simplygenius-atmos 0.7.1 → 0.8.0

data/lib/atmos/providers/aws/container_manager.rb

@@ -1,116 +0,0 @@
-require_relative '../../../atmos'
-require 'aws-sdk-ecs'
-require 'aws-sdk-ecr'
-require 'open3'
-
-module Atmos
-  module Providers
-    module Aws
-
-      class ContainerManager
-        include GemLogger::LoggerSupport
-
-        def initialize(provider)
-          @provider = provider
-        end
-
-        def push(ecs_name, local_image,
-                 ecr_repo: ecs_name, revision: nil)
-
-          revision = Time.now.strftime('%Y%m%d%H%M%S') unless revision.present?
-          result = {}
-
-          ecr = ::Aws::ECR::Client.new
-          resp = nil
-
-          resp = ecr.get_authorization_token
-          auth_data = resp.authorization_data.first
-          token = auth_data.authorization_token
-          endpoint = auth_data.proxy_endpoint
-          user, password = Base64.decode64(token).split(':')
-
-          # docker login into the ECR repo for the current account so that we can pull/push to it
-          run("docker", "login", "-u", user, "-p", password, endpoint)#, stdin_data: token)
-
-          image="#{ecs_name}:latest"
-          ecs_image="#{endpoint.sub(/https?:\/\//, '')}/#{ecr_repo}"
-
-          tags = ['latest', revision]
-          logger.info "Tagging local image '#{local_image}' with #{tags}"
-          tags.each {|t| run("docker", "tag", local_image, "#{ecs_image}:#{t}") }
-
-          logger.info "Pushing tagged image to ECR repo"
-          tags.each {|t| run("docker", "push", "#{ecs_image}:#{t}") }
-
-          result[:remote_image] = "#{ecs_image}:#{revision}"
-          return result
-        end
-
-        def deploy_task(task, remote_image)
-          result = {}
-
-          ecs = ::Aws::ECS::Client.new
-          resp = nil
-
-          resp = ecs.list_task_definitions(family_prefix: task, sort: 'DESC')
-          latest_defn_arn = resp.task_definition_arns.first
-
-          logger.info "Latest task definition: #{latest_defn_arn}"
-
-          resp = ecs.describe_task_definition(task_definition: latest_defn_arn)
-          latest_defn = resp.task_definition
-
-          new_defn = latest_defn.to_h
-          [:revision, :status, :task_definition_arn,
-           :requires_attributes, :compatibilities].each do |attr|
-            new_defn.delete(attr)
-          end
-          new_defn[:container_definitions].each {|c| c[:image] = remote_image}
-
-          resp = ecs.register_task_definition(**new_defn)
-          result[:task_definition] = resp.task_definition.task_definition_arn
-
-          logger.info "Updated task=#{task} to #{result[:task_definition]} with image #{remote_image}"
-
-          return result
-        end
-
-        def deploy_service(cluster, service, remote_image)
-           result = {}
-
-           ecs = ::Aws::ECS::Client.new
-           resp = nil
-
-           # Get current task definition name from service
-           resp = ecs.describe_services(cluster: cluster, services: [service])
-           current_defn_arn = resp.services.first.task_definition
-           defn_name = current_defn_arn.split("/").last.split(":").first
-
-           logger.info "Current task definition (name=#{defn_name}): #{current_defn_arn}"
-           result = deploy_task(defn_name, remote_image)
-           new_taskdef = result[:task_definition]
-
-           logger.info "Updating service with new task definition: #{new_taskdef}"
-
-           resp = ecs.update_service(cluster: cluster, service: service, task_definition: new_taskdef)
-
-           logger.info "Updated service=#{service} on cluster=#{cluster} to #{new_taskdef} with image #{remote_image}"
-
-           return result
-        end
-
-        private
-
-        def run(*args, **opts)
-          logger.debug("Running: #{args}")
-          stdout, status = Open3.capture2e(ENV, *args, **opts)
-          logger.debug(stdout)
-          raise "Failed to run #{args}: #{stdout}" unless status.success?
-          return stdout
-        end
-
-      end
-
-    end
-  end
-end

