ufo 6.3.1 → 6.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f1f60f15e2492a5d8e40c1b0a507e5eac51427963a2d29139235e1eb70d37c24
-  data.tar.gz: e6bc8a65ac678cddcccc000c9b829dfebd94aa91dd664129f7aed7f40310e271
+  metadata.gz: ee25a6ee92c06422088b489aa3f9d27d8fb0dfd229b7bb6e0b0eb2241a4d3902
+  data.tar.gz: f4a8043b8ab3bbb33794d3002d58890d8aa4753ffe3ac4b029432599195e5289
 SHA512:
-  metadata.gz: e90f778cc345554a7ef971268297fd5b5e1969538056384f1bd1b3248aaa1519682f84d6a37b65c59ee70586494ff7111dacc3a8bf72a6bec62251aec63a338a
-  data.tar.gz: 2e0fd1b9d37604c15027f898b74e706e18304362fde5577b05db90190e0b747038a89068819ba9b213a403d3f20e051c4cab0bd7d11887142756b538460e8db5
+  metadata.gz: 76beccace3016451330c40b589fa7c3f95680eff187a667f520eed80c7d4cd90b91667dd06d58288cabf4c5d5acb699cf53ecc6c296dcb48e66504a0c02147ad
+  data.tar.gz: 22700e11a6de03b489deacf6fbde1e7b5652b4048b078b1d3750dfc0f1b083e5e3bbc417057f04d9fe73e48ac609139aea92bc526ae4c33cfdee16253f341db8

data/CHANGELOG.md

@@ -3,6 +3,11 @@
 All notable changes to this project will be documented in this file.
 This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
 
+## [6.3.2] - 2022-03-26
+- [#164](https://github.com/tongueroo/ufo/pull/164) existing elb target group support
+- [#165](https://github.com/tongueroo/ufo/pull/165) improve secrets support
+- [#166](https://github.com/tongueroo/ufo/pull/166) infer elb dns name from target group when possible
+
 ## [6.3.1] - 2022-03-25
 - ufo init: improve vars base.rb
 

data/lib/templates/env_file/file.env

@@ -0,0 +1,2 @@
+# Docs: https://ufoships.com/docs/features/env_files/env/
+KEY=value

data/lib/templates/env_file/file.secrets.tt

@@ -0,0 +1,5 @@
+# Docs: https://ufoships.com/docs/features/env_files/secrets/
+DATABASE_URL # conventional
+# explicit
+USER=ssm:demo/<%= Ufo.env %>/USER
+PASS=ssm:demo/<%= Ufo.env %>/PASS

data/lib/templates/init/.ufo/config.rb.tt

@@ -35,6 +35,5 @@ Ufo.configure do |config|
   # config.logs.filter_pattern = '- "HealthChecker"'
 
   # Docs: https://ufoships.com/docs/config/reference/
-  # You may want to set to false if your docker build and push process takes a while
-  # config.ship.docker.quiet = false # default is true.
+  # config.ship.docker.quiet = true # default is false
 end

data/lib/templates/init/.ufo/vars/base.rb

@@ -7,8 +7,8 @@
 @name = role     # IE: web worker clock
 @image = docker_image # includes the git sha org/repo:ufo-[sha].
 # Docs: https://ufoships.com/docs/helpers/builtin/secrets/
-# @environment = env_file
-# @secrets = secrets_file
+@environment = env_file
+@secrets = secrets_file
 @cpu = 256
 @memory = 256
 @memory_reservation = 256

data/lib/ufo/cfn/stack/builder/resources/dns.rb

@@ -8,7 +8,7 @@ class Ufo::Cfn::Stack::Builder::Resources
         Comment: dns.comment,
         Type: dns.type, # CNAME
         TTL: dns.ttl, # 60 ttl has special casing
-        ResourceRecords: [{"Fn::GetAtt": "Elb.DNSName"}]
+        ResourceRecords: [resource_record]
       }
       # HostedZoneName: yourdomain. # dont forget the trailing period
       props[:HostedZoneName] = hosted_zone_name if hosted_zone_name
@@ -21,6 +21,43 @@ class Ufo::Cfn::Stack::Builder::Resources
     end
 
