ufo 4.6.2 → 5.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +29 -0
- data/docs/_docs/conventions.md +1 -1
- data/docs/_docs/extras/codebuild-iam-role.md +1 -1
- data/docs/_docs/extras/dockerfile-erb.md +1 -1
- data/docs/_docs/extras/ecs-network-mode.md +1 -1
- data/docs/_docs/extras/load-balancer.md +1 -1
- data/docs/_docs/extras/minimal-deploy-iam.md +1 -1
- data/docs/_docs/extras/notification-arns.md +21 -0
- data/docs/_docs/extras/redirection-support.md +9 -9
- data/docs/_docs/extras/route53-support.md +4 -4
- data/docs/_docs/extras/security-groups.md +1 -1
- data/docs/_docs/extras/ssl-support.md +5 -5
- data/docs/_docs/faq.md +1 -1
- data/docs/_docs/helpers.md +7 -5
- data/docs/_docs/iam-roles.md +112 -0
- data/docs/_docs/install.md +0 -10
- data/docs/_docs/more/auto-completion.md +1 -1
- data/docs/_docs/more/automated-cleanup.md +1 -1
- data/docs/_docs/more/customize-cloudformation.md +1 -1
- data/docs/_docs/more/migrations.md +1 -1
- data/docs/_docs/more/run-in-pieces.md +1 -1
- data/docs/_docs/more/single-task.md +1 -1
- data/docs/_docs/more/stuck-cloudformation.md +1 -1
- data/docs/_docs/more/why-cloudformation.md +1 -1
- data/docs/_docs/next-steps.md +1 -1
- data/docs/_docs/quick-start-ec2.md +1 -0
- data/docs/_docs/secrets.md +135 -0
- data/docs/_docs/settings.md +10 -9
- data/docs/_docs/settings/cluster.md +7 -13
- data/docs/_docs/settings/manage-security-groups.md +24 -0
- data/docs/_docs/settings/network.md +11 -1
- data/docs/_docs/structure.md +10 -9
- data/docs/_docs/tutorial-ufo-init.md +1 -7
- data/docs/_docs/ufo-current.md +1 -1
- data/docs/_docs/ufo-env-extra.md +1 -1
- data/docs/_docs/ufo-env.md +3 -5
- data/docs/_docs/ufo-logs.md +1 -2
- data/docs/_docs/ufo-task-params.md +1 -1
- data/docs/_docs/upgrading.md +1 -1
- data/docs/_docs/upgrading/upgrade4.5.md +2 -2
- data/docs/_docs/upgrading/upgrade4.md +2 -2
- data/docs/_docs/upgrading/upgrade5.md +19 -0
- data/docs/_docs/variables.md +1 -1
- data/docs/_includes/cfn-customize.md +4 -4
- data/docs/_includes/footer.html +6 -5
- data/docs/_includes/subnav.html +3 -0
- data/docs/_reference/ufo-deploy.md +1 -2
- data/docs/_reference/ufo-init.md +15 -16
- data/docs/_reference/ufo-logs.md +1 -1
- data/docs/_reference/ufo-rollback.md +2 -0
- data/docs/_reference/ufo-ship.md +1 -2
- data/docs/_reference/ufo-ships.md +1 -2
- data/docs/_reference/ufo-tasks-build.md +1 -2
- data/docs/articles.md +1 -1
- data/docs/quick-start.md +1 -0
- data/lib/template/.secrets +5 -0
- data/lib/template/.ufo/iam_roles/execution_role.rb +7 -0
- data/lib/template/.ufo/iam_roles/task_role.rb +21 -0
- data/lib/template/.ufo/settings.yml.tt +1 -0
- data/lib/template/.ufo/settings/cfn/default.yml.tt +27 -27
- data/lib/template/.ufo/settings/network/default.yml.tt +9 -0
- data/lib/template/.ufo/templates/fargate.json.erb +3 -1
- data/lib/template/.ufo/templates/main.json.erb +3 -0
- data/lib/template/.ufo/variables/base.rb.tt +1 -0
- data/lib/ufo.rb +2 -1
- data/lib/ufo/autoloader.rb +9 -0
- data/lib/ufo/cli.rb +3 -2
- data/lib/ufo/core.rb +1 -9
- data/lib/ufo/docker/cleaner.rb +1 -1
