stax 0.0.1 → 0.0.2

data/lib/stax/mixin/ssh.rb

@@ -0,0 +1,52 @@
+## include this mixin in stack classes that need ssh to instances
+## and consider defining methods: ssh_options, before_ssh, after_ssh
+require 'stax/aws/ec2'
+
+module Stax
+  module Ssh
+    def self.included(thor)
+
+      ## stack class can define this
+      # def ssh_options
+      #   {
+      #     StrictHostKeyChecking: 'no',
+      #     UserKnownHostsFile: '/dev/null',
+      #   }
+      # end
+
+      ## IP address to ssh
+      def ssh_instances
+        Aws::Ec2.instances(stack_name).map(&:public_ip_address)
+      end
+
+      def ssh_options_format(opt)
+        opt.reject do |_,v|
+          v.nil?
+        end.map do |k,v|
+          "-o #{k}=#{v}"
+        end.join(' ')
+      end
+
+      def ssh_cmd(instances, cmd = [], opt = {})
+        c = cmd.join(' ')
+        o = ssh_options_format((try(:ssh_options) || {}).merge(opt))
+        instances.each do |i|
+          system "ssh #{o} #{i} #{c}"
+        end
+      end
+
+      thor.class_eval do
+
+        ## stack class can add before/after_ssh hooks
+        desc 'ssh [CMD]', 'ssh to ec2 instances'
+        def ssh(*cmd)
+          try(:before_ssh)
+          ssh_cmd(ssh_instances, cmd)
+        ensure
+          try(:after_ssh)
+        end
+
+      end
+    end
+  end
+end

data/lib/stax/mixin/ssm.rb

@@ -0,0 +1,137 @@
+require 'yaml'
+require 'stax/aws/ssm'
+
+module Stax
+  module Ssm
+
+    def self.included(thor)
+      thor.desc(:ssm, 'SSM subcommands')
+      thor.subcommand(:ssm, Cmd::Ssm)
+    end
+
+    def ssm_parameter_path
+      @_ssm_parameter_path ||= prepend('/', [app_name, branch_name, class_name].join('/'))
+    end
+
+    def ssm_parameter_name(name)
+      [ssm_parameter_path, name].join('/')
+    end
+
+    def ssm_parameter_put(name, value, opt = {})
+      Aws::Ssm.put(
+        {
+          name: ssm_parameter_name(name),
+          value: value,
+          type: :SecureString,
+          # key_id: options[:key],
+          overwrite: true,
+        }.merge(opt)
+      )
+    end
+
+    def ssm_parameter_get(name)
+      Aws::Ssm.get(names: [ssm_parameter_name(name)], with_decryption: true).first&.value
+    end
+
+    ## get a parameter from the store to a Tmpfile
+    def ssm_parameter_tmpfile(name)
+      Tempfile.new(stack_name).tap do |file|
+        file.write(ssm_parameter_get(name))
+        File.chmod(0400, file.path)
+        file.close
+      end
+    end
+
+    def ssm_parameter_delete(*names)
+      Aws::Ssm.delete(names: names.map { |name| ssm_parameter_name(name) })
+    end
+
+    ## run a command on stack instances
+    def ssm_run_shellscript(*cmd)
+      Aws::Ssm.run(
+        document_name: 'AWS-RunShellScript',
+        targets: [{key: 'tag:aws:cloudformation:stack-name', values: [stack_name]}],
+        parameters: {commands: cmd}
+      )&.command_id.tap(&method(:puts))
+    end
+  end
+
+  module Cmd
+    class Ssm < SubCommand
+
+      COLORS = {
+        Online:         :green,
+        ConnectionLost: :red,
+      }
+
+      desc 'instances', 'SSM instance agent information'
+      def instances
+        print_table Aws::Ssm.instances(my.stack_name).map { |i|
+          agent = set_color(i.agent_version, i.is_latest_version ? :green : :yellow)
+          [i.instance_id, color(i.ping_status, COLORS), i.last_ping_date_time, agent]
+        }
+      end
+
+      desc 'shellscript CMD', 'SSM run shell command'
+      def shellscript(*cmd)
+        my.ssm_run_shellscript(*cmd)
+      end
+
+      desc 'commands', 'list SSM commands'
+      def commands
+        print_table Aws::Ssm.commands.map { |c|
+          [
+            c.command_id,
+            c.document_name,
+            color(c.status, COLORS),
+            c.requested_date_time,
+            c.comment
+          ]
+        }
+      end
+
+      desc 'invocation [ID]', 'details for given/latest invocation'
+      def invocation(id = nil)
+        id ||= Aws::Ssm.commands.first.command_id
+        Aws::Ssm.invocation(id).each do |i|
+          puts YAML.dump(stringify_keys(i.to_hash))
+        end
+      end
+
+      desc 'parameters [PATH]', 'list parameters'
+      method_option :decrypt, aliases: '-d', type: :boolean, default: false, desc: 'decrypt and show values'
+      method_option :recurse, aliases: '-r', type: :boolean, default: false, desc: 'recurse path hierarchy'
+      def parameters(path = my.ssm_parameter_path)
+        fields = %i[name type]
+        fields << :value if options[:decrypt]
+        print_table Aws::Ssm.parameters(
+          path: path,
+          with_decryption: options[:decrypt],
+          recursive: options[:recurse],
+        ).map { |p| fields.map{ |f| p.send(f) } }
+      end
+
+      desc 'get NAME', 'get parameter'
+      def get(name)
+        puts my.ssm_parameter_get(name)
+      end
+
+      desc 'put NAME VALUE', 'put parameter'
+      method_option :type,                     type: :string,  default: :SecureString, desc: 'type of value'
+      method_option :key,                      type: :string,  default: nil,           desc: 'kms key'
+      method_option :overwrite, aliases: '-o', type: :boolean, default: false,         desc: 'overwrite existing'
+      def put(name, value)
+        my.ssm_parameter_put(name, value, type: options[:type], key_id: options[:key], overwrite: options[:overwrite])
+      rescue ::Aws::SSM::Errors::ParameterAlreadyExists => e
+        warn(e.message)
+      end
+
+      desc 'delete NAMES', 'delete parameters'
+      def delete(*names)
+        puts my.ssm_parameter_delete(*names)
+      end
+
+    end
+  end
+
+end

