ufo 5.0.0 → 5.0.5

data/lib/ufo/setting/profile.rb

@@ -12,6 +12,7 @@ class Ufo::Setting
         @profile, # user specified
         Ufo.env, # conventional based on env
         "default", # fallback to default
+        "base", # finally fallback to base
       ].compact.uniq
       paths = names.map { |name| "#{Ufo.root}/.ufo/settings/#{@type}/#{name}.yml" }
       found = paths.find { |p| File.exist?(p) }
@@ -21,7 +22,17 @@ class Ufo::Setting
       end
 
       text = RenderMePretty.result(found)
-      YAML.load(text).deep_symbolize_keys
+      specific_data = YAML.load(text).deep_symbolize_keys
+
+      base = "#{Ufo.root}/.ufo/settings/#{@type}/base.yml"
+      base_data = if File.exist?(base)
+                    text = RenderMePretty.result(base)
+                    YAML.load(text).deep_symbolize_keys
+                  else
+                    {}
+                  end
+
+      base_data.deep_merge(specific_data)
     end
     memoize :data
   end

data/lib/ufo/stack/builder/base.rb

@@ -33,21 +33,21 @@ class Ufo::Stack::Builder
       settings_key = "#{type}_security_groups".to_sym
       group_ids = Ufo::Setting::SecurityGroups.new(@service, settings_key).load
       # no security groups at all
-      return if !managed_security_groups_enabled? && group_ids.blank?
+      return if !managed_security_groups? && group_ids.blank?
 
       groups = []
       groups += group_ids
-      groups += [managed_security_group(type.to_s.camelize)] if managed_security_groups_enabled?
+      groups += [managed_security_group(type.to_s.camelize)] if managed_security_groups?
       groups
     end
 
     def managed_security_group(type)
-      logical_id = managed_security_groups_enabled? ? "#{type.camelize}SecurityGroup" : "AWS::NoValue"
+      logical_id = managed_security_groups? ? "#{type.camelize}SecurityGroup" : "AWS::NoValue"
       {Ref: logical_id}
     end
 
-    def managed_security_groups_enabled?
-      managed = settings[:managed_security_groups_enabled]
+    def managed_security_groups?
+      managed = settings[:managed_security_groups]
       managed.nil? ? true : managed
     end
   end

data/lib/ufo/stack/builder/resources/ecs.rb

@@ -21,18 +21,12 @@ class Ufo::Stack::Builder::Resources
             {Ref: "EcsDesiredCount"}
           ]
         },
-        NetworkConfiguration: {
-          AwsvpcConfiguration: {
-            Subnets: {Ref: "EcsSubnets"},
-            SecurityGroups: security_groups(:ecs)
-          }
-        },
         LoadBalancers: {
           "Fn::If": [
             "CreateTargetGroupIsTrue",
             [
               {
-                ContainerName: "web",
+                ContainerName: @container[:name],
                 ContainerPort: @container[:port],
                 TargetGroupArn: {Ref: "TargetGroup"}
               }
@@ -43,7 +37,7 @@ class Ufo::Stack::Builder::Resources
                 [],
                 [
                   {
-                    ContainerName: "web",
+                    ContainerName: @container[:name],
                     ContainerPort: @container[:port],
                     TargetGroupArn: {Ref: "ElbTargetGroup"}
                   }
@@ -57,6 +51,20 @@ class Ufo::Stack::Builder::Resources
 
       props[:TaskDefinition] = @rollback_definition_arn ? @rollback_definition_arn : {Ref: "TaskDefinition"}
 
+      if @container[:network_mode].to_s == 'awsvpc'
+        props[:NetworkConfiguration] = {
+          AwsvpcConfiguration: {
+            Subnets: {Ref: "EcsSubnets"},
+            SecurityGroups: security_groups(:ecs)
+          }
+        }
+
+        if @container[:fargate]
+          props[:LaunchType] = "FARGATE"
+          props[:NetworkConfiguration][:AwsvpcConfiguration][:AssignPublicIp] = "ENABLED" # Works with fargate but doesnt seem to work with non-fargate
+        end
+      end
+
       props
     end
   end

data/lib/ufo/stack/builder/resources/security_group/ecs.rb

@@ -1,7 +1,7 @@
 module Ufo::Stack::Builder::Resources::SecurityGroup
   class Ecs < Base
     def build
-      return unless managed_security_groups_enabled?
+      return unless managed_security_groups?
 
