ufo 4.6.3 → 5.0.4

data/lib/ufo/setting/security_groups.rb

@@ -0,0 +1,22 @@
+class Ufo::Setting
+  class SecurityGroups
+    include Ufo::Settings
+    extend Memoist
+
+    def initialize(service, type)
+      @service, @type = service, type
+    end
+
+    def load
+      groups = network[@type] # IE: network[:ecs_security_groups] or network[:elb_security_groups]
+      return [] unless groups
+
+      case groups
+      when Array # same security groups used for all services
+        groups
+      when Hash # service specific security groups
+        groups[@service.to_sym] || []
+      end
+    end
+  end
+end

data/lib/ufo/settings.rb

@@ -0,0 +1,20 @@
+module Ufo
+  module Settings
+    extend Memoist
+
+    def network
+      Ufo::Setting::Profile.new(:network, settings[:network_profile]).data
+    end
+    memoize :network
+
+    def cfn
+      Ufo::Setting::Profile.new(:cfn, settings[:cfn_profile]).data
+    end
+    memoize :cfn
+
+    def settings
+      Setting.new.data
+    end
+    memoize :settings
+  end
+end

data/lib/ufo/stack.rb

@@ -25,10 +25,12 @@ module Ufo
   class Stack
     extend Memoist
     include Helper
+    include Ufo::Settings
 
     def initialize(options)
       @options = options
       @task_definition = options[:task_definition]
+      @rollback = options[:rollback]
       @service = options[:service]
       @cluster = @options[:cluster] || default_cluster(@service)
       @stack_name = adjust_stack_name(@cluster, options[:service])
@@ -66,18 +68,6 @@ module Ufo
       handle_stack_error(e)
     end
 
-    # do not memoize template_body it can change for a rename retry
-    def template_body
-      custom_template = "#{Ufo.root}/.ufo/settings/cfn/stack.yml"
-      path = if File.exist?(custom_template)
-               custom_template
-             else
-               # built-in default
-               File.expand_path("../cfn/stack.yml", File.dirname(__FILE__))
-             end
-      RenderMePretty.result(path, context: context.scope)
-    end
-
     def stack_options
       save_template
       if ENV['SAVE_TEMPLATE_EXIT']
@@ -85,22 +75,26 @@ module Ufo
         exit 1
       end
       {
+        capabilities: ["CAPABILITY_IAM"],
+        notification_arns: notification_arns,
         parameters: parameters,
         stack_name: @stack_name,
         template_body: template_body,
       }
     end
 
+    def notification_arns
+      settings[:notification_arns] || []
+    end
+
     def parameters
       create_elb, elb_target_group = context.elb_options
 
-      network = Setting::Profile.new(:network, settings[:network_profile]).data
-      # pp network
       elb_subnets = network[:elb_subnets] && !network[:elb_subnets].empty? ?
                     network[:elb_subnets] :
                     network[:ecs_subnets]
 
-      hash = {
+      params = {
         Vpc: network[:vpc],
         ElbSubnets: elb_subnets.join(','),
         EcsSubnets: network[:ecs_subnets].join(','),
@@ -110,14 +104,11 @@ module Ufo
         ElbEipIds: context.elb_eip_ids,
 
         EcsDesiredCount: current_desired_count,
-        EcsTaskDefinition: task_definition_arn,
         EcsSchedulingStrategy: scheduling_strategy,
       }
 
-      hash[:EcsSecurityGroups] = network[:ecs_security_groups].join(',') if network[:ecs_security_groups]
-      hash[:ElbSecurityGroups] = network[:elb_security_groups].join(',') if network[:elb_security_groups]
-
-      hash.map do |k,v|
+      params = Ufo::Utils::Squeezer.new(params).squeeze
+      params.map do |k,v|
         if v == :use_previous_value
           { parameter_key: k, use_previous_value: true }
         else
@@ -127,12 +118,20 @@ module Ufo
     end
     memoize :parameters
 
+    # do not memoize template_body it can change for a rename retry
+    def template_body
+      TemplateBody.new(context).build
+    end
+    memoize :template_body
+
     def context
-      Context.new(@options.merge(
+      o = @options.merge(
         cluster: @cluster,
         stack_name: @stack_name,
         stack: @stack,
-      ))
+      )
+      o[:rollback_definition_arn] = rollback_definition_arn if rollback_definition_arn
+      Context.new(o)
     end
     memoize :context
 
@@ -154,11 +153,12 @@ module Ufo
       end
     end
 
-    def task_definition_arn
+    def rollback_definition_arn
+      return unless @rollback
       resp = ecs.describe_task_definition(task_definition: @task_definition)
       resp.task_definition.task_definition_arn
     end
-    memoize :task_definition_arn
+    memoize :rollback_definition_arn
 
