ufo 4.6.1 → 5.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +29 -0
- data/docs/_docs/conventions.md +1 -1
- data/docs/_docs/extras/codebuild-iam-role.md +1 -1
- data/docs/_docs/extras/dockerfile-erb.md +1 -1
- data/docs/_docs/extras/ecs-network-mode.md +1 -1
- data/docs/_docs/extras/load-balancer.md +1 -1
- data/docs/_docs/extras/minimal-deploy-iam.md +1 -1
- data/docs/_docs/extras/notification-arns.md +21 -0
- data/docs/_docs/extras/redirection-support.md +9 -9
- data/docs/_docs/extras/route53-support.md +4 -4
- data/docs/_docs/extras/security-groups.md +1 -1
- data/docs/_docs/extras/ssl-support.md +5 -5
- data/docs/_docs/faq.md +1 -1
- data/docs/_docs/helpers.md +7 -5
- data/docs/_docs/iam-roles.md +112 -0
- data/docs/_docs/install.md +0 -10
- data/docs/_docs/more/auto-completion.md +1 -1
- data/docs/_docs/more/automated-cleanup.md +1 -1
- data/docs/_docs/more/customize-cloudformation.md +1 -1
- data/docs/_docs/more/migrations.md +1 -1
- data/docs/_docs/more/run-in-pieces.md +1 -1
- data/docs/_docs/more/single-task.md +1 -1
- data/docs/_docs/more/stuck-cloudformation.md +1 -1
- data/docs/_docs/more/why-cloudformation.md +1 -1
- data/docs/_docs/next-steps.md +1 -1
- data/docs/_docs/quick-start-ec2.md +1 -0
- data/docs/_docs/secrets.md +135 -0
- data/docs/_docs/settings.md +10 -9
- data/docs/_docs/settings/cluster.md +7 -13
- data/docs/_docs/settings/manage-security-groups.md +24 -0
- data/docs/_docs/settings/network.md +11 -1
- data/docs/_docs/structure.md +10 -9
- data/docs/_docs/tutorial-ufo-init.md +1 -7
- data/docs/_docs/ufo-current.md +1 -1
- data/docs/_docs/ufo-env-extra.md +1 -1
- data/docs/_docs/ufo-env.md +3 -5
- data/docs/_docs/ufo-logs.md +1 -2
- data/docs/_docs/ufo-task-params.md +1 -1
- data/docs/_docs/upgrading.md +1 -1
- data/docs/_docs/upgrading/upgrade4.5.md +2 -2
- data/docs/_docs/upgrading/upgrade4.md +2 -2
- data/docs/_docs/upgrading/upgrade5.md +19 -0
- data/docs/_docs/variables.md +1 -1
- data/docs/_includes/cfn-customize.md +4 -4
- data/docs/_includes/subnav.html +3 -0
- data/docs/_reference/ufo-deploy.md +1 -2
- data/docs/_reference/ufo-init.md +15 -16
- data/docs/_reference/ufo-logs.md +1 -1
- data/docs/_reference/ufo-rollback.md +2 -0
- data/docs/_reference/ufo-ship.md +1 -2
- data/docs/_reference/ufo-ships.md +1 -2
- data/docs/_reference/ufo-tasks-build.md +1 -2
- data/docs/articles.md +1 -1
- data/docs/quick-start.md +1 -0
- data/lib/template/.secrets +5 -0
- data/lib/template/.ufo/iam_roles/execution_role.rb +7 -0
- data/lib/template/.ufo/iam_roles/task_role.rb +21 -0
- data/lib/template/.ufo/settings.yml.tt +1 -0
- data/lib/template/.ufo/settings/cfn/default.yml.tt +27 -27
- data/lib/template/.ufo/settings/network/default.yml.tt +9 -0
- data/lib/template/.ufo/templates/fargate.json.erb +3 -1
- data/lib/template/.ufo/templates/main.json.erb +3 -0
- data/lib/template/.ufo/variables/base.rb.tt +1 -0
- data/lib/ufo.rb +2 -1
- data/lib/ufo/autoloader.rb +9 -0
- data/lib/ufo/cli.rb +3 -2
- data/lib/ufo/command.rb +7 -0
- data/lib/ufo/core.rb +1 -9
- data/lib/ufo/docker/cleaner.rb +1 -1
- data/lib/ufo/dsl.rb +6 -1
- data/lib/ufo/dsl/helper.rb +19 -37
- data/lib/ufo/dsl/helper/vars.rb +97 -0
- data/lib/ufo/dsl/outputter.rb +12 -9
- data/lib/ufo/ecr/auth.rb +10 -21
- data/lib/ufo/help/init.md +1 -1
- data/lib/ufo/init.rb +0 -2
- data/lib/ufo/log_group.rb +1 -0
- data/lib/ufo/role/builder.rb +66 -0
- data/lib/ufo/role/dsl.rb +21 -0
- data/lib/ufo/role/registry.rb +24 -0
- data/lib/ufo/rollback.rb +2 -1
- data/lib/ufo/sequence.rb +0 -16
- data/lib/ufo/setting/profile.rb +11 -7
- data/lib/ufo/setting/security_groups.rb +22 -0
