Support stack policy on stack-update

rwittrick · Apr 19, 2016 · e447f51 · e447f51
1 parent 63701dd
commit e447f51
Show file tree

Hide file tree

Showing 5 changed files with 59 additions and 10 deletions.
diff --git a/samples/06-cloudformation/build.gradle b/samples/06-cloudformation/build.gradle
@@ -3,6 +3,7 @@
 buildscript {
 	repositories {
 		mavenCentral()
+		mavenLocal()
 		maven { url "https://plugins.gradle.org/m2/" }
 	}
 	dependencies {
@@ -56,6 +57,9 @@ cloudFormation {
 	templateFile project.file('src/main/cloudformation/06-cloudformation.template')
 	templateBucket "cf-templates-1r72h3gknbax2-${aws.region}"
 	templateKeyPrefix "06-cloudformation"
+	stackPolicyFile project.file('src/main/cloudformation/stackpolicy.json')
+	stackPolicyBucket "cf-templates-1r72h3gknbax2-${aws.region}"
+	stackPolicyKeyPrefix "06-cloudformation"
 	stackName "gradlecfn"
 	conventionMapping.stackParams = {
 		def stackParams
@@ -68,7 +72,7 @@ cloudFormation {
 			// default values
 			stackParams = [
 				KeyName: "sample-key",
-				EnvironmentType: "development"
+				EnvironmentType: "local"
 			]
 		}
 		if (project.uploadBundle.didWork) {
@@ -126,5 +130,6 @@ task awsFullUndeploy(dependsOn: awsCfnDeleteStackAndWaitCompleted) {
 
 awsCfnMigrateStack.mustRunAfter uploadBundle
 awsCfnMigrateStack.dependsOn awsCfnUploadTemplate
+awsCfnMigrateStack.dependsOn awsCfnUploadStackPolicy
 awsCfnWaitStackComplete.loopTimeout = 10800 // = 3hr
 awsCfnWaitStackDeleted.loopTimeout = 10800 // = 3hr
diff --git a/samples/06-cloudformation/src/main/cloudformation/stackpolicy.json b/samples/06-cloudformation/src/main/cloudformation/stackpolicy.json
@@ -0,0 +1,10 @@
+{
+  "Statement" : [
+    {
+      "Effect" : "Allow",
+      "Action" : "Update:*",
+      "Principal": "*",
+      "Resource" : "*"
+    }
+  ]
+}
diff --git a/...n/java/jp/classmethod/aws/gradle/cloudformation/AmazonCloudFormationMigrateStackTask.java b/...n/java/jp/classmethod/aws/gradle/cloudformation/AmazonCloudFormationMigrateStackTask.java
@@ -29,6 +29,8 @@
 import com.amazonaws.AmazonServiceException;
 import com.amazonaws.services.cloudformation.AmazonCloudFormation;
 import com.amazonaws.services.cloudformation.model.Capability;
+import com.amazonaws.services.cloudformation.model.CreateChangeSetRequest;
+import com.amazonaws.services.cloudformation.model.CreateChangeSetResult;
 import com.amazonaws.services.cloudformation.model.CreateStackRequest;
 import com.amazonaws.services.cloudformation.model.CreateStackResult;
 import com.amazonaws.services.cloudformation.model.DeleteStackRequest;
@@ -56,7 +58,7 @@ public class AmazonCloudFormationMigrateStackTask extends ConventionTask {
 	private boolean capabilityIam;
 
 	@Getter @Setter
-	private String stackPolicyUrl;
+	private String cfnStackPolicyUrl;
 
 	@Getter @Setter
 	private List<String> stableStatuses = Arrays.asList(
@@ -110,21 +112,21 @@ private void updateStack(AmazonCloudFormation cfn) {
 		String stackName = getStackName();
 		String cfnTemplateUrl = getCfnTemplateUrl();
 		List<Parameter> cfnStackParams = getCfnStackParams();
-		String stackPolicyUrl = getStackPolicyUrl();
+		String cfnStackPolicyUrl = getCfnStackPolicyUrl();
 
