ufo 6.2.5 → 6.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 69d0e411c4b48b8ec8a0a2148caf5501b3c038cb991585c4741027579a102e0c
-  data.tar.gz: f080bdf97e783b18bc54723ced3be52557b0749094451561de41766c052aba0e
+  metadata.gz: ee25a6ee92c06422088b489aa3f9d27d8fb0dfd229b7bb6e0b0eb2241a4d3902
+  data.tar.gz: f4a8043b8ab3bbb33794d3002d58890d8aa4753ffe3ac4b029432599195e5289
 SHA512:
-  metadata.gz: 860f1d782b915338e903d2c2c0cad43fbe4a915261b46a2b615a7d24870247170a3041de32b6e9de8b11161da1c8447dc3d12683e9179c8c6cd0af7ef3dc4d77
-  data.tar.gz: c02bc1f698f85055e2e1c99b7fbf6cf730044e23b7584509a5c2e66bd79259097b2c5ccf1706b186a64b329db31e5678fe6eacb3f120724dbfa896a0ab6fbb00
+  metadata.gz: 76beccace3016451330c40b589fa7c3f95680eff187a667f520eed80c7d4cd90b91667dd06d58288cabf4c5d5acb699cf53ecc6c296dcb48e66504a0c02147ad
+  data.tar.gz: 22700e11a6de03b489deacf6fbde1e7b5652b4048b078b1d3750dfc0f1b083e5e3bbc417057f04d9fe73e48ac609139aea92bc526ae4c33cfdee16253f341db8

data/CHANGELOG.md

@@ -3,6 +3,17 @@
 All notable changes to this project will be documented in this file.
 This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
 
+## [6.3.2] - 2022-03-26
+- [#164](https://github.com/tongueroo/ufo/pull/164) existing elb target group support
+- [#165](https://github.com/tongueroo/ufo/pull/165) improve secrets support
+- [#166](https://github.com/tongueroo/ufo/pull/166) infer elb dns name from target group when possible
+
+## [6.3.1] - 2022-03-25
+- ufo init: improve vars base.rb
+
+## [6.3.0] - 2022-03-25
+- [#162](https://github.com/tongueroo/ufo/pull/162) hooks support
+
 ## [6.2.5] - 2022-03-24
 - [#159](https://github.com/tongueroo/ufo/pull/159) improve ufo call line
 - [#160](https://github.com/tongueroo/ufo/pull/160) conventionally lookup up secrets and env file

data/lib/templates/env_file/file.env

@@ -0,0 +1,2 @@
+# Docs: https://ufoships.com/docs/features/env_files/env/
+KEY=value

data/lib/templates/env_file/file.secrets.tt

@@ -0,0 +1,5 @@
+# Docs: https://ufoships.com/docs/features/env_files/secrets/
+DATABASE_URL # conventional
+# explicit
+USER=ssm:demo/<%= Ufo.env %>/USER
+PASS=ssm:demo/<%= Ufo.env %>/PASS

data/lib/templates/hook/docker.rb

@@ -0,0 +1,9 @@
+# Docs: https://ufoships.com/docs/config/hooks/docker/
+
+before("build",
+  execute: "echo 'docker build before hook'",
+)
+
+after("build",
+  execute: "echo 'docker build after hook'",
+)

data/lib/templates/hook/ufo.rb

@@ -0,0 +1,9 @@
+# Docs: https://ufoships.com/docs/config/hooks/ufo/
+
+before("ship",
+  execute: "echo 'ufo before ship hook'",
+)
+
+after("ship",
+  execute: "echo 'ufo after ship hook'",
+)

data/lib/templates/init/.ufo/config.rb.tt

@@ -35,6 +35,5 @@ Ufo.configure do |config|
   # config.logs.filter_pattern = '- "HealthChecker"'
 
