cfndsl 0.4.4 → 0.5.0.pre
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -13
- data/.rubocop.yml +23 -0
- data/Gemfile +4 -0
- data/Rakefile +19 -17
- data/bin/cfndsl +20 -20
- data/cfndsl.gemspec +16 -15
- data/lib/cfndsl.rb +62 -68
- data/lib/cfndsl/aws/cloud_formation_template.rb +16 -0
- data/lib/cfndsl/aws/types.rb +12 -0
- data/lib/cfndsl/{aws_types.yaml → aws/types.yaml} +0 -0
- data/lib/cfndsl/{Conditions.rb → conditions.rb} +5 -7
- data/lib/cfndsl/creation_policy.rb +21 -0
- data/lib/cfndsl/errors.rb +29 -0
- data/lib/cfndsl/generate_types.rb +154 -0
- data/lib/cfndsl/jsonable.rb +214 -0
- data/lib/cfndsl/mappings.rb +23 -0
- data/lib/cfndsl/metadata.rb +16 -0
- data/lib/cfndsl/module.rb +52 -51
- data/lib/cfndsl/names.rb +5 -5
- data/lib/cfndsl/orchestration_template.rb +173 -0
- data/lib/cfndsl/os/heat_template.rb +16 -0
- data/lib/cfndsl/os/types.rb +12 -0
- data/lib/cfndsl/{os_types.yaml → os/types.yaml} +11 -11
- data/lib/cfndsl/{Outputs.rb → outputs.rb} +3 -4
- data/lib/cfndsl/{Parameters.rb → parameters.rb} +12 -13
- data/lib/cfndsl/plurals.rb +34 -0
- data/lib/cfndsl/properties.rb +21 -0
- data/lib/cfndsl/rake_task.rb +9 -7
- data/lib/cfndsl/ref_check.rb +44 -0
- data/lib/cfndsl/{Resources.rb → resources.rb} +13 -15
- data/lib/cfndsl/types.rb +151 -0
- data/lib/cfndsl/update_policy.rb +25 -0
- data/lib/cfndsl/version.rb +1 -1
- data/sample/autoscale.rb +152 -158
- data/sample/autoscale2.rb +151 -155
- data/sample/circular.rb +30 -33
- data/sample/codedeploy.rb +35 -36
- data/sample/config_service.rb +120 -0
- data/sample/ecs.rb +39 -39
- data/sample/iam_policies.rb +82 -0
- data/sample/lambda.rb +20 -24
- data/sample/s3.rb +11 -11
- data/sample/t1.rb +7 -9
- data/sample/vpc_example.rb +50 -0
- data/sample/vpc_with_vpn_example.rb +97 -0
- data/spec/cfndsl_spec.rb +22 -11
- data/spec/fixtures/heattest.rb +13 -14
- data/spec/fixtures/test.rb +56 -53
- metadata +36 -30
- data/lib/cfndsl/CloudFormationTemplate.rb +0 -267
- data/lib/cfndsl/CreationPolicy.rb +0 -25
- data/lib/cfndsl/Errors.rb +0 -31
- data/lib/cfndsl/JSONable.rb +0 -235
- data/lib/cfndsl/Mappings.rb +0 -25
- data/lib/cfndsl/Metadata.rb +0 -22
- data/lib/cfndsl/Plurals.rb +0 -35
- data/lib/cfndsl/Properties.rb +0 -25
- data/lib/cfndsl/RefCheck.rb +0 -48
- data/lib/cfndsl/Types.rb +0 -309
- data/lib/cfndsl/UpdatePolicy.rb +0 -29
- data/sample/config-service.rb +0 -119
- data/sample/iam-policies.rb +0 -82
- data/sample/vpc-example.rb +0 -51
- data/sample/vpc-with-vpn-example.rb +0 -97
data/lib/cfndsl/UpdatePolicy.rb
DELETED
@@ -1,29 +0,0 @@
|
|
1
|
-
require 'cfndsl/JSONable'
|
2
|
-
|
3
|
-
module CfnDsl
|
4
|
-
class UpdatePolicyDefinition < JSONable
|
5
|
-
##
|
6
|
-
# Handles autoscaling group update policy objects for Resources
|
7
|
-
#
|
8
|
-
# Usage
|
9
|
-
# Resource("aaa") {
|
10
|
-
# UpdatePolicy("AutoScalingRollingUpdate", {
|
11
|
-
# "MinInstancesInService" => "1",
|
12
|
-
# "MaxBatchSize" => "1",
|
13
|
-
# "PauseTime" => "PT12M5S"
|
14
|
-
# })
|
15
|
-
# }
|
16
|
-
#
|
17
|
-
def initialize(value)
|
18
|
-
@value = value;
|
19
|
-
end
|
20
|
-
|
21
|
-
def value
|
22
|
-
return @value
|
23
|
-
end
|
24
|
-
|
25
|
-
def to_json(*a)
|
26
|
-
@value.to_json(*a)
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
data/sample/config-service.rb
DELETED
@@ -1,119 +0,0 @@
|
|
1
|
-
CloudFormation {
|
2
|
-
AWSTemplateFormatVersion "2010-09-09"
|
3
|
-
|
4
|
-
Description "Creates SNS, SQS, S3 bucket and enables AWS Config."
