sumomo 0.8.22 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1ca6682714d521c07d70bb0dfd270897a53389ecd2b53f7581a260841e0c170c
-  data.tar.gz: b43744c1f57eb638db6d7d3199e7542279f532e08603a9c6b753d266d6c76793
+  metadata.gz: 346a647def575daedb5dc3e3eba04a73024c441be3ae92740cf9edb668992e44
+  data.tar.gz: 379cbf589f7ace6b8da717054ab71754604ed6b863808aadf3b6996a18df292f
 SHA512:
-  metadata.gz: 7b3b1e2abb745a50ba2f245a2dda925d15ac15842abe8e57f1343edffd1e8bc7d59bb9403741d201e794640addab6bf6edc7b7c83d44b625041589134d4ff5f1
-  data.tar.gz: f12ad5cafa9f2963fcd0f9718b47b0be4ba522952a2c960511cde6ba57bc5ebcb1039136545b395901e3066e8a1e2b3333b74d5a8c61b97ab8fd2bc5fa9d3885
+  metadata.gz: a0cd59b9b12bf2ec4e1b968f37962c505e9c9e6b7e47ed8846ad7af3737c162f5947bd4e01bfa1cdddfd4d347c378803db10c25ceadf56c5d7d31e0cecbe6b26
+  data.tar.gz: ed8757d5ca20a22791c1ded35a453ffd00f51260e6f5a96fb38adc9cc55df4617d30dbfa4a83bad353d2758bdc1232f51183e1bdbf09591c6142f6e92d98ff84

data/README.md

@@ -40,19 +40,28 @@ output "Haha", x
 
 To create a stack that acquires an IP Address and outputs it
 
-	$ sumomo create mystack
+    $ sumomo create mystack
 
 To view a stack's outputs
 
-	$ sumomo outputs mystack
+    $ sumomo outputs mystack
 
 To update a stack
 
-	$ sumomo update mystack
+    $ sumomo update mystack
 
 To delete a stack
 
-	$ sumomo delete mystack
+    $ sumomo delete mystack
+
+To view what changes your stuff will cause to your stack
+
+    $ sumomo diff mystack
+
+To see the raw cloudformation template
+
+    $ sumomo show mystack
+
 
 ## Library Usage
 

data/data/sumomo/custom_resources/TempS3Bucket.js

@@ -2,6 +2,7 @@ var s3 = new aws.S3();
 var name = request.ResourceProperties.BucketName;
 var copy_from_dir = request.ResourceProperties.CopyFromDirectory;
 var copy_from_bucket = request.ResourceProperties.CopyFromBucket;
+var disable_acl = request.ResourceProperties.DisableACL;
 var success_obj = {
   Arn: "arn:aws:s3:::" + name,
   DomainName: name + ".s3-" + request.ResourceProperties.Region + ".amazonaws.com"
@@ -72,6 +73,38 @@ function copy_files(success, fail)
   );
 }
 
+function apply_ownership_policy(name, success, fail)
+{
+  if (disable_acl)
+  {
+    // ACL is disabled by default, so we simply skip this step.
+    return copy_files(success, fail);
+  }
+
+  var params = {
+    Bucket: name,
+    OwnershipControls: {
+      Rules: [
+        {
+          ObjectOwnership: "BucketOwnerPreferred"
+        }
+      ]
+    }
+  };
+
+  s3.putBucketOwnershipControls(params, function(err, data)
+  {
+    if (err)
+    {
+      fail(err);
+    }
+    else
+    {
+      copy_files(success, fail);
+    }
+  });
+}
+
 function create_bucket(name, success, fail)
 {
   var create_params = {
@@ -89,7 +122,7 @@ function create_bucket(name, success, fail)
     }
     else
     {
-      copy_files(success, fail);
+      apply_ownership_policy(name, success, fail);
     }
   });
 }

data/exe/sumomo

@@ -5,12 +5,12 @@ require 'trollop'
 require 'sumomo'
 require 'yaml'
 
-SUB_COMMANDS = %w[delete create update outputs testapi].freeze
+SUB_COMMANDS = %w[delete create update outputs show diff testapi].freeze
 global_opts = Trollop.options do
   banner <<-USAGE
   Sumomo v#{Sumomo::VERSION}
 
-  Usage: sumomo [options] <create|update|delete|outputs> <stackname>
+  Usage: sumomo [options] <#{SUB_COMMANDS.join('|')}> <stackname>
   USAGE
 
   opt :region, 'AWS region to use', type: :string, default: 'ap-northeast-1'
@@ -30,21 +30,12 @@ cmd_opts = case cmd
            when 'delete'
              Sumomo.delete_stack(name: ARGV[0], region: global_opts[:region])
 