   # Docs: https://ufoships.com/docs/config/reference/
-  # You may want to set to false if your docker build and push process takes a while
-  # config.ship.docker.quiet = false # default is true.
+  # config.ship.docker.quiet = true # default is false
 end

data/lib/templates/init/.ufo/vars/base.rb

@@ -7,8 +7,8 @@
 @name = role     # IE: web worker clock
 @image = docker_image # includes the git sha org/repo:ufo-[sha].
 # Docs: https://ufoships.com/docs/helpers/builtin/secrets/
-# @environment = env_file(".env")
-# @secrets = secrets_file(".secrets")
+@environment = env_file
+@secrets = secrets_file
 @cpu = 256
 @memory = 256
 @memory_reservation = 256

data/lib/ufo/autoloader.rb

@@ -4,7 +4,7 @@ module Ufo
   class Autoloader
     class Inflector < Zeitwerk::Inflector
       def camelize(basename, _abspath)
-        map = { cli: "CLI", dsl: "DSL", version: "VERSION" }
+        map = { cli: "CLI", version: "VERSION" }
         map[basename.to_sym] || super
       end
     end

data/lib/ufo/cfn/stack/builder/resources/dns.rb

@@ -8,7 +8,7 @@ class Ufo::Cfn::Stack::Builder::Resources
         Comment: dns.comment,
         Type: dns.type, # CNAME
         TTL: dns.ttl, # 60 ttl has special casing
-        ResourceRecords: [{"Fn::GetAtt": "Elb.DNSName"}]
+        ResourceRecords: [resource_record]
       }
       # HostedZoneName: yourdomain. # dont forget the trailing period
       props[:HostedZoneName] = hosted_zone_name if hosted_zone_name
@@ -21,6 +21,43 @@ class Ufo::Cfn::Stack::Builder::Resources
     end
 
   private
+    def resource_record
+      existing = Ufo.config.elb.existing
+      if existing.target_group
+        existing_dns_name
+      else
+        {"Fn::GetAtt": "Elb.DNSName"}
+      end
+    end
+
+    def existing_dns_name
+      existing = Ufo.config.elb.existing
+      resp = elb.describe_target_groups(target_group_arns: [existing.target_group])
+      target_group = resp.target_groups.first
+      load_balancer_arns = target_group.load_balancer_arns
+      if load_balancer_arns.size == 1
+        resp = elb.describe_load_balancers(load_balancer_arns: load_balancer_arns)
+        load_balancer = resp.load_balancers.first
+        load_balancer.dns_name
+      else
+        return existing.dns_name if existing.dns_name
+        logger.error "ERROR: config.existing.dns_name must to be set".color(:red)
+        logger.error <<~EOL
+          This target group is associated with multiple load balancers.
+          UFO cannot infer the dns name in this case. You must set:
+
+              config.existing.dns_name
+
+          Info:
+
+              target group: #{existing.target_group}
+              load balancers: #{load_balancer_arns}
+
+        EOL
+        exit 1
+      end
+    end
+
     def dns_name
       return unless dns.domain || dns.name
       name = dns.name # my.domain.com

data/lib/ufo/cfn/stack/builder/resources/iam_roles/base.rb

@@ -1,7 +1,7 @@
 module Ufo::Cfn::Stack::Builder::Resources::IamRoles
   class Base < Ufo::Cfn::Stack::Builder::Base
     def build
-      return unless self.class.build? # important because it runs DSL#evaluate
+      return unless self.class.build? # important because it runs Dsl#evaluate
       Ufo::IamRole::Builder.new(self.class.role_type).build
     end
 
@@ -13,7 +13,7 @@ module Ufo::Cfn::Stack::Builder::Resources::IamRoles
       def build?
         path = lookup_path
         return unless path.nil? || File.exist?(path)
-        Ufo::IamRole::DSL.new(path).evaluate # runs the role.rb and registers items
+        Ufo::IamRole::Dsl.new(path).evaluate # runs the role.rb and registers items
         Ufo::IamRole::Builder.new(role_type).build?
       end
 

data/lib/ufo/cfn/stack/builder/resources/listener.rb

@@ -55,8 +55,8 @@ class Ufo::Cfn::Stack::Builder::Resources
         TargetGroupArn: {
           "Fn::If": [
             "ElbTargetGroupIsBlank",
-            {Ref: "TargetGroup"},
-            {Ref: "ElbTargetGroup"}
+            {Ref: "TargetGroup"},   # UFO managed
+            {Ref: "ElbTargetGroup"} # Managed by user outside of UFO
           ]
         }
       }

