stalkedbybean 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: '0497c17d1af5b7b34aaf61dcedda053b378b73624cfcd7a3a94d163138ef28e2'
+  data.tar.gz: 1f114e09cdf4530f21ff8674156aaa04ddbde02ccdd89e75b550aad7189e1072
+SHA512:
+  metadata.gz: 74788823e3be103aa95b114a574a47fe1e2de119ccc6665ccdef46a07c33c6ed9782651fff3675170969c072935b9c6b8fce7190fc13d1bb38769166b2201763
+  data.tar.gz: 940c1476844838d5b62d53f7ea7a0ce22999775109d3989343987553c8f6e344e93edd7eb789c907bf0629362c604e74231106d55588c701630d0d7114f3aa69

data/.gitignore

@@ -0,0 +1,13 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# Elastic Beanstalk Files
+.elasticbeanstalk/*
+!.elasticbeanstalk/*.cfg.yml
+!.elasticbeanstalk/*.global.yml

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.4.2
+before_install: gem install bundler -v 1.16.0

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in stalkedbybean.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,80 @@
+PATH
+  remote: .
+  specs:
+    stalkedbybean (0.1.0)
+      aws-sdk-elasticbeanstalk
+      aws-sdk-iam
+      aws-sdk-kms
+      thor
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    aruba (0.14.5)
+      childprocess (>= 0.6.3, < 0.10.0)
+      contracts (~> 0.9)
+      cucumber (>= 1.3.19)
+      ffi (~> 1.9.10)
+      rspec-expectations (>= 2.99)
+      thor (~> 0.19)
+    aws-partitions (1.70.0)
+    aws-sdk-core (3.17.0)
+      aws-partitions (~> 1.0)
+      aws-sigv4 (~> 1.0)
+      jmespath (~> 1.0)
+    aws-sdk-elasticbeanstalk (1.4.0)
+      aws-sdk-core (~> 3)
+      aws-sigv4 (~> 1.0)
+    aws-sdk-iam (1.3.0)
+      aws-sdk-core (~> 3)
+      aws-sigv4 (~> 1.0)
+    aws-sdk-kms (1.5.0)
+      aws-sdk-core (~> 3)
+      aws-sigv4 (~> 1.0)
+    aws-sigv4 (1.0.2)
+    backports (3.11.1)
+    builder (3.2.3)
+    childprocess (0.9.0)
+      ffi (~> 1.0, >= 1.0.11)
+    contracts (0.16.0)
+    cucumber (3.1.0)
+      builder (>= 2.1.2)
+      cucumber-core (~> 3.1.0)
+      cucumber-expressions (~> 5.0.4)
+      cucumber-wire (~> 0.0.1)
+      diff-lcs (~> 1.3)
+      gherkin (~> 5.0)
+      multi_json (>= 1.7.5, < 2.0)
+      multi_test (>= 0.1.2)
+    cucumber-core (3.1.0)
+      backports (>= 3.8.0)
+      cucumber-tag_expressions (~> 1.1.0)
+      gherkin (>= 5.0.0)
+    cucumber-expressions (5.0.13)
+    cucumber-tag_expressions (1.1.1)
+    cucumber-wire (0.0.1)
+    diff-lcs (1.3)
+    ffi (1.9.23)
+    gherkin (5.0.0)
+    jmespath (1.3.1)
+    multi_json (1.13.1)
+    multi_test (0.1.2)
+    rake (10.5.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-support (3.7.1)
+    thor (0.20.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  aruba
+  bundler (~> 1.16)
+  cucumber
+  rake (~> 10.0)
+  stalkedbybean!
+
+BUNDLED WITH
+   1.16.0

