ufo 6.0.7 → 6.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a1d99bfecc9c3cc0dd62ac1e0eef1091d175578cf439138cab340e0ffa877a21
-  data.tar.gz: 746c2c8379afa612682c77fe551a1e4b0219a4b75101837410e9a85a5a8a22c3
+  metadata.gz: 4394550f855c4e125e7bbcd6e62d4eee7fe5720c48037201cc66fcba19013d36
+  data.tar.gz: 1b3d1f7ef2b040bc3bbe2ec7815b7da0a5d5e366b8906bf8d997d57cd8193ad5
 SHA512:
-  metadata.gz: 1fed912e9ceb5c30b96754185274cf8cf6c25f1f467816677df59665421d717d0e95cf9071ab033f8c03b4abc5011115ccfd15b146afd3700c834e606ba2fb79
-  data.tar.gz: f0f7f8944b7922438e1ed9355aa46575e3b2b405580f91f71f4664f80df6736425471c3be5b09d14f6bca5e11d44d0326b551d7086e6b5614618fd3c7b195afc
+  metadata.gz: 5ca6d18a47212fbfd9beba2dcdc130d1341f5c3f50bd9a27396150828217ed61e44d885e9fd83904b5029822a89585e089288567fb931e1497765c9a74b443cc
+  data.tar.gz: 85afc2fb866da1a8de2aab7d10f942248706088adc10fda04cd23b537dc5d2fe21779ee11337b4f324cc4c57b41a8d6ce6996dc070d3a9508028f7525c4bf1e4

data/.cody/acceptance/bin/build.sh

@@ -39,6 +39,8 @@ cat .ufo/resources/task_definitions/web.yml
 cat .ufo/vars/base.rb
 cat .ufo/vars/dev.rb
 
+export UFO_ENV=qa
+
 # Deploy
 ufo ship -y
 # Check
@@ -57,6 +59,11 @@ Ufo.configure do |config|
   config.autoscaling.max_capacity = 3
 end
 EOF
+cat << EOF > .ufo/config/web/qa.rb
+Ufo.configure do |config|
+  config.autoscaling.max_capacity = 3
+end
+EOF
 
 # Update
 ufo clean -y # dont have to but good to test ufo clean
@@ -69,7 +76,7 @@ TASK=$(ufo ps --format json | jq -r '.[0].Task')
 echo "TASK $TASK"
 
 # TODO: create fargate spot cluster
-CLUSTER=dev
+CLUSTER=qa
 # Just show for now. Might have to add wait logic to confirm new settings
 aws ecs describe-tasks --cluster $CLUSTER --tasks $TASK \
     | jq '.tasks[].containers[] | {cpu: .cpu, memory: .memory}'

data/CHANGELOG.md

@@ -3,6 +3,26 @@
 All notable changes to this project will be documented in this file.
 This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
 
+## [6.1.0] - 2022-03-11
+- [#136](https://github.com/tongueroo/ufo/pull/136) ufo central: dont load config
+- [#137](https://github.com/tongueroo/ufo/pull/137) ufo new boot_hook generator
+- [#138](https://github.com/tongueroo/ufo/pull/138) default config.autoscaling.predefined_metric_type = ECSServiceAverageMemoryUtilization
+- [#139](https://github.com/tongueroo/ufo/pull/139) ELB WAF Support
+- [#140](https://github.com/tongueroo/ufo/pull/140) warn user when ecr repo not found
+- [#141](https://github.com/tongueroo/ufo/pull/141) check old version and show upgrade message to user
+- [#142](https://github.com/tongueroo/ufo/pull/142) ufo exec: check stack exists
+- [#143](https://github.com/tongueroo/ufo/pull/143) Aws helper
+- [#144](https://github.com/tongueroo/ufo/pull/144) support :EXTRA in expansion and include as default for names
+- [#145](https://github.com/tongueroo/ufo/pull/145) Callable options: ecs.cluster, names.stack, names.task_definition, secrets.pattern.ssm
+- Ufo.app config loaded check to avoid accidental infinite loop
+
+## [6.0.9] - 2022-03-10
+- fix config.autoscaling.manual_changes.warning cli help hint
+
+## [6.0.8] - 2022-03-10
+- [#135](https://github.com/tongueroo/ufo/pull/135) improve .ufo/config/boot.rb location
+- change default config.ship.docker.quiet to false
+
 ## [6.0.7] - 2022-03-07
 - fix autoscaling.manual_changes.retain check
 - improve Configured autoscaling message

