sumomo 0.9.0 → 0.10.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '073782fdfbe69977c7593b76415797b035764772302b35c50ccf69533324c875'
-  data.tar.gz: 1efbe5244de1bf4cd3c8ff6faf18a3b3bbda9b4137297c1ba6d1349553ea60a9
+  metadata.gz: 3f4f67797a004db69b413bc1abd72dd8d26a289847a1ec6943d4b84d3ec2e034
+  data.tar.gz: b28799dfccbebbcb03f3a96af34f383bd94d2ec979c405e354ea36164f11ab88
 SHA512:
-  metadata.gz: 9ee43afb24863f75a9d421d116e696e410ad90c2cdb15e1bd353c05bcde3d6ef08a69055ede03b3ad62f87c0483196a643029839afe255266292d7a5371957b1
-  data.tar.gz: 92f385cc371f99e5201540d9fecc75f6a66ced34b75d3c397bbc85706c1ab00d72e25651d56d30402549994ad4fb6f3b6d4f03df9edcfb0f4c794af036d9f5f9
+  metadata.gz: e4ca377095ae8386d059a35f32efc6c7f57696dd1457301beeee36e6734d437c1cb1b09f1ff4263f9d3d01d517d6bc0aa42e9377c9c0a653e02325e2c7bf6e7c
+  data.tar.gz: 131bf090f8161b6ebe07ddd0eefb304e34426a7aca4c19eb4215111d9b61641977a73ba27baac471f81c6abc6fa6a908bb3438b5c06ca9230a209a3918ae5bd4

data/README.md

@@ -40,19 +40,28 @@ output "Haha", x
 
 To create a stack that acquires an IP Address and outputs it
 
-	$ sumomo create mystack
+    $ sumomo create mystack
 
 To view a stack's outputs
 
-	$ sumomo outputs mystack
+    $ sumomo outputs mystack
 
 To update a stack
 
-	$ sumomo update mystack
+    $ sumomo update mystack
 
 To delete a stack
 
-	$ sumomo delete mystack
+    $ sumomo delete mystack
+
+To view what changes your stuff will cause to your stack
+
+    $ sumomo diff mystack
+
+To see the raw cloudformation template
+
+    $ sumomo show mystack
+
 
 ## Library Usage
 

data/data/sumomo/custom_resources/TempS3Bucket.js

@@ -2,6 +2,7 @@ var s3 = new aws.S3();
 var name = request.ResourceProperties.BucketName;
 var copy_from_dir = request.ResourceProperties.CopyFromDirectory;
 var copy_from_bucket = request.ResourceProperties.CopyFromBucket;
+var disable_acl = request.ResourceProperties.DisableACL;
 var success_obj = {
   Arn: "arn:aws:s3:::" + name,
   DomainName: name + ".s3-" + request.ResourceProperties.Region + ".amazonaws.com"
@@ -72,6 +73,38 @@ function copy_files(success, fail)
   );
 }
 
+function apply_ownership_policy(name, success, fail)
+{
+  if (disable_acl)
+  {
+    // ACL is disabled by default, so we simply skip this step.
+    return copy_files(success, fail);
+  }
+
+  var params = {
+    Bucket: name,
+    OwnershipControls: {
+      Rules: [
+        {
+          ObjectOwnership: "BucketOwnerPreferred"
+        }
+      ]
+    }
+  };
+
+  s3.putBucketOwnershipControls(params, function(err, data)
+  {
+    if (err)
+    {
+      fail(err);
+    }
+    else
+    {
+      copy_files(success, fail);
+    }
+  });
+}
+
 function create_bucket(name, success, fail)
 {
   var create_params = {
@@ -89,7 +122,7 @@ function create_bucket(name, success, fail)
     }
     else
     {
-      copy_files(success, fail);
+      apply_ownership_policy(name, success, fail);
     }
   });
 }

data/exe/sumomo

@@ -1,16 +1,16 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
 
-require 'trollop'
+require 'optimist'
 require 'sumomo'
 require 'yaml'
 
-SUB_COMMANDS = %w[delete create update outputs testapi].freeze
-global_opts = Trollop.options do
+SUB_COMMANDS = %w[delete create update outputs show diff testapi].freeze
+global_opts = Optimist.options do
   banner <<-USAGE
   Sumomo v#{Sumomo::VERSION}
 