|
5
|
-
|
6
|
-
Queue("ConfigServiceQueue") {
|
7
|
-
QueueName "ConfigServiceQueue"
|
8
|
-
}
|
9
|
-
|
10
|
-
Bucket("ConfigServiceBucket") {
|
11
|
-
}
|
12
|
-
|
13
|
-
Policy("ConfigServiceS3BucketAccessPolicy") {
|
14
|
-
PolicyName "ConfigServiceS3BucketAccessPolicy"
|
15
|
-
PolicyDocument({
|
16
|
-
"Version" => "2012-10-17",
|
17
|
-
"Statement" =>
|
18
|
-
[
|
19
|
-
{
|
20
|
-
"Effect" => "Allow",
|
21
|
-
"Action" => ["s3:PutObject"],
|
22
|
-
"Resource" => FnJoin("", ["arn:aws:s3:::", Ref("ConfigServiceBucket"), "/AWSLogs/" , Ref("AWS::AccountId") , "/*"]),
|
23
|
-
"Condition" =>
|
24
|
-
{
|
25
|
-
"StringLike" =>
|
26
|
-
{
|
27
|
-
"s3:x-amz-acl" => "bucket-owner-full-control"
|
28
|
-
}
|
29
|
-
}
|
30
|
-
},
|
31
|
-
{
|
32
|
-
"Effect" => "Allow",
|
33
|
-
"Action" => ["s3:GetBucketAcl"],
|
34
|
-
"Resource" => FnJoin("", ["arn:aws:s3:::", Ref("ConfigServiceBucket")])
|
35
|
-
}
|
36
|
-
]
|
37
|
-
})
|
38
|
-
Role Ref("ConfigServiceIAMRole")
|
39
|
-
}
|
40
|
-
|
41
|
-
Role("ConfigServiceIAMRole") {
|
42
|
-
AssumeRolePolicyDocument({
|
43
|
-
"Version" => "2012-10-17",
|
44
|
-
"Statement" => [
|
45
|
-
{
|
46
|
-
"Effect" => "Allow",
|
47
|
-
"Principal" => {
|
48
|
-
"Service" => "config.amazonaws.com"
|
49
|
-
},
|
50
|
-
"Action" => "sts:AssumeRole"
|
51
|
-
}
|
52
|
-
]
|
53
|
-
})
|
54
|
-
ManagedPolicyArns([
|
55
|
-
"arn:aws:iam::aws:policy/service-role/AWSConfigRole"
|
56
|
-
])
|
57
|
-
}
|
58
|
-
|
59
|
-
Topic("ConfigServiceTopic") {
|
60
|
-
DisplayName "ConfigSvc"
|
61
|
-
Subscription [{
|
62
|
-
"Endpoint" => FnGetAtt("ConfigServiceQueue", "Arn"),
|
63
|
-
"Protocol" => "sqs"
|
64
|
-
}]
|
65
|
-
}
|
66
|
-
|
67
|
-
Policy("ConfigServiceSNSTopicAccessPolicy") {
|
68
|
-
PolicyName "ConfigServiceSNSTopicAccessPolicy"
|
69
|
-
PolicyDocument({
|
70
|
-
"Version" => "2012-10-17",
|
71
|
-
"Statement" =>
|
72
|
-
[
|
73
|
-
{
|
74
|
-
"Effect" => "Allow",
|
75
|
-
"Action" => "sns:Publish",
|
76
|
-
"Resource" => Ref("ConfigServiceTopic")
|
77
|
-
}
|
78
|
-
]
|
79
|
-
})
|
80
|
-
Role Ref("ConfigServiceIAMRole")
|
81
|
-
}
|
82
|
-
|
83
|
-
QueuePolicy("ConfigServiceQueuePolicy") {
|
84
|
-
PolicyDocument({
|
85
|
-
"Version" => "2012-10-17",
|
86
|
-
"Statement" => [
|
87
|
-
{
|
88
|
-
"Sid" => "Allow-SendMessage-To-ConfigService-Queue-From-SNS-Topic",
|
89
|
-
"Effect" => "Allow",
|
90
|
-
"Principal" => "*",
|
91
|
-
"Action" => ["sqs:SendMessage"],
|
92
|
-
"Resource" => "*",
|
93
|
-
"Condition" => {
|
94
|
-
"ArnEquals" => {