data/lib/templates/boot_hook/.ufo/config/boot.rb

@@ -0,0 +1,2 @@
+# Docs: https://ufoships.com/docs/config/boot/
+# Write your boot hook logic here

data/lib/templates/init/.ufo/vars/base.rb

@@ -13,7 +13,7 @@
 @memory = 256
 @memory_reservation = 256
 
-@awslogs_group = ["ecs/#{Ufo.app}", Ufo.env, Ufo.extra].compact.join('-')
+@awslogs_group = expansion("ecs/:APP-:ENV-:EXTRA")
 @awslogs_stream_prefix = role
 @awslogs_region = aws_region
 

data/lib/ufo/aws_services.rb

@@ -7,6 +7,7 @@ require "aws-sdk-ecr"
 require "aws-sdk-ecs"
 require "aws-sdk-elasticloadbalancingv2"
 require "aws-sdk-ssm"
+require "aws-sdk-wafv2"
 
 require "aws_mfa_secure/ext/aws" # add MFA support
 require "cfn_status"
@@ -55,11 +56,18 @@ module Ufo
     end
     memoize :elb
 
+    # ssm is a helper method
     def ssm_client
-      Aws::SSM::Client.new
+      Aws::SSM::Client.new(aws_options)
     end
     memoize :ssm_client
 
+    # waf is a helper method
+    def waf_client
+      Aws::WAFV2::Client.new(aws_options)
+    end
+    memoize :waf_client
+
     # Override the AWS retry settings with AWS clients.
     #
     # The aws-sdk-core has exponential backup with this formula:

data/lib/ufo/booter.rb

@@ -18,7 +18,7 @@ module Ufo
 
     def run_hook(env=nil)
       name = env ? "boot/#{env}" : "boot"
-      path = "#{Ufo.root}/.ufo/#{name}.rb" # IE: .ufo/boot/dev.rb
+      path = "#{Ufo.root}/.ufo/config/#{name}.rb" # IE: .ufo/boot/dev.rb
       require path if File.exist?(path)
     end
 

data/lib/ufo/cfn/stack/builder/resources/waf_association.rb

@@ -0,0 +1,17 @@
+# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webaclassociation.html
+class Ufo::Cfn::Stack::Builder::Resources
+  class WafAssociation < Base
+    def build
+      web_acl_arn = Ufo.config.waf.web_acl_arn
+      return if web_acl_arn.blank?
+
+      {
+        Type: "AWS::WAFv2::WebACLAssociation",
+        Properties: {
+          ResourceArn: {Ref: "Elb"},  # String,
+          WebACLArn:   web_acl_arn,   # String
+        }
+      }
+    end
+  end
+end

data/lib/ufo/cfn/stack/builder/resources.rb

@@ -18,6 +18,8 @@ class Ufo::Cfn::Stack::Builder
         ScalingRole: Scaling::Role.build(@options),
         ScalingTarget: Scaling::Target.build(@options),
         ScalingPolicy: Scaling::Policy.build(@options),
+        # WAF Assocation
+        WafAssociation: WafAssociation.build(@options),
       }
     end
   end

data/lib/ufo/cfn/stack.rb

@@ -24,6 +24,7 @@
 module Ufo::Cfn
   class Stack < Base
     extend Memoist
+    include Ufo::TaskDefinition::Helpers::AwsHelper
 
     def deploy
       build
@@ -160,11 +161,5 @@ module Ufo::Cfn
         logger.info "The stack is not in a state to that is cancelable: #{stack.stack_status}"
       end
     end
-
-    delegate :region, to: :aws
-    def aws
-      AwsData.new
-    end
-    memoize :aws
   end
 end

data/lib/ufo/cli/central/base.rb

@@ -1,12 +1,23 @@
 class Ufo::CLI::Central
   class Base
-    include Ufo::Utils::Execute
-    include Ufo::Utils::Logging
     include Ufo::Utils::Pretty
     include Ufo::Utils::Sure
 
     def initialize(options={})
       @options = options
     end
+
+    # Do not use logger.info for ufo central commands as .ufo may not be yet setup
+    # We do not want any config calls to trigger a loading of the .ufo/config.rb etc
+    # Otherwise helper methods like ecr_repo may be called and not work yet
+    def log(msg)
+      puts msg
+    end
+
+    # Central has own version of execute because it doesnt have access to logger
+    def execute(command)
+      log "=> #{command}"
+      system command
+    end
   end
 end

