ufo 5.0.0 → 5.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +18 -0
- data/docs/_docs/conventions.md +1 -1
- data/docs/_docs/extras/codebuild-iam-role.md +1 -1
- data/docs/_docs/extras/dockerfile-erb.md +1 -1
- data/docs/_docs/extras/ecs-network-mode.md +1 -1
- data/docs/_docs/extras/load-balancer.md +1 -1
- data/docs/_docs/extras/minimal-deploy-iam.md +1 -1
- data/docs/_docs/extras/notification-arns.md +1 -1
- data/docs/_docs/extras/redirection-support.md +9 -9
- data/docs/_docs/extras/route53-support.md +4 -4
- data/docs/_docs/extras/security-groups.md +1 -1
- data/docs/_docs/extras/ssl-support.md +5 -5
- data/docs/_docs/faq.md +1 -1
- data/docs/_docs/helpers.md +1 -1
- data/docs/_docs/iam-roles.md +3 -2
- data/docs/_docs/install.md +0 -10
- data/docs/_docs/more/auto-completion.md +1 -1
- data/docs/_docs/more/automated-cleanup.md +1 -1
- data/docs/_docs/more/customize-cloudformation.md +1 -1
- data/docs/_docs/more/migrations.md +1 -1
- data/docs/_docs/more/run-in-pieces.md +1 -1
- data/docs/_docs/more/single-task.md +1 -1
- data/docs/_docs/more/stuck-cloudformation.md +1 -1
- data/docs/_docs/more/why-cloudformation.md +1 -1
- data/docs/_docs/next-steps.md +1 -1
- data/docs/_docs/secrets.md +27 -4
- data/docs/_docs/settings.md +10 -9
- data/docs/_docs/settings/manage-security-groups.md +24 -0
- data/docs/_docs/settings/network.md +11 -1
- data/docs/_docs/structure.md +10 -9
- data/docs/_docs/tutorial-ufo-init.md +1 -7
- data/docs/_docs/ufo-current.md +1 -1
- data/docs/_docs/ufo-env-extra.md +1 -1
- data/docs/_docs/ufo-env.md +3 -5
- data/docs/_docs/ufo-logs.md +1 -2
- data/docs/_docs/ufo-task-params.md +1 -1
- data/docs/_docs/upgrading.md +1 -1
- data/docs/_docs/upgrading/upgrade4.5.md +2 -2
- data/docs/_docs/upgrading/upgrade4.md +2 -2
- data/docs/_docs/upgrading/upgrade5.md +19 -0
- data/docs/_docs/variables.md +1 -1
- data/docs/_includes/cfn-customize.md +18 -4
- data/docs/_includes/footer.html +6 -5
- data/docs/_reference/ufo-init.md +14 -15
- data/docs/articles.md +1 -1
- data/lib/template/.secrets +5 -3
- data/lib/template/.ufo/iam_roles/execution_role.rb +7 -0
- data/lib/template/.ufo/iam_roles/task_role.rb +21 -0
- data/lib/template/.ufo/templates/fargate.json.erb +0 -1
- data/lib/ufo/dsl/helper.rb +2 -2
- data/lib/ufo/dsl/helper/vars.rb +0 -1
- data/lib/ufo/ecr/auth.rb +10 -21
- data/lib/ufo/init.rb +0 -2
- data/lib/ufo/sequence.rb +0 -16
- data/lib/ufo/setting/profile.rb +12 -1
- data/lib/ufo/stack/builder/base.rb +5 -5
- data/lib/ufo/stack/builder/resources/ecs.rb +16 -8
- data/lib/ufo/stack/builder/resources/security_group/ecs.rb +1 -1
- data/lib/ufo/stack/builder/resources/security_group/ecs_rule.rb +1 -1
- data/lib/ufo/stack/builder/resources/security_group/elb.rb +1 -1
- data/lib/ufo/version.rb +1 -1
- data/spec/lib/ecr_auth_spec.rb +32 -20
- data/ufo.gemspec +1 -1
- metadata +11 -7
data/lib/ufo/setting/profile.rb
CHANGED
@@ -12,6 +12,7 @@ class Ufo::Setting
|
|
12
12
|
@profile, # user specified
|
13
13
|
Ufo.env, # conventional based on env
|
14
14
|
"default", # fallback to default
|
15
|
+
"base", # finally fallback to base
|
15
16
|
].compact.uniq
|
16
17
|
paths = names.map { |name| "#{Ufo.root}/.ufo/settings/#{@type}/#{name}.yml" }
|
17
18
|
found = paths.find { |p| File.exist?(p) }
|
@@ -21,7 +22,17 @@ class Ufo::Setting
|
|
21
22
|
end
|
22
23
|
|
23
24
|
text = RenderMePretty.result(found)
|
24
|
-
YAML.load(text).deep_symbolize_keys
|
25
|
+
specific_data = YAML.load(text).deep_symbolize_keys
|
26
|
+
|
27
|
+
base = "#{Ufo.root}/.ufo/settings/#{@type}/base.yml"
|
28
|
+
base_data = if File.exist?(base)
|
29
|
+
text = RenderMePretty.result(base)
|
30
|
+
YAML.load(text).deep_symbolize_keys
|
31
|
+
else
|
32
|
+
{}
|
33
|
+
end
|
34
|
+
|
35
|
+
base_data.deep_merge(specific_data)
|
25
36
|
end
|
26
37
|
memoize :data
|
27
38
|
end
|
@@ -33,21 +33,21 @@ class Ufo::Stack::Builder
|
|
33
33
|
settings_key = "#{type}_security_groups".to_sym
|
34
34
|
group_ids = Ufo::Setting::SecurityGroups.new(@service, settings_key).load
|
35
35
|
# no security groups at all
|
36
|
-
return if !
