Merge pull request #191 from stelligent/release-1.0.3

fix for #187
stelligent · Oct 11, 2017 · d0ddf80 · d0ddf80
2 parents 32e39bc + a479900
commit d0ddf80
Show file tree

Hide file tree

Showing 18 changed files with 104 additions and 84 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -46,9 +46,11 @@ jobs:
       - store_artifacts:
           path: artifacts
 
+      # The second key is for the repo homebrew-tap
       - add_ssh_keys:
           fingerprints:
             - "53:1f:d0:6f:24:2a:bf:cb:92:0f:bc:1e:14:6e:1d:72"
+            - "35:fc:cc:f6:12:88:e2:56:24:17:09:36:3e:53:e6:68"
 
       ## In order for deploy to work, you need an environment variable set in CircleCI named "GITHUB_TOKEN" that contains
       ##  a token created from https://github.com/settings/tokens
@@ -62,12 +64,14 @@ jobs:
           name: Deploy
           command: |
             cd $APP_PATH
+
+            git config --global user.email "[email protected]"
+            git config --global user.name "mu-ci"
+
             if [ "${CIRCLE_BRANCH}" == "develop" ]; then
               make dev-release
+              make formula
             elif [ "${CIRCLE_BRANCH}" == "master" ]; then
               make release
+              make formula
             fi
-
-
-
-
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,4 @@
 .release/
 vendor/
 *~
+homebrew-tap/
diff --git a/Makefile b/Makefile
@@ -121,6 +121,34 @@ ifneq ($(IS_MASTER),)
 	git push --delete origin $(TAG_VERSION)-develop || echo "No pre-release tag to delete"
 endif
 
+formula:
+	rm -rf homebrew-tap
+	git clone [email protected]:stelligent/homebrew-tap.git
+
+	$(eval MAC_URL := https://github.com/stelligent/mu/releases/download/$(TAG_VERSION)/mu-darwin-amd64)
+	$(eval MAC_SHA256 := $(shell curl -L -s $(MAC_URL) | shasum -a 256 | cut -d' ' -f1))
+	$(eval LINUX_URL := https://github.com/stelligent/mu/releases/download/$(TAG_VERSION)/mu-linux-amd64)
+	$(eval LINUX_SHA256 := $(shell curl -L -s $(LINUX_URL) | shasum -a 256 | cut -d' ' -f1))
+
+    # Update formula in mu-cli.rb
+ifeq ($(OS),darwin)
+	sed -i "" 's|.*\( # The MacOS '$(BRANCH)' url\)|    url "'$(MAC_URL)'"\1|g '  homebrew-tap/Formula/mu-cli.rb
+	sed -i "" 's|.*\( # The MacOS '$(BRANCH)' sha256sum\)|    sha256 "'$(MAC_SHA256)'"\1|g' homebrew-tap/Formula/mu-cli.rb
+	sed -i "" 's|.*\( # The Linux '$(BRANCH)' url\)|    url "'$(LINUX_URL)'"\1|g' homebrew-tap/Formula/mu-cli.rb
+	sed -i "" 's|.*\( # The Linux '$(BRANCH)' sha256sum\)|    sha256 "'$(LINUX_SHA256)'"\1|g' homebrew-tap/Formula/mu-cli.rb
+	sed -i "" 's|\(\s*version\).*\( # The '$(BRANCH)' version\)|\1 "'$(VERSION)'"\2|g' homebrew-tap/Formula/mu-cli.rb
+else
+	sed -i"" 's|.*\( # The MacOS '$(BRANCH)' url\)|    url "'$(MAC_URL)'"\1|g '  homebrew-tap/Formula/mu-cli.rb
+	sed -i"" 's|.*\( # The MacOS '$(BRANCH)' sha256sum\)|    sha256 "'$(MAC_SHA256)'"\1|g' homebrew-tap/Formula/mu-cli.rb
+	sed -i"" 's|.*\( # The Linux '$(BRANCH)' url\)|    url "'$(LINUX_URL)'"\1|g' homebrew-tap/Formula/mu-cli.rb
+	sed -i"" 's|.*\( # The Linux '$(BRANCH)' sha256sum\)|    sha256 "'$(LINUX_SHA256)'"\1|g' homebrew-tap/Formula/mu-cli.rb
+	sed -i"" 's|\(\s*version\).*\( # The '$(BRANCH)' version\)|\1 "'$(VERSION)'"\2|g' homebrew-tap/Formula/mu-cli.rb
+endif
+
+	git -C homebrew-tap add Formula/mu-cli.rb
+	git -C homebrew-tap commit -m "auto updated the mu-cli formula for version $(TAG_VERSION) branch $(BRANCH)"
+	git -C homebrew-tap push
+
 clean:
 	@echo "=== cleaning ==="
 	rm -rf $(BUILD_DIR)

