ufo 6.3.3 → 6.3.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0b97f721b8915f665745b998087e612bb4bae0cc7f2a4046a9efe8492e2eac0c
-  data.tar.gz: b093ecdafedad9522784798d331256112efdcfabce099c97b980d03a7ddc4e09
+  metadata.gz: 586d1502a32e9d1e3aa5a8447371c5b9fc854f189a841b9a822ce2cef4156c0b
+  data.tar.gz: 03607a2573b1a27c245f2b42614589513250fa91f2c8c69b5f8767664083aeb9
 SHA512:
-  metadata.gz: 787c7cb0f1818a34bdba0e4a075ca428cefc53b5c51fde23deda1fdd180eb12a845af279d6793743dd867ca7be68122366d104d7a56b6c94ed1742f3c7938a2b
-  data.tar.gz: 1e1a58d83901bf2218faad41263e51095022b1db1fc138cad9502b9c49da08131490b8d649b22e07027cae2ba61782d5a3c1bddc14789675e537b2b2254e6e71
+  metadata.gz: b9b72a9063f47a628cf5455f91a9db1f6db89e74416b54a30cd21724a010d4bd040e31b48caf4d2fec381e88d06d4efb8e8202b3d31e2ac7d8913e38a669ec1b
+  data.tar.gz: 29d841dd38e9ba2b2132adf00689b9e39eb34dcf3436601d70f7d78675f9b4eece5f08739a29ac9bfd6c0f3762ec4867d72ea9df1b681fe77f04290da3c498af

data/CHANGELOG.md

@@ -3,6 +3,17 @@
 All notable changes to this project will be documented in this file.
 This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
 
+## [6.3.6] - 2022-04-29
+- [#172](https://github.com/tongueroo/ufo/pull/172) support multiple ssl certs
+
+## [6.3.5] - 2022-04-28
+- [#171](https://github.com/tongueroo/ufo/pull/171) default unhealthy_threshold_count = 3
+
+## [6.3.4] - 2022-04-27
+- [#168](https://github.com/tongueroo/ufo/pull/168) ufo ps: show multiple container names
+- [#169](https://github.com/tongueroo/ufo/pull/169) ufo logs improvements
+- [#170](https://github.com/tongueroo/ufo/pull/170) infer ecs managed sg based on awsvpc network mode
+
 ## [6.3.3] - 2022-03-27
 - [#167](https://github.com/tongueroo/ufo/pull/167) fix edge case include_dir for ruby 2.7
 - remove update_dockerignore

data/lib/ufo/cfn/stack/builder/base.rb

@@ -18,22 +18,23 @@ class Ufo::Cfn::Stack::Builder
     def security_groups(type)
       group_ids = Ufo.config.vpc.security_groups[type] || []
       # no security groups at all
-      return if !managed_security_groups? && group_ids.blank?
+      return if type == :ecs && !manage_ecs_security_group? && group_ids.blank?
 
       groups = []
       groups += group_ids
-      groups += [managed_security_group(type.to_s.camelize)] if managed_security_groups?
+      groups += [managed_security_group(type)] if manage_ecs_security_group? || type == :elb
       groups
     end
 
     def managed_security_group(type)
-      logical_id = managed_security_groups? ? "#{type.camelize}SecurityGroup" : "AWS::NoValue"
+      logical_id = type == :elb || manage_ecs_security_group? ? "#{type.to_s.camelize}SecurityGroup" : "AWS::NoValue"
       {Ref: logical_id}
     end
 
-    def managed_security_groups?
-      managed = Ufo.config.vpc.security_groups.managed
-      managed.nil? ? true : managed
+    # With network mode is awsvpc always create UFO managed ECS security group
+    # With bridge mode, never create as there's no point.
+    def manage_ecs_security_group?
+      vars[:container][:network_mode].to_s == 'awsvpc'
     end
 
     def self.build(options={})

data/lib/ufo/cfn/stack/builder/resources/listener_certificate.rb

@@ -0,0 +1,30 @@
+class Ufo::Cfn::Stack::Builder::Resources
+  class ListenerCertificate < ListenerSsl
+    def build
+      return unless certificates.size >= 1 # already removed firt cert
+      {
+        Type: "AWS::ElasticLoadBalancingV2::ListenerCertificate",
+        Condition: "CreateElbIsTrue",
+        Properties: properties,
+      }
+    end
+
+    def properties
+      {
+        Certificates: certificates,
+        ListenerArn: {Ref: "ListenerSsl"}
+      }
+    end
+
+    def certificates
+      ssl = Ufo.config.elb.ssl
+      certs = normalize(ssl.certificates) if ssl.certificates
+      # CloudFormation has weird interface
+      # Only one cert allowed at the AWS::ElasticLoadBalancingV2::Listener
+      # https://stackoverflow.com/questions/54447250/how-to-set-multiple-certificates-for-awselasticloadbalancingv2listener
+      # Also note the docs say "You can specify one certificate per resource."
+      # But tested and multiple certs here work
+      certs[1..-1] # dont include the first one
+    end
+  end
+end

