stackmate 0.0.4 → 0.1.0

data/CHANGELOG.txt

@@ -0,0 +1,7 @@
+
+= stackmate - CHANGELOG.txt
+
+
+== stackmate - 0.1.0    
+
+- replace cloudstack_ruby_client with a simple built-in client

data/README.md

@@ -1,8 +1,8 @@
-
 # Stackmate - CloudFormation for CloudStack
 
-A library designed to read existing CloudFormation templates 
+A library designed to read CloudFormation templates 
 and execute them on a CloudStack deployment. 
+Supports  AWS Cloudformation templates (namespace AWS::Cloudformation) as well as the CloudStack:: native namespace.
 Uses the [ruote](http://ruote.rubyforge.org) workflow engine,
 and embeds a modular [Sinatra](http://www.sinatrarb.com/) application for wait handles.
 
@@ -11,7 +11,8 @@ Instead it runs everything on the client side.
 
 [Stacktician](https://github.com/chiradeep/stacktician) embeds stackmate to run it as a web application.
 
-Note that only Basic Zone (aka EC2-Classic) is supported for now.
+For the AWS::CloudFormation namespace, only Basic Zone (aka EC2-Classic) is supported for now.
+For the CloudStack:: namespace, all virtual resources that can be created in CloudStack 4.2 are supported.
 
 Follow:
 * \#cloudstack-dev on Freenode
@@ -59,7 +60,9 @@ $ export SECKEY=9iSsuImdUxU0oumHu0p11li4IoUtwcvrSHcU63ZHS_y-4Iz3w5xPROzyjZTUXkhI
 $ export URL="http://localhost:8080/client/api"
 ```
 
-* The supplied templates are taken from the AWS samples. 
+## Sample Templates
+### AWS samples
+AWS samples are templates that use the AWS::CloudFormation namespace.
 
 You need a couple of mappings from AWS ids to your CloudStack implementation:
 
@@ -73,6 +76,11 @@ templates:
 zoneid: b3409835-02b0-4d21-bba4-1f659402117e
 ```
 
+### CloudStack Samples
+CloudStack samples use the CloudStack namespace. These templates typically require the zone id, service offering id and template id as input parameters
+
+
+## Usage Example
 * Ensure you have a ssh keypair called 'Foo' (used in the template parameter below) for your account FIRST:
 
 ```bash
@@ -83,7 +91,7 @@ $ cloudmonkey
 ```
 
 
-* Create a LAMP stack:
+* Create a LAMP stack (AWS template)
 
 ```bash
 bin/stackmate MYSTACK01   --template-file=templates/LAMP_Single_Instance.template -p "DBName=cloud;DBUserName=cloud;SSHLocation=75.75.75.0/24;DBUsername=cloud;DBPassword=cloud;DBRootPassword=cloud;KeyName=Foo"
@@ -102,12 +110,22 @@ If you don't want the wait condition server to run, just use '-n'. Stackmate wil
 
 If you want to validate your template, you can use the --dry-run option. This will parse and validate the template and create an execution schedule.
 
+## Extending StackMate to other APIs
+
+StackMate allows you to define your own workflow participants that will be called based on the template namespace. For example, you can define a class Foo::Bar
+and use Foo::Bar as a "Type" in the template. The requirement is :
+(1) It should contain a class variable @@stackmate_participant set to true so as to register with StackMate
+(2) Foo::Bar should have Ruote::Participant as its ancestor
+(3) Foo::Bar should have a method named "consume_workitem" that defines actions to be taken when called with workitem.
