ufo 4.6.3 → 5.0.4

data/lib/ufo/dsl/helper.rb

@@ -6,11 +6,20 @@
 # Simply aggregates a bunch of variables that is useful for the task_definition.
 module Ufo
   class DSL
-    # provides some helperally context variables
     class Helper
       include Ufo::Util
       extend Memoist
 
+      # Add helpers from .ufo/helpers folder
+      def add_project_helpers
+        helpers_dir = "#{Ufo.root}/.ufo/helpers"
+        Dir.glob("#{helpers_dir}/**/*").each do |path|
+          next unless File.file?(path)
+          klass = path.gsub(%r{.*\.ufo/helpers/},'').sub(".rb",'').camelize
+          self.class.send(:include, klass.constantize)
+        end
+      end
+
       ##############
       # helper variables
       def dockerfile_port
@@ -27,48 +36,21 @@ module Ufo
 
       #############
       # helper methods
-      def env_vars(text)
-        lines = filtered_lines(text)
-        lines.map do |line|
-          key,*value = line.strip.split("=").map do |x|
-            remove_surrounding_quotes(x.strip)
-          end
-          value = value.join('=')
-          {
-            name: key,
-            value: value,
-          }
-        end
+      def env(text)
+        Vars.new(text: text).env
       end
+      alias_method :env_vars, :env
 
-      def remove_surrounding_quotes(s)
-        if s =~ /^"/ && s =~ /"$/
-          s.sub(/^["]/, '').gsub(/["]$/,'') # remove surrounding double quotes
-        elsif s =~ /^'/ && s =~ /'$/
-          s.sub(/^[']/, '').gsub(/[']$/,'') # remove surrounding single quotes
-        else
-          s
-        end
+      def env_file(path)
+        Vars.new(file: path).env
       end
 
-      def filtered_lines(text)
-        lines = text.split("\n")
-        # remove comment at the end of the line
-        lines.map! { |l| l.sub(/\s+#.*/,'').strip }
-        # filter out commented lines
-        lines = lines.reject { |l| l =~ /(^|\s)#/i }
-        # filter out empty lines
-        lines = lines.reject { |l| l.strip.empty? }
+      def secrets(text)
+        Vars.new(text: text).secrets
       end
 
-      def env_file(path)
-        full_path = "#{Ufo.root}/#{path}"
-        unless File.exist?(full_path)
-          puts "The #{full_path} env file could not be found.  Are you sure it exists?"
-          exit 1
-        end
-        text = IO.read(full_path)
-        env_vars(text)
+      def secrets_file(path)
+        Vars.new(file: path).secrets
       end
 
       def current_region

data/lib/ufo/dsl/helper/vars.rb

@@ -0,0 +1,97 @@
+require "aws_data"
+
+class Ufo::DSL::Helper
+  class Vars
+    extend Memoist
+
+    def initialize(options={})
+      # use either file or text. text takes higher precedence
+      @file = options[:file]
+      @text = options[:text]
+    end
+
+    def content
+      @text || read(@file)
+    end
+
+    def read(path)
+      full_path = "#{Ufo.root}/#{path}"
+      unless File.exist?(full_path)
+        puts "The #{full_path} env file could not be found.  Are you sure it exists?"
+        exit 1
+      end
+      IO.read(full_path)
+    end
+
+    def env
+      lines = filtered_lines(content)
+      lines.map do |line|
+        key,*value = line.strip.split("=").map do |x|
+          remove_surrounding_quotes(x.strip)
+        end
+        value = value.join('=')
+        {
+          name: key,
+          value: value,
+        }
+      end
+    end
+
+    def secrets
+      secrets = env
+      secrets.map do |item|
+        value = item.delete(:value)
+        item[:valueFrom] = substitute(expand_secret(value))
+      end
+      secrets
+    end
+
+    def expand_secret(value)
+      case value
+      when /^ssm:/i
+        value.sub(/^ssm:/i, "arn:aws:ssm:#{region}:#{account}:parameter/")
+      when /^secretsmanager:/i
+        value.sub(/^secretsmanager:/i, "arn:aws:secretsmanager:#{region}:#{account}:secret:")
+      else
+        value # assume full arn has been passed
+      end
+    end
+
+    def substitute(value)
+      value.gsub(":UFO_ENV", Ufo.env)
+    end
+
+    def remove_surrounding_quotes(s)
+      if s =~ /^"/ && s =~ /"$/
+        s.sub(/^["]/, '').gsub(/["]$/,'') # remove surrounding double quotes
+      elsif s =~ /^'/ && s =~ /'$/
+        s.sub(/^[']/, '').gsub(/[']$/,'') # remove surrounding single quotes
+      else
+        s
+      end
+    end
+
+    def filtered_lines(content)
+      lines = content.split("\n")
+      # remove comment at the end of the line
+      lines.map! { |l| l.sub(/\s+#.*/,'').strip }
+      # filter out commented lines
+      lines = lines.reject { |l| l =~ /(^|\s)#/i }
+      # filter out empty lines
+      lines = lines.reject { |l| l.strip.empty? }
+    end
+
+    def aws_data
+      AwsData.new
+    end
+    memoize :aws_data
+
+    def region
+      aws_data.region
+    end
+
+    def account
+      aws_data.account
+    end
+  end
+end