-           when 'create'
-             local_opts = Trollop.options do
-               opt :filename, 'File that describes the stack', type: :string, default: 'Sumomofile'
-             end
-             Sumomo.create_stack(name: ARGV[0], region: global_opts[:region]) do
-               proc = proc {}
-               eval File.read(local_opts[:filename]), proc.binding, local_opts[:filename]
-             end
-
-           when 'update'
+           when 'create', 'update', 'show', 'diff'
              local_opts = Trollop.options do
                opt :filename, 'File that describes the stack', type: :string, default: 'Sumomofile'
                opt :changeset, 'Create a changeset instead of directly update', type: :boolean, default: false
              end
-             Sumomo.update_stack(name: ARGV[0], changeset: !!local_opts[:changeset], region: global_opts[:region]) do
+             Sumomo.manage_stack(name: ARGV[0], cmd: cmd, changeset: !!local_opts[:changeset], region: global_opts[:region]) do
                proc = proc {}
                eval File.read(local_opts[:filename]), proc.binding, local_opts[:filename]
              end
@@ -80,4 +71,6 @@ cmd_opts = case cmd
              Trollop.die "Unknown subcommand #{cmd.inspect}"
 end
 
-Sumomo.wait_for_stack(name: ARGV[0], region: global_opts[:region])
+unless %w[show diff].include?(cmd)
+  Sumomo.wait_for_stack(name: ARGV[0], region: global_opts[:region])
+end

data/lib/sumomo/ec2.rb

@@ -277,7 +277,7 @@ module Sumomo
         @ami_lookup_resources ||= {}
 
         unless @ami_lookup_resources[type]
-          @ami_lookup_resources[type] = make 'Custom::AMILookup' do
+          @ami_lookup_resources[type] = make 'Custom::AMILookup', name: "#{name}AmiLookup" do
             InstanceType type
           end
         end
@@ -335,14 +335,14 @@ module Sumomo
        end
       raise 'ec2: egress option needs to be an array' unless egress.is_a? Array
 
-      web_sec_group = make 'AWS::EC2::SecurityGroup' do
+      web_sec_group = make 'AWS::EC2::SecurityGroup', name: "#{name}SecurityGroup" do
         GroupDescription "Security group for layer: #{layer}"
         SecurityGroupIngress ingress
         SecurityGroupEgress egress
         VpcId network.vpc
       end
 
-      wait_handle = make 'AWS::CloudFormation::WaitConditionHandle'
+      wait_handle = make 'AWS::CloudFormation::WaitConditionHandle', name: "#{name}WaitConditionHandle"
 
       user_data = initscript(wait_handle, name, call('Fn::Join', "\n", script_arr))
 
@@ -355,7 +355,7 @@ module Sumomo
         }]
       }
 
-      asg_role = make 'AWS::IAM::Role' do
+      asg_role = make 'AWS::IAM::Role', name: "#{name}Role" do
         AssumeRolePolicyDocument role_policy_doc
         Path '/'
         Policies [{
@@ -404,12 +404,12 @@ module Sumomo
         }]
       end
 
-      asg_profile = make 'AWS::IAM::InstanceProfile' do
+      asg_profile = make 'AWS::IAM::InstanceProfile', name: "#{name}InstanceProfile" do
         Path '/'
         Roles [asg_role]
       end
 
-      launch_config = make 'AWS::AutoScaling::LaunchConfiguration' do
+      launch_config = make 'AWS::AutoScaling::LaunchConfiguration', name: "#{name}LaunchConfiguration" do
         AssociatePublicIpAddress has_public_ips
         KeyName keypair
         SecurityGroups [web_sec_group] + security_groups

data/lib/sumomo/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Sumomo
-  VERSION = '0.8.22'
+  VERSION = '0.10.0'
 end

data/lib/sumomo.rb

@@ -26,17 +26,7 @@ module Sumomo
     "cloudformation/#{make_master_key_name(name: name)}.pem"
   end
 
-  def self.create_stack(name:, region:, sns_arn: nil, &block)
-    cf = Aws::CloudFormation::Client.new(region: region)
-    begin
-      cf.describe_stacks(stack_name: name)
-      raise "There is already a stack named '#{name}'"
-    rescue Aws::CloudFormation::Errors::ValidationError
-      update_stack(name: name, region: region, sns_arn: sns_arn, &block)
-    end
-  end
-
-  def self.update_stack(name:, region:, sns_arn: nil, changeset: false, &block)
+  def self.manage_stack(name:, region:, cmd:'update', sns_arn: nil, changeset: false, &block)
     cf = Aws::CloudFormation::Client.new(region: region)
     s3 = Aws::S3::Client.new(region: region)
     ec2 = Aws::EC2::Client.new(region: region)
@@ -107,9 +97,66 @@ module Sumomo
       hidden_values = @hidden_values
     end.templatize
 