data/LICENSE.txt

@@ -0,0 +1,30 @@
+BSD 3-Clause License
+
+Copyright (c) 2018, Ascential plc
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+* Neither the name of the copyright holder nor the names of its
+  contributors may be used to endorse or promote products derived from
+  this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -0,0 +1,116 @@
+# Stalkedbybean
+
+Little Ruby command line utility to help Ascential Makers to deploy on AWS beanstalk. Configurable through command line and config file.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'stalkedbybean'
+```
+
+And then execute:
+
+```ruby
+$ bundle install
+```
+
+Or install it yourself as:
+
+```
+$ gem install stalkedbybean
+```
+
+## How to use
+
+You can perform all the steps for deploying your app (initializing it, handling secrets, creating the environment, deploying the version and terminating environment finally) by running a simple Ruby script.
+
+1. This gem relies on some dependencies ([AWS CLI](https://aws.amazon.com/cli/), [AWS EB CLI](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/eb-cli3.html) and [Credstash](https://github.com/fugue/credstash)) you will have to install.
+```
+$ pip3 install awscli --upgrade --user
+$ pip3 install awsebcli --upgrade --user
+$ sudo pip3 install boto botocore boto3
+$ sudo pip3 install credstash
+```
+
+2. Make sure you have your AWS credentials set up. If not, you can do so by [following the instructions here.](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html)
+
+3. Initialise a default config file in your project's root directory. Replace `your-environment-name` which whatever applies to you (eg; test, staging, production etc). This should generate a [config file](./config/config_test.yml) and [config settings file](./config/.stalkedbybean.yml) in the directory you are in.
+```
+$ stalkedbybean init your-environment-name
+```
+
+4. Update the generated [config file](./config/config_test.yml) with the config options relevant to _your_ app especially the mandatory ones for setting up secrets. You won't be able to get your `kms_arn` until you set up your secrets below so leave that for now.
+
+Detailed information on how to update your config options [can be found here](./docs/setting_up_config_file.md).
+
+5. The generated file will automatically be set as your default config file. You can override this by passing it with the flag ```-f FILENAME``` when running the gem commands or changing the default file in `config/.stalkedbybean.yml`.
+
+## Commands Details
+
+```bash
+stalkedbybean init                            # Generates a config file
+stalkedbybean create [OPTIONS]                # Creates a new AWS application
+stalkedbybean secrets <command> [OPTIONS]     # Sets up and manages secrets using Credstash
+stalkedbybean setup_roles [OPTIONS]           # Sets up roles in AWS IAM
+stalkedbybean provision -v VERSION [OPTIONS]  # Provisions new environment in AWS EB
+stalkedbybean deploy -v VERSION [OPTIONS]     # Deploys new version of environment
+stalkedbybean terminate [OPTIONS]             # Terminates environment, application and all resources
+stalkedbybean update_config [OPTIONS]         # Updates all config options
+stalkedbybean print_env_vars [OPTIONS]        # Prints existing environment variables
+stalkedbybean update_env_vars [OPTIONS]       # Updates environment variables
+stalkedbybean versions [OPTIONS]              # Displays application versions
+stalkedbybean help [COMMAND]                  # Describe available commands or one specific command
+```
+
+## Handling Secrets
+
+The Beanstalk platform expects secrets to be put using [CredStash](https://github.com/fugue/credstash), in the same region that you are deploying, using a table called `your_app_name-your_environment_name`, encrypted through a KMS key.
+
+This can be done using `stalkedbybeans`.
+
+1. Make sure you have the `config.yml` file with the mandatory options for setting up secrets filled up correctly.
+
+2. Create a KMS key and setup a table to hold your secrets. This step will also print out your KMS ARN which you should copy and paste into your [config.yml file](./config/config_test.yml) as it will be required for deployment.
+```bash
+$ stalkedbybeans secrets setup
+```
+
+3. To add a secret in a key/value pair:
+```bash
+$ stalkedbybeans secrets add [key] [value]
+```
+
+4. To get a secret:
+```bash
+$ stalkedbybeans secrets get [key]
+```
+
+5. You can also change the value of an existing secret by creating a new version of it. Credstash will automatically use the latest version of the secret.
+```bash
+$ stalkedbybeans secrets change [key] [new_value] [version]
+```
+
+6. To get all the secrets stored within your application:
+```bash
+$ stalkedbybeans secrets getall
+```
+
+If you do not want to use the script, you can also use Credstash [manually as described here](./docs/setting_up_credstash.md).
+
+Keys are versioned. See [CredStash documentation](https://github.com/fugue/credstash) for more details.
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/ascential/stalkedbybean.
+
+## License
+
+The gem is available as open source under the terms of the [BSD-3-Clause](https://opensource.org/licenses/BSD-3-Clause).

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/*_test.rb"]
+end
+
+task :default => :test

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "stalkedbybean"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/config/.stalkedbybean.yml

@@ -0,0 +1 @@
+default: "config/config_test.yml"

data/config/config_test.yml

@@ -0,0 +1,25 @@
+# MANDATORY OPTIONS TO BE FILLED UP BEFORE SETTING UP SECRETS
+app_name:
+aws_profile:
+aws_region:
+environment: test
+
+# MANDATORY OPTIONS TO BE FILLED UP BEFORE SETTING UP ROLES
+aws_account_id:
+kms_arn:
+
+# OPTIONAL (BUT HIGHLY RECOMMENDED) OPTIONS
+vpc_id:
+vpc_security_groups:
+  -
+instance_count:
+instance_size:
+platform_arn:
+env_vars: "KEY=value"
+vpc_ec2_subnets:
+  -
+  -
+vpc_elb_subnets:
+  -
+  -
+key_name:

