chemtrail 0.3.1 → 0.4.0

data/examples/lib/templates/opsworks_vpc/public_network.rb

@@ -0,0 +1,79 @@
+require_relative "public_network_acl"
+
+module OpsworksVpc
+  class PublicNetwork
+    attr_reader :vpc, :subnet_config
+
+    def initialize(vpc, subnet_config)
+      @vpc = vpc
+      @subnet_config = subnet_config
+    end
+
+    def resources
+      [
+        subnet,
+        internet_gateway,
+        gateway_to_internet,
+        route_table,
+        route,
+        route_table_association
+      ] + network_acl.resources
+    end
+
+    def subnet
+      @subnet ||= Chemtrail::Resource.new("PublicSubnet", "AWS::EC2::Subnet", resources_config["PublicSubnet"]).tap do |config|
+        config.properties["VpcId"] = vpc
+        config.properties["CidrBlock"] = subnet_config.find("Public", "CIDR")
+        config.properties["Tags"] << stack_name.as_tag("Application")
+      end
+    end
+
+    def internet_gateway
+      @internet_gateway ||= Chemtrail::Resource.new("InternetGateway", "AWS::EC2::InternetGateway", resources_config["InternetGateway"]).tap do |config|
+        config.properties["Tags"] << stack_name.as_tag("Application")
+      end
+    end
+
+    def gateway_to_internet
+      @gateway_to_internet ||= Chemtrail::Resource.new("GatewayToInternet", "AWS::EC2::VPCGatewayAttachment", resources_config["GatewayToInternet"]).tap do |config|
+        config.properties["VpcId"] = vpc
+        config.properties["InternetGatewayId"] = internet_gateway
+      end
+    end
+
+    def route_table
+      @route_table ||= Chemtrail::Resource.new("PublicRouteTable", "AWS::EC2::RouteTable", resources_config["PublicRouteTable"]).tap do |config|
+        config.properties["VpcId"] = vpc
+        config.properties["Tags"] << stack_name.as_tag("Application")
+      end
+    end
+
+    def route
+      @route ||= Chemtrail::Resource.new("PublicRoute", "AWS::EC2::Route", resources_config["PublicRoute"]).tap do |config|
+        config.properties["RouteTableId"] = route_table
+        config.properties["GatewayId"] = gateway_to_internet
+      end
+    end
+
+    def route_table_association
+      @route_table_association ||= Chemtrail::Resource.new("PublicSubnetRouteTableAssociation", "AWS::EC2::SubnetRouteTableAssociation", resources_config["PublicSubnetRouteTableAssociation"]).tap do |config|
+        config.properties["RouteTableId"] = route_table
+        config.properties["SubnetId"] = subnet
+      end
+    end
+
+    def network_acl
+      @network_acl ||= OpsworksVpc::PublicNetworkAcl.new(vpc, subnet)
+    end
+
+    protected
+
+    def stack_name
+      @stack_name ||= Chemtrail::Intrinsic.new("AWS::StackName")
+    end
+
+    def resources_config
+      @resources_config ||= YAML.load_file(File.expand_path("../../config/public_network.yml", __FILE__))
+    end
+  end
+end