     # Store template in tmp in case for debugging
     def save_template

data/lib/ufo/stack/builder.rb

@@ -0,0 +1,26 @@
+class Ufo::Stack
+  class Builder
+    class_attribute :context
+
+    def initialize(context)
+      @context = context
+      # This builder class is really used as a singleton.
+      # To avoid having to pass context to all the builder classes.
+      self.class.context = @context
+      @template = {
+        Description: "Ufo ECS stack #{context.stack_name}",
+      }
+    end
+
+    def build
+      @template[:Parameters] = Parameters.new.build
+      @template[:Conditions] = Conditions.new.build
+      @template[:Resources] = Resources.new.build
+      @template[:Outputs] = Outputs.new.build
+      @template.deep_stringify_keys!
+      @template = Ufo::Utils::Squeezer.new(@template).squeeze
+      @template = CustomProperties.new(@template, @context.stack_name).apply
+      YAML.dump(@template)
+    end
+  end
+end

data/lib/ufo/stack/builder/base.rb

@@ -0,0 +1,54 @@
+class Ufo::Stack::Builder
+  class Base
+    include Ufo::Settings
+
+    def initialize
+      copy_instance_variables
+    end
+
+    # Copy the instance variables from TemplateScope Stack Builder classes
+    def copy_instance_variables
+      context = Ufo::Stack::Builder.context
+      scope = context.scope
+      scope.instance_variables.each do |var|
+        val = scope.instance_variable_get(var)
+        instance_variable_set(var, val)
+      end
+    end
+
+    def self.build
+      new.build
+    end
+
+    # type: elb or ecs
+    # NOTE: Application ELBs always seem to need a security group even though the docs say its not required
+    # However, there's a case where no ELB is created for a worker tier and if the settings are all blank
+    # CloudFormation fails to resolve and splits out this error:
+    #
+    #     Template error: every Fn::Split object requires two parameters
+    #
+    # So we will not assign security groups at all for case of workers with no security groups at all.
+    #
+    def security_groups(type)
+      settings_key = "#{type}_security_groups".to_sym
+      group_ids = Ufo::Setting::SecurityGroups.new(@service, settings_key).load
+      # no security groups at all
+      return if !managed_security_groups? && group_ids.blank?
+
+      groups = []
+      groups += group_ids
+      groups += [managed_security_group(type.to_s.camelize)] if managed_security_groups?
+      groups
+    end
+
+    def managed_security_group(type)
+      logical_id = managed_security_groups? ? "#{type.camelize}SecurityGroup" : "AWS::NoValue"
+      {Ref: logical_id}
+    end
+
+    def managed_security_groups?
+      managed = settings[:managed_security_groups]
+      managed.nil? ? true : managed
+    end
+  end
+end

data/lib/ufo/stack/builder/conditions.rb

@@ -0,0 +1,23 @@
+class Ufo::Stack::Builder
+  class Conditions < Base
+    def build
+      {
+        CreateElbIsTrue: {
+          "Fn::Equals": [{Ref: "CreateElb"}, true]
+        },
+        ElbTargetGroupIsBlank: {
+          "Fn::Equals": [{Ref: "ElbTargetGroup"}, ""]
+        },
+        CreateTargetGroupIsTrue: {
+          "Fn::And": [
+            {Condition: "CreateElbIsTrue"},
+            {Condition: "ElbTargetGroupIsBlank"},
+          ]
+        },
+        EcsDesiredCountIsBlank: {
+          "Fn::Equals": [{Ref: "EcsDesiredCount"}, ""]
+        }
+      }
+    end
+  end
+end

data/lib/ufo/stack/builder/outputs.rb

@@ -0,0 +1,24 @@
+class Ufo::Stack::Builder
+  class Outputs < Base
+    def build
+      outputs = {
+        ElbDns: {
+          Description: "Elb Dns",
+          Condition: "CreateElbIsTrue",
+          Value: {
+            "Fn::GetAtt": "Elb.DNSName"
+          }
+        }
+      }
+
+      if @create_route53
+        outputs[:Route53Dns] = {
+          Description: "Route53 Dns",
+          Value: {Ref: "Dns"},
+        }
+      end
+
+      outputs
+    end
+  end
+end