data/docs/setting_up_config_file.md

@@ -0,0 +1,55 @@
+# What Goes in Your Config File
+
+A short guide as to what needs to go in your config file for deployment as well as where you might find them.
+
+## Mandatory Options
+* **aws_profile**
+
+* **aws_region**
+
+The region where your resource is going to reside in. This is up to you but **please** ensure that it is consistent throughout your app. You can find more details as well the list of possible regions [at this link](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html).
+
+* **kms_arn**
+
+You should have created a key [as detailed here](./README.md#handling-secrets) to handle any secrets within Credstash. To get the ARN of your key, go to the IAM service page --> Encryption Keys and find the key that you have created. Copy the entire ARN of your key for this field.
+
+## Not-so-mandatory Options
+
+* **vpc_id**
+
+VPC (Virtual Private Cloud) is an isolated virtual network in the AWS cloud. You can find your **VPC ID** by going to the VPC service page and searching the table in **Your VPCs**.
+
+* **vpc_security_groups**
+
+Find your relevant security group by going to the VPC service page and searching the table in **Security Groups** for the groups relevant to your app. You might have more than one security group. You will need to copy their group IDs.
+
+If your application has a database, you will also need to include your [RDS security group](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html) by looking up your DB instance on AWS RDS.
+
+* **instance_count**
+
+* **instance_size**
+
+You can specify the instance type and instance size which best fits your app. More details on the different types/sizes which exist [can be found here](https://aws.amazon.com/ec2/instance-types/).
+
+* **platform_arn**
+
+The ARN of the custom platform you are using. We offer two versions of custom platforms so far for the regions eu-west-1 and eu-west-2.
+
+eu-west-1: arn:aws:elasticbeanstalk:eu-west-1:160153085320:platform/AscentialPlatform_Ubuntu/1.0.42
+eu-west-2: arn:aws:elasticbeanstalk:eu-west-2:160153085320:platform/AscentialPlatform_Ubuntu/1.0.2
+
+If this does not fit your requirements, you can [create your own custom beanstalk platform](./Beanstalk_custom_platform.md).
+
+* **environment**
+
+Specify the name of the environment you are deploying (e.g. test, deployment, production etc). You can create and manage separate environments for your application.
+
+* **vpc_ec2_subnets**
+
+Your private subnet IDs belong here. Find your relevant private subnet IDs by going to the VPC service page and searching under **Subnets**. You might have more than one security group. An easy way to narrow things down would be to search the subnets by your VPC id.
+
+* **vpc_elb_subnets**
+
+Your public subnet IDs belong here. Find your relevant private subnet IDs by going to the VPC service page and searching under **Subnets**. You might have more than one security group. An easy way to narrow things down would be to search the subnets by your VPC id.
+
+* **key_name**

data/docs/setting_up_credstash.md

@@ -0,0 +1,19 @@
+# Setting up CredStash
+
+You need to go to [the aws console of IAM, section encryption key](https://console.aws.amazon.com/iam/home#/encryptionKeys/eu-west-1) and create a key here. The alias you use will be used everytime you put a value to your secrets.
+We advise to use `app_name` as the alias of the key
+
+You can create the table by using
+```bash
+$ credstash -r your_region -p your_profile -t app_name-environment_name setup
+```
+
+You can now add secrets under a key by calling
+```bash
+$ credstash -r your_region -p your_profile -t app_name-environment_name put -k alias/key_alias key value
+```
+
+and consulting a key by doing
+```bash
+$ credstash -r your_region -p your_profile -t app_name-environment_name get key
+```

data/exe/stalkedbybean

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+
+require 'stalkedbybean/cli'
+Stalkedbybean::CLI.start

data/lib/stalkedbybean.rb

@@ -0,0 +1,15 @@
+require "stalkedbybean/version"
+require "stalkedbybean/initialize"
+require "stalkedbybean/secrets_setup"
+require "stalkedbybean/role_setup"
+require "stalkedbybean/provision"
+require "stalkedbybean/deploy"
+require "stalkedbybean/terminate"
+require "stalkedbybean/env_vars"
+require "stalkedbybean/app_info"
+require "stalkedbybean/parser"
+
+
+module Stalkedbybean
+
+end

data/lib/stalkedbybean/app_info.rb

@@ -0,0 +1,18 @@
+require 'Shellwords'
+
+module Stalkedbybean
+  class AppInfo
+
+    def self.parse_options(file_path, options)
+      @options = Stalkedbybean::Parser.parse_options(file_path, options)
+    end
+
+
+    def self.list_application_versions
+      system(
+        "eb appversion --profile #{@options[:aws_profile]} -r #{@options[:aws_region]}"
+      )
+    end
+
+  end
+end

