simplygenius-atmos 0.9.4 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 967259ac48e43b57455a18b59e4aa5ce3e8f3c45ce4497a069668d8539191c7d
-  data.tar.gz: 61cc1ca6c174588587b1982f5e6de1ba08c59690610503bffd1a05ee40e9d4bc
+  metadata.gz: 150cd6186165ef42f3e4375c403b83e2ad3e7151e3650c723502bc65200f5938
+  data.tar.gz: 7e0272eede1da6dcf9a44dbce9ca5b626ede5f2ca4b74d7d0163d7cdb7dd2a70
 SHA512:
-  metadata.gz: 150ea6f5147379574f36df0fc62d8102d9be7e3cab4254c3df9b78d0734b0916f91b715d59b976eeaf8a0643e889b0817b23f5ede32ebfaac11101587f9f7ff7
-  data.tar.gz: cb82a1291212a3b6d2e6cf7642dfc15653f4a5525438041655dee5d95a6e66890c50c40b9d2bcd5381af5939742019b0bf858c14c2f9d4eaf44a3faccaa7e751
+  metadata.gz: f193baa7ed6a0d9c817aaefb3247f0b2e79e9f7a3c99ecf237240ffba37aef07af883fe4e01a01a2a1d94031f7626f7d668625c9f8af62b00bf18938b0114fca
+  data.tar.gz: 59560c7e104520aab60a5363508960f55b4a516b859b74c4d1740d3fc3bb8dce1a7dd7607811b5a4383da756f7693965d252d146d2b9a68253e2e91faa0ecbe0

data/CHANGELOG.md

@@ -1,3 +1,33 @@
+0.10.0 (09/13/2019)
+-------------------
+
+#### Notes on breaking changes
+
+* Made AWS SSM Parameter Store the default secrets store for atmos.  The s3 secrets will still work unless you overwrite your provider/aws.yml with the changes
+* Interpolations in the yml config now look up from the top level only if missing in the current level (hashes of hashes).  Previously it looked up values from the top level before the current level, which was causing a number of issues.  One can force a lookup from the top level by prefixing the key in the interpolations with `_root_`, e.g. The [config/provider/aws.yml](https://github.com/simplygenius/atmos-recipes/blob/master/aws/scaffold/config/atmos/providers/aws.yml#L20) in the atmos aws scaffold.  You will know you forgot to do this when you get s circular reference error when running atmos.
+* Atmos pro has been merged into core Atmos, so you should stop using of the atmos-pro-recipes repository as well as the atmos-pro-plugins gem as they will go away soon.
+
+#### Full changelog
+* add ability to push or activate instead of always doing both as deploy does [dfac7ad](https://github.com/simplygenius/atmos/commit/dfac7ad)
+* add ruby 2.6 [a3b8aff](https://github.com/simplygenius/atmos/commit/a3b8aff)
+* add ruby 2.6 [db3469f](https://github.com/simplygenius/atmos/commit/db3469f)
+* running deploy as deployer user needs the deployer specific role to be specified [06a34b0](https://github.com/simplygenius/atmos/commit/06a34b0)
+* move client out of ctor to fix tests [b9d8c02](https://github.com/simplygenius/atmos/commit/b9d8c02)
+* make s3 consistent with ssm for trying to set an existing secret add force option when setting secret to cause ssm (and s3) to overwrite existing secret [b05f189](https://github.com/simplygenius/atmos/commit/b05f189)
+* add aws ssm for secret management, update aws gem version dependencies [8cb4350](https://github.com/simplygenius/atmos/commit/8cb4350)
+* Merge pull request #3 from nirvdrum/readme-improvements [d82710b](https://github.com/simplygenius/atmos/commit/d82710b)
+* interpolations in config should only lookup values from root only if they don't exit in current level of hash.  One can force a root lookup with the _root_ prefix.  This is a breaking change [cc925d3](https://github.com/simplygenius/atmos/commit/cc925d3)
+* Minor README clean-ups. [16778b1](https://github.com/simplygenius/atmos/commit/16778b1)
+* Homebrew is now available on Linux, so no need to limit the docs to just macOS. [6885a35](https://github.com/simplygenius/atmos/commit/6885a35)
+* Update the package names to be installed via Homebrew. [68f3cde](https://github.com/simplygenius/atmos/commit/68f3cde)
+* friendlier output for cycles in interpolation, better exception handling [dea7766](https://github.com/simplygenius/atmos/commit/dea7766)
+* fix whitespace [870f4c2](https://github.com/simplygenius/atmos/commit/870f4c2)
+* allow running multiple organizations from a single ops account [baef6c3](https://github.com/simplygenius/atmos/commit/baef6c3)
+* Fix config interpolation to allow one path to refer to another that also needs interpolation [202fd85](https://github.com/simplygenius/atmos/commit/202fd85)
+* Inline all the atmos pro functionality/recipes to make atmos fully open source [b906d7e](https://github.com/simplygenius/atmos/commit/b906d7e)
+* mention setting of secret for example app [382db44](https://github.com/simplygenius/atmos/commit/382db44)
+* upgrade bundler [667c7a6](https://github.com/simplygenius/atmos/commit/667c7a6)
+
 0.9.4 (03/20/2019)
 ------------------
 

data/README.md

@@ -6,7 +6,7 @@
 
 Atmos(phere) - Breathe easier with terraform
 
-Atmos provides a layer of organization on top of terraform for creating cloud system architectures with Amazon Web Services.  It handles the plumbing so you can focus on your application.  The core atmos runtime is free and open-source, with a business friendly license (Apache).  It provides some basic recipes to help get you going with a service oriented architecture implemented with AWS Elastic Container Services.  For more in-depth recipes, please check out the [Atmos Pro](https://simplygenius.com/atmos-pro) offering.
+Atmos provides a layer of organization on top of terraform for creating cloud system architectures with Amazon Web Services.  It handles the plumbing so you can focus on your application.  The core atmos runtime is free and open-source, with a business friendly license (Apache).  It provides some basic recipes to help get you going with a service oriented architecture implemented with AWS Elastic Container Services.
 
