RubyGems - ufo - Versions diffs - 4.6.0 → 5.0.1 - Mend

ufo 4.6.0 → 5.0.1

Files changed (126) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +29 -0
data/docs/_docs/conventions.md +1 -1
data/docs/_docs/extras/codebuild-iam-role.md +1 -1
data/docs/_docs/extras/dockerfile-erb.md +1 -1
data/docs/_docs/extras/ecs-network-mode.md +1 -1
data/docs/_docs/extras/load-balancer.md +1 -1
data/docs/_docs/extras/minimal-deploy-iam.md +1 -1
data/docs/_docs/extras/notification-arns.md +21 -0
data/docs/_docs/extras/redirection-support.md +9 -9
data/docs/_docs/extras/route53-support.md +4 -4
data/docs/_docs/extras/security-groups.md +1 -1
data/docs/_docs/extras/ssl-support.md +5 -5
data/docs/_docs/faq.md +1 -1
data/docs/_docs/helpers.md +7 -5
data/docs/_docs/iam-roles.md +112 -0
data/docs/_docs/install.md +0 -10
data/docs/_docs/more/auto-completion.md +1 -1
data/docs/_docs/more/automated-cleanup.md +1 -1
data/docs/_docs/more/customize-cloudformation.md +1 -1
data/docs/_docs/more/migrations.md +1 -1
data/docs/_docs/more/run-in-pieces.md +1 -1
data/docs/_docs/more/single-task.md +1 -1
data/docs/_docs/more/stuck-cloudformation.md +1 -1
data/docs/_docs/more/why-cloudformation.md +1 -1
data/docs/_docs/next-steps.md +1 -1
data/docs/_docs/quick-start-ec2.md +1 -0
data/docs/_docs/secrets.md +135 -0
data/docs/_docs/settings.md +10 -9
data/docs/_docs/settings/cluster.md +7 -13
data/docs/_docs/settings/manage-security-groups.md +24 -0
data/docs/_docs/settings/network.md +11 -1
data/docs/_docs/structure.md +10 -9
data/docs/_docs/tutorial-ufo-init.md +1 -7
data/docs/_docs/ufo-current.md +1 -1
data/docs/_docs/ufo-env-extra.md +1 -1
data/docs/_docs/ufo-env.md +3 -5
data/docs/_docs/ufo-logs.md +1 -2
data/docs/_docs/ufo-task-params.md +1 -1
data/docs/_docs/upgrading.md +1 -1
data/docs/_docs/upgrading/upgrade4.5.md +2 -2
data/docs/_docs/upgrading/upgrade4.md +2 -2
data/docs/_docs/upgrading/upgrade5.md +19 -0
data/docs/_docs/variables.md +1 -1
data/docs/_includes/cfn-customize.md +4 -4
data/docs/_includes/subnav.html +3 -0
data/docs/_reference/ufo-deploy.md +1 -2
data/docs/_reference/ufo-init.md +15 -16
data/docs/_reference/ufo-logs.md +10 -9
data/docs/_reference/ufo-rollback.md +2 -0
data/docs/_reference/ufo-ship.md +1 -2
data/docs/_reference/ufo-ships.md +1 -2
data/docs/_reference/ufo-tasks-build.md +1 -2
data/docs/articles.md +1 -1
data/docs/quick-start.md +1 -0
data/lib/template/.secrets +5 -0
data/lib/template/.ufo/iam_roles/execution_role.rb +7 -0
data/lib/template/.ufo/iam_roles/task_role.rb +21 -0
data/lib/template/.ufo/settings.yml.tt +1 -0
data/lib/template/.ufo/settings/cfn/default.yml.tt +27 -27
data/lib/template/.ufo/settings/network/default.yml.tt +9 -0
data/lib/template/.ufo/templates/fargate.json.erb +3 -1