data/lib/stalkedbybean/cli.rb

@@ -0,0 +1,169 @@
+require 'thor'
+require 'stalkedbybean'
+require 'stalkedbybean/generators/init'
+
+module Stalkedbybean
+  class CLI < Thor
+
+    desc "create [OPTIONS]", "Creates a new AWS application"
+    method_option :file_path, :type => :string, :aliases => "-f"
+    method_option :app_name, :type => :string, :aliases => "-n"
+    method_option :aws_profile, :type => :string, :aliases => "-p"
+    method_option :aws_region, :type => :string, :aliases => "-r"
+    method_option :platform_arn, :type => :string, :aliases => "-a"
+    def create
+      Stalkedbybean::Initialize.parse_options(options[:file_path], options)
+      Stalkedbybean::Initialize.initialize_app
+    end
+
+    desc "secrets <command> [OPTIONS]", "Sets up and manages secrets using Credstash"
+    method_option :file_path, :type => :string, :aliases => "-f"
+    method_option :app_name, :type => :string, :aliases => "-n"
+    method_option :aws_profile, :type => :string, :aliases => "-p"
+    method_option :aws_region, :type => :string, :aliases => "-r"
+    method_option :environment, :type => :string, :aliases => "-e"
+    def secrets(action, *args)
+      if action == "setup"
+        Stalkedbybean::SecretsSetup.parse_options(options[:file_path], options)
+        Stalkedbybean::SecretsSetup.create_key
+        Stalkedbybean::SecretsSetup.create_credstash_table
+      elsif action == "add"
+        Stalkedbybean::SecretsSetup.parse_options(options[:file_path], options)
+        Stalkedbybean::SecretsSetup.add_secret(args[0], args[1])
+      elsif action == "get"
+        Stalkedbybean::SecretsSetup.parse_options(options[:file_path], options)
+        Stalkedbybean::SecretsSetup.get_secret(args[0])
+      elsif action == "change"
+        Stalkedbybean::SecretsSetup.parse_options(options[:file_path], options)
+        Stalkedbybean::SecretsSetup.change_secret(args[0], args[1], args[2])
+      elsif action == "getall"
+        Stalkedbybean::SecretsSetup.parse_options(options[:file_path], options)
+        Stalkedbybean::SecretsSetup.getall_secrets
+      else
+        puts (
+          <<~HEREDOC
+          USAGE: stalkedbybean secrets <command> [OPTIONS]
+          COMMANDS:
+            - setup
+            - add KEY VALUE
+            - get KEY
+            - change KEY NEW_VALUE VERSION
+            - getall
+        HEREDOC
+      )
+      end
+    end
+
+    desc "setup_roles [OPTIONS]", "Sets up roles in AWS IAM"
+    method_option :file_path, :type => :string, :aliases => "-f"
+    method_option :app_name, :type => :string, :aliases => "-n"
+    method_option :aws_profile, :type => :string, :aliases => "-p"
+    method_option :aws_region, :type => :string, :aliases => "-r"
+    method_option :environment, :type => :string, :aliases => "-e"
+    method_option :aws_account_id, :type => :string
+    method_option :kms_arn, :type => :string
+    def setup_roles
+      Stalkedbybean::RoleSetup.parse_options(options[:file_path], options)
+      Stalkedbybean::RoleSetup.setup_IAM
+    end
+
+    desc "provision -v VERSION [OPTIONS]", "Provisions new environment in AWS EB"
+    method_option :file_path, :type => :string, :aliases => "-f"
+    method_option :app_name, :type => :string, :aliases => "-n"
+    method_option :aws_profile, :type => :string, :aliases => "-p"
+    method_option :aws_region, :type => :string, :aliases => "-r"
+    method_option :environment, :type => :string, :aliases => "-e"
+    method_option :platform_arn, :type => :string, :aliases => "-a"
+    method_option :instance_size, :type => :string, :aliases => "-i"
+    method_option :instance_count, :type => :string, :aliases => "-s"
+    method_option :vpc_id, :type => :string
+    method_option :vpc_ec2_subnets, :type => :array
+    method_option :vpc_elb_subnets, :type => :array
+    method_option :vpc_security_groups, :type => :array
+    method_option :version, :type => :string, :aliases => "-v"
+    method_option :key_name, :type => :string
+    method_option :env_vars, :type => :string
+    def provision
+      Stalkedbybean::Provision.parse_options(options[:file_path], options)
+      Stalkedbybean::Provision.create_environment
+    end
+
+    desc "deploy -v VERSION [OPTIONS]", "Deploys new version of environment"
+    method_option :file_path, :type => :string, :aliases => "-f"
+    method_option :app_name, :type => :string, :aliases => "-n"
+    method_option :aws_profile, :type => :string, :aliases => "-p"
+    method_option :aws_region, :type => :string, :aliases => "-r"
+    method_option :environment, :type => :string, :aliases => "-e"
+    method_option :version, :type => :string, :aliases => "-v"
+    def deploy
+      Stalkedbybean::Deploy.parse_options(options[:file_path], options)
+      Stalkedbybean::Deploy.deploy_version
+    end
+
+    desc "terminate [OPTIONS]", "Terminates environment, application and all resources"
+    method_option :file_path, :type => :string, :aliases => "-f"
+    method_option :aws_profile, :type => :string, :aliases => "-p"
+    method_option :aws_region, :type => :string, :aliases => "-r"
+    method_option :environment, :type => :string, :aliases => "-e"
+    def terminate
+      Stalkedbybean::Terminate.parse_options(options[:file_path], options)
+      Stalkedbybean::Terminate.terminate_environment
+    end
+
+    desc "update_config [OPTIONS]", "Updates all config options"
+    method_option :file_path, :type => :string, :aliases => "-f"
+    method_option :app_name, :type => :string, :aliases => "-n"
+    method_option :aws_profile, :type => :string, :aliases => "-p"
+    method_option :aws_region, :type => :string, :aliases => "-r"
+    method_option :environment, :type => :string, :aliases => "-e"
+    method_option :instance_size, :type => :string, :aliases => "-i"
+    method_option :instance_count, :type => :string, :aliases => "-s"
+    method_option :vpc_id, :type => :string
+    method_option :vpc_ec2_subnets, :type => :array
+    method_option :vpc_elb_subnets, :type => :array
+    method_option :vpc_security_groups, :type => :array
+    method_option :key_name, :type => :string
+    method_option :env_vars, :type => :string
+    def update_config
+      Stalkedbybean::EnvVars.parse_options(options[:file_path], options)
+      Stalkedbybean::EnvVars.update_configuration_options
+    end
+
+    desc "update_env_vars [OPTIONS]", "Updates environment variables"
+    method_option :file_path, :type => :string, :aliases => "-f"
+    method_option :aws_profile, :type => :string, :aliases => "-p"
+    method_option :aws_region, :type => :string, :aliases => "-r"
+    method_option :env_vars, :type => :string
+    def update_env_vars
+      Stalkedbybean::EnvVars.parse_options(options[:file_path], options)
+      Stalkedbybean::EnvVars.update_environment_variables
+    end
+
+    desc "print_env_vars [OPTIONS]", "Prints existing environment variables"
+    method_option :file_path, :type => :string, :aliases => "-f"
+    method_option :app_name, :type => :string, :aliases => "-n"
+    method_option :aws_profile, :type => :string, :aliases => "-p"
+    method_option :aws_region, :type => :string, :aliases => "-r"
+    method_option :environment, :type => :string, :aliases => "-e"
+    def print_env_vars
+      Stalkedbybean::EnvVars.parse_options(options[:file_path], options)
+      Stalkedbybean::EnvVars.print_environment_variables
+    end
+
+    desc "versions [OPTIONS]", "Displays application versions"
+    method_option :file_path, :type => :string, :aliases => "-f"
+    method_option :aws_profile, :type => :string, :aliases => "-p"
+    method_option :aws_region, :type => :string, :aliases => "-r"
+    def versions
+      Stalkedbybean::AppInfo.parse_options(options[:file_path], options)
+      Stalkedbybean::AppInfo.list_application_versions
+    end
+
+
+    desc "init", "Generates a config file"
+    def init(name)
+      Stalkedbybean::Generators::Init.start([name])
+    end
+
+  end
+end

