ufo 4.6.1 → 5.0.2

data/docs/_includes/subnav.html

@@ -25,6 +25,8 @@
                 </li>
                 <li><a href="{% link _docs/variables.md %}">Shared Variables</a></li>
                 <li><a href="{% link _docs/helpers.md %}">Helpers</a></li>
+                <li><a href="{% link _docs/secrets.md %}">Secrets</a></li>
+                <li><a href="{% link _docs/iam-roles.md %}">IAM Roles</a></li>
                 <li><a href="{% link _docs/conventions.md %}">Conventions</a></li>
                 <li><a href="{% link _docs/ufo-logs.md %}">Ufo Logs</a></li>
                 <li><a href="{% link _docs/ufo-env.md %}">Ufo Env</a></li>
@@ -44,6 +46,7 @@
                 <li><a href="{% link _docs/extras/minimal-deploy-iam.md %}">Minimal Deploy IAM</a></li>
                 <li><a href="{% link _docs/extras/codebuild-iam-role.md %}">CodeBuild IAM Role</a></li>
                 <li><a href="{% link _docs/extras/dockerfile-erb.md %}">Dockerfile.erb</a></li>
+                <li><a href="{% link _docs/extras/notification-arns.md %}">Notification Arns</a></li>
             </ul>
         </li>
         <li><a href="{% link _docs/upgrading.md %}">Upgrading</a>

data/docs/_reference/ufo-deploy.md

@@ -58,13 +58,12 @@ A more detailed post is available here: [How to Create Unlimited Extra Environme
 [--elb=ELB]                                  # Decides to create elb, not create elb or use existing target group.
 [--elb-eip-ids=one two three]                # EIP Allocation ids to use for network load balancer.
 [--elb-type=ELB_TYPE]                        # ELB type: application or network. Keep current deployed elb type when not specified.
-[--pretty], [--no-pretty]                    # Pretty format the json for the task definitions
-                                             # Default: true
 [--scheduling-strategy=SCHEDULING_STRATEGY]  # Scheduling strategy to use for the service. IE: replica, daemon
 [--stop-old-tasks], [--no-stop-old-tasks]    # Stop old tasks as part of deployment to speed it up
 [--task=TASK]                                # ECS task name, to override the task name convention.
 [--wait], [--no-wait]                        # Wait for deployment to complete
                                              # Default: true
+[--image-override=IMAGE_OVERRIDE]            # Override image in task definition for quick testing
 [--register], [--no-register]                # Register task definition
                                              # Default: true
 [--build], [--no-build]                      # Build task definition

data/docs/_reference/ufo-init.md

@@ -52,7 +52,7 @@ The `image` is the base portion of image name that will be pushed to the docker
 
 The generated `tongueroo/demo-ufo:ufo-2018-02-08T21-04-02-3c86158` image name gets pushed to the docker registry.
 
-The `--vpc-id` option is optional but very useful. If not specified then ufo will use the default vpc for the network settings like subnets and security groups, which might not be what you want.
+The `--vpc-id`, `--ecs-subnets`, and `--elb-subnets` options are optional but very useful. If not specified then ufo will use the default vpc for the network settings like subnets and security groups, which might not be what you want.
 
