sfn 3.0.30 → 3.0.32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/bin/sfn +16 -14
- data/lib/chef/knife/knife_plugin_seed.rb +12 -12
- data/lib/sfn.rb +17 -17
- data/lib/sfn/api_provider.rb +3 -3
- data/lib/sfn/api_provider/google.rb +2 -2
- data/lib/sfn/api_provider/terraform.rb +2 -2
- data/lib/sfn/cache.rb +9 -9
- data/lib/sfn/callback.rb +6 -6
- data/lib/sfn/callback/aws_assume_role.rb +5 -5
- data/lib/sfn/callback/aws_mfa.rb +8 -6
- data/lib/sfn/callback/stack_policy.rb +15 -15
- data/lib/sfn/command.rb +37 -36
- data/lib/sfn/command/conf.rb +12 -12
- data/lib/sfn/command/create.rb +9 -9
- data/lib/sfn/command/describe.rb +6 -6
- data/lib/sfn/command/destroy.rb +8 -8
- data/lib/sfn/command/diff.rb +31 -31
- data/lib/sfn/command/events.rb +6 -6
- data/lib/sfn/command/export.rb +8 -8
- data/lib/sfn/command/graph.rb +21 -21
- data/lib/sfn/command/graph/aws.rb +34 -34
- data/lib/sfn/command/graph/provider.rb +1 -1
- data/lib/sfn/command/graph/terraform.rb +41 -41
- data/lib/sfn/command/import.rb +17 -17
- data/lib/sfn/command/init.rb +15 -15
- data/lib/sfn/command/inspect.rb +16 -16
- data/lib/sfn/command/lint.rb +6 -6
- data/lib/sfn/command/list.rb +2 -2
- data/lib/sfn/command/plan.rb +227 -0
- data/lib/sfn/command/print.rb +4 -4
- data/lib/sfn/command/promote.rb +2 -2
- data/lib/sfn/command/update.rb +19 -144
- data/lib/sfn/command/validate.rb +17 -13
- data/lib/sfn/command_module.rb +6 -5
- data/lib/sfn/command_module/base.rb +8 -8
- data/lib/sfn/command_module/callbacks.rb +5 -5
- data/lib/sfn/command_module/planning.rb +151 -0
- data/lib/sfn/command_module/stack.rb +34 -34
- data/lib/sfn/command_module/template.rb +50 -50
- data/lib/sfn/config.rb +46 -44
- data/lib/sfn/config/conf.rb +3 -3
- data/lib/sfn/config/create.rb +9 -9
- data/lib/sfn/config/describe.rb +7 -7
- data/lib/sfn/config/destroy.rb +1 -1
- data/lib/sfn/config/diff.rb +3 -3
- data/lib/sfn/config/events.rb +9 -9
- data/lib/sfn/config/export.rb +5 -5
- data/lib/sfn/config/graph.rb +10 -10
- data/lib/sfn/config/import.rb +4 -4
- data/lib/sfn/config/init.rb +1 -1
- data/lib/sfn/config/inspect.rb +16 -16
- data/lib/sfn/config/lint.rb +5 -5
- data/lib/sfn/config/list.rb +6 -6
- data/lib/sfn/config/plan.rb +28 -0
- data/lib/sfn/config/print.rb +5 -5
- data/lib/sfn/config/promote.rb +4 -4
- data/lib/sfn/config/update.rb +18 -18
- data/lib/sfn/config/validate.rb +30 -30
- data/lib/sfn/lint.rb +5 -5
- data/lib/sfn/lint/definition.rb +3 -3
- data/lib/sfn/lint/rule.rb +3 -3
- data/lib/sfn/lint/rule_set.rb +2 -2
- data/lib/sfn/monkey_patch.rb +2 -2
- data/lib/sfn/monkey_patch/stack.rb +27 -27
- data/lib/sfn/monkey_patch/stack/azure.rb +1 -1
- data/lib/sfn/monkey_patch/stack/google.rb +5 -5
- data/lib/sfn/planner.rb +4 -4
- data/lib/sfn/planner/aws.rb +114 -70
- data/lib/sfn/provider.rb +13 -13
- data/lib/sfn/utils.rb +10 -10
- data/lib/sfn/utils/debug.rb +2 -2
- data/lib/sfn/utils/json.rb +1 -1
- data/lib/sfn/utils/object_storage.rb +3 -3
- data/lib/sfn/utils/output.rb +4 -4
- data/lib/sfn/utils/path_selector.rb +15 -15
- data/lib/sfn/utils/ssher.rb +4 -4
- data/lib/sfn/utils/stack_exporter.rb +16 -16
- data/lib/sfn/utils/stack_parameter_scrubber.rb +6 -6
- data/lib/sfn/utils/stack_parameter_validator.rb +22 -22
