stack_master 1.18.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +6 -34
- data/lib/stack_master.rb +0 -1
- data/lib/stack_master/commands/apply.rb +1 -1
- data/lib/stack_master/stack_definition.rb +0 -2
- data/lib/stack_master/stack_events/fetcher.rb +2 -2
- data/lib/stack_master/stack_events/streamer.rb +2 -2
- data/lib/stack_master/version.rb +1 -1
- metadata +6 -22
- data/lib/stack_master/parameter_resolvers/secret.rb +0 -52
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3346fc35ab512ac3e5f4591a9e556efa4dc373ddcba85c68e08640616d23ad21
|
4
|
+
data.tar.gz: d637f865828d695bda3e588ddc8540cfc2fc4af92823ae2067e3d5a1df3cb5fe
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 961cb4ea04bf2e3b5a9764f8632886668ef067d7256fe13e087880d068433e585091166cc33bf019007b95c31108b2c7da12f9fd6df479ec2d9f6ed1c6622231
|
7
|
+
data.tar.gz: f4a0dc93816140f06a4986db62269f7354dbb3a986b76bffca671978f51fc5d1b38d349bb1163377918f27e5a276af0975e1e8780a8a51d21993bd186d185f5a
|
data/README.md
CHANGED
@@ -25,9 +25,8 @@ are displayed for review.
|
|
25
25
|
- Stack events will be displayed until an end state is reached.
|
26
26
|
|
27
27
|
Stack parameters can be dynamically resolved at runtime using one of the
|
28
|
-
built in parameter resolvers. Parameters can be sourced from
|
29
|
-
|
30
|
-
etc.
|
28
|
+
built in parameter resolvers. Parameters can be sourced from other stacks
|
29
|
+
outputs, or by querying various AWS APIs to get resource ARNs, etc.
|
31
30
|
|
32
31
|
## Installation
|
33
32
|
|
@@ -64,13 +63,11 @@ stack_defaults:
|
|
64
63
|
role_arn: service_role_arn
|
65
64
|
region_defaults:
|
66
65
|
us-east-1:
|
67
|
-
secret_file: production.yml.gpg
|
68
66
|
tags:
|
69
67
|
environment: production
|
70
68
|
notification_arns:
|
71
69
|
- test_arn
|
72
70
|
ap-southeast-2:
|
73
|
-
secret_file: staging.yml.gpg
|
74
71
|
tags:
|
75
72
|
environment: staging
|
76
73
|
stacks:
|
@@ -138,7 +135,7 @@ stacks:
|
|
138
135
|
|
139
136
|
- `templates` - CloudFormation, SparkleFormation or CfnDsl templates.
|
140
137
|
- `parameters` - Parameters as YAML files.
|
141
|
-
- `secrets` -
|
138
|
+
- `secrets` - encrypted secret files.
|
142
139
|
- `policies` - Stack policy JSON files.
|
143
140
|
|
144
141
|
## Templates
|
@@ -264,35 +261,10 @@ into parameters of dependent stacks.
|
|
264
261
|
|
265
262
|
### Secret
|
266
263
|
|
267
|
-
Note:
|
264
|
+
Note: The GPG parameter resolver has been extracted into a dedicated gem. Please install and
|
265
|
+
follow the instructions for the [stack_master-gpg_parameter_resolver] gem.
|
268
266
|
|
269
|
-
|
270
|
-
stack definition which is a GPG encrypted YAML file. Once decrypted and parsed,
|
271
|
-
the value provided to the secret resolver is used to lookup the associated key
|
272
|
-
in the secret file. A common use case for this is to store database passwords.
