RubyGems - ufo - Versions diffs - 4.6.3 → 5.0.0 - Mend

ufo 4.6.3 → 5.0.0

Files changed (77) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +14 -0
data/docs/_docs/extras/notification-arns.md +21 -0
data/docs/_docs/helpers.md +6 -4
data/docs/_docs/iam-roles.md +111 -0
data/docs/_docs/secrets.md +112 -0
data/docs/_docs/settings/cluster.md +7 -13
data/docs/_includes/subnav.html +3 -0
data/docs/_reference/ufo-deploy.md +1 -2
data/docs/_reference/ufo-logs.md +1 -1
data/docs/_reference/ufo-rollback.md +2 -0
data/docs/_reference/ufo-ship.md +1 -2
data/docs/_reference/ufo-ships.md +1 -2
data/docs/_reference/ufo-tasks-build.md +1 -2
data/lib/template/.secrets +3 -0
data/lib/template/.ufo/settings.yml.tt +1 -0
data/lib/template/.ufo/settings/cfn/default.yml.tt +27 -27
data/lib/template/.ufo/settings/network/default.yml.tt +9 -0
data/lib/template/.ufo/templates/fargate.json.erb +3 -0
data/lib/template/.ufo/templates/main.json.erb +3 -0
data/lib/template/.ufo/variables/base.rb.tt +1 -0
data/lib/ufo.rb +2 -1
data/lib/ufo/autoloader.rb +9 -0
data/lib/ufo/cli.rb +3 -2
data/lib/ufo/core.rb +1 -9
data/lib/ufo/docker/cleaner.rb +1 -1
data/lib/ufo/dsl.rb +6 -1
data/lib/ufo/dsl/helper.rb +19 -37
data/lib/ufo/dsl/helper/vars.rb +98 -0
data/lib/ufo/dsl/outputter.rb +12 -9
data/lib/ufo/log_group.rb +1 -0
data/lib/ufo/role/builder.rb +66 -0
data/lib/ufo/role/dsl.rb +21 -0
data/lib/ufo/role/registry.rb +24 -0
data/lib/ufo/rollback.rb +2 -1
data/lib/ufo/setting/profile.rb +11 -7
data/lib/ufo/setting/security_groups.rb +22 -0
data/lib/ufo/settings.rb +20 -0
data/lib/ufo/stack.rb +24 -24
data/lib/ufo/stack/builder.rb +26 -0
data/lib/ufo/stack/builder/base.rb +54 -0
data/lib/ufo/stack/builder/conditions.rb +23 -0
data/lib/ufo/stack/builder/outputs.rb +24 -0
data/lib/ufo/stack/builder/parameters.rb +45 -0
data/lib/ufo/stack/builder/resources.rb +20 -0
data/lib/ufo/stack/builder/resources/base.rb +4 -0
data/lib/ufo/stack/builder/resources/dns.rb +17 -0
data/lib/ufo/stack/builder/resources/ecs.rb +63 -0
data/lib/ufo/stack/builder/resources/elb.rb +45 -0
data/lib/ufo/stack/builder/resources/listener.rb +42 -0
data/lib/ufo/stack/builder/resources/listener_ssl.rb +16 -0
data/lib/ufo/stack/builder/resources/roles/base.rb +22 -0
data/lib/ufo/stack/builder/resources/roles/execution_role.rb +4 -0
data/lib/ufo/stack/builder/resources/roles/task_role.rb +4 -0
data/lib/ufo/stack/builder/resources/security_group/base.rb +4 -0
data/lib/ufo/stack/builder/resources/security_group/ecs.rb +44 -0
data/lib/ufo/stack/builder/resources/security_group/ecs_rule.rb +25 -0
data/lib/ufo/stack/builder/resources/security_group/elb.rb +57 -0
data/lib/ufo/stack/builder/resources/target_group.rb +39 -0
data/lib/ufo/stack/builder/resources/task_definition.rb +24 -0
data/lib/ufo/stack/builder/resources/task_definition/reconstructor.rb +49 -0
data/lib/ufo/stack/context.rb +41 -48
data/lib/ufo/stack/custom_properties.rb +59 -0
data/lib/ufo/stack/helper.rb +2 -5
data/lib/ufo/stack/template_body.rb +13 -0
data/lib/ufo/task.rb +2 -7
data/lib/ufo/tasks.rb +1 -1
data/lib/ufo/tasks/builder.rb +0 -1
data/lib/ufo/template_scope.rb +1 -66
data/lib/ufo/utils/squeezer.rb +24 -0
data/lib/ufo/version.rb +1 -1
data/spec/fixtures/iam_roles/task_role.rb +17 -0
data/spec/lib/role/builder_spec.rb +67 -0
data/spec/lib/role/dsl_spec.rb +12 -0
data/ufo.gemspec +1 -0
metadata +57 -3
data/lib/cfn/stack.yml +0 -283

