Changelog for Touchdown
=======================

0.0.30 (2015-09-07)
-------------------

- Add database snapshot goal and command::

    touchdown snapshot DB_NAME SNAPSHOT_NAME


0.0.29 (2015-08-27)
-------------------

- Now requires at least fuselage 0.0.10 to ensure that we don't hit corner
  cases in streaming unicode output from execute resources.

- Simplifies string handling in ssh client to avoid yet more unicode handling
  edge cases.


0.0.28 (2015-08-24)
-------------------

- Support streaming log output to CloudWatch logs instead of (or as well as) the console.

- Output information about remaining tasks so that long running tasks don't
  look like they are hung. This is useful in Travis CI where the silence causes
  builds/deployments to be terminated.

- Better error handling for parallel cases.


0.0.27 (2015-07-31)
-------------------

- Fix planning phase of auto scaling policy creation for empty environments.

- Fix tearing down autoscaling policies.

- Fix tearing down log metric filters.


0.0.26 (2015-07-27)
-------------------

- Add CloudWatch Logs MetricFilter resources. This allows metrics to be
  creating from a log stream.

- Drop the Metric resource.


0.0.25 (2015-07-23)
-------------------

- Fix creating dummy metric.


0.0.24 (2015-07-22)
-------------------

- Fix alarm changes not applying and fix finding alarms when dimensions are involved.

- Wait longer to copy AMI's between regions.


0.0.23 (2015-07-14)
-------------------

- Stop network ACLs applying every time


0.0.22 (2015-06-29)
-------------------

- Add support for ICMP in Network ACLs


0.0.21 (2015-06-26)
-------------------

- Add support for CloudTrail.

- Add support for CloudWatch Alarms.

- Add support for auto scaling policies.

- Override waiters for cloudfront. Double the amount of time we will wait for a
  distributiion to be 'Deployed' as 25 is too low in practice.


0.0.20 (2015-06-23)
-------------------

- More graceful handling of KeyboardInterrupt.

- Fix cache corruption issue.

- Workaround some potential eventual consitency issues with RouteTable and
  NetworkACL. Observed behaviour is that after creating them they arent visible
  to the describe API. Then they are. Then they arent. Then they are.

- Fix the Windows version of the local provider by runnign the bundle under an
  interpreter.


0.0.19 (2015-06-15)
-------------------

- Add AWS password policy management. This lets you enforce password complexity
  for your IAM users.

- Add a 'touchdown get-signin-url' command.

- Better 'touchdown dot' output.

- Fix ``Y/n`` confirmation so that ``Y`` really is the default.

- #43 - Fix documentation and validation around Subnet ``cidr_block`` -
  ``192.168.0.1/24`` isn't a valid cidr.

- A resource acquired with ``Foo.get_bar`` will not be considered for deletion
  by ``touchdown destroy``.


0.0.18 (2015-06-11)
-------------------

- Fix a conflict between IAM policies and Resource policies. Resource policies
  are now specified using ``ensure``::

      aws.add_role(
          name="myrole",
          ensure=["never-destroy"],
          assume_role_policy={...},
          policies={
              "mypolicy": {
                  "Statement": [{
                      "Effect": "Allow",
                      "Action": "*",
                      "Resource": "*",
                  }],
              },
          },
      )

- Fix a conflict between ``Plan.validate`` and ``Rollback.validate`` which
  caused a regression in the ``rollback`` command.


0.0.17 (2015-06-10)
-------------------

- Fix an edge case where using mfa, cross account roles and image_copy.


0.0.16 (2015-06-10)
-------------------

- Can now do use MFA and cross-account roles to do deployments in other
  accounts. If you set up your Touchdownfile with::

      aws = workspace.add_aws(
          access_key_id="...",
          secret_access_key="...",
          mfa_serial="...",
      )

  Then touchdown will prompt you for an MFA code before starting the
  deployment. Under the hood this uses the ``GetSessionToken`` API to
  generate temporary AWS credentials. A bit like sudo, these are cached
  so each action doesn't require a new MFA token.