data/lib/template/.ufo/templates/main.json.erb +3 -0
data/lib/template/.ufo/variables/base.rb.tt +1 -0
data/lib/ufo.rb +2 -1
data/lib/ufo/autoloader.rb +9 -0
data/lib/ufo/cli.rb +4 -2
data/lib/ufo/command.rb +7 -0
data/lib/ufo/core.rb +1 -9
data/lib/ufo/docker/cleaner.rb +1 -1
data/lib/ufo/dsl.rb +6 -1
data/lib/ufo/dsl/helper.rb +21 -27
data/lib/ufo/dsl/helper/vars.rb +97 -0
data/lib/ufo/dsl/outputter.rb +12 -9
data/lib/ufo/help/init.md +1 -1
data/lib/ufo/init.rb +0 -2
data/lib/ufo/log_group.rb +1 -0
data/lib/ufo/logs.rb +5 -4
data/lib/ufo/role/builder.rb +66 -0
data/lib/ufo/role/dsl.rb +21 -0
data/lib/ufo/role/registry.rb +24 -0
data/lib/ufo/rollback.rb +2 -1
data/lib/ufo/sequence.rb +0 -16
data/lib/ufo/setting/profile.rb +11 -7
data/lib/ufo/setting/security_groups.rb +22 -0
data/lib/ufo/settings.rb +20 -0
data/lib/ufo/stack.rb +24 -24
data/lib/ufo/stack/builder.rb +26 -0
data/lib/ufo/stack/builder/base.rb +54 -0
data/lib/ufo/stack/builder/conditions.rb +23 -0
data/lib/ufo/stack/builder/outputs.rb +24 -0
data/lib/ufo/stack/builder/parameters.rb +45 -0
data/lib/ufo/stack/builder/resources.rb +20 -0
data/lib/ufo/stack/builder/resources/base.rb +4 -0
data/lib/ufo/stack/builder/resources/dns.rb +17 -0
data/lib/ufo/stack/builder/resources/ecs.rb +67 -0
data/lib/ufo/stack/builder/resources/elb.rb +45 -0
data/lib/ufo/stack/builder/resources/listener.rb +42 -0
data/lib/ufo/stack/builder/resources/listener_ssl.rb +16 -0
data/lib/ufo/stack/builder/resources/roles/base.rb +22 -0
data/lib/ufo/stack/builder/resources/roles/execution_role.rb +4 -0
data/lib/ufo/stack/builder/resources/roles/task_role.rb +4 -0
data/lib/ufo/stack/builder/resources/security_group/base.rb +4 -0
data/lib/ufo/stack/builder/resources/security_group/ecs.rb +44 -0
data/lib/ufo/stack/builder/resources/security_group/ecs_rule.rb +25 -0
data/lib/ufo/stack/builder/resources/security_group/elb.rb +57 -0
data/lib/ufo/stack/builder/resources/target_group.rb +39 -0
data/lib/ufo/stack/builder/resources/task_definition.rb +24 -0
data/lib/ufo/stack/builder/resources/task_definition/reconstructor.rb +49 -0
data/lib/ufo/stack/context.rb +41 -48
data/lib/ufo/stack/custom_properties.rb +59 -0
data/lib/ufo/stack/helper.rb +2 -5
data/lib/ufo/stack/template_body.rb +13 -0
data/lib/ufo/task.rb +2 -7
data/lib/ufo/tasks.rb +1 -1
data/lib/ufo/tasks/builder.rb +0 -1
data/lib/ufo/tasks/register.rb +11 -8
data/lib/ufo/template_scope.rb +1 -66
data/lib/ufo/utils/squeezer.rb +24 -0
data/lib/ufo/version.rb +1 -1
data/spec/fixtures/iam_roles/task_role.rb +17 -0
data/spec/lib/role/builder_spec.rb +67 -0
data/spec/lib/role/dsl_spec.rb +12 -0
data/ufo.gemspec +1 -0
metadata +61 -3
data/lib/cfn/stack.yml +0 -283