@@ -0,0 +1,21 @@
+module Ufo::Role
+  class DSL
+    def initialize(path)
+      @path = path # IE: .ufo/iam_roles/task_role.rb
+    end
+    def evaluate
+      instance_eval(IO.read(@path), @path)
+    end
+    def iam_policy(policy_name, statements)
+      role_type = File.basename(@path).sub('.rb','') # task_role or execution_role
+      Registry.register_policy(role_type, policy_name, statements)
+    end
+    def managed_iam_policy(*policies)
+      role_type = File.basename(@path).sub('.rb','') # task_role or execution_role
+      Registry.register_managed_policy(role_type, policies)
+    end
+  end
+end

data/lib/ufo/role/registry.rb ADDED

@@ -0,0 +1,24 @@
+require "set"
+module Ufo::Role
+  class Registry
+    class_attribute :policies
+    self.policies = {}
+    class_attribute :managed_policies
+    self.managed_policies = {}
+    class << self
+      def register_policy(role_type, policy_name, *statements)
+        statements.flatten!
+        self.policies[role_type] ||= Set.new
+        self.policies[role_type].add([policy_name, statements]) # using set so DSL can safely be evaluated multiple times
+      end
+      def register_managed_policy(role_type, *policies)
+        policies.flatten!
+        self.managed_policies[role_type] ||= Set.new
+        self.managed_policies[role_type].merge(policies) # using set so DSL can safely be evaluated multiple times
+      end
+    end
+  end
+end

data/lib/ufo/rollback.rb CHANGED

@@ -3,7 +3,8 @@ module Ufo
     def deploy
       task_definition = normalize_version(@options[:version])
       puts "Rolling back ECS service to task definition #{task_definition}"
-      ship = Ship.new(@service, @options.merge(task_definition: task_definition))
+      ship = Ship.new(@service, @options.merge(task_definition: task_definition, rollback: true))
       ship.deploy
     end

data/lib/ufo/setting/profile.rb CHANGED

@@ -2,21 +2,25 @@ class Ufo::Setting
   class Profile
     extend Memoist
-    def initialize(type, profile='default')
+    def initialize(type, profile=nil)
       @type = type.to_s # cfn or network
       @profile = profile
     end
     def data
-      path = "#{Ufo.root}/.ufo/settings/#{@type}/#{@profile}.yml"
-      unless File.exist?(path)
-        puts "#{@type.camelize} profile #{path} not found. Please double check that it exists."
+      names = [
+        @profile, # user specified
+        Ufo.env, # conventional based on env
+        "default", # fallback to default
+      ].compact.uniq
+      paths = names.map { |name| "#{Ufo.root}/.ufo/settings/#{@type}/#{name}.yml" }
+      found = paths.find { |p| File.exist?(p) }
+      unless found
+        puts "#{@type.camelize} profile not found. Please double check that it exists. Checked paths: #{paths}"
         exit 1
       end
-      text = RenderMePretty.result(path)
-      # puts "text:".color(:cyan)
-      # puts text
+      text = RenderMePretty.result(found)
       YAML.load(text).deep_symbolize_keys
     end
     memoize :data

data/lib/ufo/setting/security_groups.rb ADDED

@@ -0,0 +1,22 @@
+class Ufo::Setting
+  class SecurityGroups
+    include Ufo::Settings
+    extend Memoist
+    def initialize(service, type)
+      @service, @type = service, type
+    end
+    def load
+      groups = network[@type] # IE: network[:ecs_security_groups] or network[:elb_security_groups]
+      return [] unless groups
+      case groups
+      when Array # same security groups used for all services
+        groups
+      when Hash # service specific security groups
+        groups[@service.to_sym] || []
+      end
+    end
+  end
+end

data/lib/ufo/settings.rb ADDED

@@ -0,0 +1,20 @@
+module Ufo
+  module Settings
+    extend Memoist
+    def network
+      Ufo::Setting::Profile.new(:network, settings[:network_profile]).data
+    end
+    memoize :network
+    def cfn
+      Ufo::Setting::Profile.new(:cfn, settings[:cfn_profile]).data
+    end
+    memoize :cfn
+    def settings
+      Setting.new.data
+    end
+    memoize :settings
+  end
+end

