{boolean ? "" : "*"}"
-  end
+  end if task_info[:inputs]
 
   sopt_options * ":"
 end
@@ -81,7 +85,7 @@ def get_SOPT(task_info)
     if job_options.include?(name) && (! Open.exist?(job_options[name]) || type.to_s.include?('file') || type.to_s.include?('path'))
       job_options[name] = job_options[name].split(",")
     end
-  end
+  end if task_info[:inputs]
   job_options
 end
 

data/share/aws/lambda_function.rb

@@ -7,10 +7,10 @@ def lambda_handler(event:, context:)
   require 'scout/workflow'
   require 'scout/aws/s3'
 
-  workflow, task_name, jobname, inputs, clean = IndiferentHash.process_options event,
-  :workflow, :task_name, :jobname, :inputs, :clean
+  workflow, task_name, jobname, inputs, clean, queue = IndiferentHash.process_options event,
+    :workflow, :task_name, :jobname, :inputs, :clean, :queue
 
-  raise ParamterException, "No workflow specified" if workflow.nil?
+  raise ParameterException, "No workflow specified" if workflow.nil?
 
   workflow = Workflow.require_workflow workflow
 
@@ -18,7 +18,7 @@ def lambda_handler(event:, context:)
   when nil
     return {tasks: workflow.tasks.keys, documentation: workflow.documentation}
   when "info"
-    raise ParamterException, "No task_name specified" if task_name.nil?
+    raise ParameterException, "No task_name specified" if task_name.nil?
     return workflow.task_info(inputs["task_name"])
   else
     job = workflow.job(task_name, jobname, inputs)
@@ -30,8 +30,25 @@ def lambda_handler(event:, context:)
       job.recursive_clean
     end
 
-    job.produce
-
-    job.load
+    if job.done?
+      job.load
+    elsif job.error?
+      raise job.exception
+    elsif job.started?
+      {
+        statusCode: 202,
+        body: job.path
+      }
+    elsif queue
+      save_inputs = Scout.var.queue[workflow.to_s][task_name][job.name].find :bucket
+      job.save_inputs(save_inputs)
+      {
+        statusCode: 202,
+        body: job.path
+      }
+    else
+      job.produce
+      job.load
+    end
   end
 end

data/share/terraform/aws/container_lambda/data.tf

@@ -0,0 +1,15 @@
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnets" "default_vpc_subnets" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+
+  filter {
+    name   = "default-for-az"
+    values = ["true"]
+  }
+}

data/share/terraform/aws/container_lambda/locals.tf

@@ -0,0 +1,8 @@
+locals {
+  security_group_ids = [
+    for sg_key in var.sg_keys :
+    lookup(var.network.outputs, sg_key, null)
+  ]
+
+  efs_id = lookup(var.efs.outputs, "aws_efs_id", null)
+}

data/share/terraform/aws/container_lambda/main.tf

@@ -0,0 +1,47 @@
+resource "aws_efs_access_point" "lambda_ap" {
+  file_system_id = local.efs_id
+
+  posix_user {
+    uid = 1000
+    gid = 1000
+  }
+
+  root_directory {
+    path = var.mount_point
+    creation_info {
+      owner_uid   = 1000
+      owner_gid   = 1000
+      permissions = "755"
+    }
+  }
+}
+
+resource "aws_lambda_function" "this" {
+  function_name = var.function_name
+  package_type  = "Image"
+
+  image_uri = var.image
+
+  role = var.role_arn
+
+  timeout     = var.timeout
+  memory_size = var.memory
+
+  environment {
+    variables = var.environment_variables
+  }
+
+  vpc_config {
+    subnet_ids         = data.aws_subnets.default_vpc_subnets.ids
+    security_group_ids = local.security_group_ids
+  }
+
+  file_system_config {
+    arn              = aws_efs_access_point.lambda_ap.arn
+    local_mount_path = "/mnt/efs"
+  }
+
+  image_config {
+    command = ["app.handler"]
+  }
+}