data/lib/ufo/dsl/outputter.rb

@@ -5,7 +5,6 @@ module Ufo
         @name = name
         @erb_result = erb_result
         @options = options
-        @pretty = options[:pretty].nil? ? true : options[:pretty]
       end
 
       def write
@@ -16,25 +15,29 @@ module Ufo
         path = "#{output_path}/#{@name}.json".sub(/^\.\//,'')
         puts "  #{path}" unless @options[:quiet]
         validate(@erb_result, path)
-        json = @pretty ?
-          JSON.pretty_generate(JSON.parse(@erb_result)) :
-          @erb_result
-        File.open(path, 'w') {|f| f.write(output_json(json)) }
+        data = JSON.parse(@erb_result)
+        override_image(data)
+        json = JSON.pretty_generate(data)
+        File.open(path, 'w') {|f| f.write(json) }
+      end
+
+      def override_image(data)
+        return data unless @options[:image_override]
+        data["containerDefinitions"].each do |container_definition|
+          container_definition["image"] = @options[:image_override]
+        end
       end
 
       def validate(json, path)
         begin
           JSON.parse(json)
         rescue JSON::ParserError => e
+          puts "#{e.class}: #{e.message}"
           puts "Invalid json.  Output written to #{path} for debugging".color(:red)
           File.open(path, 'w') {|f| f.write(json) }
           exit 1
         end
       end
-
-      def output_json(json)
-        @options[:pretty] ? JSON.pretty_generate(JSON.parse(json)) : json
-      end
     end
   end
 end

data/lib/ufo/ecr/auth.rb

@@ -1,3 +1,5 @@
+require 'open3'
+
 =begin
 Normally, you must authorized to AWS ECR to push to their registry with:
 
@@ -27,19 +29,15 @@ module Ufo
       return unless ecr_image?
 
       auth_token = fetch_auth_token
-      if File.exist?(docker_config)
-        data = JSON.load(IO.read(docker_config))
-        data["auths"][@repo_domain] = {auth: auth_token}
-      else
-        data = {"auths" => {@repo_domain => {auth: auth_token}}}
+      username, password = Base64.decode64(auth_token).split(':')
+
+      command = "docker login -u #{username} --password-stdin #{@repo_domain}"
+      puts "=> #{command}".color(:green)
+      *, status = Open3.capture3(command, stdin_data: password)
+      unless status.success?
+        puts "ERROR: The docker failed to login.".color(:red)
+        exit 1
       end
-
-      # Handle legacy docker clients that still have old format with https://
-      legacy_entry = "https://#{@repo_domain}"
-      data["auths"][legacy_entry] = {auth: auth_token}
-
-      ensure_dotdocker_exists
-      IO.write(docker_config, JSON.pretty_generate(data))
     end
 
     def ecr_image?
@@ -50,14 +48,5 @@ module Ufo
       ecr.get_authorization_token.authorization_data.first.authorization_token
     end
 