-  Usage: sumomo [options] <create|update|delete|outputs> <stackname>
+  Usage: sumomo [options] <#{SUB_COMMANDS.join('|')}> <stackname>
   USAGE
 
   opt :region, 'AWS region to use', type: :string, default: 'ap-northeast-1'
@@ -26,58 +26,69 @@ p ENV['AWS_PROFILE']
 
 cmd = ARGV.shift # get the subcommand
 
-cmd_opts = case cmd
-           when 'delete'
-             Sumomo.delete_stack(name: ARGV[0], region: global_opts[:region])
-
-           when 'create'
-             local_opts = Trollop.options do
-               opt :filename, 'File that describes the stack', type: :string, default: 'Sumomofile'
-             end
-             Sumomo.create_stack(name: ARGV[0], region: global_opts[:region]) do
-               proc = proc {}
-               eval File.read(local_opts[:filename]), proc.binding, local_opts[:filename]
-             end
-
-           when 'update'
-             local_opts = Trollop.options do
-               opt :filename, 'File that describes the stack', type: :string, default: 'Sumomofile'
-               opt :changeset, 'Create a changeset instead of directly update', type: :boolean, default: false
-             end
-             Sumomo.update_stack(name: ARGV[0], changeset: !!local_opts[:changeset], region: global_opts[:region]) do
-               proc = proc {}
-               eval File.read(local_opts[:filename]), proc.binding, local_opts[:filename]
-             end
-
-           when 'outputs'
-             puts "Outputs for stack #{ARGV[0]}"
-             puts Sumomo.get_stack_outputs(name: ARGV[0], region: global_opts[:region]).to_yaml
-
-           when 'login'
-             puts "Login to stack #{ARGV[0]} instance at #{ARGV[1]}"
-             `aws s3 cp s3://#{ARGV[0]}/cloudformation/#{ARGV[0]}_master_key.pem x.txt`
-             key = JSON.parse(File.read('x.txt'))['value'].
-              gsub('-----BEGIN RSA PRIVATE KEY----- ', "-----BEGIN RSA PRIVATE KEY-----\n").
-              gsub(' -----END RSA PRIVATE KEY-----', "\n-----END RSA PRIVATE KEY-----").
-              gsub(/(.{64}) /, "\\1\n")
-             File.write('key.pem', key)
-             `chmod 0600 key.pem`
-             exec "ssh -i 'key.pem' ec2-user@#{ARGV[1]} #{ARGV[2]}"
-
-           when 'testapi'
-             local_opts = Trollop.options do
-               opt :filename, 'File that describes the stack', type: :string, default: 'Sumomofile'
-               opt :apiname, 'Name of the API you want to test', type: :string
-               opt :prettyprint, 'Test API outputs JSON with nice indentation', type: :boolean, default: true
-             end
-             puts 'API Test Mode'
-             Sumomo.test_api(local_opts[:apiname], local_opts[:prettyprint]) do
-               proc = proc {}
-               eval File.read(local_opts[:filename]), proc.binding, local_opts[:filename]
-             end
-             exit(0)
-           else
-             Trollop.die "Unknown subcommand #{cmd.inspect}"
+case cmd
+  when 'delete'
+    Sumomo.delete_stack(name: ARGV[0], region: global_opts[:region])
+
+  when 'rollback'
+    Sumomo.rollback_stack(name: ARGV[0], region: global_opts[:region])
+
+  when 'create', 'update', 'show', 'diff'
+    local_opts = Optimist.options do
+      opt :filename, 'File that describes the stack', type: :string, default: 'Sumomofile'
+      opt :changeset, 'Create a changeset instead of directly update', type: :boolean, default: false
+      opt :rollback, 'Specify whether or not to rollback. Allowed values are [enable, disable]', type: :string, default: 'unspecified'
+    end
+
+    changeset = !!local_opts[:changeset]
+    rollback = local_opts[:rollback].to_sym
+
+    if rollback == :disable && local_opts[:changeset] == false
+      Optimist.die "Rollback cannot be set to disable when changeset is set to false, because we will end up in an update-failed state"
+    end
+
+    Sumomo.manage_stack(
+      name: ARGV[0], 
+      cmd: cmd, 
+      changeset: changeset, 
+      region: global_opts[:region],
+      rollback: rollback) do
+
+      proc = proc {}
+      eval File.read(local_opts[:filename]), proc.binding, local_opts[:filename]
+    end
+
+  when 'outputs'
+    puts "Outputs for stack #{ARGV[0]}"
+    puts Sumomo.get_stack_outputs(name: ARGV[0], region: global_opts[:region]).to_yaml
+
+  when 'login'
+    puts "Login to stack #{ARGV[0]} instance at #{ARGV[1]}"
+      `aws s3 cp s3://#{ARGV[0]}/cloudformation/#{ARGV[0]}_master_key.pem x.txt`
+    key = JSON.parse(File.read('x.txt'))['value'].
+      gsub('-----BEGIN RSA PRIVATE KEY----- ', "-----BEGIN RSA PRIVATE KEY-----\n").
+      gsub(' -----END RSA PRIVATE KEY-----', "\n-----END RSA PRIVATE KEY-----").
+      gsub(/(.{64}) /, "\\1\n")
+    File.write('key.pem', key)
+    `chmod 0600 key.pem`
+    exec "ssh -i 'key.pem' ec2-user@#{ARGV[1]} #{ARGV[2]}"
+
+  when 'testapi'
+    local_opts = Optimist.options do
+      opt :filename, 'File that describes the stack', type: :string, default: 'Sumomofile'
+      opt :apiname, 'Name of the API you want to test', type: :string
+      opt :prettyprint, 'Test API outputs JSON with nice indentation', type: :boolean, default: true
+    end
+    puts 'API Test Mode'
+    Sumomo.test_api(local_opts[:apiname], local_opts[:prettyprint]) do
+      proc = proc {}
+      eval File.read(local_opts[:filename]), proc.binding, local_opts[:filename]
+    end
+    exit(0)
+  else
+    Optimist.die "Unknown subcommand #{cmd.inspect}"
 end
 
