aws-insight 0.14.0

data/lib/terraforming/resource/route_table_association.rb

@@ -0,0 +1,59 @@
+module Terraforming
+  module Resource
+    class RouteTableAssociation
+      include Terraforming::Util
+
+      def self.tf(client: Aws::EC2::Client.new)
+        self.new(client).tf
+      end
+
+      def self.tfstate(client: Aws::EC2::Client.new)
+        self.new(client).tfstate
+      end
+
+      def initialize(client)
+        @client = client
+      end
+
+      def tf
+        apply_template(@client, "tf/route_table_association")
+      end
+
+      def tfstate
+        resources = {}
+        route_tables.each do |route_table|
+          associations_of(route_table).each do |assoc|
+            attributes = {
+              "id" => assoc.route_table_association_id,
+              "route_table_id" => assoc.route_table_id,
+              "subnet_id" => assoc.subnet_id,
+            }
+
+            resources["aws_route_table_association.#{module_name_of(route_table, assoc)}"] = {
+              "type" => "aws_route_table_association",
+              "primary" => {
+                "id" => assoc.route_table_association_id,
+                "attributes" => attributes
+              }
+            }
+          end
+        end
+        resources
+      end
+
+      private
+
+      def associations_of(route_table)
+        route_table.associations.reject { |association| association.subnet_id.nil? }
+      end
+
+      def module_name_of(route_table, assoc)
+        normalize_module_name(name_from_tag(route_table, route_table.route_table_id) + '-' + assoc.route_table_association_id)
+      end
+
+      def route_tables
+        @client.describe_route_tables.map(&:route_tables).flatten
+      end
+    end
+  end
+end

data/lib/terraforming/resource/s3.rb

@@ -0,0 +1,69 @@
+module Terraforming
+  module Resource
+    class S3
+      include Terraforming::Util
+
+      def self.tf(client: Aws::S3::Client.new)
+        self.new(client).tf
+      end
+
+      def self.tfstate(client: Aws::S3::Client.new)
+        self.new(client).tfstate
+      end
+
+      def initialize(client)
+        @client = client
+      end
+
+      def tf
+        apply_template(@client, "tf/s3")
+      end
+
+      def tfstate
+        buckets.inject({}) do |resources, bucket|
+          bucket_policy = bucket_policy_of(bucket)
+          resources["aws_s3_bucket.#{module_name_of(bucket)}"] = {
+            "type" => "aws_s3_bucket",
+            "primary" => {
+              "id" => bucket.name,
+              "attributes" => {
+                "acl" => "private",
+                "bucket" => bucket.name,
+                "force_destroy" => "false",
+                "id" => bucket.name,
+                "policy" => bucket_policy ? bucket_policy.policy.read : "",
+              }
+            }
+          }
+
+          resources
+        end
+      end
+
+      private
+
+      def bucket_location_of(bucket)
+        @client.get_bucket_location(bucket: bucket.name).location_constraint
+      end
+
+      def bucket_policy_of(bucket)
+        @client.get_bucket_policy(bucket: bucket.name)
+      rescue Aws::S3::Errors::NoSuchBucketPolicy
+        nil
+      end
+
+      def buckets
+        @client.list_buckets.map(&:buckets).flatten.select { |bucket| same_region?(bucket) }
+      end
+
+      def module_name_of(bucket)
+        normalize_module_name(bucket.name)
+      end
+
+      def same_region?(bucket)
+        bucket_location = bucket_location_of(bucket)
+        (bucket_location == @client.config.region) || (bucket_location == "" && @client.config.region == "us-east-1")
+      end
+    end
+  end
+end

