stack_master 1.18.0-x64-mingw32 → 2.0.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +6 -34
- data/lib/stack_master.rb +0 -1
- data/lib/stack_master/commands/apply.rb +1 -1
- data/lib/stack_master/stack_definition.rb +0 -2
- data/lib/stack_master/stack_events/fetcher.rb +2 -2
- data/lib/stack_master/stack_events/streamer.rb +2 -2
- data/lib/stack_master/version.rb +1 -1
- metadata +5 -6
- data/lib/stack_master/parameter_resolvers/secret.rb +0 -52
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 45cd0b3bcc0dfdb739876ee5a702786b63f5be93
|
|
4
|
+
data.tar.gz: 97a89dd2dd2c3245837deb358b94cf0ac3467d1e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 84524c1c665d2462762672a3f4ae624b4b95b2c2c558e231c8d2fc7594b9960c4cc2d9d95a9a36729e9e9f94ed119d75c363c7b8db3773ff7f24192558b79ea0
|
|
7
|
+
data.tar.gz: 2f7457f4b29501ec8e6b6f4e2aa356ed23403e4991c7c7c648f37432dddbe047b0d909116694b10650d8d3de233aebf3dae2a70e7f74030c9af8820921d9af1c
|
data/README.md
CHANGED
|
@@ -25,9 +25,8 @@ are displayed for review.
|
|
|
25
25
|
- Stack events will be displayed until an end state is reached.
|
|
26
26
|
|
|
27
27
|
Stack parameters can be dynamically resolved at runtime using one of the
|
|
28
|
-
built in parameter resolvers. Parameters can be sourced from
|
|
29
|
-
|
|
30
|
-
etc.
|
|
28
|
+
built in parameter resolvers. Parameters can be sourced from other stacks
|
|
29
|
+
outputs, or by querying various AWS APIs to get resource ARNs, etc.
|
|
31
30
|
|
|
32
31
|
## Installation
|
|
33
32
|
|
|
@@ -64,13 +63,11 @@ stack_defaults:
|
|
|
64
63
|
role_arn: service_role_arn
|
|
65
64
|
region_defaults:
|
|
66
65
|
us-east-1:
|
|
67
|
-
secret_file: production.yml.gpg
|
|
68
66
|
tags:
|
|
69
67
|
environment: production
|
|
70
68
|
notification_arns:
|
|
71
69
|
- test_arn
|
|
72
70
|
ap-southeast-2:
|
|
73
|
-
secret_file: staging.yml.gpg
|
|
74
71
|
tags:
|
|
75
72
|
environment: staging
|
|
76
73
|
stacks:
|
|
@@ -138,7 +135,7 @@ stacks:
|
|
|
138
135
|
|
|
139
136
|
- `templates` - CloudFormation, SparkleFormation or CfnDsl templates.
|
|
140
137
|
- `parameters` - Parameters as YAML files.
|
|
141
|
-
- `secrets` -
|
|
138
|
+
- `secrets` - encrypted secret files.
|
|
142
139
|
- `policies` - Stack policy JSON files.
|
|
143
140
|
|
|
144
141
|
## Templates
|
|
@@ -264,35 +261,10 @@ into parameters of dependent stacks.
|
|
|
264
261
|
|
|
265
262
|
### Secret
|
|
266
263
|
|
|
267
|
-
Note:
|
|
264
|
+
Note: The GPG parameter resolver has been extracted into a dedicated gem. Please install and
|
|
265
|
+
follow the instructions for the [stack_master-gpg_parameter_resolver] gem.
|
|
268
266
|
|
|
269
|
-
|
|
270
|
-
stack definition which is a GPG encrypted YAML file. Once decrypted and parsed,
|
|
271
|
-
the value provided to the secret resolver is used to lookup the associated key
|
|
272
|
-
in the secret file. A common use case for this is to store database passwords.