 In a nutshell, you provide the green, atmos delivers the rest:
 
@@ -14,7 +14,7 @@ In a nutshell, you provide the green, atmos delivers the rest:
 
 ## Goals
 
-* The whole is greater than the sum of its parts.  Assist in creating a cloud infrastructure _system_ rather than just discrete infrastructure components.  Learning aws and terraform is a lot to bite off when getting started.  It's much easier to start with a working system ,and learn incrementally as you go by making changes to it.
+* The whole is greater than the sum of its parts.  Assist in creating a cloud infrastructure _system_ rather than just discrete infrastructure components.  Learning aws and terraform is a lot to bite off when getting started.  It's much easier to start with a working system, and learn incrementally as you go by making changes to it.
 
 * The command line is king.  Using a CLI to iterate on and manage core infrastructure has always been more effective for me, so I aim to make things as convenient and usable as possible from there.
 
@@ -39,8 +39,8 @@ In a nutshell, you provide the green, atmos delivers the rest:
 
 First install the dependencies:
  * [Install docker](https://www.docker.com/community-edition) for deploying containers
- * Install terraform (optional if running atmos as a docker image): e.g. `brew install terraform` on OS X 
- * Install the aws cli (optional, useful for managing aws credentials): e.g. `brew install aws` on OS X
+ * Install terraform (optional if running atmos as a docker image): e.g. `brew install terraform@0.11` on macOS or Linux
+ * Install the aws cli (optional, useful for managing aws credentials): e.g. `brew install awscli` on macOS or Linux
 
 Then install atmos:
 
@@ -107,11 +107,11 @@ aws configure --profile <user_profile_name>
 
 If you supply the "-m" flag, it will automatically create and activate a virtual MFA device with the user, and prompt you to save the secret to the atmos mfa keystore for integrated usage.  You can skip saving the secret and instead just copy/paste it into your MFA device of choice.  The "user create" command can also act in more of an upsert fashion, so to do something like reset a user's password and keys, you could do `atmos user create --force -l -m -k your@email.address`
 
-Login to the aws console as that user, change your password and setup MFA there if you prefer doing it that way.  Make sure you log out and back in again with MFA before you try setting up the [role switcher](#per-user-role-switcher-in-console)
+Login to the aws console as that user, change your password and setup MFA there if you prefer doing it that way.  Make sure you log out and back in again with MFA before you try setting up the [role switcher](#per-user-role-switcher-in-console).
 
-Now that a non-root user is created, you should be able to do everything as that user, so you can remove the root access keys if desired.  Keeping them around can be useful though, as there are some AWS operations that can only be done as the root user.  Leaving them in your shared credential store, but deactivating them in the AWS console till needed is a reasonable compromise.  
+Now that a non-root user is created, you should be able to do everything as that user, so you can remove the root access keys if desired.  Keeping them around can be useful though, as there are some AWS operations that can only be done as the root user.  Leaving them in your shared credential store, but deactivating them in the AWS console until needed is a reasonable compromise.  
 
-While you can do everything in a single account, i've found a better practice is to use a new account for each env (dev, staging, prod, etc), and leave the ops account providing authentication duties and acting as a jumping off point to the others.  This allows for easier role/permission management down the line as well as better isolation between environments, thereby enabling safe iteration in dev environments without risking production.
+While you can do everything in a single account, I've found a better practice is to use a new account for each env (dev, staging, prod, etc), and leave the ops account providing authentication duties and acting as a jumping off point to the others.  This allows for easier role/permission management down the line as well as better isolation between environments, thereby enabling safe iteration in dev environments without risking production.
 
 Create a new `dev` account, and bootstrap it to work with atmos
 
@@ -127,6 +127,10 @@ Use the 'aws/service' template to setup an ECS Fargate based service, then apply
 
 ```
 atmos generate --force aws/service
+# If you setup a db for your service, add its password to the secret store.
+# Otherwise the service container will fail to start if it is using the
+# ATMOS_SECRET_KEYS mechanism like the example app is using.
+# atmos -e dev secret set service_<service_name>_db_password sekret!
 atmos -e dev apply
 
 ```
@@ -146,10 +150,10 @@ Then use atmos to push and deploy that image to the ECR repo:
 atmos -e dev container deploy -c services <service_name>
 ```
 
-The atmos aws scaffold also sets up a user named deployer, with restricted permissions sufficient to do the deploy.  Add the [key/secret](https://github.com/simplygenius/atmos-recipes/blob/master/aws/scaffold/recipes/atmos-permissions.tf#L159)) to the environment for your CI to get your CI to auto deploy on successful build.
+The atmos aws scaffold also sets up a user named _deployer_, with restricted permissions sufficient to do the deploy.  Add the [key/secret](https://github.com/simplygenius/atmos-recipes/blob/master/aws/scaffold/recipes/atmos-permissions.tf#L159) to the environment for your CI to get your CI to auto-deploy on successful build.
 