data/lib/ufo/stack.rb CHANGED

@@ -25,10 +25,12 @@ module Ufo
   class Stack
     extend Memoist
     include Helper
+    include Ufo::Settings
     def initialize(options)
       @options = options
       @task_definition = options[:task_definition]
+      @rollback = options[:rollback]
       @service = options[:service]
       @cluster = @options[:cluster] || default_cluster(@service)
       @stack_name = adjust_stack_name(@cluster, options[:service])
@@ -66,18 +68,6 @@ module Ufo
       handle_stack_error(e)
     end
-    # do not memoize template_body it can change for a rename retry
-    def template_body
-      custom_template = "#{Ufo.root}/.ufo/settings/cfn/stack.yml"
-      path = if File.exist?(custom_template)
-               custom_template
-             else
-               # built-in default
-               File.expand_path("../cfn/stack.yml", File.dirname(__FILE__))
-             end
-      RenderMePretty.result(path, context: context.scope)
-    end
     def stack_options
       save_template
       if ENV['SAVE_TEMPLATE_EXIT']
@@ -85,22 +75,26 @@ module Ufo
         exit 1
       end
       {
+        capabilities: ["CAPABILITY_IAM"],
+        notification_arns: notification_arns,
         parameters: parameters,
         stack_name: @stack_name,
         template_body: template_body,
       }
     end
+    def notification_arns
+      settings[:notification_arns] || []
+    end
     def parameters
       create_elb, elb_target_group = context.elb_options
-      network = Setting::Profile.new(:network, settings[:network_profile]).data
-      # pp network
       elb_subnets = network[:elb_subnets] && !network[:elb_subnets].empty? ?
                     network[:elb_subnets] :
                     network[:ecs_subnets]
-      hash = {
+      params = {
         Vpc: network[:vpc],
         ElbSubnets: elb_subnets.join(','),
         EcsSubnets: network[:ecs_subnets].join(','),
@@ -110,14 +104,11 @@ module Ufo
         ElbEipIds: context.elb_eip_ids,
         EcsDesiredCount: current_desired_count,
-        EcsTaskDefinition: task_definition_arn,
         EcsSchedulingStrategy: scheduling_strategy,
       }
-      hash[:EcsSecurityGroups] = network[:ecs_security_groups].join(',') if network[:ecs_security_groups]
-      hash[:ElbSecurityGroups] = network[:elb_security_groups].join(',') if network[:elb_security_groups]
-      hash.map do |k,v|
+      params = Ufo::Utils::Squeezer.new(params).squeeze
+      params.map do |k,v|
         if v == :use_previous_value
           { parameter_key: k, use_previous_value: true }
         else
@@ -127,12 +118,20 @@ module Ufo
     end
     memoize :parameters
+    # do not memoize template_body it can change for a rename retry
+    def template_body
+      TemplateBody.new(context).build
+    end
+    memoize :template_body
     def context
-      Context.new(@options.merge(
+      o = @options.merge(
         cluster: @cluster,
         stack_name: @stack_name,
         stack: @stack,
-      ))
+      )
+      o[:rollback_definition_arn] = rollback_definition_arn if rollback_definition_arn
+      Context.new(o)
     end
     memoize :context
@@ -154,11 +153,12 @@ module Ufo
       end
     end
-    def task_definition_arn
+    def rollback_definition_arn
+      return unless @rollback
       resp = ecs.describe_task_definition(task_definition: @task_definition)
       resp.task_definition.task_definition_arn
     end
-    memoize :task_definition_arn
+    memoize :rollback_definition_arn
     # Store template in tmp in case for debugging
     def save_template

data/lib/ufo/stack/builder.rb ADDED

@@ -0,0 +1,26 @@
+class Ufo::Stack
+  class Builder
+    class_attribute :context
+    def initialize(context)
+      @context = context
+      # This builder class is really used as a singleton.
+      # To avoid having to pass context to all the builder classes.
+      self.class.context = @context
+      @template = {
+        Description: "Ufo ECS stack #{context.stack_name}",
+      }
+    end
+    def build
+      @template[:Parameters] = Parameters.new.build
+      @template[:Conditions] = Conditions.new.build
+      @template[:Resources] = Resources.new.build
+      @template[:Outputs] = Outputs.new.build
+      @template.deep_stringify_keys!
+      @template = Ufo::Utils::Squeezer.new(@template).squeeze
+      @template = CustomProperties.new(@template, @context.stack_name).apply
+      YAML.dump(@template)
+    end
+  end
+end