data/lib/stalkedbybean/deploy.rb

@@ -0,0 +1,22 @@
+require 'Shellwords'
+
+module Stalkedbybean
+  class Deploy
+
+    def self.parse_options(file_path, options)
+      @options = Stalkedbybean::Parser.parse_options(file_path, options)
+    end
+
+    def self.deploy_version
+      system(
+      <<~HEREDOC
+       eb deploy #{@options[:app_name]}-#{@options[:environment]} \
+        --profile #{@options[:aws_profile]} \
+        -r #{@options[:aws_region]} \
+        --version #{@options[:version]}
+      HEREDOC
+      )
+    end
+
+  end
+end

data/lib/stalkedbybean/env_vars.rb

@@ -0,0 +1,79 @@
+require 'Shellwords'
+require 'aws-sdk-elasticbeanstalk'
+
+module Stalkedbybean
+  class EnvVars
+
+    def self.parse_options(file_path, options)
+      @options = Stalkedbybean::Parser.parse_options(file_path, options)
+    end
+
+    def self.update_configuration_options
+
+      @client = Aws::ElasticBeanstalk::Client.new(region: "#{@options[:aws_region]}", profile: "#{@options[:aws_profile]}")
+
+      resp = @client.update_environment({
+        application_name: "#{@options[:app_name]}",
+        environment_name: "#{@options[:app_name]}-#{@options[:environment]}",
+        platform_arn: "#{@options[:platform_arn]}",
+        option_settings: [
+          {
+              namespace: "aws:ec2:vpc",
+              option_name: "VPCId",
+              value: "#{@options[:vpc_id]}"
+          },
+          {
+              namespace: "aws:autoscaling:launchconfiguration",
+              option_name: "SecurityGroups",
+              value: "#{@options[:vpc_security_groups]}"
+          },
+          {
+              namespace: "aws:autoscaling:asg",
+              option_name: "MaxSize",
+              value: "1"
+          },
+          {
+              namespace: "aws:autoscaling:asg",
+              option_name: "MinSize",
+              value: "1"
+          },
+          {
+              namespace: "aws:autoscaling:launchconfiguration",
+              option_name: "InstanceType",
+              value: "#{@options[:instance_size]}"
+          },
+          {
+              namespace: "aws:ec2:vpc",
+              option_name: "ELBSubnets",
+              value: "#{@options[:vpc_elb_subnets]}"
+          },
+          {
+              namespace: "aws:ec2:vpc",
+              option_name: "Subnets",
+              value: "#{@options[:vpc_ec2_subnets]}"
+          },
+          {
+              namespace: "aws:autoscaling:launchconfiguration",
+              option_name: "EC2KeyName",
+              value: "#{@options[:key_name]}"
+          },
+        ],
+      })
+
+      puts "Environment update has started. This will take some time."
+    end
+
+    def self.update_environment_variables
+      system(
+       "eb setenv #{@options[:env_vars]} --profile #{@options[:aws_profile]} --region #{@options[:aws_region]}"
+      )
+    end
+
+    def self.print_environment_variables
+      system(
+       "eb printenv #{@options[:app_name]}-#{@options[:environment]} --profile #{@options[:aws_profile]} -r #{@options[:aws_region]}"
+      )
+    end
+
+  end
+end