+
+Use --plugins <Directories with ruby files> to add plugins. This has undergone limited testing
+
+
 ## TODO
 * Parallelize (with ruote concurrence) where possible
-* rollback on error
 * timeouts
 * embed in a web app ( [Stacktician](https://github.com/chiradeep/stacktician) )
-* add support for Advanced Zone templates (VPC), LB, etc
+
 
 ## Feedback & bug reports
 
@@ -142,7 +160,6 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 - ruote, <http://ruote.rubyforge.org/>
 - sinatra, <http://www.sinatrarb.com/>
-- cloudstack_ruby_client, <https://github.com/chipchilders/cloudstack_ruby_client>
 
 Many thanks to the authors 
 

data/bin/stackmate.rb

@@ -9,66 +9,70 @@ require 'stackmate/waitcondition_server'
 options = {}
 stack_name = ''
 opt_parser = OptionParser.new do |opts|
-    opts.banner = "Usage: stackmate.rb STACK_NAME [options]"
-    opts.separator ""
-    opts.separator "Specific options:"
-    opts.on(:REQUIRED, "--template-file FILE", String, "Path to the file that contains the template") do |f|
-        options[:file] = f
-    end
-    opts.on("-p", "--parameters [KEY1=VALUE1 KEY2=VALUE2..]", "Parameter values used to create the stack.") do |p|
-        options[:params] = p
-        puts p
-    end
-    options[:wait_conditions] = true
-    opts.on("-n", "--no-wait-conditions", "Do not create any wait conditions") do 
-        options[:wait_conditions] = false
-    end
-    options[:dry_run] = false
-    opts.on("-r", "--dry-run", "Parse and pretend to execute but not actually do anything. Useful for validating the template") do 
-        options[:dry_run] = true
-    end
-    opts.on("-h", "--help", "Show this message")  do
-        puts opts
-        exit
-    end
+  opts.banner = "Usage: stackmate.rb STACK_NAME [options]"
+  opts.separator ""
+  opts.separator "Specific options:"
+  opts.on(:REQUIRED, "--template-file FILE", String, "Path to the file that contains the template") do |f|
+    options[:file] = f
+  end
+  opts.on("-p", "--parameters [KEY1=VALUE1 KEY2=VALUE2..]", "Parameter values used to create the stack.") do |p|
+    options[:params] = p
+    puts p
+  end
+  options[:wait_conditions] = true
+  opts.on("-n", "--no-wait-conditions", "Do not create any wait conditions") do
+    options[:wait_conditions] = false
+  end
+  options[:dry_run] = false
+  opts.on("-r", "--dry-run", "Parse and pretend to execute but not actually do anything. Useful for validating the template") do
+    options[:dry_run] = true
+  end
+  opts.on("-h", "--help", "Show this message")  do
+    puts opts
+    exit
+  end
+  opts.on("--plugins DIRS",String, "Comman separated plugins directory") do |plugins|
+    options[:plugins] = plugins
+  end
 end
 
 begin
-    opt_parser.parse!(ARGV)
-    if ARGV.size == 1
-        stack_name = ARGV[0]
-    end
+  opt_parser.parse!(ARGV)
+  if ARGV.size == 1
+    stack_name = ARGV[0]
+  end
 rescue => e
-    puts e.message.capitalize 
-    puts opt_parser.help()
-    exit 1
+  puts e.message.capitalize
+  puts opt_parser.help()
+  exit 1
 end
 
 if options[:file] && stack_name != ''
-    if options[:wait_conditions]
-      Thread.new do
-        StackMate::WaitConditionServer.run!
-      end
+  if options[:wait_conditions]
+    Thread.new do
+      StackMate::WaitConditionServer.run!
