sumomo 0.8.9 → 0.8.13

data/exe/sumomo

@@ -30,7 +30,7 @@ cmd_opts = case cmd
            when 'delete'
              Sumomo.delete_stack(name: ARGV[0], region: global_opts[:region])
 
-           when 'create', 'update'
+           when 'create'
              local_opts = Trollop.options do
                opt :filename, 'File that describes the stack', type: :string, default: 'Sumomofile'
              end
@@ -39,6 +39,16 @@ cmd_opts = case cmd
                eval File.read(local_opts[:filename]), proc.binding, local_opts[:filename]
              end
 
+           when 'update'
+             local_opts = Trollop.options do
+               opt :filename, 'File that describes the stack', type: :string, default: 'Sumomofile'
+               opt :changeset, 'Create a changeset instead of directly update', type: :boolean, default: false
+             end
+             Sumomo.update_stack(name: ARGV[0], changeset: !!local_opts[:changeset], region: global_opts[:region]) do
+               proc = proc {}
+               eval File.read(local_opts[:filename]), proc.binding, local_opts[:filename]
+             end
+
            when 'outputs'
              puts "Outputs for stack #{ARGV[0]}"
              puts Sumomo.get_stack_outputs(name: ARGV[0], region: global_opts[:region]).to_yaml
@@ -49,7 +59,7 @@ cmd_opts = case cmd
              key = JSON.parse(File.read('x.txt'))['value']
              File.write('key.pem', key)
              `chmod 0600 key.pem`
-             exec "ssh -i 'key.pem' ec2-user@#{ARGV[1]}"
+             exec "ssh -i 'key.pem' ec2-user@#{ARGV[1]} #{ARGV[2]}"
 
            when 'testapi'
              local_opts = Trollop.options do

data/lib/sumomo/api.rb

@@ -159,9 +159,45 @@ module Sumomo
       end
     end
 
-    def make_api(domain_name, name:, script: nil, dns: nil, cert: nil, with_statements: [], &block)
+    def make_api(
+        domain_name,
+        name:,
+        script: nil,
+        dns: nil,
+        cert: nil,
+        mtls_truststore: nil,
+        logging: true,
+        with_statements: [], &block)
+
       api = make 'AWS::ApiGateway::RestApi', name: name do
         Name name
+        DisableExecuteApiEndpoint true
+      end
+
+      if logging
+        cloudwatchRole = make 'AWS::IAM::Role', name: "#{name}LoggingRole" do
+          AssumeRolePolicyDocument do
+            Version "2012-10-17"
+            Statement [
+              {
+                "Effect" => "Allow",
+                "Principal" => {
+                  "Service" => [
+                    "apigateway.amazonaws.com"
+                  ]
+                },
+                "Action" => "sts:AssumeRole"
+              }
+            ]
+          end
+          Path '/'
+          ManagedPolicyArns [ "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs" ]
+        end
+
+        make 'AWS::ApiGateway::Account' do
+          depends_on api
+          CloudWatchRoleArn cloudwatchRole.Arn
+        end
       end
 
       script ||= File.read(File.join(Gem.loaded_specs['sumomo'].full_gem_path, 'data', 'sumomo', 'api_modules', 'real_script.js'))
@@ -183,7 +219,10 @@ module Sumomo
 
       files += [{ name: 'index.js', code: script }]
 
-      fun = make_lambda(name: "#{name}Lambda#{@version_number}", files: files, with_statements: with_statements)
+      fun = make_lambda(
+        name: "#{name}Lambda#{@version_number}",
+        files: files, 
+        role: custom_resource_exec_role(with_statements: with_statements) )
 
       resource = make 'AWS::ApiGateway::Resource', name: "#{name}Resource" do
         ParentId api.RootResourceId
@@ -230,18 +269,79 @@ module Sumomo
       stage = make 'AWS::ApiGateway::Stage', name: "#{name}Stage" do
         RestApiId api
         DeploymentId deployment
-        StageName 'test'
+
+        if logging
+          MethodSettings [ 
+            {
+              "ResourcePath" => "/*",
+              "HttpMethod" => "*",
+              "DataTraceEnabled" => true,
+              "LoggingLevel" => 'INFO'
+            }
+          ]
+        end
       end
 
       root_name = /(?<root_name>[^.]+\.[^.]+)$/.match(domain_name)[:root_name]
 