 ## Directory Structure
 
@@ -107,20 +107,19 @@ If you would like to use a local template that is not on GitHub, then created a
 ## Options
 
 ```
-[--force]                                  # Bypass overwrite are you sure prompt for existing files.
---image=IMAGE                              # Docker image name without the tag. Example: tongueroo/demo-ufo. Configures ufo/settings.yml
-[--app=APP]                                # App name. Preferably one word. Used in the generated ufo/task_definitions.rb.  If not specified then the app name is inferred as the folder name.
-[--launch-type=LAUNCH_TYPE]                # ec2 or fargate.
-                                           # Default: ec2
-[--execution-role-arn=EXECUTION_ROLE_ARN]  # execution role arn used by tasks, required for fargate.
-[--template=TEMPLATE]                      # Custom template to use.
-[--template-mode=TEMPLATE_MODE]            # Template mode: replace or additive.
-[--vpc-id=VPC_ID]                          # Vpc id. For settings/network/default.yml.
-[--ecs-subnets=one two three]              # Subnets for ECS tasks, defaults to --elb-subnets set to. For settings/network/default.yml
-[--elb-subnets=one two three]              # Subnets for ELB. For settings/network/default.yml
-[--verbose], [--no-verbose]                
-[--mute], [--no-mute]                      
-[--noop], [--no-noop]                      
-[--cluster=CLUSTER]                        # Cluster.  Overrides .ufo/settings.yml.
+[--force]                        # Bypass overwrite are you sure prompt for existing files.
+--image=IMAGE                    # Docker image name without the tag. Example: tongueroo/demo-ufo. Configures ufo/settings.yml
+[--app=APP]                      # App name. Preferably one word. Used in the generated ufo/task_definitions.rb.  If not specified then the app name is inferred as the folder name.
+[--launch-type=LAUNCH_TYPE]      # ec2 or fargate.
+                                 # Default: ec2
+[--template=TEMPLATE]            # Custom template to use.
+[--template-mode=TEMPLATE_MODE]  # Template mode: replace or additive.
+[--vpc-id=VPC_ID]                # Vpc id. For settings/network/default.yml.
+[--ecs-subnets=one two three]    # Subnets for ECS tasks, defaults to --elb-subnets set to. For settings/network/default.yml
+[--elb-subnets=one two three]    # Subnets for ELB. For settings/network/default.yml
+[--verbose], [--no-verbose]      
+[--mute], [--no-mute]            
+[--noop], [--no-noop]            
+[--cluster=CLUSTER]              # Cluster.  Overrides .ufo/settings.yml.
 ```
 

data/docs/_reference/ufo-logs.md

@@ -30,7 +30,7 @@ If you have a current service name set.
                                    # Default: true
 [--since=SINCE]                    # From what time to begin displaying logs.  By default, logs will be displayed starting from 1 minutes in the past. The value provided can be an ISO 8601 timestamp or a relative time.
 [--format=FORMAT]                  # The format to display the logs. IE: detailed or short.  With detailed, the log stream name is also shown.
-                                   # Default: simple
+                                   # Default: detailed
 [--filter-pattern=FILTER_PATTERN]  # The filter pattern to use. If not provided, all the events are matched
 [--verbose], [--no-verbose]        
 [--mute], [--no-mute]              

data/docs/_reference/ufo-rollback.md

@@ -51,6 +51,8 @@ You only need to specify enough for a match to be found.  Ufo searches the 30 mo
 ## Options
 
 ```
+[--wait], [--no-wait]        # Wait for deployment to complete
+                             # Default: true
 [--verbose], [--no-verbose]  
 [--mute], [--no-mute]        
 [--noop], [--no-noop]        

data/docs/_reference/ufo-ship.md

@@ -115,13 +115,12 @@ You can change the scheduling strategy by explicitly specifying it.  Otherwise,
 [--elb=ELB]                                  # Decides to create elb, not create elb or use existing target group.
 [--elb-eip-ids=one two three]                # EIP Allocation ids to use for network load balancer.
 [--elb-type=ELB_TYPE]                        # ELB type: application or network. Keep current deployed elb type when not specified.
-[--pretty], [--no-pretty]                    # Pretty format the json for the task definitions
-                                             # Default: true
 [--scheduling-strategy=SCHEDULING_STRATEGY]  # Scheduling strategy to use for the service. IE: replica, daemon
 [--stop-old-tasks], [--no-stop-old-tasks]    # Stop old tasks as part of deployment to speed it up
 [--task=TASK]                                # ECS task name, to override the task name convention.
 [--wait], [--no-wait]                        # Wait for deployment to complete
                                              # Default: true
+[--image-override=IMAGE_OVERRIDE]            # Override image in task definition for quick testing
 [--verbose], [--no-verbose]                  
 [--mute], [--no-mute]                        
 [--noop], [--no-noop]                        

data/docs/_reference/ufo-ships.md

@@ -55,12 +55,11 @@ Note: The `--task` option is not used with the `ufo ships` command.
 [--elb=ELB]                                  # Decides to create elb, not create elb or use existing target group.
 [--elb-eip-ids=one two three]                # EIP Allocation ids to use for network load balancer.
 [--elb-type=ELB_TYPE]                        # ELB type: application or network. Keep current deployed elb type when not specified.
-[--pretty], [--no-pretty]                    # Pretty format the json for the task definitions
-                                             # Default: true
 [--scheduling-strategy=SCHEDULING_STRATEGY]  # Scheduling strategy to use for the service. IE: replica, daemon
 [--stop-old-tasks], [--no-stop-old-tasks]    # Stop old tasks as part of deployment to speed it up
 [--task=TASK]                                # ECS task name, to override the task name convention.
 [--wait], [--no-wait]                        # Wait for deployment to complete
+[--image-override=IMAGE_OVERRIDE]            # Override image in task definition for quick testing
 [--verbose], [--no-verbose]                  
 [--mute], [--no-mute]                        
 [--noop], [--no-noop]                        

data/docs/_reference/ufo-tasks-build.md

@@ -173,7 +173,6 @@ If you need to modify the task definition template to suite your own needs it is
 ## Options
 
