ufo 4.6.3 → 5.0.0

data/lib/template/.ufo/settings/network/default.yml.tt

@@ -15,3 +15,12 @@ elb_subnets: # defaults to same subnets as ecs_subnets when not set
 # ecs_security_groups:
 #   - sg-bbb
 #   - sg-ccc
+
+# Also supports extra security groups specific to each ECS service
+# ecs_security_groups:
+#   demo-web:
+#   - sg-bbb
+#   - sg-ccc
+#   demo-worker:
+#   - sg-bbb
+#   - sg-ccc

data/lib/template/.ufo/templates/fargate.json.erb

@@ -21,6 +21,9 @@
       <% if @environment %>
       "environment": <%= @environment.to_json %>,
       <% end %>
+      <% if @secrets %>
+      "secrets": <%= @secrets.to_json %>,
+      <% end %>
       <% if @awslogs_group %>
       "logConfiguration": {
         "logDriver": "awslogs",

data/lib/template/.ufo/templates/main.json.erb

@@ -24,6 +24,9 @@
       <% if @environment %>
       "environment": <%= @environment.to_json %>,
       <% end %>
+      <% if @secrets %>
+      "secrets": <%= @secrets.to_json %>,
+      <% end %>
       <% if @awslogs_group %>
       "logConfiguration": {
         "logDriver": "awslogs",

data/lib/template/.ufo/variables/base.rb.tt

@@ -2,6 +2,7 @@
 # More info on how variables work: http://ufoships.com/docs/variables/
 @image = helper.full_image_name # includes the git sha tongueroo/demo-ufo:ufo-[sha].
 @environment = helper.env_file(".env")
+@secrets = helper.secrets_file(".secrets")
 <% if @options[:launch_type] == "fargate" -%>
 # Ensure that the cpu and memory values are a supported combination by Fargate.
 # More info: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html"

data/lib/ufo.rb

@@ -1,7 +1,8 @@
 $stdout.sync = true unless ENV["UFO_STDOUT_SYNC"] == "0"
 
 $:.unshift(File.expand_path('../', __FILE__))
-require 'deep_merge'
+require 'active_support/core_ext/class'
+require 'deep_merge/rails_compat'
 require 'fileutils'
 require 'memoist'
 require 'rainbow/ext/string'

data/lib/ufo/autoloader.rb

@@ -14,8 +14,17 @@ module Ufo
         loader = Zeitwerk::Loader.new
         loader.inflector = Inflector.new
         loader.push_dir(File.dirname(__dir__)) # lib
+
+        helpers = "#{ufo_root}/.ufo/helpers"
+        loader.push_dir(helpers) if File.exist?(helpers) # project helpers
+
         loader.setup
       end
+
+      # Autoloader runs so early that Ufo.root is not available, so we must declare it here
+      def ufo_root
+        ENV['UFO_ROOT'] || '.'
+      end
     end
   end
 end

data/lib/ufo/cli.rb

@@ -37,11 +37,11 @@ module Ufo
       option :elb, desc: "Decides to create elb, not create elb or use existing target group."
       option :elb_eip_ids, type: :array, desc: "EIP Allocation ids to use for network load balancer."
       option :elb_type, desc: "ELB type: application or network. Keep current deployed elb type when not specified."
-      option :pretty, type: :boolean, default: true, desc: "Pretty format the json for the task definitions"
       option :scheduling_strategy, desc: "Scheduling strategy to use for the service. IE: replica, daemon"
       option :stop_old_tasks, type: :boolean, default: false, desc: "Stop old tasks as part of deployment to speed it up"
       option :task, desc: "ECS task name, to override the task name convention."
       option :wait, type: :boolean, desc: "Wait for deployment to complete", default: true
+      option :image_override, desc: "Override image in task definition for quick testing"
     end
 
     desc "deploy SERVICE", "Deploy task definition to ECS service without re-building the definition."
@@ -75,6 +75,7 @@ module Ufo
 