data/lib/ufo/stack/builder/base.rb ADDED

@@ -0,0 +1,54 @@
+class Ufo::Stack::Builder
+  class Base
+    include Ufo::Settings
+    def initialize
+      copy_instance_variables
+    end
+    # Copy the instance variables from TemplateScope Stack Builder classes
+    def copy_instance_variables
+      context = Ufo::Stack::Builder.context
+      scope = context.scope
+      scope.instance_variables.each do |var|
+        val = scope.instance_variable_get(var)
+        instance_variable_set(var, val)
+      end
+    end
+    def self.build
+      new.build
+    end
+    # type: elb or ecs
+    # NOTE: Application ELBs always seem to need a security group even though the docs say its not required
+    # However, there's a case where no ELB is created for a worker tier and if the settings are all blank
+    # CloudFormation fails to resolve and splits out this error:
+    #
+    #     Template error: every Fn::Split object requires two parameters
+    #
+    # So we will not assign security groups at all for case of workers with no security groups at all.
+    #
+    def security_groups(type)
+      settings_key = "#{type}_security_groups".to_sym
+      group_ids = Ufo::Setting::SecurityGroups.new(@service, settings_key).load
+      # no security groups at all
+      return if !managed_security_groups_enabled? && group_ids.blank?
+      groups = []
+      groups += group_ids
+      groups += [managed_security_group(type.to_s.camelize)] if managed_security_groups_enabled?
+      groups
+    end
+    def managed_security_group(type)
+      logical_id = managed_security_groups_enabled? ? "#{type.camelize}SecurityGroup" : "AWS::NoValue"
+      {Ref: logical_id}
+    end
+    def managed_security_groups_enabled?
+      managed = settings[:managed_security_groups_enabled]
+      managed.nil? ? true : managed
+    end
+  end
+end

data/lib/ufo/stack/builder/conditions.rb ADDED

@@ -0,0 +1,23 @@
+class Ufo::Stack::Builder
+  class Conditions < Base
+    def build
+      {
+        CreateElbIsTrue: {
+          "Fn::Equals": [{Ref: "CreateElb"}, true]
+        },
+        ElbTargetGroupIsBlank: {
+          "Fn::Equals": [{Ref: "ElbTargetGroup"}, ""]
+        },
+        CreateTargetGroupIsTrue: {
+          "Fn::And": [
+            {Condition: "CreateElbIsTrue"},
+            {Condition: "ElbTargetGroupIsBlank"},
+          ]
+        },
+        EcsDesiredCountIsBlank: {
+          "Fn::Equals": [{Ref: "EcsDesiredCount"}, ""]
+        }
+      }
+    end
+  end
+end

data/lib/ufo/stack/builder/outputs.rb ADDED

@@ -0,0 +1,24 @@
+class Ufo::Stack::Builder
+  class Outputs < Base
+    def build
+      outputs = {
+        ElbDns: {
+          Description: "Elb Dns",
+          Condition: "CreateElbIsTrue",
+          Value: {
+            "Fn::GetAtt": "Elb.DNSName"
+          }
+        }
+      }
+      if @create_route53
+        outputs[:Route53Dns] = {
+          Description: "Route53 Dns",
+          Value: {Ref: "Dns"},
+        }
+      end
+      outputs
+    end
+  end
+end

data/lib/ufo/stack/builder/parameters.rb ADDED

@@ -0,0 +1,45 @@
+class Ufo::Stack::Builder
+  class Parameters < Base
+    def build
+      {
+        "Vpc": {
+          "Description": "Existing vpc id",
+          "Type": "AWS::EC2::VPC::Id"
+        },
+        "ElbSubnets": {
+          "Description": "Existing subnet ids for ELB",
+          "Type": "List<AWS::EC2::Subnet::Id>"
+        },
+        "EcsSubnets": {
+          "Description": "Existing subnet ids for ECS",
+          "Type": "List<AWS::EC2::Subnet::Id>"
+        },
+        "ElbTargetGroup": {
+          "Description": "Existing target group",
+          "Type": "String",
+          "Default": ""
+        },
+        "CreateElb": {
+          "Description": "Create elb",
+          "Type": "String",
+          "Default": true
+        },
+        "EcsDesiredCount": {
+          "Description": "Ecs desired count",
+          "Type": "String",
+          "Default": 1
+        },
+        "ElbEipIds": {
+          "Description": "ELB EIP Allocation ids to use for network load balancer",
+          "Type": "String",
+          "Default": ""
+        },
+        "EcsSchedulingStrategy": {
+          "Description": "The scheduling strategy to use for the service",
+          "Type": "String",
+          "Default": "REPLICA"
+        }
+      }
+    end
+  end
+end

data/lib/ufo/stack/builder/resources.rb ADDED

@@ -0,0 +1,20 @@
+class Ufo::Stack::Builder
+  class Resources < Base
+    def build
+      {
+        Dns: Dns.build,
+        Ecs: Ecs.build,
+        EcsSecurityGroup: SecurityGroup::Ecs.build,
+        EcsSecurityGroupRule: SecurityGroup::EcsRule.build,
+        Elb: Elb.build,
+        ElbSecurityGroup: SecurityGroup::Elb.build,
+        ExecutionRole: Roles::ExecutionRole.build,
+        Listener: Listener.build,
+        ListenerSsl: ListenerSsl.build,
+        TargetGroup: TargetGroup.build,
+        TaskDefinition: TaskDefinition.build,
+        TaskRole: Roles::TaskRole.build,
+      }
+    end
+  end
+end