     end
-    engine = Ruote::Dashboard.new(
-      Ruote::Worker.new(
-        Ruote::HashStorage.new))
-    engine.noisy = ENV['NOISY'] == 'true'
+  end
+  engine = Ruote::Dashboard.new(
+    Ruote::Worker.new(
+  Ruote::HashStorage.new))
+  engine.noisy = ENV['NOISY'] == 'true'
+  engine.configure('wait_logger_timeout', 600)
 
-    unknown = nil
-    unresolved = catch(:unresolved) do
-        unknown = catch(:unknown) do
-            StackMate.configure('NOOP') if options[:dry_run]
-            opts = {}
-            api_opts = {:APIKEY => "#{ENV['APIKEY']}", :SECKEY => "#{ENV['SECKEY']}", :URL => "#{ENV['URL']}" }
-            p = StackMate::StackExecutor.new(options[:file], stack_name, options[:params], engine, options[:wait_conditions], api_opts)
-            p.launch()
-            nil
-        end
-        nil
+  unknown = nil
+  unresolved = catch(:unresolved) do
+    unknown = catch(:unknown) do
+      StackMate.configure('NOOP') if options[:dry_run]
+      opts = {}
+      api_opts = {:APIKEY => "#{ENV['APIKEY']}", :SECKEY => "#{ENV['SECKEY']}", :URL => "#{ENV['URL']}" }
+      p = StackMate::StackExecutor.new(options[:file], stack_name, options[:params], engine, options[:wait_conditions], api_opts, options[:plugins])
+      p.launch()
+      nil
     end
-    puts 'Failed to resolve parameters ' + unresolved.to_s if unresolved
-    print "Sorry, I don't know how to create resources of type: ", unknown, "\n" if unknown
-else 
-    puts opt_parser.help()
-end
+    nil
+  end
+  puts 'Failed to resolve parameters ' + unresolved.to_s if unresolved
+  print "Sorry, I don't know how to create resources of type: ", unknown, "\n" if unknown
+else
+  puts opt_parser.help()
+end

data/lib/stackmate/aws_attribs.rb

@@ -1,33 +1,33 @@
-  AWS_ATTRIBS = {'AWS::CloudFormation::WaitCondition' => [ 'Data'],
-                'AWS::CloudFormation::Stack' => ['Outputs.EmbeddedStackOutputName'],
-                'AWS::CloudFront::Distribution' => ['DomainName'],
-                'AWS::EC2::EIP' => ['AllocationId'],
-                'AWS::EC2::Instance' => ['AvailabilityZone', 'PrivateDnsName', 'PublicDnsName', 'PrivateIp', 'PublicIp'],
-                'AWS::EC2::AWS::EC2::SubnetNetworkAclAssociation' => ['AssociationId'],
-                'AWS::ElasticBeanstalk::Environment' => ['EndpointURL'],
-                'AWS::ElasticLoadBalancing::LoadBalancer' => ['CanonicalHostedZoneName', 'CanonicalHostedZoneNameID', 
-                                            'DNSName', 'SourceSecurityGroup.GroupName', 'SourceSecurityGroup.OwnerAlias'],
-                'AWS::IAM::AccessKey' => ['SecretAccessKey'],
-                'AWS::IAM::Group' => ['Arn'],
-                'AWS::IAM::User' => ['Arn'],
-                'AWS::RDS::DBInstance' => ['Endpoint.Address', 'Endpoint.Port'],
-                'AWS::S3::Bucket' => ['DomainName', 'WebsiteURL', 'Arn'],
-                'AWS::SQS::Queue' => ['Arn', 'QueueName']
-  }
+AWS_ATTRIBS = {'AWS::CloudFormation::WaitCondition' => [ 'Data'],
+               'AWS::CloudFormation::Stack' => ['Outputs.EmbeddedStackOutputName'],
+               'AWS::CloudFront::Distribution' => ['DomainName'],
+               'AWS::EC2::EIP' => ['AllocationId'],
+               'AWS::EC2::Instance' => ['AvailabilityZone', 'PrivateDnsName', 'PublicDnsName', 'PrivateIp', 'PublicIp'],