- data/lib/ufo/dsl.rb +6 -1
- data/lib/ufo/dsl/helper.rb +19 -37
- data/lib/ufo/dsl/helper/vars.rb +97 -0
- data/lib/ufo/dsl/outputter.rb +12 -9
- data/lib/ufo/ecr/auth.rb +10 -21
- data/lib/ufo/help/init.md +1 -1
- data/lib/ufo/init.rb +0 -2
- data/lib/ufo/log_group.rb +1 -0
- data/lib/ufo/role/builder.rb +66 -0
- data/lib/ufo/role/dsl.rb +21 -0
- data/lib/ufo/role/registry.rb +24 -0
- data/lib/ufo/rollback.rb +2 -1
- data/lib/ufo/sequence.rb +0 -16
- data/lib/ufo/setting/profile.rb +11 -7
- data/lib/ufo/setting/security_groups.rb +22 -0
- data/lib/ufo/settings.rb +20 -0
- data/lib/ufo/stack.rb +24 -24
- data/lib/ufo/stack/builder.rb +26 -0
- data/lib/ufo/stack/builder/base.rb +54 -0
- data/lib/ufo/stack/builder/conditions.rb +23 -0
- data/lib/ufo/stack/builder/outputs.rb +24 -0
- data/lib/ufo/stack/builder/parameters.rb +45 -0
- data/lib/ufo/stack/builder/resources.rb +20 -0
- data/lib/ufo/stack/builder/resources/base.rb +4 -0
- data/lib/ufo/stack/builder/resources/dns.rb +17 -0
- data/lib/ufo/stack/builder/resources/ecs.rb +71 -0
- data/lib/ufo/stack/builder/resources/elb.rb +45 -0
- data/lib/ufo/stack/builder/resources/listener.rb +42 -0
- data/lib/ufo/stack/builder/resources/listener_ssl.rb +16 -0
- data/lib/ufo/stack/builder/resources/roles/base.rb +22 -0
- data/lib/ufo/stack/builder/resources/roles/execution_role.rb +4 -0
- data/lib/ufo/stack/builder/resources/roles/task_role.rb +4 -0
- data/lib/ufo/stack/builder/resources/security_group/base.rb +4 -0
- data/lib/ufo/stack/builder/resources/security_group/ecs.rb +44 -0
- data/lib/ufo/stack/builder/resources/security_group/ecs_rule.rb +25 -0
- data/lib/ufo/stack/builder/resources/security_group/elb.rb +57 -0
- data/lib/ufo/stack/builder/resources/target_group.rb +39 -0
- data/lib/ufo/stack/builder/resources/task_definition.rb +24 -0
- data/lib/ufo/stack/builder/resources/task_definition/reconstructor.rb +49 -0
- data/lib/ufo/stack/context.rb +41 -48
- data/lib/ufo/stack/custom_properties.rb +59 -0
- data/lib/ufo/stack/helper.rb +2 -5
- data/lib/ufo/stack/template_body.rb +13 -0
- data/lib/ufo/task.rb +2 -7
- data/lib/ufo/tasks.rb +1 -1
- data/lib/ufo/tasks/builder.rb +0 -1
- data/lib/ufo/template_scope.rb +1 -66
- data/lib/ufo/utils/squeezer.rb +24 -0
- data/lib/ufo/version.rb +1 -1
- data/spec/fixtures/iam_roles/task_role.rb +17 -0
- data/spec/lib/ecr_auth_spec.rb +32 -20
- data/spec/lib/role/builder_spec.rb +67 -0
- data/spec/lib/role/dsl_spec.rb +12 -0
- data/ufo.gemspec +2 -1
- metadata +66 -8
- data/lib/cfn/stack.yml +0 -283
@@ -0,0 +1,67 @@
|
|
1
|
+
describe Ufo::Role::Builder do
|
2
|
+
let(:builder) { described_class.new(role_type) }
|
3
|
+
let(:role_type) { "task_role" }
|
4
|
+
|
5
|
+
before(:each) do
|
6
|
+
Ufo::Role::Registry.register_policy("task_role",
|
7
|
+
"AmazonS3ReadOnlyAccess",
|
8
|
+
{:Action=>["s3:Get*", "s3:List*"], :Effect=>"Allow", :Resource=>"*"}
|
9
|
+
)
|
10
|
+
Ufo::Role::Registry.register_policy("task_role",
|
11
|
+
"CloudwatchWrite",
|
12
|
+
{:Action=>["cloudwatch:PutMetricData"], :Effect=>"Allow", :Resource=>"*"}
|
13
|
+
)