|
95
|
-
"aws:SourceArn" => Ref("ConfigServiceTopic")
|
96
|
-
}
|
97
|
-
}
|
98
|
-
}
|
99
|
-
]
|
100
|
-
})
|
101
|
-
Queues [ Ref("ConfigServiceQueue") ]
|
102
|
-
}
|
103
|
-
|
104
|
-
DeliveryChannel("ConfigDeliveryChannel") {
|
105
|
-
ConfigSnapshotDeliveryProperties({
|
106
|
-
"DeliveryFrequency" => "Six_Hours"
|
107
|
-
})
|
108
|
-
S3BucketName Ref("ConfigServiceBucket")
|
109
|
-
SnsTopicARN Ref("ConfigServiceTopic")
|
110
|
-
}
|
111
|
-
|
112
|
-
ConfigurationRecorder("ConfigRecorder") {
|
113
|
-
Name "DefaultRecorder"
|
114
|
-
RecordingGroup({
|
115
|
-
"AllSupported" => true
|
116
|
-
})
|
117
|
-
RoleARN FnGetAtt("ConfigServiceIAMRole", "Arn")
|
118
|
-
}
|
119
|
-
}
|
data/sample/iam-policies.rb
DELETED
@@ -1,82 +0,0 @@
|
|
1
|
-
CloudFormation {
|
2
|
-
AWSTemplateFormatVersion "2010-09-09"
|
3
|
-
|
4
|
-
Description "Creates sample IAM policies"
|
5
|
-
|
6
|
-
ManagedPolicy("AllowUserManagePasswordAccessKeys") {
|
7
|
-
Description "Allows user to manage passwords and access keys"
|
8
|
-
PolicyDocument({
|
9
|
-
"Version" => "2012-10-17",
|
10
|
-
"Statement" => [
|
11
|
-
{
|
12
|
-
"Effect" => "Allow",
|
13
|
-
"Action" => [
|
14
|
-
"iam:*LoginProfile",
|
15
|
-
"iam:*AccessKey*",
|
16
|
-
"iam:*SSHPublicKey*"
|
17
|
-
],
|
18
|
-
"Resource" => FnJoin("", ["arn:aws:iam::", Ref("AWS::AccountId"), ":user/${aws:username}"])
|
19
|
-
}
|
20
|
-
]
|
21
|
-
})
|
22
|
-
}
|
23
|
-
|
24
|
-
ManagedPolicy("AllowUserManageVirtualMFA") {
|
25
|
-
Description "Allows user to manage their virtual MFA device"
|
26
|
-
PolicyDocument({
|
27
|
-
"Version" => "2012-10-17",
|
28
|
-
"Statement" => [
|
29
|
-
{
|
30
|
-
"Sid" => "AllowUsersToCreateEnableResyncTheirOwnVirtualMFADevice",
|
31
|
-
"Effect" => "Allow",
|
32
|
-
"Action" => [
|
33
|
-
"iam:CreateVirtualMFADevice",
|
34
|
-
"iam:EnableMFADevice",
|
35
|
-
"iam:ResyncMFADevice"
|
36
|
-
],
|
37
|
-
"Resource" => [
|
38
|
-
FnJoin("", ["arn:aws:iam::", Ref("AWS::AccountId"), ":mfa/${aws:username}"]),
|
39
|
-
FnJoin("", ["arn:aws:iam::", Ref("AWS::AccountId"), ":user/${aws:username}"])
|
40
|
-
]
|
41
|
-
},
|
42
|
-
{
|
43
|
-
"Sid" => "AllowUsersToDeactivateDeleteTheirOwnVirtualMFADevice",
|
44
|
-
"Effect" => "Allow",
|
45
|
-
"Action" => [
|
46
|
-
"iam:DeactivateMFADevice",
|
47
|
-
"iam:DeleteVirtualMFADevice"
|
48
|
-
],
|
49
|
-
"Resource" => [
|
50
|
-
FnJoin("", ["arn:aws:iam::", Ref("AWS::AccountId"), ":mfa/${aws:username}"]),
|
51
|
-