- data/lib/ufo/settings.rb +20 -0
- data/lib/ufo/stack.rb +24 -24
- data/lib/ufo/stack/builder.rb +26 -0
- data/lib/ufo/stack/builder/base.rb +54 -0
- data/lib/ufo/stack/builder/conditions.rb +23 -0
- data/lib/ufo/stack/builder/outputs.rb +24 -0
- data/lib/ufo/stack/builder/parameters.rb +45 -0
- data/lib/ufo/stack/builder/resources.rb +20 -0
- data/lib/ufo/stack/builder/resources/base.rb +4 -0
- data/lib/ufo/stack/builder/resources/dns.rb +17 -0
- data/lib/ufo/stack/builder/resources/ecs.rb +71 -0
- data/lib/ufo/stack/builder/resources/elb.rb +45 -0
- data/lib/ufo/stack/builder/resources/listener.rb +42 -0
- data/lib/ufo/stack/builder/resources/listener_ssl.rb +16 -0
- data/lib/ufo/stack/builder/resources/roles/base.rb +22 -0
- data/lib/ufo/stack/builder/resources/roles/execution_role.rb +4 -0
- data/lib/ufo/stack/builder/resources/roles/task_role.rb +4 -0
- data/lib/ufo/stack/builder/resources/security_group/base.rb +4 -0
- data/lib/ufo/stack/builder/resources/security_group/ecs.rb +44 -0
- data/lib/ufo/stack/builder/resources/security_group/ecs_rule.rb +25 -0
- data/lib/ufo/stack/builder/resources/security_group/elb.rb +57 -0
- data/lib/ufo/stack/builder/resources/target_group.rb +39 -0
- data/lib/ufo/stack/builder/resources/task_definition.rb +24 -0
- data/lib/ufo/stack/builder/resources/task_definition/reconstructor.rb +49 -0
- data/lib/ufo/stack/context.rb +41 -48
- data/lib/ufo/stack/custom_properties.rb +59 -0
- data/lib/ufo/stack/helper.rb +2 -5
- data/lib/ufo/stack/template_body.rb +13 -0
- data/lib/ufo/task.rb +2 -7
- data/lib/ufo/tasks.rb +1 -1
- data/lib/ufo/tasks/builder.rb +0 -1
- data/lib/ufo/template_scope.rb +1 -66
- data/lib/ufo/utils/squeezer.rb +24 -0
- data/lib/ufo/version.rb +1 -1
- data/spec/fixtures/iam_roles/task_role.rb +17 -0
- data/spec/lib/ecr_auth_spec.rb +32 -20
- data/spec/lib/role/builder_spec.rb +67 -0
- data/spec/lib/role/dsl_spec.rb +12 -0
- data/ufo.gemspec +1 -0
- metadata +61 -3
- data/lib/cfn/stack.yml +0 -283
@@ -0,0 +1,59 @@
|
|
1
|
+
class Ufo::Stack
|
2
|
+
class CustomProperties
|
3
|
+
include Ufo::Settings
|
4
|
+
|
5
|
+
def initialize(template, stack_name)
|
6
|
+
@template, @stack_name = template, stack_name
|
7
|
+
end
|
8
|
+
|
9
|
+
def apply
|
10
|
+
customizations = camelize(cfn)
|
11
|
+
@template["Resources"].each do |logical_id, attrs|
|
12
|
+
custom_props = customizations[logical_id]
|
13
|
+
next unless custom_props
|
14
|
+
attrs["Properties"].deeper_merge!(custom_props, {overwrite_arrays: true})
|
15
|
+
end
|
16
|
+
|
17
|
+
substitute_variables!(@template["Resources"])
|
18
|
+
@template
|
19
|
+
end
|
20
|
+
|
21
|
+
# Keep backward compatiablity but encouraging CamelCase now because in the ufo init generator
|
22
|
+
# the .ufo/settings/cfn/default.yml is now CamelCase
|
23
|
+
def camelize(properties)
|
24
|
+
if ENV['UFO_CAMELIZE'] == '0' || settings[:auto_camelize] == false # provide a way to quickly test full camelize disable
|
25
|
+
return properties.deep_stringify_keys
|
26
|
+
end
|
27
|
+
|
28
|
+
# transform keys: camelize
|
29
|
+
properties.deep_stringify_keys.deep_transform_keys do |key|
|
30
|
+
if key == key.upcase # trying to generalize special rule for dns.TTL
|
31
|
+
key # leave key alone if key is already in all upcase
|
32
|
+
else
|
33
|
+
key.camelize
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
# Substitute special variables that cannot be baked into the template
|
39
|
+
# because they are dynamically assigned. Only one special variable:
|
40
|
+
#
|
41
|
+
# {stack_name}
|
42
|
+
def substitute_variables!(properties)