+               'AWS::EC2::AWS::EC2::SubnetNetworkAclAssociation' => ['AssociationId'],
+               'AWS::ElasticBeanstalk::Environment' => ['EndpointURL'],
+               'AWS::ElasticLoadBalancing::LoadBalancer' => ['CanonicalHostedZoneName', 'CanonicalHostedZoneNameID',
+                                                             'DNSName', 'SourceSecurityGroup.GroupName', 'SourceSecurityGroup.OwnerAlias'],
+               'AWS::IAM::AccessKey' => ['SecretAccessKey'],
+               'AWS::IAM::Group' => ['Arn'],
+               'AWS::IAM::User' => ['Arn'],
+               'AWS::RDS::DBInstance' => ['Endpoint.Address', 'Endpoint.Port'],
+               'AWS::S3::Bucket' => ['DomainName', 'WebsiteURL', 'Arn'],
+               'AWS::SQS::Queue' => ['Arn', 'QueueName']
+               }
 
 
-  AWS_FAKE_ATTRIB_VALUES = {'AWS::CloudFormation::WaitCondition' =>  {'Data' => '{ "Signal1" : "Step 1 complete." , "Signal2" : "Step 2 complete." } '},
-                'AWS::CloudFormation::Stack' => {'Outputs.EmbeddedStackOutputName' => 'FakeEmbeddedStackOutputName'},
-                'AWS::CloudFront::Distribution' => {'DomainName' => 'd2fadu0nynjpfn.cloudfront.net'},
-                'AWS::EC2::EIP' => {'AllocationId' => 'eipalloc-5723d13e'},
-                'AWS::EC2::Instance' => {'AvailabilityZone' => 'us-east-1b', 'PrivateDnsName' => 'ip-10-24-34-0.cs.internal', 'PublicDnsName' => 'cs-17-10-90-145.compute.acs.org.', 'PrivateIp' => '10.24.34.0', 'PublicIp' => '75.75.75.111'},
-                'AWS::EC2::AWS::EC2::SubnetNetworkAclAssociation' => {'AssociationId' => 'aclassoc-e5b95c8c'},
-                'AWS::ElasticBeanstalk::Environment' => {'EndpointURL' => 'eb-myst-myen-132MQC4KRLAMD-1371280482.us-east-1.elb.amazonaws.com'},
-                'AWS::ElasticLoadBalancing::LoadBalancer' => {'CanonicalHostedZoneName' => 'mystack-myelb-15HMABG9ZCN57-1013119603.us-east-1.elb.amazonaws.com', 'CanonicalHostedZoneNameID' => 'Z3DZXE0Q79N41H', 'DNSName' => 'mystack-myelb-15HMABG9ZCN57-1013119603.us-east-1.elb.amazonaws.com', 'SourceSecurityGroup.GroupName' => 'elb-ssg', 'SourceSecurityGroup.OwnerAlias' => 'elb-ssg-owner'},
-                'AWS::IAM::AccessKey' => {'SecretAccessKey' => 'c8alrXUtnYEMI/K7MDAZQ/bPxRfiCYzEXAMPLEKEY'},
-                'AWS::IAM::Group' => {'Arn' => 'arn:aws:iam::123456789012:group/mystack-mygroup-1DZETITOWEKVO'},
-                'AWS::IAM::User' => {'Arn' => 'mystack-myuser-1CCXAFG2H2U4D'},
-                'AWS::RDS::DBInstance' => {'Endpoint.Address' => 'mystack-mydb-1apw1j4phylrk.cg034hpkmmjt.us-east-1.rds.amazonaws.com', 'Endpoint.Port' => '3306'},
-                'AWS::S3::Bucket' => {'DomainName' => 'mystack-mybucket-kdwwxmddtr2g.s3.amazonaws.com', 'WebsiteURL' => 'http://mystack-mybucket-kdwwxmddtr2g.s3-website-us-east-1.amazonaws.com/', 'Arn' => 'arn:aws:s3::12345678901::root'},
-                'AWS::SQS::Queue' => {'Arn' => 'arn:aws:sqs:us-east-1:123456789012:mystack-myqueue-15PG5C2FC1CW8', 'QueueName' => 'mystack-myqueue-1VF9BKQH5BJVI'}
-  }
+AWS_FAKE_ATTRIB_VALUES = {'AWS::CloudFormation::WaitCondition' =>  {'Data' => '{ "Signal1" : "Step 1 complete." , "Signal2" : "Step 2 complete." } '},
