def deploy(self):
atexit.register(self.__cleanup)
check_latest_version()
print("Deploying to account '%s'..." % self._aws_manager.account_alias)
print(colored("Creating deployment bundle for revision '%s'..." % self._build_id, color='cyan'))
deployment_bucket_name = self._service_manager.environment.deployment_bucket
key = "%s/%s.tar.gz" % (self._service_manager.service_name, self._build_id)
existing_revision = self._aws_manager.s3_head(deployment_bucket_name, key)
# Create tmp/nova-deploy directory
self._nova_deploy_dir = tempfile.mkdtemp(prefix="%s-nova-deploy-" % self._service_manager.service_name)
if existing_revision is None:
revision_etag = self.__build_upload_revision(deployment_bucket_name, key)
else:
print(colored("Existing revision found, deploying...", color='green'))
revision_etag = existing_revision.get('ETag')
print(colored("Triggering code-deploy...", color='cyan'))
if self._deploy:
self._aws_manager.create_deployment(
self._code_deploy_app,
self._stack.deployment_group,
revision_etag,
deployment_bucket_name,
key
)
print(colored('CodeDeploy deployment in progress. Please check the AWS console!', color='green'))
else:
print(colored('Deployment not triggered, S3 revision uploaded and registered with CodeDeploy.', color='yellow'))
def __init__(self, stash_key, manager_provider, aws_profile=None, aws_region=None, aws_bucket=None):
check_latest_version()
self._aws_manager = manager_provider.aws_manager(aws_profile, aws_region or 'us-east-1')
if aws_bucket is None:
deployment_bucket_name = 'novastash_%s' % self._aws_manager.account_alias
else:
deployment_bucket_name = aws_bucket
key = "%s.txt.enc" % stash_key
existing_stash = self._aws_manager.s3_get(deployment_bucket_name, key)
if existing_stash is None:
raise NovaError("No stash '%s' found!" % stash_key)
else:
contents = existing_stash['Body'].read()
metadata = existing_stash['Metadata']
encryption_key = metadata['encryption-key']
kms_response = self._aws_manager.kms_decrypt(b64decode(encryption_key), {})
key = kms_response['Plaintext'][:32]
hmac_key = kms_response['Plaintext'][32:]
hmac = HMAC(hmac_key, msg=b64decode(contents), digestmod=SHA256)
if hmac.hexdigest() != metadata['hmac']:
raise NovaError("Computed HMAC on '%s' does not match stored HMAC" % stash_key)
dec_ctr = Counter.new(128)
decryptor = AES.new(key, AES.MODE_CTR, counter=dec_ctr)
print(decryptor.decrypt(b64decode(contents)).decode("utf-8"))
def __init__(self, stash_key, value, manager_provider, aws_profile=None, aws_region=None, aws_bucket=None, kms_key='alias/novastash'):
check_latest_version()
self._aws_manager = manager_provider.aws_manager(aws_profile, aws_region or 'us-east-1')
if aws_bucket is None:
deployment_bucket_name = 'novastash_%s' % self._aws_manager.account_alias
else:
deployment_bucket_name = aws_bucket
if not self._aws_manager.kms_key_exists(kms_key):
raise NovaError("Please setup the novastash KMS key.")
self._aws_manager.create_bucket(deployment_bucket_name, "Creating novastash bucket '%s'" % deployment_bucket_name)
# generate a a 64 byte key.
# Half will be for data encryption, the other half for HMAC
kms_response = self._aws_manager.kms_generate_data_key(kms_key, {})
data_key = tobytes(kms_response['Plaintext'][:32])
hmac_key = tobytes(kms_response['Plaintext'][32:])
wrapped_key = tobytes(kms_response['CiphertextBlob'])
enc_ctr = Counter.new(128)
encryptor = AES.new(data_key, AES.MODE_CTR, counter=enc_ctr)
c_text = encryptor.encrypt(tobytes(value))
# compute an HMAC using the hmac key and the ciphertext
hmac = HMAC(hmac_key, msg=c_text, digestmod=SHA256)
b64hmac = hmac.hexdigest()
key = "%s.txt.enc" % stash_key
existing_stash = self._aws_manager.s3_head(deployment_bucket_name, key)
if existing_stash is None:
print(colored("Stashing '%s'" % stash_key))
self._aws_manager.s3_put(
deployment_bucket_name,
b64encode(c_text).decode('utf-8'),
key,
{'encryption-key': b64encode(wrapped_key).decode('utf-8'), 'hmac': b64hmac}
)
else:
perform_overwrite = query_yes_no("Stash '%s' already exists, want to overwrite?" % stash_key, default="no")
if perform_overwrite:
self._aws_manager.s3_put(
deployment_bucket_name,
b64encode(c_text).decode('utf-8'),
key,
{'encryption-key': b64encode(wrapped_key).decode('utf-8'), 'hmac': b64hmac}
)
else:
print(colored("Not stashing anything for key '%s'" % stash_key))
def deploy(self):
atexit.register(self.__cleanup)
check_latest_version()
print("Deploying to account '%s'..." % self._aws_manager.account_alias)
print(
colored("Creating deployment bundle for revision '%s'..." %
self._build_id,
color='cyan'))