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.0.2
+1.0.3
diff --git a/provider/aws/roleset.go b/provider/aws/roleset.go
@@ -232,16 +232,6 @@ func (rolesetMgr *iamRolesetManager) UpsertServiceRoleset(environmentName string
 		"Provider":        envProvider,
 	}
 
-	// Get the bucket name of the revision bucket
-	if envProvider == common.EnvProviderEc2 {
-		bucketStackName := common.CreateStackName(rolesetMgr.context.Config.Namespace, common.StackTypeBucket, "codedeploy")
-		bucketStack := rolesetMgr.context.StackManager.AwaitFinalStatus(bucketStackName)
-		if bucketStack == nil {
-			return fmt.Errorf("unable to find bucket stack named '%s'", bucketStackName)
-		}
-		stackParams["RevisionBucket"] = bucketStack.Outputs["Bucket"]
-	}
-
 	err = rolesetMgr.context.StackManager.UpsertStack(stackName, template, stackParams, stackTags, "")
 	if err != nil {
 		return err

diff --git a/provider/aws/roleset_test.go b/provider/aws/roleset_test.go
@@ -318,12 +318,6 @@ func TestIamRolesetManager_UpsertServiceRoleset_SharedEnv(t *testing.T) {
 			},
 		},
 	}
-	stackManagerMock.On("AwaitFinalStatus", "mu-bucket-codedeploy").Return(&common.Stack{
-		Status: "CREATE_COMPLETE",
-		Outputs: map[string]string{
-			"RevisionBucket": "baz",
-		},
-	}, nil)
 	stackManagerMock.On("AwaitFinalStatus", "mu-environment-env1").Return(&common.Stack{
 		Status: "CREATE_COMPLETE",
 		Tags: map[string]string{
@@ -335,7 +329,7 @@ func TestIamRolesetManager_UpsertServiceRoleset_SharedEnv(t *testing.T) {
 	err := i.UpsertServiceRoleset("env1", "sv1")
 	assert.Nil(err)
 	stackManagerMock.AssertExpectations(t)
-	stackManagerMock.AssertNumberOfCalls(t, "AwaitFinalStatus", 3)
+	stackManagerMock.AssertNumberOfCalls(t, "AwaitFinalStatus", 2)
 	stackManagerMock.AssertNumberOfCalls(t, "UpsertStack", 1)
 }
 