FnJoin("", ["arn:aws:iam::", Ref("AWS::AccountId"), ":user/${aws:username}"])
|
52
|
-
],
|
53
|
-
"Condition" => {
|
54
|
-
"Bool" => {
|
55
|
-
"aws:MultiFactorAuthPresent" => true
|
56
|
-
}
|
57
|
-
}
|
58
|
-
},
|
59
|
-
{
|
60
|
-
"Sid" => "AllowUsersToListMFADevicesandUsersForConsole",
|
61
|
-
"Effect" => "Allow",
|
62
|
-
"Action" => [
|
63
|
-
"iam:ListMFADevices",
|
64
|
-
"iam:ListVirtualMFADevices",
|
65
|
-
"iam:ListUsers"
|
66
|
-
],
|
67
|
-
"Resource" => "*"
|
68
|
-
}
|
69
|
-
]
|
70
|
-
})
|
71
|
-
}
|
72
|
-
|
73
|
-
Output("AllowUserManagePasswordAccessKeysPolicyArn") {
|
74
|
-
Description "The ARN of the AllowUserManagePasswordAccessKeys IAM policy"
|
75
|
-
Value Ref("AllowUserManagePasswordAccessKeys")
|
76
|
-
}
|
77
|
-
|
78
|
-
Output("AllowUserManageVirtualMFAPolicyArn") {
|
79
|
-
Description "The ARN of the AllowUserManageVirtualMFA IAM policy"
|
80
|
-
Value Ref("AllowUserManageVirtualMFA")
|
81
|
-
}
|
82
|
-
}
|
data/sample/vpc-example.rb
DELETED
@@ -1,51 +0,0 @@
|
|
1
|
-
require 'cfndsl'
|
2
|
-
|
3
|
-
CloudFormation {
|
4
|
-
Description "Creates an AWS VPC with a couple of subnets."
|
5
|
-
|
6
|
-
VPC(:VPC) {
|
7
|
-
EnableDnsSupport true
|
8
|
-
EnableDnsHostnames true
|
9
|
-
CidrBlock "10.1.0.0/16"
|
10
|
-
addTag("Name", "Test VPC")
|
11
|
-
}
|
12
|
-
|
13
|
-
InternetGateway(:InternetGateway) {
|
14
|
-
addTag("Name", "Test VPC Gateway")
|
15
|
-
}
|
16
|
-
|
17
|
-
VPCGatewayAttachment(:GatewayToInternet) {
|
18
|
-
VpcId Ref(:VPC)
|
19
|
-
InternetGatewayId Ref(:InternetGateway)
|
20
|
-
}
|
21
|
-
|
22
|
-
10.times do |i|
|
23
|
-
subnet = "subnet#{i}"
|
24
|
-
route_table = subnet + "RouteTable"
|
25
|
-
route_table_assoc = route_table + "Assoc"
|
26
|
-
|
27
|
-
Subnet(subnet) {
|
28
|
-
VpcId Ref(:VPC)
|
29
|
-
CidrBlock "10.1.#{i}.0/24"
|
30
|
-
addTag("Name", "test vpc #{subnet}")
|
31
|
-
}
|
32
|
-
|
33
|
-
RouteTable(route_table) {
|
34
|
-
VpcId Ref(:VPC)
|
35
|
-
addTag("Name", route_table)
|
36
|
-
}
|
37
|
-
|
38
|
-
SubnetRouteTableAssociation(route_table_assoc) {
|
39
|
-
SubnetId Ref(subnet)
|
40
|
-
RouteTableId Ref(route_table)
|
41
|
-
}
|
42
|
-
|
43
|
-
Route(subnet + "GatewayRoute" ) {
|
44
|
-
DependsOn :GatewayToInternet
|
45
|
-
RouteTableId Ref(route_table)
|
46
|
-
DestinationCidrBlock "0.0.0.0/0"
|
47
|
-
GatewayId Ref(:InternetGateway)
|
48
|
-
}
|
49
|
-
end
|
50
|
-
|
51
|
-
}
|
@@ -1,97 +0,0 @@
|
|
1
|
-
require 'cfndsl'
|
2
|
-
|
3
|
-
CloudFormation {
|
4
|
-
Description "Creates an AWS VPC with a couple of subnets."
