ufo 4.6.1 → 5.0.2

data/lib/ufo/dsl.rb

@@ -2,6 +2,8 @@ require 'ostruct'
 
 module Ufo
   class DSL
+    extend Memoist
+
     def initialize(template_definitions_path, options={})
       @template_definitions_path = template_definitions_path
       @options = options
@@ -85,7 +87,10 @@ module Ufo
     end
 
     def helper
-      Helper.new
+      helper = Helper.new
+      helper.add_project_helpers
+      helper
     end
+    memoize :helper
   end
 end

data/lib/ufo/dsl/helper.rb

@@ -6,11 +6,20 @@
 # Simply aggregates a bunch of variables that is useful for the task_definition.
 module Ufo
   class DSL
-    # provides some helperally context variables
     class Helper
       include Ufo::Util
       extend Memoist
 
+      # Add helpers from .ufo/helpers folder
+      def add_project_helpers
+        helpers_dir = "#{Ufo.root}/.ufo/helpers"
+        Dir.glob("#{helpers_dir}/**/*").each do |path|
+          next unless File.file?(path)
+          klass = path.gsub(%r{.*\.ufo/helpers/},'').sub(".rb",'').camelize
+          self.class.send(:include, klass.constantize)
+        end
+      end
+
       ##############
       # helper variables
       def dockerfile_port
@@ -27,48 +36,21 @@ module Ufo
 
       #############
       # helper methods
-      def env_vars(text)
-        lines = filtered_lines(text)
-        lines.map do |line|
-          key,*value = line.strip.split("=").map do |x|
-            remove_surrounding_quotes(x.strip)
-          end
-          value = value.join('=')
-          {
-            name: key,
-            value: value,
-          }
-        end
+      def env(text)
+        Vars.new(text: text).env
       end
+      alias_method :env_vars, :env
 
-      def remove_surrounding_quotes(s)
-        if s =~ /^"/ && s =~ /"$/
-          s.sub(/^["]/, '').gsub(/["]$/,'') # remove surrounding double quotes
-        elsif s =~ /^'/ && s =~ /'$/
-          s.sub(/^[']/, '').gsub(/[']$/,'') # remove surrounding single quotes
-        else
-          s
-        end
+      def env_file(path)
+        Vars.new(file: path).env
       end
 
-      def filtered_lines(text)
-        lines = text.split("\n")
-        # remove comment at the end of the line
-        lines.map! { |l| l.sub(/\s+#.*/,'').strip }
-        # filter out commented lines
-        lines = lines.reject { |l| l =~ /(^|\s)#/i }
-        # filter out empty lines
-        lines = lines.reject { |l| l.strip.empty? }
+      def secrets(text)
+        Vars.new(text: text).secrets
       end
 
-      def env_file(path)
-        full_path = "#{Ufo.root}/#{path}"
-        unless File.exist?(full_path)
-          puts "The #{full_path} env file could not be found.  Are you sure it exists?"
-          exit 1
-        end
-        text = IO.read(full_path)
-        env_vars(text)
+      def secrets_file(path)
+        Vars.new(file: path).secrets
       end
 
       def current_region

data/lib/ufo/dsl/helper/vars.rb

@@ -0,0 +1,97 @@
+require "aws_data"
+
+class Ufo::DSL::Helper
+  class Vars
+    extend Memoist
+
+    def initialize(options={})
+      # use either file or text. text takes higher precedence
+      @file = options[:file]
+      @text = options[:text]
+    end
+
+    def content
+      @text || read(@file)
+    end
+
+    def read(path)
+      full_path = "#{Ufo.root}/#{path}"
+      unless File.exist?(full_path)
+        puts "The #{full_path} env file could not be found.  Are you sure it exists?"
+        exit 1
+      end
+      IO.read(full_path)
+    end
+
+    def env
+      lines = filtered_lines(content)
+      lines.map do |line|
+        key,*value = line.strip.split("=").map do |x|
+          remove_surrounding_quotes(x.strip)
+        end
+        value = value.join('=')
+        {
+          name: key,
+          value: value,
+        }
+      end
+    end
+
+    def secrets
+      secrets = env
+      secrets.map do |item|
+        value = item.delete(:value)
+        item[:valueFrom] = substitute(expand_secret(value))
+      end
+      secrets
+    end
+
+    def expand_secret(value)
+      case value
+      when /^ssm:/i
+        value.sub(/^ssm:/i, "arn:aws:ssm:#{region}:#{account}:parameter/")
+      when /^secretsmanager:/i
+        value.sub(/^secretsmanager:/i, "arn:aws:secretsmanager:#{region}:#{account}:secret:")
+      else
+        value # assume full arn has been passed
+      end
+    end
+
+    def substitute(value)
+      value.gsub(":UFO_ENV", Ufo.env)
+    end
+
+    def remove_surrounding_quotes(s)
+      if s =~ /^"/ && s =~ /"$/
+        s.sub(/^["]/, '').gsub(/["]$/,'') # remove surrounding double quotes
+      elsif s =~ /^'/ && s =~ /'$/
+        s.sub(/^[']/, '').gsub(/[']$/,'') # remove surrounding single quotes
+      else
+        s
+      end
+    end
+
+    def filtered_lines(content)
+      lines = content.split("\n")
+      # remove comment at the end of the line
+      lines.map! { |l| l.sub(/\s+#.*/,'').strip }
+      # filter out commented lines
+      lines = lines.reject { |l| l =~ /(^|\s)#/i }
+      # filter out empty lines
+      lines = lines.reject { |l| l.strip.empty? }
+    end
+
+    def aws_data
+      AwsData.new
+    end
+    memoize :aws_data
+
+    def region
+      aws_data.region
+    end
+
+    def account
+      aws_data.account
+    end
+  end
+end