data/lib/stax/stack.rb

@@ -1,55 +1,39 @@
 module Stax
-  ## add a Stack subclass as a thor subcommand
-  def self.add_stack(name)
-    c = name.capitalize
-
-    ## create the class if it does not exist yet
-    klass = self.const_defined?(c) ? self.const_get(c) : self.const_set(c, Class.new(Stack))
-
-    ## create thor subcommand
-    Cli.desc(name, "control #{name} stack")
-    Cli.subcommand(name, klass)
-  end
-
   class Stack < Base
-    include Awful::Short
+
+    class_option :resources, type: :array,   default: nil,   desc: 'resources IDs to allow updates'
+    class_option :all,       type: :boolean, default: false, desc: 'DANGER: allow updates to all resources'
 
     no_commands do
       def class_name
-        @_class_name ||= self.class.to_s.split('::').last
+        @_class_name ||= self.class.to_s.split('::').last.downcase
       end
 
       def stack_name
-        @_stack_name ||= cfn_safe(stack_prefix + class_name.downcase)
+        @_stack_name ||= stack_prefix + class_name
       end
 
       def exists?
-        cf(:exists, [stack_name], quiet: true)
+        Cfn.exists?(stack_name)
       end
-    end
 
-    desc 'exists', 'test if stack exists'
-    def exists
-      puts exists?.to_s
-    end
+      def stack_status
+        Cfn.describe(stack_name).stack_status
+      end
 
-    desc 'resources', 'show resources for stack'
-    method_option :type,  aliases: '-t', type: :string, default: nil, desc: 'filter by resource type'
-    method_option :match, aliases: '-m', type: :string, default: nil, desc: 'filter by resource regex'
-    def resources
-      cf(:resources, [stack_name], options.merge(long: true))
-    end
+      def stack_notification_arns
+        Cfn.describe(stack_name).notification_arns
+      end
 
-    desc 'events', 'show all events for stack'
-    def events
-      cf(:events, [stack_name])
-    rescue Aws::CloudFormation::Errors::ValidationError => e
-      puts e.message
+      def resource(id)
+        Aws::Cfn.id(stack_name, id)
+      end
     end
 
-    desc 'outputs', 'show stack output'
-    def outputs
-      cf(:outputs, [stack_name])
+    desc 'exists', 'test if stack exists'
+    def exists
+      puts exists?
     end
+
   end
 end

data/lib/stax/stack/cfn.rb

@@ -0,0 +1,24 @@
+module Stax
+  class Stack < Base
+    include Aws
+
+    desc 'template', 'get template of existing stack from cloudformation'
+    method_option :pretty, type: :boolean, default: true, desc: 'format json output'
+    def template
+      Cfn.template(stack_name).tap { |t|
+        puts options[:pretty] ? JSON.pretty_generate(JSON.parse(t)) : t
+      }
+    end
+
+    desc 'events', 'show all events for stack'
+    method_option :number, aliases: '-n', type: :numeric, default: nil, desc: 'show n most recent events'
+    def events
+      print_table Cfn.events(stack_name).tap { |events|
+        events.replace(events.first(options[:number])) if options[:number]
+      }.reverse.map { |e|
+        [e.timestamp, color(e.resource_status, Cfn::COLORS), e.resource_type, e.logical_resource_id, e.resource_status_reason]
+      }
+    end
+
+  end
+end