data/lib/stalkedbybean/generators/init.rb

@@ -0,0 +1,26 @@
+require 'thor/group'
+
+module Stalkedbybean
+  module Generators
+    class Init < Thor::Group
+      argument :name, :type => :string
+      include Thor::Actions
+
+      def self.source_root
+        File.dirname(__FILE__) + "/init"
+      end
+
+      def create_group
+        empty_directory('config')
+      end
+
+      def copy_config_file
+        template("config.yml", "config/config_#{name}.yml")
+      end
+
+      def copy_config_settings
+        template(".stalkedbybean.yml", "config/.stalkedbybean.yml")
+      end
+    end
+  end
+end

data/lib/stalkedbybean/generators/init/.stalkedbybean.yml

@@ -0,0 +1,3 @@
+# THIS WILL BE THE DEFAULT CONFIG FILE THAT WILL BE PASSED TO YOUR COMMANDS IF YOU DO NOT OVVERRIDE WITH -F FLAG.
+# YOU CAN CHANGE IT IF YOU WANT YOUR DEFAULT CONFIG FILE TO BE SOMETHING ELSE. 
+default: "config/config_<%=name%>.yml"

data/lib/stalkedbybean/generators/init/config.yml

@@ -0,0 +1,25 @@
+# MANDATORY OPTIONS TO BE FILLED UP BEFORE SETTING UP SECRETS
+app_name:
+aws_profile:
+aws_region:
+environment: <%= name %>
+
+# MANDATORY OPTIONS TO BE FILLED UP BEFORE SETTING UP ROLES
+aws_account_id:
+kms_arn:
+
+# OPTIONAL (BUT HIGHLY RECOMMENDED) OPTIONS
+vpc_id:
+vpc_security_groups:
+  -
+instance_count:
+instance_size:
+platform_arn:
+env_vars: "KEY=value"
+vpc_ec2_subnets:
+  -
+  -
+vpc_elb_subnets:
+  -
+  -
+key_name:

data/lib/stalkedbybean/initialize.rb

@@ -0,0 +1,16 @@
+require 'Shellwords'
+require 'yaml'
+
+module Stalkedbybean
+  class Initialize
+
+    def self.parse_options(file_path, options)
+      @options = Stalkedbybean::Parser.parse_options(file_path, options)
+    end
+
+    def self.initialize_app
+      system("eb init #{@options[:app_name]} --profile #{@options[:aws_profile]} -r #{@options[:aws_region]} -p #{@options[:platform_arn]}")
+    end
+
+  end
+end

data/lib/stalkedbybean/parser.rb

@@ -0,0 +1,29 @@
+module Stalkedbybean
+  module Parser
+    extend self
+
+    CONFIG_SETTINGS_FILE = "config/.stalkedbybean.yml"
+
+    def parse_options(file_path, options)
+      file_path ||= get_default_file_path
+      default_options = load_default_options(file_path)
+      parsed_options = symbolize_option_names(options)
+      default_options.merge!(parsed_options)
+    end
+
+    def load_default_options(file_path)
+      default_options = YAML::load(open(file_path))
+      symbolize_option_names(default_options)
+    end
+
+    def symbolize_option_names(options)
+      options.map { |key, value| [key.to_sym, value] }.to_h
+    end
+
+    def get_default_file_path
+      settings = YAML::load_file(CONFIG_SETTINGS_FILE)
+      settings["default"]
+    end
+
+  end
+end

data/lib/stalkedbybean/provision.rb

@@ -0,0 +1,38 @@
+require 'Shellwords'
+
+module Stalkedbybean
+  class Provision
+
+    def self.parse_options(file_path, options)
+      @options = Stalkedbybean::Parser.parse_options(file_path, options)
+    end
+
+    def self.create_environment
+      puts "provisioning app #{@options[:app_name]} in AWS region #{@options[:aws_region]} for environment #{@options[:environment]}"
+
+      system(
+      <<~HEREDOC
+        eb create #{@options[:app_name]}-#{@options[:environment]} \
+          --profile #{@options[:aws_profile]} \
+          --region #{@options[:aws_region]} \
+          -p #{@options[:platform_arn]} \
+          -i #{@options[:instance_size]} \
+          -ip #{@options[:app_name]}-#{@options[:environment]}-beanstalk-EC2 \
+          -sr aws-elasticbeanstalk-service-role \
+          --tags project=#{@options[:app_name]},environment=#{@options[:environment]} \
+          --scale #{@options[:instance_count]} \
+          --elb-type classic \
+          --vpc.id #{@options[:vpc_id]} \
+          --vpc.elbpublic \
+          --vpc.ec2subnets #{@options[:vpc_ec2_subnets].join(',')} \
+          --vpc.elbsubnets #{@options[:vpc_elb_subnets].join(',')} \
+          --vpc.securitygroups #{@options[:vpc_security_groups].join(',')} \
+          --version #{@options[:version]} \
+          --envvars #{@options[:env_vars]} \
+          --keyname #{@options[:key_name]}
+        HEREDOC
+      )
+    end
+
+  end
+end

