chemtrail 0.3.1 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/examples/lib/templates/config/load_balancer.yml +23 -0
- data/examples/lib/templates/config/nat_device.yml +49 -0
- data/examples/lib/templates/config/opsworks.yml +5 -0
- data/examples/lib/templates/config/private_network.yml +34 -0
- data/examples/lib/templates/config/{resources.yml → public_network.yml} +4 -14
- data/examples/lib/templates/config/public_network_acl.yml +54 -0
- data/examples/lib/templates/config/{mappings.yml → stack.yml} +24 -17
- data/examples/lib/templates/opsworks_vpc/load_balancer.rb +36 -0
- data/examples/lib/templates/opsworks_vpc/nat_device.rb +58 -0
- data/examples/lib/templates/opsworks_vpc/opsworks.rb +27 -0
- data/examples/lib/templates/opsworks_vpc/private_network.rb +89 -0
- data/examples/lib/templates/opsworks_vpc/public_network.rb +79 -0
- data/examples/lib/templates/opsworks_vpc/public_network_acl.rb +72 -0
- data/examples/lib/templates/opsworks_vpc_template.rb +71 -67
- data/examples/spec/lib/templates/opsworks_vpc/load_balancer_spec.rb +22 -0
- data/examples/spec/lib/templates/opsworks_vpc/nat_device_spec.rb +45 -0
- data/examples/spec/lib/templates/opsworks_vpc/opsworks_spec.rb +21 -0
- data/examples/spec/lib/templates/opsworks_vpc/private_network_spec.rb +62 -0
- data/examples/spec/lib/templates/opsworks_vpc/public_network_acl_spec.rb +63 -0
- data/examples/spec/lib/templates/opsworks_vpc/public_network_spec.rb +40 -0
- data/examples/spec/lib/templates/opsworks_vpc_template_spec.rb +37 -39
- data/lib/chemtrail/matchers/be_reference_to.rb +11 -0
- data/lib/chemtrail/matchers/have_entry.rb +36 -0
- data/lib/chemtrail/matchers/have_field.rb +7 -20
- data/lib/chemtrail/matchers/have_mapping.rb +4 -2
- data/lib/chemtrail/matchers/have_output.rb +46 -0
- data/lib/chemtrail/matchers/have_parameter.rb +9 -8
- data/lib/chemtrail/matchers/have_property.rb +35 -20
- data/lib/chemtrail/matchers/have_resource.rb +9 -8
- data/lib/chemtrail/matchers/have_tag.rb +7 -20
- data/lib/chemtrail/reference_presenter.rb +8 -6
- data/lib/chemtrail/rspec.rb +3 -1
- data/lib/chemtrail/version.rb +1 -1
- metadata +24 -6
- data/examples/lib/templates/config/parameters.yml +0 -18
- data/lib/chemtrail/matchers/have_mapping_key.rb +0 -49
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: da5e94625a540c598754777705713135aed7b298
|
4
|
+
data.tar.gz: 570c93e465273a2a6a23eaa19cde303ebcddfb20
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e16c9ae30693142fa40c50d5d17e7d3dee6880390f02743bffb3af23943bf4097e7b902a66f6243315742d9211b8c91c3d8758bb768d2e8223a9eee6512809a7
|
7
|
+
data.tar.gz: 2046dabd55f6dae8f7c8589f6bc884e9b1e17e4ad4c4bd8928505fe45cda76062c986d9487e33bdf628d86631518057da12d5ad46165e67ef182c02f38780cb7
|
@@ -0,0 +1,23 @@
|
|
1
|
+
LoadBalancerSecurityGroup:
|
2
|
+
SecurityGroupIngress:
|
3
|
+
- IpProtocol: tcp
|
4
|
+
FromPort: "80"
|
5
|
+
ToPort: "80"
|
6
|
+
CidrIp: 0.0.0.0/0
|
7
|
+
SecurityGroupEgress:
|
8
|
+
- IpProtocol: tcp
|
9
|
+
FromPort: "80"
|
10
|
+
ToPort: "80"
|
11
|
+
CidrIp: 0.0.0.0/0
|
12
|
+
|
13
|
+
ElasticLoadBalancer:
|
14
|
+
Listeners:
|
15
|
+
- LoadBalancerPort: "80"
|
16
|
+
InstancePort: "80"
|
17
|
+