data/share/terraform/aws/container_lambda/variables.tf

@@ -0,0 +1,44 @@
+variable "function_name" {
+  description = "Lambda function name"
+  type = string
+}
+variable "timeout" {
+  description = "Timeout for call"
+  type = number
+  default = 30
+}
+variable "environment_variables" {
+  type        = map(string)
+  description = "A map of environment variables to pass to the resource"
+  default     = {}
+}
+variable "role_arn" {
+}
+variable "image" {
+}
+variable "memory" {
+  type        = number
+  description = "The memory (MiB) for the task"
+  default     = 512
+}
+
+variable "network" {
+  description = "Name of the remote state block to use for the network"
+}
+
+variable "efs" {
+  description = "Name of the remote state block to use for the EFS"
+}
+
+variable "sg_keys" {
+  description = "List of output names in the remote state representing security group IDs"
+  type        = list(string)
+  default     = ["aws_network_efs_sg_id", "aws_network_ssh_sg_id"]
+}
+
+variable "mount_point" {
+  description = "Where to mount the efs drive"
+  type = string
+  default = "/mnt/efs"
+}
+

data/share/terraform/aws/efs_host/main.tf

@@ -6,6 +6,7 @@ resource "aws_key_pair" "this" {
 resource "aws_instance" "this" {
   ami           = data.aws_ami.amazon_linux_2.id
   instance_type = "t2.micro"
+  iam_instance_profile = var.policies.outputs.ec2_host_profile_id
 
   key_name      = aws_key_pair.this.key_name
 
@@ -23,7 +24,7 @@ resource "aws_instance" "this" {
               packages:
                 - amazon-efs-utils
               runcmd:
-                - mkdir -p /mnt/efs
+                - mkdir -p ${var.mount_point}
                 - mount -t efs -o tls ${local.efs_id}:/ ${var.mount_point}
                 - echo "${local.efs_id}:/ ${var.mount_point} efs defaults,_netdev 0 0" >> /etc/fstab
 EOF

data/share/terraform/aws/efs_host/variables.tf

@@ -6,15 +6,23 @@ variable "efs" {
   description = "Name of the remote state block to use for the EFS"
 }
 
+variable "policies" {
+  description = "Name of the remote state block to use for the policies"
+}
+
 variable "sg_keys" {
   description = "List of output names in the remote state representing security group IDs"
   type        = list(string)
   default     = ["aws_network_efs_sg_id", "aws_network_ssh_sg_id"]
 }
-
 variable "mount_point" {
   description = "Where to mount the efs drive"
   type = string
   default = "/mnt/efs"
 }
 
+#variable "iam_instance_profile" {
+#  description = "Instance profile"
+#  type = string
+#  default = null
+#}

data/share/terraform/aws/fargate/main.tf

@@ -4,16 +4,19 @@ resource "aws_ecs_task_definition" "this" {
   network_mode             = "awsvpc"
   cpu                      = var.cpu
   memory                   = var.memory
-  execution_role_arn       = var.role_arn
+  execution_role_arn       = var.policies.outputs.fargate_execution_role_arn
+  task_role_arn            = var.policies.outputs.fargate_task_role_arn
 
   container_definitions = jsonencode([
     {
       name      = var.container_name
       image     = var.image
+      user     = var.user
       essential = true
       portMappings = var.port_mappings
       //entryPoint = var.entry_point
       command = var.command
+      environment = var.environment
 
       mountPoints = [
         {

data/share/terraform/aws/fargate/variables.tf

@@ -6,6 +6,10 @@ variable "efs" {
   description = "Name of the remote state block to use for the EFS"
 }
 
+variable "policies" {
+  description = "Name of the remote state block to use for the policies"
+}
+
 variable "sg_keys" {
   description = "List of output names in the remote state representing security group IDs"
   type        = list(string)
@@ -35,11 +39,6 @@ variable "memory" {
   default     = 512
 }
 
-variable "role_arn" {
-  type        = string
-  description = "ARN of the task execution role"
-}
-
 variable "container_name" {
   type        = string
   description = "Name of the container"
@@ -51,6 +50,12 @@ variable "image" {
   description = "Docker image URL for the container"
 }
 