data/lib/ufo/cfn/stack/vars.rb

@@ -9,10 +9,11 @@ class Ufo::Cfn::Stack
         container: container,
         create_elb: create_elb?, # helps set Ecs DependsOn
         create_listener_ssl: create_listener_ssl?,
-        create_route53: create_elb? && dns_configured?,
+        create_route53: create_route53?,
         default_listener_protocol: default_listener_protocol,
         default_listener_ssl_protocol: default_listener_ssl_protocol,
         default_target_group_protocol: default_target_group_protocol,
+        elb_target_group: elb_target_group,
         elb_type: elb_type,
         new_stack: new_stack,
         rollback_task_definition: rollback_task_definition,
@@ -63,15 +64,30 @@ class Ufo::Cfn::Stack
       elb.ssl.enabled && elb.ssl.certificates
     end
 
+    def create_route53?
+      return false unless dns_configured?
+      if create_elb?
+        true
+      else
+        Ufo.config.elb.existing.target_group
+      end
+    end
+
     def create_elb?
       elb = Ufo.config.elb
-      if elb.enabled.to_s == "auto"
+      if elb.existing.target_group
+        false
+      elsif elb.enabled.to_s == "auto"
         container[:name] == "web" # convention
       else
         elb.enabled # true or false
       end
     end
 
+    def elb_target_group
+      Ufo.config.elb.existing.target_group
+    end
+
     def container
       task_definition = Builder::Resources::TaskDefinition::Reconstructor.new(@task_definition, @options[:rollback]).reconstruct
 

data/lib/ufo/cfn/stack.rb

@@ -25,6 +25,7 @@ module Ufo::Cfn
   class Stack < Base
     extend Memoist
     include Ufo::TaskDefinition::Helpers::AwsHelper
+    include Ufo::Hooks::Concern
 
     def deploy
       build
@@ -39,15 +40,14 @@ module Ufo::Cfn
 
       exit_with_message(@stack) if @stack && !updatable?(@stack)
 
-      @stack ? perform(:update) : perform(:create)
-
-      stop_old_tasks if @options[:stop_old_task]
-
-      return unless @options[:wait]
-      status.wait
+      run_hooks(name: "ship", file: "ufo.rb") do
+        @stack ? perform(:update) : perform(:create)
+        stop_old_tasks if @options[:stop_old_task]
+        return unless @options[:wait]
+        status.wait
+      end
 
       logger.info status.rollback_error_message if status.update_rollback?
-
       status.success?
     end
 
@@ -78,13 +78,17 @@ module Ufo::Cfn
       end
     end
 
+    # Run hooks here so both ufo docker and ufo ship runs it
+    #     ufo docker => CLI::Build#build => Cfn::Stack#build
     def build
-      vars = Vars.new(@options).values
-      options_with_vars = @options.dup.merge(vars: vars)
-      params = Params.new(options_with_vars)
-      @parameters = params.build
-      template = Template.new(options_with_vars)
-      @template_body = template.body
+      run_hooks(name: "build", file: "ufo.rb") do
+        vars = Vars.new(@options).values
+        options_with_vars = @options.dup.merge(vars: vars)
+        params = Params.new(options_with_vars)
+        @parameters = params.build
+        template = Template.new(options_with_vars)
+        @template_body = template.body
+      end
     end
 
     def scheduling_strategy

data/lib/ufo/cli/build.rb

@@ -7,11 +7,6 @@ class Ufo::CLI
     end
     alias_method :all, :build
 
-    def for_deploy
-      docker
-      task_definition
-    end
-
     def task_definition
       Ufo::TaskDefinition::Builder.new(@options).build
     end

data/lib/ufo/cli/destroy.rb

@@ -1,27 +1,30 @@
 class Ufo::CLI
   class Destroy < Base
+    include Ufo::Hooks::Concern
+
     def run
       are_you_sure?
 