-Sumomo.wait_for_stack(name: ARGV[0], region: global_opts[:region])
+unless %w[show diff].include?(cmd)
+  Sumomo.wait_for_stack(name: ARGV[0], region: global_opts[:region])
+end

data/lib/sumomo/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Sumomo
-  VERSION = '0.9.0'
+  VERSION = '0.10.1'
 end

data/lib/sumomo.rb

@@ -26,17 +26,14 @@ module Sumomo
     "cloudformation/#{make_master_key_name(name: name)}.pem"
   end
 
-  def self.create_stack(name:, region:, sns_arn: nil, &block)
-    cf = Aws::CloudFormation::Client.new(region: region)
-    begin
-      cf.describe_stacks(stack_name: name)
-      raise "There is already a stack named '#{name}'"
-    rescue Aws::CloudFormation::Errors::ValidationError
-      update_stack(name: name, region: region, sns_arn: sns_arn, &block)
-    end
-  end
+  def self.manage_stack(
+    name:, 
+    region:, 
+    cmd:'update', 
+    sns_arn: nil, 
+    rollback: :unspecified, 
+    changeset: false, &block)
 
-  def self.update_stack(name:, region:, sns_arn: nil, changeset: false, &block)
     cf = Aws::CloudFormation::Client.new(region: region)
     s3 = Aws::S3::Client.new(region: region)
     ec2 = Aws::EC2::Client.new(region: region)
@@ -107,9 +104,66 @@ module Sumomo
       hidden_values = @hidden_values
     end.templatize
 
-    # TODO: if the template is too big, split it into nested templates
+    templatedata = JSON.parse(template)
+
+    if cmd == 'show'
+      puts templatedata.to_yaml
+      return
+    end
+
+    if cmd == 'diff'
+      store.set_raw('cloudformation/temporary_template', template)
+      update_options = {
+        stack_name: name,
+        template_url: store.url('cloudformation/temporary_template'),
+        parameters: hidden_values,
+        capabilities: ['CAPABILITY_IAM', 'CAPABILITY_NAMED_IAM']
+      }
+
+      change_set_name = "CanaryChange#{curtimestr}"
+
+      puts "Create change set"
+
+      cf.create_change_set(
+        **update_options,
+        change_set_name: change_set_name
+      )
+
+      resp = nil
+
+      puts "Wait for change set"
+
+      loop do
+        sleep 5
+        resp = cf.describe_change_set({
+          change_set_name: change_set_name,
+          stack_name: name
+        })
+        puts "#{change_set_name} #{resp.status}"
+
+        break unless resp.status.end_with? 'IN_PROGRESS'
+      end
+
+      puts "Cleaning up..."
+
+      cf.delete_change_set({
+        change_set_name: change_set_name,
+        stack_name: name,
+      })
+
+      puts 'Change list'
+
+      clist = process_changeset_response(resp)
+      drifts = get_drifts(templatedata, cf, name)
+
+      # puts clist.to_yaml
+      # puts drifts.to_yaml
+      puts humanize_changeset_response(clist, drifts, templatedata).to_yaml
 
-    # puts JSON.parse(template).to_yaml
+      return
+    end
+
+    # TODO: if the template is too big, split it into nested templates
 
     store.set_raw('cloudformation/template', template)
 