-      cert ||= make 'Custom::USEastCertificate', name: "#{name}Certificate" do
-        DomainName domain_name
+      certificate_completion = cert
+
+      bucket_name = @bucket_name
+      mtls = nil
+      if mtls_truststore
+        filename = "#{domain_name}.truststore.pem"
+        upload_file(filename, mtls_truststore)
+        truststore_uri = "s3://#{bucket_name}/uploads/#{filename}"
+        mtls = {
+          "TruststoreUri" => truststore_uri
+        }
       end
 
-      domain = make 'Custom::APIDomainName', name: "#{name}DomainName" do
+      if cert.nil?
+        cert = make 'Custom::ACMCertificate', name: "#{name}Certificate" do
+          DomainName domain_name
+          ValidationMethod 'DNS' if dns[:type] == :route53
+          RegionOverride 'us-east-1' if !mtls
+        end
+
+        certificate_completion = cert
+
+        if dns[:type] == :route53
+          make 'AWS::Route53::RecordSet', name: "#{name}CertificateRoute53Entry" do
+            HostedZoneId dns[:hosted_zone]
+            Name cert.RecordName
+            Type cert.RecordType
+            TTL 60
+            ResourceRecords [cert.RecordValue]
+          end
+
+          cert_waiter = make 'Custom::ACMCertificateWaiter', name: "#{name}CertificateWaiter" do
+            Certificate cert
+            RegionOverride 'us-east-1' if !mtls
+          end
+
+          certificate_completion = cert_waiter
+        end
+      end
+
+      domain = make 'AWS::ApiGateway::DomainName', name: "#{name}DomainName" do
+        depends_on certificate_completion
+
         DomainName domain_name
-        CertificateArn cert
+
+        if mtls != nil
+          RegionalCertificateArn cert
+          MutualTlsAuthentication mtls
+          SecurityPolicy 'TLS_1_2'
+          EndpointConfiguration do
+            Types [ 'REGIONAL' ]
+          end
+        else
+          CertificateArn cert
+          EndpointConfiguration do
+            Types [ 'EDGE' ]
+          end
+        end
       end
 
       make 'AWS::ApiGateway::BasePathMapping', name: "#{name}BasePathMapping" do
@@ -264,8 +364,19 @@ module Sumomo
         make 'AWS::Route53::RecordSet', name: "#{name}Route53Entry" do
           HostedZoneId dns[:hosted_zone]
           Name domain_name
-          Type 'CNAME'
-          ResourceRecords [call('Fn::Join', '', [api, '.execute-api.', ref('AWS::Region'), '.amazonaws.com'])]
+
+          if mtls != nil
+            Type 'A'
+            AliasTarget do
+              DNSName domain.RegionalDomainName
+              HostedZoneId domain.RegionalHostedZoneId
+            end
+          else
+            Type 'A'
+            AliasTarget do
+              DNSName domain.DistributionDomainName
+              HostedZoneId domain.DistributionHostedZoneId
+            end          end
         end
         domain_name
       else

data/lib/sumomo/ec2.rb

@@ -254,6 +254,7 @@ module Sumomo
       has_public_ips: true,
       ingress: nil,
       egress: nil,
+      security_groups: [],
       machine_tag: nil,
       ec2_sns_arn: nil,
       ami_name: nil,
@@ -297,10 +298,12 @@ module Sumomo
 
       bucket_name = @bucket_name
 
-      script += "\n#{task_script}\n"
+      script_arr = [script]
+
+      script_arr << task_script
 
       if ecs_cluster
-        script += <<~ECS_START
+        script_arr << <<~ECS_START
 
           yum update
           yum groupinstall "Development Tools"
@@ -318,12 +321,12 @@ module Sumomo
       end
 
       if eip
-        script += <<~EIP_ALLOCATE
+        script_arr << <<~EIP_ALLOCATE
           aws ec2 associate-address --region `cat /etc/aws_region` --instance-id `curl http://169.254.169.254/latest/meta-data/instance-id` --allocation-id `cat /etc/eip_allocation_id`
         EIP_ALLOCATE
       end
 
-      script += "\nservice spot-watcher start" if spot_price && ec2_sns_arn
+      script_arr << "service spot-watcher start" if(spot_price && ec2_sns_arn)
 
       unless ingress.is_a? Array
         raise 'ec2: ingress option needs to be an array'
@@ -339,7 +342,7 @@ module Sumomo
 
       wait_handle = make 'AWS::CloudFormation::WaitConditionHandle'
 