data/lib/ufo/stack/builder/parameters.rb

@@ -0,0 +1,45 @@
+class Ufo::Stack::Builder
+  class Parameters < Base
+    def build
+      {
+        "Vpc": {
+          "Description": "Existing vpc id",
+          "Type": "AWS::EC2::VPC::Id"
+        },
+        "ElbSubnets": {
+          "Description": "Existing subnet ids for ELB",
+          "Type": "List<AWS::EC2::Subnet::Id>"
+        },
+        "EcsSubnets": {
+          "Description": "Existing subnet ids for ECS",
+          "Type": "List<AWS::EC2::Subnet::Id>"
+        },
+        "ElbTargetGroup": {
+          "Description": "Existing target group",
+          "Type": "String",
+          "Default": ""
+        },
+        "CreateElb": {
+          "Description": "Create elb",
+          "Type": "String",
+          "Default": true
+        },
+        "EcsDesiredCount": {
+          "Description": "Ecs desired count",
+          "Type": "String",
+          "Default": 1
+        },
+        "ElbEipIds": {
+          "Description": "ELB EIP Allocation ids to use for network load balancer",
+          "Type": "String",
+          "Default": ""
+        },
+        "EcsSchedulingStrategy": {
+          "Description": "The scheduling strategy to use for the service",
+          "Type": "String",
+          "Default": "REPLICA"
+        }
+      }
+    end
+  end
+end

data/lib/ufo/stack/builder/resources.rb

@@ -0,0 +1,20 @@
+class Ufo::Stack::Builder
+  class Resources < Base
+    def build
+      {
+        Dns: Dns.build,
+        Ecs: Ecs.build,
+        EcsSecurityGroup: SecurityGroup::Ecs.build,
+        EcsSecurityGroupRule: SecurityGroup::EcsRule.build,
+        Elb: Elb.build,
+        ElbSecurityGroup: SecurityGroup::Elb.build,
+        ExecutionRole: Roles::ExecutionRole.build,
+        Listener: Listener.build,
+        ListenerSsl: ListenerSsl.build,
+        TargetGroup: TargetGroup.build,
+        TaskDefinition: TaskDefinition.build,
+        TaskRole: Roles::TaskRole.build,
+      }
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/base.rb

@@ -0,0 +1,4 @@
+class Ufo::Stack::Builder::Resources
+  class Base < Ufo::Stack::Builder::Base
+  end
+end

data/lib/ufo/stack/builder/resources/dns.rb

@@ -0,0 +1,17 @@
+class Ufo::Stack::Builder::Resources
+  class Dns < Base
+    def build
+      return unless @create_route53
+
+      {
+        Type: "AWS::Route53::RecordSet",
+        Properties: {
+          Comment: "cname to load balancer",
+          Type: "CNAME",
+          TTL: 60, # ttl has special casing
+          ResourceRecords: [{"Fn::GetAtt": "Elb.DNSName"}]
+        }
+      }
+    end
+  end
+end

data/lib/ufo/stack/builder/resources/ecs.rb

@@ -0,0 +1,71 @@
+class Ufo::Stack::Builder::Resources
+  class Ecs < Base
+    def build
+      attrs = {
+        Type: "AWS::ECS::Service",
+        Properties: properties
+      }
+
+      attrs[:DependsOn] = "Listener" if @create_elb
+
+      attrs
+    end
+
+    def properties
+      props = {
+        Cluster: @cluster,
+        DesiredCount: {
+          "Fn::If": [
+            "EcsDesiredCountIsBlank",
+            {Ref: "AWS::NoValue"},
+            {Ref: "EcsDesiredCount"}
+          ]
+        },
+        LoadBalancers: {
+          "Fn::If": [
+            "CreateTargetGroupIsTrue",
+            [
+              {
+                ContainerName: @container[:name],
+                ContainerPort: @container[:port],
+                TargetGroupArn: {Ref: "TargetGroup"}
+              }
+            ],
+            {
+              "Fn::If": [
+                "ElbTargetGroupIsBlank",
+                [],
+                [
+                  {
+                    ContainerName: @container[:name],
+                    ContainerPort: @container[:port],
+                    TargetGroupArn: {Ref: "ElbTargetGroup"}
+                  }
+                ]
+              ]
+            }
+          ]
+        },
+        SchedulingStrategy: {Ref: "EcsSchedulingStrategy"}
+      }
+
+      props[:TaskDefinition] = @rollback_definition_arn ? @rollback_definition_arn : {Ref: "TaskDefinition"}
+
+      if @container[:network_mode].to_s == 'awsvpc'
+        props[:NetworkConfiguration] = {
+          AwsvpcConfiguration: {
+            Subnets: {Ref: "EcsSubnets"},
+            SecurityGroups: security_groups(:ecs)
+          }
+        }
+
+        if @container[:fargate]
+          props[:LaunchType] = "FARGATE"
+          props[:NetworkConfiguration][:AwsvpcConfiguration][:AssignPublicIp] = "ENABLED" # Works with fargate but doesnt seem to work with non-fargate
+        end
+      end
+
+      props
+    end
+  end
+end