sumomo 0.8.10 → 0.8.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/data/sumomo/custom_resources/{USEastCertificate.js → ACMCertificate.js} +8 -3
- data/data/sumomo/custom_resources/{USEastCertificateWaiter.js → ACMCertificateWaiter.js} +3 -1
- data/exe/sumomo +12 -2
- data/lib/sumomo/api.rb +120 -9
- data/lib/sumomo/version.rb +1 -1
- data/lib/sumomo.rb +14 -2
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: eeda4af6bbc948dd941cc1037a71430ffde716856bd1a34e087225d69165cc97
|
|
4
|
+
data.tar.gz: ccdec3cc1a55aac396e3dadb25bae8233860cdfa80ac6cb5ed423aa2963cf34a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f106ff8f3ceb987077388ae7d68473355e9d4a2fb704b086cc0090bfd872381084740bfd1052eb175e43287c93ac095ef9b6a7221dfa80f44a1d7ded32b38f3e
|
|
7
|
+
data.tar.gz: c03dd06c48a363c5c24d9c5e7f001869cb206ff38df9f048076ab523781511cb59aaeeec11137d01b5156a6a198fbe944dc98ab0876c9f0240a8c6fd96a4763b
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
var
|
|
1
|
+
var cert_region = request.ResourceProperties.RegionOverride || request.ResourceProperties.Region;
|
|
2
|
+
|
|
3
|
+
var acm = new aws.ACM({region: cert_region});
|
|
2
4
|
|
|
3
5
|
var return_properties = {};
|
|
4
6
|
|
|
@@ -66,9 +68,12 @@ function create(domain_name, on_success, on_fail)
|
|
|
66
68
|
DomainValidationOptions: [
|
|
67
69
|
{
|
|
68
70
|
DomainName: domain_name,
|
|
69
|
-
ValidationDomain: extractRootDomain(domain_name)
|
|
71
|
+
ValidationDomain: extractRootDomain(domain_name),
|
|
70
72
|
},
|
|
71
|
-
]
|
|
73
|
+
],
|
|
74
|
+
Options: {
|
|
75
|
+
CertificateTransparencyLoggingPreference: 'ENABLED'
|
|
76
|
+
}
|
|
72
77
|
}
|
|
73
78
|
|
|
74
79
|
if (request.ResourceProperties.ValidationMethod === "DNS")
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
var
|
|
1
|
+
var cert_region = request.ResourceProperties.RegionOverride || request.ResourceProperties.Region;
|
|
2
|
+
|
|
3
|
+
var acm = new aws.ACM({region: cert_region});
|
|
2
4
|
|
|
3
5
|
var arn = request.ResourceProperties.Certificate;
|
|
4
6
|
|
data/exe/sumomo
CHANGED
|
@@ -30,11 +30,21 @@ cmd_opts = case cmd
|
|
|
30
30
|
when 'delete'
|
|
31
31
|
Sumomo.delete_stack(name: ARGV[0], region: global_opts[:region])
|
|
32
32
|
|
|
33
|
-
when 'create'
|
|
33
|
+
when 'create'
|
|
34
34
|
local_opts = Trollop.options do
|
|
35
35
|
opt :filename, 'File that describes the stack', type: :string, default: 'Sumomofile'
|
|
36
36
|
end
|
|
37
|
-
Sumomo.