data/lib/atmos/providers/aws/provider.rb

@@ -1,51 +0,0 @@
-require_relative '../../../atmos'
-
-Dir.glob(File.join(__dir__, '*.rb')) do |f|
-  require_relative "#{File.basename(f).sub(/\.rb$/, "")}"
-end
-
-module Atmos
-  module Providers
-    module Aws
-
-      class Provider
-        include GemLogger::LoggerSupport
-
-        def initialize(name)
-          @name = name
-        end
-
-        def auth_manager
-          @auth_manager ||= begin
-            Atmos::Providers::Aws::AuthManager.new(self)
-          end
-        end
-
-        def user_manager
-          @user_manager ||= begin
-            Atmos::Providers::Aws::UserManager.new(self)
-          end
-        end
-
-        def account_manager
-          @account_manager ||= begin
-            Atmos::Providers::Aws::AccountManager.new(self)
-          end
-        end
-
-        def secret_manager
-          @secret_manager ||= begin
-            Atmos::Providers::Aws::S3SecretManager.new(self)
-          end
-        end
-
-        def container_manager
-          @container_manager ||= begin
-            Atmos::Providers::Aws::ContainerManager.new(self)
-          end
-        end
-      end
-
-    end
-  end
-end

data/lib/atmos/providers/aws/s3_secret_manager.rb

@@ -1,49 +0,0 @@
-require_relative '../../../atmos'
-require 'aws-sdk-s3'
-
-module Atmos
-  module Providers
-    module Aws
-
-      class S3SecretManager
-        include GemLogger::LoggerSupport
-
-        def initialize(provider)
-          @provider = provider
-          logger.debug("Secrets config is: #{Atmos.config[:secret]}")
-          @bucket_name = Atmos.config[:secret][:bucket]
-          @encrypt = Atmos.config[:secret][:encrypt]
-        end
-
-        def set(key, value)
-          opts = {}
-          opts[:server_side_encryption] = "AES256" if @encrypt
-          bucket.object(key).put(body: value, **opts)
-        end
-
-        def get(key)
-          bucket.object(key).get.body.read
-        end
-
-        def delete(key)
-          bucket.object(key).delete
-        end
-
-        def to_h
-          Hash[bucket.objects.collect {|o|
-            [o.key, o.get.body.read]
-          }]
-        end
-
-        private
-
-        def bucket
-          raise ArgumentError.new("The s3 secret bucket is not set") unless @bucket_name
-          @bucket ||= ::Aws::S3::Bucket.new(@bucket_name)
-        end
-
-      end
-
-    end
-  end
-end