-		getLogger().info("update stack: {}", stackName);
+		getLogger().info("Update stack: {}", stackName);
 		UpdateStackRequest req = new UpdateStackRequest()
 				.withStackName(stackName)
 				.withTemplateURL(cfnTemplateUrl)
 				.withParameters(cfnStackParams);
 		if (isCapabilityIam()) {
 			req.setCapabilities(Arrays.asList(Capability.CAPABILITY_IAM.toString()));
 		}
-		if (Strings.isNullOrEmpty(stackPolicyUrl)== false) {
-			req.setStackPolicyURL(stackPolicyUrl);
+		if (Strings.isNullOrEmpty(cfnStackPolicyUrl)== false) {
+			req.setStackPolicyURL(cfnStackPolicyUrl);
 		}
 		UpdateStackResult updateStackResult = cfn.updateStack(req);
-		getLogger().info("update requested: {}", updateStackResult.getStackId());
+		getLogger().info("Update requested: {}", updateStackResult.getStackId());
 	}
 
 	private void deleteStack(AmazonCloudFormation cfn) throws InterruptedException {
@@ -142,7 +144,7 @@ private void createStack(AmazonCloudFormation cfn) {
 		String stackName = getStackName();
 		String cfnTemplateUrl = getCfnTemplateUrl();
 		List<Parameter> cfnStackParams = getCfnStackParams();
-		String stackPolicyUrl = getStackPolicyUrl();
+		String cfnStackPolicyUrl = getCfnStackPolicyUrl();
 
 		getLogger().info("create stack: {}", stackName);
 
@@ -153,8 +155,8 @@ private void createStack(AmazonCloudFormation cfn) {
 		if (isCapabilityIam()) {
 			req.setCapabilities(Arrays.asList(Capability.CAPABILITY_IAM.toString()));
 		}
-		if (Strings.isNullOrEmpty(stackPolicyUrl)== false) {
-			req.setStackPolicyURL(stackPolicyUrl);
+		if (Strings.isNullOrEmpty(cfnStackPolicyUrl)== false) {
+			req.setStackPolicyURL(cfnStackPolicyUrl);
 		}
 		CreateStackResult createStackResult = cfn.createStack(req);
 		getLogger().info("create requested: {}", createStackResult.getStackId());

diff --git a/src/main/java/jp/classmethod/aws/gradle/cloudformation/AmazonCloudFormationPlugin.java b/src/main/java/jp/classmethod/aws/gradle/cloudformation/AmazonCloudFormationPlugin.java
@@ -61,10 +61,25 @@ private void applyTasks(Project project) {
 					});
 				});
 
+		AmazonS3FileUploadTask awsCfnUploadPolicy =
+				project.getTasks().create("awsCfnUploadStackPolicy", AmazonS3FileUploadTask.class, task -> {
+					task.setDescription("Upload cfn stack policy file to the Amazon S3 bucket.");
+					task.conventionMapping("file", () -> cfnExt.getStackPolicyFile());
+					task.conventionMapping("bucketName", () -> cfnExt.getStackPolicyBucket());
+					task.conventionMapping("key", () -> {
+						String name = cfnExt.getStackPolicyFile().getName();
+						return createKey(name, project.getVersion(), cfnExt.getStackPolicyKeyPrefix());
+					});
+					task.doLast(t -> {
+						cfnExt.setStackPolicyURL(((AmazonS3FileUploadTask) t).getResourceUrl());
+					});
+				});
+
 		AmazonCloudFormationMigrateStackTask awsCfnMigrateStack = project.getTasks()
 				.create("awsCfnMigrateStack", AmazonCloudFormationMigrateStackTask.class, task -> {
 					task.setDescription("Create/Migrate cfn stack.");
 					task.mustRunAfter(awsCfnUploadTemplate);
+					task.mustRunAfter(awsCfnUploadPolicy);
 					task.conventionMapping("stackName", () -> cfnExt.getStackName());
 					task.conventionMapping("capabilityIam", () -> cfnExt.isCapabilityIam());
 					task.conventionMapping("cfnStackParams", () -> cfnExt.getStackParams().entrySet().stream()
@@ -73,6 +88,7 @@ private void applyTasks(Project project) {
 									.withParameterValue(it.getValue().toString()))
 							.collect(Collectors.toList()));
 					task.conventionMapping("cfnTemplateUrl", () -> cfnExt.getTemplateURL());
+					task.conventionMapping("cfnStackPolicyUrl", () -> cfnExt.getStackPolicyURL());
 				});
 
 		project.getTasks().create("awsCfnWaitStackReady", AmazonCloudFormationWaitStackStatusTask.class, task -> {

diff --git a/...in/java/jp/classmethod/aws/gradle/cloudformation/AmazonCloudFormationPluginExtension.java b/...in/java/jp/classmethod/aws/gradle/cloudformation/AmazonCloudFormationPluginExtension.java
@@ -83,6 +83,22 @@ public class AmazonCloudFormationPluginExtension {
 	@Setter
 	private String templateKeyPrefix;
 
+	@Getter
+	@Setter
+	private String stackPolicyURL;
+
+	@Getter
+	@Setter
+	private File stackPolicyFile;
+
+	@Getter
+	@Setter
+	private String stackPolicyBucket;
+
+	@Getter
+	@Setter
+	private String stackPolicyKeyPrefix;
+
 	@Getter
 	@Setter
 	private boolean capabilityIam;