|
|
273
|
-
|
|
274
|
-
stack_master.yml:
|
|
275
|
-
|
|
276
|
-
```yaml
|
|
277
|
-
stacks:
|
|
278
|
-
us-east-1:
|
|
279
|
-
my_app:
|
|
280
|
-
template: my_app.json
|
|
281
|
-
secret_file: production.yml.gpg
|
|
282
|
-
```
|
|
283
|
-
|
|
284
|
-
secrets/production.yml.gpg, when decrypted:
|
|
285
|
-
|
|
286
|
-
```yaml
|
|
287
|
-
db_password: my-password
|
|
288
|
-
```
|
|
289
|
-
|
|
290
|
-
parameters/my_app.yml:
|
|
291
|
-
|
|
292
|
-
```yaml
|
|
293
|
-
db_password:
|
|
294
|
-
secret: db_password
|
|
295
|
-
```
|
|
267
|
+
[stack_master-gpg_parameter_resolver]: https://github.com/envato/stack_master-gpg_parameter_resolver
|
|
296
268
|
|
|
297
269
|
### Parameter Store
|
|
298
270
|
|
data/lib/stack_master.rb
CHANGED
|
@@ -70,7 +70,6 @@ module StackMaster
|
|
|
70
70
|
autoload :AmiFinder, 'stack_master/parameter_resolvers/ami_finder'
|
|
71
71
|
autoload :StackOutput, 'stack_master/parameter_resolvers/stack_output'
|
|
72
72
|
autoload :Ejson, 'stack_master/parameter_resolvers/ejson'
|
|
73
|
-
autoload :Secret, 'stack_master/parameter_resolvers/secret'
|
|
74
73
|
autoload :SnsTopicName, 'stack_master/parameter_resolvers/sns_topic_name'
|
|
75
74
|
autoload :SecurityGroup, 'stack_master/parameter_resolvers/security_group'
|
|
76
75
|
autoload :LatestAmiByTags, 'stack_master/parameter_resolvers/latest_ami_by_tags'
|
|
@@ -9,7 +9,6 @@ module StackMaster
|
|
|
9
9
|
:notification_arns,
|
|
10
10
|
:base_dir,
|
|
11
11
|
:template_dir,
|
|
12
|
-
:secret_file,
|
|
13
12
|
:ejson_file,
|
|
14
13
|
:ejson_file_region,
|
|
15
14
|
:ejson_file_kms,
|
|
@@ -47,7 +46,6 @@ module StackMaster
|
|
|
47
46
|
@allowed_accounts == other.allowed_accounts &&
|
|
48
47
|
@notification_arns == other.notification_arns &&
|
|
49
48
|
@base_dir == other.base_dir &&
|
|
50
|
-
@secret_file == other.secret_file &&
|
|
51
49
|
@ejson_file == other.ejson_file &&
|
|
52
50
|
@ejson_file_region == other.ejson_file_region &&
|
|
53
51
|
@ejson_file_kms == other.ejson_file_kms &&
|
|
@@ -3,8 +3,8 @@ module StackMaster
|
|
|
3
3
|
class Streamer
|
|
4
4
|
StackFailed = Class.new(StandardError)
|
|
5
5
|
|
|
6
|
-
def self.stream(
|
|
7
|
-
new(
|
|
6
|
+
def self.stream(stack_name, region, **args, &block)
|
|
7
|
+
new(stack_name, region, **args, &block).stream
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
def initialize(stack_name, region, from: Time.now, break_on_finish_state: true, sleep_between_fetches: 1, io: nil, &block)
|
data/lib/stack_master/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: stack_master
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: x64-mingw32
|
|
6
6
|
authors:
|
|
7
7
|
- Steve Hodgkiss
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2020-01-21 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: bundler
|
|
@@ -462,7 +462,6 @@ files:
|
|
|
462
462
|
- lib/stack_master/parameter_resolvers/latest_container.rb
|
|
463
463
|
- lib/stack_master/parameter_resolvers/one_password.rb
|
|
464
464
|
- lib/stack_master/parameter_resolvers/parameter_store.rb
|
|
465
|
-
- lib/stack_master/parameter_resolvers/secret.rb
|
|
466
465
|
- lib/stack_master/parameter_resolvers/security_group.rb