       {
         Type: "AWS::EC2::SecurityGroup",

data/lib/ufo/stack/builder/resources/security_group/ecs_rule.rb

@@ -1,7 +1,7 @@
 module Ufo::Stack::Builder::Resources::SecurityGroup
   class EcsRule < Base
     def build
-      return unless managed_security_groups_enabled?
+      return unless managed_security_groups?
       return unless @elb_type == "application"
 
       {

data/lib/ufo/stack/builder/resources/security_group/elb.rb

@@ -1,7 +1,7 @@
 module Ufo::Stack::Builder::Resources::SecurityGroup
   class Elb < Base
     def build
-      return unless managed_security_groups_enabled?
+      return unless managed_security_groups?
       return unless @elb_type == "application"
 
       {

data/lib/ufo/version.rb

@@ -1,3 +1,3 @@
 module Ufo
-  VERSION = "5.0.0"
+  VERSION = "5.0.5"
 end

data/spec/lib/ecr_auth_spec.rb

@@ -1,36 +1,48 @@
 describe Ufo::Ecr::Auth do
   let(:repo_domain) { "123456789.dkr.ecr.us-east-1.amazonaws.com" }
+  let(:username) { "user" }
+  let(:password) { "opensesame" }
   let(:auth) { Ufo::Ecr::Auth.new(repo_domain) }
   before(:each) do
-    allow(auth).to receive(:fetch_auth_token).and_return("opensesame")
+    allow(auth).to receive(:fetch_auth_token).and_return(Base64.encode64("#{username}:#{password}"))
   end
 
   context("update") do
-    before(:each) do
-      clean_home
-    end
+    context("with ecr repo") do
+      context("when login successful") do
+        it "should create the auth token" do
+          command = "docker login -u #{username} --password-stdin #{repo_domain}"
+          command_result = double(success?: true)
+          expect(Open3).to receive(:capture3)
+            .with(command, stdin_data: password)
+            .and_return(['', '', command_result])
 
-    context("missing ~/.docker/config.json") do
-      it "should create the auth token" do
-        auth.update
-        data = JSON.load(IO.read("spec/fixtures/home/.docker/config.json"))
-        auth_token = data["auths"][repo_domain]["auth"]
-        expect(auth_token).to eq("opensesame")
+          auth.update
+        end
+      end
+
+      context("when login failed") do
+        it "should exit with code 1" do
+          command = "docker login -u #{username} --password-stdin #{repo_domain}"
+          command_result = double(success?: false)
+          expect(Open3).to receive(:capture3)
+            .with(command, stdin_data: password)
+            .and_return(['', '', command_result])
+          expect(auth).to receive(:exit).with(1)
+
+          auth.update
+        end
       end
     end
 
-    context("existing ~/.docker/config.json") do
-      it "should update the auth token" do
+    context("with not ecr repo") do
+      let(:repo_domain) { "example/test" }
+
+      it "should not update credentials" do
+        expect(Open3).not_to receive(:capture3)
+
         auth.update
-        data = JSON.load(IO.read("spec/fixtures/home/.docker/config.json"))
-        auth_token = data["auths"][repo_domain]["auth"]
-        expect(auth_token).to eq("opensesame")
       end
     end
   end
-
-  def clean_home
-    FileUtils.rm_rf("spec/fixtures/home")
-    FileUtils.cp_r("spec/fixtures/home_existing", "spec/fixtures/home")
-  end
 end

data/ufo.gemspec

@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "aws-logs"
-  spec.add_dependency "aws-mfa-secure"
+  spec.add_dependency "aws-mfa-secure", "~> 0.4.3"
   spec.add_dependency "aws-sdk-cloudformation"
   spec.add_dependency "aws-sdk-cloudwatchlogs"
   spec.add_dependency "aws-sdk-ec2"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ufo
 version: !ruby/object:Gem::Version
-  version: 5.0.0
+  version: 5.0.5
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-05-29 00:00:00.000000000 Z
+date: 2021-01-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-logs
@@ -28,16 +28,16 @@ dependencies:
   name: aws-mfa-secure
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.4.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.4.3
 - !ruby/object:Gem::Dependency
   name: aws-sdk-cloudformation
   requirement: !ruby/object:Gem::Requirement
@@ -376,6 +376,7 @@ files:
 - docs/_docs/settings/aws_profile.md
 - docs/_docs/settings/cfn.md
 - docs/_docs/settings/cluster.md
+- docs/_docs/settings/manage-security-groups.md
 - docs/_docs/settings/network.md
 - docs/_docs/ssl_errors.md
 - docs/_docs/structure.md
@@ -394,6 +395,7 @@ files:
 - docs/_docs/upgrading.md
 - docs/_docs/upgrading/upgrade4.5.md
 - docs/_docs/upgrading/upgrade4.md
+- docs/_docs/upgrading/upgrade5.md
 - docs/_docs/variables.md
 - docs/_includes/about.html
 - docs/_includes/cfn-customize.md
@@ -512,6 +514,8 @@ files:
 - exe/ufo
 - lib/template/.env
 - lib/template/.secrets
+- lib/template/.ufo/iam_roles/execution_role.rb
+- lib/template/.ufo/iam_roles/task_role.rb
 - lib/template/.ufo/params.yml.tt
 - lib/template/.ufo/settings.yml.tt
 - lib/template/.ufo/settings/cfn/default.yml.tt
@@ -711,7 +715,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.2.5
 signing_key: 
 specification_version: 4
 summary: AWS ECS Deploy Tool