data/lib/ufo/cli/central/clean.rb

@@ -4,7 +4,7 @@ class Ufo::CLI::Central
       path = "#{ENV['HOME']}/.ufo/central"
       sure?("Will remove folder with repo caches: #{pretty_home(path)}")
       FileUtils.rm_rf(path)
-      logger.info "Removed: #{pretty_home(path)}"
+      log "Removed: #{pretty_home(path)}"
     end
   end
 end

data/lib/ufo/cli/central/update.rb

@@ -4,7 +4,7 @@ class Ufo::CLI::Central
       validate!
       action = File.exist?(".ufo") ? "update" : "create"
       sure?("Will #{action} the .ufo symlink") # IE: Will create the .ufo symlink
-      logger.info "Updating .ufo with #{central_repo}"
+      log "Updating .ufo with #{central_repo}"
       FileUtils.mkdir_p(tmp_area)
       pull
       symlink
@@ -12,7 +12,6 @@ class Ufo::CLI::Central
     end
 
     def pull
-      logger.debug "Within #{tmp_area}"
       Dir.chdir(tmp_area) do
         if File.exist?(repo)
           execute "cd #{repo} && git pull"
@@ -36,8 +35,8 @@ class Ufo::CLI::Central
 
       report_broken_symlink
 
-      logger.info "The .ufo symlink has been updated"
-      logger.info "Symlink: .ufo -> #{pretty_home(src)}"
+      log "The .ufo symlink has been updated"
+      log "Symlink: .ufo -> #{pretty_home(src)}"
     end
 
     def report_broken_symlink
@@ -62,8 +61,8 @@ class Ufo::CLI::Central
 
     def validate!
       return if central_repo
-      logger.info "ERROR: Please set the env var: UFO_CENTRAL_REPO".color(:red)
-      logger.info "The ufo central update command requires it."
+      log "ERROR: Please set the env var: UFO_CENTRAL_REPO".color(:red)
+      log "The ufo central update command requires it."
       exit 1
     end
 
@@ -104,8 +103,8 @@ class Ufo::CLI::Central
         end
       end
       return if ok
-      logger.info "No .ufo found in your .gitignore file".color(:yellow)
-      logger.info <<~EOL
+      log "No .ufo found in your .gitignore file".color(:yellow)
+      log <<~EOL
         It's recommended to add .ufo to the .gitignore
         When using ufo in a central fashion
       EOL

data/lib/ufo/cli/exec.rb

@@ -2,8 +2,18 @@ class Ufo::CLI
   class Exec < Base
     def run
       check_install!
+      stack = info.stack
+      unless stack
+        logger.error "Stack not found: #{@stack_name}".color(:red)
+        exit 1
+      end
+
       service = info.service
-      return unless service # brand new deploy
+      unless service # brand new deploy
+        logger.error "ECS Service not yet available".color(:red)
+        logger.info "Try again in a little bit"
+        exit 1
+      end
 
       running = service_tasks.select do |task|
         task.last_status == "RUNNING"
@@ -18,7 +28,7 @@ class Ufo::CLI
 
       task_name = task.task_arn.split('/').last
       execute_command(
-        cluster: "#{@cluster}",
+        cluster: @cluster,
         task: task_name,
         container: container(task), # only required if multiple containers in a task
         interactive: true,

data/lib/ufo/cli/help/new/boot_hook.md

@@ -0,0 +1,6 @@
+## Example
+
+    $ ufo new boot_hook
+    => Creating boot_hook
+           exist
+          create  .ufo/config/boot.rb

data/lib/ufo/cli/new/boot_hook.rb

@@ -0,0 +1,21 @@
+class Ufo::CLI::New
+  class BootHook < Sequence
+    def self.cli_options
+      [
+        [:force, type: :boolean, desc: "Bypass overwrite are you sure prompt for existing files"],
+      ]
+    end
+    cli_options.each do |args|
+      class_option(*args)
+    end
+
+    def set_source
+      set_template_source "boot_hook"
+    end
+
+    def create_helper
+      logger.info "=> Creating boot_hook"
+      directory ".", "."
+    end
+  end
+end