|
14
|
+
# Called twice on purpose to show that duplicated items in the set wont create doubles.
|
15
|
+
# This allows the DSL evaluate to be ran multiple times.
|
16
|
+
Ufo::Role::Registry.register_policy("task_role",
|
17
|
+
"CloudwatchWrite",
|
18
|
+
{:Action=>["cloudwatch:PutMetricData"], :Effect=>"Allow", :Resource=>"*"}
|
19
|
+
)
|
20
|
+
|
21
|
+
|
22
|
+
Ufo::Role::Registry.register_managed_policy("task_role",
|
23
|
+
"AmazonS3ReadOnlyAccess", "AmazonEC2ReadOnlyAccess"
|
24
|
+
)
|
25
|
+
end
|
26
|
+
|
27
|
+
context "build" do
|
28
|
+
it "builds role" do
|
29
|
+
resource = builder.build
|
30
|
+
expected = <<YAML
|
31
|
+
---
|
32
|
+
Type: AWS::IAM::Role
|
33
|
+
Properties:
|
34
|
+
AssumeRolePolicyDocument:
|
35
|
+
Version: '2012-10-17'
|
36
|
+
Statement:
|
37
|
+
- Effect: Allow
|
38
|
+
Principal:
|
39
|
+
Service: ecs-tasks.amazonaws.com
|
40
|
+
Action: sts:AssumeRole
|
41
|
+
Policies:
|
42
|
+
- PolicyName: AmazonS3ReadOnlyAccess
|
43
|
+
PolicyDocument:
|
44
|
+
Version: '2012-10-17'
|
45
|
+
Statement:
|
46
|
+
- Action:
|
47
|
+
- s3:Get*
|
48
|
+
- s3:List*
|
49
|
+
Effect: Allow
|
50
|
+
Resource: "*"
|
51
|
+
- PolicyName: CloudwatchWrite
|
52
|
+
PolicyDocument:
|
53
|
+
Version: '2012-10-17'
|
54
|
+
Statement:
|
55
|
+
- Action:
|
56
|
+
- cloudwatch:PutMetricData
|
57
|
+
Effect: Allow
|
58
|
+
Resource: "*"
|
59
|
+
ManagedPolicyArns:
|
60
|
+
- arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
|
61
|
+
- arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess
|
62
|
+
YAML
|
63
|
+
yaml = YAML.dump(resource)
|
64
|
+
expect(yaml).to eq(expected)
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
describe Ufo::Role::DSL do
|
2
|
+
let(:dsl) { described_class.new(path) }
|
3
|
+
let(:path) { "spec/fixtures/iam_roles/task_role.rb" }
|
4
|
+
|
5
|
+
context "evaluate" do
|
6
|
+
it "registers policies from role DSL" do
|
7
|
+
dsl.evaluate
|
8
|
+
expect(Ufo::Role::Registry.policies).not_to be_empty
|
9
|
+
expect(Ufo::Role::Registry.managed_policies).not_to be_empty
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
data/ufo.gemspec
CHANGED
@@ -19,13 +19,14 @@ Gem::Specification.new do |spec|
|
|
19
19
|
spec.require_paths = ["lib"]
|
20
20
|
|
21
21
|
spec.add_dependency "aws-logs"
|
22
|
-
spec.add_dependency "aws-mfa-secure"
|
22
|
+
spec.add_dependency "aws-mfa-secure", "~> 0.4.3"
|
23
23
|
spec.add_dependency "aws-sdk-cloudformation"
|
24
24
|
spec.add_dependency "aws-sdk-cloudwatchlogs"
|
25
25
|
spec.add_dependency "aws-sdk-ec2"
|
26
26
|
spec.add_dependency "aws-sdk-ecr"
|
27
27
|
spec.add_dependency "aws-sdk-ecs"
|
28
28
|
spec.add_dependency "aws-sdk-elasticloadbalancingv2"
|
29
|
+
spec.add_dependency "aws_data"
|
29
30
|
spec.add_dependency "rainbow"
|
30
31
|
spec.add_dependency "deep_merge"
|
31
32
|
spec.add_dependency "memoist"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ufo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 5.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tung Nguyen
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-12-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-logs
|
@@ -28,16 +28,16 @@ dependencies:
|
|
28
28
|
name: aws-mfa-secure
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- - "
|
31
|
+
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
33
|
+
version: 0.4.3
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- - "
|
38
|
+
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version:
|
40
|
+
version: 0.4.3
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: aws-sdk-cloudformation
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -122,6 +122,20 @@ dependencies:
|
|
122
122
|
- - ">="
|
123
123
|
- !ruby/object:Gem::Version
|
124
124
|
version: '0'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: aws_data
