stack_master 1.18.0-x64-mingw32 → 2.0.0-x64-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +6 -34
- data/lib/stack_master.rb +0 -1
- data/lib/stack_master/commands/apply.rb +1 -1
- data/lib/stack_master/stack_definition.rb +0 -2
- data/lib/stack_master/stack_events/fetcher.rb +2 -2
- data/lib/stack_master/stack_events/streamer.rb +2 -2
- data/lib/stack_master/version.rb +1 -1
- metadata +5 -6
- data/lib/stack_master/parameter_resolvers/secret.rb +0 -52
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 45cd0b3bcc0dfdb739876ee5a702786b63f5be93
|
|
4
|
+
data.tar.gz: 97a89dd2dd2c3245837deb358b94cf0ac3467d1e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 84524c1c665d2462762672a3f4ae624b4b95b2c2c558e231c8d2fc7594b9960c4cc2d9d95a9a36729e9e9f94ed119d75c363c7b8db3773ff7f24192558b79ea0
|
|
7
|
+
data.tar.gz: 2f7457f4b29501ec8e6b6f4e2aa356ed23403e4991c7c7c648f37432dddbe047b0d909116694b10650d8d3de233aebf3dae2a70e7f74030c9af8820921d9af1c
|
data/README.md
CHANGED
|
@@ -25,9 +25,8 @@ are displayed for review.
|
|
|
25
25
|
- Stack events will be displayed until an end state is reached.
|
|
26
26
|
|
|
27
27
|
Stack parameters can be dynamically resolved at runtime using one of the
|
|
28
|
-
built in parameter resolvers. Parameters can be sourced from
|
|
29
|
-
|
|
30
|
-
etc.
|
|
28
|
+
built in parameter resolvers. Parameters can be sourced from other stacks
|
|
29
|
+
outputs, or by querying various AWS APIs to get resource ARNs, etc.
|
|
31
30
|
|
|
32
31
|
## Installation
|
|
33
32
|
|
|
@@ -64,13 +63,11 @@ stack_defaults:
|
|
|
64
63
|
role_arn: service_role_arn
|
|
65
64
|
region_defaults:
|
|
66
65
|
us-east-1:
|
|
67
|
-
secret_file: production.yml.gpg
|
|
68
66
|
tags:
|
|
69
67
|
environment: production
|
|
70
68
|
notification_arns:
|
|
71
69
|
- test_arn
|
|
72
70
|
ap-southeast-2:
|
|
73
|
-
secret_file: staging.yml.gpg
|
|
74
71
|
tags:
|
|
75
72
|
environment: staging
|
|
76
73
|
stacks:
|
|
@@ -138,7 +135,7 @@ stacks:
|
|
|
138
135
|
|
|
139
136
|
- `templates` - CloudFormation, SparkleFormation or CfnDsl templates.
|
|
140
137
|
- `parameters` - Parameters as YAML files.
|
|
141
|
-
- `secrets` -
|
|
138
|
+
- `secrets` - encrypted secret files.
|
|
142
139
|
- `policies` - Stack policy JSON files.
|
|
143
140
|
|
|
144
141
|
## Templates
|
|
@@ -264,35 +261,10 @@ into parameters of dependent stacks.
|
|
|
264
261
|
|
|
265
262
|
### Secret
|
|
266
263
|
|
|
267
|
-
Note:
|
|
264
|
+
Note: The GPG parameter resolver has been extracted into a dedicated gem. Please install and
|
|
265
|
+
follow the instructions for the [stack_master-gpg_parameter_resolver] gem.
|
|
268
266
|
|
|
269
|
-
|
|
270
|
-
stack definition which is a GPG encrypted YAML file. Once decrypted and parsed,
|
|
271
|
-
the value provided to the secret resolver is used to lookup the associated key
|
|
272
|
-
in the secret file. A common use case for this is to store database passwords.
