ufo 4.6.2 → 5.0.3

data/lib/ufo/stack/builder/resources/ecs.rb

@@ -0,0 +1,71 @@
+class Ufo::Stack::Builder::Resources
+  class Ecs < Base
+    def build
+      attrs = {
+        Type: "AWS::ECS::Service",
+        Properties: properties
+      }
+
+      attrs[:DependsOn] = "Listener" if @create_elb
+
+      attrs
+    end
+
+    def properties
+      props = {
+        Cluster: @cluster,
+        DesiredCount: {
+          "Fn::If": [
+            "EcsDesiredCountIsBlank",
+            {Ref: "AWS::NoValue"},
+            {Ref: "EcsDesiredCount"}
+          ]
+        },
+        LoadBalancers: {
+          "Fn::If": [
+            "CreateTargetGroupIsTrue",
+            [
+              {
+                ContainerName: @container[:name],
+                ContainerPort: @container[:port],
+                TargetGroupArn: {Ref: "TargetGroup"}
+              }
+            ],
+            {
+              "Fn::If": [
+                "ElbTargetGroupIsBlank",
+                [],
+                [
+                  {
+                    ContainerName: @container[:name],
+                    ContainerPort: @container[:port],
+                    TargetGroupArn: {Ref: "ElbTargetGroup"}
+                  }
+                ]
+              ]
+            }
+          ]
+        },
+        SchedulingStrategy: {Ref: "EcsSchedulingStrategy"}
+      }
+
+      props[:TaskDefinition] = @rollback_definition_arn ? @rollback_definition_arn : {Ref: "TaskDefinition"}
+
+      if @container[:network_mode].to_s == 'awsvpc'
+        props[:NetworkConfiguration] = {
+          AwsvpcConfiguration: {
+            Subnets: {Ref: "EcsSubnets"},
+            SecurityGroups: security_groups(:ecs)
+          }
+        }
+
+        if @container[:fargate]
+          props[:LaunchType] = "FARGATE"
+          props[:NetworkConfiguration][:AwsvpcConfiguration][:AssignPublicIp] = "ENABLED" # Works with fargate but doesnt seem to work with non-fargate
+        end
+      end
+
+      props
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/elb.rb

@@ -0,0 +1,45 @@
+class Ufo::Stack::Builder::Resources
+  class Elb < Base
+    def build
+      {
+        Type: "AWS::ElasticLoadBalancingV2::LoadBalancer",
+        Condition: "CreateElbIsTrue",
+        Properties: properties,
+      }
+    end
+
+    def properties
+      props = {
+        Type: @elb_type,
+        Tags: [
+          {Key: "Name", Value: @stack_name}
+        ],
+        Subnets: {Ref: "ElbSubnets"},
+        Scheme: "internet-facing"
+      }
+
+      props[:SecurityGroups] = security_groups(:elb) if @elb_type == "application"
+      subnets(props)
+
+      props
+    end
+
+    def subnets(props)
+      mappings = @elb_type == "network" && @subnet_mappings && !@subnet_mappings.empty?
+      if mappings
+        props[:SubnetMappings] = subnet_mappings
+      else
+        props[:Subnets] = {Ref: "ElbSubnets"}
+      end
+    end
+
+    def subnet_mappings
+      @subnet_mappings.map do |allocation_id, subnet_id|
+        {
+          AllocationId: allocation_id,
+          SubnetId: subnet_id,
+        }
+      end
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/listener.rb

@@ -0,0 +1,42 @@
+class Ufo::Stack::Builder::Resources
+  class Listener < Base
+    def build
+      {
+        Type: "AWS::ElasticLoadBalancingV2::Listener",
+        Condition: "CreateElbIsTrue",
+        Properties: properties,
+      }
+    end
+
+    def properties
+      props = {
+        DefaultActions: [
+          {
+            Type: "forward",
+            TargetGroupArn: {
+              "Fn::If": [
+                "ElbTargetGroupIsBlank",
+                {Ref: "TargetGroup"},
+                {Ref: "ElbTargetGroup"}
+              ]
+            }
+          }
+        ],
+        LoadBalancerArn: {Ref: "Elb"},
+        Protocol: protocol,
+      }
+
+      props[:Port] = port if port
+
+      props
+    end
+
+    def protocol
+      @default_listener_protocol
+    end
+
+    def port
+      80
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/listener_ssl.rb