|
273
|
-
|
274
|
-
stack_master.yml:
|
275
|
-
|
276
|
-
```yaml
|
277
|
-
stacks:
|
278
|
-
us-east-1:
|
279
|
-
my_app:
|
280
|
-
template: my_app.json
|
281
|
-
secret_file: production.yml.gpg
|
282
|
-
```
|
283
|
-
|
284
|
-
secrets/production.yml.gpg, when decrypted:
|
285
|
-
|
286
|
-
```yaml
|
287
|
-
db_password: my-password
|
288
|
-
```
|
289
|
-
|
290
|
-
parameters/my_app.yml:
|
291
|
-
|
292
|
-
```yaml
|
293
|
-
db_password:
|
294
|
-
secret: db_password
|
295
|
-
```
|
267
|
+
[stack_master-gpg_parameter_resolver]: https://github.com/envato/stack_master-gpg_parameter_resolver
|
296
268
|
|
297
269
|
### Parameter Store
|
298
270
|
|
data/lib/stack_master.rb
CHANGED
@@ -70,7 +70,6 @@ module StackMaster
|
|
70
70
|
autoload :AmiFinder, 'stack_master/parameter_resolvers/ami_finder'
|
71
71
|
autoload :StackOutput, 'stack_master/parameter_resolvers/stack_output'
|
72
72
|
autoload :Ejson, 'stack_master/parameter_resolvers/ejson'
|
73
|
-
autoload :Secret, 'stack_master/parameter_resolvers/secret'
|
74
73
|
autoload :SnsTopicName, 'stack_master/parameter_resolvers/sns_topic_name'
|
75
74
|
autoload :SecurityGroup, 'stack_master/parameter_resolvers/security_group'
|
76
75
|
autoload :LatestAmiByTags, 'stack_master/parameter_resolvers/latest_ami_by_tags'
|
@@ -9,7 +9,6 @@ module StackMaster
|
|
9
9
|
:notification_arns,
|
10
10
|
:base_dir,
|
11
11
|
:template_dir,
|
12
|
-
:secret_file,
|
13
12
|
:ejson_file,
|
14
13
|
:ejson_file_region,
|
15
14
|
:ejson_file_kms,
|
@@ -47,7 +46,6 @@ module StackMaster
|
|
47
46
|
@allowed_accounts == other.allowed_accounts &&
|
48
47
|
@notification_arns == other.notification_arns &&
|
49
48
|
@base_dir == other.base_dir &&
|
50
|
-
@secret_file == other.secret_file &&
|
51
49
|
@ejson_file == other.ejson_file &&
|
52
50
|
@ejson_file_region == other.ejson_file_region &&
|
53
51
|
@ejson_file_kms == other.ejson_file_kms &&
|
@@ -3,8 +3,8 @@ module StackMaster
|
|
3
3
|
class Streamer
|
4
4
|
StackFailed = Class.new(StandardError)
|
5
5
|
|
6
|
-
def self.stream(
|
7
|
-
new(
|
6
|
+
def self.stream(stack_name, region, **args, &block)
|
7
|
+
new(stack_name, region, **args, &block).stream
|
8
8
|
end
|
9
9
|
|
10
10
|
def initialize(stack_name, region, from: Time.now, break_on_finish_state: true, sleep_between_fetches: 1, io: nil, &block)
|
data/lib/stack_master/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: stack_master
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Steve Hodgkiss
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2020-01-21 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bundler
|
@@ -403,20 +403,6 @@ dependencies:
|
|
403
403
|
- - ">="
|
404
404
|
- !ruby/object:Gem::Version
|
405
405
|
version: '0'
|
406
|
-
- !ruby/object:Gem::Dependency
|
407
|
-
name: dotgpg
|
408
|
-
requirement: !ruby/object:Gem::Requirement
|
409
|
-
requirements:
|
410
|
-
- - ">="
|
411
|
-
- !ruby/object:Gem::Version
|
412
|
-
version: '0'
|
413
|
-
type: :runtime
|
414
|
-
prerelease: false
|
415
|
-
version_requirements: !ruby/object:Gem::Requirement
|
416
|
-
requirements:
|
417
|
-
- - ">="
|
418
|
-
- !ruby/object:Gem::Version
|
419
|
-
version: '0'
|
420
406
|
description: ''
|
421
407
|
email:
|
422
408
|
- steve@hodgkiss.me
|
@@ -462,7 +448,6 @@ files:
|
|
462
448
|
- lib/stack_master/parameter_resolvers/latest_container.rb
|
463
449
|
- lib/stack_master/parameter_resolvers/one_password.rb
|
464
450
|
- lib/stack_master/parameter_resolvers/parameter_store.rb
|
465
|
-
- lib/stack_master/parameter_resolvers/secret.rb
|
466
451
|
- lib/stack_master/parameter_resolvers/security_group.rb
|
467
452
|
- lib/stack_master/parameter_resolvers/sns_topic_name.rb
|
468
453
|
- lib/stack_master/parameter_resolvers/stack_output.rb
|
@@ -517,8 +502,8 @@ licenses:
|
|
517
502
|
metadata:
|
518
503
|
bug_tracker_uri: https://github.com/envato/stack_master/issues
|
519
504
|
changelog_uri: https://github.com/envato/stack_master/blob/master/CHANGELOG.md
|
520
|
-
documentation_uri: https://www.rubydoc.info/gems/stack_master/
|
521
|
-
source_code_uri: https://github.com/envato/stack_master/tree/
|
505
|
+
documentation_uri: https://www.rubydoc.info/gems/stack_master/2.0.0
|
506
|
+
source_code_uri: https://github.com/envato/stack_master/tree/v2.0.0
|
522
507
|
post_install_message:
|
523
508
|
rdoc_options: []
|
524
509
|
require_paths:
|
@@ -527,15 +512,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
527
512
|
requirements:
|
528
513
|
- - ">="
|
529
514
|
- !ruby/object:Gem::Version
|
530
|
-
version: 2.