     desc "rollback SERVICE VERSION", "Rolls back to older task definition."
     long_desc Help.text(:rollback)
+    option :wait, type: :boolean, desc: "Wait for deployment to complete", default: true
     def rollback(service=:current, version)
       service = service == :current ? Current.service! : service
       rollback = Rollback.new(service, options.merge(version: version))
@@ -191,7 +192,7 @@ module Ufo
     long_desc Help.text(:logs)
     option :follow, default: true, type: :boolean, desc: " Whether to continuously poll for new logs. To exit from this mode, use Control-C."
     option :since, desc: "From what time to begin displaying logs.  By default, logs will be displayed starting from 1 minutes in the past. The value provided can be an ISO 8601 timestamp or a relative time."
-    option :format, default: "simple", desc: "The format to display the logs. IE: detailed or short.  With detailed, the log stream name is also shown."
+    option :format, default: "detailed", desc: "The format to display the logs. IE: detailed or short.  With detailed, the log stream name is also shown."
     option :filter_pattern, desc: "The filter pattern to use. If not provided, all the events are matched"
     def logs(service=:current)
       Logs.new(service, options).run

data/lib/ufo/core.rb

@@ -4,6 +4,7 @@ require 'yaml'
 module Ufo
   module Core
     extend Memoist
+    include Ufo::Settings
 
     def check_task_definition!(task_definition)
       task_definition_path = "#{Ufo.root}/.ufo/output/#{task_definition}.json"
@@ -49,15 +50,6 @@ module Ufo
       end
     end
 
-    def settings
-      Setting.new.data
-    end
-    memoize :settings
-
-    def cfn_profile
-      settings[:cfn_profile] || "default"
-    end
-
     def check_ufo_project!
       check_path = "#{Ufo.root}/.ufo/settings.yml"
       unless File.exist?(check_path)

data/lib/ufo/docker/cleaner.rb

@@ -21,7 +21,7 @@ module Ufo
     end
 
     def delete_list
-      return [] if ENV['TEST']
+      return [] if ENV['TEST'] || @options[:noop]
       return @delete_list if @delete_list
 
       out = execute("docker images") # live to override the noop cli options

data/lib/ufo/dsl.rb

@@ -2,6 +2,8 @@ require 'ostruct'
 
 module Ufo
   class DSL
+    extend Memoist
+
     def initialize(template_definitions_path, options={})
       @template_definitions_path = template_definitions_path
       @options = options
@@ -85,7 +87,10 @@ module Ufo
     end
 
     def helper
-      Helper.new
+      helper = Helper.new
+      helper.add_project_helpers
+      helper
     end
+    memoize :helper
   end
 end

data/lib/ufo/dsl/helper.rb

@@ -6,11 +6,20 @@
 # Simply aggregates a bunch of variables that is useful for the task_definition.
 module Ufo
   class DSL
-    # provides some helperally context variables
     class Helper
       include Ufo::Util
       extend Memoist
 
+      # Add helpers from .ufo/helpers folder
+      def add_project_helpers
+        helpers_dir = "#{Ufo.root}/.ufo/helpers"
+        Dir.glob("#{helpers_dir}/**/*").each do |path|
+          next unless File.file?(path)
+          klass = path.gsub(%r{.*\.ufo/helpers/},'').sub(".rb",'').camelize
+          self.class.send(:include, klass.constantize)
+        end
+      end
+
       ##############
       # helper variables
       def dockerfile_port
@@ -27,48 +36,21 @@ module Ufo
 
       #############
       # helper methods
-      def env_vars(text)
-        lines = filtered_lines(text)
-        lines.map do |line|
-          key,*value = line.strip.split("=").map do |x|
-            remove_surrounding_quotes(x.strip)
-          end
-          value = value.join('=')
-          {
-            name: key,
-            value: value,
-          }
-        end
+      def env(text)
+        Vars.new(text: text).env
       end
+      alias_method :env_vars, :env
 