data/lib/atmos/providers/aws/user_manager.rb

@@ -1,211 +0,0 @@
-require_relative '../../../atmos'
-require_relative '../../../atmos/otp'
-require 'aws-sdk-iam'
-require 'securerandom'
-
-module Atmos
-  module Providers
-    module Aws
-
-      class UserManager
-        include GemLogger::LoggerSupport
-        include FileUtils
-
-        def initialize(provider)
-          @provider = provider
-        end
-
-        def create_user(user_name)
-          result = {}
-          client = ::Aws::IAM::Client.new
-          resource = ::Aws::IAM::Resource.new
-
-          user = resource.user(user_name)
-
-          if user.exists?
-            logger.info "User '#{user_name}' already exists"
-          else
-            logger.info "Creating new user '#{user_name}'"
-            user = resource.create_user(user_name: user_name)
-            client.wait_until(:user_exists, user_name: user_name)
-            logger.debug "User created, user_name=#{user_name}"
-          end
-
-          result[:user_name] = user_name
-
-          return result
-        end
-
-        def set_groups(user_name, groups, force: false)
-          result = {}
-          resource = ::Aws::IAM::Resource.new
-
-          user = resource.user(user_name)
-
-          existing_groups = user.groups.collect(&:name)
-          groups_to_add = groups -  existing_groups
-          groups_to_remove = existing_groups - groups
-
-          result[:groups] = existing_groups
-
-          groups_to_add.each do |group|
-            logger.debug "Adding group: #{group}"
-            user.add_group(group_name: group)
-            result[:groups] << group
-          end
-
-          if force
-            groups_to_remove.each do |group|
-              logger.debug "Removing group: #{group}"
-              user.remove_group(group_name: group)
-              result[:groups].delete(group)
-            end
-          end
-
-          logger.info "User associated with groups=#{result[:groups]}"
-
-          return result
-        end
-
-        def enable_login(user_name, force: false)
-          result = {}
-          resource = ::Aws::IAM::Resource.new
-
-          user = resource.user(user_name)
-
-          password = ""
-          classes = [/[a-z]/, /[A-Z]/, /[0-9]/, /[!@#$%^&*()_+\-=\[\]{}|']/]
-          while ! classes.all? {|c| password =~ c }
-            password = SecureRandom.base64(15)
-          end
-
-          exists = false
-          begin
-            user.login_profile.create_date
-            exists = true
-          rescue ::Aws::IAM::Errors::NoSuchEntity
-            exists = false
-          end
-
-          if exists
-            logger.info "User login already exists"
-            if force
-              user.login_profile.update(password: password, password_reset_required: true)
-              result[:password] = password
-              logger.info "Updated user login with password=#{password}"
-            end
-          else
-            user.create_login_profile(password: password, password_reset_required: true)
-            result[:password] = password
-            logger.info "User login enabled with password=#{password}"
-          end
-
-          return result
-        end
-
-        def enable_mfa(user_name, force: false)
-          result = {}
-          client = ::Aws::IAM::Client.new
-          resource = ::Aws::IAM::Resource.new
-
-          user = resource.user(user_name)
-
-          if user.mfa_devices.first
-            logger.info "User mfa devices already exist"
-            if force
-              logger.info "Deleting old mfa devices"
-              user.mfa_devices.each do |dev|
-                dev.disassociate
-                client.delete_virtual_mfa_device(serial_number: dev.serial_number)
-                Atmos::Otp.instance.remove(user_name)
-              end
-            else
-              return result
-            end
-          end
-
-          resp = client.create_virtual_mfa_device(
-            virtual_mfa_device_name: user_name
-          )
-
-          serial = resp.virtual_mfa_device.serial_number
-          seed = resp.virtual_mfa_device.base_32_string_seed
-
-          Atmos::Otp.instance.add(user_name, seed)
-          code1 = Atmos::Otp.instance.generate(user_name)
-          interval = (30 - (Time.now.to_i % 30)) + 1
-          logger.info "Waiting for #{interval}s to generate second otp key for enablement"
-          sleep interval
-          code2 = Atmos::Otp.instance.generate(user_name)
-          raise "MFA codes should not be the same" if code1 == code2
-
-          resp = client.enable_mfa_device({
-            user_name: user_name,
-            serial_number: serial,
-            authentication_code_1: code1,
-            authentication_code_2: code2,
-          })
-
-          result[:mfa_secret] = seed
-
-          return result
-        end
-
-        def enable_access_keys(user_name, force: false)
-          result = {}
-          resource = ::Aws::IAM::Resource.new
-
-          user = resource.user(user_name)
-
-          if user.access_keys.first
-            logger.info "User access keys already exist"
-            if force
-              logger.info "Deleting old access keys"
-              user.access_keys.each do |key|
-                key.delete
-              end
-            else
-              return result
-            end
-          end
-
-          # TODO: auto add to ~/.aws/credentials and config
-          key_pair = user.create_access_key_pair
-          result[:key] = key_pair.access_key_id
-          result[:secret] = key_pair.secret
-          logger.debug "User keys generated key=#{key_pair.access_key_id}, secret=#{key_pair.secret}"
-
-          return result
-        end
-
-        def set_public_key(user_name, public_key, force: false)
-          result = {}
-          client = ::Aws::IAM::Client.new
-          resource = ::Aws::IAM::Resource.new
-
-          user = resource.user(user_name)
-          keys = client.list_ssh_public_keys(user_name: user_name).ssh_public_keys
-          if keys.size > 0
-            logger.info "User ssh public keys already exist"
-            if force
-              logger.info "Deleting old ssh public keys"
-              keys.each do |key|
-                client.delete_ssh_public_key(user_name: user_name,
-                                             ssh_public_key_id: key.ssh_public_key_id)
-              end
-            else
-              return result
-            end
-          end
-
-          client.upload_ssh_public_key(user_name: user_name, ssh_public_key_body: public_key)
-          logger.debug "User public key assigned: #{public_key}"
-
-          return result
-        end
-
-      end
-
-    end
-  end
-end