diff --git a/templates/assets.go b/templates/assets.go
diff --git a/templates/assets/bucket.yml b/templates/assets/bucket.yml
@@ -2,17 +2,20 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Description: MU S3 bucket - SHARED BY ALL PIPELINES
 Parameters:
+  Namespace:
+    Type: String
+    Description: Namespace for stack prefixes
   BucketPrefix:
     Type: String
     Description: Prefix to use for the bucket name
 Resources:
   Bucket:
     Type: AWS::S3::Bucket
     Properties:
-      BucketName: !Sub mu-${BucketPrefix}-${AWS::Region}-${AWS::AccountId}
+      BucketName: !Sub ${Namespace}-${BucketPrefix}-${AWS::Region}-${AWS::AccountId}
 Outputs:
   Bucket:
     Description: Name of the pipeline bucket
     Value: !Ref Bucket
     Export:
-      Name: !Sub mu-bucket-${BucketPrefix}
+      Name: !Sub ${Namespace}-bucket-${BucketPrefix}
diff --git a/templates/assets/common-iam.yml b/templates/assets/common-iam.yml
@@ -9,7 +9,7 @@ Resources:
   CloudFormationRole:
     Type: AWS::IAM::Role
     Properties:
-      RoleName: !Sub '${Namespace}-cloudformation-common'
+      RoleName: !Sub '${Namespace}-cloudformation-common-${AWS::Region}'
       AssumeRolePolicyDocument:
         Statement:
         - Effect: Allow
@@ -148,10 +148,10 @@ Resources:
           - Action:
             - iam:PassRole
             Resource:
-            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-environment-*-instance
-            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-environment-*-consul
-            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-consul-*-instance
-            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-consul-*-task
+            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-environment-*-instance-${AWS::Region}
+            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-environment-*-consul-${AWS::Region}
+            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-consul-*-instance-${AWS::Region}
+            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-consul-*-task-${AWS::Region}
             Effect: Allow
       - PolicyName: deploy-service
         PolicyDocument:
@@ -203,10 +203,10 @@ Resources:
           - Action:
             - iam:PassRole
             Resource:
-            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-service-*-task
-            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-service-*-service
-            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-service-*-instance
-            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-service-*-codedeploy
+            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-service-*-task-${AWS::Region}
+            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-service-*-service-${AWS::Region}
+            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-service-*-instance-${AWS::Region}
+            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-service-*-codedeploy-${AWS::Region}
             Effect: Allow
       - PolicyName: deploy-database
         PolicyDocument:

diff --git a/templates/assets/elb.yml b/templates/assets/elb.yml
@@ -140,6 +140,7 @@ Resources:
         - CertificateArn: !Sub "arn:aws:acm:${AWS::Region}:${AWS::AccountId}:certificate/${ElbCert}"
       Port: '443'
       Protocol: HTTPS
+      SslPolicy: 'ELBSecurityPolicy-TLS-1-2-2017-01'
   ElbDefaultTargetGroup:
     Type: AWS::ElasticLoadBalancingV2::TargetGroup
     Properties:

diff --git a/templates/assets/env-iam.yml b/templates/assets/env-iam.yml
@@ -43,7 +43,7 @@ Resources:
     Type: AWS::IAM::Role
     Condition: IsEcsService
     Properties:
-      RoleName: !Sub '${Namespace}-environment-${EnvironmentName}-instance'
+      RoleName: !Sub '${Namespace}-environment-${EnvironmentName}-instance-${AWS::Region}'
       AssumeRolePolicyDocument:
         Statement:
         - Effect: Allow
@@ -100,7 +100,7 @@ Resources:
     Type: AWS::IAM::Role
     Condition: IsConsulEnabled
     Properties:
-      RoleName: !Sub '${Namespace}-environment-${EnvironmentName}-consul'
+      RoleName: !Sub '${Namespace}-environment-${EnvironmentName}-consul-${AWS::Region}'
       AssumeRolePolicyDocument:
         Statement:
         - Effect: Allow
@@ -136,7 +136,7 @@ Resources:
     Type: AWS::IAM::Role
     Condition: IsConsulEnabled
     Properties:
-      RoleName: !Sub '${Namespace}-consul-${EnvironmentName}-instance'
+      RoleName: !Sub '${Namespace}-consul-${EnvironmentName}-instance-${AWS::Region}'
       AssumeRolePolicyDocument:
         Statement:
         - Effect: Allow
@@ -191,7 +191,7 @@ Resources:
     Type: AWS::IAM::Role
     Condition: IsConsulEnabled
     Properties:
-      RoleName: !Sub '${Namespace}-consul-${EnvironmentName}-task'
+      RoleName: !Sub '${Namespace}-consul-${EnvironmentName}-task-${AWS::Region}'
       AssumeRolePolicyDocument:
         Statement:
         - Effect: Allow