deployment_bucket_name = self._service_manager.environment.deployment_bucket
key = "%s/%s.tar.gz" % (self._service_manager.service_name,
self._build_id)
existing_revision = self._aws_manager.s3_head(deployment_bucket_name,
key)
# Create tmp/nova-deploy directory
self._nova_deploy_dir = tempfile.mkdtemp(
prefix="%s-nova-deploy-" % self._service_manager.service_name)
if existing_revision is None:
revision_etag = self.__build_upload_revision(
deployment_bucket_name, key)
else:
print(
colored("Existing revision found, deploying...",
color='green'))
revision_etag = existing_revision.get('ETag')
print(colored("Triggering code-deploy...", color='cyan'))
if self._deploy:
self._aws_manager.create_deployment(self._code_deploy_app,
self._stack.deployment_group,
revision_etag,
deployment_bucket_name, key)
print(
colored(
'CodeDeploy deployment in progress. Please check the AWS console!',
color='green'))
else:
print(
colored(
'Deployment not triggered, S3 revision uploaded and registered with CodeDeploy.',
color='yellow'))
def __init__(self, aws_profile, environment_name, manager_provider,
cf_template_out=None, nova_descriptor_file=None):
check_latest_version()
print(colored("Creating cloudformation scripts...", color='cyan'))
self.environment_name = environment_name
self._service_manager = NovaServiceLoader(environment_name, nova_descriptor_file)
self._aws_manager = manager_provider.aws_manager(
aws_profile or self._service_manager.environment.aws_profile,
self._service_manager.environment.aws_region
)
self._s3_bucket = 'nova-deployment-templates-%s' % self._aws_manager.account_alias
self.cloudformation_template = self._service_manager.service.to_cfn_template(
self._service_manager.environment,
self._s3_bucket,
self._aws_manager,
cf_template_out
)
def __init__(self, aws_profile, environment_name, manager_provider,
cf_template_out=None, nova_descriptor_file=None, include_docker=True):
check_latest_version()
print("Creating cloudformation scripts...")
self._environment_name = environment_name
self._service_manager = NovaServiceLoader(environment_name, nova_descriptor_file)
self._aws_manager = manager_provider.aws_manager(
aws_profile or self._service_manager.environment.aws_profile,
self._service_manager.environment.aws_region
)
self._s3_bucket = 'nova-deployment-templates-%s' % self._aws_manager.account_alias
self.cloudformation_template = self._service_manager.service.to_cfn_template(
self._service_manager.environment,
self._s3_bucket,
self._aws_manager,
cf_template_out,
include_docker
)
def default(self):
check_latest_version()
self.app.args.print_help()
def default(self):
check_latest_version()
self.app.args.print_help()
def __init__(self,
stash_key,
value,
manager_provider,
aws_profile=None,
aws_region=None,
aws_bucket=None,
kms_key='alias/novastash'):
check_latest_version()
self._aws_manager = manager_provider.aws_manager(
aws_profile, aws_region or 'us-east-1')
if aws_bucket is None:
deployment_bucket_name = 'novastash_%s' % self._aws_manager.account_alias
else:
deployment_bucket_name = aws_bucket
if not self._aws_manager.kms_key_exists(kms_key):
raise NovaError("Please setup the novastash KMS key.")
self._aws_manager.create_bucket(
deployment_bucket_name,
"Creating novastash bucket '%s'" % deployment_bucket_name)
# generate a a 64 byte key.
# Half will be for data encryption, the other half for HMAC
kms_response = self._aws_manager.kms_generate_data_key(kms_key, {})
data_key = tobytes(kms_response['Plaintext'][:32])
hmac_key = tobytes(kms_response['Plaintext'][32:])
wrapped_key = tobytes(kms_response['CiphertextBlob'])
enc_ctr = Counter.new(128)
encryptor = AES.new(data_key, AES.MODE_CTR, counter=enc_ctr)
c_text = encryptor.encrypt(tobytes(value))
# compute an HMAC using the hmac key and the ciphertext
hmac = HMAC(hmac_key, msg=c_text, digestmod=SHA256)
b64hmac = hmac.hexdigest()
key = "%s.txt.enc" % stash_key
existing_stash = self._aws_manager.s3_head(deployment_bucket_name, key)
if existing_stash is None:
print(colored("Stashing '%s'" % stash_key))
self._aws_manager.s3_put(
deployment_bucket_name,
b64encode(c_text).decode('utf-8'), key, {
'encryption-key': b64encode(wrapped_key).decode('utf-8'),
'hmac': b64hmac
})
else:
perform_overwrite = query_yes_no(
"Stash '%s' already exists, want to overwrite?" % stash_key,
default="no")
if perform_overwrite:
self._aws_manager.s3_put(
deployment_bucket_name,
b64encode(c_text).decode('utf-8'), key, {
'encryption-key':
b64encode(wrapped_key).decode('utf-8'),
'hmac': b64hmac
})
else:
print(colored("Not stashing anything for key '%s'" %
stash_key))