|
36
|
+
return if !managed_security_groups? && group_ids.blank?
|
37
37
|
|
38
38
|
groups = []
|
39
39
|
groups += group_ids
|
40
|
-
groups += [managed_security_group(type.to_s.camelize)] if
|
40
|
+
groups += [managed_security_group(type.to_s.camelize)] if managed_security_groups?
|
41
41
|
groups
|
42
42
|
end
|
43
43
|
|
44
44
|
def managed_security_group(type)
|
45
|
-
logical_id =
|
45
|
+
logical_id = managed_security_groups? ? "#{type.camelize}SecurityGroup" : "AWS::NoValue"
|
46
46
|
{Ref: logical_id}
|
47
47
|
end
|
48
48
|
|
49
|
-
def
|
50
|
-
managed = settings[:
|
49
|
+
def managed_security_groups?
|
50
|
+
managed = settings[:managed_security_groups]
|
51
51
|
managed.nil? ? true : managed
|
52
52
|
end
|
53
53
|
end
|
@@ -21,18 +21,12 @@ class Ufo::Stack::Builder::Resources
|
|
21
21
|
{Ref: "EcsDesiredCount"}
|
22
22
|
]
|
23
23
|
},
|
24
|
-
NetworkConfiguration: {
|
25
|
-
AwsvpcConfiguration: {
|
26
|
-
Subnets: {Ref: "EcsSubnets"},
|
27
|
-
SecurityGroups: security_groups(:ecs)
|
28
|
-
}
|
29
|
-
},
|
30
24
|
LoadBalancers: {
|
31
25
|
"Fn::If": [
|
32
26
|
"CreateTargetGroupIsTrue",
|
33
27
|
[
|
34
28
|
{
|
35
|
-
ContainerName:
|
29
|
+
ContainerName: @container[:name],
|
36
30
|
ContainerPort: @container[:port],
|
37
31
|
TargetGroupArn: {Ref: "TargetGroup"}
|
38
32
|
}
|
@@ -43,7 +37,7 @@ class Ufo::Stack::Builder::Resources
|
|
43
37
|
[],
|
44
38
|
[
|
45
39
|
{
|
46
|
-
ContainerName:
|
40
|
+
ContainerName: @container[:name],
|
47
41
|
ContainerPort: @container[:port],
|
48
42
|
TargetGroupArn: {Ref: "ElbTargetGroup"}
|
49
43
|
}
|
@@ -57,6 +51,20 @@ class Ufo::Stack::Builder::Resources
|
|
57
51
|
|
58
52
|
props[:TaskDefinition] = @rollback_definition_arn ? @rollback_definition_arn : {Ref: "TaskDefinition"}
|
59
53
|
|
54
|
+
if @container[:network_mode].to_s == 'awsvpc'
|
55
|
+
props[:NetworkConfiguration] = {
|
56
|
+
AwsvpcConfiguration: {
|
57
|
+
Subnets: {Ref: "EcsSubnets"},
|
58
|
+
SecurityGroups: security_groups(:ecs)
|
59
|
+
}
|
60
|
+
}
|
61
|
+
|
62
|
+
if @container[:fargate]
|
63
|
+
props[:LaunchType] = "FARGATE"
|
64
|
+
props[:NetworkConfiguration][:AwsvpcConfiguration][:AssignPublicIp] = "ENABLED" # Works with fargate but doesnt seem to work with non-fargate
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
60
68
|
props
|
61
69
|
end
|
62
70
|
end
|
data/lib/ufo/version.rb
CHANGED
data/spec/lib/ecr_auth_spec.rb
CHANGED
@@ -1,36 +1,48 @@
|
|
1
1
|
describe Ufo::Ecr::Auth do
|
2
2
|
let(:repo_domain) { "123456789.dkr.ecr.us-east-1.amazonaws.com" }
|
3
|
+
let(:username) { "user" }
|
4
|
+
let(:password) { "opensesame" }
|
3
5
|
let(:auth) { Ufo::Ecr::Auth.new(repo_domain) }
|
4
6
|
before(:each) do
|
5
|
-
allow(auth).to receive(:fetch_auth_token).and_return("
|
7
|
+
allow(auth).to receive(:fetch_auth_token).and_return(Base64.encode64("#{username}:#{password}"))
|
6
8
|
end
|
7
9
|
|
8
10
|
context("update") do
|
9
|
-
|
10
|
-
|
11
|
-
|
11
|
+
context("with ecr repo") do
|
12
|
+
context("when login successful") do
|
13
|
+
it "should create the auth token" do
|
14
|
+
command = "docker login -u #{username} --password-stdin #{repo_domain}"
|
15
|
+
command_result = double(success?: true)
|
16
|
+
expect(Open3).to receive(:capture3)
|
17
|
+
.with(command, stdin_data: password)
|
18
|
+
.and_return(['', '', command_result])
|
12
19
|
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
20
|
+
auth.update
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
context("when login failed") do
|
25
|
+
it "should exit with code 1" do
|
26
|
+
command = "docker login -u #{username} --password-stdin #{repo_domain}"