- data/lib/sfn/version.rb +1 -1
- data/sfn.gemspec +32 -32
- metadata +16 -13
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d5ef50f2d7f97d037caa0dba225d36df2238fe9c623f73bca12f08d0b9ee533b
|
|
4
|
+
data.tar.gz: 516415927b2095dc864e5870102d8e6f4a4ad3cc200ca39894e6fcea4133356f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f79cf6d75b20388f1c2c6b0cd7db4e455727645e552f27b4cb91515dcbed14a786bca3f49cac216058f5ac2616c9bebb9996ec7956bd717c86043c9857d5aad1
|
|
7
|
+
data.tar.gz: 26dd49179b59bf5e38688ef8d718ad3677a95939d69e0409f89cd06c1c0f1bb6597489c80d3a6893d6cb43431ed38ed5170cc4074295b337854e77df46046820
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
# v3.0.32
|
|
2
|
+
* [enhancement] Store AWS STS information on failure
|
|
3
|
+
* [enhancement] Show parameter name when validation fails (#273)
|
|
4
|
+
* [fix] Allow template validation without processing (#279)
|
|
5
|
+
* [feature] Add initial implementation of plan command (#281)
|
|
6
|
+
|
|
1
7
|
# v3.0.30
|
|
2
8
|
* [fix] Comma delimited parameter type parsing (#270)
|
|
3
9
|
* [fix] Constant deprecations
|
data/bin/sfn
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
#!/usr/bin/env ruby
|
|
2
2
|
|
|
3
|
-
require
|
|
4
|
-
require
|
|
3
|
+
require "bogo-cli"
|
|
4
|
+
require "sfn"
|
|
5
5
|
|
|
6
|
-
if
|
|
6
|
+
if defined?(Bundler)
|
|
7
7
|
begin
|
|
8
8
|
Bundler.require(:sfn)
|
|
9
9
|
rescue Bundler::GemfileNotFound
|
|
@@ -12,23 +12,21 @@ if(defined?(Bundler))
|
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
Bogo::Cli::Setup.define do
|
|
15
|
-
|
|
16
|
-
on :v, :version, 'Print version ' do
|
|
15
|
+
on :v, :version, "Print version " do
|
|
17
16
|
puts "sfn - SparkleFormation CLI - [Version: #{Sfn::VERSION}]"
|
|
18
17
|
exit
|
|
19
18
|
end
|
|
20
19
|
|
|
21
20
|
Sfn::Config.constants.map do |konst|
|
|
22
21
|
const = Sfn::Config.const_get(konst)
|
|
23
|
-
if
|
|
22
|
+
if const.is_a?(Class) && const.ancestors.include?(Bogo::Config)
|
|
24
23
|
const
|
|
25
24
|
end
|
|
26
25
|
end.compact.sort_by(&:to_s).each do |klass|
|
|
27
|
-
|
|
28
|
-
klass_name = klass.name.split('::').last.downcase
|
|
26
|
+
klass_name = klass.name.split("::").last.downcase
|
|
29
27
|
|
|
30
28
|
command klass_name do
|
|
31
|
-
if
|
|
29
|
+
if klass.const_defined?(:DESCRIPTION)
|
|
32
30
|
description klass.const_get(:DESCRIPTION)
|
|
33
31
|
end
|
|
34
32
|
|
|
@@ -36,12 +34,12 @@ Bogo::Cli::Setup.define do
|
|
|
36
34
|
on_name = info[:boolean] ? info[:long] : "#{info[:long]}="
|
|
37
35
|
opts = Hash.new.tap do |o|
|
|
38
36
|
o[:default] = info[:default] if info.has_key?(:default)
|
|
39
|
-
if
|
|
37
|
+
if info[:multiple]
|
|
40
38
|
o[:as] = Array
|
|
41
39
|
o[:delimiter] = nil
|
|
42
40
|
end
|
|
43
41
|
end
|
|
44
|
-
if
|
|
42
|
+
if info[:short]
|
|
45
43
|
on info[:short], on_name, info[:description], opts
|
|
46
44
|
else
|
|
47
45
|
on on_name, info[:description], opts
|
|
@@ -49,10 +47,14 @@ Bogo::Cli::Setup.define do
|
|
|
49
47
|
end
|
|
50
48
|
|
|
51
49
|
run do |opts, args|
|
|
52
|
-
Bogo::Utility.constantize(klass.to_s.sub(
|
|
50
|
+
command = Bogo::Utility.constantize(klass.to_s.sub("Config", "Command")).new(opts, args)
|
|
51
|
+
begin
|
|
52
|
+
command.execute!