 ```
-AWS_ACCESS_KEY_ID=<deployer_key> AWS_SECRET_ACCESS_KEY=<deployer_secret> atmos -e <env_based_on_branch> container deploy -c services <service_name>
+AWS_ACCESS_KEY_ID=<deployer_key> AWS_SECRET_ACCESS_KEY=<deployer_secret> atmos -e <env_based_on_branch> container deploy -r <env>-deployer -c services <service_name>
 ```
 
 To clean it all up:
@@ -188,14 +192,14 @@ These are separate commands so that day-day usage where you want to tear down ev
 
 If you are following the account-per-environment pattern, you will need to setup a role switcher for each account in the AWS console for your user.  The AWS console seems to store these in cookies, so if you make a mistake its easy to fix by clearing them.  First, login to the AWS console with your personal aws user that was created in the ops account.  Select the dropdown with your email at top right of the page, Switch Role.  Fill the details for the environment you want to be able to access from the console:
 
-* Account number for the environment (See environments->`<env>`-> account_id in `config/atmos.yml` 
+* Account number for the environment (see environments->`<env>`-> account_id in `config/atmos.yml`).
 * Role `<env>-admin` - this is the role you assume in the destination account.
 * Pick a name (e.g. DevAdmin)
 * Pick a color that you like (e.g. Red=production, Yellow=staging, Green=dev)
 
 ## Managing secrets
 
-Secrets are stored in a s3 bucket unique to each environment, and automatically passed into terraform when it is executed by atmos.  The secret key should be the same as a terraform variable name defined in your terraform recipes, and if the secret exists, it will override whatever default value you have setup for the terraform variable.
+Secrets are stored in a S3 bucket unique to each environment, and automatically passed into terraform when it is executed by atmos.  The secret key should be the same as a terraform variable name defined in your terraform recipes, and if the secret exists, it will override whatever default value you have setup for the terraform variable.
 
 To set a secret:
 
@@ -213,7 +217,3 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/simply
 ## License
 
 The gem is available as open source under the terms of the [Apache 2.0 License](https://opensource.org/licenses/apache-2.0).
-
-# About Us
-
-[Simply Genius LLC](https://simplygenius.com) is an independently run organization in Boston, MA USA.  Its Chief Everything is Matt Conway, a software engineer and executive with more than 20 years of experience in the Boston Tech Startup scene.  Atmos is his attempt at providing the world with the same tools, techniques, mindset and philosophy that he strives for when building a system architecture for a new startup.

data/lib/simplygenius/atmos/cli.rb

@@ -1,6 +1,5 @@
 require_relative '../atmos'
 require_relative '../atmos/ui'
-require_relative '../atmos/plugins/prompt_notify'
 require 'clamp'
 require 'sigdump/setup'
 
@@ -44,7 +43,7 @@ module SimplyGenius
              'GROUP', "The atmos working group\n for selecting recipe groups\n",
              default: 'default'
 
-      option ["-l", "--load-path"],
+      option ["-p", "--load-path"],
              "PATH", "adds additional paths to ruby load path",
              multivalued: true
 
@@ -109,11 +108,23 @@ module SimplyGenius
           UI.color_enabled = color?
 
           Atmos.config.add_user_load_path(*load_path_list)
-          Atmos.config.plugin_manager.register_output_filter(:stdout, Plugins::PromptNotify)
           Atmos.config.plugin_manager.load_plugins
         end
       end
 
+      # Hook into clamp lifecycle to globally handle errors
+      class << self
+        def run(*args, **opts, &blk)
+          begin
+            super
+          rescue Exception => e
+            logger.log_exception(e, "Unhandled exception", level: :debug)
+            logger.error(e.message)
+            exit!
+          end
+        end
+      end
+
     end
 
   end

data/lib/simplygenius/atmos/commands/container.rb

@@ -1,5 +1,6 @@
 require_relative 'base_command'
 require_relative '../../atmos/settings_hash'
+require_relative '../../atmos/ui'
 require 'climate_control'
 
 module SimplyGenius
@@ -7,12 +8,13 @@ module SimplyGenius
     module Commands
 
       class Container < BaseCommand
+        include UI
 
         def self.description
           "Manages containers in the cloud provider"
         end
 
-        subcommand "deploy", "Deploy a container" do
+        subcommand "push", "Only push a container image without activating it" do
 
           option ["-c", "--cluster"],
                  "CLUSTER", "The cluster name\n",
@@ -35,6 +37,113 @@ module SimplyGenius
           end
 
           def execute
+            Atmos.config.provider.auth_manager.authenticate(ENV, role: role) do |auth_env|
+              ClimateControl.modify(auth_env) do
+                mgr = Atmos.config.provider.container_manager
+
+                primary_name = name_list.first
+
+                result = mgr.push(primary_name, image, revision: revision)
+
+                logger.info "Container pushed:\n #{display result}"
+              end
+            end
+          end
+
+        end
+
+        subcommand "activate", "Activate a container that has already been pushed" do
+
+          option ["-c", "--cluster"],
+                 "CLUSTER", "The cluster name\n",
+                 required: true
+
+          option ["-r", "--role"],
+                 "ROLE", "The role to assume when deploying\n"
+
+          option ["-v", "--revision"],
+                 "REVISION", "Use the given revision of the pushed image to activate\n"
+
+          option ["-l", "--list"],
+                 :flag, "List the most recent pushed images\n"
+
+          option ["-t", "--tagcount"],
+                 "N", "Only show the last N items when listing\n",
+                 default: 10 do |s|
+            Integer(s)
+          end
+
+          parameter "NAME ...",
+                    "The name of the service (or task) to activate\nWhen multiple, the first is the primary, and\nthe rest get activated with its image"
+
+          def execute
+            Atmos.config.provider.auth_manager.authenticate(ENV, role: role) do |auth_env|
+              ClimateControl.modify(auth_env) do