data/examples/lib/templates/opsworks_vpc/public_network_acl.rb

@@ -0,0 +1,72 @@
+module OpsworksVpc
+  class PublicNetworkAcl
+    attr_reader :vpc, :subnet
+
+    def initialize(vpc, subnet)
+      @vpc = vpc
+      @subnet = subnet
+    end
+
+    def resources
+      [
+        network_acl,
+        network_acl_association,
+        http_entry,
+        https_entry,
+        ssh_entry,
+        ephemeral_entry,
+        outbound_entry
+      ]
+    end
+
+    def network_acl
+      @network_acl ||= Chemtrail::Resource.new("PublicNetworkAcl", "AWS::EC2::NetworkAcl", resources_config["PublicNetworkAcl"]).tap do |config|
+        config.properties["VpcId"] = vpc
+        config.properties["Tags"] << stack_name.as_tag("Application")
+      end
+    end
+
+    def network_acl_association
+      @network_acl_association ||= Chemtrail::Resource.new("PublicSubnetNetworkAclAssociation", "AWS::EC2::SubnetNetworkAclAssociation", resources_config["PublicSubnetNetworkAclAssociation"]).tap do |config|
+        config.properties["SubnetId"] = subnet
+        config.properties["NetworkAclId"] = network_acl
+      end
+    end
+
+    def http_entry
+      @http_entry ||= acl_entry("InboundHTTPPublicNetworkAclEntry")
+    end
+
+    def https_entry
+      @https_entry ||= acl_entry("InboundHTTPSPublicNetworkAclEntry")
+    end
+
+    def ssh_entry
+      @ssh_entry ||= acl_entry("InboundSSHPublicNetworkAclEntry")
+    end
+
+    def ephemeral_entry
+      @ephemeral_entry ||= acl_entry("InboundEmphemeralPublicNetworkAclEntry")
+    end
+
+    def outbound_entry
+      @outbound_entry ||= acl_entry("OutboundPublicNetworkAclEntry")
+    end
+
+    protected
+
+    def acl_entry(id)
+      config = resources_config[id]
+      config.merge!("NetworkAclId" => network_acl)
+      Chemtrail::Resource.new(id, "AWS::EC2::NetworkAclEntry", config)
+    end
+
+    def stack_name
+      @stack_name ||= Chemtrail::Intrinsic.new("AWS::StackName")
+    end
+
+    def resources_config
+      @resources_config ||= YAML.load_file(File.expand_path("../../config/public_network_acl.yml", __FILE__))
+    end
+  end
+end

data/examples/lib/templates/opsworks_vpc_template.rb

@@ -1,89 +1,93 @@
 require "chemtrail"
 require "yaml"
+require_relative "opsworks_vpc/opsworks"
+require_relative "opsworks_vpc/nat_device"
+require_relative "opsworks_vpc/public_network"
+require_relative "opsworks_vpc/load_balancer"
+require_relative "opsworks_vpc/private_network"
 
-class OpsworksVpc < Chemtrail::Template
-  def description
-    <<-DESCRIPTION.strip.gsub!(/\s+/, ' ')
-      Sample template showing how to create a VPC environment for AWS OpsWorks.
-      The stack contains 2 subnets: the first subnet is public and contains the
-      load balancer, a NAT device for internet access from the private subnet.
-      The second subnet is private.
-
-      You will be billed for the AWS resources used if you create a stack from
-      this template.
-    DESCRIPTION
-  end
+module OpsworksVpc
+  class Stack < Chemtrail::Template
+    def description
+      <<-DESCRIPTION.strip.gsub!(/\s+/, ' ')
+        Sample template showing how to create a VPC environment for AWS OpsWorks.
+        The stack contains 2 subnets: the first subnet is public and contains the
+        load balancer, a NAT device for internet access from the private subnet.
+        The second subnet is private.
 
-  def parameters
-    [
-      Chemtrail::Parameter.new("NATInstanceType", "String", parameters_config["NATInstanceType"])
-    ]
-  end
+        You will be billed for the AWS resources used if you create a stack from
+        this template.
+      DESCRIPTION
+    end
 
-  def mappings
-    [
-      Chemtrail::Mapping.new("AWSNATAMI", mappings_config["AWSNATAMI"]),
-      Chemtrail::Mapping.new("AWSInstanceType2Arch", mappings_config["AWSInstanceType2Arch"]),
-      subnet_config
-    ]
-  end
+    def parameters
+      [nat_instance_type]
+    end
 
-  def resources
-    [
-      vpc,
-      public_subnet,
-      internet_gateway,
-      gateway_to_internet
-    ]
-  end
+    def mappings
+      [instance_type_arch, subnet_config] + nat.mappings
+    end
 
-  def subnet_config
-    @subnet_config ||= Chemtrail::Mapping.new("SubnetConfig", mappings_config["SubnetConfig"])
-  end
+    def resources
+      [vpc] + public_network.resources + private_network.resources + load_balancer.resources + opsworks.resources + nat.resources
+    end
 