@@ -21,7 +21,7 @@ module Ufo
     end
     def delete_list
-      return [] if ENV['TEST']
+      return [] if ENV['TEST'] || @options[:noop]
       return @delete_list if @delete_list
       out = execute("docker images") # live to override the noop cli options

data/lib/ufo/dsl.rb CHANGED

@@ -2,6 +2,8 @@ require 'ostruct'
 module Ufo
   class DSL
+    extend Memoist
     def initialize(template_definitions_path, options={})
       @template_definitions_path = template_definitions_path
       @options = options
@@ -85,7 +87,10 @@ module Ufo
     end
     def helper
-      Helper.new
+      helper = Helper.new
+      helper.add_project_helpers
+      helper
     end
+    memoize :helper
   end
 end

data/lib/ufo/dsl/helper.rb CHANGED

@@ -6,11 +6,20 @@
 # Simply aggregates a bunch of variables that is useful for the task_definition.
 module Ufo
   class DSL
-    # provides some helperally context variables
     class Helper
       include Ufo::Util
       extend Memoist
+      # Add helpers from .ufo/helpers folder
+      def add_project_helpers
+        helpers_dir = "#{Ufo.root}/.ufo/helpers"
+        Dir.glob("#{helpers_dir}/**/*").each do |path|
+          next unless File.file?(path)
+          klass = path.gsub(%r{.*\.ufo/helpers/},'').sub(".rb",'').camelize
+          self.class.send(:include, klass.constantize)
+        end
+      end
       ##############
       # helper variables
       def dockerfile_port
@@ -27,36 +36,21 @@ module Ufo
       #############
       # helper methods
-      def env_vars(text)
-        lines = filtered_lines(text)
-        lines.map do |line|
-          key,*value = line.strip.split("=").map {|x| x.strip}
-          value = value.join('=')
-          {
-            name: key,
-            value: value,
-          }
-        end
+      def env(text)
+        Vars.new(text: text).env
       end
+      alias_method :env_vars, :env
-      def filtered_lines(text)
-        lines = text.split("\n")
-        # remove comment at the end of the line
-        lines.map! { |l| l.sub(/\s+#.*/,'').strip }
-        # filter out commented lines
-        lines = lines.reject { |l| l =~ /(^|\s)#/i }
-        # filter out empty lines
-        lines = lines.reject { |l| l.strip.empty? }
+      def env_file(path)
+        Vars.new(file: path).env
       end
-      def env_file(path)
-        full_path = "#{Ufo.root}/#{path}"
-        unless File.exist?(full_path)
-          puts "The #{full_path} env file could not be found.  Are you sure it exists?"
-          exit 1
-        end
-        text = IO.read(full_path)
-        env_vars(text)
+      def secrets(text)
+        Vars.new(text: text).secrets
+      end
+      def secrets_file(path)
+        Vars.new(file: path).secrets
       end
       def current_region

data/lib/ufo/dsl/helper/vars.rb ADDED

@@ -0,0 +1,97 @@
+require "aws_data"
+class Ufo::DSL::Helper
+  class Vars
+    extend Memoist
+    def initialize(options={})
+      # use either file or text. text takes higher precedence
+      @file = options[:file]
+      @text = options[:text]
+    end
+    def content
+      @text || read(@file)
+    end
+    def read(path)
+      full_path = "#{Ufo.root}/#{path}"
+      unless File.exist?(full_path)
+        puts "The #{full_path} env file could not be found.  Are you sure it exists?"
+        exit 1
+      end
+      IO.read(full_path)
+    end
+    def env
+      lines = filtered_lines(content)
+      lines.map do |line|
+        key,*value = line.strip.split("=").map do |x|
+          remove_surrounding_quotes(x.strip)
+        end
+        value = value.join('=')
+        {
+          name: key,
+          value: value,
+        }
+      end
+    end
+    def secrets
+      secrets = env
+      secrets.map do |item|
+        value = item.delete(:value)
+        item[:valueFrom] = substitute(expand_secret(value))
+      end
+      secrets
+    end
+    def expand_secret(value)
+      case value
+      when /^ssm:/i
+        value.sub(/^ssm:/i, "arn:aws:ssm:#{region}:#{account}:parameter/")
+      when /^secretsmanager:/i
+        value.sub(/^secretsmanager:/i, "arn:aws:secretsmanager:#{region}:#{account}:secret:")
+      else
+        value # assume full arn has been passed
+      end
+    end
+    def substitute(value)
+      value.gsub(":UFO_ENV", Ufo.env)
+    end
+    def remove_surrounding_quotes(s)
+      if s =~ /^"/ && s =~ /"$/
+        s.sub(/^["]/, '').gsub(/["]$/,'') # remove surrounding double quotes
+      elsif s =~ /^'/ && s =~ /'$/
+        s.sub(/^[']/, '').gsub(/[']$/,'') # remove surrounding single quotes
+      else
+        s
+      end
+    end
+    def filtered_lines(content)
+      lines = content.split("\n")
+      # remove comment at the end of the line
+      lines.map! { |l| l.sub(/\s+#.*/,'').strip }
+      # filter out commented lines
+      lines = lines.reject { |l| l =~ /(^|\s)#/i }
+      # filter out empty lines
+      lines = lines.reject { |l| l.strip.empty? }
+    end
+    def aws_data
+      AwsData.new
+    end
+    memoize :aws_data
+    def region
+      aws_data.region
+    end
+    def account
+      aws_data.account
+    end
+  end
+end