|
43
|
+
# transform values and substitute for special values
|
44
|
+
# https://stackoverflow.com/questions/34595142/process-nested-hash-to-convert-all-values-to-strings
|
45
|
+
#
|
46
|
+
# Examples:
|
47
|
+
# "{stack_name}.stag.boltops.com." => development-demo-web.stag.boltops.com.
|
48
|
+
# "{stack_name}.stag.boltops.com." => dev-demo-web-2.stag.boltops.com.
|
49
|
+
properties.deep_merge(properties) do |_,_,v|
|
50
|
+
if v.is_a?(String)
|
51
|
+
v.sub!('{stack_name}', @stack_name) # need shebang, updating in-place
|
52
|
+
else
|
53
|
+
v
|
54
|
+
end
|
55
|
+
end
|
56
|
+
properties
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
data/lib/ufo/stack/helper.rb
CHANGED
@@ -2,6 +2,7 @@ class Ufo::Stack
|
|
2
2
|
module Helper
|
3
3
|
include Ufo::AwsService
|
4
4
|
include Ufo::Util
|
5
|
+
include Ufo::Settings
|
5
6
|
extend Memoist
|
6
7
|
|
7
8
|
def find_stack(stack_name)
|
@@ -34,15 +35,11 @@ class Ufo::Stack
|
|
34
35
|
when "append_nothing", "prepend_nothing"
|
35
36
|
[service, Ufo.env_extra]
|
36
37
|
else # new default. ufo v4.5 and above
|
37
|
-
[service, Ufo.env, Ufo.env_extra]
|
38
|
+
[service, Ufo.env.to_s, Ufo.env_extra]
|
38
39
|
end
|
39
40
|
parts.reject {|x| x==''}.compact.join('-') # stack_name
|
40
41
|
end
|
41
42
|
|
42
|
-
def cfn
|
43
|
-
Ufo::Setting::Profile.new(:cfn, settings[:cfn_profile]).data
|
44
|
-
end
|
45
|
-
|
46
43
|
def status
|
47
44
|
Status.new(@stack_name)
|
48
45
|
end
|
data/lib/ufo/task.rb
CHANGED
@@ -2,8 +2,9 @@ module Ufo
|
|
2
2
|
class Task < Base
|
3
3
|
extend Memoist
|
4
4
|
|
5
|
-
include Util
|
6
5
|
include AwsService
|
6
|
+
include Ufo::Settings
|
7
|
+
include Util
|
7
8
|
|
8
9
|
def initialize(task_definition, options)
|
9
10
|
@task_definition = task_definition
|
@@ -139,12 +140,6 @@ module Ufo
|
|
139
140
|
options
|
140
141
|
end
|
141
142
|
|
142
|
-
def network
|
143
|
-
settings = Ufo.settings
|
144
|
-
Setting::Profile.new(:network, settings[:network_profile]).data
|
145
|
-
end
|
146
|
-
memoize :network
|
147
|
-
|
148
143
|
def cloudwatch_info(task_arn)
|
149
144
|
config = container_definition[:log_configuration]
|
150
145
|
container_name = container_definition[:name]
|
data/lib/ufo/tasks.rb
CHANGED
@@ -2,7 +2,7 @@ module Ufo
|
|
2
2
|
class Tasks < Command
|
3
3
|
desc "build", "Build task definitions."