|
|
53
|
+
rescue Bogo::Ui::ConfirmationDeclined
|
|
54
|
+
command.ui.error "Confirmation declined!"
|
|
55
|
+
exit 1
|
|
56
|
+
end
|
|
53
57
|
end
|
|
54
58
|
end
|
|
55
|
-
|
|
56
59
|
end
|
|
57
|
-
|
|
58
60
|
end
|
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
begin
|
|
2
|
-
kcfn = Gem::Specification.find_by_name(
|
|
2
|
+
kcfn = Gem::Specification.find_by_name("knife-cloudformation")
|
|
3
3
|
$stderr.puts "[WARN]: Deprecated gem detected: #{kcfn.name} [V: #{kcfn.version}]"
|
|
4
|
-
$stderr.puts
|
|
4
|
+
$stderr.puts "[WARN]: Uninstall gem to prevent any conflicts (`gem uninstall knife-cloudformation -a`)"
|
|
5
5
|
rescue Gem::LoadError => e
|
|
6
6
|
# ignore
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
unless defined?(Chef::Knife::CloudformationCreate)
|
|
10
|
-
require
|
|
11
|
-
require
|
|
10
|
+
require "sfn"
|
|
11
|
+
require "bogo"
|
|
12
12
|
|
|
13
13
|
Chef::Config[:knife][:cloudformation] = {
|
|
14
14
|
:options => {},
|
|
@@ -17,7 +17,7 @@ unless defined?(Chef::Knife::CloudformationCreate)
|
|
|
17
17
|
}
|
|
18
18
|
Chef::Config[:knife][:sparkleformation] = Chef::Config[:knife][:cloudformation]
|
|
19
19
|
|
|
20
|
-
VALID_PREFIX = [
|
|
20
|
+
VALID_PREFIX = ["cloudformation", "sparkleformation"]
|
|
21
21
|
|
|
22
22
|
Sfn::Config.constants.map do |konst|
|
|
23
23
|
const = Sfn::Config.const_get(konst)
|
|
@@ -26,7 +26,7 @@ unless defined?(Chef::Knife::CloudformationCreate)
|
|
|
26
26
|
end
|
|
27
27
|
end.compact.sort_by(&:to_s).each do |klass|
|
|
28
28
|
VALID_PREFIX.each do |prefix|
|
|
29
|
-
klass_name = klass.name.split(
|
|
29
|
+
klass_name = klass.name.split("::").last
|
|
30
30
|
command_class = "#{prefix.capitalize}#{klass_name}"
|
|
31
31
|
|
|
32
32
|
knife_klass = Class.new(Chef::Knife)
|
|
@@ -54,7 +54,7 @@ unless defined?(Chef::Knife::CloudformationCreate)
|
|
|
54
54
|
end
|
|
55
55
|
base = knife.to_smash
|
|
56
56
|
keys = VALID_PREFIX.dup
|
|
57
|
-
cmd_config = keys.unshift(keys.delete(snake(self.class.name.split(
|
|
57
|
+
cmd_config = keys.unshift(keys.delete(snake(self.class.name.split("::").last).to_s.split("_").first)).map do |k|
|
|
58
58
|
base[k]
|
|
59
59
|
end.compact.first || {}
|
|
60
60
|
cmd_config = cmd_config.to_smash
|
|
@@ -64,8 +64,8 @@ unless defined?(Chef::Knife::CloudformationCreate)
|
|
|
64
64
|
end
|
|
65
65
|
# Split up options provided multiple arguments
|
|
66
66
|
reconfig.map! do |k, v|
|
|
67
|
-
if v.is_a?(String) && v.include?(
|
|
68
|
-
v = v.split(
|
|
67
|
+
if v.is_a?(String) && v.include?(",")
|
|
68
|
+
v = v.split(",").map(&:strip)
|
|
69
69
|
end
|
|
70
70
|
[k, v]
|
|
71
71
|
end
|
|
@@ -82,7 +82,7 @@ unless defined?(Chef::Knife::CloudformationCreate)
|
|
|
82
82
|
knife_klass.instance_variable_set(:@name, "Chef::Knife::#{command_class}")
|
|
83
83
|
knife_klass.instance_variable_set(
|
|
84
84
|
:@sfn_class,
|
|
85
|
-
Bogo::Utility.constantize(klass.name.sub(
|
|
85
|
+
Bogo::Utility.constantize(klass.name.sub("Config", "Command"))
|
|
86
86
|
)
|
|
87
87
|