data/lib/ufo/cli/new.rb

@@ -1,5 +1,12 @@
 class Ufo::CLI
   class New < Ufo::Command
+    desc "boot_hook", "Generate boot_hook file"
+    long_desc Help.text("new/boot_hook")
+    BootHook.cli_options.each do |args|
+      option(*args)
+    end
+    register(BootHook, "boot_hook", "boot_hook", "Generate boot_hook file")
+
     desc "helper", "Generate helper file"
     long_desc Help.text("new/helper")
     Helper.cli_options.each do |args|

data/lib/ufo/cli/scale.rb

@@ -76,7 +76,7 @@ class Ufo::CLI
 
         You can turn off this warning with
 
-            config.autoscaling.warning = false
+            config.autoscaling.manual_changes.warning = false
 
         Or you can use the
 

data/lib/ufo/command.rb

@@ -38,8 +38,16 @@ module Ufo
         # loads Ufo.config and Ufo::Config#load_project_config
         # This requires Ufo.role.
         # So we set Ufo.role before triggering Ufo.config loading
-        configure_dsl_evaluator
         check_project!(args)
+        check_old_version_structure!(args)
+        # Special case for `ufo central` commands.
+        # Dont want to call configure_dsl_evaluator
+        # and trigger loading of config => .ufo/config.rb
+        # Also, using ARGV instead of args because args is called by thor in multiple passes
+        # For `ufo central update`:
+        # * 1st pass: "central"
+        # * 2nd pass: "update"
+        configure_dsl_evaluator unless ARGV[0] == "central"
 
         # Allow calling for help via:
         #   ufo command help
@@ -98,6 +106,22 @@ module Ufo
         ENV['UFO_TEST'] ? raise : exit(1)
       end
 
+      def check_old_version_structure!(args)
+        return unless File.exist?('.ufo/settings.yml')
+        puts "ERROR: Old .ufo configurations detected".color(:red)
+        puts <<~EOL
+          It looks like this project .ufo files for an older ufo version.
+          The old .ufo structure does not work with this version of ufo.
+
+          Current Installed UFO Version: 6.0.9
+
+          Please upgrade.
+
+          See: https://ufoships.com/docs/upgrading/upgrade6/
+        EOL
+        exit 1
+      end
+
       # Override command_help to include the description at the top of the
       # long_description.
       def command_help(shell, command_name)

data/lib/ufo/config/callable_option/concern.rb

@@ -0,0 +1,11 @@
+class Ufo::Config::CallableOption
+  module Concern
+    def callable_option(options={})
+      callable_option = Ufo::Config::CallableOption.new(
+        config_name: options[:config_name],
+        passed_args: options[:passed_args],
+      )
+      callable_option.object
+    end
+  end
+end

data/lib/ufo/config/callable_option.rb

@@ -0,0 +1,64 @@
+# Class represents a config option that is possibly callable. Examples:
+#
+#    config.names.stack
+#    config.names.task_definition
+#
+# Abstraction is definitely obtuse. Using it to get rid of duplication.
+#
+class Ufo::Config
+  class CallableOption
+    include Ufo::Utils::Logging
+
+    def initialize(options={})
+      @options = options
+      # Example:
+      # config_name:  names.stack
+      # config_value: Ufo.config.names.stack
+      # args:         [self] # passed to object.call
+      @config_name = options[:config_name]
+      @config_value = options[:config_value] || inferred_config_value
+      @config_name = "config.#{@config_name}" unless @config_name.include?("config.")
+      @passed_args = options[:passed_args]
+    end
+
+    def inferred_config_value
+      args = @options[:config_name].split('.').map(&:to_sym) # @options before @config_name is adjust to have full config name
+      Ufo.config.dig(*args)
+    end
+
+    # Returns either an Array or nil
+    def object
+      case @config_value
+      when nil
+        return nil
+      when Array, String
+        return @config_value
+      when -> (c) { c.respond_to?(:public_instance_methods) && c.public_instance_methods.include?(:call) }
+        object= @config_value.new
+      when -> (c) { c.respond_to?(:call) }
+        object = @config_value
+      else
+        raise "Invalid option for #{@config_name}"
+      end
+
+      if object
+        result = @passed_args.empty? ? object.call : object.call(*@passed_args)
+        valid_classes = [Array, String, NilClass]
+        valid_classes_help = valid_classes
+        valid_classes_help[-1] = "or #{valid_classes_help[-1]}"
+        valid_classes_help = valid_classes.join(', ')
+        unless valid_classes.include?(result.class)
+          message = "ERROR: The #{@config_name} needs to return an #{valid_classes_help}"
+          logger.info message.color(:red)
+          logger.info <<~EOL
+            The #{@config_name} when assigned a class, object, or proc must implement
+            The call method and return an #{valid_classes_help}.
+            The current return value is a #{result.class}
+          EOL
+          exit 1
+        end
+      end
+      result
+    end
+  end
+end