data/lib/ufo/dsl/outputter.rb CHANGED

@@ -5,7 +5,6 @@ module Ufo
         @name = name
         @erb_result = erb_result
         @options = options
-        @pretty = options[:pretty].nil? ? true : options[:pretty]
       end
       def write
@@ -16,25 +15,29 @@ module Ufo
         path = "#{output_path}/#{@name}.json".sub(/^\.\//,'')
         puts "  #{path}" unless @options[:quiet]
         validate(@erb_result, path)
-        json = @pretty ?
-          JSON.pretty_generate(JSON.parse(@erb_result)) :
-          @erb_result
-        File.open(path, 'w') {|f| f.write(output_json(json)) }
+        data = JSON.parse(@erb_result)
+        override_image(data)
+        json = JSON.pretty_generate(data)
+        File.open(path, 'w') {|f| f.write(json) }
+      end
+      def override_image(data)
+        return data unless @options[:image_override]
+        data["containerDefinitions"].each do |container_definition|
+          container_definition["image"] = @options[:image_override]
+        end
       end
       def validate(json, path)
         begin
           JSON.parse(json)
         rescue JSON::ParserError => e
+          puts "#{e.class}: #{e.message}"
           puts "Invalid json.  Output written to #{path} for debugging".color(:red)
           File.open(path, 'w') {|f| f.write(json) }
           exit 1
         end
       end
-      def output_json(json)
-        @options[:pretty] ? JSON.pretty_generate(JSON.parse(json)) : json
-      end
     end
   end
 end

data/lib/ufo/help/init.md CHANGED

@@ -39,7 +39,7 @@ The `image` is the base portion of image name that will be pushed to the docker
 The generated `tongueroo/demo-ufo:ufo-2018-02-08T21-04-02-3c86158` image name gets pushed to the docker registry.
-The `--vpc-id` option is optional but very useful. If not specified then ufo will use the default vpc for the network settings like subnets and security groups, which might not be what you want.
+The `--vpc-id`, `--ecs-subnets`, and `--elb-subnets` options are optional but very useful. If not specified then ufo will use the default vpc for the network settings like subnets and security groups, which might not be what you want.
 ## Directory Structure

data/lib/ufo/init.rb CHANGED

@@ -9,7 +9,6 @@ module Ufo
         [:image, required: true, desc: "Docker image name without the tag. Example: tongueroo/demo-ufo. Configures ufo/settings.yml"],
         [:app, desc: "App name. Preferably one word. Used in the generated ufo/task_definitions.rb.  If not specified then the app name is inferred as the folder name."],
         [:launch_type, default: "ec2", desc: "ec2 or fargate."],
-        [:execution_role_arn, desc: "execution role arn used by tasks, required for fargate."],
         [:template, desc: "Custom template to use."],
         [:template_mode, desc: "Template mode: replace or additive."],
         [:vpc_id, desc: "Vpc id. For settings/network/default.yml."],
@@ -56,7 +55,6 @@ module Ufo
       # map variables
       @app = options[:app] || inferred_app
       @image = options[:image]
-      @execution_role_arn_input = get_execution_role_arn_input
       # copy the files
       puts "Setting up ufo project..."
       exclude_pattern = File.exist?("#{Ufo.root}/Dockerfile") ?

data/lib/ufo/log_group.rb CHANGED

@@ -11,6 +11,7 @@ module Ufo
     def create
       puts "Ensuring log group for #{@task_definition.color(:green)} task definition exists"
       return if @options[:noop]
+      return if @options[:rollback] # dont need to create log group because previously deployed
       Ufo.check_task_definition!(@task_definition)
       task_def = JSON.load(IO.read(task_def_path))

data/lib/ufo/logs.rb CHANGED

@@ -41,14 +41,15 @@ module Ufo
     end
     def cloudwatch_tail(log={})
-      since = @options[:since] || "10m" # by default, search only 10 mins in the past
-      cw_tail = AwsLogs::Tail.new(
+      o = {
         log_group_name: log["awslogs-group"],
         log_stream_name_prefix: log["awslogs-stream-prefix"],
-        since: since,
+        since: @options[:since] || "10m", # by default, search only 10 mins in the past
         follow: @options[:follow],
         format: @options[:format],
-      )
+      }
+      o[:filter_pattern] = @options[:filter_pattern] if @options[:filter_pattern]
+      cw_tail = AwsLogs::Tail.new(o)
       cw_tail.run
     end
   end

