ufo 4.6.3 → 5.0.0

data/lib/ufo/stack/context.rb

@@ -2,13 +2,15 @@ class Ufo::Stack
   class Context
     extend Memoist
     include Helper
+    include Ufo::Settings
 
+    attr_reader :stack_name
     def initialize(options)
       @options = options
       @task_definition = options[:task_definition]
       @service = options[:service]
       # no need to adjust @cluster or @stack_name because it was adjusted in Stack#initialize
-      @cluster = options[:cluster]
+      @cluster = options[:cluster].dup # Thor options are frozen, we thaw it because CustomProperties#substitute_variables does a sub!
       @stack_name = options[:stack_name]
 
       @stack = options[:stack]
@@ -20,36 +22,44 @@ class Ufo::Stack
       # Add additional variable to scope for CloudFormation template.
       # Dirties the scope but needed.
       vars = {
+        service: @service,
         cluster: @cluster,
         stack_name: @stack_name, # used in custom_properties
         container: container,
+        # to reconstruct TaskDefinition in the CloudFormation template
+        task_definition: @task_definition,
+        rollback_definition_arn: @options[:rollback_definition_arn],
         # elb options remember that their 'state'
         create_elb: create_elb?, # helps set Ecs DependsOn
         elb_type: elb_type,
         subnet_mappings: subnet_mappings,
-        create_route53: create_elb? && cfn[:dns] && cfn[:dns][:name],
+        create_route53: create_elb? && has_dns_name?,
         default_target_group_protocol: default_target_group_protocol,
         default_listener_protocol: default_listener_protocol,
         default_listener_ssl_protocol: default_listener_ssl_protocol,
         create_listener_ssl: create_listener_ssl?,
       }
-      # puts "vars:".color(:cyan)
-      # pp vars
+
       scope.assign_instance_variables(vars)
       scope
     end
     memoize :scope
 
+    def has_dns_name?
+      cfn.dig(:Dns, :Name) || cfn.dig(:dns, :name) # backwards compatiblity
+    end
+
     def default_target_group_protocol
       return 'TCP' if elb_type == 'network'
       'HTTP'
     end
 
     def default_listener_protocol
+      port = cfn.dig(:Listener, :Port) || cfn.dig(:listener, :port) # backwards compatiblity
       if elb_type == 'network'
-        cfn[:listener][:port] == 443 ? 'TLS' : 'TCP'
+        port == 443 ? 'TLS' : 'TCP'
       else
-        cfn[:listener][:port] == 443 ? 'HTTPS' : 'HTTP'
+        port == 443 ? 'HTTPS' : 'HTTP'
       end
     end
 
@@ -59,32 +69,8 @@ class Ufo::Stack
 
     # if the configuration is set to anything then enable it
     def create_listener_ssl?
-      cfn[:listener_ssl] && cfn[:listener_ssl][:port]
-    end
-
-    def container
-      resp = ecs.describe_task_definition(task_definition: @task_definition)
-      task_definition = resp.task_definition
-
-      container_def = task_definition["container_definitions"].first
-      requires_compatibilities = task_definition["requires_compatibilities"]
-      fargate = requires_compatibilities && requires_compatibilities == ["FARGATE"]
-      network_mode = task_definition["network_mode"]
-
-      mappings = container_def["port_mappings"] || []
-      unless mappings.empty?
-        port = mappings.first["container_port"]
-      end
-
-      result = {
-        name: container_def["name"],
-        fargate: fargate,
-        network_mode: network_mode, # awsvpc, bridge, etc
-      }
-      result[:port] = port if port
-      result
+      cfn.dig(:ListenerSsl, :Port) || cfn.dig(:listener_ssl, :port) # backwards compatiblity
     end
-    memoize :container
 
     def create_elb?
       create_elb, _ = elb_options
@@ -135,6 +121,29 @@ class Ufo::Stack
       [create_elb, elb_target_group]
     end
 
