RubyGems - ufo - Versions diffs - 4.6.3 → 5.0.0 - Mend

ufo 4.6.3 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (77) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +14 -0
data/docs/_docs/extras/notification-arns.md +21 -0
data/docs/_docs/helpers.md +6 -4
data/docs/_docs/iam-roles.md +111 -0
data/docs/_docs/secrets.md +112 -0
data/docs/_docs/settings/cluster.md +7 -13
data/docs/_includes/subnav.html +3 -0
data/docs/_reference/ufo-deploy.md +1 -2
data/docs/_reference/ufo-logs.md +1 -1
data/docs/_reference/ufo-rollback.md +2 -0
data/docs/_reference/ufo-ship.md +1 -2
data/docs/_reference/ufo-ships.md +1 -2
data/docs/_reference/ufo-tasks-build.md +1 -2
data/lib/template/.secrets +3 -0
data/lib/template/.ufo/settings.yml.tt +1 -0
data/lib/template/.ufo/settings/cfn/default.yml.tt +27 -27
data/lib/template/.ufo/settings/network/default.yml.tt +9 -0
data/lib/template/.ufo/templates/fargate.json.erb +3 -0
data/lib/template/.ufo/templates/main.json.erb +3 -0
data/lib/template/.ufo/variables/base.rb.tt +1 -0
data/lib/ufo.rb +2 -1
data/lib/ufo/autoloader.rb +9 -0
data/lib/ufo/cli.rb +3 -2
data/lib/ufo/core.rb +1 -9
data/lib/ufo/docker/cleaner.rb +1 -1
data/lib/ufo/dsl.rb +6 -1
data/lib/ufo/dsl/helper.rb +19 -37
data/lib/ufo/dsl/helper/vars.rb +98 -0
data/lib/ufo/dsl/outputter.rb +12 -9
data/lib/ufo/log_group.rb +1 -0
data/lib/ufo/role/builder.rb +66 -0
data/lib/ufo/role/dsl.rb +21 -0
data/lib/ufo/role/registry.rb +24 -0
data/lib/ufo/rollback.rb +2 -1
data/lib/ufo/setting/profile.rb +11 -7
data/lib/ufo/setting/security_groups.rb +22 -0
data/lib/ufo/settings.rb +20 -0
data/lib/ufo/stack.rb +24 -24
data/lib/ufo/stack/builder.rb +26 -0
data/lib/ufo/stack/builder/base.rb +54 -0
data/lib/ufo/stack/builder/conditions.rb +23 -0
data/lib/ufo/stack/builder/outputs.rb +24 -0
data/lib/ufo/stack/builder/parameters.rb +45 -0
data/lib/ufo/stack/builder/resources.rb +20 -0
data/lib/ufo/stack/builder/resources/base.rb +4 -0
data/lib/ufo/stack/builder/resources/dns.rb +17 -0
data/lib/ufo/stack/builder/resources/ecs.rb +63 -0
data/lib/ufo/stack/builder/resources/elb.rb +45 -0
data/lib/ufo/stack/builder/resources/listener.rb +42 -0
data/lib/ufo/stack/builder/resources/listener_ssl.rb +16 -0
data/lib/ufo/stack/builder/resources/roles/base.rb +22 -0
data/lib/ufo/stack/builder/resources/roles/execution_role.rb +4 -0
data/lib/ufo/stack/builder/resources/roles/task_role.rb +4 -0
data/lib/ufo/stack/builder/resources/security_group/base.rb +4 -0
data/lib/ufo/stack/builder/resources/security_group/ecs.rb +44 -0
data/lib/ufo/stack/builder/resources/security_group/ecs_rule.rb +25 -0
data/lib/ufo/stack/builder/resources/security_group/elb.rb +57 -0
data/lib/ufo/stack/builder/resources/target_group.rb +39 -0
data/lib/ufo/stack/builder/resources/task_definition.rb +24 -0
data/lib/ufo/stack/builder/resources/task_definition/reconstructor.rb +49 -0
data/lib/ufo/stack/context.rb +41 -48
data/lib/ufo/stack/custom_properties.rb +59 -0
data/lib/ufo/stack/helper.rb +2 -5
data/lib/ufo/stack/template_body.rb +13 -0
data/lib/ufo/task.rb +2 -7
data/lib/ufo/tasks.rb +1 -1
data/lib/ufo/tasks/builder.rb +0 -1
data/lib/ufo/template_scope.rb +1 -66
data/lib/ufo/utils/squeezer.rb +24 -0
data/lib/ufo/version.rb +1 -1
data/spec/fixtures/iam_roles/task_role.rb +17 -0
data/spec/lib/role/builder_spec.rb +67 -0
data/spec/lib/role/dsl_spec.rb +12 -0
data/ufo.gemspec +1 -0
metadata +57 -3
data/lib/cfn/stack.yml +0 -283