 ```
-[--pretty], [--no-pretty]  # Pretty format the json for the task definitions
-                           # Default: true
+[--image-override=IMAGE_OVERRIDE]  # Override image in task definition for quick testing
 ```
 

data/docs/articles.md

@@ -1,6 +1,6 @@
 ---
 title: Articles
-nav_order: 46
+nav_order: 51
 ---
 
 * [How to Create Unlimited Extra Environments

data/docs/quick-start.md

@@ -26,6 +26,7 @@ This quickstart assumes:
 
 * You have push access to the repo. Refer to the Notes "Repo Push Access" section below for more info.
 * The `ecsTaskExecutionRole` needs to exist on your AWS account.  If you do not have an ecsTaskExecutionRole yet, create one by following: [Create ecsTaskExecutionRole with AWS CLI]({% link _docs/aws-ecs-task-execution-role.md %}).
+* The ECS Cluster is in the default VPC. If it is not you need to use the `--vpc-id`, `--ecs-subnets`, and `--elb-subnets` options in the [ufo init]({% link _reference/ufo-init.md %}) command.
 
 ## What Happened
 

data/lib/template/.secrets

@@ -0,0 +1,5 @@
+# Example starter secrets file. Be sure that the SSM parameters or Secrets exist.
+# Docs: https://ufoships.com/docs/secrets/
+#
+# NAME1=SSM:parameter_name
+# NAME2=SECRETSMANAGER:secret_name-AbCdEf

data/lib/template/.ufo/iam_roles/execution_role.rb

@@ -0,0 +1,7 @@
+# Example starter execution role. Add the iam role permissions that the host needs here:
+#
+# More docs: https://ufoships.com/docs/iam-roles/
+#
+managed_iam_policy("AmazonSSMReadOnlyAccess")
+managed_iam_policy("SecretsManagerReadWrite")
+managed_iam_policy("service-role/AmazonECSTaskExecutionRolePolicy")

data/lib/template/.ufo/iam_roles/task_role.rb

@@ -0,0 +1,21 @@
+# Example starter task role. Add the iam role permissions that the container needs here:
+#
+# More docs: https://ufoships.com/docs/iam-roles/
+#
+# Examples:
+#
+# iam_policy("AmazonS3ReadOnlyAccess",
+#   Action: [
+#     "s3:Get*",
+#     "s3:List*"
+#   ],
+#   Effect: "Allow",
+#   Resource: "*"
+# )
+# iam_policy("CloudwatchWrite",
+#   Action: [
+#     "cloudwatch:PutMetricData",
+#   ],
+#   Effect: "Allow",
+#   Resource: "*"
+# )

data/lib/template/.ufo/settings.yml.tt

@@ -13,6 +13,7 @@ base:
   # replacment might not work. For example, adding and removing a load balancer.
   # In these cases, you must delete the entire ecs service and recreate it.
   stack_naming: append_env
+  auto_camelize: false # new default setting in ufo v5
 
 development:
   # cluster: development

data/lib/template/.ufo/settings/cfn/default.yml.tt

@@ -3,38 +3,38 @@
 # CloudFormation. These options are inserting into the generated template.
 # More info: https://ufoships.com/docs/customize-cloudformation
 
-elb:
-  scheme: internet-facing
+Elb:
+  Scheme: internet-facing
 
 # https://docs.aws.amazon.com/fr_fr/elasticloadbalancing/latest/APIReference/API_CreateTargetGroup.html
 #
 # When using SSL with network elb, the target group protocol is usually http still
 # unless you also handle SSL termination at the app level.
-target_group:
-  port: 80 # only used with ECS if awsvpc mode
-  # protocol: TCP # valid values - application elb: HTTP HTTPS, network elb: TCP
+TargetGroup:
+  Port: 80 # only used with ECS if awsvpc mode
+  # Protocol: TCP # valid values - application elb: HTTP HTTPS, network elb: TCP
                   # ufo sets defaults in cloudformation template