data/lib/stax/stack/crud.rb

@@ -0,0 +1,92 @@
+module Stax
+  class Stack < Base
+
+    class_option :resources, type: :array,   default: nil,   desc: 'resources IDs to allow updates'
+    class_option :all,       type: :boolean, default: false, desc: 'DANGER: allow updates to all resources'
+
+    no_commands do
+      ## policy to lock the stack to all updates
+      def stack_policy
+        {
+          Statement: [
+            Effect:    'Deny',
+            Action:    'Update:*',
+            Principal: '*',
+            Resource:  '*'
+          ]
+        }
+      end
+
+      ## temporary policy during updates
+      def stack_policy_during_update
+        {
+          Statement: [
+            Effect:    'Allow',
+            Action:    'Update:*',
+            Principal: '*',
+            Resource:  stack_update_resources
+          ]
+        }
+      end
+
+      ## resources to unlock during update
+      def stack_update_resources
+        (options[:all] ? ['*'] : options[:resources]).map do |r|
+          "LogicalResourceId/#{r}"
+        end
+      end
+
+      ## cleanup sometimes needs to wait
+      def wait_for_delete(seconds = 5)
+        return unless exists?
+        debug("Waiting for #{stack_name} to delete")
+        loop do
+          sleep(seconds)
+          break unless exists?
+        end
+      end
+    end
+
+    desc 'create', 'create stack'
+    def create
+      fail_task("Stack #{stack_name} already exists") if exists?
+      debug("Creating stack #{stack_name}")
+      cfer_converge(stack_policy: stack_policy)
+    end
+
+    desc 'update', 'update stack'
+    def update
+      fail_task("Stack #{stack_name} does not exist") unless exists?
+      debug("Updating stack #{stack_name}")
+      cfer_converge(stack_policy_during_update: stack_policy_during_update)
+    end
+
+    desc 'delete', 'delete stack'
+    def delete
+      if yes? "Really delete stack #{stack_name}?", :yellow
+        Cfn.delete(stack_name)
+      end
+    rescue ::Aws::CloudFormation::Errors::ValidationError => e
+      fail_task(e.message)
+    end
+
+    desc 'tail', 'tail stack events'
+    def tail
+      cfer_tail
+    end
+
+    desc 'protection', 'show/set termination protection for stack'
+    method_option :enable,  aliases: '-e', type: :boolean, default: nil, desc: 'enable termination protection'
+    method_option :disable, aliases: '-d', type: :boolean, default: nil, desc: 'disable termination protection'
+    def protection
+      if options[:enable]
+        Cfn.protection(stack_name, true)
+      elsif options[:disable]
+        Cfn.protection(stack_name, false)
+      end
+      debug("Termination protection for #{stack_name}")
+      puts Cfn.describe(stack_name)&.enable_termination_protection
+    end
+
+  end
+end

data/lib/stax/stack/outputs.rb

@@ -0,0 +1,24 @@
+module Stax
+  class Stack < Base
+
+    no_commands do
+      def stack_outputs
+        @_stack_outputs ||= Cfn.outputs(stack_name)
+      end
+
+      def stack_output(key)
+        stack_outputs.fetch(key.to_s, nil)
+      end
+    end
+
+    desc 'outputs', 'show stack outputs'
+    def outputs(key = nil)
+      if key
+        puts stack_output(key)
+      else
+        print_table stack_outputs
+      end
+    end
+
+  end
+end

data/lib/stax/stack/parameters.rb

@@ -0,0 +1,24 @@
+module Stax
+  class Stack < Base
+
+    no_commands do
+      def stack_parameters
+        @_stack_parameters ||= Cfn.parameters(stack_name)
+      end
+
+      def stack_parameter(key)
+        stack_parameters.find do |p|
+          p.parameter_key == key.to_s
+        end&.parameter_value
+      end
+    end
+
+    desc 'parameters', 'show stack input parameters'
+    def parameters
+      print_table stack_parameters.each_with_object({}) { |p, h|
+        h[p.parameter_key] = p.parameter_value
+      }.sort
+    end
+
+  end
+end

data/lib/stax/stack/resources.rb

@@ -0,0 +1,35 @@
+module Stax
+  class Stack < Base
+
+    no_commands do
+      def stack_resources
+        @_stack_resources ||= Cfn.resources(stack_name)
+      end
+
+      def stack_resources_by_type(type)
+        stack_resources.select do |r|
+          r.resource_type == type
+        end
+      end
+    end
+
+    desc 'resources', 'list resources for this stack'
+    method_option :match, aliases: '-m', type: :string, default: nil, desc: 'filter by resource regex'
+    def resources
+      print_table stack_resources.tap { |resources|
+        if options[:match]
+          m = Regexp.new(options[:match], Regexp::IGNORECASE)
+          resources.select! { |r| m.match(r.resource_type) }
+        end
+      }.map { |r|
+        [r.logical_resource_id, r.resource_type, color(r.resource_status, Cfn::COLORS), r.physical_resource_id]
+      }
+    end
+
+    desc 'id [LOGICAL_ID]', 'get physical ID from resource logical ID'
+    def id(resource)
+      puts Cfn.id(stack_name, resource)
+    end
+
+  end
+end