Protocol: HTTP
|
18
|
+
HealthCheck:
|
19
|
+
Target: HTTP:80/
|
20
|
+
HealthyThreshold: "3"
|
21
|
+
UnhealthyThreshold: "5"
|
22
|
+
Interval: "90"
|
23
|
+
Timeout: "60"
|
@@ -0,0 +1,49 @@
|
|
1
|
+
AWSNATAMI:
|
2
|
+
us-east-1:
|
3
|
+
AMI: ami-c6699baf
|
4
|
+
us-west-2:
|
5
|
+
AMI: ami-52ff7262
|
6
|
+
us-west-1:
|
7
|
+
AMI: ami-3bcc9e7e
|
8
|
+
eu-west-1:
|
9
|
+
AMI: ami-0b5b6c7f
|
10
|
+
ap-southeast-1:
|
11
|
+
AMI: ami-02eb9350
|
12
|
+
ap-southeast-2:
|
13
|
+
AMI: ami-ab990e91
|
14
|
+
ap-northeast-1:
|
15
|
+
AMI: ami-14d86d15
|
16
|
+
sa-east-1:
|
17
|
+
AMI: ami-0439e619
|
18
|
+
|
19
|
+
NATIPAddress:
|
20
|
+
Domain: vpc
|
21
|
+
|
22
|
+
NATDevice:
|
23
|
+
SourceDestCheck: "false"
|
24
|
+
|
25
|
+
NATSecurityGroup:
|
26
|
+
GroupDescription: Enable internal access to the NAT device
|
27
|
+
SecurityGroupIngress:
|
28
|
+
- IpProtocol: tcp
|
29
|
+
FromPort: "80"
|
30
|
+
ToPort: "80"
|
31
|
+
- IpProtocol: tcp
|
32
|
+
FromPort: "9418"
|
33
|
+
ToPort: "9418"
|
34
|
+
- IpProtocol: tcp
|
35
|
+
FromPort: "443"
|
36
|
+
ToPort: "443"
|
37
|
+
SecurityGroupEgress:
|
38
|
+
- IpProtocol: tcp
|
39
|
+
FromPort: "80"
|
40
|
+
ToPort: "80"
|
41
|
+
CidrIp: 0.0.0.0/0
|
42
|
+
- IpProtocol: tcp
|
43
|
+
FromPort: "9418"
|
44
|
+
ToPort: "9418"
|
45
|
+
CidrIp: 0.0.0.0/0
|
46
|
+
- IpProtocol: tcp
|
47
|
+
FromPort: "443"
|
48
|
+
ToPort: "443"
|
49
|
+
CidrIp: 0.0.0.0/0
|
@@ -0,0 +1,34 @@
|
|
1
|
+
PrivateSubnet:
|
2
|
+
Tags:
|
3
|
+
- Key: Network
|
4
|
+
Value: Private
|
5
|
+
|
6
|
+
PrivateRouteTable:
|
7
|
+
Tags:
|
8
|
+
- Key: Network
|
9
|
+
Value: Private
|
10
|
+
|
11
|
+
PrivateNetworkAcl:
|
12
|
+
Tags:
|
13
|
+
- Key: Network
|
14
|
+
Value: Private
|
15
|
+
|
16
|
+
InboundPrivateNetworkAclEntry:
|
17
|
+
RuleNumber: "100"
|
18
|
+
Protocol: "6"
|
19
|
+
RuleAction: allow
|
20
|
+
Egress: "false"
|
21
|
+
CidrBlock: 0.0.0.0/0
|
22
|
+
PortRange:
|
23
|
+
From: "0"
|
24
|
+
To: "65535"
|
25
|
+
|
26
|
+
OutBoundPrivateNetworkAclEntry:
|
27
|
+
RuleNumber: "100"
|
28
|
+
Protocol: "6"
|
29
|
+
RuleAction: allow
|
30
|
+
Egress: "true"
|
31
|
+
CidrBlock: 0.0.0.0/0
|
32
|
+
PortRange:
|
33
|
+
From: "0"
|
34
|
+
To: "65535"
|
@@ -1,8 +1,3 @@
|
|
1
|
-
VPC:
|
2
|
-
Tags:
|
3
|
-
- Key: Network
|
4
|
-
Value: Public
|
5
|
-
|
6
1
|
PublicSubnet:
|
7
2
|
Tags:
|
8
3
|
- Key: Network
|
@@ -16,12 +11,7 @@ InternetGateway:
|
|
16
11
|
PublicRoute:
|
17
12
|
DestinationCidrBlock: 0.0.0.0/0
|
18
13
|
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
Egress: false
|
24
|
-
CidrBlock: 0.0.0.0/0
|
25
|
-
PortRange:
|
26
|
-
From: "80"
|
27
|
-
To: "80"
|
14
|
+
PublicRouteTable:
|
15
|
+
Tags:
|
16
|
+
- Key: Network
|
17
|
+
Value: Public
|
@@ -0,0 +1,54 @@
|
|
1
|
+
PublicNetworkAcl:
|
2
|
+
Tags:
|
3
|
+
- Key: Network
|
4
|
+
Value: Public
|
5
|
+
|
6
|
+
InboundHTTPPublicNetworkAclEntry:
|
7
|
+
RuleNumber: "100"
|
8
|
+
Protocol: "6"
|
9
|
+
RuleAction: allow
|
10
|
+
Egress: "false"
|
11
|
+
CidrBlock: 0.0.0.0/0
|
12
|
+
PortRange:
|
13
|
+
From: "80"
|
14
|
+
To: "80"
|
15
|
+
|
16
|
+
InboundHTTPSPublicNetworkAclEntry:
|
17
|
+
RuleNumber: "101"
|
18
|
+
Protocol: "6"
|
19
|
+
RuleAction: allow
|