                   #   application elb: HTTP
                   #   network elb: TCP
                   # so we can keep this commented out, unless we need HTTPS at the app level
   # Health check settings are supported by application load balancer only:
-  # health_check_path: /up # health check
-  health_check_interval_seconds: 10 # default: 30. Network ELB can only take 10 or 30
-  healthy_threshold_count: 2
-  unhealthy_threshold_count: 2 # default: 10
-  # health_check_protocol: HTTP # HTTP or HTTPS
-  # health_check_port: traffic-port
-  target_group_attributes:
-  - key: deregistration_delay.timeout_seconds
-    value: 10
+  # HealthCheckPath: /up # health check
+  HealthCheckIntervalSeconds: 10 # default: 30. Network ELB can only take 10 or 30
+  HealthyThresholdCount: 2
+  UnhealthyThresholdCount: 2 # default: 10
+  # HealthCheckProtocol: HTTP # HTTP or HTTPS
+  # HealthCheckPort: traffic-port
+  TargetGroupAttributes:
+  - Key: deregistration_delay.timeout_seconds
+    Value: 10
 
 # https://docs.aws.amazon.com/fr_fr/elasticloadbalancing/latest/APIReference/API_CreateListener.html
 #
 # This is the default listener and normally should listen to port 80.
-listener:
-  port: 80
+Listener:
+  Port: 80
   # For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocol is TCP.
-  # protocol: TCP # valid values - application elb: HTTP HTTPS, network elb: TCP, TLS
+  # Protocol: TCP # valid values - application elb: HTTP HTTPS, network elb: TCP, TLS
                   # ufo sets these defaults:
                   #   application elb: HTTP  # unless port is 443
                   #   application elb: HTTPS # if port is 443
@@ -43,8 +43,8 @@ listener:
                   # Can keep protocol commented out,
                   # unless need to override the defaults.
   # If using the listener to handle SSL
-  # certificates:
-  # - certificate_arn: arn:aws:acm:us-east-1:111111111111:certificate/11111111-2222-3333-4444-555555555555
+  # Certificates:
+  # - CertificateArn: arn:aws:acm:us-east-1:111111111111:certificate/11111111-2222-3333-4444-555555555555
 
 # An optional second listener can be created.
 # If HTTPS and SSL is required then the listener_ssl config is what you should use.
@@ -53,11 +53,11 @@ listener:
 #   to handle SSL termination.
 #
 # ufo creates an ssl listener when listener_ssl is set.
-# listener_ssl:
-#   port: 443
-#   # certificates:
-#   # - certificate_arn: arn:aws:acm:us-east-1:111111111111:certificate/11111111-2222-3333-4444-555555555555
-#   # protocol: TCP # valid values - application elb: HTTP HTTPS, network elb: TCP, TLS
+# ListenerSsl:
+#   Port: 443
+#   # Certificates:
+#   # - CertificateArn: arn:aws:acm:us-east-1:111111111111:certificate/11111111-2222-3333-4444-555555555555
+#   # Protocol: TCP # valid values - application elb: HTTP HTTPS, network elb: TCP, TLS
 #                   # ufo handles setting the defaults:
 #                   #   application elb: HTTPS
 #                   #   network elb: TLS
@@ -66,7 +66,7 @@ listener:
 # Note, the route53 record set for the domain name must already exist.
 # The {stack_name} variable gets replaced with the name of the CloudFormation stack name.
 # Example: {stack_name} => demo-web
-# dns:
-#   name: "{stack_name}.yourdomain."
-#   hosted_zone_name: yourdomain. # dont forget the trailing period