|
27
|
+
command_result = double(success?: false)
|
28
|
+
expect(Open3).to receive(:capture3)
|
29
|
+
.with(command, stdin_data: password)
|
30
|
+
.and_return(['', '', command_result])
|
31
|
+
expect(auth).to receive(:exit).with(1)
|
32
|
+
|
33
|
+
auth.update
|
34
|
+
end
|
19
35
|
end
|
20
36
|
end
|
21
37
|
|
22
|
-
context("
|
23
|
-
|
38
|
+
context("with not ecr repo") do
|
39
|
+
let(:repo_domain) { "example/test" }
|
40
|
+
|
41
|
+
it "should not update credentials" do
|
42
|
+
expect(Open3).not_to receive(:capture3)
|
43
|
+
|
24
44
|
auth.update
|
25
|
-
data = JSON.load(IO.read("spec/fixtures/home/.docker/config.json"))
|
26
|
-
auth_token = data["auths"][repo_domain]["auth"]
|
27
|
-
expect(auth_token).to eq("opensesame")
|
28
45
|
end
|
29
46
|
end
|
30
47
|
end
|
31
|
-
|
32
|
-
def clean_home
|
33
|
-
FileUtils.rm_rf("spec/fixtures/home")
|
34
|
-
FileUtils.cp_r("spec/fixtures/home_existing", "spec/fixtures/home")
|
35
|
-
end
|
36
48
|
end
|
data/ufo.gemspec
CHANGED
@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
|
|
19
19
|
spec.require_paths = ["lib"]
|
20
20
|
|
21
21
|
spec.add_dependency "aws-logs"
|
22
|
-
spec.add_dependency "aws-mfa-secure"
|
22
|
+
spec.add_dependency "aws-mfa-secure", "~> 0.4.3"
|
23
23
|
spec.add_dependency "aws-sdk-cloudformation"
|
24
24
|
spec.add_dependency "aws-sdk-cloudwatchlogs"
|
25
25
|
spec.add_dependency "aws-sdk-ec2"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ufo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.0.
|
4
|
+
version: 5.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tung Nguyen
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-01-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-logs
|
@@ -28,16 +28,16 @@ dependencies:
|
|
28
28
|
name: aws-mfa-secure
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- - "
|
31
|
+
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
33
|
+
version: 0.4.3
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- - "
|
38
|
+
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version:
|
40
|
+
version: 0.4.3
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: aws-sdk-cloudformation
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -376,6 +376,7 @@ files:
|
|
376
376
|
- docs/_docs/settings/aws_profile.md
|
377
377
|
- docs/_docs/settings/cfn.md
|
378
378
|
- docs/_docs/settings/cluster.md
|
379
|
+
- docs/_docs/settings/manage-security-groups.md
|
379
380
|
- docs/_docs/settings/network.md
|
380
381
|
- docs/_docs/ssl_errors.md
|
381
382
|
- docs/_docs/structure.md
|
@@ -394,6 +395,7 @@ files:
|
|
394
395
|
- docs/_docs/upgrading.md
|
395
396
|
- docs/_docs/upgrading/upgrade4.5.md
|
396
397
|
- docs/_docs/upgrading/upgrade4.md
|
398
|
+
- docs/_docs/upgrading/upgrade5.md
|
397
399
|
- docs/_docs/variables.md
|
398
400
|
- docs/_includes/about.html
|
399
401
|
- docs/_includes/cfn-customize.md
|
@@ -512,6 +514,8 @@ files:
|
|
512
514
|
- exe/ufo
|
513
515
|
- lib/template/.env
|
514
516
|
- lib/template/.secrets
|
517
|
+
- lib/template/.ufo/iam_roles/execution_role.rb
|
518
|
+
- lib/template/.ufo/iam_roles/task_role.rb
|
515
519
|
- lib/template/.ufo/params.yml.tt
|
516
520
|
- lib/template/.ufo/settings.yml.tt
|
517
521
|
- lib/template/.ufo/settings/cfn/default.yml.tt
|
@@ -711,7 +715,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
711
715
|
- !ruby/object:Gem::Version
|
712
716
|
version: '0'
|
713
717
|
requirements: []
|
714
|
-
rubygems_version: 3.
|
718
|
+
rubygems_version: 3.2.5
|
715
719
|
signing_key:
|
716
720
|
specification_version: 4
|
717
721
|
summary: AWS ECS Deploy Tool
|