-      def remove_surrounding_quotes(s)
-        if s =~ /^"/ && s =~ /"$/
-          s.sub(/^["]/, '').gsub(/["]$/,'') # remove surrounding double quotes
-        elsif s =~ /^'/ && s =~ /'$/
-          s.sub(/^[']/, '').gsub(/[']$/,'') # remove surrounding single quotes
-        else
-          s
-        end
+      def env_file(path)
+        Vars.new(file: path).env
       end
 
-      def filtered_lines(text)
-        lines = text.split("\n")
-        # remove comment at the end of the line
-        lines.map! { |l| l.sub(/\s+#.*/,'').strip }
-        # filter out commented lines
-        lines = lines.reject { |l| l =~ /(^|\s)#/i }
-        # filter out empty lines
-        lines = lines.reject { |l| l.strip.empty? }
+      def secrets(text)
+        Vars.new(text: text, secrets: true).secrets
       end
 
-      def env_file(path)
-        full_path = "#{Ufo.root}/#{path}"
-        unless File.exist?(full_path)
-          puts "The #{full_path} env file could not be found.  Are you sure it exists?"
-          exit 1
-        end
-        text = IO.read(full_path)
-        env_vars(text)
+      def secrets_file(path)
+        Vars.new(file: path, secrets: true).secrets
       end
 
       def current_region

data/lib/ufo/dsl/helper/vars.rb

@@ -0,0 +1,98 @@
+require "aws_data"
+
+class Ufo::DSL::Helper
+  class Vars
+    extend Memoist
+
+    def initialize(options={})
+      # use either file or text. text takes higher precedence
+      @file = options[:file]
+      @text = options[:text]
+      @secrets = options[:secrets] # true or false
+    end
+
+    def content
+      @text || read(@file)
+    end
+
+    def read(path)
+      full_path = "#{Ufo.root}/#{path}"
+      unless File.exist?(full_path)
+        puts "The #{full_path} env file could not be found.  Are you sure it exists?"
+        exit 1
+      end
+      IO.read(full_path)
+    end
+
+    def env
+      lines = filtered_lines(content)
+      lines.map do |line|
+        key,*value = line.strip.split("=").map do |x|
+          remove_surrounding_quotes(x.strip)
+        end
+        value = value.join('=')
+        {
+          name: key,
+          value: value,
+        }
+      end
+    end
+
+    def secrets
+      secrets = env
+      secrets.map do |item|
+        value = item.delete(:value)
+        item[:valueFrom] = substitute(expand_secret(value))
+      end
+      secrets
+    end
+
+    def expand_secret(value)
+      case value
+      when /^ssm:/i
+        value.sub(/^ssm:/i, "arn:aws:ssm:#{region}:#{account}:parameter/")
+      when /^secretsmanager:/i
+        value.sub(/^secretsmanager:/i, "arn:aws:secretsmanager:#{region}:#{account}:secret:")
+      else
+        value # assume full arn has been passed
+      end
+    end
+
+    def substitute(value)
+      value.gsub(":UFO_ENV", Ufo.env)
+    end
+
+    def remove_surrounding_quotes(s)
+      if s =~ /^"/ && s =~ /"$/
+        s.sub(/^["]/, '').gsub(/["]$/,'') # remove surrounding double quotes
+      elsif s =~ /^'/ && s =~ /'$/
+        s.sub(/^[']/, '').gsub(/[']$/,'') # remove surrounding single quotes
+      else
+        s
+      end
+    end
+
+    def filtered_lines(content)
+      lines = content.split("\n")
+      # remove comment at the end of the line
+      lines.map! { |l| l.sub(/\s+#.*/,'').strip }
+      # filter out commented lines
+      lines = lines.reject { |l| l =~ /(^|\s)#/i }
+      # filter out empty lines
+      lines = lines.reject { |l| l.strip.empty? }
+    end
+
+    def aws_data
+      AwsData.new
+    end
+    memoize :aws_data
+
+    def region
+      aws_data.region
+    end
+
+    def account
+      aws_data.account
+    end
+  end
+end