+variable "user" {
+  description = "User to use"
+  type        = string
+  default = null
+}
+
 variable "port_mappings" {
   type = list(object({
     containerPort = number
@@ -71,3 +76,9 @@ variable "entry_point" {
   description = "Container entry point"
   default     = ["bash"]
 }
+
+variable "environment" {
+  type        = map(string)
+  description = "A map of environment variables to pass to the resource"
+  default     = null
+}

data/share/terraform/aws/iam_instance_profile/main.tf

@@ -0,0 +1,5 @@
+resource "aws_iam_instance_profile" "this" {
+  name = var.profile_name
+  role = var.role
+}
+

data/share/terraform/aws/iam_instance_profile/output.tf

@@ -0,0 +1,15 @@
+output "arn" {
+  description = "Instance profile arn"
+  value = aws_iam_instance_profile.this.arn
+}
+
+output "profile_name" {
+  description = "Instance profile name"
+  value = aws_iam_instance_profile.this.name
+}
+
+output "id" {
+  description = "Instance profile id"
+  value = aws_iam_instance_profile.this.id
+}
+

data/share/terraform/aws/iam_instance_profile/variables.tf

@@ -0,0 +1,9 @@
+variable "role" {
+  description = "Role to assign to the instance profile"
+  type = string
+}
+
+variable "profile_name" {
+  description = "Profile name"
+  type = string
+}

data/share/terraform/aws/lambda/main.tf

@@ -5,7 +5,7 @@ resource "aws_lambda_function" "this" {
   filename      = var.filename
   source_code_hash = filebase64sha256(var.filename)
   timeout       = var.timeout
-  role          = var.role
+  role          = var.policies.outputs.lambda_execution_role_arn
 
   environment {
     variables = var.environment_variables

data/share/terraform/aws/lambda/variables.tf

@@ -5,7 +5,7 @@ variable "function_name" {
 variable "runtime" {
   description = "Ruby runtime"
   type = string
-  default = "ruby3.2"
+  default = "ruby3.3"
 }
 variable "filename" {
   description = "ZIP filename with lambda handler"
@@ -21,7 +21,6 @@ variable "environment_variables" {
   description = "A map of environment variables to pass to the resource"
   default     = {}
 }
-variable "role" {
-  description = "Role to assume"
-  type = string
+variable "policies" {
+  description = "Name of the remote state block to use for the policies"
 }

data/share/terraform/aws/policy/main.tf

@@ -0,0 +1,8 @@
+resource "aws_iam_policy" "this" {
+  name = var.policy_name
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = var.statement
+  })
+}
+

data/share/terraform/aws/policy/output.tf

@@ -0,0 +1,15 @@
+output "arn" {
+  description = "Policy arn"
+  value = aws_iam_policy.this.arn
+}
+
+output "name" {
+  description = "Policy name"
+  value = aws_iam_policy.this.name
+}
+
+output "id" {
+  description = "Policy id"
+  value = aws_iam_policy.this.id
+}
+

data/share/terraform/aws/policy/variables.tf

@@ -0,0 +1,12 @@
+variable "policy_name" {
+  type    = string
+}
+
+variable "statement" {
+  type    = list(object({
+    Action   = any
+    Effect   = string
+    Resource = any
+  }))
+}
+

data/share/terraform/aws/role/main.tf

@@ -5,7 +5,7 @@ resource "aws_iam_role" "this" {
     Version = "2012-10-17"
     Statement = [
       {
-        Action = "sts:AssumeRole"
+        Action = var.action
         Effect = "Allow"
         Principal = var.principal  
       }

data/share/terraform/aws/role/output.tf

@@ -3,7 +3,7 @@ output "arn" {
   value = aws_iam_role.this.arn
 }
 
-output "name" {
+output "role_name" {
   description = "Role name"
   value = aws_iam_role.this.name
 }

data/share/terraform/aws/role/variables.tf

@@ -8,4 +8,7 @@ variable "principal" {
   type = map(any)
 }
 
-
+variable "action" {
+  description = "Action of the role"
+  default = "sts:AssumeRole"
+}