20
|
+
Egress: "false"
|
21
|
+
CidrBlock: 0.0.0.0/0
|
22
|
+
PortRange:
|
23
|
+
From: "443"
|
24
|
+
To: "443"
|
25
|
+
|
26
|
+
InboundSSHPublicNetworkAclEntry:
|
27
|
+
RuleNumber: "102"
|
28
|
+
Protocol: "6"
|
29
|
+
RuleAction: allow
|
30
|
+
Egress: "false"
|
31
|
+
CidrBlock: 0.0.0.0/0
|
32
|
+
PortRange:
|
33
|
+
From: "22"
|
34
|
+
To: "22"
|
35
|
+
|
36
|
+
InboundEmphemeralPublicNetworkAclEntry:
|
37
|
+
RuleNumber: "103"
|
38
|
+
Protocol: "6"
|
39
|
+
RuleAction: allow
|
40
|
+
Egress: "false"
|
41
|
+
CidrBlock: 0.0.0.0/0
|
42
|
+
PortRange:
|
43
|
+
From: "1024"
|
44
|
+
To: "65535"
|
45
|
+
|
46
|
+
OutboundPublicNetworkAclEntry:
|
47
|
+
RuleNumber: "100"
|
48
|
+
Protocol: "6"
|
49
|
+
RuleAction: allow
|
50
|
+
Egress: "true"
|
51
|
+
CidrBlock: 0.0.0.0/0
|
52
|
+
PortRange:
|
53
|
+
From: "0"
|
54
|
+
To: "65535"
|
@@ -1,20 +1,21 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
1
|
+
NATInstanceType:
|
2
|
+
Default: m1.small
|
3
|
+
Description: NAT Device EC2 instance type
|
4
|
+
ConstraintDescription: must be a valid EC2 instance type.
|
5
|
+
AllowedValues:
|
6
|
+
- t1.micro
|
7
|
+
- m1.small
|
8
|
+
- m1.medium
|
9
|
+
- m1.large
|
10
|
+
- m1.xlarge
|
11
|
+
- m2.xlarge
|
12
|
+
- m2.2xlarge
|
13
|
+
- m2.4xlarge
|
14
|
+
- c1.medium
|
15
|
+
- c1.xlarge
|
16
|
+
- cc1.4xlarge
|
17
|
+
- cc2.8xlarge
|
18
|
+
- cg1.4xlarge
|
18
19
|
|
19
20
|
AWSInstanceType2Arch:
|
20
21
|
t1.micro:
|
@@ -51,3 +52,9 @@ SubnetConfig:
|
|
51
52
|
CIDR: 10.0.0.0/24
|
52
53
|
Private:
|
53
54
|
CIDR: 10.0.1.0/24
|
55
|
+
|
56
|
+
VPC:
|
57
|
+
Tags:
|
58
|
+
- Key: Network
|
59
|
+
Value: Public
|
60
|
+
|
@@ -0,0 +1,36 @@
|
|
1
|
+
module OpsworksVpc
|
2
|
+
class LoadBalancer
|
3
|
+
attr_reader :vpc, :public_subnet
|
4
|
+
|
5
|
+
def initialize(vpc, public_subnet)
|
6
|
+
@vpc = vpc
|
7
|
+
@public_subnet = public_subnet
|
8
|
+
end
|
9
|
+
|
10
|
+
def resources
|
11
|
+
[
|
12
|
+
security_group,
|
13
|
+
elb
|
14
|
+
]
|
15
|
+
end
|
16
|
+
|
17
|
+
def security_group
|
18
|
+
@security_group ||= Chemtrail::Resource.new("LoadBalancerSecurityGroup", "AWS::EC2::SecurityGroup", resources_config["LoadBalancerSecurityGroup"]).tap do |config|
|
19
|
+
config.properties["VpcId"] = vpc
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
def elb
|
24
|
+
@elb ||= Chemtrail::Resource.new("ElasticLoadBalancer", "AWS::ElasticLoadBalancing::LoadBalancer", resources_config["ElasticLoadBalancer"]).tap do |config|
|
25
|
+
config.properties["Subnets"] = [public_subnet]
|
26
|
+
config.properties["SecurityGroups"] = [security_group]
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
protected
|
31
|
+
|
32
|
+
def resources_config
|
33
|
+
@resources_config ||= YAML.load_file(File.expand_path("../../config/load_balancer.yml", __FILE__))
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
@@ -0,0 +1,58 @@
|
|
1
|
+
module OpsworksVpc
|
2
|
+
class NatDevice
|
3
|
+
attr_reader :vpc, :public_subnet, :opsworks_security_group, :nat_instance_type
|
4
|
+
|
5
|
+
def initialize(vpc, public_subnet, opsworks_security_group, nat_instance_type)
|
6
|
+
@vpc = vpc
|
7
|
+
@public_subnet = public_subnet
|
8
|
+