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - ">="
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '0'
|
132
|
+
type: :runtime
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - ">="
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '0'
|
125
139
|
- !ruby/object:Gem::Dependency
|
126
140
|
name: rainbow
|
127
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -337,6 +351,7 @@ files:
|
|
337
351
|
- docs/_docs/extras/ecs-network-mode.md
|
338
352
|
- docs/_docs/extras/load-balancer.md
|
339
353
|
- docs/_docs/extras/minimal-deploy-iam.md
|
354
|
+
- docs/_docs/extras/notification-arns.md
|
340
355
|
- docs/_docs/extras/redirection-support.md
|
341
356
|
- docs/_docs/extras/route53-support.md
|
342
357
|
- docs/_docs/extras/security-groups.md
|
@@ -344,6 +359,7 @@ files:
|
|
344
359
|
- docs/_docs/faq.md
|
345
360
|
- docs/_docs/fargate.md
|
346
361
|
- docs/_docs/helpers.md
|
362
|
+
- docs/_docs/iam-roles.md
|
347
363
|
- docs/_docs/install.md
|
348
364
|
- docs/_docs/more/auto-completion.md
|
349
365
|
- docs/_docs/more/automated-cleanup.md
|
@@ -355,10 +371,12 @@ files:
|
|
355
371
|
- docs/_docs/more/why-cloudformation.md
|
356
372
|
- docs/_docs/next-steps.md
|
357
373
|
- docs/_docs/quick-start-ec2.md
|
374
|
+
- docs/_docs/secrets.md
|
358
375
|
- docs/_docs/settings.md
|
359
376
|
- docs/_docs/settings/aws_profile.md
|
360
377
|
- docs/_docs/settings/cfn.md
|
361
378
|
- docs/_docs/settings/cluster.md
|
379
|
+
- docs/_docs/settings/manage-security-groups.md
|
362
380
|
- docs/_docs/settings/network.md
|
363
381
|
- docs/_docs/ssl_errors.md
|
364
382
|
- docs/_docs/structure.md
|
@@ -377,6 +395,7 @@ files:
|
|
377
395
|
- docs/_docs/upgrading.md
|
378
396
|
- docs/_docs/upgrading/upgrade4.5.md
|
379
397
|
- docs/_docs/upgrading/upgrade4.md
|
398
|
+
- docs/_docs/upgrading/upgrade5.md
|
380
399
|
- docs/_docs/variables.md
|
381
400
|
- docs/_includes/about.html
|
382
401
|
- docs/_includes/cfn-customize.md
|
@@ -493,8 +512,10 @@ files:
|
|
493
512
|
- docs/utils/test-aws-api-access.rb
|
494
513
|
- docs/utils/update-cert-chains.sh
|
495
514
|
- exe/ufo
|
496
|
-
- lib/cfn/stack.yml
|
497
515
|
- lib/template/.env
|
516
|
+
- lib/template/.secrets
|
517
|
+
- lib/template/.ufo/iam_roles/execution_role.rb
|
518
|
+
- lib/template/.ufo/iam_roles/task_role.rb
|
498
519
|
- lib/template/.ufo/params.yml.tt
|
499
520
|
- lib/template/.ufo/settings.yml.tt
|
500
521
|
- lib/template/.ufo/settings/cfn/default.yml.tt
|
@@ -535,6 +556,7 @@ files:
|
|
535
556
|
- lib/ufo/docker/variables.rb
|
536
557
|
- lib/ufo/dsl.rb
|
537
558
|
- lib/ufo/dsl/helper.rb
|
559
|
+
- lib/ufo/dsl/helper/vars.rb
|
538
560
|
- lib/ufo/dsl/outputter.rb
|
539
561
|
- lib/ufo/dsl/task_definition.rb
|
540
562
|
- lib/ufo/ecr/auth.rb
|
@@ -586,16 +608,45 @@ files:
|
|
586
608
|
- lib/ufo/ps.rb
|
587
609
|
- lib/ufo/ps/task.rb
|
588
610
|
- lib/ufo/releases.rb
|
611
|
+
- lib/ufo/role/builder.rb
|
612
|
+
- lib/ufo/role/dsl.rb
|
613
|
+
- lib/ufo/role/registry.rb
|
589
614
|
- lib/ufo/rollback.rb
|
590
615
|
- lib/ufo/scale.rb
|
591
616
|
- lib/ufo/sequence.rb
|
592
617
|
- lib/ufo/setting.rb
|
593
618
|
- lib/ufo/setting/profile.rb
|
619
|
+
- lib/ufo/setting/security_groups.rb
|
620
|
+
- lib/ufo/settings.rb
|
594
621
|
- lib/ufo/ship.rb
|
595
622
|
- lib/ufo/stack.rb
|
623
|
+
- lib/ufo/stack/builder.rb
|
624
|
+
- lib/ufo/stack/builder/base.rb
|
625
|
+
- lib/ufo/stack/builder/conditions.rb
|
626
|
+
- lib/ufo/stack/builder/outputs.rb
|
627
|
+
- lib/ufo/stack/builder/parameters.rb
|
628
|
+
- lib/ufo/stack/builder/resources.rb
|
629
|
+
- lib/ufo/stack/builder/resources/base.rb
|
630
|
+
- lib/ufo/stack/builder/resources/dns.rb
|
631
|
+
- lib/ufo/stack/builder/resources/ecs.rb
|
632
|
+
- lib/ufo/stack/builder/resources/elb.rb
|
633
|
+
- lib/ufo/stack/builder/resources/listener.rb
|
634
|
+