data/lib/ufo/dsl/outputter.rb

@@ -5,7 +5,6 @@ module Ufo
         @name = name
         @erb_result = erb_result
         @options = options
-        @pretty = options[:pretty].nil? ? true : options[:pretty]
       end
 
       def write
@@ -16,25 +15,29 @@ module Ufo
         path = "#{output_path}/#{@name}.json".sub(/^\.\//,'')
         puts "  #{path}" unless @options[:quiet]
         validate(@erb_result, path)
-        json = @pretty ?
-          JSON.pretty_generate(JSON.parse(@erb_result)) :
-          @erb_result
-        File.open(path, 'w') {|f| f.write(output_json(json)) }
+        data = JSON.parse(@erb_result)
+        override_image(data)
+        json = JSON.pretty_generate(data)
+        File.open(path, 'w') {|f| f.write(json) }
+      end
+
+      def override_image(data)
+        return data unless @options[:image_override]
+        data["containerDefinitions"].each do |container_definition|
+          container_definition["image"] = @options[:image_override]
+        end
       end
 
       def validate(json, path)
         begin
           JSON.parse(json)
         rescue JSON::ParserError => e
+          puts "#{e.class}: #{e.message}"
           puts "Invalid json.  Output written to #{path} for debugging".color(:red)
           File.open(path, 'w') {|f| f.write(json) }
           exit 1
         end
       end
-
-      def output_json(json)
-        @options[:pretty] ? JSON.pretty_generate(JSON.parse(json)) : json
-      end
     end
   end
 end

data/lib/ufo/log_group.rb

@@ -11,6 +11,7 @@ module Ufo
     def create
       puts "Ensuring log group for #{@task_definition.color(:green)} task definition exists"
       return if @options[:noop]
+      return if @options[:rollback] # dont need to create log group because previously deployed
 
       Ufo.check_task_definition!(@task_definition)
       task_def = JSON.load(IO.read(task_def_path))

data/lib/ufo/role/builder.rb

@@ -0,0 +1,66 @@
+module Ufo::Role
+  class Builder
+    def initialize(role_type)
+      @role_type = role_type
+    end
+
+    def build
+      resource(policies, managed_policy_arns)
+    end
+
+    def build?
+      !!(policies || managed_policy_arns)
+    end
+
+    def policies
+      items = Registry.policies[@role_type] # Array of Arrays
+      return unless items && !items.empty?
+
+      items.map do |item|
+        policy_name, statements = item # first element has policy name, second element has statements
+        {
+          PolicyName: policy_name,
+          PolicyDocument: {
+            Version: "2012-10-17",
+            Statement: statements
+          }
+        }
+      end
+    end
+
+    def managed_policy_arns
+      items = Registry.managed_policies[@role_type] # Array of Arrays
+      return unless items && !items.empty?
+
+      items.map do |item|
+        item.include?('iam::aws:policy') ? item : "arn:aws:iam::aws:policy/#{item}"
+      end
+    end
+
+    def resource(policies, managed_policy_arns)
+      properties = {
+        AssumeRolePolicyDocument: {
+          Version: "2012-10-17",
+          Statement: [
+            {
+              Effect: "Allow",
+              Principal: {
+                Service: "ecs-tasks.amazonaws.com"
+              },
+              Action: "sts:AssumeRole"
+            }
+          ]
+        },
+      }
+      properties[:Policies] = policies if policies
+      properties[:ManagedPolicyArns] = managed_policy_arns if managed_policy_arns
+
+      attrs = {
+        Type: "AWS::IAM::Role",
+        Properties: properties
+      }
+
+      attrs.deep_stringify_keys
+    end
+  end
+end