@opsworks_security_group = opsworks_security_group
|
9
|
+
@nat_instance_type = nat_instance_type
|
10
|
+
end
|
11
|
+
|
12
|
+
def mappings
|
13
|
+
[nat_ami]
|
14
|
+
end
|
15
|
+
|
16
|
+
def resources
|
17
|
+
[security_group, device, ip]
|
18
|
+
end
|
19
|
+
|
20
|
+
def nat_ami
|
21
|
+
@nat_ami ||= Chemtrail::Mapping.new("AWSNATAMI", nat_device_config["AWSNATAMI"])
|
22
|
+
end
|
23
|
+
|
24
|
+
def device
|
25
|
+
@device ||= Chemtrail::Resource.new("NATDevice", "AWS::EC2::Instance", nat_device_config["NATDevice"]).tap do |config|
|
26
|
+
config.properties["InstanceType"] = nat_instance_type
|
27
|
+
config.properties["SubnetId"] = public_subnet
|
28
|
+
config.properties["ImageId"] = nat_ami.find(region, "AMI")
|
29
|
+
config.properties["SecurityGroupIds"] = [security_group]
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
def ip
|
34
|
+
@ip ||= Chemtrail::Resource.new("NATIPAddress", "AWS::EC2::EIP", nat_device_config["NATIPAddress"]).tap do |config|
|
35
|
+
config.properties["VpcId"] = vpc
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
def security_group
|
40
|
+
@security_group ||= Chemtrail::Resource.new("NATSecurityGroup", "AWS::EC2::SecurityGroup", nat_device_config["NATSecurityGroup"]).tap do |config|
|
41
|
+
config.properties["VpcId"] = vpc
|
42
|
+
config.properties["SecurityGroupIngress"].each do |group|
|
43
|
+
group["SourceSecurityGroupId"] = opsworks_security_group
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
protected
|
49
|
+
|
50
|
+
def region
|
51
|
+
@region ||= Chemtrail::Intrinsic.new("AWS::Region")
|
52
|
+
end
|
53
|
+
|
54
|
+
def nat_device_config
|
55
|
+
@nat_device_config ||= YAML.load_file(File.expand_path("../../config/nat_device.yml", __FILE__))
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
module OpsworksVpc
|
2
|
+
class Opsworks
|
3
|
+
attr_reader :vpc, :elb_security_group
|
4
|
+
|
5
|
+
def initialize(vpc, elb_security_group)
|
6
|
+
@vpc = vpc
|
7
|
+
@elb_security_group = elb_security_group
|
8
|
+
end
|
9
|
+
|
10
|
+
def resources
|
11
|
+
[security_group]
|
12
|
+
end
|
13
|
+
|
14
|
+
def security_group
|
15
|
+
@security_group ||= Chemtrail::Resource.new("OpsWorksSecurityGroup", "AWS::EC2::SecurityGroup", resources_config["OpsWorksSecurityGroup"]).tap do |config|
|
16
|
+
config.properties["VpcId"] = vpc
|
17
|
+
config.properties["SecurityGroupIngress"].first["SourceSecurityGroupId"] = elb_security_group
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
protected
|
22
|
+
|
23
|
+
def resources_config
|
24
|
+
@resources_config ||= YAML.load_file(File.expand_path("../../config/opsworks.yml", __FILE__))
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,89 @@
|
|
1
|
+
module OpsworksVpc
|
2
|
+
class PrivateNetwork
|
3
|
+
attr_reader :vpc, :subnet_config, :nat_device
|
4
|
+
|
5
|
+
def initialize(vpc, subnet_config, nat_device)
|
6
|
+
@vpc = vpc
|
7
|
+
@subnet_config = subnet_config
|
8
|
+
@nat_device = nat_device
|
9
|
+
end
|
10
|
+
|
11
|
+
def resources
|
12
|
+
[
|
13
|
+
subnet,
|
14
|
+
route_table,
|
15
|
+
route,
|
16
|
+
subnet_route_table_association,
|
17
|
+
network_acl,
|
18
|
+
network_acl_association,
|
19
|
+
inbound_entry,