-    # TODO: if the template is too big, split it into nested templates
+    templatedata = JSON.parse(template)
+
+    if cmd == 'show'
+      puts templatedata.to_yaml
+      return
+    end
+
+    if cmd == 'diff'
+      store.set_raw('cloudformation/temporary_template', template)
+      update_options = {
+        stack_name: name,
+        template_url: store.url('cloudformation/temporary_template'),
+        parameters: hidden_values,
+        capabilities: ['CAPABILITY_IAM', 'CAPABILITY_NAMED_IAM']
+      }
+
+      change_set_name = "CanaryChange#{curtimestr}"
+
+      puts "Create change set"
+
+      cf.create_change_set(
+        **update_options,
+        change_set_name: change_set_name
+      )
+
+      resp = nil
+
+      puts "Wait for change set"
+
+      loop do
+        sleep 5
+        resp = cf.describe_change_set({
+          change_set_name: change_set_name,
+          stack_name: name
+        })
+        puts "#{change_set_name} #{resp.status}"
+
+        break unless resp.status.end_with? 'IN_PROGRESS'
+      end
+
+      puts "Cleaning up..."
+
+      cf.delete_change_set({
+        change_set_name: change_set_name,
+        stack_name: name,
+      })
+
+      puts 'Change list'
+
+      clist = process_changeset_response(resp)
+      drifts = get_drifts(templatedata, cf, name)
 
-    # puts JSON.parse(template).to_yaml
+      # puts clist.to_yaml
+      # puts drifts.to_yaml
+      puts humanize_changeset_response(clist, drifts, templatedata).to_yaml
+
+      return
+    end
+
+    # TODO: if the template is too big, split it into nested templates
 
     store.set_raw('cloudformation/template', template)
 
@@ -144,6 +191,137 @@ module Sumomo
     end
   end
 
+  def self.get_drifts(templatedata, cf, stack_name)
+    drifts = {}
+
+    templatedata['Resources'].each do |k,info|
+      puts "detect drift for #{k}"
+
+      rd = cf.detect_stack_resource_drift({
+        stack_name: stack_name, # required
+        logical_resource_id: k, # required
+      })
+
+      diffinfo = {}
+      differences = []
+
+      rd.stack_resource_drift.property_differences.each do |pd|
+        res = {}
+
+        %w[property_path expected_value actual_value difference_type].each do |att|
+          res[att] = pd.send(att.to_sym)
+        end
+
+        differences << res
+      end
+
+      %w[resource_type expected_properties actual_properties stack_resource_drift_status].each do |key|
+        diffinfo[key] = rd.stack_resource_drift.send(key.to_sym)
+      end
+
+      diffinfo['differences'] = differences
+
+      drifts[k] = diffinfo
+
+    rescue Aws::CloudFormation::Errors::ValidationError => e
+      drifts[k] = {
+        "exception" => e.message
+      }
+
+    end
+
+    drifts
+  end
+
+  def self.process_changeset_response(resp)
+    result = {}
+
+    resp.changes.each do |change|
+      info = {}
+
+      %w[action physical_resource_id resource_type replacement].each do |k|
+        info[k] = change.resource_change.send(k.to_sym)
+      end
+
+      details = []
+
+      change.resource_change.details.each do |detail|
+
+        detailinfo = {}
+
+        %w[attribute name requires_recreation].each do |k|
+          detailinfo[k] = detail.target.send(k.to_sym)
+        end
+
+        %w[evaluation change_source causing_entity].each do |k|
+          detailinfo[k] = detail.send(k.to_sym)
+        end
+
+        details << detailinfo
+      end
+
+      info['details'] = details
+
+      result[change.resource_change.logical_resource_id] = info
+    end
+
+    result
+  end
+
+  def self.humanize_changeset_response(clist, drifts, templatedata)
+    # refs
+    # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CloudFormation/Types/ResourceChange.html
+    # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CloudFormation/Types/ResourceTargetDefinition.html
+
+    result = {}
+
+    clist.each do |k,info|
+
+      if info['action'] == 'Modify'
+
+        z = if info['replacement'] != 'False'
+          result['Replace'] ||= {}
+        else
+          result['Modify'] ||= {}
+        end
+
+        z[k] = {}
+
+        info['details'].each do |detail|
+
+          propname = detail['attribute'] 
+          if detail['attribute'] == 'Properties'
+            propname = detail['name']
+          end
+
+          fr = templatedata['Resources'][k]
+          tr = drifts[k]
+
+          fromprops = fr['Properties']
+          toprops = {}
+
+          if tr['actual_properties']
+            toprops = JSON.parse(tr['actual_properties'])
+          end
+
+
+          z[k][propname] = {
+            'From' => toprops[propname],
+            'To' => fromprops[propname]
+          }
+        end
+      else
+        z = result[info['action']] ||= {}
+
+        z[k] = {}
+      end
+
+    end
+
+    result
+
+  end
+
   def self.curtimestr
     Time.now.strftime('%Y%m%d%H%M%S')
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sumomo
 version: !ruby/object:Gem::Version
-  version: 0.8.22
+  version: 0.10.0
 platform: ruby
 authors:
 - David Siaw
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-12-20 00:00:00.000000000 Z
+date: 2023-06-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler