App-FargateStack
view release on metacpan or search on metacpan
lib/App/FargateStack/Checker.pm view on Meta::CPAN
package App::FargateStack::Checker;
use strict;
use warnings;
use App::FargateStack::Builder::Utils qw(choose);
use Carp;
use Carp::Always;
use CLI::Simple::Constants qw(:booleans %LOG_LEVELS);
use Data::Dumper;
use English qw(-no_match_vars);
use Getopt::Long qw(GetOptions);
use List::Util qw(any none uniq);
use Text::ASCIITable::EasyTable;
use Sub::Util qw(subname);
use parent qw(CLI::Simple);
__PACKAGE__->use_log4perl( log_level => 'info' );
caller or __PACKAGE__->main();
########################################################################
sub check_fargate_env {
########################################################################
my ($self) = @_;
my @rows;
push @rows, check( $self, \&check_credentials );
push @rows, check( $self, \&check_service_linked_roles );
push @rows, check( $self, \&check_vpc_and_subnets );
push @rows, check( $self, \&check_egress );
push @rows, check( $self, \&check_ecs_permissions );
push @rows, check( $self, \&check_elbv2_permissions );
push @rows, check( $self, \&check_logs_permissions );
push @rows, check( $self, \&check_ecr_access );
push @rows, check( $self, \&check_events_permissions );
push @rows, check( $self, \&check_passrole );
if ( $self->get_dns ) { push @rows, check_route53($self); }
if ( $self->get_https ) { push @rows, check_acm($self); }
if ( $self->get_secrets ) { push @rows, check_secrets_hint($self); }
my $exit = render_table( $self, \@rows );
my ( $caps, $m ) = summarize_capabilities( \@rows );
# Temporary debug to stderr
my %sets = (
'HTTP services' =>
[ 'Credentials', 'VPC/Subnets', 'Egress', 'ECS perms', 'ELBv2 perms', 'CloudWatch Logs perms', 'iam:PassRole' ],
'HTTPS service' =>
[ 'Credentials', 'VPC/Subnets', 'Egress', 'ECS perms', 'ELBv2 perms', 'CloudWatch Logs perms', 'iam:PassRole', 'ACM' ],
'Scheduled tasks' =>
[ 'Credentials', 'VPC/Subnets', 'Egress', 'ECS perms', 'Events perms', 'CloudWatch Logs perms', 'iam:PassRole' ],
'One-shot tasks' => [ 'Credentials', 'VPC/Subnets', 'Egress', 'ECS perms', 'CloudWatch Logs perms', 'iam:PassRole' ],
'Daemon services' => [ 'Credentials', 'VPC/Subnets', 'Egress', 'ECS perms', 'CloudWatch Logs perms', 'iam:PassRole' ],
);
foreach my $cap ( sort keys %sets ) {
my @missing = grep { !exists $m->{$_} } @{ $sets{$cap} };
if (@missing) {
print {*STDERR} sprintf "capability[%s] missing checks: %s\n", $cap, join q{, }, @missing;
}
}
render_capabilities( $caps, $self->get_account, $self->get_region );
return $exit;
}
########################################################################
sub check {
########################################################################
my ( $self, $sub ) = @_;
my ( undef, $name ) = split /_/xsm, subname($sub);
$self->get_logger->info( sprintf 'checking %s...', $name );
return $sub->($self);
}
my %clients;
########################################################################
sub new_client {
########################################################################
my ( $class, @args ) = @_;
return $clients{$class}
if $clients{$class};
my $class_path = $class;
my $options = choose {
return {@args}
if !ref $args[0];
return {
profile => $args[0]->get_profile,
region => $args[0]->get_region,
log_level => $args[0]->get_log_level,
logger => $args[0]->get_logger,
};
};
$class_path =~ s/::/\//gxsm;
( run in 1.693 second using v1.01-cache-2.11-cpan-39bf76dae61 )