data/lib/terraforming/resource/security_group.rb

@@ -0,0 +1,188 @@
+module Terraforming
+  module Resource
+    class SecurityGroup
+      include Terraforming::Util
+
+      def self.tf(client: Aws::EC2::Client.new)
+        self.new(client).tf
+      end
+
+      def self.tfstate(client: Aws::EC2::Client.new)
+        self.new(client).tfstate
+      end
+
+      def initialize(client)
+        @client = client
+      end
+
+      def tf
+        apply_template(@client, "tf/security_group")
+      end
+
+      def tfstate
+        security_groups.inject({}) do |resources, security_group|
+          attributes = {
+            "description" => security_group.description,
+            "id" => security_group.group_id,
+            "name" => security_group.group_name,
+            "owner_id" => security_group.owner_id,
+            "vpc_id" => security_group.vpc_id || "",
+          }
+
+          attributes.merge!(tags_attributes_of(security_group))
+          attributes.merge!(egress_attributes_of(security_group))
+          attributes.merge!(ingress_attributes_of(security_group))
+
+          resources["aws_security_group.#{module_name_of(security_group)}"] = {
+            "type" => "aws_security_group",
+            "primary" => {
+              "id" => security_group.group_id,
+              "attributes" => attributes
+            }
+          }
+
+          resources
+        end
+      end
+
+      private
+
+      def ingress_attributes_of(security_group)
+        ingresses = dedup_permissions(security_group.ip_permissions, security_group.group_id)
+        attributes = { "ingress.#" => ingresses.length.to_s }
+
+        ingresses.each do |permission|
+          attributes.merge!(permission_attributes_of(security_group, permission, "ingress"))
+        end
+
+        attributes
+      end
+
+      def egress_attributes_of(security_group)
+        egresses = dedup_permissions(security_group.ip_permissions_egress, security_group.group_id)
+        attributes = { "egress.#" => egresses.length.to_s }
+
+        egresses.each do |permission|
+          attributes.merge!(permission_attributes_of(security_group, permission, "egress"))
+        end
+
+        attributes
+      end
+
+      def group_hashcode_of(group)
+        Zlib.crc32(group)
+      end
+
+      def module_name_of(security_group)
+        if security_group.vpc_id.nil?
+          normalize_module_name(security_group.group_name.to_s)
+        else
+          normalize_module_name("#{security_group.vpc_id}-#{security_group.group_name}")
+        end
+      end
+
+      def permission_attributes_of(security_group, permission, type)
+        hashcode = permission_hashcode_of(security_group, permission)
+        security_groups = security_groups_in(permission, security_group).reject do |identifier|
+          [security_group.group_name, security_group.group_id].include?(identifier)
+        end
+
+        attributes = {
+          "#{type}.#{hashcode}.from_port" => (permission.from_port || 0).to_s,
+          "#{type}.#{hashcode}.to_port" => (permission.to_port || 0).to_s,
+          "#{type}.#{hashcode}.protocol" => permission.ip_protocol,
+          "#{type}.#{hashcode}.cidr_blocks.#" => permission.ip_ranges.length.to_s,
+          "#{type}.#{hashcode}.prefix_list_ids.#" => permission.prefix_list_ids.length.to_s,
+          "#{type}.#{hashcode}.security_groups.#" => security_groups.length.to_s,
+          "#{type}.#{hashcode}.self" => self_referenced_permission?(security_group, permission).to_s,
+        }
+
+        permission.ip_ranges.each_with_index do |range, index|
+          attributes["#{type}.#{hashcode}.cidr_blocks.#{index}"] = range.cidr_ip
+        end
+
+        permission.prefix_list_ids.each_with_index do |prefix_list, index|
+          attributes["#{type}.#{hashcode}.prefix_list_ids.#{index}"] = prefix_list.prefix_list_id
+        end
+
+        security_groups.each do |group|
+          attributes["#{type}.#{hashcode}.security_groups.#{group_hashcode_of(group)}"] = group
+        end
+
+        attributes
+      end
+
+      def dedup_permissions(permissions, group_id)
+        group_permissions(permissions).inject([]) do |result, (_, perms)|
+          group_ids = perms.map(&:user_id_group_pairs).flatten.map(&:group_id)
+
+          if group_ids.length == 1 && group_ids.first == group_id
+            result << merge_permissions(perms)
+          else
+            result.concat(perms)
+          end
+
+          result
+        end
+      end
+
+      def group_permissions(permissions)
+        permissions.group_by { |permission| [permission.ip_protocol, permission.to_port, permission.from_port] }
+      end
+
+      def merge_permissions(permissions)
+        master_permission = permissions.pop
+
+        permissions.each do |permission|
+          master_permission.user_id_group_pairs.concat(permission.user_id_group_pairs)
+          master_permission.ip_ranges.concat(permission.ip_ranges)
+        end
+
+        master_permission
+      end
+
+      def permission_hashcode_of(security_group, permission)
+        string =
+          "#{permission.from_port || 0}-" <<
+          "#{permission.to_port || 0}-" <<
+          "#{permission.ip_protocol}-" <<
+          "#{self_referenced_permission?(security_group, permission)}-"
+
+        permission.ip_ranges.each { |range| string << "#{range.cidr_ip}-" }
+        security_groups_in(permission, security_group).each { |group| string << "#{group}-" }
+
+        Zlib.crc32(string)
+      end
+
+      def self_referenced_permission?(security_group, permission)
+        (security_groups_in(permission, security_group) & [security_group.group_id, security_group.group_name]).any?
+      end
+
+      def security_groups
+        @client.describe_security_groups.map(&:security_groups).flatten
+      end
+
+      def security_groups_in(permission, security_group)
+        permission.user_id_group_pairs.map do |range|
+          # EC2-Classic, same account
+          if security_group.owner_id == range.user_id && !range.group_name.nil?
+            range.group_name
+          # VPC
+          elsif security_group.owner_id == range.user_id && range.group_name.nil?
+            range.group_id
+          # EC2-Classic, other account
+          else
+            "#{range.user_id}/#{range.group_name}"
+          end
+        end
+      end
+
+      def tags_attributes_of(security_group)
+        tags = security_group.tags
+        attributes = { "tags.#" => tags.length.to_s }
+        tags.each { |tag| attributes["tags.#{tag.key}"] = tag.value }
+        attributes
+      end
+    end
+  end
+end