       stack = find_stack(@stack_name)
       unless stack
-        puts "Stack #{@stack_name.color(:green)} does not exist."
+        logger.info "Stack #{@stack_name.color(:green)} does not exist."
         exit 1
       end
 
       if stack.stack_status =~ /_IN_PROGRESS$/
-        puts "Cannot destroy service #{@service.color(:green)}"
-        puts "Cannot delete stack #{@stack_name.color(:green)} in this state: #{stack.stack_status.color(:green)}"
-        puts "If the stack is taking a long time, you can cancel the current operation with:"
-        puts "    ufo cancel #{@service}"
+        logger.info "Cannot destroy service #{@service.color(:green)}"
+        logger.info "Cannot delete stack #{@stack_name.color(:green)} in this state: #{stack.stack_status.color(:green)}"
+        logger.info "If the stack is taking a long time, you can cancel the current operation with:"
+        logger.info "    ufo cancel #{@service}"
         return
       end
 
-      cfn.delete_stack(stack_name: @stack_name)
-      puts "Deleting stack #{@stack_name.color(:green)}"
-
-      return unless @options[:wait]
-      status.wait
+      run_hooks(name: "destroy", file: "ufo.rb") do
+        cfn.delete_stack(stack_name: @stack_name)
+        logger.info "Deleting stack #{@stack_name.color(:green)}"
+        return unless @options[:wait]
+        status.wait
+      end
     end
 
     def are_you_sure?

data/lib/ufo/cli/help/new/hook.md

@@ -0,0 +1,7 @@
+## Examples
+
+    $ ufo new hook docker
+          create  .ufo/config/hooks/docker.rb
+    $ ufo new hook ufo
+          create  .ufo/config/hooks/ufo.rb
+    $

data/lib/ufo/cli/new/env_file.rb

@@ -0,0 +1,18 @@
+class Ufo::CLI::New
+  class EnvFile < Sequence
+    argument :type, default: "env", description: "IE: env or secrets" # description doesnt really show up
+
+    def self.cli_options
+      [
+        [:force, aliases: ["y"], type: :boolean, desc: "Bypass overwrite are you sure prompt for existing files"],
+      ]
+    end
+    cli_options.each { |args| class_option(*args) }
+
+  public
+    def create_hook
+      set_template_source("env_file")
+      template "file.#{type}", ".ufo/config/env_files/#{Ufo.env}.#{type}"
+    end
+  end
+end

data/lib/ufo/cli/new/hook.rb

@@ -0,0 +1,18 @@
+class Ufo::CLI::New
+  class Hook < Sequence
+    argument :type, default: "ufo", description: "IE: docker, ufo" # description doesnt really show up
+
+    def self.cli_options
+      [
+        [:force, aliases: ["y"], type: :boolean, desc: "Bypass overwrite are you sure prompt for existing files"],
+      ]
+    end
+    cli_options.each { |args| class_option(*args) }
+
+  public
+    def create_hook
+      set_template_source("hook")
+      template "#{type}.rb", ".ufo/config/hooks/#{type}.rb"
+    end
+  end
+end

data/lib/ufo/cli/new.rb

@@ -1,17 +1,31 @@
 class Ufo::CLI
   class New < Ufo::Command
-    desc "boot_hook", "Generate boot_hook file"
+    desc "boot_hook", "Generate boot_hook"
     long_desc Help.text("new/boot_hook")
     BootHook.cli_options.each do |args|
       option(*args)
     end
-    register(BootHook, "boot_hook", "boot_hook", "Generate boot_hook file")
+    register(BootHook, "boot_hook", "boot_hook", "Generate boot_hook")
 
-    desc "helper", "Generate helper file"
+    desc "env_file", "Generate env_file"
+    long_desc Help.text("new/env_file")
+    EnvFile.cli_options.each do |args|
+      option(*args)
+    end
+    register(EnvFile, "env_file", "env_file", "Generate env_file")
+
+    desc "helper", "Generate helper"
     long_desc Help.text("new/helper")
     Helper.cli_options.each do |args|
       option(*args)
     end
-    register(Helper, "helper", "helper", "Generate helper file")
+    register(Helper, "helper", "helper", "Generate helper")
+
+    desc "hook", "Generate hook"
+    long_desc Help.text("new/hook")
+    Hook.cli_options.each do |args|
+      option(*args)
+    end
+    register(Hook, "hook", "hook", "Generate hook")
   end
 end