+    def container
+      task_definition = Builder::Resources::TaskDefinition::Reconstructor.new(@task_definition, @options[:rollback]).reconstruct
+
+      container_def = task_definition["ContainerDefinitions"].first
+      requires_compatibilities = task_definition["RequiresCompatibilities"]
+      fargate = requires_compatibilities && requires_compatibilities == ["FARGATE"]
+      network_mode = task_definition["NetworkMode"]
+
+      mappings = container_def["PortMappings"] || []
+      unless mappings.empty?
+        port = mappings.first["ContainerPort"]
+      end
+
+      result =  {
+        name: container_def["Name"],
+        fargate: fargate,
+        network_mode: network_mode, # awsvpc, bridge, etc
+      }
+      result[:port] = port if port
+      result
+    end
+    memoize :container
+
     def get_parameter_value(stack, key)
       param = stack.parameters.find do |p|
         p.parameter_key == key
@@ -188,10 +197,8 @@ class Ufo::Stack
 
     def build_subnet_mappings!(allocations)
       unless allocations.size == network[:elb_subnets].size
-        # puts "caller:".color(:cyan)
-        # puts caller
         puts "ERROR: The allocation_ids must match in length to the subnets.".color(:red)
-        puts "Please double check that .ufo/settings/network/#{settings[:network_profile]} has the same number of subnets as the eip allocation ids are you specifying."
+        puts "Please double check that .ufo/settings/network/#{settings.network_profile} has the same number of subnets as the eip allocation ids are you specifying."
         subnets = network[:elb_subnets]
         puts "Conigured subnets: #{subnets.inspect}"
         puts "Specified allocation ids: #{allocations.inspect}"
@@ -242,19 +249,5 @@ class Ufo::Stack
     end
     memoize :elb_type
 
-    def network
-      Ufo::Setting::Profile.new(:network, settings[:network_profile]).data
-    end
-    memoize :network
-
-    def cfn
-      Ufo::Setting::Profile.new(:cfn, settings[:cfn_profile]).data
-    end
-    memoize :cfn
-
-    def settings
-      Ufo.settings
-    end
-
   end
 end

data/lib/ufo/stack/custom_properties.rb

@@ -0,0 +1,59 @@
+class Ufo::Stack
+  class CustomProperties
+    include Ufo::Settings
+
+    def initialize(template, stack_name)
+      @template, @stack_name = template, stack_name
+    end
+
+    def apply
+      customizations = camelize(cfn)
+      @template["Resources"].each do |logical_id, attrs|
+        custom_props = customizations[logical_id]
+        next unless custom_props
+        attrs["Properties"].deeper_merge!(custom_props, {overwrite_arrays: true})
+      end
+
+      substitute_variables!(@template["Resources"])
+      @template
+    end
+
+    # Keep backward compatiablity but encouraging CamelCase now because in the ufo init generator
+    # the .ufo/settings/cfn/default.yml is now CamelCase
+    def camelize(properties)
+      if ENV['UFO_CAMELIZE'] == '0' || settings[:auto_camelize] == false # provide a way to quickly test full camelize disable
+        return properties.deep_stringify_keys
+      end
+
+      # transform keys: camelize
+      properties.deep_stringify_keys.deep_transform_keys do |key|
+        if key == key.upcase # trying to generalize special rule for dns.TTL
+          key # leave key alone if key is already in all upcase
+        else
+          key.camelize
+        end
+      end
+    end
+
+    # Substitute special variables that cannot be baked into the template
+    # because they are dynamically assigned. Only one special variable:
+    #
+    #   {stack_name}
+    def substitute_variables!(properties)
+      # transform values and substitute for special values
+      # https://stackoverflow.com/questions/34595142/process-nested-hash-to-convert-all-values-to-strings
+      #
+      # Examples:
+      #   "{stack_name}.stag.boltops.com." => development-demo-web.stag.boltops.com.
+      #   "{stack_name}.stag.boltops.com." => dev-demo-web-2.stag.boltops.com.
+      properties.deep_merge(properties) do |_,_,v|
+        if v.is_a?(String)
+          v.sub!('{stack_name}', @stack_name) # need shebang, updating in-place
+        else
+          v
+        end
+      end
+      properties
+    end
+  end
+end

data/lib/ufo/stack/helper.rb

@@ -2,6 +2,7 @@ class Ufo::Stack
   module Helper
     include Ufo::AwsService
     include Ufo::Util
+    include Ufo::Settings
     extend Memoist
 
     def find_stack(stack_name)
@@ -34,15 +35,11 @@ class Ufo::Stack
       when "append_nothing", "prepend_nothing"
         [service, Ufo.env_extra]
       else # new default. ufo v4.5 and above
-        [service, Ufo.env, Ufo.env_extra]
+        [service, Ufo.env.to_s, Ufo.env_extra]
       end
       parts.reject {|x| x==''}.compact.join('-') # stack_name
     end
 