knife_klass.banner "knife #{prefix} #{Bogo::Utility.snake(klass_name)}"
|
|
88
88
|
|
|
@@ -91,9 +91,9 @@ unless defined?(Chef::Knife::CloudformationCreate)
|
|
|
91
91
|
short = "-#{info[:short]}"
|
|
92
92
|
long = "--[no-]#{info[:long]}"
|
|
93
93
|
else
|
|
94
|
-
val =
|
|
94
|
+
val = "VALUE"
|
|
95
95
|
if info[:multiple]
|
|
96
|
-
val <<
|
|
96
|
+
val << "[,VALUE]"
|
|
97
97
|
end
|
|
98
98
|
short = "-#{info[:short]} #{val}"
|
|
99
99
|
long = "--#{info[:long]} #{val}"
|
data/lib/sfn.rb
CHANGED
|
@@ -1,20 +1,20 @@
|
|
|
1
|
-
require
|
|
2
|
-
require
|
|
3
|
-
require
|
|
4
|
-
require
|
|
1
|
+
require "sfn/version"
|
|
2
|
+
require "miasma"
|
|
3
|
+
require "bogo"
|
|
4
|
+
require "sparkle_formation"
|
|
5
5
|
|
|
6
6
|
module Sfn
|
|
7
|
-
autoload :ApiProvider,
|
|
8
|
-
autoload :Callback,
|
|
9
|
-
autoload :Provider,
|
|
10
|
-
autoload :Cache,
|
|
11
|
-
autoload :Config,
|
|
12
|
-
autoload :Export,
|
|
13
|
-
autoload :Utils,
|
|
14
|
-
autoload :MonkeyPatch,
|
|
15
|
-
autoload :Knife,
|
|
16
|
-
autoload :Command,
|
|
17
|
-
autoload :CommandModule,
|
|
18
|
-
autoload :Planner,
|
|
19
|
-
autoload :Lint,
|
|
7
|
+
autoload :ApiProvider, "sfn/api_provider"
|
|
8
|
+
autoload :Callback, "sfn/callback"
|
|
9
|
+
autoload :Provider, "sfn/provider"
|
|
10
|
+
autoload :Cache, "sfn/cache"
|
|
11
|
+
autoload :Config, "sfn/config"
|
|
12
|
+
autoload :Export, "sfn/export"
|
|
13
|
+
autoload :Utils, "sfn/utils"
|
|
14
|
+
autoload :MonkeyPatch, "sfn/monkey_patch"
|
|
15
|
+
autoload :Knife, "sfn/knife"
|
|
16
|
+
autoload :Command, "sfn/command"
|
|
17
|
+
autoload :CommandModule, "sfn/command_module"
|
|
18
|
+
autoload :Planner, "sfn/planner"
|
|
19
|
+
autoload :Lint, "sfn/lint"
|
|
20
20
|
end
|
data/lib/sfn/api_provider.rb
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "sfn"
|
|
2
2
|
|
|
3
3
|
module Sfn
|
|
4
4
|
module ApiProvider
|
|
5
|
-
autoload :Google,
|
|
6
|
-
autoload :Terraform,
|
|
5
|
+
autoload :Google, "sfn/api_provider/google"
|
|
6
|
+
autoload :Terraform, "sfn/api_provider/terraform"
|
|
7
7
|
end
|
|
8
8
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "sfn"
|
|
2
2
|
|
|
3
3
|
module Sfn
|
|
4
4
|
module ApiProvider
|
|
@@ -43,7 +43,7 @@ module Sfn
|
|
|
43
43
|
# @return [TrueClass, FalseClass]
|
|
44
44
|
def function_set_parameter?(val)
|
|
45
45
|
if val
|
|
46
|
-
val.start_with?(
|
|
46
|
+
val.start_with?("$(") || val.start_with?("{{")
|
|
47
47
|
end
|
|
48
48
|
end
|
|
49
49
|
|
data/lib/sfn/cache.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
require
|
|
2
|
-
require
|
|
3
|
-
require
|
|
1
|
+
require "digest/sha2"
|
|
2
|
+
require "thread"
|
|
3
|
+
require "sfn"
|
|
4
4
|
|
|
5
5
|
module Sfn
|
|
6
6
|
# Data caching helper
|
|
@@ -16,9 +16,9 @@ module Sfn
|
|
|
16
16
|
case type
|
|
17
17
|
when :redis
|
|
18
18
|
begin
|
|
19
|
-
require
|
|
19
|
+
require "redis-objects"
|
|
20
20
|
rescue LoadError
|
|
21
|
-
$stderr.puts
|
|
21
|
+
$stderr.puts "The `redis-objects` gem is required for Cache support!"