+# Dns:
+#   Name: "{stack_name}.yourdomain."
+#   HostedZoneName: yourdomain. # dont forget the trailing period
 #   TTL: '60' # ttl has special upcase casing

data/lib/template/.ufo/settings/network/default.yml.tt

@@ -15,3 +15,12 @@ elb_subnets: # defaults to same subnets as ecs_subnets when not set
 # ecs_security_groups:
 #   - sg-bbb
 #   - sg-ccc
+
+# Also supports extra security groups specific to each ECS service
+# ecs_security_groups:
+#   demo-web:
+#   - sg-bbb
+#   - sg-ccc
+#   demo-worker:
+#   - sg-bbb
+#   - sg-ccc

data/lib/template/.ufo/templates/fargate.json.erb

@@ -2,7 +2,6 @@
   "family": "<%= @family %>",
   "requiresCompatibilities": ["FARGATE"],
   "networkMode": "awsvpc",
-  "executionRoleArn": "<%= @execution_role_arn || raise("@execution_role_arn needs to be set") %>",
   "cpu": "<%= @cpu %>",
   "memory": "<%= @memory %>",
   "containerDefinitions": [
@@ -21,6 +20,9 @@
       <% if @environment %>
       "environment": <%= @environment.to_json %>,
       <% end %>
+      <% if @secrets %>
+      "secrets": <%= @secrets.to_json %>,
+      <% end %>
       <% if @awslogs_group %>
       "logConfiguration": {
         "logDriver": "awslogs",

data/lib/template/.ufo/templates/main.json.erb

@@ -24,6 +24,9 @@
       <% if @environment %>
       "environment": <%= @environment.to_json %>,
       <% end %>
+      <% if @secrets %>
+      "secrets": <%= @secrets.to_json %>,
+      <% end %>
       <% if @awslogs_group %>
       "logConfiguration": {
         "logDriver": "awslogs",

data/lib/template/.ufo/variables/base.rb.tt

@@ -2,6 +2,7 @@
 # More info on how variables work: http://ufoships.com/docs/variables/
 @image = helper.full_image_name # includes the git sha tongueroo/demo-ufo:ufo-[sha].
 @environment = helper.env_file(".env")
+@secrets = helper.secrets_file(".secrets")
 <% if @options[:launch_type] == "fargate" -%>
 # Ensure that the cpu and memory values are a supported combination by Fargate.
 # More info: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html"

data/lib/ufo.rb

@@ -1,7 +1,8 @@
 $stdout.sync = true unless ENV["UFO_STDOUT_SYNC"] == "0"
 
 $:.unshift(File.expand_path('../', __FILE__))
-require 'deep_merge'
+require 'active_support/core_ext/class'
+require 'deep_merge/rails_compat'
 require 'fileutils'
 require 'memoist'
 require 'rainbow/ext/string'

data/lib/ufo/autoloader.rb

@@ -14,8 +14,17 @@ module Ufo
         loader = Zeitwerk::Loader.new
         loader.inflector = Inflector.new
         loader.push_dir(File.dirname(__dir__)) # lib
+
+        helpers = "#{ufo_root}/.ufo/helpers"
+        loader.push_dir(helpers) if File.exist?(helpers) # project helpers
+
         loader.setup
       end
+
+      # Autoloader runs so early that Ufo.root is not available, so we must declare it here
+      def ufo_root
+        ENV['UFO_ROOT'] || '.'
+      end
     end
   end
 end

data/lib/ufo/cli.rb

@@ -37,11 +37,11 @@ module Ufo
       option :elb, desc: "Decides to create elb, not create elb or use existing target group."
       option :elb_eip_ids, type: :array, desc: "EIP Allocation ids to use for network load balancer."
       option :elb_type, desc: "ELB type: application or network. Keep current deployed elb type when not specified."
-      option :pretty, type: :boolean, default: true, desc: "Pretty format the json for the task definitions"