- lib/ufo/stack/builder/resources/listener_ssl.rb
|
635
|
+
- lib/ufo/stack/builder/resources/roles/base.rb
|
636
|
+
- lib/ufo/stack/builder/resources/roles/execution_role.rb
|
637
|
+
- lib/ufo/stack/builder/resources/roles/task_role.rb
|
638
|
+
- lib/ufo/stack/builder/resources/security_group/base.rb
|
639
|
+
- lib/ufo/stack/builder/resources/security_group/ecs.rb
|
640
|
+
- lib/ufo/stack/builder/resources/security_group/ecs_rule.rb
|
641
|
+
- lib/ufo/stack/builder/resources/security_group/elb.rb
|
642
|
+
- lib/ufo/stack/builder/resources/target_group.rb
|
643
|
+
- lib/ufo/stack/builder/resources/task_definition.rb
|
644
|
+
- lib/ufo/stack/builder/resources/task_definition/reconstructor.rb
|
596
645
|
- lib/ufo/stack/context.rb
|
646
|
+
- lib/ufo/stack/custom_properties.rb
|
597
647
|
- lib/ufo/stack/helper.rb
|
598
648
|
- lib/ufo/stack/status.rb
|
649
|
+
- lib/ufo/stack/template_body.rb
|
599
650
|
- lib/ufo/status.rb
|
600
651
|
- lib/ufo/stop.rb
|
601
652
|
- lib/ufo/task.rb
|
@@ -610,6 +661,7 @@ files:
|
|
610
661
|
- lib/ufo/upgrade/upgrade4.rb
|
611
662
|
- lib/ufo/upgrade/upgrade43to45.rb
|
612
663
|
- lib/ufo/util.rb
|
664
|
+
- lib/ufo/utils/squeezer.rb
|
613
665
|
- lib/ufo/version.rb
|
614
666
|
- spec/fixtures/apps/describe_services.json
|
615
667
|
- spec/fixtures/cfn/stack-events-complete.json
|
@@ -621,6 +673,7 @@ files:
|
|
621
673
|
- spec/fixtures/dockerfiles/ecr/Dockerfile
|
622
674
|
- spec/fixtures/home_existing/.aws/config
|
623
675
|
- spec/fixtures/home_existing/.docker/config.json
|
676
|
+
- spec/fixtures/iam_roles/task_role.rb
|
624
677
|
- spec/fixtures/mocks/logs/awslogs.json
|
625
678
|
- spec/fixtures/mocks/logs/no-awslogs.json
|
626
679
|
- spec/fixtures/ps/describe_tasks.json
|
@@ -634,6 +687,8 @@ files:
|
|
634
687
|
- spec/lib/logs_spec.rb
|
635
688
|
- spec/lib/ps_spec.rb
|
636
689
|
- spec/lib/register_spec.rb
|
690
|
+
- spec/lib/role/builder_spec.rb
|
691
|
+
- spec/lib/role/dsl_spec.rb
|
637
692
|
- spec/lib/setting_spec.rb
|
638
693
|
- spec/lib/ship_spec.rb
|
639
694
|
- spec/lib/stack/status_spec.rb
|
@@ -660,7 +715,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
660
715
|
- !ruby/object:Gem::Version
|
661
716
|
version: '0'
|
662
717
|
requirements: []
|
663
|
-
rubygems_version: 3.1.
|
718
|
+
rubygems_version: 3.1.4
|
664
719
|
signing_key:
|
665
720
|
specification_version: 4
|
666
721
|
summary: AWS ECS Deploy Tool
|
@@ -675,6 +730,7 @@ test_files:
|
|
675
730
|
- spec/fixtures/dockerfiles/ecr/Dockerfile
|
676
731
|
- spec/fixtures/home_existing/.aws/config
|
677
732
|
- spec/fixtures/home_existing/.docker/config.json
|
733
|
+
- spec/fixtures/iam_roles/task_role.rb
|
678
734
|
- spec/fixtures/mocks/logs/awslogs.json
|
679
735
|
- spec/fixtures/mocks/logs/no-awslogs.json
|
680
736
|
- spec/fixtures/ps/describe_tasks.json
|
@@ -688,6 +744,8 @@ test_files:
|
|
688
744
|
- spec/lib/logs_spec.rb
|
689
745
|
- spec/lib/ps_spec.rb
|
690
746
|
- spec/lib/register_spec.rb
|
747
|
+
- spec/lib/role/builder_spec.rb
|
748
|
+
- spec/lib/role/dsl_spec.rb
|
691
749
|
- spec/lib/setting_spec.rb
|
692
750
|
- spec/lib/ship_spec.rb
|
693
751
|
- spec/lib/stack/status_spec.rb
|
data/lib/cfn/stack.yml
DELETED
@@ -1,283 +0,0 @@
|
|
1
|
-
Description: "Ufo ECS stack <%= @stack_name %>"
|
2
|
-
Parameters:
|
3
|
-
# required
|
4
|
-
Vpc:
|
5
|
-
Description: Existing vpc id
|
6
|
-
Type: AWS::EC2::VPC::Id
|
7
|
-
ElbSubnets:
|
8
|
-
Description: Existing subnet ids for ELB
|
9
|
-
Type: List<AWS::EC2::Subnet::Id>
|
10
|
-
EcsSubnets:
|
11
|
-
Description: Existing subnet ids for ECS
|
12
|
-
Type: List<AWS::EC2::Subnet::Id>
|
13
|
-
EcsSecurityGroups:
|
14
|
-
Description: Existing ecs security group ids
|
15
|
-
Type: String
|
16
|
-
Default: ''
|
17
|
-
ElbSecurityGroups:
|
18
|
-
Description: Existing elb security group ids. List with commas.
