ufo 4.5.11 → 5.0.0

data/lib/ufo/stack/builder/resources/elb.rb

@@ -0,0 +1,45 @@
+class Ufo::Stack::Builder::Resources
+  class Elb < Base
+    def build
+      {
+        Type: "AWS::ElasticLoadBalancingV2::LoadBalancer",
+        Condition: "CreateElbIsTrue",
+        Properties: properties,
+      }
+    end
+
+    def properties
+      props = {
+        Type: @elb_type,
+        Tags: [
+          {Key: "Name", Value: @stack_name}
+        ],
+        Subnets: {Ref: "ElbSubnets"},
+        Scheme: "internet-facing"
+      }
+
+      props[:SecurityGroups] = security_groups(:elb) if @elb_type == "application"
+      subnets(props)
+
+      props
+    end
+
+    def subnets(props)
+      mappings = @elb_type == "network" && @subnet_mappings && !@subnet_mappings.empty?
+      if mappings
+        props[:SubnetMappings] = subnet_mappings
+      else
+        props[:Subnets] = {Ref: "ElbSubnets"}
+      end
+    end
+
+    def subnet_mappings
+      @subnet_mappings.map do |allocation_id, subnet_id|
+        {
+          AllocationId: allocation_id,
+          SubnetId: subnet_id,
+        }
+      end
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/listener.rb

@@ -0,0 +1,42 @@
+class Ufo::Stack::Builder::Resources
+  class Listener < Base
+    def build
+      {
+        Type: "AWS::ElasticLoadBalancingV2::Listener",
+        Condition: "CreateElbIsTrue",
+        Properties: properties,
+      }
+    end
+
+    def properties
+      props = {
+        DefaultActions: [
+          {
+            Type: "forward",
+            TargetGroupArn: {
+              "Fn::If": [
+                "ElbTargetGroupIsBlank",
+                {Ref: "TargetGroup"},
+                {Ref: "ElbTargetGroup"}
+              ]
+            }
+          }
+        ],
+        LoadBalancerArn: {Ref: "Elb"},
+        Protocol: protocol,
+      }
+
+      props[:Port] = port if port
+
+      props
+    end
+
+    def protocol
+      @default_listener_protocol
+    end
+
+    def port
+      80
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/listener_ssl.rb

@@ -0,0 +1,16 @@
+class Ufo::Stack::Builder::Resources
+  class ListenerSsl < Listener
+    def build
+      return unless @create_listener_ssl
+      super
+    end
+
+    def protocol
+      @default_listener_ssl_protocol
+    end
+
+    # nil on purpose
+    def port
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/roles/base.rb

@@ -0,0 +1,22 @@
+module Ufo::Stack::Builder::Resources::Roles
+  class Base < Ufo::Stack::Builder::Base
+    def build
+      return unless self.class.build? # important because it runs DSL#evaluate
+      Ufo::Role::Builder.new(self.class.role_type).build
+    end
+
+
+    class << self
+      def role_type
+        self.name.to_s.split("::").last.underscore
+      end
+
+      def build?
+        path = "#{Ufo.root}/.ufo/iam_roles/#{role_type}.rb"
+        return unless File.exist?(path)
+        Ufo::Role::DSL.new(path).evaluate # runs the role.rb and registers items
+        Ufo::Role::Builder.new(role_type).build?
+      end
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/roles/execution_role.rb

@@ -0,0 +1,4 @@
+module Ufo::Stack::Builder::Resources::Roles
+  class ExecutionRole < Base
+  end
+end

data/lib/ufo/stack/builder/resources/roles/task_role.rb

@@ -0,0 +1,4 @@
+module Ufo::Stack::Builder::Resources::Roles
+  class TaskRole < Base
+  end
+end

data/lib/ufo/stack/builder/resources/security_group/base.rb

@@ -0,0 +1,4 @@
+module Ufo::Stack::Builder::Resources::SecurityGroup
+  class Base < Ufo::Stack::Builder::Base
+  end
+end