-  def vpc
-    @vpc ||= Chemtrail::Resource.new("VPC", "AWS::EC2::VPC", resources_config["VPC"]).tap do |config|
-      config.properties["CidrBlock"] = subnet_config.find("VPC", "CIDR")
-      config.properties["Tags"] << stack_name.as_tag("Application")
+    def outputs
+      [
+        Chemtrail::Output.new("VPC", vpc),
+        Chemtrail::Output.new("PrivateSubnets", private_network.subnet),
+        Chemtrail::Output.new("PublicSubnets", public_network.subnet),
+        Chemtrail::Output.new("LoadBalancer", load_balancer.elb),
+      ]
     end
-  end
 
-  def public_subnet
-    @public_subnet ||= Chemtrail::Resource.new("PublicSubnet", "AWS::EC2::Subnet", resources_config["PublicSubnet"]).tap do |config|
-      config.properties["VpcId"] = vpc
-      config.properties["CidrBlock"] = subnet_config.find("VPC", "CIDR")
-      config.properties["Tags"] << stack_name.as_tag("Application")
+    def nat_instance_type
+      @nat_instance_type ||= Chemtrail::Parameter.new("NATInstanceType", "String", stack_config["NATInstanceType"])
     end
-  end
 
-  def internet_gateway
-    @internet_gateway ||= Chemtrail::Resource.new("InternetGateway", "AWS::EC2::InternetGateway", resources_config["InternetGateway"]).tap do |config|
-      config.properties["Tags"] << stack_name.as_tag("Application")
+    def instance_type_arch
+      @instance_type_arch ||= Chemtrail::Mapping.new("AWSInstanceType2Arch", stack_config["AWSInstanceType2Arch"])
     end
-  end
 
-  def gateway_to_internet
-    @gateway_to_internet ||= Chemtrail::Resource.new("GatewayToInternet", "AWS::EC2::VPCGatewayAttachment", resources_config["GatewayToInternet"]).tap do |config|
-      config.properties["VpcId"] = vpc
-      config.properties["InternetGatewayId"] = internet_gateway
+    def subnet_config
+      @subnet_config ||= Chemtrail::Mapping.new("SubnetConfig", stack_config["SubnetConfig"])
     end
-  end
 
-  def stack_name
-    @stack_name ||= Chemtrail::Intrinsic.new("AWS::StackName")
-  end
+    def vpc
+      @vpc ||= Chemtrail::Resource.new("VPC", "AWS::EC2::VPC", stack_config["VPC"]).tap do |config|
+        config.properties["CidrBlock"] = subnet_config.find("VPC", "CIDR")
+        config.properties["Tags"] << stack_name.as_tag("Application")
+      end
+    end
 
-  protected
+    protected
 
-  def parameters_config
-    @parameters_config ||= YAML.load_file(File.expand_path("../config/parameters.yml", __FILE__))
-  end
+    def nat
+      @nat ||= OpsworksVpc::NatDevice.new(vpc, public_network.subnet, opsworks.security_group, nat_instance_type)
+    end
 
-  def mappings_config
-    @mappings_config ||= YAML.load_file(File.expand_path("../config/mappings.yml", __FILE__))
-  end
+    def opsworks
+      @opsworks ||= OpsworksVpc::Opsworks.new(vpc, load_balancer.security_group)
+    end
+
+    def load_balancer
+      @load_balancer ||= OpsworksVpc::LoadBalancer.new(vpc, public_network.subnet)
+    end
 
-  def resources_config
-    @resources_config ||= YAML.load_file(File.expand_path("../config/resources.yml", __FILE__))
+    def public_network
+      @public_network ||= OpsworksVpc::PublicNetwork.new(vpc, subnet_config)
+    end
+
+    def private_network
+      @private_network ||= OpsworksVpc::PrivateNetwork.new(vpc, subnet_config, nat.device)
+    end
+
+    def stack_name
+      @stack_name ||= Chemtrail::Intrinsic.new("AWS::StackName")
+    end
+
+    def stack_config
+      @stack_config ||= YAML.load_file(File.expand_path("../config/stack.yml", __FILE__))
+    end
   end
 end