data/lib/terraforming/resource/sns_topic.rb

@@ -0,0 +1,75 @@
+module Terraforming
+  module Resource
+    class SNSTopic
+      include Terraforming::Util
+
+      def self.tf(client: Aws::SNS::Client.new)
+        self.new(client).tf
+      end
+
+      def self.tfstate(client: Aws::SNS::Client.new)
+        self.new(client).tfstate
+      end
+
+      def initialize(client)
+        @client = client
+      end
+
+      def tf
+        apply_template(@client, "tf/sns_topic")
+      end
+
+      def tfstate
+        topics.inject({}) do |resources, topic|
+          attributes = {
+            "name"            => module_name_of(topic),
+            "id"              => topic["TopicArn"],
+            "arn"             => topic["TopicArn"],
+            "display_name"    => topic["DisplayName"],
+            "policy"          => topic.key?("Policy") ? topic["Policy"] : "",
+            "delivery_policy" => topic.key?("DeliveryPolicy") ? topic["DeliveryPolicy"] : ""
+          }
+          resources["aws_sns_topic.#{module_name_of(topic)}"] = {
+            "type" => "aws_sns_topic",
+            "primary" => {
+              "id"         => topic["TopicArn"],
+              "attributes" => attributes
+            }
+          }
+
+          resources
+        end
+      end
+
+      private
+
+      def topics
+        topic_arns.map do |topic_arn|
+          attributes = @client.get_topic_attributes({
+            topic_arn: topic_arn,
+          }).attributes
+          attributes["TopicArn"] = topic_arn
+          attributes
+        end
+      end
+
+      def topic_arns
+        token = ""
+        arns = []
+
+        loop do
+          resp = @client.list_topics(next_token: token)
+          arns += resp.topics.map(&:topic_arn).flatten
+          token = resp.next_token
+          break if token.nil?
+        end
+
+        arns
+      end
+
+      def module_name_of(topic)
+        normalize_module_name(topic["TopicArn"].split(":").last)
+      end
+    end
+  end
+end

data/lib/terraforming/resource/sns_topic_subscription.rb

@@ -0,0 +1,83 @@
+module Terraforming
+  module Resource
+    class SNSTopicSubscription
+      include Terraforming::Util
+
+      def self.tf(client: Aws::SNS::Client.new)
+        self.new(client).tf
+      end
+
+      def self.tfstate(client: Aws::SNS::Client.new)
+        self.new(client).tfstate
+      end
+
+      def initialize(client)
+        @client = client
+      end
+
+      def tf
+        apply_template(@client, "tf/sns_topic_subscription")
+      end
+
+      def tfstate
+        subscriptions.reject { |x| x["Protocol"].include?("email") }
+                     .inject({}) do |resources, subscription|
+          attributes = {
+            "id"                              => subscription["SubscriptionArn"],
+            "topic_arn"                       => subscription["TopicArn"],
+            "protocol"                        => subscription["Protocol"],
+            "endpoint"                        => subscription["Endpoint"],
+            "raw_message_delivery"            =>
+              subscription.key?("RawMessageDelivery") ? subscription["RawMessageDelivery"] : "false",
+            "confirmation_timeout_in_minutes" =>
+              subscription.key?("ConfirmationTimeoutInMinutes") ? subscription["ConfirmationTimeoutInMinutes"] : "1",
+            "endpoint_auto_confirms"          =>
+              subscription.key?("EndpointAutoConfirms") ? subscription["EndpointAutoConfirms"] : "false"
+          }
+          resources["aws_sns_topic_subscription.#{module_name_of(subscription)}"] = {
+            "type" => "aws_sns_topic_subscription",
+            "primary" => {
+              "id"         => subscription["SubscriptionArn"],
+              "attributes" => attributes
+            }
+          }
+
+          resources
+        end
+      end
+
+      private
+
+      def subscriptions
+        subscription_arns.map do |subscription_arn|
+          # check explicitly for an issue with some subscriptions that returns ARN=PendingConfirmation
+          next if subscription_arn == "PendingConfirmation"
+
+          attributes = @client.get_subscription_attributes({
+            subscription_arn: subscription_arn,
+          }).attributes
+          attributes["SubscriptionArn"] = subscription_arn
+          attributes
+        end.compact
+      end
+
+      def subscription_arns
+        token = ""
+        arns = []
+
+        loop do
+          resp = @client.list_subscriptions(next_token: token)
+          arns += resp.subscriptions.map(&:subscription_arn).flatten
+          token = resp.next_token
+          break if token.nil?
+        end
+
+        arns
+      end
+
+      def module_name_of(subscription)
+        normalize_module_name(subscription["SubscriptionArn"].split(":").last)
+      end
+    end
+  end
+end