diff --git a/templates/assets/pipeline-iam.yml b/templates/assets/pipeline-iam.yml
@@ -74,7 +74,7 @@ Resources:
   CodePipelineRole:
     Type: AWS::IAM::Role
     Properties:
-      RoleName: !Sub '${Namespace}-pipeline-${ServiceName}-codepipeline'
+      RoleName: !Sub '${Namespace}-pipeline-${ServiceName}-codepipeline-${AWS::Region}'
       AssumeRolePolicyDocument:
         Statement:
         - Effect: Allow
@@ -204,7 +204,7 @@ Resources:
     Type: AWS::IAM::Role
     Condition: IsBuildEnabled
     Properties:
-      RoleName: !Sub '${Namespace}-pipeline-${ServiceName}-ci'
+      RoleName: !Sub '${Namespace}-pipeline-${ServiceName}-ci-${AWS::Region}'
       AssumeRolePolicyDocument:
         Statement:
         - Effect: Allow
@@ -268,15 +268,15 @@ Resources:
             - s3:GetObjectVersion
             - s3:PutObject
             Resource:
-            - !Sub arn:aws:s3:::mu-codedeploy-${AWS::Region}-${AWS::AccountId}/*
+            - !Sub arn:aws:s3:::${Namespace}-codedeploy-${AWS::Region}-${AWS::AccountId}/*
             Effect: Allow
 
 
   CodeBuildCDAcptRole:
     Type: AWS::IAM::Role
     Condition: IsAcptEnabled
     Properties:
-      RoleName: !Sub '${Namespace}-pipeline-${ServiceName}-cd-acpt'
+      RoleName: !Sub '${Namespace}-pipeline-${ServiceName}-cd-acpt-${AWS::Region}'
       AssumeRolePolicyDocument:
         Statement:
         - Effect: Allow
@@ -294,14 +294,14 @@ Resources:
           - Action:
             - sts:AssumeRole
             Resource:
-            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-pipeline-${ServiceName}-mu-acpt
+            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-pipeline-${ServiceName}-mu-acpt-${AWS::Region}
             Effect: Allow
 
   CodeBuildCDProdRole:
     Type: AWS::IAM::Role
     Condition: IsProdEnabled
     Properties:
-      RoleName: !Sub '${Namespace}-pipeline-${ServiceName}-cd-prod'
+      RoleName: !Sub '${Namespace}-pipeline-${ServiceName}-cd-prod-${AWS::Region}'
       AssumeRolePolicyDocument:
         Statement:
         - Effect: Allow
@@ -319,14 +319,14 @@ Resources:
           - Action:
             - sts:AssumeRole
             Resource:
-            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-pipeline-${ServiceName}-mu-prod
+            - !Sub arn:aws:iam::${AWS::AccountId}:role/${Namespace}-pipeline-${ServiceName}-mu-prod-${AWS::Region}
             Effect: Allow
 
   MuAcptRole:
     Type: AWS::IAM::Role
     Condition: IsAcptEnabled
     Properties:
-      RoleName: !Sub '${Namespace}-pipeline-${ServiceName}-mu-acpt'
+      RoleName: !Sub '${Namespace}-pipeline-${ServiceName}-mu-acpt-${AWS::Region}'
       AssumeRolePolicyDocument:
         Statement:
         - Effect: Allow
@@ -402,7 +402,7 @@ Resources:
     Type: AWS::IAM::Role
     Condition: IsProdEnabled
     Properties:
-      RoleName: !Sub '${Namespace}-pipeline-${ServiceName}-mu-prod'
+      RoleName: !Sub '${Namespace}-pipeline-${ServiceName}-mu-prod-${AWS::Region}'
       AssumeRolePolicyDocument:
         Statement:
         - Effect: Allow

diff --git a/templates/assets/pipeline.yml b/templates/assets/pipeline.yml
@@ -438,7 +438,8 @@ Resources:
         - !Ref AWS::NoValue
       ArtifactStore:
         Type: S3
-        Location: !ImportValue mu-bucket-codepipeline
+        Location:
+          Fn::ImportValue: !Sub ${Namespace}-bucket-codepipeline
 Outputs:
   CodePipelineUrl:
     Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline}