data/examples/spec/lib/templates/opsworks_vpc/load_balancer_spec.rb

@@ -0,0 +1,22 @@
+require "spec_helper"
+
+describe OpsworksVpc::LoadBalancer do
+  let(:vpc) { double(:vpc, id: "VPC") }
+  let(:public_subnet) { double(:public_subnet, id: "PublicSubnet") }
+
+  subject(:elb) { OpsworksVpc::LoadBalancer.new(vpc, public_subnet) }
+
+  describe "#resources" do
+    its(:resources) { should have_resource("LoadBalancerSecurityGroup").with_type("AWS::EC2::SecurityGroup") }
+    its(:resources) { should have_resource("ElasticLoadBalancer").with_type("AWS::ElasticLoadBalancing::LoadBalancer") }
+
+    describe "LoadBalancerSecurityGroup" do
+      its(:security_group) { should have_property("VpcId").with_reference("VPC") }
+    end
+
+    describe "ElasticLoadBalancer" do
+      its(:elb) { should have_property("SecurityGroups").including_reference("LoadBalancerSecurityGroup") }
+      its(:elb) { should have_property("Subnets").including_reference("PublicSubnet") }
+    end
+  end
+end

data/examples/spec/lib/templates/opsworks_vpc/nat_device_spec.rb

@@ -0,0 +1,45 @@
+require "spec_helper"
+
+describe OpsworksVpc::NatDevice do
+  let(:vpc) { double(:vpc, id: "VPC") }
+  let(:nat_instance_type) { double(:nat_instance_type, id: "NATInstanceType") }
+  let(:public_subnet) { double(:public_subnet, id: "PublicSubnet") }
+  let(:opsworks_security_group) { double(:opsworks_security_group, id: "OpsWorksSecurityGroup") }
+
+  subject(:nat_device) { OpsworksVpc::NatDevice.new(vpc, public_subnet, opsworks_security_group, nat_instance_type) }
+
+  describe "#mappings" do
+    its(:mappings) { should have_mapping "AWSNATAMI" }
+
+    describe "AWSNATAMI" do
+      its(:nat_ami) { should have_entry("us-east-1").including("AMI" =>"ami-c6699baf") }
+    end
+  end
+
+  describe "#resources" do
+    its(:resources) { should have_resource("NATSecurityGroup").with_type("AWS::EC2::SecurityGroup") }
+    its(:resources) { should have_resource("NATDevice").with_type("AWS::EC2::Instance") }
+    its(:resources) { should have_resource("NATIPAddress").with_type("AWS::EC2::EIP") }
+
+    describe "NATSecurityGroup" do
+      its(:security_group) { should have_property("VpcId").with_reference("VPC") }
+
+      it "references the opsworks security group on all ingress rules" do
+        nat_device.security_group.properties["SecurityGroupIngress"].each do |rule|
+          rule["SourceSecurityGroupId"].should be_reference_to("OpsWorksSecurityGroup")
+        end
+      end
+    end
+
+    describe "NATDevice" do
+      its(:device) { should have_property("InstanceType").with_reference("NATInstanceType") }
+      its(:device) { should have_property("SubnetId").with_reference("PublicSubnet") }
+      its(:device) { should have_property("ImageId") }
+      its(:device) { should have_property("SecurityGroupIds").including_reference("NATSecurityGroup") }
+    end
+
+    describe "NATIPAddress" do
+      its(:ip) { should have_property("VpcId").with_reference("VPC") }
+    end
+  end
+end

data/examples/spec/lib/templates/opsworks_vpc/opsworks_spec.rb

@@ -0,0 +1,21 @@
+require "spec_helper"
+
+describe OpsworksVpc::Opsworks do
+  let(:vpc) { double(:vpc, id: "VPC") }
+  let(:elb_security_group) { double(:elb_security_group, id: "LoadBalancerSecurityGroup") }
+
+  subject(:opsworks) { OpsworksVpc::Opsworks.new(vpc, elb_security_group) }
+
+  describe "#resources" do
+    its(:resources) { should have_resource("OpsWorksSecurityGroup").with_type("AWS::EC2::SecurityGroup") }
+
+    describe "OpsWorksSecurityGroup" do
+      let(:ingress) { opsworks.security_group.properties["SecurityGroupIngress"].first }
+
+      its(:security_group) { should have_property("VpcId").with_reference("VPC") }
+      its(:security_group) { should have_property("SecurityGroupIngress") }
+
+      specify { ingress["SourceSecurityGroupId"].should be_reference_to("LoadBalancerSecurityGroup") }
+    end
+  end
+end