+                mgr = Atmos.config.provider.container_manager
+                primary_name = name_list.first
+
+                if list?
+                  tags =  mgr.list_image_tags(cluster, primary_name)
+                  logger.info "Recent revisions:\n"
+                  tags[:tags].last(tagcount).each {|t| logger.info "\t#{t}"}
+                  logger.info("")
+                  logger.info("Currently active revision is: #{tags[:current]}") if tags[:current]
+                  logger.info("The revision associated with the `latest` tag is: #{tags[:latest]}") if tags[:latest]
+                  return
+                end
+
+                rev = revision
+                if rev.nil? && !list?
+                  tags =  mgr.list_image_tags(cluster, primary_name)
+                  logger.info("Currently active revision is: #{tags[:current]}") if tags[:current]
+                  logger.info("The revision associated with the `latest` tag is: #{tags[:latest]}") if tags[:latest]
+                  logger.info("")
+
+                  rev = choose do |menu|
+                    menu.prompt = "Which revision would you like to activate? "
+                    menu.choices(* tags[:tags].last(tagcount))
+                  end
+                end
+
+                remote_image = mgr.remote_image(primary_name, rev)
+                result = {}
+                name_list.each do |name|
+                  resp = mgr.deploy(cluster, name, remote_image)
+                  result[:task_definitions] ||= []
+                  result[:task_definitions] << resp[:task_definition]
+                end
+
+                logger.info "Container activated:\n #{display result}"
+              end
+            end
+          end
+
+        end
+
+        subcommand "deploy", "Push and activate a container" do
+
+          option ["-c", "--cluster"],
+                 "CLUSTER", "The cluster name\n",
+                 required: true
+
+          option ["-r", "--role"],
+                 "ROLE", "The role to assume when deploying\n"
+
+          option ["-i", "--image"],
+                 "IMAGE", "The local container image to deploy\nDefaults to service/task name"
+
+          option ["-v", "--revision"],
+                 "REVISION", "Use as the remote image revision\n"
+
+          parameter "NAME ...",
+                    "The name of the service (or task) to deploy\nWhen multiple, the first is the primary, and\nthe rest get deployed with its image"
+
+          def default_image
+            name_list.first
+          end
+
+          def execute
+            # TODO: use local_name_prefix for cluster name and repo/service name?
             Atmos.config.provider.auth_manager.authenticate(ENV, role: role) do |auth_env|
               ClimateControl.modify(auth_env) do
                 mgr = Atmos.config.provider.container_manager

data/lib/simplygenius/atmos/commands/secret.rb

@@ -31,6 +31,10 @@ module SimplyGenius
 
         subcommand "set", "Sets the secret value" do
 
+          option ["-f", "--force"],
+                 :flag, "forces updates for pre-existing secret\n",
+                 default: false
+
           parameter "KEY",
                     "The secret key"
 
@@ -41,7 +45,7 @@ module SimplyGenius
 
             Atmos.config.provider.auth_manager.authenticate(ENV) do |auth_env|
               ClimateControl.modify(auth_env) do
-                Atmos.config.provider.secret_manager.set(key, value)
+                Atmos.config.provider.secret_manager.set(key, value, force: force?)
                 logger.info "Secret set for #{key}"
               end
             end

data/lib/simplygenius/atmos/config.rb

@@ -212,7 +212,6 @@ module SimplyGenius
 
           logger.debug("Atmos env: #{atmos_env}")
 
-
           if ! File.exist?(config_file)
             logger.warn "Could not find an atmos config file at: #{config_file}"
             @full_config = SettingsHash.new
@@ -237,7 +236,11 @@ module SimplyGenius
               atmos_working_group: working_group,
               atmos_version: VERSION
           }, ["builtins"])
-          expand(conf, conf)
+
+          conf.error_resolver = ->(statement) { find_config_error(statement) }
+          conf.enable_expansion = true
+          conf
+
         end
       end
 
@@ -260,46 +263,6 @@ module SimplyGenius
         config
       end
 
-      def expand(config, obj)
-        case obj
-          when Hash
-            SettingsHash.new(Hash[obj.collect {|k, v| [k, expand(config, v)] }])
-          when Array
-            result = obj.collect {|i| expand(config, i) }
-            # HACK: accounting for the case when someone wants to force an override using '^' as the first list item, when
-            # there is no upstream to override (i.e. merge proc doesn't get triggered as key is unique, so just added verbatim)
-            result.delete_at(0) if result[0] == "^"
-            result
-          when String
-            result = obj
-            result.scan(INTERP_PATTERN).each do |substr, statement|
-              # TODO: check for cycles
-              if statement =~ /^[\w\.\[\]]$/
-                val = config.notation_get(statement)
-              else
-                # TODO: be consistent with dot notation between eval and
-                # notation_get.  eval ends up calling Hashie method_missing,
-                # which returns nil if a key doesn't exist, causing a nil
-                # exception for next item in chain, while notation_get returns
-                # nil gracefully for the entire chain (preferred)
-                begin
-                  val = eval(statement, config.instance_eval("binding"))
-                rescue => e
-                  file, line = find_config_error(substr)
-                  file_msg = file.nil? ? "" : " in #{File.basename(file)}:#{line}"
-                  raise RuntimeError.new("Failing config statement '#{substr}'#{file_msg} => #{e.class} #{e.message}")
-                end
-              end
-              result = result.sub(substr, expand(config, val).to_s)
-            end
-            result = true if result == 'true'
-            result = false if result == 'false'
-            result
-          else
-            obj
-        end