|
|
467
466
|
- lib/stack_master/parameter_resolvers/sns_topic_name.rb
|
|
468
467
|
- lib/stack_master/parameter_resolvers/stack_output.rb
|
|
@@ -517,8 +516,8 @@ licenses:
|
|
|
517
516
|
metadata:
|
|
518
517
|
bug_tracker_uri: https://github.com/envato/stack_master/issues
|
|
519
518
|
changelog_uri: https://github.com/envato/stack_master/blob/master/CHANGELOG.md
|
|
520
|
-
documentation_uri: https://www.rubydoc.info/gems/stack_master/
|
|
521
|
-
source_code_uri: https://github.com/envato/stack_master/tree/
|
|
519
|
+
documentation_uri: https://www.rubydoc.info/gems/stack_master/2.0.0
|
|
520
|
+
source_code_uri: https://github.com/envato/stack_master/tree/v2.0.0
|
|
522
521
|
post_install_message:
|
|
523
522
|
rdoc_options: []
|
|
524
523
|
require_paths:
|
|
@@ -527,7 +526,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
527
526
|
requirements:
|
|
528
527
|
- - ">="
|
|
529
528
|
- !ruby/object:Gem::Version
|
|
530
|
-
version: 2.
|
|
529
|
+
version: 2.4.0
|
|
531
530
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
532
531
|
requirements:
|
|
533
532
|
- - ">="
|
|
@@ -1,52 +0,0 @@
|
|
|
1
|
-
require 'os'
|
|
2
|
-
|
|
3
|
-
module StackMaster
|
|
4
|
-
module ParameterResolvers
|
|
5
|
-
class Secret < Resolver
|
|
6
|
-
SecretNotFound = Class.new(StandardError)
|
|
7
|
-
PlatformNotSupported = Class.new(StandardError)
|
|
8
|
-
|
|
9
|
-
unless OS.windows?
|
|
10
|
-
require 'dotgpg'
|
|
11
|
-
array_resolver
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
def initialize(config, stack_definition)
|
|
15
|
-
@config = config
|
|
16
|
-
@stack_definition = stack_definition
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
def resolve(value)
|
|
20
|
-
raise PlatformNotSupported, "The GPG Secret Parameter Resolver does not support Windows" if OS.windows?
|
|
21
|
-
secret_key = value
|
|
22
|
-
raise ArgumentError, "No secret_file defined for stack definition #{@stack_definition.stack_name} in #{@stack_definition.region}" unless !@stack_definition.secret_file.nil?
|
|
23
|
-
raise ArgumentError, "Could not find secret file at #{secret_file_path}" unless File.exist?(secret_file_path)
|
|
24
|
-
secrets_hash.fetch(secret_key) do
|
|
25
|
-
raise SecretNotFound, "Unable to find key #{secret_key} in file #{secret_file_path}"
|
|
26
|
-
end
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
private
|
|
30
|
-
|
|
31
|
-
def secrets_hash
|
|
32
|
-
@secrets_hash ||= YAML.load(decrypt_with_dotgpg)
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
def decrypt_with_dotgpg
|
|
36
|
-
Dotgpg.interactive = true
|
|
37
|
-
dir = Dotgpg::Dir.closest(secret_file_path)
|
|
38
|
-
stream = StringIO.new
|
|
39
|
-
dir.decrypt(secret_path_relative_to_base, stream)
|
|
40
|
-
stream.string
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
def secret_path_relative_to_base
|
|
44
|
-
@secret_path_relative_to_base ||= File.join('secrets', @stack_definition.secret_file)
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
def secret_file_path
|
|
48
|
-
@secret_file_path ||= File.join(@config.base_dir, secret_path_relative_to_base)
|
|
49
|
-
end
|
|
50
|
-
end
|
|
51
|
-
end
|
|
52
|
-
end
|