Skip to content

Commit

Permalink
Merge pull request #987 from convox/20160805
Browse files Browse the repository at this point in the history 
[RELEASE] 20160805
  • Loading branch information
@ddollar
ddollar authored Aug 5, 2016
2 parents 95555e5 + b054320 commit ec272e2
Show file tree
Hide file tree
Showing 11 changed files with 241 additions and 133 deletions.
13 changes: 12 additions & 1 deletion api/dist/kernel.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,10 @@
"Condition": "Development",
"Value": { "Ref": "EncryptionKey" }
},
"Internal": {
"Condition": "Development",
"Value": { "Ref": "Internal" }
},
"LogGroup": {
"Value": { "Ref": "LogGroup" }
},
Expand Down Expand Up @@ -198,6 +202,12 @@
"Type": "String",
"Default": ""
},
"Internal": {
"Type": "String",
"Description": "Create applications that are only accessible inside the VPC",
"Default": "No",
"AllowedValues": [ "Yes", "No" ]
},
"InstanceBootCommand": {
"Type": "String",
"Description": "A single line of shell script to run as CloudInit command early during instance boot.",
Expand Down Expand Up @@ -1576,7 +1586,7 @@
"Tasks": [
{
"Command": "api/bin/web",
"CPU": { "Ref": "ApiCpu" },
"Cpu": { "Ref": "ApiCpu" },
"Environment": {
"AWS_REGION": { "Ref": "AWS::Region" },
"AWS_ACCESS": { "Ref": "KernelAccess" },
Expand All @@ -1588,6 +1598,7 @@
"DYNAMO_BUILDS": { "Ref": "DynamoBuilds" },
"DYNAMO_RELEASES": { "Ref": "DynamoReleases" },
"ENCRYPTION_KEY": { "Ref": "EncryptionKey" },
"INTERNAL": { "Ref": "Internal" },
"LOG_GROUP": { "Ref": "LogGroup" },
"NOTIFICATION_HOST": { "Fn::GetAtt": [ "Balancer", "DNSName" ] },
"NOTIFICATION_TOPIC": { "Ref": "NotificationTopic"},
Expand Down
1 change: 1 addition & 0 deletions api/models/app.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,7 @@ func (a *App) Create() error {

params := map[string]string{
"Cluster": os.Getenv("CLUSTER"),
"Internal": os.Getenv("INTERNAL"),
"Private": os.Getenv("PRIVATE"),
"Subnets": os.Getenv("SUBNETS"),
"SubnetsPrivate": subnetsPrivate,
Expand Down
34 changes: 16 additions & 18 deletions api/models/release.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -234,32 +234,30 @@ func (r *Release) Promote() error {
proxyParam := fmt.Sprintf("%sPort%dProxy", UpperName(entry.Name), mapping.Balancer)
secureParam := fmt.Sprintf("%sPort%dSecure", UpperName(entry.Name), mapping.Balancer)

app.Parameters[protoParam] = entry.Labels[fmt.Sprintf("convox.port.%d.protocol", mapping.Balancer)]
proto := entry.Labels[fmt.Sprintf("convox.port.%d.protocol", mapping.Balancer)]

// default protocol is tcp, or tls if they have a certificate set
if app.Parameters[protoParam] == "" {
if app.Parameters[certParam] == "" {
app.Parameters[protoParam] = "tcp"
} else {
app.Parameters[protoParam] = "tls"
// if the proto param is set and doesnt match the label, error
if ap, ok := app.Parameters[protoParam]; ok {
if ap != proto {
return fmt.Errorf("%s parameter has been deprecated. Please set the convox.port.%d.protocol label instead", protoParam, mapping.Balancer)
}
}

if entry.Labels[fmt.Sprintf("convox.port.%d.proxy", mapping.Balancer)] == "true" {
app.Parameters[proxyParam] = "Yes"
} else {
app.Parameters[proxyParam] = "No"
// if the proxy param is set and doesnt match the label, error
if ap, ok := app.Parameters[proxyParam]; ok {
if ap == "Yes" && entry.Labels[fmt.Sprintf("convox.port.%d.proxy", mapping.Balancer)] != "true" {
return fmt.Errorf("%s parameter has been deprecated. Please set the convox.port.%d.proxy label instead", proxyParam, mapping.Balancer)
}
}

// only change the secure parameter if a label is set for backwards compat
switch entry.Labels[fmt.Sprintf("convox.port.%d.secure", mapping.Balancer)] {
case "true":
app.Parameters[secureParam] = "Yes"
case "false":
app.Parameters[secureParam] = "No"
// if the secure param is set and doesnt match the label, error
if ap, ok := app.Parameters[secureParam]; ok {
if ap == "Yes" && entry.Labels[fmt.Sprintf("convox.port.%d.secure", mapping.Balancer)] != "true" {
return fmt.Errorf("%s parameter has been deprecated. Please set the convox.port.%d.secure label instead", secureParam, mapping.Balancer)
}
}

switch app.Parameters[protoParam] {
switch proto {
case "https", "tls":
if app.Parameters[certParam] == "" {
name := fmt.Sprintf("cert-%s-%d-%05d", os.Getenv("RACK"), time.Now().Unix(), rand.Intn(100000))
Expand Down
2 changes: 1 addition & 1 deletion api/models/templates.go
View file

Large diffs are not rendered by default.