data/lib/atmos/settings_hash.rb

@@ -1,90 +0,0 @@
-require 'hashie'
-
-module Atmos
-
-  class SettingsHash <  Hashie::Mash
-    include GemLogger::LoggerSupport
-    include Hashie::Extensions::DeepMerge
-    include Hashie::Extensions::DeepFetch
-    disable_warnings
-
-    PATH_PATTERN = /[\.\[\]]/
-
-    def notation_get(key)
-      path = key.to_s.split(PATH_PATTERN).compact
-      path = path.collect {|p| p =~ /^\d+$/ ? p.to_i : p }
-      result = nil
-
-      begin
-        result = deep_fetch(*path)
-      rescue Hashie::Extensions::DeepFetch::UndefinedPathError => e
-        logger.debug("Settings missing value for key='#{key}'")
-      end
-
-      return result
-    end
-
-    def notation_put(key, value, additive: true)
-      path = key.to_s.split(PATH_PATTERN).compact
-      path = path.collect {|p| p =~ /^\d+$/ ? p.to_i : p }
-      current_level = self
-      path.each_with_index do |p, i|
-
-        if i == path.size - 1
-          if additive && current_level[p].is_a?(Array)
-            current_level[p] = current_level[p] | Array(value)
-          else
-            current_level[p] = value
-          end
-        else
-          if current_level[p].nil?
-            if path[i+1].is_a?(Integer)
-              current_level[p] = []
-            else
-              current_level[p] = {}
-            end
-          end
-        end
-
-        current_level = current_level[p]
-      end
-    end
-
-    def self.add_config(yml_file, key, value, additive: true)
-      orig_config_with_comments = File.read(yml_file)
-
-      comment_places = {}
-      comment_lines = []
-      orig_config_with_comments.each_line do |line|
-        line.gsub!(/\s+$/, "\n")
-        if line =~ /^\s*(#.*)?$/
-          comment_lines << line
-        else
-          if comment_lines.present?
-            comment_places[line.chomp] = comment_lines
-            comment_lines = []
-          end
-        end
-      end
-      comment_places["<EOF>"] = comment_lines
-
-      orig_config = SettingsHash.new((YAML.load_file(yml_file) rescue {}))
-      orig_config.notation_put(key, value, additive: additive)
-      new_config_no_comments = YAML.dump(orig_config.to_hash)
-      new_config_no_comments.sub!(/\A---\n/, "")
-
-      new_yml = ""
-      new_config_no_comments.each_line do |line|
-        line.gsub!(/\s+$/, "\n")
-        cline = comment_places.keys.find {|k| line =~ /^#{k}/ }
-        comments = comment_places[cline]
-        comments.each {|comment| new_yml << comment } if comments
-        new_yml << line
-      end
-      comment_places["<EOF>"].each {|comment| new_yml << comment }
-
-      return new_yml
-    end
-
-  end
-end