|
515
|
+
version: 2.4.0
|
531
516
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
532
517
|
requirements:
|
533
518
|
- - ">="
|
534
519
|
- !ruby/object:Gem::Version
|
535
520
|
version: '0'
|
536
521
|
requirements: []
|
537
|
-
|
538
|
-
rubygems_version: 2.7.6.2
|
522
|
+
rubygems_version: 3.0.4
|
539
523
|
signing_key:
|
540
524
|
specification_version: 4
|
541
525
|
summary: StackMaster is a sure-footed way of creating, updating and keeping track
|
@@ -1,52 +0,0 @@
|
|
1
|
-
require 'os'
|
2
|
-
|
3
|
-
module StackMaster
|
4
|
-
module ParameterResolvers
|
5
|
-
class Secret < Resolver
|
6
|
-
SecretNotFound = Class.new(StandardError)
|
7
|
-
PlatformNotSupported = Class.new(StandardError)
|
8
|
-
|
9
|
-
unless OS.windows?
|
10
|
-
require 'dotgpg'
|
11
|
-
array_resolver
|
12
|
-
end
|
13
|
-
|
14
|
-
def initialize(config, stack_definition)
|
15
|
-
@config = config
|
16
|
-
@stack_definition = stack_definition
|
17
|
-
end
|
18
|
-
|
19
|
-
def resolve(value)
|
20
|
-
raise PlatformNotSupported, "The GPG Secret Parameter Resolver does not support Windows" if OS.windows?
|
21
|
-
secret_key = value
|
22
|
-
raise ArgumentError, "No secret_file defined for stack definition #{@stack_definition.stack_name} in #{@stack_definition.region}" unless !@stack_definition.secret_file.nil?
|
23
|
-
raise ArgumentError, "Could not find secret file at #{secret_file_path}" unless File.exist?(secret_file_path)
|
24
|
-
secrets_hash.fetch(secret_key) do
|
25
|
-
raise SecretNotFound, "Unable to find key #{secret_key} in file #{secret_file_path}"
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
|
-
private
|
30
|
-
|
31
|
-
def secrets_hash
|
32
|
-
@secrets_hash ||= YAML.load(decrypt_with_dotgpg)
|
33
|
-
end
|
34
|
-
|
35
|
-
def decrypt_with_dotgpg
|
36
|
-
Dotgpg.interactive = true
|
37
|
-
dir = Dotgpg::Dir.closest(secret_file_path)
|
38
|
-
stream = StringIO.new
|
39
|
-
dir.decrypt(secret_path_relative_to_base, stream)
|
40
|
-
stream.string
|
41
|
-
end
|
42
|
-
|
43
|
-
def secret_path_relative_to_base
|
44
|
-
@secret_path_relative_to_base ||= File.join('secrets', @stack_definition.secret_file)
|
45
|
-
end
|
46
|
-
|
47
|
-
def secret_file_path
|
48
|
-
@secret_file_path ||= File.join(@config.base_dir, secret_path_relative_to_base)
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
52
|
-
end
|