data/lib/ufo/config.rb

@@ -26,7 +26,7 @@ module Ufo
       config.autoscaling.manual_changes.warning = true
       config.autoscaling.max_capacity = 5 # dont use max thats an OrderedOptions method
       config.autoscaling.min_capacity = 1 # dont use min thats an OrderedOptions method
-      config.autoscaling.predefined_metric_type = "ECSServiceAverageCPUUtilization"
+      config.autoscaling.predefined_metric_type = "ECSServiceAverageMemoryUtilization"
       config.autoscaling.scale_in_cooldown = nil
       config.autoscaling.scale_out_cooldown = nil
       config.autoscaling.target_value = 75.0
@@ -95,8 +95,8 @@ module Ufo
       config.logs.filter_pattern = nil
 
       config.names = ActiveSupport::OrderedOptions.new
-      config.names.stack = ":APP-:ROLE-:ENV" # => demo-web-dev
-      config.names.task_definition = ":APP-:ROLE-:ENV" # => demo-web-dev
+      config.names.stack = ":APP-:ROLE-:ENV-:EXTRA" # => demo-web-dev
+      config.names.task_definition = ":APP-:ROLE-:ENV-:EXTRA" # => demo-web-dev
 
       config.ps = ActiveSupport::OrderedOptions.new
       config.ps.format = "auto" # CliFormat.default_format
@@ -111,11 +111,14 @@ module Ufo
 
       config.ship = ActiveSupport::OrderedOptions.new
       config.ship.docker = ActiveSupport::OrderedOptions.new
-      config.ship.docker.quiet = true # only affects ufo ship docker commands output
+      config.ship.docker.quiet = false # only affects ufo ship docker commands output
 
       config.state = ActiveSupport::OrderedOptions.new
       config.state.reminder = true
 
+      config.waf = ActiveSupport::OrderedOptions.new
+      config.waf.web_acl_arn = nil
+
       # When not set, the default vpc is used
       config.vpc = ActiveSupport::OrderedOptions.new
       config.vpc.id = nil

data/lib/ufo/core.rb

@@ -4,13 +4,34 @@ require 'yaml'
 module Ufo
   module Core
     extend Memoist
+    include Ufo::Utils::Pretty
 
     def role
       ENV['UFO_ROLE'] || 'web'
     end
 
     def app
-      ENV['UFO_APP'] || config.app
+      return ENV['UFO_APP'] if ENV['UFO_APP']
+
+      if @@config_loaded
+        config.app
+      else
+        call_line = caller.find {|l| l.include?('.ufo') }
+        puts "ERROR: Using Ufo.app or :APP expansion very early in the UFO boot process".color(:red)
+        puts <<~EOL.color(:red)
+          The Ufo.app or :APP expansions are not yet available at this point
+          You can either:
+
+          1. Use the UFO_APP env var to set it, which allows it to be used.
+          2. Hard code your actual app name.
+
+          Called from:
+
+              #{call_line}
+
+        EOL
+        exit 1
+      end
     end
 
     # v5: development is default
@@ -40,17 +61,31 @@ module Ufo
       Config.instance.configure(&block)
     end
 
-    # Generally, use the Lono.config instead of Config.instance.config since it guarantees the load_project_config call
+    # Checking whether or not the config has been loaded and saving it to @@config_loaded
+    # because users can call helper methods in `.ufo/config.rb` files that rely on the config
+    # already being loaded. This would produce an infinite loop. The @@config_loaded allows
+    # methods to use this info to prevent an infinite loop.
+    # Notable methods that use this: Ufo.app and Ufo.logger
+    cattr_accessor :config_loaded
+    # In general, use the Ufo.config instead of Config.instance.config since it guarantees the load_project_config call
     def config
       Config.instance.load_project_config
+      @@config_loaded = true
       Config.instance.config
     end
     memoize :config
 