|
4
4
|
long_desc Help.text("tasks:build")
|
5
|
-
option :
|
5
|
+
option :image_override, desc: "Override image in task definition for quick testing"
|
6
6
|
def build
|
7
7
|
Tasks::Builder.new(options).build
|
8
8
|
end
|
data/lib/ufo/tasks/builder.rb
CHANGED
@@ -6,7 +6,6 @@ module Ufo
|
|
6
6
|
# build and register task definitions. There is little point of running them independently
|
7
7
|
# This method helps us do that.
|
8
8
|
build(options)
|
9
|
-
Tasks::Register.register(task_definition, options)
|
10
9
|
end
|
11
10
|
|
12
11
|
# ship: build and registers task definitions together
|
data/lib/ufo/template_scope.rb
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
module Ufo
|
2
2
|
class TemplateScope
|
3
3
|
extend Memoist
|
4
|
+
include Ufo::Settings
|
4
5
|
|
5
6
|
attr_reader :helper
|
6
7
|
attr_reader :task_definition_name
|
@@ -44,72 +45,6 @@ module Ufo
|
|
44
45
|
end
|
45
46
|
end
|
46
47
|
|
47
|
-
def network
|
48
|
-
Ufo::Setting::Profile.new(:network, settings[:network_profile]).data
|
49
|
-
end
|
50
|
-
memoize :network
|
51
|
-
|
52
|
-
def cfn
|
53
|
-
Ufo::Setting::Profile.new(:cfn, settings[:cfn_profile]).data
|
54
|
-
end
|
55
|
-
memoize :cfn
|
56
|
-
|
57
|
-
def settings
|
58
|
-
Ufo.settings
|
59
|
-
end
|
60
|
-
|
61
|
-
def custom_properties(resource)
|
62
|
-
resource = resource.to_s.underscore
|
63
|
-
properties = cfn[resource.to_sym]
|
64
|
-
return unless properties
|
65
|
-
|
66
|
-
# transform keys: camelize
|
67
|
-
properties = properties.deep_stringify_keys.deep_transform_keys do |key|
|
68
|
-
if key == key.upcase # trying to generalize special rule for dns.TTL
|
69
|
-
key # leave key alone if key is already in all upcase
|
70
|
-
else
|
71
|
-
key.camelize
|
72
|
-
end
|
73
|
-
end
|
74
|
-
|
75
|
-
substitute_variables!(properties)
|
76
|
-
|
77
|
-
yaml = YAML.dump(properties)
|
78
|
-
# add spaces in front on each line
|
79
|
-
yaml.split("\n")[1..-1].map do |line|
|
80
|
-
" #{line}"
|
81
|
-
end.join("\n") + "\n"
|
82
|
-
end
|
83
|
-
|
84
|
-
# Substitute special variables that cannot be baked into the template
|
85
|
-
# because they are dynamically assigned. Only one special variable:
|
86
|
-
#
|
87
|
-
# {stack_name}
|
88
|
-
def substitute_variables!(properties)
|
89
|
-
# transform values and substitute for special values
|
90
|
-
# https://stackoverflow.com/questions/34595142/process-nested-hash-to-convert-all-values-to-strings
|
91
|
-
#
|
92
|
-
# Examples:
|
93
|
-
# "{stack_name}.stag.boltops.com." => development-demo-web.stag.boltops.com.
|
94
|
-
# "{stack_name}.stag.boltops.com." => dev-demo-web-2.stag.boltops.com.
|
95
|
-
properties.deep_merge(properties) do |_,_,v|
|
96
|
-
if v.is_a?(String)
|
97
|
-
v.sub!('{stack_name}', @stack_name) # unsure why need shebang, but it works
|
98
|
-
else
|
99
|
-
v
|
100
|
-
end
|
101
|
-
end
|
102
|
-
properties
|
103
|
-
end
|
104
|
-
|
105
|
-
def default_target_group_protocol
|
106
|
-
default_elb_protocol
|
107
|
-
end
|
108
|
-
|
109
|
-
def default_elb_protocol
|
110
|
-
@elb_type == "application" ? "HTTP" : "TCP"
|
111
|
-
end
|
112
|
-
|
113
48
|
def pretty_name?
|
114
49
|
# env variable takes highest precedence
|
115
50
|
if ENV["STATIC_NAME"]
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module Ufo::Utils
|
2
|
+
class Squeezer
|
3
|
+
def initialize(data)
|
4
|
+
@data = data
|
5
|
+
end
|
6
|
+
|
7
|
+
def squeeze(new_data=nil)
|
8
|
+
data = new_data.nil? ? @data : new_data
|
9
|
+
|
10
|
+
case data
|
11
|
+
when Array
|
12
|
+
data.map! { |v| squeeze(v) }
|
13
|
+
when Hash
|
14
|
+
data.each_with_object({}) do |(k,v), squeezed|
|
15
|
+
# only remove nil and empty Array values within Hash structures
|
16
|
+
squeezed[k] = squeeze(v) unless v.nil? || v.is_a?(Array) && v.empty?