|
|
37
|
+
Sumomo.create_stack(name: ARGV[0], region: global_opts[:region]) do
|
|
38
|
+
proc = proc {}
|
|
39
|
+
eval File.read(local_opts[:filename]), proc.binding, local_opts[:filename]
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
when 'update'
|
|
43
|
+
local_opts = Trollop.options do
|
|
44
|
+
opt :filename, 'File that describes the stack', type: :string, default: 'Sumomofile'
|
|
45
|
+
opt :changeset, 'Create a changeset instead of directly update', type: :boolean, default: false
|
|
46
|
+
end
|
|
47
|
+
Sumomo.update_stack(name: ARGV[0], changeset: !!local_opts[:changeset], region: global_opts[:region]) do
|
|
38
48
|
proc = proc {}
|
|
39
49
|
eval File.read(local_opts[:filename]), proc.binding, local_opts[:filename]
|
|
40
50
|
end
|
data/lib/sumomo/api.rb
CHANGED
|
@@ -159,9 +159,45 @@ module Sumomo
|
|
|
159
159
|
end
|
|
160
160
|
end
|
|
161
161
|
|
|
162
|
-
def make_api(
|
|
162
|
+
def make_api(
|
|
163
|
+
domain_name,
|
|
164
|
+
name:,
|
|
165
|
+
script: nil,
|
|
166
|
+
dns: nil,
|
|
167
|
+
cert: nil,
|
|
168
|
+
mtls_truststore: nil,
|
|
169
|
+
logging: true,
|
|
170
|
+
with_statements: [], &block)
|
|
171
|
+
|
|
163
172
|
api = make 'AWS::ApiGateway::RestApi', name: name do
|
|
164
173
|
Name name
|
|
174
|
+
DisableExecuteApiEndpoint true
|
|
175
|
+
end
|
|
176
|
+
|
|
177
|
+
if logging
|
|
178
|
+
cloudwatchRole = make 'AWS::IAM::Role', name: "#{name}LoggingRole" do
|
|
179
|
+
AssumeRolePolicyDocument do
|
|
180
|
+
Version "2012-10-17"
|
|
181
|
+
Statement [
|
|
182
|
+
{
|
|
183
|
+
"Effect" => "Allow",
|
|
184
|
+
"Principal" => {
|
|
185
|
+
"Service" => [
|
|
186
|
+
"apigateway.amazonaws.com"
|
|
187
|
+
]
|
|
188
|
+
},
|
|
189
|
+
"Action" => "sts:AssumeRole"
|
|
190
|
+
}
|
|
191
|
+
]
|
|
192
|
+
end
|
|
193
|
+
Path '/'
|
|
194
|
+
ManagedPolicyArns [ "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs" ]
|
|
195
|
+
end
|
|
196
|
+
|
|
197
|
+
make 'AWS::ApiGateway::Account' do
|
|
198
|
+
depends_on api
|
|
199
|
+
CloudWatchRoleArn cloudwatchRole.Arn
|
|
200
|
+
end
|
|
165
201
|
end
|
|
166
202
|
|
|
167
203
|
script ||= File.read(File.join(Gem.loaded_specs['sumomo'].full_gem_path, 'data', 'sumomo', 'api_modules', 'real_script.js'))
|
|
@@ -183,7 +219,10 @@ module Sumomo
|
|
|
183
219
|
|
|
184
220
|
files += [{ name: 'index.js', code: script }]
|
|
185
221
|
|
|
186
|
-
fun = make_lambda(
|
|
222
|
+
fun = make_lambda(
|
|
223
|
+
name: "#{name}Lambda#{@version_number}",
|
|
224
|
+
files: files,
|
|
225
|
+
role: custom_resource_exec_role(with_statements: with_statements) )
|
|
187
226
|
|
|
188
227
|
resource = make 'AWS::ApiGateway::Resource', name: "#{name}Resource" do
|
|
189
228
|
ParentId api.RootResourceId
|
|
@@ -230,18 +269,79 @@ module Sumomo
|
|
|
230
269
|
stage = make 'AWS::ApiGateway::Stage', name: "#{name}Stage" do
|
|
231
270
|
RestApiId api
|
|
232
271
|
DeploymentId deployment
|
|
233
|
-
|
|
272
|
+
|
|
273
|
+
if logging
|
|
274
|
+
MethodSettings [
|
|
275
|
+
{
|
|
276
|
+
"ResourcePath" => "/*",
|
|
277
|
+
"HttpMethod" => "*",
|
|
278
|
+
"DataTraceEnabled" => true,
|
|
279
|
+
"LoggingLevel" => 'INFO'
|
|
280
|
+
}
|
|
281
|
+
]
|
|
282
|
+
end
|
|
234
283
|
end
|
|
235
284
|
|
|
236
285
|
root_name = /(?<root_name>[^.]+\.[^.]+)$/.match(domain_name)[:root_name]
|
|
237
286
|
|
|
238
|
-
|
|
239
|
-
|
|
287
|
+
certificate_completion = cert
|
|
288
|
+
|
|
289
|
+
bucket_name = @bucket_name
|
|
290
|
+
mtls = nil
|
|
291
|
+
if mtls_truststore
|
|
292
|
+
filename = "#{domain_name}.truststore.pem"
|
|
293
|
+
upload_file(filename, mtls_truststore)
|
|
294
|
+
truststore_uri = "s3://#{bucket_name}/uploads/#{filename}"
|
|
295
|
+
mtls = {
|
|
296
|
+
"TruststoreUri" => truststore_uri
|
|
297
|
+
}
|
|
240
298
|
end
|
|
241
299
|
|
|
242
|
-
|
|
300
|
+
if cert.nil?