-    # allow different logger when running up all or rspec-lono
+    # Allow different logger when running up all or rspec-lono
     cattr_writer :logger
     def logger
-      @@logger ||= config.logger
+      if @@config_loaded
+        @@logger = config.logger
+      else
+        # When .ufo/config.rb is not yet loaded. IE: a helper method like waf
+        # gets called in the .ufo/config.rb itself and uses the logger.
+        # This avoids an infinite loop. Note: It does create a different Logger
+        @@logger ||= Logger.new(ENV['UFO_LOG_PATH'] || $stderr)
+      end
     end
   end
 end

data/lib/ufo/iam_role/dsl.rb

@@ -1,6 +1,7 @@
 module Ufo::IamRole
   class DSL
     include DslEvaluator
+    include Ufo::TaskDefinition::Helpers::AwsHelper
 
     def initialize(path)
       @path = path # IE: .ufo/iam_roles/task_role.rb
@@ -19,9 +20,5 @@ module Ufo::IamRole
       role_type = File.basename(@path).sub('.rb','') # task_role or execution_role
       Registry.register_managed_policy(role_type, policies)
     end
-
-    def aws
-      AwsData.new
-    end
   end
 end

data/lib/ufo/names.rb

@@ -1,6 +1,8 @@
 module Ufo
   class Names
     extend Memoist
+    include Ufo::TaskDefinition::Helpers::AwsHelper
+    include Ufo::Config::CallableOption::Concern
 
     attr_reader :role
     def initialize
@@ -8,18 +10,35 @@ module Ufo
     end
 
     def cluster
-      expansion(Ufo.config.ecs.cluster) # IE: :ENV => dev
+      string = callable_option(
+        config_name: "ecs.cluster", # Ufo.ecs.cluster => :ENV => dev
+        passed_args: [self],
+      )
+      expansion(string) # IE: :ENV => dev
     end
     memoize :cluster
 
+    # Examples:
+    # When UFO_EXTRA not set: :APP-:ROLE-:ENV-:EXTRA => demo-web-dev
+    # When UFO_EXTRA=1:       :APP-:ROLE-:ENV-:EXTRA => demo-web-dev-2
     def stack
-      name = expansion(Ufo.config.names.stack) # IE: :APP-:ROLE-:ENV => demo-web-dev
-      [name, Ufo.extra].compact.join('-')
+      string = callable_option(
+        config_name: "names.stack", # Ufo.config.names.stack => :APP-:ROLE-:ENV => demo-web-dev
+        passed_args: [self],
+      )
+      expansion(string) # IE: :APP-:ROLE-:ENV => demo-web-dev
     end
     memoize :stack
 
+    # Examples:
+    # When UFO_EXTRA not set: :APP-:ROLE-:ENV-:EXTRA => demo-web-dev
+    # When UFO_EXTRA=1:       :APP-:ROLE-:ENV-:EXTRA => demo-web-dev-2
     def task_definition
-      expansion(Ufo.config.names.task_definition) # IE: :APP-:ROLE-:ENV => demo-web-dev
+      string = callable_option(
+        config_name: "names.task_definition", # Ufo.config.names.task_definition => :APP-:ROLE-:ENV => demo-web-dev
+        passed_args: [self],
+      )
+      expansion(string) # IE: :APP-:ROLE-:ENV => demo-web-dev
     end
     memoize :task_definition
 
@@ -27,7 +46,7 @@ module Ufo
       return string unless string.is_a?(String) # in case of nil
 
       string = string.dup
-      vars = string.scan(/:\w+/) # => [":APP", ":ROLE", :ENV"]
+      vars = string.scan(/:\w+/) # => [":APP", ":ROLE", :ENV", ":EXTRA"]
       vars.each do |var|
         string.gsub!(var, var_value(var))
       end
@@ -60,10 +79,8 @@ module Ufo
     end
     alias_method :ufo_env, :env
 
-    delegate :region, to: :aws
-    def aws
-      AwsData.new
+    def extra
+      Ufo.extra
     end
-    memoize :aws
   end
 end

data/lib/ufo/task_definition/helpers/{aws_data_helper.rb → aws_helper.rb}

@@ -1,18 +1,18 @@
 module Ufo::TaskDefinition::Helpers
-  module AwsDataHelper
+  module AwsHelper
     extend Memoist
     extend ActiveSupport::Concern
 
     included do
-      delegate :account, :region, to: :aws_data
+      delegate :account, :region, to: :aws
       alias_method :aws_region, :region
       alias_method :current_region, :region
     end
 