|
|
22
22
|
raise
|
|
23
23
|
end
|
|
24
24
|
@_pid = Process.pid
|
|
@@ -168,7 +168,7 @@ module Sfn
|
|
|
168
168
|
when :lock
|
|
169
169
|
Redis::Lock.new(full_name, {:expiration => 60, :timeout => 0.1}.merge(args))
|
|
170
170
|
when :stamped
|
|
171
|
-
Stamped.new(full_name.sub("#{key}_",
|
|
171
|
+
Stamped.new(full_name.sub("#{key}_", "").to_sym, get_redis_storage(:value, full_name), self)
|
|
172
172
|
else
|
|
173
173
|
raise TypeError.new("Unsupported caching data type encountered: #{data_type}")
|
|
174
174
|
end
|
|
@@ -193,7 +193,7 @@ module Sfn
|
|
|
193
193
|
when :lock
|
|
194
194
|
LocalLock.new(full_name, {:expiration => 60, :timeout => 0.1}.merge(args))
|
|
195
195
|
when :stamped
|
|
196
|
-
Stamped.new(full_name.sub("#{key}_",
|
|
196
|
+
Stamped.new(full_name.sub("#{key}_", "").to_sym, get_local_storage(:value, full_name), self)
|
|
197
197
|
else
|
|
198
198
|
raise TypeError.new("Unsupported caching data type encountered: #{data_type}")
|
|
199
199
|
end
|
|
@@ -227,7 +227,7 @@ module Sfn
|
|
|
227
227
|
# @param val [Object]
|
|
228
228
|
# @note this will never work, thus you should never use it
|
|
229
229
|
def []=(key, val)
|
|
230
|
-
raise
|
|
230
|
+
raise "Setting backend data is not allowed"
|
|
231
231
|
end
|
|
232
232
|
|
|
233
233
|
# Check if cache time has expired
|
|
@@ -263,7 +263,7 @@ module Sfn
|
|
|
263
263
|
yield
|
|
264
264
|
end
|
|
265
265
|
rescue => e
|
|
266
|
-
if e.class.to_s.end_with?(
|
|
266
|
+
if e.class.to_s.end_with?("Timeout")
|
|
267
267
|
raise if raise_on_locked
|
|
268
268
|
else
|
|
269
269
|
raise
|
data/lib/sfn/callback.rb
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "sfn"
|
|
2
2
|
|
|
3
3
|
module Sfn
|
|
4
4
|
# Interface for injecting custom functionality
|
|
5
5
|
class Callback
|
|
6
|
-
autoload :AwsAssumeRole,
|
|
7
|
-
autoload :AwsMfa,
|
|
8
|
-
autoload :StackPolicy,
|
|
6
|
+
autoload :AwsAssumeRole, "sfn/callback/aws_assume_role"
|
|
7
|
+
autoload :AwsMfa, "sfn/callback/aws_mfa"
|
|
8
|
+
autoload :StackPolicy, "sfn/callback/stack_policy"
|
|
9
9
|
|
|
10
10
|
# @return [Bogo::Ui]
|
|
11
11
|
attr_reader :ui
|
|
@@ -40,10 +40,10 @@ module Sfn
|
|
|
40
40
|
ui.info("#{msg}... ", :nonewline)
|
|
41
41
|
begin
|
|
42
42
|
result = yield
|
|
43
|
-
ui.puts ui.color(
|
|
43
|
+
ui.puts ui.color("complete!", :green, :bold)
|
|
44
44
|
result
|
|
45
45
|
rescue => e
|
|
46
|
-
ui.puts ui.color(
|
|
46
|
+
ui.puts ui.color("error!", :red, :bold)
|
|
47
47
|
ui.error "Reason - #{e}"
|
|
48
48
|
raise
|
|
49
49
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "sfn"
|
|
2
2
|
|
|
3
3
|
module Sfn
|
|
4
4
|
class Callback
|
|
@@ -31,14 +31,14 @@ module Sfn
|
|
|
31
31
|
def after(*_)
|
|
32
32
|
if enabled?