-      end
-
       def find_config_error(statement)
         filename = nil
         line = 0

data/lib/simplygenius/atmos/exceptions.rb

@@ -1,4 +1,5 @@
 require_relative '../atmos'
+require 'clamp'
 
 module SimplyGenius
   module Atmos
@@ -6,6 +7,9 @@ module SimplyGenius
     module Exceptions
       class UsageError < Clamp::UsageError
 
+      end
+      class ConfigInterpolationError < ::ScriptError
+
       end
     end
 

data/lib/simplygenius/atmos/generator.rb

@@ -136,7 +136,7 @@ module SimplyGenius
           end
 
           def track_context(varname, value)
-            varname.blank? || value.nil? ? nil: tmpl.scoped_context[varname] = value
+            varname.blank? || value.nil? ? nil : tmpl.scoped_context[varname] = value
           end
 
           def respond_to_missing?(method_name, *args)

data/lib/simplygenius/atmos/plugin.rb

@@ -1,9 +1,7 @@
 require_relative '../atmos'
 require 'active_support/core_ext/class'
 
-Dir.glob(File.join(File.join(__dir__, 'plugins'), '*.rb')) do |f|
-  require_relative "plugins/#{File.basename(f).sub(/\.rb$/, "")}"
-end
+require_relative "plugins/output_filter"
 
 module SimplyGenius
   module Atmos
@@ -11,14 +9,15 @@ module SimplyGenius
     class Plugin
       include GemLogger::LoggerSupport
 
-      attr_reader :config
+      attr_reader :plugin_manager, :config
 
-      def initialize(config)
+      def initialize(plugin_manager, config)
+        @plugin_manager = plugin_manager
         @config = config
       end
 
       def register_output_filter(type, clazz)
-        Atmos.config.plugin_manager.register_output_filter(type, clazz)
+        plugin_manager.register_output_filter(type, clazz)
       end
 
     end

data/lib/simplygenius/atmos/plugin_manager.rb

@@ -45,7 +45,7 @@ module SimplyGenius
             begin
               if ! @plugin_classes.include?(plugin_class)
                 @plugin_classes << plugin_class
-                @plugin_instances << plugin_class.new(plugin)
+                @plugin_instances << plugin_class.new(self, plugin)
               end
             rescue StandardError => e
               logger.log_exception e, "Failed to initialize plugin: #{plugin_class}"

data/lib/simplygenius/atmos/plugins/core_plugin.rb

@@ -0,0 +1,23 @@
+require_relative '../../atmos'
+require_relative "prompt_notify"
+require_relative "lock_detection"
+require_relative "plan_summary"
+require_relative "json_diff"
+
+module SimplyGenius
+  module Atmos
+    module Plugins
+
+      class CorePlugin < SimplyGenius::Atmos::Plugin
+        def initialize(plugin_manager, config)
+          super
+          register_output_filter(:stdout, Plugins::PromptNotify) unless config[:disable_prompt_notify]
+          register_output_filter(:stderr, Plugins::LockDetection) unless config[:disable_lock_detection]
+          register_output_filter(:stdout, Plugins::PlanSummary) unless config[:disable_plan_summary]
+          register_output_filter(:stdout, Plugins::JsonDiff) unless config[:disable_json_diff]
+        end
+      end
+
+    end
+  end
+end

data/lib/simplygenius/atmos/plugins/json_diff.rb

@@ -0,0 +1,95 @@
+require_relative '../../atmos'
+require_relative 'output_filter'
+require 'deepsort'
+require 'diffy'
+require 'json'
+require 'yaml'
+
+module SimplyGenius
+  module Atmos
+    module Plugins
+
+      class JsonDiff < SimplyGenius::Atmos::Plugins::OutputFilter
+
+        def initialize(context)
+          super
+          @plan_detected = false
+          @json_data = ""
+        end
+
+        def filter(data, flushing: false)
+
+          # If we are flushing and never saw a json end, then flush the data we have buffered
+          if flushing && @saving_json
+            buffer = @json_data + data
+            @json_data = ""
+            return buffer
+          end
+
+          # TODO: roll up plan detection so we don't have many plugins doing the same regexp match
+          if data =~ /^[\e\[\dm\s]*Terraform will perform the following actions:[\e\[\dm\s]*$/
+            @plan_detected = true
+          end
+
+          if @plan_detected
+
+            if data =~ /^.*:\s*"[\[\{]/
+              @saving_json = true
+            end
+
+            if @saving_json
+              @json_data << data
+
+              if data =~ /[\]\}][\s\\n]*[^\\]"[^"]*$/
+                @saving_json = false
+                with_diff = @json_data.sub(/^(.*:\s*)"([\[\{].*[\]\}])[\s\\n]*"\s*=>\s*"([\[\{].*[\]\}])[\s\\n]*"(.*)$/) do |m|
+                  begin
+                    "#{$1}\n#{jsondiff($2, $3)}\n#{$4}"
+                  rescue JSON::ParserError => e
+                    logger.warn("Failed to parse JSON for diff: #{e.message}")
+                    "#{$1}\n\n#{$2}\n\n=>\n\n#{$3}\n\n#{$4}"
+                  end
+                end
+                @json_data = ""
+                return with_diff
+              end
+
+              return ""
+            end
+
+          end
+
+          data
+        end
+
+        def unescape(s)
+          YAML.load(%Q(---\n"#{s}"\n))
+        end
+
+        def jsondiff(lhs, rhs)
+          lhs = unescape(lhs)
+          rhs = unescape(rhs)
+
+          jl = JSON.parse(lhs).deep_sort
+          jr = JSON.parse(rhs).deep_sort
+
+          sl = JSON.pretty_generate(jl)
+          sr = JSON.pretty_generate(jr)
+
+          if sl == sr
+            result = "No differences"
+          else
+            result = Diffy::Diff.new("#{sl}\n", "#{sr}\n").to_s
+          end
+
+          result
+        end
+
+
+      end
+
+    end
+  end
+end
+
+

data/lib/simplygenius/atmos/plugins/lock_detection.rb

@@ -0,0 +1,37 @@
+require_relative '../../atmos'
+require_relative 'output_filter'
+require_relative '../../atmos/terraform_executor'
+
+module SimplyGenius
+  module Atmos
+    module Plugins
+
+      class LockDetection < SimplyGenius::Atmos::Plugins::OutputFilter
+
+        def filter(data, flushing: false)
+          if data =~ /^[\e\[\dm\s]*Lock Info:[\e\[\dm\s]*$/
+            @lock_detected = true
+          end
+          if data =~ /^[\e\[\dm\s]*ID:\s*([a-f0-9\-]+)[\e\[\dm\s]*$/
+            @lock_id = $1
+          end
+          data
+        end
+
+        def close
+          if @lock_detected && @lock_id.present?