     # Duplicated in vars.rb
-    def aws_data
+    def aws
       AwsData.new
     end
-    memoize :aws_data
+    memoize :aws
   end
 end

data/lib/ufo/task_definition/helpers/ecr.rb

@@ -1,13 +1,25 @@
 module Ufo::TaskDefinition::Helpers
   module Ecr
+    include Ufo::Utils::CallLine
+
     def ecr_repo(name)
       repository = ecr_repository(name)
-      repository.repository_uri
+      repository.repository_uri if repository
     end
 
     def ecr_repository(name)
       resp = ecr.describe_repositories(repository_names: [name])
       resp.repositories.first
+    rescue Aws::ECR::Errors::RepositoryNotFoundException => e
+      call_line = ufo_config_call_line
+      logger.warn "WARN: #{e.class} #{e.message}".color(:yellow)
+      logger.warn <<~EOL
+        Called from
+
+            #{call_line}
+
+      EOL
+      nil
     end
   end
 end

data/lib/ufo/task_definition/helpers/expansion.rb

@@ -0,0 +1,11 @@
+module Ufo::TaskDefinition::Helpers
+  module Expansion
+    include Ufo::Concerns::Names
+
+    # Note: vars expansion is different than the TaskDefinition expansion helper
+    # See: Ufo::TaskDefinition::Helpers::Vars#expansion
+    def expansion(string)
+      names.expansion(string) # dasherize: false. dont turn SECRET_NAME => SECRET-NAME
+    end
+  end
+end

data/lib/ufo/task_definition/helpers/vars.rb

@@ -3,9 +3,10 @@ require "aws_data"
 module Ufo::TaskDefinition::Helpers
   class Vars
     extend Memoist
-    include AwsDataHelper
+    include AwsHelper
     include Ufo::Concerns::Names
     include Ufo::Utils::Pretty
+    include Ufo::Config::CallableOption::Concern
 
     def initialize(options={})
       # use either file or text. text takes higher precedence
@@ -89,7 +90,12 @@ module Ufo::TaskDefinition::Helpers
       secrets = Ufo.config.secrets
       provider = secrets.provider # ssm or secretsmanager
       namespace = provider == "ssm" ? "parameter/" : "secret:"
-      pattern = secrets.pattern[provider] # IE: Ufo.config.secrets.pattern.ssm => :APP/:ENV/:SECRET_NAME
+
+      config_name = "secrets.pattern.#{provider}"
+      pattern = callable_option(
+        config_name: config_name, # Ufo.config.names.stack => :APP-:ROLE-:ENV => demo-web-dev
+        passed_args: [self],
+      )
       # replace :SECRET_NAME since names expand doesnt know how to nor do we want to add logic there
       pattern = pattern.sub(':SECRET_NAME', name)
       "arn:aws:#{provider}:#{region}:#{account}:#{namespace}#{pattern}"

data/lib/ufo/task_definition/helpers/waf.rb

@@ -0,0 +1,34 @@
+module Ufo::TaskDefinition::Helpers
+  module Waf
+    include Ufo::Utils::CallLine
+    include Ufo::Utils::Pretty
+
+    # Waf names are uniq within their scope. Tested with AWS console
+    # Only use regional since this is for ELB support
+    # Returns waf arn
+    def waf(name, options={})
+      resp = waf_client.list_web_acls(
+        scope: "REGIONAL", # required, accepts CLOUDFRONT, REGIONAL
+        # next_marker: "NextMarker",
+        # limit: 1,
+      )
+      web_acl = resp.web_acls.find do |acl|
+        acl.name == name
+      end
+      if web_acl
+        web_acl.arn
+      else
+        # Logger causes infinite loop when waf helper used in .ufo/
+        call_line = ufo_config_call_line
+        logger.warn "WARN: Web ACL not found: #{name}".color(:yellow)
+        logger.info <<~EOL
+          Called from:
+
+              #{call_line}
+
+          Are you sure it's a regional WAF ACL?
+        EOL
+      end
+    end
+  end
+end

data/lib/ufo/utils/call_line.rb

@@ -0,0 +1,11 @@
+module Ufo::Utils
+  module CallLine
+    include Pretty
+
+    def ufo_config_call_line
+      call_line = caller.find { |l| l.include?('.ufo/') }
+      pretty_path(call_line)
+    end
+  end
+end
+