+                          'AWS::CloudFormation::Stack' => {'Outputs.EmbeddedStackOutputName' => 'FakeEmbeddedStackOutputName'},
+                          'AWS::CloudFront::Distribution' => {'DomainName' => 'd2fadu0nynjpfn.cloudfront.net'},
+                          'AWS::EC2::EIP' => {'AllocationId' => 'eipalloc-5723d13e'},
+                          'AWS::EC2::Instance' => {'AvailabilityZone' => 'us-east-1b', 'PrivateDnsName' => 'ip-10-24-34-0.cs.internal', 'PublicDnsName' => 'cs-17-10-90-145.compute.acs.org.', 'PrivateIp' => '10.24.34.0', 'PublicIp' => '75.75.75.111'},
+                          'AWS::EC2::AWS::EC2::SubnetNetworkAclAssociation' => {'AssociationId' => 'aclassoc-e5b95c8c'},
+                          'AWS::ElasticBeanstalk::Environment' => {'EndpointURL' => 'eb-myst-myen-132MQC4KRLAMD-1371280482.us-east-1.elb.amazonaws.com'},
+                          'AWS::ElasticLoadBalancing::LoadBalancer' => {'CanonicalHostedZoneName' => 'mystack-myelb-15HMABG9ZCN57-1013119603.us-east-1.elb.amazonaws.com', 'CanonicalHostedZoneNameID' => 'Z3DZXE0Q79N41H', 'DNSName' => 'mystack-myelb-15HMABG9ZCN57-1013119603.us-east-1.elb.amazonaws.com', 'SourceSecurityGroup.GroupName' => 'elb-ssg', 'SourceSecurityGroup.OwnerAlias' => 'elb-ssg-owner'},
+                          'AWS::IAM::AccessKey' => {'SecretAccessKey' => 'c8alrXUtnYEMI/K7MDAZQ/bPxRfiCYzEXAMPLEKEY'},
+                          'AWS::IAM::Group' => {'Arn' => 'arn:aws:iam::123456789012:group/mystack-mygroup-1DZETITOWEKVO'},
+                          'AWS::IAM::User' => {'Arn' => 'mystack-myuser-1CCXAFG2H2U4D'},
+                          'AWS::RDS::DBInstance' => {'Endpoint.Address' => 'mystack-mydb-1apw1j4phylrk.cg034hpkmmjt.us-east-1.rds.amazonaws.com', 'Endpoint.Port' => '3306'},
+                          'AWS::S3::Bucket' => {'DomainName' => 'mystack-mybucket-kdwwxmddtr2g.s3.amazonaws.com', 'WebsiteURL' => 'http://mystack-mybucket-kdwwxmddtr2g.s3-website-us-east-1.amazonaws.com/', 'Arn' => 'arn:aws:s3::12345678901::root'},
+                          'AWS::SQS::Queue' => {'Arn' => 'arn:aws:sqs:us-east-1:123456789012:mystack-myqueue-15PG5C2FC1CW8', 'QueueName' => 'mystack-myqueue-1VF9BKQH5BJVI'}
+                          }

data/lib/stackmate/classmap.rb

@@ -1,30 +1,38 @@
 module StackMate
-   PROFILES = ['CLOUDSTACK', 'NOOP']
-   @profile = 'CLOUDSTACK'
+  PROFILES = ['CLOUDSTACK', 'NOOP']
+  @profile = 'CLOUDSTACK'
 
-   CS_CLASS_MAP = { 
-              'AWS::CloudFormation::WaitConditionHandle' => 'StackMate::WaitConditionHandle',
-              'AWS::CloudFormation::WaitCondition' => 'StackMate::WaitCondition',
-              'AWS::EC2::Instance' => 'StackMate::CloudStackInstance',
-              'AWS::EC2::SecurityGroup' => 'StackMate::CloudStackSecurityGroup',
-              'Outputs' => 'StackMate::CloudStackOutput'
-   }
+  CS_CLASS_MAP = {
+    'AWS::CloudFormation::WaitConditionHandle' => 'StackMate::WaitConditionHandle',
+    'AWS::CloudFormation::WaitCondition' => 'StackMate::WaitCondition',
+    'AWS::EC2::Instance' => 'StackMate::CloudStackInstance',
+    'AWS::EC2::SecurityGroup' => 'StackMate::CloudStackSecurityGroupAWS',
+    'Outputs' => 'StackMate::CloudStackOutput',
+  }
 
-   def StackMate.class_for(cf_resource)
-       case @profile
-         when 'CLOUDSTACK'
-           return CS_CLASS_MAP[cf_resource]