data/lib/ufo/config/parse.rb

@@ -19,10 +19,12 @@ class Ufo::Config
       return false unless config_line # default is false
       config_value = config_line.gsub(/.*=/,'').strip.gsub(/["']/,'')
       case type
-      when :boolean
-        config_value != "false" && config_value != "nil"
       when :array
         eval(config_value) # IE: '["a"]' => ["a"]
+      when :boolean
+        config_value != "false" && config_value != "nil"
+      when :string
+        config_value.sub(/\s+#.*/,'') # remove trailing comment
       else
         raise "Type #{type.inspect} not supported"
       end

data/lib/ufo/config.rb

@@ -63,6 +63,10 @@ module Ufo
       config.elb.default_actions = nil # full override
       config.elb.enabled = "auto" # "auto", true or false
 
+      config.elb.existing = ActiveSupport::OrderedOptions.new
+      config.elb.existing.target_group = nil
+      config.elb.existing.dns_name = nil # for managed route53 records
+
       config.elb.health_check_interval_seconds = 10 # keep at 10 in case of network ELB, which is min 10
       config.elb.health_check_path = nil # When nil its AWS default /
       config.elb.healthy_threshold_count = 3 # The AWS usual default is 5
@@ -85,6 +89,9 @@ module Ufo
       config.exec.command = "/bin/bash" # aws ecs execute-command cli
       config.exec.enabled = true        # EcsService EnableExecuteCommand
 
+      config.hooks = ActiveSupport::OrderedOptions.new
+      config.hooks.show = true
+
       config.layering = ActiveSupport::OrderedOptions.new
       config.layering.show = parsed_layering_show
       config.layering.show_for_commands = parsed_layering_show_for
@@ -108,11 +115,9 @@ module Ufo
       config.ps.summary = true
 
       config.secrets = ActiveSupport::OrderedOptions.new
-      config.secrets.pattern = ActiveSupport::OrderedOptions.new
-      config.secrets.pattern.secretsmanager = ":APP-:ENV-:SECRET_NAME" # => demo-dev-DB_PASS
-      config.secrets.pattern.ssm = ":APP/:ENV/:SECRET_NAME" # => demo/dev/DB_PASS
+      config.secrets.manager_pattern = ":APP/:ENV/:SECRET_NAME" # => demo/dev/DB_PASS
+      config.secrets.ssm_pattern = ":APP/:ENV/:SECRET_NAME" # => demo/dev/DB_PASS
       config.secrets.provider = "ssm" # default provider for conventional expansion IE: ssm or secretsmanager
-      config.secrets.warning = true
 
       config.ship = ActiveSupport::OrderedOptions.new
       config.ship.docker = ActiveSupport::OrderedOptions.new

data/lib/ufo/docker/builder.rb

@@ -2,6 +2,7 @@ module Ufo::Docker
   class Builder
     extend Memoist
     include Concerns
+    include Ufo::Hooks::Concern
 
     delegate :push, to: :pusher
     def self.build(options={})
@@ -28,7 +29,10 @@ module Ufo::Docker
       update_auth_token
       command = "docker build #{build_options}-t #{docker_image} -f #{@dockerfile} ."
       log = ".ufo/log/docker.log" if @options[:quiet]
-      success = execute(command, log: log)
+      success = nil
+      run_hooks(name: "build", file: "docker.rb") do
+        success = execute(command, log: log)
+      end
       unless success
         docker_version_success = system("docker version > /dev/null 2>&1")
         unless docker_version_success

data/lib/ufo/docker/pusher.rb

@@ -1,6 +1,7 @@
 module Ufo::Docker
   class Pusher
     include Concerns
+    include Ufo::Hooks::Concern
 
     delegate :docker_image, to: :builder
     attr_reader :last_image_name
@@ -17,7 +18,10 @@ module Ufo::Docker
       logger.info "Pushing Docker Image"
       command = "docker push #{last_image_name}"
       log = ".ufo/log/docker.log" if @options[:quiet]
-      success = execute(command, log: log)
+      success = nil
+      run_hooks(name: "push", file: "docker.rb") do
+        success = execute(command, log: log)
+      end
       unless success
         logger.info "ERROR: The docker image fail to push.".color(:red)
         exit 1