@@ -117,6 +171,7 @@ module Sumomo
       stack_name: name,
       template_url: store.url('cloudformation/template'),
       parameters: hidden_values,
+      disable_rollback: rollback == :disable,
       capabilities: ['CAPABILITY_IAM', 'CAPABILITY_NAMED_IAM']
     }
 
@@ -144,6 +199,137 @@ module Sumomo
     end
   end
 
+  def self.get_drifts(templatedata, cf, stack_name)
+    drifts = {}
+
+    templatedata['Resources'].each do |k,info|
+      puts "detect drift for #{k}"
+
+      rd = cf.detect_stack_resource_drift({
+        stack_name: stack_name, # required
+        logical_resource_id: k, # required
+      })
+
+      diffinfo = {}
+      differences = []
+
+      rd.stack_resource_drift.property_differences.each do |pd|
+        res = {}
+
+        %w[property_path expected_value actual_value difference_type].each do |att|
+          res[att] = pd.send(att.to_sym)
+        end
+
+        differences << res
+      end
+
+      %w[resource_type expected_properties actual_properties stack_resource_drift_status].each do |key|
+        diffinfo[key] = rd.stack_resource_drift.send(key.to_sym)
+      end
+
+      diffinfo['differences'] = differences
+
+      drifts[k] = diffinfo
+
+    rescue Aws::CloudFormation::Errors::ValidationError => e
+      drifts[k] = {
+        "exception" => e.message
+      }
+
+    end
+
+    drifts
+  end
+
+  def self.process_changeset_response(resp)
+    result = {}
+
+    resp.changes.each do |change|
+      info = {}
+
+      %w[action physical_resource_id resource_type replacement].each do |k|
+        info[k] = change.resource_change.send(k.to_sym)
+      end
+
+      details = []
+
+      change.resource_change.details.each do |detail|
+
+        detailinfo = {}
+
+        %w[attribute name requires_recreation].each do |k|
+          detailinfo[k] = detail.target.send(k.to_sym)
+        end
+
+        %w[evaluation change_source causing_entity].each do |k|
+          detailinfo[k] = detail.send(k.to_sym)
+        end
+
+        details << detailinfo
+      end
+
+      info['details'] = details
+
+      result[change.resource_change.logical_resource_id] = info
+    end
+
+    result
+  end
+
+  def self.humanize_changeset_response(clist, drifts, templatedata)
+    # refs
+    # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CloudFormation/Types/ResourceChange.html
+    # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CloudFormation/Types/ResourceTargetDefinition.html
+
+    result = {}
+
+    clist.each do |k,info|
+
+      if info['action'] == 'Modify'
+
+        z = if info['replacement'] != 'False'
+          result['Replace'] ||= {}
+        else
+          result['Modify'] ||= {}
+        end
+
+        z[k] = {}
+
+        info['details'].each do |detail|
+
+          propname = detail['attribute'] 
+          if detail['attribute'] == 'Properties'
+            propname = detail['name']
+          end
+
+          fr = templatedata['Resources'][k]
+          tr = drifts[k]
+
+          fromprops = fr['Properties']
+          toprops = {}
+
+          if tr['actual_properties']
+            toprops = JSON.parse(tr['actual_properties'])
+          end
+
+
+          z[k][propname] = {
+            'From' => toprops[propname],
+            'To' => fromprops[propname]
+          }
+        end
+      else
+        z = result[info['action']] ||= {}
+
+        z[k] = {}
+      end
+
+    end
+
+    result
+
+  end
+
   def self.curtimestr
     Time.now.strftime('%Y%m%d%H%M%S')
   end
@@ -270,6 +456,12 @@ module Sumomo
     end
   end
 
+  def self.rollback_stack(name:, region:)
+    cf = Aws::CloudFormation::Client.new(region: region)
+
+    cf.rollback_stack(stack_name: name)
+  end
+
   def self.get_stack_outputs(name:, region:)
     cf = Aws::CloudFormation::Client.new(region: region)
 

data/sumomo.gemspec

@@ -38,6 +38,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'momo', '0.4.1'
   spec.add_dependency 'rubyzip'
   spec.add_dependency 's3cabinet'
-  spec.add_dependency 'trollop'
+  spec.add_dependency 'optimist'
   spec.add_dependency 'webrick'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sumomo
 version: !ruby/object:Gem::Version
-  version: 0.9.0
+  version: 0.10.1
 platform: ruby
 authors:
 - David Siaw
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-04-27 00:00:00.000000000 Z
+date: 2023-06-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -151,7 +151,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: trollop
+  name: optimist
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="