-    def docker_config
-      "#{ENV['HOME']}/.docker/config.json"
-    end
-
-    def ensure_dotdocker_exists
-      dirname = File.dirname(docker_config)
-      FileUtils.mkdir_p(dirname) unless File.exist?(dirname)
-    end
-
   end
 end

data/lib/ufo/init.rb

@@ -9,7 +9,6 @@ module Ufo
         [:image, required: true, desc: "Docker image name without the tag. Example: tongueroo/demo-ufo. Configures ufo/settings.yml"],
         [:app, desc: "App name. Preferably one word. Used in the generated ufo/task_definitions.rb.  If not specified then the app name is inferred as the folder name."],
         [:launch_type, default: "ec2", desc: "ec2 or fargate."],
-        [:execution_role_arn, desc: "execution role arn used by tasks, required for fargate."],
         [:template, desc: "Custom template to use."],
         [:template_mode, desc: "Template mode: replace or additive."],
         [:vpc_id, desc: "Vpc id. For settings/network/default.yml."],
@@ -56,7 +55,6 @@ module Ufo
       # map variables
       @app = options[:app] || inferred_app
       @image = options[:image]
-      @execution_role_arn_input = get_execution_role_arn_input
       # copy the files
       puts "Setting up ufo project..."
       exclude_pattern = File.exist?("#{Ufo.root}/Dockerfile") ?

data/lib/ufo/log_group.rb

@@ -11,6 +11,7 @@ module Ufo
     def create
       puts "Ensuring log group for #{@task_definition.color(:green)} task definition exists"
       return if @options[:noop]
+      return if @options[:rollback] # dont need to create log group because previously deployed
 
       Ufo.check_task_definition!(@task_definition)
       task_def = JSON.load(IO.read(task_def_path))

data/lib/ufo/role/builder.rb

@@ -0,0 +1,66 @@
+module Ufo::Role
+  class Builder
+    def initialize(role_type)
+      @role_type = role_type
+    end
+
+    def build
+      resource(policies, managed_policy_arns)
+    end
+
+    def build?
+      !!(policies || managed_policy_arns)
+    end
+
+    def policies
+      items = Registry.policies[@role_type] # Array of Arrays
+      return unless items && !items.empty?
+
+      items.map do |item|
+        policy_name, statements = item # first element has policy name, second element has statements
+        {
+          PolicyName: policy_name,
+          PolicyDocument: {
+            Version: "2012-10-17",
+            Statement: statements
+          }
+        }
+      end
+    end
+
+    def managed_policy_arns
+      items = Registry.managed_policies[@role_type] # Array of Arrays
+      return unless items && !items.empty?
+
+      items.map do |item|
+        item.include?('iam::aws:policy') ? item : "arn:aws:iam::aws:policy/#{item}"
+      end
+    end
+
+    def resource(policies, managed_policy_arns)
+      properties = {
+        AssumeRolePolicyDocument: {
+          Version: "2012-10-17",
+          Statement: [
+            {
+              Effect: "Allow",
+              Principal: {
+                Service: "ecs-tasks.amazonaws.com"
+              },
+              Action: "sts:AssumeRole"
+            }
+          ]
+        },
+      }
+      properties[:Policies] = policies if policies
+      properties[:ManagedPolicyArns] = managed_policy_arns if managed_policy_arns
+
+      attrs = {
+        Type: "AWS::IAM::Role",
+        Properties: properties
+      }
+
+      attrs.deep_stringify_keys
+    end
+  end
+end

data/lib/ufo/role/dsl.rb

@@ -0,0 +1,21 @@
+module Ufo::Role
+  class DSL
+    def initialize(path)
+      @path = path # IE: .ufo/iam_roles/task_role.rb
+    end
+
+    def evaluate
+      instance_eval(IO.read(@path), @path)
+    end
+
+    def iam_policy(policy_name, statements)
+      role_type = File.basename(@path).sub('.rb','') # task_role or execution_role
+      Registry.register_policy(role_type, policy_name, statements)
+    end
+
+    def managed_iam_policy(*policies)
+      role_type = File.basename(@path).sub('.rb','') # task_role or execution_role
+      Registry.register_managed_policy(role_type, policies)
+    end
+  end
+end