data/lib/ufo/hooks/builder.rb

@@ -0,0 +1,51 @@
+module Ufo::Hooks
+  class Builder
+    extend Memoist
+    include Dsl
+    include DslEvaluator
+    include Ufo::Utils::Logging
+
+    attr_accessor :name
+    def initialize(options={})
+      @options = options
+      @file = options[:file] # IE: docker.rb
+      @dsl_file = "#{Ufo.root}/.ufo/config/hooks/#{@file}"
+      @name = options[:name].to_s
+      @hooks = {before: {}, after: {}}
+    end
+
+    def build
+      evaluate_file(@dsl_file)
+      @hooks.deep_stringify_keys!
+    end
+    memoize :build
+
+    def run_hooks
+      build
+      run_each_hook("before")
+      out = yield if block_given?
+      run_each_hook("after")
+      out
+    end
+
+    def run_each_hook(type)
+      hooks = @hooks.dig(type, @name) || []
+      hooks.each do |hook|
+        run_hook(type, hook)
+      end
+    end
+
+    def run_hook(type, hook)
+      return unless run?(hook)
+
+      id = "#{type} #{@name}"
+      label = " label: #{hook["label"]}" if hook["label"]
+      logger.info  "Hook: Running #{id} hook#{label}".color(:cyan) if Ufo.config.hooks.show
+      Runner.new(hook).run
+    end
+
+    def run?(hook)
+      !!hook["execute"]
+    end
+  end
+end

data/lib/ufo/hooks/concern.rb

@@ -0,0 +1,10 @@
+module Ufo::Hooks
+  module Concern
+    # options example: {name: "build", file: "docker.rb"}
+    def run_hooks(options={}, &block)
+      hooks = Ufo::Hooks::Builder.new(options)
+      hooks.build # build hooks
+      hooks.run_hooks(&block)
+    end
+  end
+end

data/lib/ufo/hooks/dsl.rb

@@ -0,0 +1,20 @@
+module Ufo::Hooks
+  module Dsl
+    def before(*commands, **props)
+      commands.each do |name|
+        each_hook(:before, name, props)
+      end
+    end
+
+    def after(*commands, **props)
+      commands.each do |name|
+        each_hook(:after, name, props)
+      end
+    end
+
+    def each_hook(type, name, props={})
+      @hooks[type][name] ||= []
+      @hooks[type][name] << props
+    end
+  end
+end

data/lib/ufo/hooks/runner.rb

@@ -0,0 +1,37 @@
+module Ufo::Hooks
+  class Runner
+    include Ufo::Utils::Logging
+    include Ufo::Utils::Execute
+
+    attr_reader :hook
+    def initialize(hook)
+      @hook = hook
+      @execute = @hook["execute"]
+    end
+
+    def run
+      case @execute
+      when String
+        execute(@execute, exit_on_fail: @hook["exit_on_fail"])
+      when -> (e) { e.respond_to?(:public_instance_methods) && e.public_instance_methods.include?(:call) }
+        executor = @execute.new
+      when -> (e) { e.respond_to?(:call) }
+        executor = @execute
+      else
+        logger.warn "WARN: execute option not set for hook: #{@hook.inspect}"
+      end
+
+      return unless executor
+
+      meth = executor.method(:call)
+      case meth.arity
+      when 0
+        executor.call # backwards compatibility
+      when 1
+        executor.call(self)
+      else
+        raise "The #{executor} call method definition has been more than 1 arguments and is not supported"
+      end
+    end
+  end
+end

data/lib/ufo/iam_role/dsl.rb

@@ -1,5 +1,5 @@
 module Ufo::IamRole
-  class DSL
+  class Dsl
     include DslEvaluator
     include Ufo::TaskDefinition::Helpers::AwsHelper
 

data/lib/ufo/iam_role/registry.rb

@@ -11,13 +11,13 @@ module Ufo::IamRole
       def register_policy(role_type, policy_name, *statements)
         statements.flatten!
         self.policies[role_type] ||= Set.new
-        self.policies[role_type].add([policy_name, statements]) # using set so DSL can safely be evaluated multiple times
+        self.policies[role_type].add([policy_name, statements]) # using set so Dsl can safely be evaluated multiple times
       end
 