|
20
|
+
outbound_entry
|
21
|
+
]
|
22
|
+
end
|
23
|
+
|
24
|
+
def subnet
|
25
|
+
@subnet ||= Chemtrail::Resource.new("PrivateSubnet", "AWS::EC2::Subnet", resources_config["PrivateSubnet"]).tap do |config|
|
26
|
+
config.properties["VpcId"] = vpc
|
27
|
+
config.properties["CidrBlock"] = subnet_config.find("Private", "CIDR")
|
28
|
+
config.properties["Tags"] << stack_name.as_tag("Application")
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
def route_table
|
33
|
+
@route_table ||= Chemtrail::Resource.new("PrivateRouteTable", "AWS::EC2::RouteTable", resources_config["PrivateRouteTable"]).tap do |config|
|
34
|
+
config.properties["VpcId"] = vpc
|
35
|
+
config.properties["Tags"] << stack_name.as_tag("Application")
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
def route
|
40
|
+
@route ||= Chemtrail::Resource.new("PrivateRoute", "AWS::EC2::Route", resources_config["PrivateRoute"]).tap do |config|
|
41
|
+
config.properties["RouteTableId"] = route_table
|
42
|
+
config.properties["InstanceId"] = nat_device
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
def subnet_route_table_association
|
47
|
+
@subnet_route_table_association ||= Chemtrail::Resource.new("PrivateSubnetRouteTableAssociation", "AWS::EC2::SubnetRouteTableAssociation", resources_config["PrivateSubnetRouteTableAssociation"]).tap do |config|
|
48
|
+
config.properties["RouteTableId"] = route_table
|
49
|
+
config.properties["SubnetId"] = subnet
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
def network_acl
|
54
|
+
@network_acl ||= Chemtrail::Resource.new("PrivateNetworkAcl", "AWS::EC2::NetworkAcl", resources_config["PrivateNetworkAcl"]).tap do |config|
|
55
|
+
config.properties["VpcId"] = vpc
|
56
|
+
config.properties["Tags"] << stack_name.as_tag("Application")
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
def network_acl_association
|
61
|
+
@network_acl_association ||= Chemtrail::Resource.new("PrivateSubnetNetworkAclAssociation", "AWS::EC2::SubnetNetworkAclAssociation", resources_config["PrivateSubnetNetworkAclAssociation"]).tap do |config|
|
62
|
+
config.properties["SubnetId"] = subnet
|
63
|
+
config.properties["NetworkAclId"] = network_acl
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
67
|
+
def inbound_entry
|
68
|
+
@inbound_entry ||= Chemtrail::Resource.new("InboundPrivateNetworkAclEntry", "AWS::EC2::NetworkAclEntry", resources_config["InboundPrivateNetworkAclEntry"]).tap do |config|
|
69
|
+
config.properties["NetworkAclId"] = network_acl
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
def outbound_entry
|
74
|
+
@outbound_entry ||= Chemtrail::Resource.new("OutBoundPrivateNetworkAclEntry", "AWS::EC2::NetworkAclEntry", resources_config["OutBoundPrivateNetworkAclEntry"]).tap do |config|
|
75
|
+
config.properties["NetworkAclId"] = network_acl
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
protected
|
80
|
+
|
81
|
+
def stack_name
|
82
|
+
@stack_name ||= Chemtrail::Intrinsic.new("AWS::StackName")
|
83
|
+
end
|
84
|
+
|
85
|
+
def resources_config
|
86
|
+
@resources_config ||= YAML.load_file(File.expand_path("../../config/private_network.yml", __FILE__))
|
87
|
+
end
|
88
|
+
end
|
89
|
+
end
|