|
19
|
-
Type: String
|
20
|
-
Default: ''
|
21
|
-
|
22
|
-
ElbTargetGroup:
|
23
|
-
Description: Existing target group
|
24
|
-
Type: String
|
25
|
-
Default: '' # when blank the automatically created TargetGroup is used
|
26
|
-
CreateElb:
|
27
|
-
Description: Create elb
|
28
|
-
Type: String
|
29
|
-
Default: true
|
30
|
-
EcsDesiredCount:
|
31
|
-
Description: Ecs desired count
|
32
|
-
Type: String
|
33
|
-
Default: 1
|
34
|
-
EcsTaskDefinition:
|
35
|
-
Description: Ecs task definition arn
|
36
|
-
Type: String
|
37
|
-
|
38
|
-
# Using to keep state
|
39
|
-
ElbEipIds:
|
40
|
-
Description: ELB EIP Allocation ids to use for network load balancer
|
41
|
-
Type: String
|
42
|
-
Default: ''
|
43
|
-
EcsSchedulingStrategy:
|
44
|
-
Description: The scheduling strategy to use for the service
|
45
|
-
Type: String
|
46
|
-
Default: 'REPLICA'
|
47
|
-
Conditions:
|
48
|
-
CreateElbIsTrue: !Equals [ !Ref CreateElb, true ]
|
49
|
-
ElbTargetGroupIsBlank: !Equals [ !Ref ElbTargetGroup, '' ]
|
50
|
-
CreateTargetGroupIsTrue: !And
|
51
|
-
- !Condition CreateElbIsTrue
|
52
|
-
- !Condition ElbTargetGroupIsBlank
|
53
|
-
ElbSecurityGroupsIsBlank: !Equals [ !Ref ElbSecurityGroups, '' ]
|
54
|
-
EcsSecurityGroupsIsBlank: !Equals [ !Ref EcsSecurityGroups, '' ]
|
55
|
-
EcsDesiredCountIsBlank: !Equals [ !Ref EcsDesiredCount, '' ]
|
56
|
-
Resources:
|
57
|
-
Elb:
|
58
|
-
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
|
59
|
-
Condition: CreateElbIsTrue
|
60
|
-
Properties:
|
61
|
-
<% if ENV['UFO_FORCE_ELB'] -%>
|
62
|
-
# Error: SetSubnets is not supported for load balancers of type 'network'
|
63
|
-
# Happens: When changing subnets for an ELB
|
64
|
-
# Solution: Rename the ELB to force a replacement of it
|
65
|
-
<% random = (0...3).map { (65 + rand(26)).chr }.join.downcase %>
|
66
|
-
Name: <%= "#{@stack_name}-#{random}" %>
|
67
|
-
<% end -%>
|
68
|
-
Type: <%= @elb_type %>
|
69
|
-
Tags:
|
70
|
-
- Key: Name
|
71
|
-
Value: <%= @stack_name %>
|
72
|
-
<% if @elb_type == "application" -%>
|
73
|
-
# Add additional extra security groups if parameters set
|
74
|
-
SecurityGroups: !Split
|
75
|
-
- ','
|
76
|
-
- !If
|
77
|
-
- ElbSecurityGroupsIsBlank
|
78
|
-
- !Ref ElbSecurityGroup
|
79
|
-
- !Join [',', [!Ref ElbSecurityGroups, !Ref ElbSecurityGroup]]
|
80
|
-
<% end -%>
|
81
|
-
<% if @elb_type == "network" && @subnet_mappings && !@subnet_mappings.empty? -%>
|
82
|
-
SubnetMappings:
|
83
|
-
<% @subnet_mappings.each do |allocation_id, subnet_id| -%>
|
84
|
-
- AllocationId: <%= allocation_id %>
|
85
|
-
SubnetId: <%= subnet_id %>
|
86
|
-
<% end -%>
|
87
|
-
<% else -%>
|
88
|
-
Subnets: !Ref ElbSubnets
|
89
|
-
<% end -%>
|
90
|
-
<%= custom_properties(:Elb) %>
|
91
|
-
|
92
|
-
TargetGroup:
|
93
|
-
Type: AWS::ElasticLoadBalancingV2::TargetGroup
|
94
|
-
Condition: CreateTargetGroupIsTrue
|
95
|
-
Properties:
|
96
|
-
VpcId: !Ref Vpc
|
97
|
-
Tags:
|
98
|
-
- Key: Name
|
99
|
-
Value: <%= @stack_name %>
|
100
|
-
<% if ENV['UFO_FORCE_TARGET_GROUP'] -%>
|
101
|
-
# When adding and removing EIPs
|
102
|
-
# Error: TargetGroup cannot be associated with more than one load balancer
|
103
|
-
# Solution: https://forums.aws.amazon.com/thread.jspa?threadID=254544
|
104
|
-
# Note: we truncate the stack name because target group names can be only 32 chars long
|
105
|
-
Name: !Join
|
106
|
-
- '-'
|
107
|
-
- - <%= @stack_name[0..-6] %>
|
108
|
-
- !Select [ 2, !Split [ '-', !GetAtt Elb.LoadBalancerName]]
|
109
|