   private
+    def resource_record
+      existing = Ufo.config.elb.existing
+      if existing.target_group
+        existing_dns_name
+      else
+        {"Fn::GetAtt": "Elb.DNSName"}
+      end
+    end
+
+    def existing_dns_name
+      existing = Ufo.config.elb.existing
+      resp = elb.describe_target_groups(target_group_arns: [existing.target_group])
+      target_group = resp.target_groups.first
+      load_balancer_arns = target_group.load_balancer_arns
+      if load_balancer_arns.size == 1
+        resp = elb.describe_load_balancers(load_balancer_arns: load_balancer_arns)
+        load_balancer = resp.load_balancers.first
+        load_balancer.dns_name
+      else
+        return existing.dns_name if existing.dns_name
+        logger.error "ERROR: config.existing.dns_name must to be set".color(:red)
+        logger.error <<~EOL
+          This target group is associated with multiple load balancers.
+          UFO cannot infer the dns name in this case. You must set:
+
+              config.existing.dns_name
+
+          Info:
+
+              target group: #{existing.target_group}
+              load balancers: #{load_balancer_arns}
+
+        EOL
+        exit 1
+      end
+    end
+
     def dns_name
       return unless dns.domain || dns.name
       name = dns.name # my.domain.com

data/lib/ufo/cfn/stack/builder/resources/listener.rb

@@ -55,8 +55,8 @@ class Ufo::Cfn::Stack::Builder::Resources
         TargetGroupArn: {
           "Fn::If": [
             "ElbTargetGroupIsBlank",
-            {Ref: "TargetGroup"},
-            {Ref: "ElbTargetGroup"}
+            {Ref: "TargetGroup"},   # UFO managed
+            {Ref: "ElbTargetGroup"} # Managed by user outside of UFO
           ]
         }
       }

data/lib/ufo/cfn/stack/vars.rb

@@ -9,10 +9,11 @@ class Ufo::Cfn::Stack
         container: container,
         create_elb: create_elb?, # helps set Ecs DependsOn
         create_listener_ssl: create_listener_ssl?,
-        create_route53: create_elb? && dns_configured?,
+        create_route53: create_route53?,
         default_listener_protocol: default_listener_protocol,
         default_listener_ssl_protocol: default_listener_ssl_protocol,
         default_target_group_protocol: default_target_group_protocol,
+        elb_target_group: elb_target_group,
         elb_type: elb_type,
         new_stack: new_stack,
         rollback_task_definition: rollback_task_definition,
@@ -63,15 +64,30 @@ class Ufo::Cfn::Stack
       elb.ssl.enabled && elb.ssl.certificates
     end
 
+    def create_route53?
+      return false unless dns_configured?
+      if create_elb?
+        true
+      else
+        Ufo.config.elb.existing.target_group
+      end
+    end
+
     def create_elb?
       elb = Ufo.config.elb
-      if elb.enabled.to_s == "auto"
+      if elb.existing.target_group
+        false
+      elsif elb.enabled.to_s == "auto"
         container[:name] == "web" # convention
       else
         elb.enabled # true or false
       end
     end
 
+    def elb_target_group
+      Ufo.config.elb.existing.target_group
+    end
+
     def container
       task_definition = Builder::Resources::TaskDefinition::Reconstructor.new(@task_definition, @options[:rollback]).reconstruct
 

data/lib/ufo/cli/new/env_file.rb

@@ -0,0 +1,18 @@
+class Ufo::CLI::New
+  class EnvFile < Sequence
+    argument :type, default: "env", description: "IE: env or secrets" # description doesnt really show up
+
+    def self.cli_options
+      [
+        [:force, aliases: ["y"], type: :boolean, desc: "Bypass overwrite are you sure prompt for existing files"],
+      ]
+    end
+    cli_options.each { |args| class_option(*args) }
+
+  public
+    def create_hook
+      set_template_source("env_file")
+      template "file.#{type}", ".ufo/config/env_files/#{Ufo.env}.#{type}"
+    end
+  end
+end

data/lib/ufo/cli/new/hook.rb

@@ -11,7 +11,7 @@ class Ufo::CLI::New
 
   public
     def create_hook
-      set_template_source("hooks")
+      set_template_source("hook")
       template "#{type}.rb", ".ufo/config/hooks/#{type}.rb"
     end
   end

data/lib/ufo/cli/new.rb

@@ -7,6 +7,13 @@ class Ufo::CLI
     end
     register(BootHook, "boot_hook", "boot_hook", "Generate boot_hook")
 