+            clear_lock = agree("Terraform lock detected, would you like to clear it? ") {|q| q.default = 'n' }
+            if clear_lock
+              logger.info "Clearing terraform lock with id: #{@lock_id}"
+              te = TerraformExecutor.new(process_env: context[:process_env])
+              te.run("force-unlock", "-force", @lock_id)
+            end
+          end
+        end
+
+      end
+
+    end
+  end
+end
+

data/lib/simplygenius/atmos/plugins/plan_summary.rb

@@ -0,0 +1,45 @@
+require_relative '../../atmos'
+require_relative 'output_filter'
+
+module SimplyGenius
+  module Atmos
+    module Plugins
+
+      class PlanSummary < SimplyGenius::Atmos::Plugins::OutputFilter
+
+        def initialize(context)
+          super
+          @plan_detected = false
+          @summary_data = ""
+        end
+
+        def filter(data, flushing: false)
+          summary_saved = false
+          if data =~ /^[\e\[\dm\s]*Terraform will perform the following actions:[\e\[\dm\s]*$/
+            @plan_detected = true
+            @summary_data = data.sub(/.*Terraform will perform the following actions:[^\n]*\n/m, "")
+            summary_saved = true
+          end
+
+          if @plan_detected
+            @summary_data << data unless summary_saved
+            data.sub!(/^[\e\[\dm\s]*Plan:.*$/) do |m|
+              summary = summarize(@summary_data)
+              m + "\n\n#{summary}\n"
+            end
+          end
+
+          data
+        end
+
+        def summarize(data)
+          lines = data.lines.select {|l| l =~ /^[\e\[\dm\s]*[~+\-<]/ }.collect(&:chomp)
+          lines = lines.reject {|l| l =~ /-----/ }
+          "Plan Summary:\n#{lines.join("\n")}"
+        end
+
+      end
+
+    end
+  end
+end

data/lib/simplygenius/atmos/plugins.rb

@@ -0,0 +1,11 @@
+require_relative "../atmos"
+
+# hook for plugin load mechanism
+require_relative "plugins/core_plugin"
+
+module SimplyGenius
+  module Atmos
+    module Plugins
+    end
+  end
+end

data/lib/simplygenius/atmos/providers/aws/container_manager.rb

@@ -97,6 +97,68 @@ module SimplyGenius
              return result
           end
 
+          def remote_image(name, tag)
+            ecr = ::Aws::ECR::Client.new
+
+            resp = ecr.get_authorization_token
+            endpoint = resp.authorization_data.first.proxy_endpoint
+
+            ecs_image="#{endpoint.sub(/https?:\/\//, '')}/#{name}"
+            tagged_image = "#{ecs_image}:#{tag}"
+
+            return tagged_image
+          end
+
+          def list_image_tags(cluster, name)
+            result = {tags: [], latest: nil, current: nil}
+            latest_digest = nil
+
+            ecs = ::Aws::ECS::Client.new
+            ecr = ::Aws::ECR::Client.new
+
+            resp = ecs.describe_services(services: [name], cluster: cluster)
+            if resp.services.size == 1
+              task_def = resp.services.first.task_definition
+              resp = ecs.describe_task_definition(task_definition: task_def)
+              image = resp.task_definition.container_definitions.first.image
+              result[:current] = image.sub(/^.*:/, '')
+            else
+              raise "No services found for '#{name}' in cluster '#{cluster}'"
+            end
+
+            # TODO: handle pagination?
+            resp = ecr.list_images(repository_name: name, filter: {tag_status: "TAGGED"}, max_results: 1000)
+            if resp.image_ids.size > 0
+
+              images = resp.image_ids
+
+              images.each do |i|
+                if i.image_tag == 'latest'
+                  latest_digest = i.image_digest
+                end
+
+                result[:tags] << i.image_tag
+              end
+
+              if latest_digest
+                images.each do |i|
+                  if i.image_digest == latest_digest && i.image_tag != 'latest'
+                    result[:latest] = i.image_tag
+                    break
+                  end
+                end
+                # Handle if latest tag isn't some other tag
+                result[:latest] = 'latest' if result[:latest].nil?
+              end
+
+              result[:tags].sort!
+            else
+              raise "No images found for '#{name}'"
+            end
+
+            return result
+          end
+
           private
 
           def run(*args, **opts)

data/lib/simplygenius/atmos/providers/aws/provider.rb

@@ -36,7 +36,16 @@ module SimplyGenius
 
           def secret_manager
             @secret_manager ||= begin
-              S3SecretManager.new(self)
+              conf = Atmos.config[:secret]
+              logger.debug("Secrets config is: #{conf}")
+              manager_type = conf[:type] || "ssm"
+              if manager_type !~ /::/
+                manager_type += "_secret_manager"
+                manager_type = "#{self.class.name.deconstantize}::#{manager_type.camelize}"
+              end
+              manager = manager_type.constantize
+              logger.debug("Using secrets manager #{manager}")
+              manager.new(self)
             end
           end
 

data/lib/simplygenius/atmos/providers/aws/s3_secret_manager.rb

@@ -11,16 +11,19 @@ module SimplyGenius
 
           def initialize(provider)
             @provider = provider
-            logger.debug("Secrets config is: #{Atmos.config[:secret]}")
             @bucket_name = Atmos.config[:secret][:bucket]
             @bucket_prefix = "#{Atmos.config[:secret][:prefix]}"
             @encrypt = Atmos.config[:secret][:encrypt]
           end
 
-          def set(key, value)
+          def set(key, value, force: false)
             opts = {}
             opts[:server_side_encryption] = "AES256" if @encrypt
-            bucket.object(@bucket_prefix + key).put(body: value, **opts)
+            obj = bucket.object(@bucket_prefix + key)
+            if obj.exists? && ! force
+              raise "A value already exists for the given key, force overwrite or delete first"
+            end
+            obj.put(body: value, **opts)
           end
 
           def get(key)

data/lib/simplygenius/atmos/providers/aws/ssm_secret_manager.rb

@@ -0,0 +1,70 @@
+require_relative '../../../atmos'
+require 'aws-sdk-ssm'
+
+module SimplyGenius
+  module Atmos
+    module Providers
+      module Aws
+
+        class SsmSecretManager