data/lib/ufo/stack/builder/resources/security_group/ecs.rb

@@ -0,0 +1,44 @@
+module Ufo::Stack::Builder::Resources::SecurityGroup
+  class Ecs < Base
+    def build
+      return unless managed_security_groups_enabled?
+
+      {
+        Type: "AWS::EC2::SecurityGroup",
+        Properties: properties
+      }
+    end
+
+    def properties
+      props = {
+        GroupDescription: "Allow http to client host",
+        VpcId: {Ref: "Vpc"},
+        SecurityGroupEgress: [
+          {
+            IpProtocol: "-1",
+            CidrIp: "0.0.0.0/0",
+            Description: "outbound traffic"
+          }
+        ],
+        Tags: [
+          {
+            Key: "Name",
+            Value: @stack_name,
+          }
+        ]
+      }
+
+      if @elb_type == "network"
+        props[:SecurityGroupIngress] = {
+          IpProtocol: "tcp",
+          FromPort: @container[:port],
+          ToPort: @container[:port],
+          CidrIp: "0.0.0.0/0",
+          Description: "docker ephemeral port range for network elb",
+        }
+      end
+
+      props
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/security_group/ecs_rule.rb

@@ -0,0 +1,25 @@
+module Ufo::Stack::Builder::Resources::SecurityGroup
+  class EcsRule < Base
+    def build
+      return unless managed_security_groups_enabled?
+      return unless @elb_type == "application"
+
+      {
+        Type: "AWS::EC2::SecurityGroupIngress",
+        Condition: "CreateElbIsTrue",
+        Properties: {
+          IpProtocol: "tcp",
+          FromPort: "0",
+          ToPort: "65535",
+          SourceSecurityGroupId: {
+            "Fn::GetAtt": "ElbSecurityGroup.GroupId"
+          },
+          GroupId: {
+            "Fn::GetAtt": "EcsSecurityGroup.GroupId"
+          },
+          Description: "application elb access to ecs"
+        }
+      }
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/security_group/elb.rb

@@ -0,0 +1,57 @@
+module Ufo::Stack::Builder::Resources::SecurityGroup
+  class Elb < Base
+    def build
+      return unless managed_security_groups_enabled?
+      return unless @elb_type == "application"
+
+      {
+        Type: "AWS::EC2::SecurityGroup",
+        Condition: "CreateElbIsTrue",
+        Properties: properties
+      }
+    end
+
+    def properties
+      port = cfn.dig(:Listener, :Port) || cfn.dig(:listener, :port) # backwards compatiblity
+
+      props = {
+        GroupDescription: "Allow http to client host",
+        VpcId: {Ref: "Vpc"},
+        SecurityGroupIngress: [
+          {
+            IpProtocol: "tcp",
+            FromPort: port,
+            ToPort: port,
+            CidrIp: "0.0.0.0/0"
+          }
+        ],
+        SecurityGroupEgress: [
+          {
+            IpProtocol: "tcp",
+            FromPort: "0",
+            ToPort: "65535",
+            CidrIp: "0.0.0.0/0"
+          }
+        ],
+        Tags: [
+          {
+            Key: "Name",
+            Value: "#{@stack_name}-elb"
+          }
+        ]
+      }
+
+      if @create_listener_ssl
+        ssl_port = cfn.dig(:ListenerSsl, :Port) || cfn.dig(:listener_ssl, :port) # backwards compatiblity
+        props[:SecurityGroupIngress] << {
+          IpProtocol: "tcp",
+          FromPort: ssl_port,
+          ToPort: ssl_port,
+          CidrIp: "0.0.0.0/0"
+        }
+      end
+
+      props
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/target_group.rb

@@ -0,0 +1,39 @@
+class Ufo::Stack::Builder::Resources
+  class TargetGroup < Base
+    def build
+      {
+        Type: "AWS::ElasticLoadBalancingV2::TargetGroup",
+        Condition: "CreateTargetGroupIsTrue",
+        Properties: properties,
+      }
+    end
+
+    def properties
+      props = {
+        VpcId: {Ref: "Vpc"},
+        Tags: [
+          {
+            Key: "Name",
+            Value: @stack_name,
+          }
+        ],
+        Protocol: @default_target_group_protocol,
+        Port: 80,
+        HealthCheckIntervalSeconds: 10,
+        HealthyThresholdCount: 2,
+        UnhealthyThresholdCount: 2,
+        TargetGroupAttributes: [
+          {
+            Key: "deregistration_delay.timeout_seconds",
+            Value: 10
+          }
+        ]
+      }
+
+      props[:TargetType] = "ip" if @container[:network_mode] == "awsvpc"
+      props[:HealthCheckPort] = @container[:port] if @elb_type == "network" && @network_mode == "awsvpc"
+
+      props
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/task_definition.rb