data/lib/ufo/cfn/stack/builder/resources/listener_ssl.rb

@@ -7,7 +7,10 @@ class Ufo::Cfn::Stack::Builder::Resources
 
     def properties
       props = super
-      props[:Certificates] = certificates
+      # CloudFormation has weird interface
+      # Only one cert allowed at the AWS::ElasticLoadBalancingV2::Listener
+      # https://stackoverflow.com/questions/54447250/how-to-set-multiple-certificates-for-awselasticloadbalancingv2listener
+      props[:Certificates] = [certificates.first] # first one only
       props
     end
 

data/lib/ufo/cfn/stack/builder/resources/security_group/ecs.rb

@@ -1,7 +1,8 @@
 module Ufo::Cfn::Stack::Builder::Resources::SecurityGroup
   class Ecs < Base
     def build
-      return unless managed_security_groups?
+      return unless manage_ecs_security_group?
+      return unless vars[:container][:network_mode].to_s == 'awsvpc'
 
       {
         Type: "AWS::EC2::SecurityGroup",

data/lib/ufo/cfn/stack/builder/resources/security_group/ecs_rule.rb

@@ -1,8 +1,7 @@
 module Ufo::Cfn::Stack::Builder::Resources::SecurityGroup
   class EcsRule < Base
     def build
-      return unless managed_security_groups?
-      return unless vars[:elb_type] == "application"
+      return unless manage_ecs_security_group?
 
       {
         Type: "AWS::EC2::SecurityGroupIngress",

data/lib/ufo/cfn/stack/builder/resources/security_group/elb.rb

@@ -1,7 +1,7 @@
 module Ufo::Cfn::Stack::Builder::Resources::SecurityGroup
   class Elb < Base
     def build
-      return unless managed_security_groups?
+      # Always create elb security group it seems like its required
       return unless vars[:elb_type] == "application"
 
       {

data/lib/ufo/cfn/stack/builder/resources.rb

@@ -10,6 +10,7 @@ class Ufo::Cfn::Stack::Builder
         ElbSecurityGroup: SecurityGroup::Elb.build(@options),
         ExecutionRole: IamRoles::ExecutionRole.build(@options),
         Listener: Listener.build(@options),
+        ListenerCertificate: ListenerCertificate.build(@options),
         ListenerSsl: ListenerSsl.build(@options),
         TargetGroup: TargetGroup.build(@options),
         TaskDefinition: TaskDefinition.build(@options),

data/lib/ufo/cli/logs.rb

@@ -6,11 +6,11 @@ class Ufo::CLI
 
     def run
       log = find_log_group_name
-      puts "Showing logs for stack: #{@stack_name} log group: #{log["awslogs-group"]} and stream prefix: #{log["awslogs-stream-prefix"]}"
+      logger.info "Showing logs for stack: #{@stack_name} log group: #{log["awslogs-group"]} and stream prefix: #{log["awslogs-stream-prefix"]}"
       if log
         cloudwatch_tail(log)
       else
-        puts "Unable to find log group for service: #{service.service_name}"
+        logger.info "Unable to find log group for service: #{service.service_name}"
       end
     end
 
@@ -24,22 +24,40 @@ class Ufo::CLI
 
       container_definitions = resp.task_definition.container_definitions
 
-      unless container_definitions.size == 1
-        puts "ERROR: ufo logs command only supports 1 container definition in the ECS task definition".color(:red)
-        return
+      if container_definitions.size > 1 && !@options[:container]
+        logger.info "Multiple containers found. ufo logs will use the first container."
+        logger.info "You can also use the --container option to set the container to use."
+      end
+
+      definition = if @options[:container]
+                     container_definitions.find do |c|
+                       c.name == @options[:container]
+                     end
+                   else
+                     container_definitions.first
+                   end
+
+      unless definition
+        logger.error "ERROR: unable to find a container".color(:red)
+        logger.error "You specified --container #{@options[:container]}" if @options[:container]
+        exit
       end
 
-      definition = container_definitions.first
       log_conf = definition.log_configuration
+      unless log_conf
+        logger.error "ERROR: Unable to find a log_configuration for container: #{definition.name}".color(:red)
+        logger.error "You specified --container #{@options[:container]}" if @options[:container]
+        exit 1
+      end
 