-         when 'NOOP'
-           if cf_resource == 'Outputs'
-              'StackMate::Output'
-           else
-             'StackMate::NoOpResource'
-           end
-       end
-   end
+  def StackMate.class_for(cf_resource)
+    #return cf_resource
+    case @profile
+    when 'CLOUDSTACK'
+      if(cf_resource.start_with?("CloudStack::"))
+        c = cf_resource.split('::')[1]
+        "StackMate::CloudStack"+c
+      elsif(CS_CLASS_MAP.has_key?(cf_resource))
+        CS_CLASS_MAP[cf_resource]
+      else
+        cf_resource
+      end
+    when 'NOOP'
+      if cf_resource == 'Outputs'
+        'StackMate::Output'
+      else
+        'StackMate::NoOpResource'
+      end
+    end
+  end
 
-   def StackMate.configure(profile)
-       @profile = profile
-   end
+  def StackMate.configure(profile)
+    @profile = profile
+  end
 
-end
+end

data/lib/stackmate/client.rb

@@ -0,0 +1,80 @@
+%w[ base64 cgi openssl uri digest/sha1 net/https net/http json ].each { |f| require f }
+
+
+module StackMate
+  class CloudStackClient
+    #
+    # The following is malformed response title in ACS, should be fixed
+    #
+    MALFORMED_RESPONSES = {
+      /(create|list)counter/i => 'counterresponse',
+      /createcondition/i => 'conditionresponse',
+      /createautoscalepolicy/i => 'autoscalepolicyresponse',
+      /createautoscalevmprofile/i => 'autoscalevmprofileresponse',
+      /createautoscalevmgroup/i => 'autoscalevmgroupresponse',
+      /enableautoscalevmgroup/i => 'enableautoscalevmGroupresponse',
+      /disableautoscalevmgroup/i => 'disableautoscalevmGroupresponse',
+      /assignvirtualmachine/i => 'moveuservmresponse',
+      /resetsshkeyforvirtualmachine/i => 'resetSSHKeyforvirtualmachineresponse',
+      /restorevirtualmachine/i => 'restorevmresponse',
+      /activateproject/i => 'activaterojectresponse',
+      /listnetworkdevice/i => 'listnetworkdevice',
+      /listniciranvpdevicenetworks/i => 'listniciranvpdevicenetworks',
+      /cancelstoragemaintenance/i => 'cancelprimarystoragemaintenanceresponse',
+      /enablestoragemaintenance/i => 'prepareprimarystorageformaintenanceresponse',
+      /copyiso/i => 'copytemplateresponse',
+      /deleteiso/i => 'deleteisosresponse',
+      /listisopermissions/i => 'listtemplatepermissionsresponse'
+    }
+    def initialize(api_url, api_key, secret_key, use_ssl=nil)
+      @api_url = api_url
+      @api_key = api_key
+      @secret_key = secret_key
+      @use_ssl = use_ssl
+    end
+
+    def request(params)
+      params['response'] = 'json'
+      params['apiKey'] = @api_key
+
+      data = params.map{ |k,v| "#{k.to_s}=#{CGI.escape(v.to_s).gsub(/\+|\ /, "%20")}" }.sort.join('&')
+
+      signature = OpenSSL::HMAC.digest 'sha1', @secret_key, data.downcase
+      signature = Base64.encode64(signature).chomp
+      signature = CGI.escape(signature)
+
+      url = "#{@api_url}?#{data}&signature=#{signature}"
+      uri = URI.parse(url)
+      http = Net::HTTP.new(uri.host, uri.port)
+      # http.use_ssl = @use_ssl
+      # http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      request = Net::HTTP::Get.new(uri.request_uri)
+
+      http.request(request)
+    end
+
+    def api_call(command,params)
+      #params = {'command' => command}
+      #params.merge!(args) unless args.empty?