@@ -0,0 +1,24 @@
+class Ufo::Stack::Builder::Resources
+  class TaskDefinition < Base
+    def build
+      return if @rollback_definition_arn
+
+      {
+        Type: "AWS::ECS::TaskDefinition",
+        Properties: properties,
+        DeletionPolicy: "Retain",
+        UpdateReplacePolicy: "Retain",
+      }
+    end
+
+    def properties
+      props = Reconstructor.new(@task_definition).reconstruct
+
+      # Decorate with iam roles if needed
+      props[:TaskRoleArn] = {"Fn::GetAtt": "TaskRole.Arn"} if Roles::TaskRole.build?
+      props[:ExecutionRoleArn] = {"Fn::GetAtt": "ExecutionRole.Arn"} if Roles::ExecutionRole.build?
+
+      props
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/task_definition/reconstructor.rb

@@ -0,0 +1,49 @@
+class Ufo::Stack::Builder::Resources::TaskDefinition
+  class Reconstructor
+    include Ufo::AwsService
+
+    def initialize(task_definition, rollback=false)
+      @task_definition, @rollback = task_definition, rollback
+    end
+
+    def reconstruct
+      camelize(data)
+    end
+
+    def data
+      if @rollback
+        resp = ecs.describe_task_definition(task_definition: @task_definition)
+        resp.task_definition.to_h
+      else
+        path = "#{Ufo.root}/.ufo/output/#{@task_definition}.json"
+        JSON.load(IO.read(path))
+      end
+    end
+
+    # non-destructive
+    def camelize(value, parent_keys=[])
+      case value
+      when Array
+        value.map { |v| camelize(v, parent_keys) }
+      when Hash
+        initializer = value.map do |k, v|
+          new_key = camelize_key(k, parent_keys)
+          [new_key, camelize(v, parent_keys+[new_key])]
+        end
+        Hash[initializer]
+      else
+        value # do not camelize values
+      end
+    end
+
+    def camelize_key(k, parent_keys=[])
+      k = k.to_s
+      special = %w[Options] & parent_keys.map(&:to_s)
+      if special.empty?
+        k.camelize
+      else
+        k # pass through untouch
+      end
+    end
+  end
+end

data/lib/ufo/stack/context.rb

@@ -2,13 +2,15 @@ class Ufo::Stack
   class Context
     extend Memoist
     include Helper
+    include Ufo::Settings
 
+    attr_reader :stack_name
     def initialize(options)
       @options = options
       @task_definition = options[:task_definition]
       @service = options[:service]
       # no need to adjust @cluster or @stack_name because it was adjusted in Stack#initialize
-      @cluster = options[:cluster]
+      @cluster = options[:cluster].dup # Thor options are frozen, we thaw it because CustomProperties#substitute_variables does a sub!
       @stack_name = options[:stack_name]
 
       @stack = options[:stack]
@@ -20,36 +22,44 @@ class Ufo::Stack
       # Add additional variable to scope for CloudFormation template.
       # Dirties the scope but needed.
       vars = {
+        service: @service,
         cluster: @cluster,
         stack_name: @stack_name, # used in custom_properties
         container: container,
+        # to reconstruct TaskDefinition in the CloudFormation template
+        task_definition: @task_definition,
+        rollback_definition_arn: @options[:rollback_definition_arn],
         # elb options remember that their 'state'
         create_elb: create_elb?, # helps set Ecs DependsOn
         elb_type: elb_type,
         subnet_mappings: subnet_mappings,
-        create_route53: create_elb? && cfn[:dns] && cfn[:dns][:name],
+        create_route53: create_elb? && has_dns_name?,
         default_target_group_protocol: default_target_group_protocol,
         default_listener_protocol: default_listener_protocol,
         default_listener_ssl_protocol: default_listener_ssl_protocol,
         create_listener_ssl: create_listener_ssl?,
       }
-      # puts "vars:".color(:cyan)
-      # pp vars
+
       scope.assign_instance_variables(vars)
       scope
     end
     memoize :scope
 