|
17
|
+
squeezed
|
18
|
+
end
|
19
|
+
else
|
20
|
+
data # do not transform
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
data/lib/ufo/version.rb
CHANGED
@@ -0,0 +1,17 @@
|
|
1
|
+
iam_policy("AmazonS3ReadOnlyAccess",
|
2
|
+
Action: [
|
3
|
+
"s3:Get*",
|
4
|
+
"s3:List*"
|
5
|
+
],
|
6
|
+
Effect: "Allow",
|
7
|
+
Resource: "*"
|
8
|
+
)
|
9
|
+
iam_policy("CloudwatchWrite",
|
10
|
+
Action: [
|
11
|
+
"cloudwatch:PutMetricData",
|
12
|
+
],
|
13
|
+
Effect: "Allow",
|
14
|
+
Resource: "*"
|
15
|
+
)
|
16
|
+
|
17
|
+
managed_iam_policy("AmazonS3ReadOnlyAccess", "AmazonEC2ReadOnlyAccess")
|
data/spec/lib/ecr_auth_spec.rb
CHANGED
@@ -1,36 +1,48 @@
|
|
1
1
|
describe Ufo::Ecr::Auth do
|
2
2
|
let(:repo_domain) { "123456789.dkr.ecr.us-east-1.amazonaws.com" }
|
3
|
+
let(:username) { "user" }
|
4
|
+
let(:password) { "opensesame" }
|
3
5
|
let(:auth) { Ufo::Ecr::Auth.new(repo_domain) }
|
4
6
|
before(:each) do
|
5
|
-
allow(auth).to receive(:fetch_auth_token).and_return("
|
7
|
+
allow(auth).to receive(:fetch_auth_token).and_return(Base64.encode64("#{username}:#{password}"))
|
6
8
|
end
|
7
9
|
|
8
10
|
context("update") do
|
9
|
-
|
10
|
-
|
11
|
-
|
11
|
+
context("with ecr repo") do
|
12
|
+
context("when login successful") do
|
13
|
+
it "should create the auth token" do
|
14
|
+
command = "docker login -u #{username} --password-stdin #{repo_domain}"
|
15
|
+
command_result = double(success?: true)
|
16
|
+
expect(Open3).to receive(:capture3)
|
17
|
+
.with(command, stdin_data: password)
|
18
|
+
.and_return(['', '', command_result])
|
12
19
|
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
20
|
+
auth.update
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
context("when login failed") do
|
25
|
+
it "should exit with code 1" do
|
26
|
+
command = "docker login -u #{username} --password-stdin #{repo_domain}"
|
27
|
+
command_result = double(success?: false)
|
28
|
+
expect(Open3).to receive(:capture3)
|
29
|
+
.with(command, stdin_data: password)
|
30
|
+
.and_return(['', '', command_result])
|
31
|
+
expect(auth).to receive(:exit).with(1)
|
32
|
+
|
33
|
+
auth.update
|
34
|
+
end
|
19
35
|
end
|
20
36
|
end
|
21
37
|
|
22
|
-
context("
|
23
|
-
|
38
|
+
context("with not ecr repo") do
|
39
|
+
let(:repo_domain) { "example/test" }
|
40
|
+
|
41
|
+
it "should not update credentials" do
|
42
|
+
expect(Open3).not_to receive(:capture3)
|
43
|
+
|
24
44
|
auth.update
|
25
|
-
data = JSON.load(IO.read("spec/fixtures/home/.docker/config.json"))
|
26
|
-
auth_token = data["auths"][repo_domain]["auth"]
|
27
|
-
expect(auth_token).to eq("opensesame")
|
28
45
|
end
|
29
46
|
end
|
30
47
|
end
|
31
|
-
|
32
|
-
def clean_home
|
33
|
-
FileUtils.rm_rf("spec/fixtures/home")
|
34
|
-
FileUtils.cp_r("spec/fixtures/home_existing", "spec/fixtures/home")
|
35
|
-
end
|
36
48
|
end
|
@@ -0,0 +1,67 @@
|
|
1
|
+
describe Ufo::Role::Builder do
|
2
|
+
let(:builder) { described_class.new(role_type) }
|
3
|
+
let(:role_type) { "task_role" }
|
4
|
+
|
5
|
+
before(:each) do
|
6
|
+
Ufo::Role::Registry.register_policy("task_role",
|
7
|
+
"AmazonS3ReadOnlyAccess",
|
8
|
+
{:Action=>["s3:Get*", "s3:List*"], :Effect=>"Allow", :Resource=>"*"}
|
9
|
+
)
|
10
|
+
Ufo::Role::Registry.register_policy("task_role",
|
11
|
+
"CloudwatchWrite",
|
12
|
+
{:Action=>["cloudwatch:PutMetricData"], :Effect=>"Allow", :Resource=>"*"}
|
13
|
+
)