       def register_managed_policy(role_type, *policies)
         policies.flatten!
         self.managed_policies[role_type] ||= Set.new
-        self.managed_policies[role_type].merge(policies) # using set so DSL can safely be evaluated multiple times
+        self.managed_policies[role_type].merge(policies) # using set so Dsl can safely be evaluated multiple times
       end
     end
   end

data/lib/ufo/param.rb

@@ -18,8 +18,7 @@ module Ufo
     memoize :data
 
     def template_scope
-      self # TODO: add access to helpers like network
-      # @template_scope ||= Ufo::TemplateScope.new(Ufo::DSL::Helper.new, nil)
+      self
     end
   end
 end

data/lib/ufo/task_definition/helpers/vars/builder.rb

@@ -37,8 +37,7 @@ module Ufo::TaskDefinition::Helpers::Vars
       ]
       layers.map! { |l| ".ufo/env_files/#{l}#{@ext}" }
       show_layers(layers)
-      layers.select! { |l| File.exist?(l) }
-      layers
+      layers.select { |l| File.exist?(l) }
     end
 
     def show_layers(paths)
@@ -63,7 +62,8 @@ module Ufo::TaskDefinition::Helpers::Vars
 
     def env(ext='.env')
       @ext = ext # assign instance variable so dont have to pass around
-      lines = filtered_lines(content)
+      result = render_erb(content) # tricky: use result instead of content for variable assignment or content method is not called
+      lines = filtered_lines(result)
       lines.map do |line|
         line = line.sub('export ', '') # allow user to use export. ufo ignores it
         key,*value = line.strip.split("=").map do |x|
@@ -97,7 +97,7 @@ module Ufo::TaskDefinition::Helpers::Vars
         value.sub(/^ssm:/i, "arn:aws:ssm:#{region}:#{account}:parameter/")
       when /^secretsmanager:/i
         value.sub(/^secretsmanager:/i, "arn:aws:secretsmanager:#{region}:#{account}:secret:")
-      when '' # blank string will mean use convention
+      when '', *available_providers # blank string will mean use convention
         conventional_pattern(name, value)
       else
         value # assume full arn has been passed
@@ -129,11 +129,11 @@ module Ufo::TaskDefinition::Helpers::Vars
     #      DB_NAME=:APP/:ENV/:SECRET_NAME # expansion will use => demo/dev/DB_NAME
     #
     def conventional_pattern(name, value)
-      secrets = Ufo.config.secrets
-      provider = secrets.provider # ssm or secretsmanager
+      provider = get_provider(value)
       namespace = provider == "ssm" ? "parameter/" : "secret:"
 
-      config_name = "secrets.pattern.#{provider}"
+      field = provider == "secretsmanager" ? "manager_pattern" : "ssm_pattern"
+      config_name = "secrets.#{field}"
       pattern = callable_option(
         config_name: config_name, # Ufo.config.names.stack => :APP-:ROLE-:ENV => demo-web-dev
         passed_args: [self],
@@ -143,6 +143,22 @@ module Ufo::TaskDefinition::Helpers::Vars
       "arn:aws:#{provider}:#{region}:#{account}:#{namespace}#{pattern}"
     end
 
+    # Allows user to override one-off value. IE: DB_PASS=secretsmanager
+    # Note there's no point in disabling this override ability since valueFrom examples a reference.
+    #
+    #     {
+    #       "name": "PASS",
+    #       "valueFrom": "arn:aws:ssm:us-west-2:1111111111111:parameter/demo/dev/PASS"
+    #     }
+    #
+    def get_provider(value)
+      available_providers.include?(value) ? value : Ufo.config.secrets.provider
+    end
+
+    def available_providers
+      %w[ssm secretsmanager]
+    end
+
     def remove_surrounding_quotes(s)
       if s =~ /^"/ && s =~ /"$/
         s.sub(/^["]/, '').gsub(/["]$/,'') # remove surrounding double quotes
@@ -162,5 +178,12 @@ module Ufo::TaskDefinition::Helpers::Vars
       # filter out empty lines
       lines = lines.reject { |l| l.strip.empty? }
     end
+
+    def render_erb(content)
+      path = ".ufo/output/params.erb"
+      FileUtils.mkdir_p(File.dirname(path))
+      IO.write(path, content)
+      RenderMePretty.result(path, context: self)
+    end
   end
 end