+    def has_dns_name?
+      cfn.dig(:Dns, :Name) || cfn.dig(:dns, :name) # backwards compatiblity
+    end
+
     def default_target_group_protocol
       return 'TCP' if elb_type == 'network'
       'HTTP'
     end
 
     def default_listener_protocol
+      port = cfn.dig(:Listener, :Port) || cfn.dig(:listener, :port) # backwards compatiblity
       if elb_type == 'network'
-        cfn[:listener][:port] == 443 ? 'TLS' : 'TCP'
+        port == 443 ? 'TLS' : 'TCP'
       else
-        cfn[:listener][:port] == 443 ? 'HTTPS' : 'HTTP'
+        port == 443 ? 'HTTPS' : 'HTTP'
       end
     end
 
@@ -59,32 +69,8 @@ class Ufo::Stack
 
     # if the configuration is set to anything then enable it
     def create_listener_ssl?
-      cfn[:listener_ssl] && cfn[:listener_ssl][:port]
-    end
-
-    def container
-      resp = ecs.describe_task_definition(task_definition: @task_definition)
-      task_definition = resp.task_definition
-
-      container_def = task_definition["container_definitions"].first
-      requires_compatibilities = task_definition["requires_compatibilities"]
-      fargate = requires_compatibilities && requires_compatibilities == ["FARGATE"]
-      network_mode = task_definition["network_mode"]
-
-      mappings = container_def["port_mappings"] || []
-      unless mappings.empty?
-        port = mappings.first["container_port"]
-      end
-
-      result = {
-        name: container_def["name"],
-        fargate: fargate,
-        network_mode: network_mode, # awsvpc, bridge, etc
-      }
-      result[:port] = port if port
-      result
+      cfn.dig(:ListenerSsl, :Port) || cfn.dig(:listener_ssl, :port) # backwards compatiblity
     end
-    memoize :container
 
     def create_elb?
       create_elb, _ = elb_options
@@ -135,6 +121,29 @@ class Ufo::Stack
       [create_elb, elb_target_group]
     end
 
+    def container
+      task_definition = Builder::Resources::TaskDefinition::Reconstructor.new(@task_definition, @options[:rollback]).reconstruct
+
+      container_def = task_definition["ContainerDefinitions"].first
+      requires_compatibilities = task_definition["RequiresCompatibilities"]
+      fargate = requires_compatibilities && requires_compatibilities == ["FARGATE"]
+      network_mode = task_definition["NetworkMode"]
+
+      mappings = container_def["PortMappings"] || []
+      unless mappings.empty?
+        port = mappings.first["ContainerPort"]
+      end
+
+      result =  {
+        name: container_def["Name"],
+        fargate: fargate,
+        network_mode: network_mode, # awsvpc, bridge, etc
+      }
+      result[:port] = port if port
+      result
+    end
+    memoize :container
+
     def get_parameter_value(stack, key)
       param = stack.parameters.find do |p|
         p.parameter_key == key
@@ -188,10 +197,8 @@ class Ufo::Stack
 
     def build_subnet_mappings!(allocations)
       unless allocations.size == network[:elb_subnets].size
-        # puts "caller:".color(:cyan)
-        # puts caller
         puts "ERROR: The allocation_ids must match in length to the subnets.".color(:red)
-        puts "Please double check that .ufo/settings/network/#{settings[:network_profile]} has the same number of subnets as the eip allocation ids are you specifying."
+        puts "Please double check that .ufo/settings/network/#{settings.network_profile} has the same number of subnets as the eip allocation ids are you specifying."
         subnets = network[:elb_subnets]
         puts "Conigured subnets: #{subnets.inspect}"
         puts "Specified allocation ids: #{allocations.inspect}"
@@ -242,19 +249,5 @@ class Ufo::Stack
     end
     memoize :elb_type
 
-    def network
-      Ufo::Setting::Profile.new(:network, settings[:network_profile]).data
-    end
-    memoize :network
-
-    def cfn
-      Ufo::Setting::Profile.new(:cfn, settings[:cfn_profile]).data
-    end
-    memoize :cfn
-
-    def settings
-      Ufo.settings
-    end
-
   end
 end