|
5
|
-
|
6
|
-
Parameter("VPNAddress") {
|
7
|
-
Type "String"
|
8
|
-
Description "IP Address range for your existing infrastructure"
|
9
|
-
MinLength "9"
|
10
|
-
MaxLength "18"
|
11
|
-
AllowedPattern "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
|
12
|
-
ConstraintDescription "must be a valid IP CIDR range of the form x.x.x.x/x."
|
13
|
-
}
|
14
|
-
|
15
|
-
Parameter("RouterIPAddress") {
|
16
|
-
Type "String"
|
17
|
-
Description "IP Address of your VPN device"
|
18
|
-
MinLength "7"
|
19
|
-
MaxLength "15"
|
20
|
-
AllowedPattern "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})"
|
21
|
-
ConstraintDescription "must be a valid IP address of the form x.x.x.x"
|
22
|
-
}
|
23
|
-
|
24
|
-
VPC(:VPC) {
|
25
|
-
EnableDnsSupport true
|
26
|
-
EnableDnsHostnames true
|
27
|
-
CidrBlock "10.1.0.0/16"
|
28
|
-
addTag("Name", "Test VPC")
|
29
|
-
}
|
30
|
-
|
31
|
-
InternetGateway(:InternetGateway) {
|
32
|
-
addTag("Name", "Test VPC Gateway")
|
33
|
-
}
|
34
|
-
|
35
|
-
VPCGatewayAttachment(:GatewayToInternet) {
|
36
|
-
VpcId Ref(:VPC)
|
37
|
-
InternetGatewayId Ref(:InternetGateway)
|
38
|
-
}
|
39
|
-
|
40
|
-
10.times do |i|
|
41
|
-
subnet = "subnet#{i}"
|
42
|
-
route_table = subnet + "RouteTable"
|
43
|
-
route_table_assoc = route_table + "Assoc"
|
44
|
-
|
45
|
-
Subnet(subnet) {
|
46
|
-
VpcId Ref(:VPC)
|
47
|
-
CidrBlock "10.1.#{i}.0/24"
|
48
|
-
addTag("Name", "test vpc #{subnet}")
|
49
|
-
}
|
50
|
-
|
51
|
-
RouteTable(route_table) {
|
52
|
-
VpcId Ref(:VPC)
|
53
|
-
addTag("Name", route_table)
|
54
|
-
}
|
55
|
-
|
56
|
-
SubnetRouteTableAssociation(route_table_assoc) {
|
57
|
-
SubnetId Ref(subnet)
|
58
|
-
RouteTableId Ref(route_table)
|
59
|
-
}
|
60
|
-
|
61
|
-
Route(subnet + "GatewayRoute" ) {
|
62
|
-
DependsOn :GatewayToInternet
|
63
|
-
RouteTableId Ref(route_table)
|
64
|
-
DestinationCidrBlock "0.0.0.0/0"
|
65
|
-
GatewayId Ref(:InternetGateway)
|
66
|
-
}
|
67
|
-
end
|
68
|
-
|
69
|
-
VPNGateway(:VirtualPrivateNetworkGateway) {
|
70
|
-
Type "ipsec.1"
|
71
|
-
addTag("Name", "Test VPN Gateway")
|
72
|
-
}
|
73
|
-
|
74
|
-
VPCGatewayAttachment(:VPNGatewayAttachment) {
|
75
|
-
VpcId Ref(:VPC)
|
76
|
-
VpnGatewayId Ref(:VirtualPrivateNetworkGateway)
|
77
|
-
}
|
78
|
-
|
79
|
-
CustomerGateway(:CustomerVPNGateway) {
|
80
|
-
Type "ipsec.1"
|
81
|
-
BgpAsn "65000"
|
82
|
-
IpAddress Ref("RouterIPAddress")
|
83
|
-
addTag("Name", "Test Customer VPN Gateway")
|
84
|
-
}
|
85
|
-
|
86
|
-
VPNConnection(:VPNConnection) {
|
87
|
-
Type "ipsec.1"
|
88
|
-
StaticRoutesOnly "true"
|
89
|
-
CustomerGatewayId Ref(:CustomerVPNGateway)
|
90
|
-
VpnGatewayId Ref(:VirtualPrivateNetworkGateway)
|
91
|
-
}
|
92
|
-
|
93
|
-
VPNConnectionRoute(:VPNConnectionRoute) {
|
94
|
-
VpnConnectionId Ref(:VPNConnection)
|
95
|
-
DestinationCidrBlock Ref("VPNAddress")
|
96
|
-
}
|
97
|
-
}
|