data/lib/ufo/role/dsl.rb ADDED

@@ -0,0 +1,21 @@
+module Ufo::Role
+  class DSL
+    def initialize(path)
+      @path = path # IE: .ufo/iam_roles/task_role.rb
+    end
+    def evaluate
+      instance_eval(IO.read(@path), @path)
+    end
+    def iam_policy(policy_name, statements)
+      role_type = File.basename(@path).sub('.rb','') # task_role or execution_role
+      Registry.register_policy(role_type, policy_name, statements)
+    end
+    def managed_iam_policy(*policies)
+      role_type = File.basename(@path).sub('.rb','') # task_role or execution_role
+      Registry.register_managed_policy(role_type, policies)
+    end
+  end
+end

data/lib/ufo/role/registry.rb ADDED

@@ -0,0 +1,24 @@
+require "set"
+module Ufo::Role
+  class Registry
+    class_attribute :policies
+    self.policies = {}
+    class_attribute :managed_policies
+    self.managed_policies = {}
+    class << self
+      def register_policy(role_type, policy_name, *statements)
+        statements.flatten!
+        self.policies[role_type] ||= Set.new
+        self.policies[role_type].add([policy_name, statements]) # using set so DSL can safely be evaluated multiple times
+      end
+      def register_managed_policy(role_type, *policies)
+        policies.flatten!
+        self.managed_policies[role_type] ||= Set.new
+        self.managed_policies[role_type].merge(policies) # using set so DSL can safely be evaluated multiple times
+      end
+    end
+  end
+end

data/lib/ufo/rollback.rb CHANGED

@@ -3,7 +3,8 @@ module Ufo
     def deploy
       task_definition = normalize_version(@options[:version])
       puts "Rolling back ECS service to task definition #{task_definition}"
-      ship = Ship.new(@service, @options.merge(task_definition: task_definition))
+      ship = Ship.new(@service, @options.merge(task_definition: task_definition, rollback: true))
       ship.deploy
     end

data/lib/ufo/setting/profile.rb CHANGED

@@ -2,21 +2,25 @@ class Ufo::Setting
   class Profile
     extend Memoist
-    def initialize(type, profile='default')
+    def initialize(type, profile=nil)
       @type = type.to_s # cfn or network
       @profile = profile
     end
     def data
-      path = "#{Ufo.root}/.ufo/settings/#{@type}/#{@profile}.yml"
-      unless File.exist?(path)
-        puts "#{@type.camelize} profile #{path} not found. Please double check that it exists."
+      names = [
+        @profile, # user specified
+        Ufo.env, # conventional based on env
+        "default", # fallback to default
+      ].compact.uniq
+      paths = names.map { |name| "#{Ufo.root}/.ufo/settings/#{@type}/#{name}.yml" }
+      found = paths.find { |p| File.exist?(p) }
+      unless found
+        puts "#{@type.camelize} profile not found. Please double check that it exists. Checked paths: #{paths}"
         exit 1
       end
-      text = RenderMePretty.result(path)
-      # puts "text:".color(:cyan)
-      # puts text
+      text = RenderMePretty.result(found)
       YAML.load(text).deep_symbolize_keys
     end
     memoize :data

data/lib/ufo/setting/security_groups.rb ADDED

@@ -0,0 +1,22 @@
+class Ufo::Setting
+  class SecurityGroups
+    include Ufo::Settings
+    extend Memoist
+    def initialize(service, type)
+      @service, @type = service, type
+    end
+    def load
+      groups = network[@type] # IE: network[:ecs_security_groups] or network[:elb_security_groups]
+      return [] unless groups
+      case groups
+      when Array # same security groups used for all services
+        groups
+      when Hash # service specific security groups
+        groups[@service.to_sym] || []
+      end
+    end
+  end
+end

data/lib/ufo/settings.rb ADDED

@@ -0,0 +1,20 @@
+module Ufo
+  module Settings
+    extend Memoist
+    def network
+      Ufo::Setting::Profile.new(:network, settings[:network_profile]).data
+    end
+    memoize :network
+    def cfn
+      Ufo::Setting::Profile.new(:cfn, settings[:cfn_profile]).data
+    end
+    memoize :cfn
+    def settings
+      Setting.new.data
+    end
+    memoize :settings
+  end
+end