data/lib/ufo/dsl/outputter.rb

@@ -5,7 +5,6 @@ module Ufo
         @name = name
         @erb_result = erb_result
         @options = options
-        @pretty = options[:pretty].nil? ? true : options[:pretty]
       end
 
       def write
@@ -16,25 +15,29 @@ module Ufo
         path = "#{output_path}/#{@name}.json".sub(/^\.\//,'')
         puts "  #{path}" unless @options[:quiet]
         validate(@erb_result, path)
-        json = @pretty ?
-          JSON.pretty_generate(JSON.parse(@erb_result)) :
-          @erb_result
-        File.open(path, 'w') {|f| f.write(output_json(json)) }
+        data = JSON.parse(@erb_result)
+        override_image(data)
+        json = JSON.pretty_generate(data)
+        File.open(path, 'w') {|f| f.write(json) }
+      end
+
+      def override_image(data)
+        return data unless @options[:image_override]
+        data["containerDefinitions"].each do |container_definition|
+          container_definition["image"] = @options[:image_override]
+        end
       end
 
       def validate(json, path)
         begin
           JSON.parse(json)
         rescue JSON::ParserError => e
+          puts "#{e.class}: #{e.message}"
           puts "Invalid json.  Output written to #{path} for debugging".color(:red)
           File.open(path, 'w') {|f| f.write(json) }
           exit 1
         end
       end
-
-      def output_json(json)
-        @options[:pretty] ? JSON.pretty_generate(JSON.parse(json)) : json
-      end
     end
   end
 end

data/lib/ufo/ecr/auth.rb

@@ -1,3 +1,5 @@
+require 'open3'
+
 =begin
 Normally, you must authorized to AWS ECR to push to their registry with:
 
@@ -27,19 +29,15 @@ module Ufo
       return unless ecr_image?
 
       auth_token = fetch_auth_token
-      if File.exist?(docker_config)
-        data = JSON.load(IO.read(docker_config))
-        data["auths"][@repo_domain] = {auth: auth_token}
-      else
-        data = {"auths" => {@repo_domain => {auth: auth_token}}}
+      username, password = Base64.decode64(auth_token).split(':')
+
+      command = "docker login -u #{username} --password-stdin #{@repo_domain}"
+      puts "=> #{command}".color(:green)
+      *, status = Open3.capture3(command, stdin_data: password)
+      unless status.success?
+        puts "ERROR: The docker failed to login.".color(:red)
+        exit 1
       end
-
-      # Handle legacy docker clients that still have old format with https://
-      legacy_entry = "https://#{@repo_domain}"
-      data["auths"][legacy_entry] = {auth: auth_token}
-
-      ensure_dotdocker_exists
-      IO.write(docker_config, JSON.pretty_generate(data))
     end
 
     def ecr_image?
@@ -50,14 +48,5 @@ module Ufo
       ecr.get_authorization_token.authorization_data.first.authorization_token
     end
 
-    def docker_config
-      "#{ENV['HOME']}/.docker/config.json"
-    end
-
-    def ensure_dotdocker_exists
-      dirname = File.dirname(docker_config)
-      FileUtils.mkdir_p(dirname) unless File.exist?(dirname)
-    end
-
   end
 end

data/lib/ufo/help/init.md

@@ -39,7 +39,7 @@ The `image` is the base portion of image name that will be pushed to the docker
 
 The generated `tongueroo/demo-ufo:ufo-2018-02-08T21-04-02-3c86158` image name gets pushed to the docker registry.
 
-The `--vpc-id` option is optional but very useful. If not specified then ufo will use the default vpc for the network settings like subnets and security groups, which might not be what you want.
+The `--vpc-id`, `--ecs-subnets`, and `--elb-subnets` options are optional but very useful. If not specified then ufo will use the default vpc for the network settings like subnets and security groups, which might not be what you want.
 