- Add a ``pre_restore`` and ``post_restore`` hook to database rollbacks. This
  allows customizations to be run after initial validation but before the
  restore starts. This is great for adding application specific policy like
  emptying an ASG before the rollback.

- Add ASCII table output for price estimation.


0.0.15 (2015-06-03)
-------------------

- asg: If an ASG is connected to an ELB, consider the ELB health when
  scaling/descaling during a deployment.

- Add slack notification support.

- Add basic price estimation.


0.0.14 (2015-05-28)
-------------------

- Add support for AWS CloudWatch Logs. In this initial release you can
  pre-create your log groups and manage the log retention period::

      aws.add_log_group(
          name="application.log",
          retention=3,
      )

- Add a new tail command. This can grab events from any touchdown managed
  CloudWatch log group. For the example above you could get the last 15m of
  logs with::

      touchdown tail application.log -s 15m

  And stream all new logs to that group with::

      touchdown tail application.log -f

- Add a new rollback command. This can restore a snapshot or restore to a point
  in time for any RDS database. For example to rewind your database ``foo`` to
  an hour ago you could::

      touchdown rollback foo 1h

- Both of these commands are written to be pluggable. For example in future you
  might be able to use the same ``tail`` command against a heroku app.

- Touchdown no longer depends on click.


0.0.13 (2015-05-22)
-------------------

- Avoid a case where SSHing into an ASG can actually log into a random instance
  in the cluster. It looks like ``DescribeInstances(InstanceIds=[])`` is
  interpreted as 'any instance'.

- Make sure when bringing up an ASG for the first time it's metadata is updated
  after at least one instance becomes healthy. This avoids cases where the ASG
  looks empty to later steps of the deployment.

- When syncing a folder to S3 use application/octet-stream if unable to guess
  mimetype.


0.0.12 (2015-05-14)
-------------------

- We now use botocore at least 0.107.0. This version changed the structure of
  its metadata folders. In order to continue overriding some values we've had
  to mirror that change, which breaks support for older versions.


0.0.11 (2015-05-14)
-------------------

- The release merges the fuselage integration refactor. You no longer have to
  import bits of fuselage to use it, you can use touchdown serializers and you
  can use it against your local machine. This means you can generate a
  ``local_settings.py`` for your Django dev environment with AWS resource
  details in it!

  A simple example is just::

      from touchdown.core import serializers

      provisioner = workspace.add_fuselage_bundle(
          target=workspace.add_local(),
      )

      provisioner.add_file(
          name="/home/john/hello",
          contents=serializers.Const("HELLO!!"),
      )

  Thanks to @mitchellrj for this feature.

- Print our resource ids after resource creation. This is particularly useful
  for AMI creation and copying.

- Better SSH connection retrying when tunneling.


0.0.10 (2015-05-07)
-------------------

- The parallel resolver introduced in 0.0.7 is now enabled by default.

- We've added more validation! Bucket names are now validated with the same
  rules as the web console. You can only use storage_encrypted with a subset of
  RDS instance sizes. We know capture that before making a single AWS call.

- asg: We now wait for there to be at least one healthy instance when creating
  a new auto scaling group.

- asg: We now clean up old launch configs (you can only create a hundred, and
  with 5 server types you can hit that in 20 deployments!).

- kms: Add initial support for managing Key and Alias resources.

- ssh: Fix streaming from paramiko channels. It was racy, and this meant that
  short lived commands (such as ``whoami``) were prone to not returning all
  their stdout. This mean that our connection health checks would fail.

- ssh: When using ssh-over-ssh the inner connection might fail with
  ChannelException. Assuming that an instance might still be booting we now
  retry in this case.

- elb: Fix failure in elb teardown.

- cloudfront: If resuming a teardown touchdown will now resume waiting for
  web distributions to enter the 'deployed' state before attempting to delete
  them.