data/lib/stalkedbybean/role_setup.rb

@@ -0,0 +1,137 @@
+require 'aws-sdk-iam'
+
+module Stalkedbybean
+  class RoleSetup
+
+    def self.parse_options(file_path, options)
+      @options = Stalkedbybean::Parser.parse_options(file_path, options)
+    end
+
+    def self.setup_IAM
+      
+      @app_tag = "#{@options[:app_name]}-#{@options[:environment]}"
+      @client = Aws::IAM::Client.new(region: "#{@options[:aws_region]}", profile: "#{@options[:aws_profile]}")
+      @iam = Aws::IAM::Resource.new(client: @client)
+
+      role_name = "#{@app_tag}-beanstalk-EC2"
+
+      begin
+        role = self.create_role
+        puts "Role created"
+      rescue Aws::IAM::Errors::EntityAlreadyExists
+        puts "Role already created"
+        role = @client.get_role({
+             role_name: role_name
+          })
+      end
+
+      begin
+        cred_stash_policy = self.create_cred_stash_policy
+        puts "Credstash policy created"
+      rescue Aws::IAM::Errors::EntityAlreadyExists
+        puts "Credstash policy already created"
+
+        policies = @client.list_policies({})
+        arn = policies.policies.find { |policy| policy.policy_name == "#{@app_tag}-credstash-access" }.arn
+
+        cred_stash_policy = @client.get_policy({
+          policy_arn: arn
+        })
+      end
+
+      begin
+        self.attach_policy_to_role(cred_stash_policy.arn, role)
+        puts "Credstash policy attached"
+      rescue Exception => ex
+        puts "Credstash policy already attached"
+      end
+
+      begin
+        self.attach_policy_to_role("arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier", role)
+      rescue Exception => ex
+        puts "AWSElasticBeanstalkWebTier policy already attached"
+      end
+
+      begin
+        @client.create_instance_profile({
+          instance_profile_name: role_name
+        })
+        puts "Instance profile created"
+      rescue Exception => ex
+        puts "Instance profile already created"
+      end
+
+      begin
+        @client.add_role_to_instance_profile({
+          instance_profile_name: role_name,
+          role_name: role_name
+        })
+        puts "Role added to instance profile"
+      rescue Exception => ex
+        puts "Role has already been added to instance profile"
+      end
+    end
+
+    private
+
+    def self.create_role
+      policy_doc = {
+        Version:"2012-10-17",
+        Statement:[
+          {
+            Effect:"Allow",
+            Principal:{
+              Service:"ec2.amazonaws.com"
+            },
+            Action:"sts:AssumeRole"
+          }
+        ]
+      }
+
+      role = @iam.create_role({
+               role_name: "#{@app_tag}-beanstalk-EC2",
+               assume_role_policy_document: policy_doc.to_json
+             })
+
+      return role
+    end
+
+    def self.create_cred_stash_policy
+      role_policy_document = {
+        "Version": "2012-10-17",
+        "Statement": [
+          {
+            "Action": [
+              "kms:Decrypt"
+            ],
+            "Effect": "Allow",
+            "Resource": "#{@options[:kms_arn]}"
+          },
+          {
+            "Action": [
+              "dynamodb:GetItem",
+              "dynamodb:Query",
+              "dynamodb:Scan"
+            ],
+            "Effect": "Allow",
+            "Resource": "arn:aws:dynamodb:#{@options[:aws_region]}:#{@options[:aws_account_id]}:table/#{@app_tag}"
+          }
+        ]
+      }.to_json
+
+      cred_stash_policy = @iam.create_policy({
+        policy_name: "#{@app_tag}-credstash-access",
+        policy_document: role_policy_document
+      })
+
+      cred_stash_policy
+    end
+
+    def self.attach_policy_to_role(policy_arn, role)
+      role.attach_policy({
+        policy_arn: policy_arn
+      })
+    end
+
+  end
+end