-
<% end -%>
|
110
|
-
Protocol: <%= @default_target_group_protocol %>
|
111
|
-
<% if @container[:network_mode] == "awsvpc" -%>
|
112
|
-
TargetType: ip
|
113
|
-
<% end -%>
|
114
|
-
<% if @elb_type == "network" && @network_mode == "awsvpc" -%>
|
115
|
-
# target groups with network load balancers need to check the container
|
116
|
-
# port dirtectly and will be using
|
117
|
-
HealthCheckPort: <%= @container[:port] %>
|
118
|
-
<% end -%>
|
119
|
-
<%= custom_properties(:TargetGroup) %>
|
120
|
-
|
121
|
-
Listener:
|
122
|
-
Type: AWS::ElasticLoadBalancingV2::Listener
|
123
|
-
Condition: CreateElbIsTrue
|
124
|
-
Properties:
|
125
|
-
DefaultActions:
|
126
|
-
- Type: forward
|
127
|
-
TargetGroupArn:
|
128
|
-
!If [ElbTargetGroupIsBlank, !Ref TargetGroup, !Ref ElbTargetGroup]
|
129
|
-
LoadBalancerArn: !Ref Elb
|
130
|
-
Protocol: <%= @default_listener_protocol %>
|
131
|
-
<%= custom_properties(:Listener) %>
|
132
|
-
|
133
|
-
<% if @create_listener_ssl -%>
|
134
|
-
ListenerSsl:
|
135
|
-
Type: AWS::ElasticLoadBalancingV2::Listener
|
136
|
-
Condition: CreateElbIsTrue
|
137
|
-
Properties:
|
138
|
-
DefaultActions:
|
139
|
-
- Type: forward
|
140
|
-
TargetGroupArn:
|
141
|
-
!If [ElbTargetGroupIsBlank, !Ref TargetGroup, !Ref ElbTargetGroup]
|
142
|
-
LoadBalancerArn: !Ref Elb
|
143
|
-
Protocol: <%= @default_listener_ssl_protocol %>
|
144
|
-
<%= custom_properties(:ListenerSsl) %>
|
145
|
-
<% end -%>
|
146
|
-
|
147
|
-
<% if @elb_type == "application" -%>
|
148
|
-
ElbSecurityGroup:
|
149
|
-
Type: AWS::EC2::SecurityGroup
|
150
|
-
Condition: CreateElbIsTrue
|
151
|
-
Properties:
|
152
|
-
GroupDescription: Allow http to client host
|
153
|
-
VpcId: !Ref Vpc
|
154
|
-
SecurityGroupIngress:
|
155
|
-
- IpProtocol: tcp
|
156
|
-
FromPort: '<%= cfn[:listener][:port] %>'
|
157
|
-
ToPort: '<%= cfn[:listener][:port] %>'
|
158
|
-
CidrIp: 0.0.0.0/0
|
159
|
-
<% if @create_listener_ssl -%>
|
160
|
-
- IpProtocol: tcp
|
161
|
-
FromPort: '<%= cfn[:listener_ssl][:port] %>'
|
162
|
-
ToPort: '<%= cfn[:listener_ssl][:port] %>'
|
163
|
-
CidrIp: 0.0.0.0/0
|
164
|
-
<% end -%>
|
165
|
-
SecurityGroupEgress:
|
166
|
-
- IpProtocol: tcp
|
167
|
-
FromPort: '0'
|
168
|
-
ToPort: '65535'
|
169
|
-
CidrIp: 0.0.0.0/0
|
170
|
-
Tags:
|
171
|
-
- Key: Name
|
172
|
-
Value: <%= @stack_name %>-elb
|
173
|
-
<%= custom_properties(:ElbSecurityGroup) %>
|
174
|
-
<% end -%>
|
175
|
-
|
176
|
-
Ecs:
|
177
|
-
Type: AWS::ECS::Service
|
178
|
-
<% if @create_elb -%>
|
179
|
-
DependsOn: Listener
|
180
|
-
<% end -%>
|
181
|
-
Properties:
|
182
|
-
Cluster: <%= @cluster %>
|
183
|
-
DesiredCount: !If
|
184
|
-
- EcsDesiredCountIsBlank
|
185
|
-
- !Ref AWS::NoValue
|
186
|
-
- !Ref EcsDesiredCount
|
187
|
-
TaskDefinition: !Ref EcsTaskDefinition
|
188
|
-
<% if pretty_name? -%>
|
189
|
-
ServiceName: <%= @stack_name %>
|
190
|
-
<% end -%>
|
191
|
-
<% if @container[:fargate] -%>
|
192
|
-
LaunchType: FARGATE
|
193
|
-
<% end -%>
|
194
|
-
<% if @container[:network_mode] == "awsvpc" -%>
|
195
|
-
NetworkConfiguration:
|
196
|
-
AwsvpcConfiguration:
|
197
|
-
Subnets: !Ref EcsSubnets # required
|
198
|
-
SecurityGroups: !Split
|
199
|
-
- ','
|
200
|
-
- !If
|
201
|
-
- EcsSecurityGroupsIsBlank
|
202
|
-
- !Ref EcsSecurityGroup
|
203
|
-
- !Join [',', [!Ref EcsSecurityGroups, !Ref EcsSecurityGroup]]
|
204
|
-
<% if @container[:fargate] -%>
|
205
|
-
AssignPublicIp: ENABLED # Works with fargate but doesnt seem to work with non-fargate