|
|
301
|
+
cert = make 'Custom::ACMCertificate', name: "#{name}Certificate" do
|
|
302
|
+
DomainName domain_name
|
|
303
|
+
ValidationMethod 'DNS' if dns[:type] == :route53
|
|
304
|
+
RegionOverride 'us-east-1' if !mtls
|
|
305
|
+
end
|
|
306
|
+
|
|
307
|
+
certificate_completion = cert
|
|
308
|
+
|
|
309
|
+
if dns[:type] == :route53
|
|
310
|
+
make 'AWS::Route53::RecordSet', name: "#{name}CertificateRoute53Entry" do
|
|
311
|
+
HostedZoneId dns[:hosted_zone]
|
|
312
|
+
Name cert.RecordName
|
|
313
|
+
Type cert.RecordType
|
|
314
|
+
TTL 60
|
|
315
|
+
ResourceRecords [cert.RecordValue]
|
|
316
|
+
end
|
|
317
|
+
|
|
318
|
+
cert_waiter = make 'Custom::ACMCertificateWaiter', name: "#{name}CertificateWaiter" do
|
|
319
|
+
Certificate cert
|
|
320
|
+
RegionOverride 'us-east-1' if !mtls
|
|
321
|
+
end
|
|
322
|
+
|
|
323
|
+
certificate_completion = cert_waiter
|
|
324
|
+
end
|
|
325
|
+
end
|
|
326
|
+
|
|
327
|
+
domain = make 'AWS::ApiGateway::DomainName', name: "#{name}DomainName" do
|
|
328
|
+
depends_on certificate_completion
|
|
329
|
+
|
|
243
330
|
DomainName domain_name
|
|
244
|
-
|
|
331
|
+
|
|
332
|
+
if mtls != nil
|
|
333
|
+
RegionalCertificateArn cert
|
|
334
|
+
MutualTlsAuthentication mtls
|
|
335
|
+
SecurityPolicy 'TLS_1_2'
|
|
336
|
+
EndpointConfiguration do
|
|
337
|
+
Types [ 'REGIONAL' ]
|
|
338
|
+
end
|
|
339
|
+
else
|
|
340
|
+
CertificateArn cert
|
|
341
|
+
EndpointConfiguration do
|
|
342
|
+
Types [ 'EDGE' ]
|
|
343
|
+
end
|
|
344
|
+
end
|
|
245
345
|
end
|
|
246
346
|
|
|
247
347
|
make 'AWS::ApiGateway::BasePathMapping', name: "#{name}BasePathMapping" do
|
|
@@ -264,8 +364,19 @@ module Sumomo
|
|
|
264
364
|
make 'AWS::Route53::RecordSet', name: "#{name}Route53Entry" do
|
|
265
365
|
HostedZoneId dns[:hosted_zone]
|
|
266
366
|
Name domain_name
|
|
267
|
-
|
|
268
|
-
|
|
367
|
+
|
|
368
|
+
if mtls != nil
|
|
369
|
+
Type 'A'
|
|
370
|
+
AliasTarget do
|
|
371
|
+
DNSName domain.RegionalDomainName
|
|
372
|
+
HostedZoneId domain.RegionalHostedZoneId
|
|
373
|
+
end
|
|
374
|
+
else
|
|
375
|
+
Type 'A'
|
|
376
|
+
AliasTarget do
|
|
377
|
+
DNSName domain.DistributionDomainName
|
|
378
|
+
HostedZoneId domain.DistributionHostedZoneId
|
|
379
|
+
end end
|
|
269
380
|
end
|
|
270
381
|
domain_name
|
|
271
382
|
else
|
data/lib/sumomo/version.rb
CHANGED
data/lib/sumomo.rb
CHANGED
|
@@ -36,7 +36,7 @@ module Sumomo
|
|
|
36
36
|
end
|
|
37
37
|
end
|
|
38
38
|
|
|
39
|
-