       option :scheduling_strategy, desc: "Scheduling strategy to use for the service. IE: replica, daemon"
       option :stop_old_tasks, type: :boolean, default: false, desc: "Stop old tasks as part of deployment to speed it up"
       option :task, desc: "ECS task name, to override the task name convention."
       option :wait, type: :boolean, desc: "Wait for deployment to complete", default: true
+      option :image_override, desc: "Override image in task definition for quick testing"
     end
 
     desc "deploy SERVICE", "Deploy task definition to ECS service without re-building the definition."
@@ -75,6 +75,7 @@ module Ufo
 
     desc "rollback SERVICE VERSION", "Rolls back to older task definition."
     long_desc Help.text(:rollback)
+    option :wait, type: :boolean, desc: "Wait for deployment to complete", default: true
     def rollback(service=:current, version)
       service = service == :current ? Current.service! : service
       rollback = Rollback.new(service, options.merge(version: version))
@@ -191,7 +192,7 @@ module Ufo
     long_desc Help.text(:logs)
     option :follow, default: true, type: :boolean, desc: " Whether to continuously poll for new logs. To exit from this mode, use Control-C."
     option :since, desc: "From what time to begin displaying logs.  By default, logs will be displayed starting from 1 minutes in the past. The value provided can be an ISO 8601 timestamp or a relative time."
-    option :format, default: "simple", desc: "The format to display the logs. IE: detailed or short.  With detailed, the log stream name is also shown."
+    option :format, default: "detailed", desc: "The format to display the logs. IE: detailed or short.  With detailed, the log stream name is also shown."
     option :filter_pattern, desc: "The filter pattern to use. If not provided, all the events are matched"
     def logs(service=:current)
       Logs.new(service, options).run

data/lib/ufo/command.rb

@@ -77,6 +77,13 @@ module Ufo
       def website
         "http://ufoships.com"
       end
+
+      # https://github.com/erikhuda/thor/issues/244
+      # Deprecation warning: Thor exit with status 0 on errors. To keep this behavior, you must define `exit_on_failure?` in `Lono::CLI`
+      # You can silence deprecations warning by setting the environment variable THOR_SILENCE_DEPRECATION.
+      def exit_on_failure?
+        true
+      end
     end
   end
 end

data/lib/ufo/core.rb

@@ -4,6 +4,7 @@ require 'yaml'
 module Ufo
   module Core
     extend Memoist
+    include Ufo::Settings
 
     def check_task_definition!(task_definition)
       task_definition_path = "#{Ufo.root}/.ufo/output/#{task_definition}.json"
@@ -49,15 +50,6 @@ module Ufo
       end
     end
 
-    def settings
-      Setting.new.data
-    end
-    memoize :settings
-
-    def cfn_profile
-      settings[:cfn_profile] || "default"
-    end
-
     def check_ufo_project!
       check_path = "#{Ufo.root}/.ufo/settings.yml"
       unless File.exist?(check_path)

data/lib/ufo/docker/cleaner.rb

@@ -21,7 +21,7 @@ module Ufo
     end
 
     def delete_list
-      return [] if ENV['TEST']
+      return [] if ENV['TEST'] || @options[:noop]
       return @delete_list if @delete_list
 
       out = execute("docker images") # live to override the noop cli options