data/examples/spec/lib/templates/opsworks_vpc/private_network_spec.rb

@@ -0,0 +1,62 @@
+require "spec_helper"
+
+describe OpsworksVpc::PrivateNetwork do
+  let(:vpc) { double(:vpc, id: "VPC") }
+  let(:nat_device) { double(:nat_device, id: "NATDevice") }
+  let(:subnet) { double(:subnet, find: "found") }
+
+  subject(:network) { OpsworksVpc::PrivateNetwork.new(vpc, subnet, nat_device) }
+
+  describe "#resources" do
+    its(:resources) { should have_resource("PrivateSubnet").with_type("AWS::EC2::Subnet") }
+    its(:resources) { should have_resource("PrivateRouteTable").with_type("AWS::EC2::RouteTable") }
+    its(:resources) { should have_resource("PrivateRoute").with_type("AWS::EC2::Route") }
+    its(:resources) { should have_resource("PrivateSubnetRouteTableAssociation").with_type("AWS::EC2::SubnetRouteTableAssociation") }
+    its(:resources) { should have_resource("PrivateNetworkAcl").with_type("AWS::EC2::NetworkAcl") }
+    its(:resources) { should have_resource("PrivateSubnetNetworkAclAssociation").with_type("AWS::EC2::SubnetNetworkAclAssociation") }
+    its(:resources) { should have_resource("InboundPrivateNetworkAclEntry").with_type("AWS::EC2::NetworkAclEntry") }
+    its(:resources) { should have_resource("OutBoundPrivateNetworkAclEntry").with_type("AWS::EC2::NetworkAclEntry") }
+
+    describe "PrivateSubnet" do
+      its(:subnet) { should have_property("CidrBlock") }
+      its(:subnet) { should have_tag("Application").with_reference("AWS::StackName") }
+    end
+
+    describe "PrivateRouteTable" do
+      its(:route_table) { should have_property("VpcId").with_reference("VPC") }
+      its(:route_table) { should have_tag("Application").with_reference("AWS::StackName") }
+    end
+
+    describe "PrivateRoute" do
+      its(:route) { should have_property("RouteTableId").with_reference("PrivateRouteTable") }
+      its(:route) { should have_property("InstanceId").with_reference("NATDevice") }
+    end
+
+    describe "PrivateSubnetRouteTableAssociation" do
+      its(:subnet_route_table_association) { should have_property("RouteTableId").with_reference("PrivateRouteTable") }
+      its(:subnet_route_table_association) { should have_property("SubnetId").with_reference("PrivateSubnet") }
+    end
+
+    describe "PrivateNetworkAcl" do
+      its(:network_acl) { should have_property("VpcId").with_reference("VPC") }
+      its(:network_acl) { should have_tag("Application").with_reference("AWS::StackName") }
+    end
+
+    describe "PrivateSubnetNetworkAclAssociation" do
+      its(:network_acl_association) { should have_property("SubnetId").with_reference("PrivateSubnet") }
+      its(:network_acl_association) { should have_property("NetworkAclId").with_reference("PrivateNetworkAcl") }
+    end
+
+    describe "InboundPrivateNetworkAclEntry" do
+      its(:inbound_entry) { should have_property("NetworkAclId").with_reference("PrivateNetworkAcl") }
+      its(:inbound_entry) { should have_property("PortRange").with_value("From" => "0", "To" => "65535") }
+      its(:inbound_entry) { should have_property("Egress").with_value("false") }
+    end
+
+    describe "OutBoundPrivateNetworkAclEntry" do
+      its(:outbound_entry) { should have_property("NetworkAclId").with_reference("PrivateNetworkAcl") }
+      its(:outbound_entry) { should have_property("PortRange").with_value("From" => "0", "To" => "65535") }
+      its(:outbound_entry) { should have_property("Egress").with_value("true") }
+    end
+  end
+end