- Of interested to developers: we've switched to stricter flake8 settings. We
  are no longer inhibiting any of the default errors. Our ``max-line-length``
  is 150 and our ``max-complexity`` is 11. We will be reducing these further in
  the coming months.


0.0.9 (2015-04-22)
------------------

- s3: Add very basic support for syncing entire folders to s3.

- rds: Add point in time restore and snashot restore.

- cloudfront: By setting cname to '' you can create a alias-less distribution.
  [@mitchellrj]

- Any field can now accept a serializer. This means any field can be set
  dynamically based on other resources outputs.
  [@mitchellrj]

- We now run our tests on AppVeyor on python 2.7 (32 bit) and python 3.4
  (32 bit and 64 bit).

- elb: Now waits for Elastic Network Interfaces to go away before considering
  an elb deleted.


0.0.8 (2015-03-26)
------------------

- The s3 describe step now retrieves the location a bucket was created in.

- S3 buckets are now created with a LocationConstraint based on the account
  resource. For example::

      aws = workspace.add_aws(region='eu-central-1')
      aws.add_bucket(name='my-bucket')

  Will now create the bucket in eu-central-1, like you would expect.

- Add's support for copying images created with ``add_image`` to other regions.


0.0.7 (2015-03-23)
------------------

- Add an experimental threaded resolver for deploying infrastructure in
  parallel. If you are using the command line tool you can pass
  ``--parallel``::

    touchdown --parallel apply

  Users consuming the python API can switch from the ``Runner`` class to
  ``ThreadedRunner``.

- StreamingDistribution should now work. It's API has been simplified too. You
  can set one up with::

      aws.add_streaming_distribution(
          name="streaming.example.com",
          bucket=mybucket,
      )

  Where ``mybucket`` was previously defined with ``aws.add_bucket``.

- You can now create ``ALIAS`` records for Distribution and
  StreamingDistribution resources::

      aws.add_hosted_zone(
          name="example.com",
          records=[
              {"name": "backend",   "type": "A", "alias": my_load_balancer},
              {"name": "www",       "type": "A", "alias": my_distribution},
              {"name": "streaming", "type": "A", "alias": my_streaming_distribution},
          ],
      )

- You can now set CORS and policy for S3 buckets. You can also do simple file
  uploads with the new file resource::

      bucket = aws.add_bucket(name="my-test-bucket")
      bucket.add_file(
          name="crossdomain.xml",
          contents=open("crossdomain.xml").read(),
      )

  You can set canned ACL's on the files as well.

- You can now set the ``origin_path`` attribute of CloudFront.

- Improved python 3 support.


0.0.6 (2015-03-04)
------------------

- Fix python 3 release.


0.0.5 (2015-03-04)
------------------

- More useful/verbose console output.

- Timeouts when operations take longer than expected are handled more
  gracefully. Fixes #6.

- The dependency solver now sorts within batches, fixing #4.


0.0.4 (2015-02-26)
------------------

- Brown paper bag.


0.0.3 (2015-02-26)
------------------

- The CloudFront abstraction has been revisited to flatten and simplify the
  structure (as the actual payload for CloudFront is quite complicated). The
  docs have been updated accordingly.

- Tearing down a CloudFront distribution now correctly refreshes the ETag after
  disabling a distribution, allowing it to suceed.

- The VPN Gateway handling has been improved. They are now correctly attached
  and detached from a VPC when creating and destroying them.


0.0.2 (2015-02-18)
------------------

- Basic support for Amazon SQS.

- Basic support for Amazon SNS.

- Basic support for Amazon CloudFront Streaming Distributions.

- Pipeline sbould now be able to create one.

- Strings fields are now validated against their annotations:

    * `min` enforces a minimum length for a value
    * `max` enforces a maximum length for a value
    * `choices` enforces that the value is one of a pre-determined list
    * `regex` enforces that the value matches a guard expression

- More types now have proper ``signature`` annotations for their ``Apply``
  policy. For example, you will now be warned at plan time if a
  SecurityGroup doesn't have the required ``description`` field (#10).