143 changes: 47 additions & 96 deletions api/models/templates/app.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
{{ template "balancer-conditions" .Manifest }}
{{ template "process-conditions" .Manifest }}
{{ template "registry-conditions" .Manifest }}
"Internal": { "Fn::Equals": [ { "Ref": "Internal" }, "Yes" ] },
"Private": { "Fn::Equals": [ { "Ref": "Private" }, "Yes" ] },
"BlankSecurityGroup" : {"Fn::Equals" : [{"Ref" : "SecurityGroup"}, ""]}
},
Expand Down Expand Up @@ -34,14 +35,20 @@
"Default": "",
"Description": ""
},
"Internal": {
"Type": "String",
"Description": "Only allow access to this app from inside the VPC",
"Default": "No",
"AllowedValues": [ "Yes", "No" ]
},
"Key": {
"Type": "String",
"Default": "",
"Description": ""
},
"Private": {
"Type": "String",
"Description": "Create internal load balancers in private subnets",
"Description": "Use SubnetsPrivate to specify VPC-side load balancer endpoints",
"Default": "No",
"AllowedValues": [ "Yes", "No" ]
},
Expand Down Expand Up @@ -297,11 +304,8 @@
{{ $processName := upper .ProcessName }}
{{ $balancerPrefix := printf "Balancer%s" $processName }}
{{ range .PortMappings }}
"{{ $balancerPrefix }}Port{{ .Balancer }}Proxy": {
"Fn::Equals": [ { "Ref": "{{ $processName }}Port{{ .Balancer }}Proxy" }, "Yes" ]
},
"{{ $balancerPrefix }}Port{{ .Balancer }}Secure": {
"Fn::Equals": [ { "Ref": "{{ $processName }}Port{{ .Balancer }}Secure" }, "Yes" ]
"Blank{{ $balancerPrefix }}Port{{ .Balancer }}Certificate": {
"Fn::Equals": [ { "Ref": "{{ $processName }}Port{{ .Balancer }}Certificate" }, "" ]
},
{{ end }}
{{ end }}
Expand All @@ -311,11 +315,6 @@
{{ range .Balancers }}
{{ $balancer := . }}
{{ range .PortMappings }}
"{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Balancer": {
"Type" : "String",
"Default" : "{{ .Balancer }}",
"Description" : ""
},
"{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Certificate": {
"Type" : "String",
"Default" : "",
Expand All @@ -326,24 +325,6 @@
"Default" : "{{ index $balancer.Randoms (itoa .Balancer) }}",
"Description" : ""
},
"{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Secure": {
"Type" : "String",
"Default" : "No",
"Description" : "",
"AllowedValues": [ "Yes", "No" ]
},
"{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Protocol": {
"Type" : "String",
"Default" : "tls",
"Description" : "",
"AllowedValues": [ "http", "https", "tcp", "tls" ]
},
"{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Proxy": {
"Type" : "String",
"Default" : "No",
"Description" : "",
"AllowedValues": [ "Yes", "No" ]
},
{{ end }}
{{ end }}
{{ end }}
Expand All @@ -359,7 +340,7 @@
{{ range .PortMappings }}
"{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Balancer": {
"Condition": "Enabled{{ upper $balancer.ProcessName }}",
"Value": { "Ref": "{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Balancer" }
"Value": "{{ .Balancer }}"
},
"{{ upper $balancer.ProcessName }}Port{{ .Balancer }}BalancerName": {
"Condition": "Enabled{{ upper $balancer.ProcessName }}",
Expand Down Expand Up @@ -387,8 +368,8 @@
"CidrIp": { "Ref": "VPCCIDR" },
{{ end }}
"IpProtocol": "tcp",
"FromPort": { "Ref": "{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Balancer" },
"ToPort": { "Ref": "{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Balancer" }
"FromPort": "{{ .Balancer }}",
"ToPort": "{{ .Balancer }}"
},
{{ end }}
{ "Ref": "AWS::NoValue" }
Expand All @@ -401,83 +382,54 @@
"Condition": "Enabled{{ upper .ProcessName }}",
"DependsOn": [ "{{ .ResourceName }}SecurityGroup" ],
"Properties": {
{{ if eq .Scheme "internal" }}
"Scheme": "{{ .Scheme }}",
"Subnets": { "Fn::If": [ "Private",
{ "Ref": "SubnetsPrivate" },
{ "Ref": "Subnets" }
] },
{{ else }}
"Subnets": { "Ref": "Subnets" },
{{ end }}
"Scheme": { "Fn::If": [ "Internal",
"internal",
{{ if eq .Scheme "internal" }}
"internal"
{{ else }}
{ "Ref": "AWS::NoValue" }
{{ end }}
] },
"Subnets": { "Fn::If": [ "Private",
{ "Ref": "SubnetsPrivate" },
{ "Ref": "Subnets" }
] },