+    desc "env_file", "Generate env_file"
+    long_desc Help.text("new/env_file")
+    EnvFile.cli_options.each do |args|
+      option(*args)
+    end
+    register(EnvFile, "env_file", "env_file", "Generate env_file")
+
     desc "helper", "Generate helper"
     long_desc Help.text("new/helper")
     Helper.cli_options.each do |args|

data/lib/ufo/config/parse.rb

@@ -19,10 +19,12 @@ class Ufo::Config
       return false unless config_line # default is false
       config_value = config_line.gsub(/.*=/,'').strip.gsub(/["']/,'')
       case type
-      when :boolean
-        config_value != "false" && config_value != "nil"
       when :array
         eval(config_value) # IE: '["a"]' => ["a"]
+      when :boolean
+        config_value != "false" && config_value != "nil"
+      when :string
+        config_value.sub(/\s+#.*/,'') # remove trailing comment
       else
         raise "Type #{type.inspect} not supported"
       end

data/lib/ufo/config.rb

@@ -63,6 +63,10 @@ module Ufo
       config.elb.default_actions = nil # full override
       config.elb.enabled = "auto" # "auto", true or false
 
+      config.elb.existing = ActiveSupport::OrderedOptions.new
+      config.elb.existing.target_group = nil
+      config.elb.existing.dns_name = nil # for managed route53 records
+
       config.elb.health_check_interval_seconds = 10 # keep at 10 in case of network ELB, which is min 10
       config.elb.health_check_path = nil # When nil its AWS default /
       config.elb.healthy_threshold_count = 3 # The AWS usual default is 5
@@ -111,11 +115,9 @@ module Ufo
       config.ps.summary = true
 
       config.secrets = ActiveSupport::OrderedOptions.new
-      config.secrets.pattern = ActiveSupport::OrderedOptions.new
-      config.secrets.pattern.secretsmanager = ":APP-:ENV-:SECRET_NAME" # => demo-dev-DB_PASS
-      config.secrets.pattern.ssm = ":APP/:ENV/:SECRET_NAME" # => demo/dev/DB_PASS
+      config.secrets.manager_pattern = ":APP/:ENV/:SECRET_NAME" # => demo/dev/DB_PASS
+      config.secrets.ssm_pattern = ":APP/:ENV/:SECRET_NAME" # => demo/dev/DB_PASS
       config.secrets.provider = "ssm" # default provider for conventional expansion IE: ssm or secretsmanager
-      config.secrets.warning = true
 
       config.ship = ActiveSupport::OrderedOptions.new
       config.ship.docker = ActiveSupport::OrderedOptions.new

data/lib/ufo/task_definition/helpers/vars/builder.rb

@@ -37,8 +37,7 @@ module Ufo::TaskDefinition::Helpers::Vars
       ]
       layers.map! { |l| ".ufo/env_files/#{l}#{@ext}" }
       show_layers(layers)
-      layers.select! { |l| File.exist?(l) }
-      layers
+      layers.select { |l| File.exist?(l) }
     end
 
     def show_layers(paths)
@@ -63,7 +62,8 @@ module Ufo::TaskDefinition::Helpers::Vars
 