+      params['command'] = command
+      response = request(params)
+      json = JSON.parse(response.body)
+      resp_title = command.downcase + "response"
+      MALFORMED_RESPONSES.each do |k, v|
+        if k =~ command
+          resp_title = v
+        end
+      end
+      if !response.is_a?(Net::HTTPOK)
+        if ((["431","530"].include?(response.code.to_s)) && (["9999","4350"].include?(json[resp_title]['cserrorcode'].to_s)))
+          raise ArgumentError, json[resp_title]['errortext']
+        end
+
+        raise RuntimeError, json['errorresponse']['errortext'] if response.code == "432"
+        raise RuntimeError, "Unable to make request from client due to :" + response.to_s
+        #raise CloudstackRubyClient::RequestError.new(response, json)
+      end
+      json[resp_title]
+    end
+  end
+end

data/lib/stackmate/intrinsic_functions.rb

@@ -1,58 +1,114 @@
+class Hash
+  def downcase_key
+    keys.each do |k|
+      store(k.downcase, Array === (v = delete(k)) ? v.map(&:downcase_key) : v)
+    end
+    self
+  end
+end
+
 module StackMate
   module Intrinsic
 
-    def intrinsic (hash, workitem) 
-        key =  hash.keys[0]
-        value = hash[key]
-        #logger.debug "Intrinsic: key = #{key}, value = #{value}"
-        case key
-        when 'Fn::Join'
-            fn_join(value, workitem)
-        when 'Fn::GetAtt'
-            fn_getatt(value, workitem)
-        when 'Fn::Select'
-            fn_select(value)
-        when 'Ref'
-            fn_ref(value, workitem)
-        end
+    def intrinsic (hash, workitem)
+      key =  hash.keys[0]
+      value = hash[key]
+      #logger.debug "Intrinsic: key = #{key}, value = #{value}"
+      case key
+      when 'Fn::Join'
+        fn_join(value, workitem)
+      when 'Fn::GetAtt'
+        fn_getatt(value, workitem)
+      when 'Fn::Select'
+        fn_select(value)
+      when 'Ref'
+        fn_ref(value, workitem)
+      when 'Fn::Lookup'
+        fn_lookup(value, workitem)
+      when 'Fn::FindInMap'
+        fn_map(value, workitem)
+      when 'Fn::Base64'
+        fn_base64(value, workitem)
+      end
     end
 
     def fn_join(value, workitem)
-        delim = value[0]
-        v = value[1]
-        #logger.debug "Intrinsic: fn_join  value = #{v}"
-        result = ''
-        first_ = true
-        v.each do |token|
-            case token
-            when String
-                result = result + (first_ ? "" : delim) + token 
-            when Hash
-                result = result + (first_ ? "" : delim) + intrinsic(token, workitem)
-            end
-            first_ = false
+      delim = value[0]
+      v = value[1]
+      #logger.debug "Intrinsic: fn_join  value = #{v}"
+      result = ''
+      first_ = true
+      v.each do |token|
+        case token
+        when String
+          result = result + (first_ ? "" : delim) + token
+        when Hash
+          result = result + (first_ ? "" : delim) + intrinsic(token, workitem)
         end
-        result
+        first_ = false
+      end
+      result
     end
 
     def fn_getatt(array_value, workitem)
-        resource = array_value[0]
-        attribute = array_value[1]
-        #logger.debug "Intrinsic: fn_getatt  resource= #{resource} attrib = #{attribute} wi[Resource] = #{workitem[resource]}"
-        workitem[resource][attribute]
+      resource = array_value[0]