@@ -0,0 +1,16 @@
+class Ufo::Stack::Builder::Resources
+  class ListenerSsl < Listener
+    def build
+      return unless @create_listener_ssl
+      super
+    end
+
+    def protocol
+      @default_listener_ssl_protocol
+    end
+
+    # nil on purpose
+    def port
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/roles/base.rb

@@ -0,0 +1,22 @@
+module Ufo::Stack::Builder::Resources::Roles
+  class Base < Ufo::Stack::Builder::Base
+    def build
+      return unless self.class.build? # important because it runs DSL#evaluate
+      Ufo::Role::Builder.new(self.class.role_type).build
+    end
+
+
+    class << self
+      def role_type
+        self.name.to_s.split("::").last.underscore
+      end
+
+      def build?
+        path = "#{Ufo.root}/.ufo/iam_roles/#{role_type}.rb"
+        return unless File.exist?(path)
+        Ufo::Role::DSL.new(path).evaluate # runs the role.rb and registers items
+        Ufo::Role::Builder.new(role_type).build?
+      end
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/roles/execution_role.rb

@@ -0,0 +1,4 @@
+module Ufo::Stack::Builder::Resources::Roles
+  class ExecutionRole < Base
+  end
+end

data/lib/ufo/stack/builder/resources/roles/task_role.rb

@@ -0,0 +1,4 @@
+module Ufo::Stack::Builder::Resources::Roles
+  class TaskRole < Base
+  end
+end

data/lib/ufo/stack/builder/resources/security_group/base.rb

@@ -0,0 +1,4 @@
+module Ufo::Stack::Builder::Resources::SecurityGroup
+  class Base < Ufo::Stack::Builder::Base
+  end
+end

data/lib/ufo/stack/builder/resources/security_group/ecs.rb

@@ -0,0 +1,44 @@
+module Ufo::Stack::Builder::Resources::SecurityGroup
+  class Ecs < Base
+    def build
+      return unless managed_security_groups?
+
+      {
+        Type: "AWS::EC2::SecurityGroup",
+        Properties: properties
+      }
+    end
+
+    def properties
+      props = {
+        GroupDescription: "Allow http to client host",
+        VpcId: {Ref: "Vpc"},
+        SecurityGroupEgress: [
+          {
+            IpProtocol: "-1",
+            CidrIp: "0.0.0.0/0",
+            Description: "outbound traffic"
+          }
+        ],
+        Tags: [
+          {
+            Key: "Name",
+            Value: @stack_name,
+          }
+        ]
+      }
+
+      if @elb_type == "network"
+        props[:SecurityGroupIngress] = {
+          IpProtocol: "tcp",
+          FromPort: @container[:port],
+          ToPort: @container[:port],
+          CidrIp: "0.0.0.0/0",
+          Description: "docker ephemeral port range for network elb",
+        }
+      end
+
+      props
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/security_group/ecs_rule.rb

@@ -0,0 +1,25 @@
+module Ufo::Stack::Builder::Resources::SecurityGroup
+  class EcsRule < Base
+    def build
+      return unless managed_security_groups?
+      return unless @elb_type == "application"
+
+      {
+        Type: "AWS::EC2::SecurityGroupIngress",
+        Condition: "CreateElbIsTrue",
+        Properties: {
+          IpProtocol: "tcp",
+          FromPort: "0",
+          ToPort: "65535",
+          SourceSecurityGroupId: {
+            "Fn::GetAtt": "ElbSecurityGroup.GroupId"
+          },
+          GroupId: {
+            "Fn::GetAtt": "EcsSecurityGroup.GroupId"
+          },
+          Description: "application elb access to ecs"
+        }
+      }
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/security_group/elb.rb