|
|
33
33
|
if api.connection.aws_sts_role_arn && api.connection.aws_sts_token
|
|
34
|
-
path = config.fetch(:aws_assume_role, :cache_file,
|
|
34
|
+
path = config.fetch(:aws_assume_role, :cache_file, ".sfn-aws")
|
|
35
35
|
FileUtils.touch(path)
|
|
36
36
|
File.chmod(0600, path)
|
|
37
37
|
values = load_stored_values(path)
|
|
38
38
|
STS_STORE_ITEMS.map do |key|
|
|
39
39
|
values[key] = api.connection.data[key]
|
|
40
40
|
end
|
|
41
|
-
File.open(path,
|
|
41
|
+
File.open(path, "w") do |file|
|
|
42
42
|
file.puts MultiJson.dump(values)
|
|
43
43
|
end
|
|
44
44
|
end
|
|
@@ -47,14 +47,14 @@ module Sfn
|
|
|
47
47
|
|
|
48
48
|
# @return [TrueClass, FalseClass]
|
|
49
49
|
def enabled?
|
|
50
|
-
config.fetch(:aws_assume_role, :status,
|
|
50
|
+
config.fetch(:aws_assume_role, :status, "enabled").to_s == "enabled"
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
# Load stored configuration data into the api connection
|
|
54
54
|
#
|
|
55
55
|
# @return [TrueClass, FalseClass]
|
|
56
56
|
def load_stored_session
|
|
57
|
-
path = config.fetch(:aws_assume_role, :cache_file,
|
|
57
|
+
path = config.fetch(:aws_assume_role, :cache_file, ".sfn-aws")
|
|
58
58
|
if File.exists?(path)
|
|
59
59
|
values = load_stored_values(path)
|
|
60
60
|
STS_STORE_ITEMS.each do |key|
|
data/lib/sfn/callback/aws_mfa.rb
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "sfn"
|
|
2
2
|
|
|
3
3
|
module Sfn
|
|
4
4
|
class Callback
|
|
@@ -32,30 +32,32 @@ module Sfn
|
|
|
32
32
|
def after(*_)
|
|
33
33
|
if enabled?
|
|
34
34
|
if api.connection.aws_sts_session_token
|
|
35
|
-
path = config.fetch(:aws_mfa, :cache_file,
|
|
35
|
+
path = config.fetch(:aws_mfa, :cache_file, ".sfn-aws")
|
|
36
36
|
FileUtils.touch(path)
|
|
37
37
|
File.chmod(0600, path)
|
|
38
38
|
values = load_stored_values(path)
|
|
39
39
|
SESSION_STORE_ITEMS.map do |key|
|
|
40
40
|
values[key] = api.connection.data[key]
|
|
41
41
|
end
|
|
42
|
-
File.open(path,
|
|
42
|
+
File.open(path, "w") do |file|
|
|
43
43
|
file.puts MultiJson.dump(values)
|
|
44
44
|
end
|
|
45
45
|
end
|
|
46
46
|
end
|
|
47
47
|
end
|
|
48
48
|
|
|
49
|
+
alias_method :failed, :after
|
|
50
|
+
|
|
49
51
|
# @return [TrueClass, FalseClass]
|
|
50
52
|
def enabled?