+      attribute = array_value[1]
+      #logger.debug "Intrinsic: fn_getatt  resource= #{resource} attrib = #{attribute} wi[Resource] = #{workitem[resource]}"
+      workitem[resource][attribute]
+      # attributes = array_value[1..-2]
+      # current_resource = workitem[resource]
+      # attributes.each do |a|
+      #     current_resource = current_resource[a]
+      # end
+      # current_resource[array_value[-1]]
     end
 
     def fn_select(array_value)
-        index = array_value[0].to_i #TODO unsafe
-        values = array_value[1]
-        #logger.debug "Intrinsic: fn_select  index= #{index} values = #{values.inspect}"
-        values[index]
+      index = array_value[0].to_i #TODO unsafe
+      values = array_value[1]
+      #logger.debug "Intrinsic: fn_select  index= #{index} values = #{values.inspect}"
+      values[index]
     end
 
     def fn_ref(value, workitem)
-        #logger.debug "Intrinsic: fn_ref  value = #{value}"
+      #logger.debug "Intrinsic: fn_ref  value = #{value}"
+      if workitem[value]
         workitem[value]['physical_id'] #TODO only works with Resources not Params
+      else
+        workitem['ResolvedNames'][value]
+      end
+    end
+
+    def fn_lookup(value, workitem)
+      case value
+      when String
+        workitem['ResolvedNames'][value]
+      when Hash
+        workitem['ResolvedNames'][intrinsic(value, workitem)]
+      end
+    end
+
+    def fn_map(value, workitem)
+      #logger.debug "Intrinsic: fn_ref  value = #{value}"
+      resolved_keys = []
+      value.each do |k|
+        case k
+        when String
+          resolved_keys.push(k)
+        when Hash
+          resolved_keys.push(intrinsic(k,workitem))
+        end
+      end
+      workitem['Mappings'][resolved_keys[0]][resolved_keys[1]][resolved_keys[2]]
     end
 
+    def fn_base64(value, workitem)
+      case value
+      when String
+        Base64.urlsafe_encode64(value)
+      when Hash
+        Base64.urlsafe_encode64(intrinsic(value, workitem))
+      end
+    end
   end
-end
+end

data/lib/stackmate/logging.rb

@@ -1,28 +1,28 @@
 require 'logger'
 
 module StackMate
-module Logging
-  def logger
-    @logger ||= Logging.logger_for(self.class.name)
-  end
+  module Logging
+    def logger
+      @logger ||= Logging.logger_for(self.class.name)
+    end
 
-  # Use a hash class-ivar to cache a unique Logger per class:
-  @loggers = {}
+    # Use a hash class-ivar to cache a unique Logger per class:
+    @loggers = {}
 
-  class << self
-    def logger_for(classname)
-      @loggers[classname] ||= configure_logger_for(classname)
-    end
+    class << self
+      def logger_for(classname)
+        @loggers[classname] ||= configure_logger_for(classname)
+      end
 
-    def configure_logger_for(classname)
-      logger = Logger.new(STDOUT)
-      logger.progname = classname
-      logger.datetime_format= '%F %T'
-      logger.formatter = proc do |severity, datetime, progname, msg|
-            "[#{datetime}] #{severity} #{progname} #{msg}\n"
+      def configure_logger_for(classname)
+        logger = Logger.new(STDOUT)
+        logger.progname = classname
+        logger.datetime_format= '%F %T'
+        logger.formatter = proc do |severity, datetime, progname, msg|
+          "[#{datetime}] #{severity} #{progname} #{msg}\n"
+        end
+        logger
       end
-      logger
     end
   end
-end
-end
+end