-    def cfn
-      Ufo::Setting::Profile.new(:cfn, settings[:cfn_profile]).data
-    end
-
     def status
       Status.new(@stack_name)
     end

data/lib/ufo/stack/template_body.rb

@@ -0,0 +1,13 @@
+class Ufo::Stack
+  class TemplateBody
+    def initialize(context)
+      @context = context
+    end
+
+    def build
+      builder = Builder.new(@context)
+      builder.build
+    end
+  end
+end
+

data/lib/ufo/task.rb

@@ -2,8 +2,9 @@ module Ufo
   class Task < Base
     extend Memoist
 
-    include Util
     include AwsService
+    include Ufo::Settings
+    include Util
 
     def initialize(task_definition, options)
       @task_definition = task_definition
@@ -139,12 +140,6 @@ module Ufo
       options
     end
 
-    def network
-      settings = Ufo.settings
-      Setting::Profile.new(:network, settings[:network_profile]).data
-    end
-    memoize :network
-
     def cloudwatch_info(task_arn)
       config = container_definition[:log_configuration]
       container_name = container_definition[:name]

data/lib/ufo/tasks.rb

@@ -2,7 +2,7 @@ module Ufo
   class Tasks < Command
     desc "build", "Build task definitions."
     long_desc Help.text("tasks:build")
-    option :pretty, type: :boolean, default: true, desc: "Pretty format the json for the task definitions"
+    option :image_override, desc: "Override image in task definition for quick testing"
     def build
       Tasks::Builder.new(options).build
     end

data/lib/ufo/tasks/builder.rb

@@ -6,7 +6,6 @@ module Ufo
       # build and register task definitions. There is little point of running them independently
       # This method helps us do that.
       build(options)
-      Tasks::Register.register(task_definition, options)
     end
 
     # ship: build and registers task definitions together

data/lib/ufo/template_scope.rb

@@ -1,6 +1,7 @@
 module Ufo
   class TemplateScope
     extend Memoist
+    include Ufo::Settings
 
     attr_reader :helper
     attr_reader :task_definition_name
@@ -44,72 +45,6 @@ module Ufo
       end
     end
 
-    def network
-      Ufo::Setting::Profile.new(:network, settings[:network_profile]).data
-    end
-    memoize :network
-
-    def cfn
-      Ufo::Setting::Profile.new(:cfn, settings[:cfn_profile]).data
-    end
-    memoize :cfn
-
-    def settings
-      Ufo.settings
-    end
-
-    def custom_properties(resource)
-      resource = resource.to_s.underscore
-      properties = cfn[resource.to_sym]
-      return unless properties
-
-      # transform keys: camelize
-      properties = properties.deep_stringify_keys.deep_transform_keys do |key|
-        if key == key.upcase # trying to generalize special rule for dns.TTL
-          key # leave key alone if key is already in all upcase
-        else
-          key.camelize
-        end
-      end
-
-      substitute_variables!(properties)
-
-      yaml = YAML.dump(properties)
-      # add spaces in front on each line
-      yaml.split("\n")[1..-1].map do |line|
-        "      #{line}"
-      end.join("\n") + "\n"
-    end
-
-    # Substitute special variables that cannot be baked into the template
-    # because they are dynamically assigned. Only one special variable:
-    #
-    #   {stack_name}
-    def substitute_variables!(properties)
-      # transform values and substitute for special values
-      # https://stackoverflow.com/questions/34595142/process-nested-hash-to-convert-all-values-to-strings
-      #
-      # Examples:
-      #   "{stack_name}.stag.boltops.com." => development-demo-web.stag.boltops.com.
-      #   "{stack_name}.stag.boltops.com." => dev-demo-web-2.stag.boltops.com.
-      properties.deep_merge(properties) do |_,_,v|
-        if v.is_a?(String)
-          v.sub!('{stack_name}', @stack_name) # unsure why need shebang, but it works
-        else
-          v
-        end
-      end
-      properties
-    end
-
-    def default_target_group_protocol
-      default_elb_protocol
-    end
-
-    def default_elb_protocol
-      @elb_type == "application" ? "HTTP" : "TCP"
-    end
-
     def pretty_name?
       # env variable takes highest precedence
       if ENV["STATIC_NAME"]