"ConnectionDrainingPolicy": { "Enabled": true, "Timeout": 60 },
"ConnectionSettings": { "IdleTimeout": "{{ .IdleTimeout }}" },
"CrossZone": true,
"HealthCheck": {
"HealthyThreshold": "2",
"Interval": "{{ .HealthInterval }}",
"Target": {
{{/* Joins to form <protocol>:<port>/<path> */}}
"Fn::Join": [
"",
[
{
{{/* Joins to form <protocol>:<port> */}}
"Fn::Join": [
":",
[
{{ if eq .HealthPath "" }}
{
"Fn::If": [
"Balancer{{ upper $balancer.ProcessName }}Port{{ .HealthPort }}Secure",
{"Fn::FindInMap": ["PortProtocol", "tcp", "SecureInstanceProtocol"]},
{"Fn::FindInMap": ["PortProtocol", "tcp", "InstanceProtocol"]}
]
},
{{ else }}
{
"Fn::If": [
"Balancer{{ upper $balancer.ProcessName }}Port{{ .HealthPort }}Secure",
{"Fn::FindInMap": ["PortProtocol", "http", "SecureInstanceProtocol"]},
{"Fn::FindInMap": ["PortProtocol", "http", "InstanceProtocol"]}
]
},
{{ end }}
{ "Ref": "{{ upper $balancer.ProcessName }}Port{{ .HealthPort }}Host" }
]
]
},
"{{ .HealthPath }}"
]
]
},
"Timeout": "{{ $balancer.HealthTimeout }}",
"Target": { "Fn::Join": [ "", [
"{{ .HealthProtocol }}:",
{ "Ref": "{{ upper .ProcessName }}Port{{ .HealthPort }}Host" },
"{{ .HealthPath }}"
] ] },
"Timeout": "{{ .HealthTimeout }}",
"UnhealthyThreshold": "2"
},
"Listeners": [
{{ range .PortMappings }}
{ "Fn::If": [ "Balancer{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Secure",
{
"Protocol": { "Fn::FindInMap": [ "PortProtocol", { "Ref": "{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Protocol" }, "ListenerProtocol" ] },
"LoadBalancerPort": { "Ref": "{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Balancer" },
"InstanceProtocol": { "Fn::FindInMap": [ "PortProtocol", { "Ref": "{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Protocol" }, "SecureInstanceProtocol" ] },
"InstancePort": { "Ref": "{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Host" },
"SSLCertificateId": { "Ref": "{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Certificate" }
},
{
"Protocol": { "Fn::FindInMap": [ "PortProtocol", { "Ref": "{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Protocol" }, "ListenerProtocol" ] },
"LoadBalancerPort": { "Ref": "{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Balancer" },
"InstanceProtocol": { "Fn::FindInMap": [ "PortProtocol", { "Ref": "{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Protocol" }, "InstanceProtocol" ] },
"InstancePort": { "Ref": "{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Host" },
"SSLCertificateId": { "Ref": "{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Certificate" }
}
] },
{
{{ if $balancer.Protocol . }}
"Protocol": "{{ $balancer.ListenerProtocol . }}",
{{ else }}
"Protocol": { "Fn::If": [ "BlankBalancer{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Certificate", "TCP", "SSL" ] },
{{ end }}
"LoadBalancerPort": "{{ .Balancer }}",
"InstanceProtocol": "{{ $balancer.InstanceProtocol . }}",
"InstancePort": { "Ref": "{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Host" },
"SSLCertificateId": { "Fn::If": [ "BlankBalancer{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Certificate",
{ "Ref": "AWS::NoValue" },
{ "Ref": "{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Certificate" }
] }
},
{{ end }}
{ "Ref": "AWS::NoValue" }
],
"Policies": [
{{ range .PortMappings }}
{ "Fn::If": [ "Balancer{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Proxy",
{{ if $balancer.ProxyProtocol . }}
{
"PolicyName": "EnableProxyProtocol",
"PolicyType": "ProxyProtocolPolicyType",
Expand All @@ -487,8 +439,7 @@
}],
"InstancePorts": [{ "Ref": "{{ upper $balancer.ProcessName }}Port{{ .Balancer }}Host" }]
},
{ "Ref": "AWS::NoValue" }
] },
{{ end }}
{{ end }}
{ "Ref": "AWS::NoValue" }
],
Expand Down
1 change: 1 addition & 0 deletions docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ web:
- DYNAMO_BUILDS
- DYNAMO_RELEASES
- ENCRYPTION_KEY
- INTERNAL
- NOTIFICATION_HOST
- NOTIFICATION_TOPIC
- PASSWORD
Expand Down
Loading

0 comments on commit ec272e2

Please sign in to comment.