|
|
273
|
-
|
|
274
|
-
stack_master.yml:
|
|
275
|
-
|
|
276
|
-
```yaml
|
|
277
|
-
stacks:
|
|
278
|
-
us-east-1:
|
|
279
|
-
my_app:
|
|
280
|
-
template: my_app.json
|
|
281
|
-
secret_file: production.yml.gpg
|
|
282
|
-
```
|
|
283
|
-
|
|
284
|
-
secrets/production.yml.gpg, when decrypted:
|
|
285
|
-
|
|
286
|
-
```yaml
|
|
287
|
-
db_password: my-password
|
|
288
|
-
```
|
|
289
|
-
|
|
290
|
-
parameters/my_app.yml:
|
|
291
|
-
|
|
292
|
-
```yaml
|
|
293
|
-
db_password:
|
|
294
|
-
secret: db_password
|
|
295
|
-
```
|
|
267
|
+
[stack_master-gpg_parameter_resolver]: https://github.com/envato/stack_master-gpg_parameter_resolver
|
|
296
268
|
|
|
297
269
|
### Parameter Store
|
|
298
270
|
|
data/lib/stack_master.rb
CHANGED
|
@@ -70,7 +70,6 @@ module StackMaster
|
|
|
70
70
|
autoload :AmiFinder, 'stack_master/parameter_resolvers/ami_finder'
|
|
71
71
|
autoload :StackOutput, 'stack_master/parameter_resolvers/stack_output'
|
|
72
72
|
autoload :Ejson, 'stack_master/parameter_resolvers/ejson'
|
|
73
|
-
autoload :Secret, 'stack_master/parameter_resolvers/secret'
|
|
74
73
|
autoload :SnsTopicName, 'stack_master/parameter_resolvers/sns_topic_name'
|
|
75
74
|
autoload :SecurityGroup, 'stack_master/parameter_resolvers/security_group'
|
|
76
75
|
autoload :LatestAmiByTags, 'stack_master/parameter_resolvers/latest_ami_by_tags'
|
|
@@ -9,7 +9,6 @@ module StackMaster
|
|
|
9
9
|
:notification_arns,
|
|
10
10
|
:base_dir,
|
|
11
11
|
:template_dir,
|
|
12
|
-
:secret_file,
|
|
13
12
|
:ejson_file,
|
|
14
13
|
:ejson_file_region,
|
|
15
14
|
:ejson_file_kms,
|
|
@@ -47,7 +46,6 @@ module StackMaster
|
|
|
47
46
|
@allowed_accounts == other.allowed_accounts &&
|
|
48
47
|
@notification_arns == other.notification_arns &&
|
|
49
48
|
@base_dir == other.base_dir &&
|
|
50
|
-
@secret_file == other.secret_file &&
|
|
51
49
|
@ejson_file == other.ejson_file &&
|
|
52
50
|
@ejson_file_region == other.ejson_file_region &&
|
|
53
51
|
@ejson_file_kms == other.ejson_file_kms &&
|
|
@@ -3,8 +3,8 @@ module StackMaster
|
|
|
3
3
|
class Streamer
|
|
4
4
|
StackFailed = Class.new(StandardError)
|
|
5
5
|
|
|
6
|
-
def self.stream(
|
|
7
|
-
new(
|
|
6
|
+
def self.stream(stack_name, region, **args, &block)
|
|
7
|
+
new(stack_name, region, **args, &block).stream
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
def initialize(stack_name, region, from: Time.now, break_on_finish_state: true, sleep_between_fetches: 1, io: nil, &block)
|
data/lib/stack_master/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: stack_master
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: x64-mingw32
|
|
6
6
|
authors:
|
|
7
7
|
- Steve Hodgkiss
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2020-01-21 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: bundler
|
|
@@ -462,7 +462,6 @@ files:
|
|
|
462
462
|
- lib/stack_master/parameter_resolvers/latest_container.rb
|
|
463
463
|
- lib/stack_master/parameter_resolvers/one_password.rb
|
|
464
464
|
- lib/stack_master/parameter_resolvers/parameter_store.rb
|
|
465
|
-
- lib/stack_master/parameter_resolvers/secret.rb
|
|
466
465
|
- lib/stack_master/parameter_resolvers/security_group.rb