data/lib/ufo/utils/squeezer.rb

@@ -0,0 +1,24 @@
+module Ufo::Utils
+  class Squeezer
+    def initialize(data)
+      @data = data
+    end
+
+    def squeeze(new_data=nil)
+      data = new_data.nil? ? @data : new_data
+
+      case data
+      when Array
+        data.map! { |v| squeeze(v) }
+      when Hash
+        data.each_with_object({}) do |(k,v), squeezed|
+          # only remove nil and empty Array values within Hash structures
+          squeezed[k] = squeeze(v) unless v.nil? || v.is_a?(Array) && v.empty?
+          squeezed
+        end
+      else
+        data # do not transform
+      end
+    end
+  end
+end

data/lib/ufo/version.rb

@@ -1,3 +1,3 @@
 module Ufo
-  VERSION = "4.6.3"
+  VERSION = "5.0.0"
 end

data/spec/fixtures/iam_roles/task_role.rb

@@ -0,0 +1,17 @@
+iam_policy("AmazonS3ReadOnlyAccess",
+  Action: [
+    "s3:Get*",
+    "s3:List*"
+  ],
+  Effect: "Allow",
+  Resource: "*"
+)
+iam_policy("CloudwatchWrite",
+  Action: [
+    "cloudwatch:PutMetricData",
+  ],
+  Effect: "Allow",
+  Resource: "*"
+)
+
+managed_iam_policy("AmazonS3ReadOnlyAccess", "AmazonEC2ReadOnlyAccess")

data/spec/lib/role/builder_spec.rb

@@ -0,0 +1,67 @@
+describe Ufo::Role::Builder do
+  let(:builder) { described_class.new(role_type) }
+  let(:role_type) { "task_role" }
+
+  before(:each) do
+    Ufo::Role::Registry.register_policy("task_role",
+      "AmazonS3ReadOnlyAccess",
+      {:Action=>["s3:Get*", "s3:List*"], :Effect=>"Allow", :Resource=>"*"}
+    )
+    Ufo::Role::Registry.register_policy("task_role",
+      "CloudwatchWrite",
+      {:Action=>["cloudwatch:PutMetricData"], :Effect=>"Allow", :Resource=>"*"}
+    )
+    # Called twice on purpose to show that duplicated items in the set wont create doubles.
+    # This allows the DSL evaluate to be ran multiple times.
+    Ufo::Role::Registry.register_policy("task_role",
+      "CloudwatchWrite",
+      {:Action=>["cloudwatch:PutMetricData"], :Effect=>"Allow", :Resource=>"*"}
+    )
+
+
+    Ufo::Role::Registry.register_managed_policy("task_role",
+      "AmazonS3ReadOnlyAccess", "AmazonEC2ReadOnlyAccess"
+    )
+  end
+
+  context "build" do
+    it "builds role" do
+      resource = builder.build
+      expected = <<YAML
+---
+Type: AWS::IAM::Role
+Properties:
+  AssumeRolePolicyDocument:
+    Version: '2012-10-17'
+    Statement:
+    - Effect: Allow
+      Principal:
+        Service: ecs-tasks.amazonaws.com
+      Action: sts:AssumeRole
+  Policies:
+  - PolicyName: AmazonS3ReadOnlyAccess
+    PolicyDocument:
+      Version: '2012-10-17'
+      Statement:
+      - Action:
+        - s3:Get*
+        - s3:List*
+        Effect: Allow
+        Resource: "*"
+  - PolicyName: CloudwatchWrite
+    PolicyDocument:
+      Version: '2012-10-17'
+      Statement:
+      - Action:
+        - cloudwatch:PutMetricData
+        Effect: Allow
+        Resource: "*"
+  ManagedPolicyArns:
+  - arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
+  - arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess
+YAML
+      yaml = YAML.dump(resource)
+      expect(yaml).to eq(expected)
+    end
+  end
+end