|
14
|
+
# Called twice on purpose to show that duplicated items in the set wont create doubles.
|
15
|
+
# This allows the DSL evaluate to be ran multiple times.
|
16
|
+
Ufo::Role::Registry.register_policy("task_role",
|
17
|
+
"CloudwatchWrite",
|
18
|
+
{:Action=>["cloudwatch:PutMetricData"], :Effect=>"Allow", :Resource=>"*"}
|
19
|
+
)
|
20
|
+
|
21
|
+
|
22
|
+
Ufo::Role::Registry.register_managed_policy("task_role",
|
23
|
+
"AmazonS3ReadOnlyAccess", "AmazonEC2ReadOnlyAccess"
|
24
|
+
)
|
25
|
+
end
|
26
|
+
|
27
|
+
context "build" do
|
28
|
+
it "builds role" do
|
29
|
+
resource = builder.build
|
30
|
+
expected = <<YAML
|
31
|
+
---
|
32
|
+
Type: AWS::IAM::Role
|
33
|
+
Properties:
|
34
|
+
AssumeRolePolicyDocument:
|
35
|
+
Version: '2012-10-17'
|
36
|
+
Statement:
|
37
|
+
- Effect: Allow
|
38
|
+
Principal:
|
39
|
+
Service: ecs-tasks.amazonaws.com
|
40
|
+
Action: sts:AssumeRole
|
41
|
+
Policies:
|
42
|
+
- PolicyName: AmazonS3ReadOnlyAccess
|
43
|
+
PolicyDocument:
|
44
|
+
Version: '2012-10-17'
|
45
|
+
Statement:
|
46
|
+
- Action:
|
47
|
+
- s3:Get*
|
48
|
+
- s3:List*
|
49
|
+
Effect: Allow
|
50
|
+
Resource: "*"
|
51
|
+
- PolicyName: CloudwatchWrite
|
52
|
+
PolicyDocument:
|
53
|
+
Version: '2012-10-17'
|
54
|
+
Statement:
|
55
|
+
- Action:
|
56
|
+
- cloudwatch:PutMetricData
|
57
|
+
Effect: Allow
|
58
|
+
Resource: "*"
|
59
|
+
ManagedPolicyArns:
|
60
|
+
- arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
|
61
|
+
- arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess
|
62
|
+
YAML
|
63
|
+
yaml = YAML.dump(resource)
|
64
|
+
expect(yaml).to eq(expected)
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
describe Ufo::Role::DSL do
|
2
|
+
let(:dsl) { described_class.new(path) }
|
3
|
+
let(:path) { "spec/fixtures/iam_roles/task_role.rb" }
|
4
|
+
|
5
|
+
context "evaluate" do
|
6
|
+
it "registers policies from role DSL" do
|
7
|
+
dsl.evaluate
|
8
|
+
expect(Ufo::Role::Registry.policies).not_to be_empty
|
9
|
+
expect(Ufo::Role::Registry.managed_policies).not_to be_empty
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
data/ufo.gemspec
CHANGED
@@ -26,6 +26,7 @@ Gem::Specification.new do |spec|
|
|
26
26
|
spec.add_dependency "aws-sdk-ecr"
|
27
27
|
spec.add_dependency "aws-sdk-ecs"
|
28
28
|
spec.add_dependency "aws-sdk-elasticloadbalancingv2"
|
29
|
+
spec.add_dependency "aws_data"
|
29
30
|
spec.add_dependency "rainbow"
|
30
31
|
spec.add_dependency "deep_merge"
|
31
32
|
spec.add_dependency "memoist"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ufo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 5.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tung Nguyen
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-08-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-logs
|
@@ -122,6 +122,20 @@ dependencies:
|
|
122
122
|
- - ">="
|
123
123
|
- !ruby/object:Gem::Version
|
124
124
|
version: '0'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: aws_data
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - ">="
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '0'
|
132
|
+
type: :runtime
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - ">="
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '0'