data/lib/ufo/role/registry.rb

@@ -0,0 +1,24 @@
+require "set"
+
+module Ufo::Role
+  class Registry
+    class_attribute :policies
+    self.policies = {}
+    class_attribute :managed_policies
+    self.managed_policies = {}
+
+    class << self
+      def register_policy(role_type, policy_name, *statements)
+        statements.flatten!
+        self.policies[role_type] ||= Set.new
+        self.policies[role_type].add([policy_name, statements]) # using set so DSL can safely be evaluated multiple times
+      end
+
+      def register_managed_policy(role_type, *policies)
+        policies.flatten!
+        self.managed_policies[role_type] ||= Set.new
+        self.managed_policies[role_type].merge(policies) # using set so DSL can safely be evaluated multiple times
+      end
+    end
+  end
+end

data/lib/ufo/rollback.rb

@@ -3,7 +3,8 @@ module Ufo
     def deploy
       task_definition = normalize_version(@options[:version])
       puts "Rolling back ECS service to task definition #{task_definition}"
-      ship = Ship.new(@service, @options.merge(task_definition: task_definition))
+
+      ship = Ship.new(@service, @options.merge(task_definition: task_definition, rollback: true))
       ship.deploy
     end
 

data/lib/ufo/sequence.rb

@@ -17,22 +17,6 @@ module Ufo
       File.basename(Dir.pwd)
     end
 
-    def get_execution_role_arn_input
-      return @execution_role_arn if @execution_role_arn
-
-      if @options[:execution_role_arn]
-        @execution_role_arn = @options[:execution_role_arn]
-        return @execution_role_arn
-      end
-
-      return unless @options[:launch_type] == "fargate"
-      # execution role arn required for fargate
-      puts "For fargate ECS tasks an ECS Task Execution IAM Role is required. "
-      puts "More details here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html"
-      print "Please provide a execution role arn role for the ecs task: "
-      @execution_role_arn = $stdin.gets.strip
-    end
-
     def override_source_paths(*paths)
       # Using string with instance_eval because block doesnt have access to
       # path at runtime.

data/lib/ufo/setting/profile.rb

@@ -2,22 +2,36 @@ class Ufo::Setting
   class Profile
     extend Memoist
 
-    def initialize(type, profile='default')
+    def initialize(type, profile=nil)
       @type = type.to_s # cfn or network
       @profile = profile
     end
 
     def data
-      path = "#{Ufo.root}/.ufo/settings/#{@type}/#{@profile}.yml"
-      unless File.exist?(path)
-        puts "#{@type.camelize} profile #{path} not found. Please double check that it exists."
+      names = [
+        @profile, # user specified
+        Ufo.env, # conventional based on env
+        "default", # fallback to default
+      ].compact.uniq
+      paths = names.map { |name| "#{Ufo.root}/.ufo/settings/#{@type}/#{name}.yml" }
+      found = paths.find { |p| File.exist?(p) }
+      unless found
+        puts "#{@type.camelize} profile not found. Please double check that it exists. Checked paths: #{paths}"
         exit 1
       end
 
-      text = RenderMePretty.result(path)
-      # puts "text:".color(:cyan)
-      # puts text
-      YAML.load(text).deep_symbolize_keys
+      text = RenderMePretty.result(found)
+      specific_data = YAML.load(text).deep_symbolize_keys
+
+      base = "#{Ufo.root}/.ufo/settings/#{@type}/base.yml"
+      base_data = if File.exist?(base)
+                    text = RenderMePretty.result(base)
+                    YAML.load(text).deep_symbolize_keys
+                  else
+                    {}
+                  end
+
+      base_data.deep_merge(specific_data)
     end
     memoize :data
   end