 ## Directory Structure
 

data/lib/ufo/init.rb

@@ -9,7 +9,6 @@ module Ufo
         [:image, required: true, desc: "Docker image name without the tag. Example: tongueroo/demo-ufo. Configures ufo/settings.yml"],
         [:app, desc: "App name. Preferably one word. Used in the generated ufo/task_definitions.rb.  If not specified then the app name is inferred as the folder name."],
         [:launch_type, default: "ec2", desc: "ec2 or fargate."],
-        [:execution_role_arn, desc: "execution role arn used by tasks, required for fargate."],
         [:template, desc: "Custom template to use."],
         [:template_mode, desc: "Template mode: replace or additive."],
         [:vpc_id, desc: "Vpc id. For settings/network/default.yml."],
@@ -56,7 +55,6 @@ module Ufo
       # map variables
       @app = options[:app] || inferred_app
       @image = options[:image]
-      @execution_role_arn_input = get_execution_role_arn_input
       # copy the files
       puts "Setting up ufo project..."
       exclude_pattern = File.exist?("#{Ufo.root}/Dockerfile") ?

data/lib/ufo/log_group.rb

@@ -11,6 +11,7 @@ module Ufo
     def create
       puts "Ensuring log group for #{@task_definition.color(:green)} task definition exists"
       return if @options[:noop]
+      return if @options[:rollback] # dont need to create log group because previously deployed
 
       Ufo.check_task_definition!(@task_definition)
       task_def = JSON.load(IO.read(task_def_path))

data/lib/ufo/role/builder.rb

@@ -0,0 +1,66 @@
+module Ufo::Role
+  class Builder
+    def initialize(role_type)
+      @role_type = role_type
+    end
+
+    def build
+      resource(policies, managed_policy_arns)
+    end
+
+    def build?
+      !!(policies || managed_policy_arns)
+    end
+
+    def policies
+      items = Registry.policies[@role_type] # Array of Arrays
+      return unless items && !items.empty?
+
+      items.map do |item|
+        policy_name, statements = item # first element has policy name, second element has statements
+        {
+          PolicyName: policy_name,
+          PolicyDocument: {
+            Version: "2012-10-17",
+            Statement: statements
+          }
+        }
+      end
+    end
+
+    def managed_policy_arns
+      items = Registry.managed_policies[@role_type] # Array of Arrays
+      return unless items && !items.empty?
+
+      items.map do |item|
+        item.include?('iam::aws:policy') ? item : "arn:aws:iam::aws:policy/#{item}"
+      end
+    end
+
+    def resource(policies, managed_policy_arns)
+      properties = {
+        AssumeRolePolicyDocument: {
+          Version: "2012-10-17",
+          Statement: [
+            {
+              Effect: "Allow",
+              Principal: {
+                Service: "ecs-tasks.amazonaws.com"
+              },
+              Action: "sts:AssumeRole"
+            }
+          ]
+        },
+      }
+      properties[:Policies] = policies if policies
+      properties[:ManagedPolicyArns] = managed_policy_arns if managed_policy_arns
+
+      attrs = {
+        Type: "AWS::IAM::Role",
+        Properties: properties
+      }
+
+      attrs.deep_stringify_keys
+    end
+  end
+end

data/lib/ufo/role/dsl.rb

@@ -0,0 +1,21 @@
+module Ufo::Role
+  class DSL
+    def initialize(path)
+      @path = path # IE: .ufo/iam_roles/task_role.rb
+    end
+
+    def evaluate
+      instance_eval(IO.read(@path), @path)
+    end
+
+    def iam_policy(policy_name, statements)
+      role_type = File.basename(@path).sub('.rb','') # task_role or execution_role
+      Registry.register_policy(role_type, policy_name, statements)
+    end
+
+    def managed_iam_policy(*policies)
+      role_type = File.basename(@path).sub('.rb','') # task_role or execution_role
+      Registry.register_managed_policy(role_type, policies)
+    end
+  end
+end

data/lib/ufo/role/registry.rb

@@ -0,0 +1,24 @@
+require "set"
+
+module Ufo::Role
+  class Registry
+    class_attribute :policies
+    self.policies = {}
+    class_attribute :managed_policies
+    self.managed_policies = {}
+
+    class << self
+      def register_policy(role_type, policy_name, *statements)
+        statements.flatten!
+        self.policies[role_type] ||= Set.new
+        self.policies[role_type].add([policy_name, statements]) # using set so DSL can safely be evaluated multiple times
+      end
+
+      def register_managed_policy(role_type, *policies)
+        policies.flatten!
+        self.managed_policies[role_type] ||= Set.new
+        self.managed_policies[role_type].merge(policies) # using set so DSL can safely be evaluated multiple times
+      end
+    end
+  end
+end

data/lib/ufo/rollback.rb

@@ -3,7 +3,8 @@ module Ufo
     def deploy
       task_definition = normalize_version(@options[:version])
       puts "Rolling back ECS service to task definition #{task_definition}"
-      ship = Ship.new(@service, @options.merge(task_definition: task_definition))
+
+      ship = Ship.new(@service, @options.merge(task_definition: task_definition, rollback: true))
       ship.deploy
     end