+          include GemLogger::LoggerSupport
+
+          def initialize(provider)
+            @provider = provider
+            @path_prefix = "#{Atmos.config[:secret][:prefix]}"
+            @encrypt = Atmos.config[:secret][:encrypt]
+          end
+
+          def set(key, value, force: false)
+            opts = {}
+
+            param_name = param_name(key)
+            param_type = @encrypt ? "SecureString" : "String"
+            param_value = value
+
+            if value.is_a?(Array)
+              raise "AWS SSM Parameter Store cannot encrypt lists directly" if @encrypt
+              param_type = "StringList"
+              param_value = value.join(",")
+            end
+
+            client.put_parameter(name: param_name, value: param_value, type: param_type, overwrite: force)
+          end
+
+          def get(key)
+            resp = client.get_parameter(name: param_name(key), with_decryption: @encrypt)
+            resp.parameter.value
+          end
+
+          def delete(key)
+            client.delete_parameter(name: param_name(key))
+          end
+
+          def to_h
+            result = {}
+            resp = client.get_parameters_by_path(path: param_name(""), recursive: true, with_decryption: @encrypt)
+            resp.parameters.each do |p|
+              key = p.name.gsub(/^#{param_name("")}/, '')
+              result[key] = p.value
+            end
+
+            return result
+          end
+
+          private
+
+          def param_name(key)
+            param_name = "/#{@path_prefix}/#{key}"
+            param_name.gsub!(/\/{2,}/, '/')
+            param_name
+          end
+
+          def client
+            @client ||= ::Aws::SSM::Client.new
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/simplygenius/atmos/settings_hash.rb

@@ -1,4 +1,5 @@
 require 'hashie'
+require_relative "../atmos/exceptions"
 
 module SimplyGenius
   module Atmos
@@ -7,9 +8,119 @@ module SimplyGenius
       include GemLogger::LoggerSupport
       include Hashie::Extensions::DeepMerge
       include Hashie::Extensions::DeepFetch
+      include SimplyGenius::Atmos::Exceptions
       disable_warnings
 
       PATH_PATTERN = /[\.\[\]]/
+      INTERP_PATTERN = /(\#\{([^\}]+)\})/
+
+      attr_accessor :_root_, :error_resolver, :enable_expansion
+
+      alias orig_reader []
+
+      def expand_results(name, &blk)
+        # NOTE: we lookup locally first, then globally if a value is missing
+        # locally.  To force a global lookup, use the explicit qualifier like
+        # "_root_.path.to.config"
+
+        value = blk.call(name)
+
+        if value.nil? && _root_ && enable_expansion
+          value = _root_[name]
+        end
+
+        if value.kind_of?(self.class) && value._root_.nil?
+          value._root_ = _root_ || self
+        end
+
+        enable_expansion ? expand(value) : value
+      end
+
+      def expanding_reader(key)
+        expand_results(key) {|k| orig_reader(k) }
+      end
+
+      def fetch(key, *args)
+        expand_results(key) {|k| super(k, *args) }
+      end
+
+      def error_resolver
+        @error_resolver || _root_.try(:error_resolver)
+      end
+
+      def enable_expansion
+        @enable_expansion.nil? ? _root_.try(:enable_expansion) : @enable_expansion
+      end
+
+      alias [] expanding_reader
+
+      # allows expansion when iterating
+      def each
+        each_key do |key|
+          yield key, self[key]
+        end
+      end
+
+      # allows expansion for to_a (which doesn't use each)
+      def to_a
+        self.collect {|k, v| [k, v]}
+      end
+
+      def format_error(msg, expr, ex=nil)
+        file, line = nil, nil
+        if error_resolver
+          file, line = error_resolver.call(expr)
+        end
+        file_msg = file.nil? ? "" : " in #{File.basename(file)}:#{line}"
+        msg = "#{msg} '#{expr}'#{file_msg}"
+        if ex
+          msg +=  " => #{ex.class} #{ex.message}"
+        end
+        return msg
+      end
+
+      def expand_string(obj)
+        result = obj
+        result.scan(INTERP_PATTERN).each do |substr, statement|
+          # TODO: add an explicit check for cycles instead of relying on Stack error
+          begin
+            # TODO: be consistent with dot notation between eval and
+            # notation_get.  eval ends up calling Hashie method_missing,
+            # which returns nil if a key doesn't exist, causing a nil
+            # exception for next item in chain, while notation_get returns
+            # nil gracefully for the entire chain (preferred)
+            val = eval(statement, binding, __FILE__)
+          rescue SystemStackError => e
+            raise ConfigInterpolationError.new(format_error("Cycle in interpolated config", substr))
+          rescue StandardError => e
+            raise ConfigInterpolationError.new(format_error("Failing config statement", substr, e))
+          end
+          result = result.sub(substr, val.to_s)
+        end
+
+        result = true if result == "true"
+        result = false if result == "false"
+
+        result
+      end
+
+      def expand(value)
+        result = value
+        case value
+        when Hash
+          value
+        when String
+          expand_string(value)
+        when Enumerable
+          value.map! {|v| expand(v)}
+          # HACK: accounting for the case when someone wants to force an override using '^' as the first list item, when
+          # there is no upstream to override (i.e. merge proc doesn't get triggered as key is unique, so just added verbatim)
+          value.delete_at(0) if value[0] == "^"
+          value
+        else
+          value
+        end
+      end
 
       def notation_get(key)
         path = key.to_s.split(PATH_PATTERN).compact
@@ -70,6 +181,9 @@ module SimplyGenius
         comment_places["<EOF>"] = comment_lines
 
         orig_config = SettingsHash.new((YAML.load_file(yml_file) rescue {}))
+        # expansion disabled by default, but being explicit since we don't want
+        # expansion when mutating config files from generators
+        orig_config.enable_expansion = false
         orig_config.notation_put(key, value, additive: additive)
         new_config_no_comments = YAML.dump(orig_config.to_hash)
         new_config_no_comments.sub!(/\A---\n/, "")