data/lib/ufo/role/builder.rb ADDED

@@ -0,0 +1,66 @@
+module Ufo::Role
+  class Builder
+    def initialize(role_type)
+      @role_type = role_type
+    end
+    def build
+      resource(policies, managed_policy_arns)
+    end
+    def build?
+      !!(policies || managed_policy_arns)
+    end
+    def policies
+      items = Registry.policies[@role_type] # Array of Arrays
+      return unless items && !items.empty?
+      items.map do |item|
+        policy_name, statements = item # first element has policy name, second element has statements
+        {
+          PolicyName: policy_name,
+          PolicyDocument: {
+            Version: "2012-10-17",
+            Statement: statements
+          }
+        }
+      end
+    end
+    def managed_policy_arns
+      items = Registry.managed_policies[@role_type] # Array of Arrays
+      return unless items && !items.empty?
+      items.map do |item|
+        item.include?('iam::aws:policy') ? item : "arn:aws:iam::aws:policy/#{item}"
+      end
+    end
+    def resource(policies, managed_policy_arns)
+      properties = {
+        AssumeRolePolicyDocument: {
+          Version: "2012-10-17",
+          Statement: [
+            {
+              Effect: "Allow",
+              Principal: {
+                Service: "ecs-tasks.amazonaws.com"
+              },
+              Action: "sts:AssumeRole"
+            }
+          ]
+        },
+      }
+      properties[:Policies] = policies if policies
+      properties[:ManagedPolicyArns] = managed_policy_arns if managed_policy_arns
+      attrs = {
+        Type: "AWS::IAM::Role",
+        Properties: properties
+      }
+      attrs.deep_stringify_keys
+    end
+  end
+end

data/lib/ufo/role/dsl.rb ADDED

@@ -0,0 +1,21 @@
+module Ufo::Role
+  class DSL
+    def initialize(path)
+      @path = path # IE: .ufo/iam_roles/task_role.rb
+    end
+    def evaluate
+      instance_eval(IO.read(@path), @path)
+    end
+    def iam_policy(policy_name, statements)
+      role_type = File.basename(@path).sub('.rb','') # task_role or execution_role
+      Registry.register_policy(role_type, policy_name, statements)
+    end
+    def managed_iam_policy(*policies)
+      role_type = File.basename(@path).sub('.rb','') # task_role or execution_role
+      Registry.register_managed_policy(role_type, policies)
+    end
+  end
+end

data/lib/ufo/role/registry.rb ADDED

@@ -0,0 +1,24 @@
+require "set"
+module Ufo::Role
+  class Registry
+    class_attribute :policies
+    self.policies = {}
+    class_attribute :managed_policies
+    self.managed_policies = {}
+    class << self
+      def register_policy(role_type, policy_name, *statements)
+        statements.flatten!
+        self.policies[role_type] ||= Set.new
+        self.policies[role_type].add([policy_name, statements]) # using set so DSL can safely be evaluated multiple times
+      end
+      def register_managed_policy(role_type, *policies)
+        policies.flatten!
+        self.managed_policies[role_type] ||= Set.new
+        self.managed_policies[role_type].merge(policies) # using set so DSL can safely be evaluated multiple times
+      end
+    end
+  end
+end

data/lib/ufo/rollback.rb CHANGED

@@ -3,7 +3,8 @@ module Ufo
     def deploy
       task_definition = normalize_version(@options[:version])
       puts "Rolling back ECS service to task definition #{task_definition}"
-      ship = Ship.new(@service, @options.merge(task_definition: task_definition))
+      ship = Ship.new(@service, @options.merge(task_definition: task_definition, rollback: true))
       ship.deploy
     end

data/lib/ufo/sequence.rb CHANGED

@@ -17,22 +17,6 @@ module Ufo
       File.basename(Dir.pwd)
     end
-    def get_execution_role_arn_input
-      return @execution_role_arn if @execution_role_arn
-      if @options[:execution_role_arn]
-        @execution_role_arn = @options[:execution_role_arn]
-        return @execution_role_arn
-      end
-      return unless @options[:launch_type] == "fargate"
-      # execution role arn required for fargate
-      puts "For fargate ECS tasks an ECS Task Execution IAM Role is required. "
-      puts "More details here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html"
-      print "Please provide a execution role arn role for the ecs task: "
-      @execution_role_arn = $stdin.gets.strip
-    end
     def override_source_paths(*paths)
       # Using string with instance_eval because block doesnt have access to
       # path at runtime.