|
|
467
466
|
- lib/stack_master/parameter_resolvers/sns_topic_name.rb
|
|
468
467
|
- lib/stack_master/parameter_resolvers/stack_output.rb
|
|
@@ -517,8 +516,8 @@ licenses:
|
|
|
517
516
|
metadata:
|
|
518
517
|
bug_tracker_uri: https://github.com/envato/stack_master/issues
|
|
519
518
|
changelog_uri: https://github.com/envato/stack_master/blob/master/CHANGELOG.md
|
|
520
|
-
documentation_uri: https://www.rubydoc.info/gems/stack_master/
|
|
521
|
-
source_code_uri: https://github.com/envato/stack_master/tree/
|
|
519
|
+
documentation_uri: https://www.rubydoc.info/gems/stack_master/2.0.0
|
|
520
|
+
source_code_uri: https://github.com/envato/stack_master/tree/v2.0.0
|
|
522
521
|
post_install_message:
|
|
523
522
|
rdoc_options: []
|
|
524
523
|
require_paths:
|
|
@@ -527,7 +526,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
527
526
|
requirements:
|
|
528
527
|
- - ">="
|
|
529
528
|
- !ruby/object:Gem::Version
|
|
530
|
-
version: 2.
|
|
529
|
+
version: 2.4.0
|
|
531
530
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
532
531
|
requirements:
|
|
533
532
|
- - ">="
|
|
@@ -1,52 +0,0 @@
|
|
|
1
|
-
require 'os'
|
|
2
|
-
|
|
3
|
-
module StackMaster
|
|
4
|
-
module ParameterResolvers
|
|
5
|
-
class Secret < Resolver
|
|
6
|
-
SecretNotFound = Class.new(StandardError)
|
|
7
|
-
PlatformNotSupported = Class.new(StandardError)
|
|
8
|
-
|
|
9
|
-
unless OS.windows?
|
|
10
|
-
require 'dotgpg'
|
|
11
|
-
array_resolver
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
def initialize(config, stack_definition)
|
|
15
|
-
@config = config
|
|
16
|
-
@stack_definition = stack_definition
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
def resolve(value)
|
|
20
|
-
raise PlatformNotSupported, "The GPG Secret Parameter Resolver does not support Windows" if OS.windows?
|
|
21
|
-
secret_key = value
|
|
22
|
-
raise ArgumentError, "No secret_file defined for stack definition #{@stack_definition.stack_name} in #{@stack_definition.region}" unless !@stack_definition.secret_file.nil?
|
|
23
|
-
raise ArgumentError, "Could not find secret file at #{secret_file_path}" unless File.exist?(secret_file_path)
|
|
24
|
-
secrets_hash.fetch(secret_key) do
|
|
25
|
-
raise SecretNotFound, "Unable to find key #{secret_key} in file #{secret_file_path}"
|
|
26
|
-
end
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
private
|
|
30
|
-
|
|
31
|
-
def secrets_hash
|
|
32
|
-
@secrets_hash ||= YAML.load(decrypt_with_dotgpg)
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
def decrypt_with_dotgpg
|
|
36
|
-
Dotgpg.interactive = true
|
|
37
|
-
dir = Dotgpg::Dir.closest(secret_file_path)
|
|
38
|
-
stream = StringIO.new
|
|
39
|
-
dir.decrypt(secret_path_relative_to_base, stream)
|
|
40
|
-
stream.string
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
def secret_path_relative_to_base
|
|
44
|
-
@secret_path_relative_to_base ||= File.join('secrets', @stack_definition.secret_file)
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
def secret_file_path
|
|
48
|
-
@secret_file_path ||= File.join(@config.base_dir, secret_path_relative_to_base)
|
|
49
|
-
end
|
|
50
|
-
end
|
|
51
|
-
end
|
|
52
|
-
end
|