-      user_data = initscript(wait_handle, name, script)
+      user_data = initscript(wait_handle, name, call('Fn::Join', "\n", script_arr))
 
       role_policy_doc = {
         'Version' => '2012-10-17',
@@ -407,7 +410,7 @@ module Sumomo
       launch_config = make 'AWS::AutoScaling::LaunchConfiguration' do
         AssociatePublicIpAddress has_public_ips
         KeyName keypair
-        SecurityGroups [web_sec_group]
+        SecurityGroups [web_sec_group] + security_groups
         ImageId ami_name
         UserData user_data
         InstanceType type

data/lib/sumomo/stack.rb

@@ -23,7 +23,7 @@ module Sumomo
                     description: "Lambda Function in #{@bucket_name}",
                     function_key: "cloudformation/lambda/function_#{name}",
                     handler: 'index.handler',
-                    runtime: 'nodejs10.x',
+                    runtime: 'nodejs14.x',
                     memory_size: 128,
                     timeout: 30,
                     role: nil)

data/lib/sumomo/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Sumomo
-  VERSION = '0.8.9'
+  VERSION = '0.8.13'
 end

data/lib/sumomo.rb

@@ -26,7 +26,17 @@ module Sumomo
     "cloudformation/#{make_master_key_name(name: name)}.pem"
   end
 
-  def self.update_stack(name:, region:, sns_arn: nil, &block)
+  def self.create_stack(name:, region:, sns_arn: nil, &block)
+    cf = Aws::CloudFormation::Client.new(region: region)
+    begin
+      cf.describe_stacks(stack_name: name)
+      raise "There is already a stack named '#{name}'"
+    rescue Aws::CloudFormation::Errors::ValidationError
+      update_stack(name: name, region: region, sns_arn: sns_arn, &block)
+    end
+  end
+
+  def self.update_stack(name:, region:, sns_arn: nil, changeset: false, &block)
     cf = Aws::CloudFormation::Client.new(region: region)
     s3 = Aws::S3::Client.new(region: region)
     ec2 = Aws::EC2::Client.new(region: region)
@@ -107,11 +117,20 @@ module Sumomo
       stack_name: name,
       template_url: store.url('cloudformation/template'),
       parameters: hidden_values,
+      disable_rollback: true,
       capabilities: ['CAPABILITY_IAM']
     }
 
     begin
-      cf.update_stack(update_options)
+      if changeset
+        cf.create_change_set(
+          **update_options,
+          change_set_name: "Change#{curtimestr}"
+        )
+      else
+        cf.update_stack(update_options)
+      end
+
     rescue StandardError => e
       if e.message.end_with? 'does not exist'
         update_options[:timeout_in_minutes] = @timeout if @timeout
@@ -124,6 +143,10 @@ module Sumomo
     end
   end
 
+  def self.curtimestr
+    Time.now.strftime('%Y%m%d%H%M%S')
+  end
+
   def self.wait_for_stack(name:, region:)
     cf = Aws::CloudFormation::Client.new(region: region)
 
@@ -187,7 +210,14 @@ module Sumomo
       instance_eval(&block)
     end
 
-    def make_api(_domain_name, name:, script: nil, dns: nil, cert: nil, with_statements: [], &block)
+    def make_api(_domain_name,
+      name:, script: nil,
+      dns: nil,
+      mtls_truststore: nil,
+      cert: nil,
+      with_statements: [], &block)
+
+      # we ignore mtls_truststore here
       @apis[name] = block
     end
 
@@ -249,6 +279,4 @@ module Sumomo
 
     map
   end
-
-  singleton_class.send(:alias_method, :create_stack, :update_stack)
 end

data/sumomo.gemspec

@@ -27,15 +27,17 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_development_dependency 'bundler', '~> 1.11'
-  spec.add_development_dependency 'rake', '~> 10.0'
-  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec'
 
   spec.add_dependency 'activesupport'
-  spec.add_dependency 'aws-sdk', '~> 2'
+  spec.add_dependency 'aws-sdk', '~> 3'
+  spec.add_dependency 'ox'
   spec.add_dependency 'hashie'
   spec.add_dependency 'momo', '0.4.1'
   spec.add_dependency 'rubyzip'
   spec.add_dependency 's3cabinet'
   spec.add_dependency 'trollop'
+  spec.add_dependency 'webrick'
 end