diff --git a/templates/assets/service-iam.yml b/templates/assets/service-iam.yml
@@ -11,10 +11,6 @@ Parameters:
   ServiceName:
     Type: String
     Description: Name of service used for resource namespace
-  RevisionBucket:
-    Type: String
-    Description: Name of bucket for S3 artifacts
-    Default: ''
   Provider:
     Type: String
     Description: Provider type for services
@@ -36,7 +32,7 @@ Resources:
     Type: AWS::IAM::Role
     Condition: IsEc2Service
     Properties:
-      RoleName: !Sub '${Namespace}-service-${ServiceName}-${EnvironmentName}-codedeploy'
+      RoleName: !Sub '${Namespace}-service-${ServiceName}-${EnvironmentName}-codedeploy-${AWS::Region}'
       AssumeRolePolicyDocument:
         Statement:
         - Effect: Allow
@@ -60,7 +56,7 @@ Resources:
     Type: AWS::IAM::Role
     Condition: IsEc2Service
     Properties:
-      RoleName: !Sub '${Namespace}-service-${ServiceName}-${EnvironmentName}-instance'
+      RoleName: !Sub '${Namespace}-service-${ServiceName}-${EnvironmentName}-instance-${AWS::Region}'
       AssumeRolePolicyDocument:
         Statement:
         - Effect: Allow
@@ -91,8 +87,8 @@ Resources:
             - s3:ListBucketVersions
             - s3:ListMultipartUploadParts
             Resource:
-            - !Sub arn:aws:s3:::${RevisionBucket}
-            - !Sub arn:aws:s3:::${RevisionBucket}/*
+            - !Sub arn:aws:s3:::${Namespace}-codedeploy-${AWS::Region}-${AWS::AccountId}
+            - !Sub arn:aws:s3:::${Namespace}-codedeploy-${AWS::Region}-${AWS::AccountId}/*
           - Effect: Allow
             Action:
             - cloudformation:DescribeStackEvents
@@ -122,7 +118,7 @@ Resources:
     Type: AWS::IAM::Role
     Condition: IsEcsService
     Properties:
-      RoleName: !Sub '${Namespace}-service-${ServiceName}-${EnvironmentName}-service'
+      RoleName: !Sub '${Namespace}-service-${ServiceName}-${EnvironmentName}-service-${AWS::Region}'
       AssumeRolePolicyDocument:
         Statement:
         - Effect: Allow
@@ -139,7 +135,7 @@ Resources:
     Type: AWS::IAM::Role
     Condition: IsEcsService
     Properties:
-      RoleName: !Sub '${Namespace}-service-${ServiceName}-${EnvironmentName}-task'
+      RoleName: !Sub '${Namespace}-service-${ServiceName}-${EnvironmentName}-task-${AWS::Region}'
       AssumeRolePolicyDocument:
         Statement:
         - Effect: Allow

diff --git a/templates/template_test.go b/templates/template_test.go
@@ -81,7 +81,7 @@ Resources:
 
 	finalMap := make(map[interface{}]interface{})
 	err = yaml.Unmarshal(templateBodyBytes.Bytes(), finalMap)
-	assert.Equal("mu-bucket-${BucketPrefix}", nestedMap(finalMap, "Outputs", "Bucket", "Export", "Name")["Fn::Sub"])
+	assert.Equal("${Namespace}-bucket-${BucketPrefix}", nestedMap(finalMap, "Outputs", "Bucket", "Export", "Name")["Fn::Sub"])
 }
 
 func TestTemplate_fixupYaml(t *testing.T) {

diff --git a/wiki b/wiki
diff --git a/workflows/pipeline_upsert.go b/workflows/pipeline_upsert.go
@@ -40,6 +40,7 @@ func (workflow *pipelineWorkflow) pipelineBucket(namespace string, stackUpserter
 		}
 		log.Noticef("Upserting Bucket for CodePipeline")
 		bucketParams := make(map[string]string)
+		bucketParams["Namespace"] = namespace
 		bucketParams["BucketPrefix"] = "codepipeline"
 
 		var pipeTags TagInterface = &PipelineTags{

diff --git a/workflows/service_common.go b/workflows/service_common.go
@@ -214,6 +214,7 @@ func (workflow *serviceWorkflow) serviceBucketUpserter(namespace string, service
 		}
 		log.Noticef("Upserting Bucket for CodeDeploy")
 		bucketParams := make(map[string]string)
+		bucketParams["Namespace"] = namespace
 		bucketParams["BucketPrefix"] = "codedeploy"
 
 		var pipeTags TagInterface = &PipelineTags{
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,3 +3,4 @@ @@
     .release/
     vendor/
     *~
+    homebrew-tap/