|
206
|
-
<% end -%>
|
207
|
-
<% end -%>
|
208
|
-
# Default to port 80 to get template to validate. For worker processes
|
209
|
-
# there is no actual port used.
|
210
|
-
LoadBalancers: !If
|
211
|
-
- CreateTargetGroupIsTrue
|
212
|
-
- - ContainerName: <%= @container[:name] %>
|
213
|
-
ContainerPort: <%= @container[:port] || 80 %>
|
214
|
-
TargetGroupArn: !Ref TargetGroup
|
215
|
-
- !If
|
216
|
-
- ElbTargetGroupIsBlank
|
217
|
-
- []
|
218
|
-
- - ContainerName: <%= @container[:name] %>
|
219
|
-
ContainerPort: <%= @container[:port] || 80 %>
|
220
|
-
TargetGroupArn: !Ref ElbTargetGroup
|
221
|
-
SchedulingStrategy: !Ref EcsSchedulingStrategy
|
222
|
-
<%= custom_properties(:Ecs) %>
|
223
|
-
|
224
|
-
EcsSecurityGroup:
|
225
|
-
Type: AWS::EC2::SecurityGroup
|
226
|
-
Properties:
|
227
|
-
GroupDescription: Allow http to client host
|
228
|
-
VpcId: !Ref Vpc
|
229
|
-
<% if @elb_type == "network" -%>
|
230
|
-
SecurityGroupIngress:
|
231
|
-
- IpProtocol: tcp
|
232
|
-
FromPort: '<%= @container[:port] %>'
|
233
|
-
ToPort: '<%= @container[:port] %>'
|
234
|
-
CidrIp: 0.0.0.0/0
|
235
|
-
Description: docker ephemeral port range for network elb
|
236
|
-
<% end -%>
|
237
|
-
# Outbound access: instance needs access to internet to pull down image
|
238
|
-
# or else get CannotPullContainerError
|
239
|
-
SecurityGroupEgress:
|
240
|
-
- IpProtocol: "-1"
|
241
|
-
CidrIp: 0.0.0.0/0
|
242
|
-
Description: outbound traffic
|
243
|
-
Tags:
|
244
|
-
- Key: Name
|
245
|
-
Value: <%= @stack_name %>
|
246
|
-
<%= custom_properties(:EcsSecurityGroup) %>
|
247
|
-
|
248
|
-
<% if @elb_type == "application" -%>
|
249
|
-
# Allow all traffic from ELB SG to ECS SG
|
250
|
-
EcsSecurityGroupRule:
|
251
|
-
Type: AWS::EC2::SecurityGroupIngress
|
252
|
-
Condition: CreateElbIsTrue
|
253
|
-
Properties:
|
254
|
-
IpProtocol: tcp
|
255
|
-
FromPort: '0'
|
256
|
-
ToPort: '65535'
|
257
|
-
SourceSecurityGroupId: !GetAtt ElbSecurityGroup.GroupId
|
258
|
-
GroupId: !GetAtt EcsSecurityGroup.GroupId
|
259
|
-
Description: application elb access to ecs
|
260
|
-
<%= custom_properties(:EcsSecurityGroupRule) %>
|
261
|
-
<% end -%>
|
262
|
-
<% if @create_route53 -%>
|
263
|
-
Dns:
|
264
|
-
Type: AWS::Route53::RecordSet
|
265
|
-
Properties:
|
266
|
-
Comment: cname to load balancer
|
267
|
-
Type: CNAME
|
268
|
-
TTL: '60' # ttl has special casing
|
269
|
-
ResourceRecords:
|
270
|
-
- !GetAtt Elb.DNSName
|
271
|
-
<%= custom_properties(:Dns) %>
|
272
|
-
<% end -%>
|
273
|
-
|
274
|
-
Outputs:
|
275
|
-
ElbDns:
|
276
|
-
Description: Elb Dns
|
277
|
-
Condition: CreateElbIsTrue
|
278
|
-
Value: !GetAtt Elb.DNSName
|
279
|
-
<% if @create_route53 -%>
|
280
|
-
Route53Dns:
|
281
|
-
Description: Route53 Dns
|
282
|
-
Value: !Ref Dns
|
283
|
-
<% end -%>
|