data/lib/ufo/version.rb

@@ -1,3 +1,3 @@
 module Ufo
-  VERSION = "6.2.5"
+  VERSION = "6.3.2"
 end

data/spec/ufo/iam_role/builder_spec.rb

@@ -12,7 +12,7 @@ describe Ufo::IamRole::Builder do
       {:Action=>["cloudwatch:PutMetricData"], :Effect=>"Allow", :Resource=>"*"}
     )
     # Called twice on purpose to show that duplicated items in the set wont create doubles.
-    # This allows the DSL evaluate to be ran multiple times.
+    # This allows the Dsl evaluate to be ran multiple times.
     Ufo::IamRole::Registry.register_policy("task_role",
       "CloudwatchWrite",
       {:Action=>["cloudwatch:PutMetricData"], :Effect=>"Allow", :Resource=>"*"}

data/spec/ufo/iam_role/dsl_spec.rb

@@ -1,9 +1,9 @@
-describe Ufo::IamRole::DSL do
+describe Ufo::IamRole::Dsl do
   let(:dsl) { described_class.new(path) }
   let(:path) { "spec/fixtures/iam_roles/task_role.rb" }
 
   context "evaluate" do
-    it "registers policies from role DSL" do
+    it "registers policies from role Dsl" do
       dsl.evaluate
       expect(Ufo::IamRole::Registry.policies).not_to be_empty
       expect(Ufo::IamRole::Registry.managed_policies).not_to be_empty

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ufo
 version: !ruby/object:Gem::Version
-  version: 6.2.5
+  version: 6.3.2
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-03-24 00:00:00.000000000 Z
+date: 2022-03-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-logs
@@ -479,7 +479,11 @@ files:
 - exe/ufo
 - lib/templates/boot_hook/.ufo/config/boot.rb
 - lib/templates/docker/Dockerfile
+- lib/templates/env_file/file.env
+- lib/templates/env_file/file.secrets.tt
 - lib/templates/helper/%underscore_name%_helper.rb.tt
+- lib/templates/hook/docker.rb
+- lib/templates/hook/ufo.rb
 - lib/templates/init/.ufo/config.rb.tt
 - lib/templates/init/.ufo/config/web/base.rb
 - lib/templates/init/.ufo/config/web/dev.rb
@@ -559,6 +563,7 @@ files:
 - lib/ufo/cli/help/init.md
 - lib/ufo/cli/help/logs.md
 - lib/ufo/cli/help/new/boot_hook.md
+- lib/ufo/cli/help/new/hook.md
 - lib/ufo/cli/help/ps.md
 - lib/ufo/cli/help/releases.md
 - lib/ufo/cli/help/rollback.md
@@ -569,7 +574,9 @@ files:
 - lib/ufo/cli/new.rb
 - lib/ufo/cli/new/boot_hook.rb
 - lib/ufo/cli/new/concerns.rb
+- lib/ufo/cli/new/env_file.rb
 - lib/ufo/cli/new/helper.rb
+- lib/ufo/cli/new/hook.rb
 - lib/ufo/cli/new/init.rb
 - lib/ufo/cli/new/sequence.rb
 - lib/ufo/cli/opts.rb
@@ -614,6 +621,10 @@ files:
 - lib/ufo/ext.rb
 - lib/ufo/ext/core/module.rb
 - lib/ufo/ext/core/nil_class.rb
+- lib/ufo/hooks/builder.rb
+- lib/ufo/hooks/concern.rb
+- lib/ufo/hooks/dsl.rb
+- lib/ufo/hooks/runner.rb
 - lib/ufo/iam_role/builder.rb
 - lib/ufo/iam_role/dsl.rb
 - lib/ufo/iam_role/registry.rb