@@ -0,0 +1,57 @@
+module Ufo::Stack::Builder::Resources::SecurityGroup
+  class Elb < Base
+    def build
+      return unless managed_security_groups?
+      return unless @elb_type == "application"
+
+      {
+        Type: "AWS::EC2::SecurityGroup",
+        Condition: "CreateElbIsTrue",
+        Properties: properties
+      }
+    end
+
+    def properties
+      port = cfn.dig(:Listener, :Port) || cfn.dig(:listener, :port) # backwards compatiblity
+
+      props = {
+        GroupDescription: "Allow http to client host",
+        VpcId: {Ref: "Vpc"},
+        SecurityGroupIngress: [
+          {
+            IpProtocol: "tcp",
+            FromPort: port,
+            ToPort: port,
+            CidrIp: "0.0.0.0/0"
+          }
+        ],
+        SecurityGroupEgress: [
+          {
+            IpProtocol: "tcp",
+            FromPort: "0",
+            ToPort: "65535",
+            CidrIp: "0.0.0.0/0"
+          }
+        ],
+        Tags: [
+          {
+            Key: "Name",
+            Value: "#{@stack_name}-elb"
+          }
+        ]
+      }
+
+      if @create_listener_ssl
+        ssl_port = cfn.dig(:ListenerSsl, :Port) || cfn.dig(:listener_ssl, :port) # backwards compatiblity
+        props[:SecurityGroupIngress] << {
+          IpProtocol: "tcp",
+          FromPort: ssl_port,
+          ToPort: ssl_port,
+          CidrIp: "0.0.0.0/0"
+        }
+      end
+
+      props
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/target_group.rb

@@ -0,0 +1,39 @@
+class Ufo::Stack::Builder::Resources
+  class TargetGroup < Base
+    def build
+      {
+        Type: "AWS::ElasticLoadBalancingV2::TargetGroup",
+        Condition: "CreateTargetGroupIsTrue",
+        Properties: properties,
+      }
+    end
+
+    def properties
+      props = {
+        VpcId: {Ref: "Vpc"},
+        Tags: [
+          {
+            Key: "Name",
+            Value: @stack_name,
+          }
+        ],
+        Protocol: @default_target_group_protocol,
+        Port: 80,
+        HealthCheckIntervalSeconds: 10,
+        HealthyThresholdCount: 2,
+        UnhealthyThresholdCount: 2,
+        TargetGroupAttributes: [
+          {
+            Key: "deregistration_delay.timeout_seconds",
+            Value: 10
+          }
+        ]
+      }
+
+      props[:TargetType] = "ip" if @container[:network_mode] == "awsvpc"
+      props[:HealthCheckPort] = @container[:port] if @elb_type == "network" && @network_mode == "awsvpc"
+
+      props
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/task_definition.rb

@@ -0,0 +1,24 @@
+class Ufo::Stack::Builder::Resources
+  class TaskDefinition < Base
+    def build
+      return if @rollback_definition_arn
+
+      {
+        Type: "AWS::ECS::TaskDefinition",
+        Properties: properties,
+        DeletionPolicy: "Retain",
+        UpdateReplacePolicy: "Retain",
+      }
+    end
+
+    def properties
+      props = Reconstructor.new(@task_definition).reconstruct
+
+      # Decorate with iam roles if needed
+      props[:TaskRoleArn] = {"Fn::GetAtt": "TaskRole.Arn"} if Roles::TaskRole.build?
+      props[:ExecutionRoleArn] = {"Fn::GetAtt": "ExecutionRole.Arn"} if Roles::ExecutionRole.build?
+
+      props
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/task_definition/reconstructor.rb

@@ -0,0 +1,49 @@
+class Ufo::Stack::Builder::Resources::TaskDefinition
+  class Reconstructor
+    include Ufo::AwsService
+
+    def initialize(task_definition, rollback=false)
+      @task_definition, @rollback = task_definition, rollback
+    end
+
+    def reconstruct
+      camelize(data)
+    end
+
+    def data
+      if @rollback
+        resp = ecs.describe_task_definition(task_definition: @task_definition)
+        resp.task_definition.to_h
+      else
+        path = "#{Ufo.root}/.ufo/output/#{@task_definition}.json"
+        JSON.load(IO.read(path))
+      end
+    end
+
+    # non-destructive
+    def camelize(value, parent_keys=[])
+      case value
+      when Array
+        value.map { |v| camelize(v, parent_keys) }
+      when Hash
+        initializer = value.map do |k, v|
+          new_key = camelize_key(k, parent_keys)
+          [new_key, camelize(v, parent_keys+[new_key])]
+        end
+        Hash[initializer]
+      else
+        value # do not camelize values
+      end
+    end
+
+    def camelize_key(k, parent_keys=[])
+      k = k.to_s
+      special = %w[Options] & parent_keys.map(&:to_s)
+      if special.empty?
+        k.camelize
+      else
+        k # pass through untouch
+      end
+    end
+  end
+end