|
125
139
|
- !ruby/object:Gem::Dependency
|
126
140
|
name: rainbow
|
127
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -337,6 +351,7 @@ files:
|
|
337
351
|
- docs/_docs/extras/ecs-network-mode.md
|
338
352
|
- docs/_docs/extras/load-balancer.md
|
339
353
|
- docs/_docs/extras/minimal-deploy-iam.md
|
354
|
+
- docs/_docs/extras/notification-arns.md
|
340
355
|
- docs/_docs/extras/redirection-support.md
|
341
356
|
- docs/_docs/extras/route53-support.md
|
342
357
|
- docs/_docs/extras/security-groups.md
|
@@ -344,6 +359,7 @@ files:
|
|
344
359
|
- docs/_docs/faq.md
|
345
360
|
- docs/_docs/fargate.md
|
346
361
|
- docs/_docs/helpers.md
|
362
|
+
- docs/_docs/iam-roles.md
|
347
363
|
- docs/_docs/install.md
|
348
364
|
- docs/_docs/more/auto-completion.md
|
349
365
|
- docs/_docs/more/automated-cleanup.md
|
@@ -355,10 +371,12 @@ files:
|
|
355
371
|
- docs/_docs/more/why-cloudformation.md
|
356
372
|
- docs/_docs/next-steps.md
|
357
373
|
- docs/_docs/quick-start-ec2.md
|
374
|
+
- docs/_docs/secrets.md
|
358
375
|
- docs/_docs/settings.md
|
359
376
|
- docs/_docs/settings/aws_profile.md
|
360
377
|
- docs/_docs/settings/cfn.md
|
361
378
|
- docs/_docs/settings/cluster.md
|
379
|
+
- docs/_docs/settings/manage-security-groups.md
|
362
380
|
- docs/_docs/settings/network.md
|
363
381
|
- docs/_docs/ssl_errors.md
|
364
382
|
- docs/_docs/structure.md
|
@@ -377,6 +395,7 @@ files:
|
|
377
395
|
- docs/_docs/upgrading.md
|
378
396
|
- docs/_docs/upgrading/upgrade4.5.md
|
379
397
|
- docs/_docs/upgrading/upgrade4.md
|
398
|
+
- docs/_docs/upgrading/upgrade5.md
|
380
399
|
- docs/_docs/variables.md
|
381
400
|
- docs/_includes/about.html
|
382
401
|
- docs/_includes/cfn-customize.md
|
@@ -493,8 +512,10 @@ files:
|
|
493
512
|
- docs/utils/test-aws-api-access.rb
|
494
513
|
- docs/utils/update-cert-chains.sh
|
495
514
|
- exe/ufo
|
496
|
-
- lib/cfn/stack.yml
|
497
515
|
- lib/template/.env
|
516
|
+
- lib/template/.secrets
|
517
|
+
- lib/template/.ufo/iam_roles/execution_role.rb
|
518
|
+
- lib/template/.ufo/iam_roles/task_role.rb
|
498
519
|
- lib/template/.ufo/params.yml.tt
|
499
520
|
- lib/template/.ufo/settings.yml.tt
|
500
521
|
- lib/template/.ufo/settings/cfn/default.yml.tt
|
@@ -535,6 +556,7 @@ files:
|
|
535
556
|
- lib/ufo/docker/variables.rb
|
536
557
|
- lib/ufo/dsl.rb
|
537
558
|
- lib/ufo/dsl/helper.rb
|
559
|
+
- lib/ufo/dsl/helper/vars.rb
|
538
560
|
- lib/ufo/dsl/outputter.rb
|
539
561
|
- lib/ufo/dsl/task_definition.rb
|
540
562
|
- lib/ufo/ecr/auth.rb
|
@@ -586,16 +608,45 @@ files:
|
|
586
608
|
- lib/ufo/ps.rb
|
587
609
|
- lib/ufo/ps/task.rb
|
588
610
|
- lib/ufo/releases.rb
|
611
|
+
- lib/ufo/role/builder.rb
|
612
|
+
- lib/ufo/role/dsl.rb
|
613
|
+
- lib/ufo/role/registry.rb
|
589
614
|
- lib/ufo/rollback.rb
|
590
615
|
- lib/ufo/scale.rb
|
591
616
|
- lib/ufo/sequence.rb
|
592
617
|
- lib/ufo/setting.rb
|
593
618
|
- lib/ufo/setting/profile.rb
|
619
|
+
- lib/ufo/setting/security_groups.rb
|
620
|
+
- lib/ufo/settings.rb
|
594
621
|
- lib/ufo/ship.rb
|
595
622
|
- lib/ufo/stack.rb
|
623
|
+
- lib/ufo/stack/builder.rb
|
624
|
+
- lib/ufo/stack/builder/base.rb
|
625
|
+
- lib/ufo/stack/builder/conditions.rb
|
626
|
+
- lib/ufo/stack/builder/outputs.rb