-      if log_conf && log_conf.log_driver == "awslogs"
+      if log_conf.log_driver == "awslogs"
         # options["awslogs-group"]
         # options["awslogs-region"]
         # options["awslogs-stream-prefix"]
         log_conf.options
       else
-        puts "Only supports awslogs driver. Detected log_driver: #{log_conf.log_driver}"
-        return
+        logger.error "ERROR: Only supports awslogs driver. Detected log_driver: #{log_conf.log_driver}".color(:red)
+        exit 1 unless ENV['UFO_TEST']
       end
     end
 

data/lib/ufo/cli/ps/task.rb

@@ -16,12 +16,36 @@ class Ufo::CLI::Ps
 
     def name
       container_overrides = @task.dig("overrides", "container_overrides")
-      overrides = container_overrides.first # assume first is one we want
-      overrides["name"] if overrides # PENDING wont yet have info
+      overrides = container_overrides # assume first is one we want
+      if !overrides.empty? # PENDING wont yet have info
+        overrides.map { |i| i["name"]  }.join(',')
+      else
+        container_names
+      end
     rescue NoMethodError
-      container = @task["containers"].first
-      container["name"] if container # PENDING wont yet have info
+      container_names
+    end
+
+    # PENDING wont yet have any containers yet but since using task definition we're ok
+    def container_names
+      task_definition = task_definition(@task.task_definition_arn)
+      names = task_definition.container_definitions.map do |container_definition|
+        container_definition.name
+      end
+      names.join(',')
+    end
+
+    # ECS inconsistently returns the container names in random order
+    # Look up the names from the task definition to try and get right order
+    # This still seems to return inconsistently.
+    # IE: Not the order that was defined in the task definition originally
+    def task_definition(task_definition_arn)
+      resp = ecs.describe_task_definition(
+        task_definition: task_definition_arn,
+      )
+      resp.task_definition
     end
+    memoize :task_definition
 
     def container_instance_arn
       @task['container_instance_arn'].split('/').last

data/lib/ufo/cli.rb

@@ -64,6 +64,7 @@ module Ufo
     option :since, desc: "From what time to begin displaying logs.  By default, logs will be displayed starting from 1 minutes in the past. The value provided can be an ISO 8601 timestamp or a relative time."
     option :format, default: "short", desc: "The format to display the logs. IE: detailed or short.  With detailed, the log stream name is also shown."
     option :filter_pattern, desc: "The filter pattern to use. If not provided, all the events are matched"
+    option :container, aliases: :c, desc: "Container name to show logs for. Only needed when ECS task multiple containers"
     def logs
       Logs.new(options).run
     end

data/lib/ufo/config.rb

@@ -70,7 +70,7 @@ module Ufo
       config.elb.health_check_interval_seconds = 10 # keep at 10 in case of network ELB, which is min 10
       config.elb.health_check_path = nil # When nil its AWS default /
       config.elb.healthy_threshold_count = 3 # The AWS usual default is 5
-      config.elb.unhealthy_threshold_count = 2
+      config.elb.unhealthy_threshold_count = 3
 
       config.elb.port = 80 # default listener port
       config.elb.redirect = ActiveSupport::OrderedOptions.new
@@ -138,7 +138,6 @@ module Ufo
       config.vpc.security_groups = ActiveSupport::OrderedOptions.new
       config.vpc.security_groups.ecs = nil
       config.vpc.security_groups.elb = nil
-      config.vpc.security_groups.managed = true
       config.vpc.subnets = ActiveSupport::OrderedOptions.new
       config.vpc.subnets.ecs = nil
       config.vpc.subnets.elb = nil

data/lib/ufo/info.rb

@@ -23,9 +23,18 @@ module Ufo
       load_balancer = service.load_balancers.first
       return unless load_balancer
 
-      resp = elb.describe_target_groups(
-        target_group_arns: [load_balancer.target_group_arn]
-      )
+      begin
+        resp = elb.describe_target_groups(
+          target_group_arns: [load_balancer.target_group_arn]
+        )
+      rescue Aws::ElasticLoadBalancingV2::Errors::TargetGroupNotFound
+        # Super edge case when:
+        # 1. deploy with ELB
+        # 2. deploy again without ELB
+        # 3. ECS service sometimes still thinks there's an ELB
+        # Error: https://gist.github.com/tongueroo/dc41f408e65414ab5ee864d0d738d81a
+        return
+      end
       target_group = resp.target_groups.first
       load_balancer_arn = target_group.load_balancer_arns.first # assume first only
       return unless load_balancer_arn # can occur while stack is being deleted

data/lib/ufo/version.rb

@@ -1,3 +1,3 @@
 module Ufo
-  VERSION = "6.3.3"
+  VERSION = "6.3.6"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ufo
 version: !ruby/object:Gem::Version
-  version: 6.3.3
+  version: 6.3.6
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-03-27 00:00:00.000000000 Z
+date: 2022-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-logs
@@ -516,6 +516,7 @@ files:
 - lib/ufo/cfn/stack/builder/resources/iam_roles/execution_role.rb
 - lib/ufo/cfn/stack/builder/resources/iam_roles/task_role.rb
 - lib/ufo/cfn/stack/builder/resources/listener.rb
+- lib/ufo/cfn/stack/builder/resources/listener_certificate.rb
 - lib/ufo/cfn/stack/builder/resources/listener_ssl.rb
 - lib/ufo/cfn/stack/builder/resources/scaling/base.rb
 - lib/ufo/cfn/stack/builder/resources/scaling/policy.rb
@@ -716,7 +717,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.10
+rubygems_version: 3.3.12
 signing_key: 
 specification_version: 4
 summary: AWS ECS Deploy Tool