data/lib/ufo/stack.rb CHANGED

@@ -25,10 +25,12 @@ module Ufo
   class Stack
     extend Memoist
     include Helper
+    include Ufo::Settings
     def initialize(options)
       @options = options
       @task_definition = options[:task_definition]
+      @rollback = options[:rollback]
       @service = options[:service]
       @cluster = @options[:cluster] || default_cluster(@service)
       @stack_name = adjust_stack_name(@cluster, options[:service])
@@ -66,18 +68,6 @@ module Ufo
       handle_stack_error(e)
     end
-    # do not memoize template_body it can change for a rename retry
-    def template_body
-      custom_template = "#{Ufo.root}/.ufo/settings/cfn/stack.yml"
-      path = if File.exist?(custom_template)
-               custom_template
-             else
-               # built-in default
-               File.expand_path("../cfn/stack.yml", File.dirname(__FILE__))
-             end
-      RenderMePretty.result(path, context: context.scope)
-    end
     def stack_options
       save_template
       if ENV['SAVE_TEMPLATE_EXIT']
@@ -85,22 +75,26 @@ module Ufo
         exit 1
       end
       {
+        capabilities: ["CAPABILITY_IAM"],
+        notification_arns: notification_arns,
         parameters: parameters,
         stack_name: @stack_name,
         template_body: template_body,
       }
     end
+    def notification_arns
+      settings[:notification_arns] || []
+    end
     def parameters
       create_elb, elb_target_group = context.elb_options
-      network = Setting::Profile.new(:network, settings[:network_profile]).data
-      # pp network
       elb_subnets = network[:elb_subnets] && !network[:elb_subnets].empty? ?
                     network[:elb_subnets] :
                     network[:ecs_subnets]
-      hash = {
+      params = {
         Vpc: network[:vpc],
         ElbSubnets: elb_subnets.join(','),
         EcsSubnets: network[:ecs_subnets].join(','),
@@ -110,14 +104,11 @@ module Ufo
         ElbEipIds: context.elb_eip_ids,
         EcsDesiredCount: current_desired_count,
-        EcsTaskDefinition: task_definition_arn,
         EcsSchedulingStrategy: scheduling_strategy,
       }
-      hash[:EcsSecurityGroups] = network[:ecs_security_groups].join(',') if network[:ecs_security_groups]
-      hash[:ElbSecurityGroups] = network[:elb_security_groups].join(',') if network[:elb_security_groups]
-      hash.map do |k,v|
+      params = Ufo::Utils::Squeezer.new(params).squeeze
+      params.map do |k,v|
         if v == :use_previous_value
           { parameter_key: k, use_previous_value: true }
         else
@@ -127,12 +118,20 @@ module Ufo
     end
     memoize :parameters
+    # do not memoize template_body it can change for a rename retry
+    def template_body
+      TemplateBody.new(context).build
+    end
+    memoize :template_body
     def context
-      Context.new(@options.merge(
+      o = @options.merge(
         cluster: @cluster,
         stack_name: @stack_name,
         stack: @stack,
-      ))
+      )
+      o[:rollback_definition_arn] = rollback_definition_arn if rollback_definition_arn
+      Context.new(o)
     end
     memoize :context
@@ -154,11 +153,12 @@ module Ufo
       end
     end
-    def task_definition_arn
+    def rollback_definition_arn
+      return unless @rollback
       resp = ecs.describe_task_definition(task_definition: @task_definition)
       resp.task_definition.task_definition_arn
     end
-    memoize :task_definition_arn
+    memoize :rollback_definition_arn
     # Store template in tmp in case for debugging
     def save_template

data/lib/ufo/stack/builder.rb ADDED

@@ -0,0 +1,26 @@
+class Ufo::Stack
+  class Builder
+    class_attribute :context
+    def initialize(context)
+      @context = context
+      # This builder class is really used as a singleton.
+      # To avoid having to pass context to all the builder classes.
+      self.class.context = @context
+      @template = {
+        Description: "Ufo ECS stack #{context.stack_name}",
+      }
+    end
+    def build
+      @template[:Parameters] = Parameters.new.build
+      @template[:Conditions] = Conditions.new.build
+      @template[:Resources] = Resources.new.build
+      @template[:Outputs] = Outputs.new.build
+      @template.deep_stringify_keys!
+      @template = Ufo::Utils::Squeezer.new(@template).squeeze
+      @template = CustomProperties.new(@template, @context.stack_name).apply
+      YAML.dump(@template)
+    end
+  end
+end

