stackup 0.9.4 → 0.9.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +4 -0
  3. data/README.md +9 -0
  4. data/bin/stackup +32 -5
  5. data/lib/stackup/version.rb +1 -1
  6. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0417b69fa907567e0d594b25e7284aa932bcf99d
4
- data.tar.gz: 88e68a2f9db98a05d06fb79c92a8ddf2120b314f
3
+ metadata.gz: c0d5247909e33849cd8ebd01a050d97d446e1e27
4
+ data.tar.gz: c791ab2604455fb5786ca2c6c3162fa9520e7e87
5
5
  SHA512:
6
- metadata.gz: 7296e7ccd88e3e4b46ed560e48323ed19fddc64bcc47210ae5a7ca2c4553a30f6cac3bc5dae5dbe13ebc2ad64fd195949a8848e5517f1863773b123d5923c4d6
7
- data.tar.gz: f6d1e3ec94f38f358897c4f23b21d808860202adee83717b79cfaee3be42dcad6c1f1c47dd133f30d002fb5d61fc36199ad59dbc0f4eb1e7e09bb6b06f39fe0b
6
+ metadata.gz: 10b971d636c818efe634cca634a30fffe672517b2e05fa46648f7e17eada5320e94f15bac14125917bc8527978068a4f582f00cc154319f4c2c045e0c37446b7
7
+ data.tar.gz: de309273aa1a1c05a968e4ae12793a35a027d87360bc7612e627f001a828d77d4f84f1ce350c5b941def64f46205c292a791411198d64a3e2b9b4cd9cc0e5a91
data/CHANGES.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## 0.9.4 (2016-09-26)
2
+
3
+ * Add `--with-role` option, to assume a role for stack operations.
4
+
1
5
  ## 0.9.4 (2016-09-03)
2
6
 
3
7
  * Support multiple parameters files.
data/README.md CHANGED
@@ -116,3 +116,12 @@ Replace "latest" with a specific version for added safety.
116
116
 
117
117
  The default working-directory within the container is `/cwd`;
118
118
  hence the volume mount to make files available from the host system.
119
+
120
+ ## AWS credentials
121
+
122
+ The stackup command-line looks for AWS credentials in the [standard environment variables](https://blogs.aws.amazon.com/security/post/Tx3D6U6WSFGOK2H/A-New-and-Standardized-Way-to-Manage-Credentials-in-the-AWS-SDKs).
123
+
124
+ You can also use the `--with-role` option to temporarily assume a different IAM role, for stack operations:
125
+
126
+ $ stackup myapp-test up -t template.json \
127
+ --with-role arn:aws:iam::862905684840:role/deployment
data/bin/stackup CHANGED
@@ -5,6 +5,7 @@ $LOAD_PATH << File.expand_path("../../lib", __FILE__)
5
5
  require "clamp"
6
6
  require "console_logger"
7
7
  require "multi_json"
8
+ require "securerandom"
8
9
  require "stackup"
9
10
  require "stackup/differ"
10
11
  require "stackup/version"
@@ -26,15 +27,15 @@ Clamp do
26
27
  unless arg =~ /^[a-z]{2}-[a-z]+-\d$/
27
28
  fail ArgumentError, "#{arg.inspect} doesn't look like a region"
28
29
  end
29
- Aws.config.update(:region => arg)
30
30
  arg
31
31
  end
32
32
 
33
+ option ["--with-role"], "ROLE_ARN", "assume this role",
34
+ :attribute_name => :role_arn
35
+
33
36
  option ["--retry-limit"], "N", "maximum number of retries for API calls",
34
37
  :environment_variable => "AWS_API_RETRY_LIMIT" do |arg|
35
- Integer(arg).tap do |value|
36
- Aws.config.update(:retry_limit => value)
37
- end
38
+ Integer(arg)
38
39
  end
39
40
 
40
41
  option ["--[no-]wait"], :flag, "wait for stack updates to complete",
@@ -80,8 +81,34 @@ Clamp do
80
81
  puts format_data(data)
81
82
  end
82
83
 
84
+ def role_arn=(arg)
85
+ unless arg =~ %r{^arn:aws:iam::\d+:role/}
86
+ fail ArgumentError, "#{arg.inspect} doesn't look like a role ARN"
87
+ end
88
+ @role_arn = arg
89
+ end
90
+
83
91
  def stackup
84
- Stackup(:logger => logger, :log_level => :debug)
92
+ Stackup(aws_config)
93
+ end
94
+
95
+ def base_aws_config
96
+ {
97
+ :log_level => :debug,
98
+ :logger => logger,
99
+ :region => region,
100
+ :retry_limit => retry_limit
101
+ }.reject { |_k, v| v.nil? }
102
+ end
103
+
104
+ def aws_config
105
+ return base_aws_config unless role_arn
106
+ assumed_credentials = Aws::AssumeRoleCredentials.new(
107
+ :client => Aws::STS::Client.new(base_aws_config),
108
+ :role_arn => role_arn,
109
+ :role_session_name => "stackup-#{SecureRandom.hex(8)}"
110
+ )
111
+ base_aws_config.merge(:credentials => assumed_credentials)
85
112
  end
86
113
 
87
114
  def stack
data/lib/stackup/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Stackup
2
2
 
3
- VERSION = "0.9.4"
3
+ VERSION = "0.9.5"
4
4
 
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: stackup
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.4
4
+ version: 0.9.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Williams
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2016-09-03 00:00:00.000000000 Z
12
+ date: 2016-09-26 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: aws-sdk-resources
@@ -59,14 +59,14 @@ dependencies:
59
59
  requirements:
60
60
  - - "~>"
61
61
  - !ruby/object:Gem::Version
62
- version: 3.0.5
62
+ version: '3.0'
63
63
  type: :runtime
64
64
  prerelease: false
65
65
  version_requirements: !ruby/object:Gem::Requirement
66
66
  requirements:
67
67
  - - "~>"
68
68
  - !ruby/object:Gem::Version
69
- version: 3.0.5
69
+ version: '3.0'
70
70
  - !ruby/object:Gem::Dependency
71
71
  name: multi_json
72
72
  requirement: !ruby/object:Gem::Requirement