def self.update_stack(name:, region:, sns_arn: nil, &block)
|
|
39
|
+
def self.update_stack(name:, region:, sns_arn: nil, changeset: false, &block)
|
|
40
40
|
cf = Aws::CloudFormation::Client.new(region: region)
|
|
41
41
|
s3 = Aws::S3::Client.new(region: region)
|
|
42
42
|
ec2 = Aws::EC2::Client.new(region: region)
|
|
@@ -121,7 +121,15 @@ module Sumomo
|
|
|
121
121
|
}
|
|
122
122
|
|
|
123
123
|
begin
|
|
124
|
-
|
|
124
|
+
if changeset
|
|
125
|
+
cf.create_change_set(
|
|
126
|
+
**update_options,
|
|
127
|
+
change_set_name: "Change#{curtimestr}"
|
|
128
|
+
)
|
|
129
|
+
else
|
|
130
|
+
cf.update_stack(update_options)
|
|
131
|
+
end
|
|
132
|
+
|
|
125
133
|
rescue StandardError => e
|
|
126
134
|
if e.message.end_with? 'does not exist'
|
|
127
135
|
update_options[:timeout_in_minutes] = @timeout if @timeout
|
|
@@ -134,6 +142,10 @@ module Sumomo
|
|
|
134
142
|
end
|
|
135
143
|
end
|
|
136
144
|
|
|
145
|
+
def self.curtimestr
|
|
146
|
+
Time.now.strftime('%Y%m%d%H%M%S')
|
|
147
|
+
end
|
|
148
|
+
|
|
137
149
|
def self.wait_for_stack(name:, region:)
|
|
138
150
|
cf = Aws::CloudFormation::Client.new(region: region)
|
|
139
151
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sumomo
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.8.
|
|
4
|
+
version: 0.8.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Siaw
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-08-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -2516,6 +2516,8 @@ files:
|
|
|
2516
2516
|
- data/sumomo/api_modules/real_script.js
|
|
2517
2517
|
- data/sumomo/api_modules/test_script.js
|
|
2518
2518
|
- data/sumomo/custom_resource_utils.js
|
|
2519
|
+
- data/sumomo/custom_resources/ACMCertificate.js
|
|
2520
|
+
- data/sumomo/custom_resources/ACMCertificateWaiter.js
|
|
2519
2521
|
- data/sumomo/custom_resources/AMILookup.js
|
|
2520
2522
|
- data/sumomo/custom_resources/APIDomainName.js
|
|
2521
2523
|
- data/sumomo/custom_resources/AvailabilityZones.js
|
|
@@ -2526,8 +2528,6 @@ files:
|
|
|
2526
2528
|
- data/sumomo/custom_resources/OriginAccessIdentity.js
|
|
2527
2529
|
- data/sumomo/custom_resources/SelectSpot.js
|
|
2528
2530
|
- data/sumomo/custom_resources/TempS3Bucket.js
|
|
2529
|
-
- data/sumomo/custom_resources/USEastCertificate.js
|
|
2530
|
-
- data/sumomo/custom_resources/USEastCertificateWaiter.js
|
|
2531
2531
|
- data/sumomo/sources/spot-watcher-poller.sh
|
|
2532
2532
|
- data/sumomo/sources/spot-watcher.sh
|
|
2533
2533
|
- exe/sumomo
|