data/lib/ufo/version.rb

@@ -1,3 +1,3 @@
 module Ufo
-  VERSION = "6.0.7"
+  VERSION = "6.1.0"
 end

data/ufo.gemspec

@@ -29,6 +29,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "aws-sdk-ecs"
   spec.add_dependency "aws-sdk-elasticloadbalancingv2"
   spec.add_dependency "aws-sdk-ssm"
+  spec.add_dependency "aws-sdk-wafv2"
   spec.add_dependency "aws_data"
   spec.add_dependency "cfn-status"
   spec.add_dependency "cli-format"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ufo
 version: !ruby/object:Gem::Version
-  version: 6.0.7
+  version: 6.1.0
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-03-07 00:00:00.000000000 Z
+date: 2022-03-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-logs
@@ -164,6 +164,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-wafv2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: aws_data
   requirement: !ruby/object:Gem::Requirement
@@ -442,6 +456,7 @@ files:
 - README.md
 - Rakefile
 - exe/ufo
+- lib/templates/boot_hook/.ufo/config/boot.rb
 - lib/templates/docker/Dockerfile
 - lib/templates/helper/%underscore_name%_helper.rb.tt
 - lib/templates/init/.ufo/config.rb.tt
@@ -487,6 +502,7 @@ files:
 - lib/ufo/cfn/stack/builder/resources/target_group.rb
 - lib/ufo/cfn/stack/builder/resources/task_definition.rb
 - lib/ufo/cfn/stack/builder/resources/task_definition/reconstructor.rb
+- lib/ufo/cfn/stack/builder/resources/waf_association.rb
 - lib/ufo/cfn/stack/custom_properties.rb
 - lib/ufo/cfn/stack/params.rb
 - lib/ufo/cfn/stack/status.rb
@@ -520,6 +536,7 @@ files:
 - lib/ufo/cli/help/help.md
 - lib/ufo/cli/help/init.md
 - lib/ufo/cli/help/logs.md
+- lib/ufo/cli/help/new/boot_hook.md
 - lib/ufo/cli/help/ps.md
 - lib/ufo/cli/help/releases.md
 - lib/ufo/cli/help/rollback.md
@@ -528,6 +545,7 @@ files:
 - lib/ufo/cli/help/stop.md
 - lib/ufo/cli/logs.rb
 - lib/ufo/cli/new.rb
+- lib/ufo/cli/new/boot_hook.rb
 - lib/ufo/cli/new/concerns.rb
 - lib/ufo/cli/new/helper.rb
 - lib/ufo/cli/new/init.rb
@@ -552,6 +570,8 @@ files:
 - lib/ufo/concerns/autoscaling.rb
 - lib/ufo/concerns/names.rb
 - lib/ufo/config.rb
+- lib/ufo/config/callable_option.rb
+- lib/ufo/config/callable_option/concern.rb
 - lib/ufo/config/inits.rb
 - lib/ufo/core.rb
 - lib/ufo/docker/builder.rb
@@ -587,19 +607,22 @@ files:
 - lib/ufo/task_definition/erb/yaml.rb
 - lib/ufo/task_definition/helpers.rb
 - lib/ufo/task_definition/helpers/acm.rb
-- lib/ufo/task_definition/helpers/aws_data_helper.rb
+- lib/ufo/task_definition/helpers/aws_helper.rb
 - lib/ufo/task_definition/helpers/core.rb
 - lib/ufo/task_definition/helpers/ecr.rb
+- lib/ufo/task_definition/helpers/expansion.rb
 - lib/ufo/task_definition/helpers/ssm.rb
 - lib/ufo/task_definition/helpers/ssm/fetcher.rb
 - lib/ufo/task_definition/helpers/stack_output.rb
 - lib/ufo/task_definition/helpers/vars.rb
 - lib/ufo/task_definition/helpers/vpc.rb
+- lib/ufo/task_definition/helpers/waf.rb
 - lib/ufo/upgrade/params.yml
 - lib/ufo/upgrade/upgrade3.rb
 - lib/ufo/upgrade/upgrade33to34.rb
 - lib/ufo/upgrade/upgrade4.rb
 - lib/ufo/upgrade/upgrade43to45.rb
+- lib/ufo/utils/call_line.rb
 - lib/ufo/utils/execute.rb
 - lib/ufo/utils/logging.rb
 - lib/ufo/utils/pretty.rb