data/lib/simplygenius/atmos/version.rb

@@ -1,5 +1,5 @@
 module SimplyGenius
   module Atmos
-    VERSION = "0.9.4"
+    VERSION = "0.10.0"
   end
 end

data/templates/new/config/atmos/runtime.yml

@@ -2,7 +2,7 @@
 atmos:
 
   # Configure the location of a user config file.  This is where secrets are
-  # stored, e.g. OTP secrets and atmos pro auth token
+  # stored, e.g. OTP secrets
   #
   user_config_file: ~/.atmos.yml
 
@@ -14,24 +14,25 @@ atmos:
   template_sources:
   - name: atmos-recipes
     location: https://github.com/simplygenius/atmos-recipes/archive/v#{atmos_version}.zip#atmos-recipes-#{atmos_version}
-  # To access the Atmos Pro recipes, add your atmos pro auth token to
-  # ~/.atmos.yml and uncomment below
-  #- name: atmos-pro-recipes
-  #  location: https://#{atmos.pro_auth_token}@releases.simplygenius.com/recipes/v#{atmos_version}.zip#atmos-pro-recipes-#{atmos_version}
 
-  # To get the atmos-pro gem, add the gem source like:
-  #   gem sources -a https://ATMOS_PRO_AUTH_TOKEN@releases.simplygenius.com/gems/
-  # then install the gem:
-  #   gem install simplygenius-atmos-pro
-  # then add simplygenius-atmos-pro to the plugins key below
+  # The list of plugins to load when running atmos
   #
-  # The list of plugin gems to load when running atmos
+  # The core atmos plugin is named "simplygenius-atmos-plugins" and is enabled
+  # by default below.  Remove/comment to disable it completely, or disable parts
+  # of it by editing its config.  You can also add to the list for custom
+  # plugins, and can have plugins inline in your repo by adding a relative path
+  # to load_path
   #
   plugins:
-    #   - simplygenius-atmos-pro
+  - name: simplygenius-atmos-plugins
+    disable_prompt_notify: false
+    disable_lock_detection: false
+    disable_plan_summary: false
+    disable_json_diff: false
 
   # Allows one to add a custom ruby load path list for extending atmos without
-  # having to publish a gem
+  # having to publish a gem.  This can be a relative or shell (~) path as it
+  # gets expanded at runtime
   load_path:
 
   # Configure the mechanism that allows terraform to callback into atmos

data/templates/new/config/atmos.yml

@@ -37,6 +37,13 @@ global_name_prefix: "#{org}-#{atmos_env}-"
 #
 local_name_prefix:
 
+# The prefix used for the resources global to the organization.  Setting this
+# to something like "#{org}-" will allow you to manage multiple orgs from the same
+# ops account without name conflicts.
+# Most people should leave this blank.
+#
+org_prefix:
+
 # Environment specific overrides.  When adding new environments place them
 # after the existing ones so that you don't end up with permission issues when
 # bootstrapping the new account.  You can also add overrides for each
@@ -60,4 +67,4 @@ atmos:
   # to the directory containing atmos.yml
   #
   config_sources:
-    - atmos/*.y{,a}ml
+  - atmos/*.y{,a}ml

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: simplygenius-atmos
 version: !ruby/object:Gem::Version
-  version: 0.9.4
+  version: 0.10.0
 platform: ruby
 authors:
 - Matt Conway
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-03-20 00:00:00.000000000 Z
+date: 2019-09-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -324,72 +324,72 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.28.0
+        version: 3.66.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.28.0
+        version: 3.66.0
 - !ruby/object:Gem::Dependency
   name: aws-sdk-iam
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.0
+        version: 1.29.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.0
+        version: 1.29.0
 - !ruby/object:Gem::Dependency
   name: aws-sdk-organizations
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.13.0
+        version: 1.32.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.13.0
+        version: 1.32.0
 - !ruby/object:Gem::Dependency
   name: aws-sdk-s3
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.20.0
+        version: 1.48.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.20.0
+        version: 1.48.0
 - !ruby/object:Gem::Dependency
-  name: aws-sdk-ecr
+  name: aws-sdk-ssm
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.6.0
+        version: 1.55.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.6.0
+        version: 1.55.0
 - !ruby/object:Gem::Dependency
-  name: aws-sdk-ecs
+  name: aws-sdk-ecr
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -402,6 +402,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.20.0
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-ecs
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.49.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.49.0
 - !ruby/object:Gem::Dependency
   name: os
   requirement: !ruby/object:Gem::Requirement
@@ -444,6 +458,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.1.2
+- !ruby/object:Gem::Dependency
+  name: deepsort
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: diffy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Atmos provides a terraform scaffold for creating cloud system architectures
 email:
 - matt@simplygenius.com
@@ -486,7 +528,12 @@ files:
 - lib/simplygenius/atmos/otp.rb
 - lib/simplygenius/atmos/plugin.rb
 - lib/simplygenius/atmos/plugin_manager.rb
+- lib/simplygenius/atmos/plugins.rb
+- lib/simplygenius/atmos/plugins/core_plugin.rb
+- lib/simplygenius/atmos/plugins/json_diff.rb
+- lib/simplygenius/atmos/plugins/lock_detection.rb
 - lib/simplygenius/atmos/plugins/output_filter.rb
+- lib/simplygenius/atmos/plugins/plan_summary.rb
 - lib/simplygenius/atmos/plugins/prompt_notify.rb
 - lib/simplygenius/atmos/provider_factory.rb
 - lib/simplygenius/atmos/providers/aws/account_manager.rb
@@ -494,6 +541,7 @@ files:
 - lib/simplygenius/atmos/providers/aws/container_manager.rb
 - lib/simplygenius/atmos/providers/aws/provider.rb
 - lib/simplygenius/atmos/providers/aws/s3_secret_manager.rb
+- lib/simplygenius/atmos/providers/aws/ssm_secret_manager.rb
 - lib/simplygenius/atmos/providers/aws/user_manager.rb
 - lib/simplygenius/atmos/settings_hash.rb
 - lib/simplygenius/atmos/source_path.rb
@@ -526,7 +574,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Atmos provides a terraform scaffold for creating cloud system architectures