data/share/terraform/aws/role_policy/main.tf

@@ -0,0 +1,9 @@
+resource "aws_iam_role_policy" "this" {
+  name = var.policy_name
+  role = var.role
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = var.statement
+  })
+}

data/share/terraform/aws/role_policy/variables.tf

@@ -0,0 +1,16 @@
+variable "policy_name" {
+  type    = string
+}
+
+variable "statement" {
+  type    = list(object({
+    Action   = any
+    Effect   = string
+    Resource = string
+  }))
+}
+
+variable "role" {
+  description = "Role id to which to attach policy"
+  type = string
+}

data/test/scout/aws/test_s3.rb

@@ -7,7 +7,7 @@ class TestS3 < Test::Unit::TestCase
     file = "s3://herlab/tmp/foo.txt"
 
     Open::S3.write file, "TEST"
-  
+
     dir = "s3://herlab/tmp"
 
     assert_include Open::S3.glob(dir, "**/*"), file
@@ -30,6 +30,19 @@ class TestS3 < Test::Unit::TestCase
     Open::S3.rm uri
   end
 
+  def test_cp
+    uri = "s3://herlab/tmp/foo.txt"
+
+    Open::S3.write uri, "TEST"
+    io = Open::S3.get_stream uri
+    assert_equal "TEST", io.read
+    TmpFile.with_path do |file|
+      Open.cp uri, file
+      assert_equal "TEST", Open.read(file)
+    end
+    Open::S3.rm uri
+  end
+
   def test_write_block
     uri = "s3://herlab/tmp/foo.txt"
 

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: scout-camp
 version: !ruby/object:Gem::Version
-  version: 0.1.8
+  version: 0.1.11
 platform: ruby
 authors:
 - Miguel Vazquez
 bindir: bin
 cert_chain: []
-date: 1980-01-02 00:00:00.000000000 Z
+date: 2025-04-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: scout-essentials
@@ -70,6 +70,10 @@ files:
 - share/terraform/aws/cluster/main.tf
 - share/terraform/aws/cluster/output.tf
 - share/terraform/aws/cluster/variables.tf
+- share/terraform/aws/container_lambda/data.tf
+- share/terraform/aws/container_lambda/locals.tf
+- share/terraform/aws/container_lambda/main.tf
+- share/terraform/aws/container_lambda/variables.tf
 - share/terraform/aws/efs/data.tf
 - share/terraform/aws/efs/locals.tf
 - share/terraform/aws/efs/main.tf
@@ -87,12 +91,18 @@ files:
 - share/terraform/aws/host/main.tf
 - share/terraform/aws/host/output.tf
 - share/terraform/aws/host/variables.tf
+- share/terraform/aws/iam_instance_profile/main.tf
+- share/terraform/aws/iam_instance_profile/output.tf
+- share/terraform/aws/iam_instance_profile/variables.tf
 - share/terraform/aws/lambda/main.tf
 - share/terraform/aws/lambda/variables.tf
 - share/terraform/aws/network/data.tf
 - share/terraform/aws/network/main.tf
 - share/terraform/aws/network/output.tf
 - share/terraform/aws/network/variables.tf
+- share/terraform/aws/policy/main.tf
+- share/terraform/aws/policy/output.tf
+- share/terraform/aws/policy/variables.tf
 - share/terraform/aws/policy_attachment/main.tf
 - share/terraform/aws/policy_attachment/variables.tf
 - share/terraform/aws/provider/data.tf
@@ -100,6 +110,8 @@ files:
 - share/terraform/aws/role/main.tf
 - share/terraform/aws/role/output.tf
 - share/terraform/aws/role/variables.tf
+- share/terraform/aws/role_policy/main.tf
+- share/terraform/aws/role_policy/variables.tf
 - share/terraform/ssh/cmd/main.tf
 - share/terraform/ssh/cmd/variables.tf
 - test/scout/aws/test_s3.rb
@@ -127,7 +139,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 3.6.6
 specification_version: 4
 summary: Deploy you scouts
 test_files: []