data/lib/stalkedbybean/secrets_setup.rb

@@ -0,0 +1,49 @@
+require 'aws-sdk-kms'
+require 'Shellwords'
+
+module Stalkedbybean
+  class SecretsSetup
+
+    def self.parse_options(file_path, options)
+      @options = Stalkedbybean::Parser.parse_options(file_path, options)
+      @app_tag = "#{@options[:app_name]}-#{@options[:environment]}"
+    end
+
+    def self.create_key
+      @client = Aws::KMS::Client.new(region: "#{@options[:aws_region]}", profile: "#{@options[:aws_profile]}")
+      key = @client.create_key({})
+      @client.create_alias({
+        alias_name: "alias/#{@options[:app_name]}",
+        target_key_id: key[:key_metadata][:key_id]
+        })
+
+      puts "Your KMS ARN is: #{key[:key_metadata][:arn]}"
+    end
+
+    def self.create_credstash_table
+      system("credstash -r #{@options[:aws_region]} -p #{@options[:aws_profile]} -t #{@app_tag} setup")
+      puts "Credstash table #{@app_tag} created."
+    end
+
+    def self.add_secret(key, value)
+      raise(StandardError, "Missing or invalid key/value") if key == nil || value == nil
+      system("credstash -r #{@options[:aws_region]} -p #{@options[:aws_profile]} -t #{@app_tag} put -k alias/#{@options[:app_name]} #{key} #{value}")
+    end
+
+    def self.get_secret(key)
+      raise(StandardError, "Missing or invalid key") if key == nil
+      system("credstash -r #{@options[:aws_region]} -p #{@options[:aws_profile]} -t #{@app_tag} get #{key}")
+    end
+
+    def self.getall_secrets
+      system("credstash -r #{@options[:aws_region]} -p #{@options[:aws_profile]} -t #{@app_tag} getall")
+    end
+
+    def self.change_secret(key, value, version)
+      raise(StandardError, "Missing or invalid key/value") if key == nil || value == nil
+      raise(StandardError, "Missing version number") if version == nil
+      system("credstash -r #{@options[:aws_region]} -p #{@options[:aws_profile]} -t #{@app_tag} put -k alias/#{@options[:app_name]} -v #{version} #{key} #{value}")
+    end
+
+  end
+end

data/lib/stalkedbybean/terminate.rb

@@ -0,0 +1,17 @@
+require 'Shellwords'
+
+module Stalkedbybean
+  class Terminate
+
+    def self.parse_options(file_path, options)
+      @options = Stalkedbybean::Parser.parse_options(file_path, options)
+    end
+
+    def self.terminate_environment
+      system(
+       "eb terminate #{@options[:environment]} --all --profile #{@options[:aws_profile]} -r #{@options[:aws_region]}",
+      )
+    end
+
+  end
+end

data/lib/stalkedbybean/version.rb

@@ -0,0 +1,3 @@
+module Stalkedbybean
+  VERSION = "0.1.0"
+end

data/stalkedbybean.gemspec

@@ -0,0 +1,33 @@
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "stalkedbybean/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "stalkedbybean"
+  spec.version       = Stalkedbybean::VERSION
+  spec.authors       = ["Kavita Kalaichelvan", "Thomas Depierre"]
+  spec.email         = ["kavita.kalaichelvan@ascential.com", "thomas.depierre@ascential.com"]
+
+  spec.summary       = "Command line utility to deploy Elixir apps to AWS using Elastic Beanstalk"
+  spec.description   = "You can deploy your Elixir app to AWS by running a few simple commands."
+  spec.homepage      = "https://github.com/ascential/am-stalkedbybean"
+  spec.license       = "BSD-3-Clause"
+
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.16"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "cucumber"
+  spec.add_development_dependency "aruba"
+  spec.add_dependency "thor"
+  spec.add_dependency "aws-sdk-kms"
+  spec.add_dependency "aws-sdk-iam"
+  spec.add_dependency "aws-sdk-elasticbeanstalk"
+end

metadata

@@ -0,0 +1,189 @@
+--- !ruby/object:Gem::Specification
+name: stalkedbybean
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Kavita Kalaichelvan
+- Thomas Depierre
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-03-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: cucumber
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aruba
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-kms
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-iam
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-elasticbeanstalk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: You can deploy your Elixir app to AWS by running a few simple commands.
+email:
+- kavita.kalaichelvan@ascential.com
+- thomas.depierre@ascential.com
+executables:
+- stalkedbybean
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- config/.stalkedbybean.yml
+- config/config_test.yml
+- docs/setting_up_config_file.md
+- docs/setting_up_credstash.md
+- exe/stalkedbybean
+- lib/stalkedbybean.rb
+- lib/stalkedbybean/app_info.rb
+- lib/stalkedbybean/cli.rb
+- lib/stalkedbybean/deploy.rb
+- lib/stalkedbybean/env_vars.rb
+- lib/stalkedbybean/generators/init.rb
+- lib/stalkedbybean/generators/init/.stalkedbybean.yml
+- lib/stalkedbybean/generators/init/config.yml
+- lib/stalkedbybean/initialize.rb
+- lib/stalkedbybean/parser.rb
+- lib/stalkedbybean/provision.rb
+- lib/stalkedbybean/role_setup.rb
+- lib/stalkedbybean/secrets_setup.rb
+- lib/stalkedbybean/terminate.rb
+- lib/stalkedbybean/version.rb
+- stalkedbybean.gemspec
+homepage: https://github.com/ascential/am-stalkedbybean
+licenses:
+- BSD-3-Clause
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.3
+signing_key: 
+specification_version: 4
+summary: Command line utility to deploy Elixir apps to AWS using Elastic Beanstalk
+test_files: []