|
|
51
|
-
config.fetch(:aws_mfa, :status,
|
|
53
|
+
config.fetch(:aws_mfa, :status, "enabled").to_s == "enabled"
|
|
52
54
|
end
|
|
53
55
|
|
|
54
56
|
# Load stored configuration data into the api connection
|
|
55
57
|
#
|
|
56
58
|
# @return [TrueClass, FalseClass]
|
|
57
59
|
def load_stored_session
|
|
58
|
-
path = config.fetch(:aws_mfa, :cache_file,
|
|
60
|
+
path = config.fetch(:aws_mfa, :cache_file, ".sfn-aws")
|
|
59
61
|
if File.exists?(path)
|
|
60
62
|
values = load_stored_values(path)
|
|
61
63
|
SESSION_STORE_ITEMS.each do |key|
|
|
@@ -93,7 +95,7 @@ module Sfn
|
|
|
93
95
|
#
|
|
94
96
|
# @return [String]
|
|
95
97
|
def prompt_for_code
|
|
96
|
-
result = ui.ask
|
|
98
|
+
result = ui.ask "AWS MFA code", :valid => /^\d{6}$/
|
|
97
99
|
result.strip
|
|
98
100
|
end
|
|
99
101
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "sfn"
|
|
2
2
|
|
|
3
3
|
module Sfn
|
|
4
4
|
class Callback
|
|
@@ -6,11 +6,11 @@ module Sfn
|
|
|
6
6
|
|
|
7
7
|
# Policy to apply prior to stack deletion
|
|
8
8
|
DEFENSELESS_POLICY = {
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
9
|
+
"Statement" => [{
|
|
10
|
+
"Effect" => "Allow",
|
|
11
|
+
"Action" => "Update:*",
|
|
12
|
+
"Resource" => "*",
|
|
13
|
+
"Principal" => "*",
|
|
14
14
|
}],
|
|
15
15
|
}
|
|
16
16
|
|
|
@@ -29,14 +29,14 @@ module Sfn
|
|
|
29
29
|
#
|
|
30
30
|
# @param args [Hash]
|
|
31
31
|
def submit_policy(args)
|
|
32
|
-
ui.info
|
|
32
|
+
ui.info "Submitting stack policy documents"
|
|
33
33
|
stack = args[:api_stack]
|
|
34
34
|
([stack] + stack.nested_stacks).compact.each do |p_stack|
|
|
35
35
|
run_action "Applying stack policy to #{ui.color(p_stack.name, :yellow)}" do
|
|
36
36
|
save_stack_policy(p_stack)
|
|
37
37
|
end
|
|
38
38
|
end
|
|
39
|
-
ui.info
|
|
39
|
+
ui.info "Stack policy documents successfully submitted!"
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
alias_method :after_create, :submit_policy
|
|
@@ -46,8 +46,8 @@ module Sfn
|
|
|
46
46
|
#
|
|
47
47
|
# @param args [Hash]
|
|
48
48
|
def before_update(args)
|
|
49
|
-
if config.get(:stack_policy, :update).to_s ==
|
|
50
|
-
ui.warn
|
|
49
|
+
if config.get(:stack_policy, :update).to_s == "defenseless"
|
|
50
|
+
ui.warn "Disabling all stack policies for update."
|
|
51
51
|
stack = args[:api_stack]
|
|
52
52
|
([stack] + stack.nested_stacks).compact.each do |p_stack|
|
|
53
53
|
@policies[p_stack.name] = DEFENSELESS_POLICY
|
|
@@ -64,7 +64,7 @@ module Sfn
|
|
|
64
64
|
# @param info [Hash]
|
|
65
65
|
def template(info)
|
|
66
66
|
if info[:sparkle_stack]
|
|
67
|
-
@policies.set(info.fetch(:stack_name,
|
|
67
|
+
@policies.set(info.fetch(:stack_name, "unknown"),
|
|
68
68
|
info[:sparkle_stack].generate_policy)
|
|
69
69
|
end
|
|
70
70
|
end
|
|
@@ -89,12 +89,12 @@ module Sfn
|
|
|
89
89
|
end
|
|
90
90
|
end
|
|
91
91
|
result = p_stack.api.request(
|
|
92
|
-
:path =>
|
|
92
|
+
:path => "/",
|
|
93
93
|
:method => :post,
|
|
94
94
|
:form => Smash.new(
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
95
|
+
"Action" => "SetStackPolicy",
|
|
96
|
+
"StackName" => p_stack.id,
|
|
97
|
+
"StackPolicyBody" => MultiJson.dump(stack_policy),
|
|
98
98
|
),
|
|
99
99
|
)
|
|
100
100
|
end
|