     def env(ext='.env')
       @ext = ext # assign instance variable so dont have to pass around
-      lines = filtered_lines(content)
+      result = render_erb(content) # tricky: use result instead of content for variable assignment or content method is not called
+      lines = filtered_lines(result)
       lines.map do |line|
         line = line.sub('export ', '') # allow user to use export. ufo ignores it
         key,*value = line.strip.split("=").map do |x|
@@ -97,7 +97,7 @@ module Ufo::TaskDefinition::Helpers::Vars
         value.sub(/^ssm:/i, "arn:aws:ssm:#{region}:#{account}:parameter/")
       when /^secretsmanager:/i
         value.sub(/^secretsmanager:/i, "arn:aws:secretsmanager:#{region}:#{account}:secret:")
-      when '' # blank string will mean use convention
+      when '', *available_providers # blank string will mean use convention
         conventional_pattern(name, value)
       else
         value # assume full arn has been passed
@@ -129,11 +129,11 @@ module Ufo::TaskDefinition::Helpers::Vars
     #      DB_NAME=:APP/:ENV/:SECRET_NAME # expansion will use => demo/dev/DB_NAME
     #
     def conventional_pattern(name, value)
-      secrets = Ufo.config.secrets
-      provider = secrets.provider # ssm or secretsmanager
+      provider = get_provider(value)
       namespace = provider == "ssm" ? "parameter/" : "secret:"
 
-      config_name = "secrets.pattern.#{provider}"
+      field = provider == "secretsmanager" ? "manager_pattern" : "ssm_pattern"
+      config_name = "secrets.#{field}"
       pattern = callable_option(
         config_name: config_name, # Ufo.config.names.stack => :APP-:ROLE-:ENV => demo-web-dev
         passed_args: [self],
@@ -143,6 +143,22 @@ module Ufo::TaskDefinition::Helpers::Vars
       "arn:aws:#{provider}:#{region}:#{account}:#{namespace}#{pattern}"
     end
 
+    # Allows user to override one-off value. IE: DB_PASS=secretsmanager
+    # Note there's no point in disabling this override ability since valueFrom examples a reference.
+    #
+    #     {
+    #       "name": "PASS",
+    #       "valueFrom": "arn:aws:ssm:us-west-2:1111111111111:parameter/demo/dev/PASS"
+    #     }
+    #
+    def get_provider(value)
+      available_providers.include?(value) ? value : Ufo.config.secrets.provider
+    end
+
+    def available_providers
+      %w[ssm secretsmanager]
+    end
+
     def remove_surrounding_quotes(s)
       if s =~ /^"/ && s =~ /"$/
         s.sub(/^["]/, '').gsub(/["]$/,'') # remove surrounding double quotes
@@ -162,5 +178,12 @@ module Ufo::TaskDefinition::Helpers::Vars
       # filter out empty lines
       lines = lines.reject { |l| l.strip.empty? }
     end
+
+    def render_erb(content)
+      path = ".ufo/output/params.erb"
+      FileUtils.mkdir_p(File.dirname(path))
+      IO.write(path, content)
+      RenderMePretty.result(path, context: self)
+    end
   end
 end

data/lib/ufo/version.rb

@@ -1,3 +1,3 @@
 module Ufo
-  VERSION = "6.3.1"
+  VERSION = "6.3.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ufo
 version: !ruby/object:Gem::Version
-  version: 6.3.1
+  version: 6.3.2
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-03-25 00:00:00.000000000 Z
+date: 2022-03-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-logs
@@ -479,9 +479,11 @@ files:
 - exe/ufo
 - lib/templates/boot_hook/.ufo/config/boot.rb
 - lib/templates/docker/Dockerfile
+- lib/templates/env_file/file.env
+- lib/templates/env_file/file.secrets.tt
 - lib/templates/helper/%underscore_name%_helper.rb.tt
-- lib/templates/hooks/docker.rb
-- lib/templates/hooks/ufo.rb
+- lib/templates/hook/docker.rb
+- lib/templates/hook/ufo.rb
 - lib/templates/init/.ufo/config.rb.tt
 - lib/templates/init/.ufo/config/web/base.rb
 - lib/templates/init/.ufo/config/web/dev.rb
@@ -572,6 +574,7 @@ files:
 - lib/ufo/cli/new.rb
 - lib/ufo/cli/new/boot_hook.rb
 - lib/ufo/cli/new/concerns.rb
+- lib/ufo/cli/new/env_file.rb
 - lib/ufo/cli/new/helper.rb
 - lib/ufo/cli/new/hook.rb
 - lib/ufo/cli/new/init.rb