data/lib/ufo/stack/builder/base.rb ADDED

@@ -0,0 +1,54 @@
+class Ufo::Stack::Builder
+  class Base
+    include Ufo::Settings
+    def initialize
+      copy_instance_variables
+    end
+    # Copy the instance variables from TemplateScope Stack Builder classes
+    def copy_instance_variables
+      context = Ufo::Stack::Builder.context
+      scope = context.scope
+      scope.instance_variables.each do |var|
+        val = scope.instance_variable_get(var)
+        instance_variable_set(var, val)
+      end
+    end
+    def self.build
+      new.build
+    end
+    # type: elb or ecs
+    # NOTE: Application ELBs always seem to need a security group even though the docs say its not required
+    # However, there's a case where no ELB is created for a worker tier and if the settings are all blank
+    # CloudFormation fails to resolve and splits out this error:
+    #
+    #     Template error: every Fn::Split object requires two parameters
+    #
+    # So we will not assign security groups at all for case of workers with no security groups at all.
+    #
+    def security_groups(type)
+      settings_key = "#{type}_security_groups".to_sym
+      group_ids = Ufo::Setting::SecurityGroups.new(@service, settings_key).load
+      # no security groups at all
+      return if !managed_security_groups_enabled? && group_ids.blank?
+      groups = []
+      groups += group_ids
+      groups += [managed_security_group(type.to_s.camelize)] if managed_security_groups_enabled?
+      groups
+    end
+    def managed_security_group(type)
+      logical_id = managed_security_groups_enabled? ? "#{type.camelize}SecurityGroup" : "AWS::NoValue"
+      {Ref: logical_id}
+    end
+    def managed_security_groups_enabled?
+      managed = settings[:managed_security_groups_enabled]
+      managed.nil? ? true : managed
+    end
+  end
+end

data/lib/ufo/stack/builder/conditions.rb ADDED

@@ -0,0 +1,23 @@
+class Ufo::Stack::Builder
+  class Conditions < Base
+    def build
+      {
+        CreateElbIsTrue: {
+          "Fn::Equals": [{Ref: "CreateElb"}, true]
+        },
+        ElbTargetGroupIsBlank: {
+          "Fn::Equals": [{Ref: "ElbTargetGroup"}, ""]
+        },
+        CreateTargetGroupIsTrue: {
+          "Fn::And": [
+            {Condition: "CreateElbIsTrue"},
+            {Condition: "ElbTargetGroupIsBlank"},
+          ]
+        },
+        EcsDesiredCountIsBlank: {
+          "Fn::Equals": [{Ref: "EcsDesiredCount"}, ""]
+        }
+      }
+    end
+  end
+end

data/lib/ufo/stack/builder/outputs.rb ADDED

@@ -0,0 +1,24 @@
+class Ufo::Stack::Builder
+  class Outputs < Base
+    def build
+      outputs = {
+        ElbDns: {
+          Description: "Elb Dns",
+          Condition: "CreateElbIsTrue",
+          Value: {
+            "Fn::GetAtt": "Elb.DNSName"
+          }
+        }
+      }
+      if @create_route53
+        outputs[:Route53Dns] = {
+          Description: "Route53 Dns",
+          Value: {Ref: "Dns"},
+        }
+      end
+      outputs
+    end
+  end
+end

data/lib/ufo/stack/builder/parameters.rb ADDED

@@ -0,0 +1,45 @@
+class Ufo::Stack::Builder
+  class Parameters < Base
+    def build
+      {
+        "Vpc": {
+          "Description": "Existing vpc id",
+          "Type": "AWS::EC2::VPC::Id"
+        },
+        "ElbSubnets": {
+          "Description": "Existing subnet ids for ELB",
+          "Type": "List<AWS::EC2::Subnet::Id>"
+        },
+        "EcsSubnets": {
+          "Description": "Existing subnet ids for ECS",
+          "Type": "List<AWS::EC2::Subnet::Id>"
+        },
+        "ElbTargetGroup": {
+          "Description": "Existing target group",
+          "Type": "String",
+          "Default": ""
+        },
+        "CreateElb": {
+          "Description": "Create elb",
+          "Type": "String",
+          "Default": true
+        },
+        "EcsDesiredCount": {
+          "Description": "Ecs desired count",
+          "Type": "String",
+          "Default": 1
+        },
+        "ElbEipIds": {
+          "Description": "ELB EIP Allocation ids to use for network load balancer",
+          "Type": "String",
+          "Default": ""
+        },
+        "EcsSchedulingStrategy": {
+          "Description": "The scheduling strategy to use for the service",
+          "Type": "String",
+          "Default": "REPLICA"
+        }
+      }
+    end
+  end
+end

data/lib/ufo/stack/builder/resources.rb ADDED

@@ -0,0 +1,20 @@
+class Ufo::Stack::Builder
+  class Resources < Base
+    def build
+      {
+        Dns: Dns.build,
+        Ecs: Ecs.build,
+        EcsSecurityGroup: SecurityGroup::Ecs.build,
+        EcsSecurityGroupRule: SecurityGroup::EcsRule.build,
+        Elb: Elb.build,
+        ElbSecurityGroup: SecurityGroup::Elb.build,
+        ExecutionRole: Roles::ExecutionRole.build,
+        Listener: Listener.build,
+        ListenerSsl: ListenerSsl.build,
+        TargetGroup: TargetGroup.build,
+        TaskDefinition: TaskDefinition.build,
+        TaskRole: Roles::TaskRole.build,
+      }
+    end
+  end
+end