|
627
|
+
- lib/ufo/stack/builder/parameters.rb
|
628
|
+
- lib/ufo/stack/builder/resources.rb
|
629
|
+
- lib/ufo/stack/builder/resources/base.rb
|
630
|
+
- lib/ufo/stack/builder/resources/dns.rb
|
631
|
+
- lib/ufo/stack/builder/resources/ecs.rb
|
632
|
+
- lib/ufo/stack/builder/resources/elb.rb
|
633
|
+
- lib/ufo/stack/builder/resources/listener.rb
|
634
|
+
- lib/ufo/stack/builder/resources/listener_ssl.rb
|
635
|
+
- lib/ufo/stack/builder/resources/roles/base.rb
|
636
|
+
- lib/ufo/stack/builder/resources/roles/execution_role.rb
|
637
|
+
- lib/ufo/stack/builder/resources/roles/task_role.rb
|
638
|
+
- lib/ufo/stack/builder/resources/security_group/base.rb
|
639
|
+
- lib/ufo/stack/builder/resources/security_group/ecs.rb
|
640
|
+
- lib/ufo/stack/builder/resources/security_group/ecs_rule.rb
|
641
|
+
- lib/ufo/stack/builder/resources/security_group/elb.rb
|
642
|
+
- lib/ufo/stack/builder/resources/target_group.rb
|
643
|
+
- lib/ufo/stack/builder/resources/task_definition.rb
|
644
|
+
- lib/ufo/stack/builder/resources/task_definition/reconstructor.rb
|
596
645
|
- lib/ufo/stack/context.rb
|
646
|
+
- lib/ufo/stack/custom_properties.rb
|
597
647
|
- lib/ufo/stack/helper.rb
|
598
648
|
- lib/ufo/stack/status.rb
|
649
|
+
- lib/ufo/stack/template_body.rb
|
599
650
|
- lib/ufo/status.rb
|
600
651
|
- lib/ufo/stop.rb
|
601
652
|
- lib/ufo/task.rb
|
@@ -610,6 +661,7 @@ files:
|
|
610
661
|
- lib/ufo/upgrade/upgrade4.rb
|
611
662
|
- lib/ufo/upgrade/upgrade43to45.rb
|
612
663
|
- lib/ufo/util.rb
|
664
|
+
- lib/ufo/utils/squeezer.rb
|
613
665
|
- lib/ufo/version.rb
|
614
666
|
- spec/fixtures/apps/describe_services.json
|
615
667
|
- spec/fixtures/cfn/stack-events-complete.json
|
@@ -621,6 +673,7 @@ files:
|
|
621
673
|
- spec/fixtures/dockerfiles/ecr/Dockerfile
|
622
674
|
- spec/fixtures/home_existing/.aws/config
|
623
675
|
- spec/fixtures/home_existing/.docker/config.json
|
676
|
+
- spec/fixtures/iam_roles/task_role.rb
|
624
677
|
- spec/fixtures/mocks/logs/awslogs.json
|
625
678
|
- spec/fixtures/mocks/logs/no-awslogs.json
|
626
679
|
- spec/fixtures/ps/describe_tasks.json
|
@@ -634,6 +687,8 @@ files:
|
|
634
687
|
- spec/lib/logs_spec.rb
|
635
688
|
- spec/lib/ps_spec.rb
|
636
689
|
- spec/lib/register_spec.rb
|
690
|
+
- spec/lib/role/builder_spec.rb
|
691
|
+
- spec/lib/role/dsl_spec.rb
|
637
692
|
- spec/lib/setting_spec.rb
|
638
693
|
- spec/lib/ship_spec.rb
|
639
694
|
- spec/lib/stack/status_spec.rb
|
@@ -675,6 +730,7 @@ test_files:
|
|
675
730
|
- spec/fixtures/dockerfiles/ecr/Dockerfile
|
676
731
|
- spec/fixtures/home_existing/.aws/config
|
677
732
|
- spec/fixtures/home_existing/.docker/config.json
|
733
|
+
- spec/fixtures/iam_roles/task_role.rb
|
678
734
|
- spec/fixtures/mocks/logs/awslogs.json
|
679
735
|
- spec/fixtures/mocks/logs/no-awslogs.json
|
680
736
|
- spec/fixtures/ps/describe_tasks.json
|
@@ -688,6 +744,8 @@ test_files:
|
|
688
744
|
- spec/lib/logs_spec.rb
|
689
745
|
- spec/lib/ps_spec.rb
|
690
746
|
- spec/lib/register_spec.rb
|
747
|
+
- spec/lib/role/builder_spec.rb
|
748
|
+
- spec/lib/role/dsl_spec.rb
|
691
749
|
- spec/lib/setting_spec.rb
|
692
750
|
- spec/lib/ship_spec.rb
|
693
751
|
- spec/lib/stack/status_spec.rb
|