chemtrail 0.4.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: da5e94625a540c598754777705713135aed7b298
-  data.tar.gz: 570c93e465273a2a6a23eaa19cde303ebcddfb20
+  metadata.gz: 9cea4ac78802e46bcfa27fd2d3ce436f104dbd89
+  data.tar.gz: 35c9eeaf91b64f21d96299b1833a968176ce7c92
 SHA512:
-  metadata.gz: e16c9ae30693142fa40c50d5d17e7d3dee6880390f02743bffb3af23943bf4097e7b902a66f6243315742d9211b8c91c3d8758bb768d2e8223a9eee6512809a7
-  data.tar.gz: 2046dabd55f6dae8f7c8589f6bc884e9b1e17e4ad4c4bd8928505fe45cda76062c986d9487e33bdf628d86631518057da12d5ad46165e67ef182c02f38780cb7
+  metadata.gz: a1554bfd2d565f01113e4c2461320d74994dfd1a65afdcc2b6a41edb5545d78b04ea1fdb649cc84a568296341cb5f6e6d9521d15da6ab55472e9bbcc31aa91a0
+  data.tar.gz: bd66df7c9d4448ce81e6e12d7d8771072a2374bb9a74bcd84c52aa61c8c897c84e3f813deac044025c926ccb181e8ef8e2302441f001d5a9414d4fc7ede1af99

data/README.md

@@ -33,7 +33,9 @@ Or install it yourself as:
 Usage
 -----
 
-See the `examples/` directory for examples of subclassing and testing templates.
+See the `examples/` directory for an example of test-driving the
+[OpsWorks VPC](http://docs.aws.amazon.com/opsworks/latest/userguide/workingstacks-vpc.html)
+CloudFormation template.
 
 Listing all available templates in `lib/templates`:
 
@@ -47,6 +49,10 @@ Building a template:
 
     $ chemtrail build crazy:cat:pants
 
+Validating a template with Amazon (note that you will need to set the environment variables `AWS_REGION`, `AWS_ACCESS_KEY_ID` and `AWS_SECRET_KEY`):
+
+    $ chemtrail validate tangy:socks
+
 
 Contributing
 ------------

data/examples/lib/templates/config/load_balancer.yml

@@ -1,4 +1,5 @@
 LoadBalancerSecurityGroup:
+  GroupDescription: Enable HTTP access on port 80
   SecurityGroupIngress:
     - IpProtocol: tcp
       FromPort: "80"

data/examples/lib/templates/config/opsworks.yml

@@ -1,4 +1,5 @@
 OpsWorksSecurityGroup:
+  GroupDescription: Allow the OpsWorks instances to access the NAT device
   SecurityGroupIngress:
     - IpProtocol: tcp
       FromPort: "80"

data/examples/lib/templates/config/private_network.yml

@@ -1,6 +1,9 @@
+PrivateRoute:
+  DestinationCidrBlock: 0.0.0.0/0
+
 PrivateSubnet:
   Tags:
-    - Key: Network
+    - Key: Name
       Value: Private
 
 PrivateRouteTable:

data/examples/lib/templates/config/stack.yml

@@ -57,4 +57,3 @@ VPC:
   Tags:
     - Key: Network
       Value: Public
-

data/examples/lib/templates/opsworks_vpc/nat_device.rb

@@ -32,7 +32,7 @@ module OpsworksVpc
 
     def ip
       @ip ||= Chemtrail::Resource.new("NATIPAddress", "AWS::EC2::EIP", nat_device_config["NATIPAddress"]).tap do |config|
-        config.properties["VpcId"] = vpc
+        config.properties["InstanceId"] = device
       end
     end
 

data/examples/lib/templates/opsworks_vpc/private_network.rb

@@ -25,14 +25,14 @@ module OpsworksVpc
       @subnet ||= Chemtrail::Resource.new("PrivateSubnet", "AWS::EC2::Subnet", resources_config["PrivateSubnet"]).tap do |config|
         config.properties["VpcId"] = vpc
         config.properties["CidrBlock"] = subnet_config.find("Private", "CIDR")
-        config.properties["Tags"] << stack_name.as_tag("Application")
+        config.properties["Tags"].unshift(stack_name.as_tag("Application"))
       end
     end
 
     def route_table
       @route_table ||= Chemtrail::Resource.new("PrivateRouteTable", "AWS::EC2::RouteTable", resources_config["PrivateRouteTable"]).tap do |config|
         config.properties["VpcId"] = vpc
-        config.properties["Tags"] << stack_name.as_tag("Application")
+        config.properties["Tags"].unshift(stack_name.as_tag("Application"))
       end
     end
 
@@ -53,7 +53,7 @@ module OpsworksVpc
     def network_acl
       @network_acl ||= Chemtrail::Resource.new("PrivateNetworkAcl", "AWS::EC2::NetworkAcl", resources_config["PrivateNetworkAcl"]).tap do |config|
         config.properties["VpcId"] = vpc
-        config.properties["Tags"] << stack_name.as_tag("Application")
+        config.properties["Tags"].unshift(stack_name.as_tag("Application"))
       end
     end
 

data/examples/lib/templates/opsworks_vpc/public_network.rb

@@ -24,13 +24,13 @@ module OpsworksVpc
       @subnet ||= Chemtrail::Resource.new("PublicSubnet", "AWS::EC2::Subnet", resources_config["PublicSubnet"]).tap do |config|
         config.properties["VpcId"] = vpc
         config.properties["CidrBlock"] = subnet_config.find("Public", "CIDR")
-        config.properties["Tags"] << stack_name.as_tag("Application")
+        config.properties["Tags"].unshift(stack_name.as_tag("Application"))
       end
     end
 
     def internet_gateway
       @internet_gateway ||= Chemtrail::Resource.new("InternetGateway", "AWS::EC2::InternetGateway", resources_config["InternetGateway"]).tap do |config|
-        config.properties["Tags"] << stack_name.as_tag("Application")
+        config.properties["Tags"].unshift(stack_name.as_tag("Application"))
       end
     end
 
@@ -44,14 +44,14 @@ module OpsworksVpc
     def route_table
       @route_table ||= Chemtrail::Resource.new("PublicRouteTable", "AWS::EC2::RouteTable", resources_config["PublicRouteTable"]).tap do |config|
         config.properties["VpcId"] = vpc
-        config.properties["Tags"] << stack_name.as_tag("Application")
+        config.properties["Tags"].unshift(stack_name.as_tag("Application"))
       end
     end
 
     def route
       @route ||= Chemtrail::Resource.new("PublicRoute", "AWS::EC2::Route", resources_config["PublicRoute"]).tap do |config|
         config.properties["RouteTableId"] = route_table
-        config.properties["GatewayId"] = gateway_to_internet
+        config.properties["GatewayId"] = internet_gateway
       end
     end
 

data/examples/lib/templates/opsworks_vpc/public_network_acl.rb

@@ -22,7 +22,7 @@ module OpsworksVpc
     def network_acl
       @network_acl ||= Chemtrail::Resource.new("PublicNetworkAcl", "AWS::EC2::NetworkAcl", resources_config["PublicNetworkAcl"]).tap do |config|
         config.properties["VpcId"] = vpc
-        config.properties["Tags"] << stack_name.as_tag("Application")
+        config.properties["Tags"].unshift(stack_name.as_tag("Application"))
       end
     end
 

data/examples/lib/templates/opsworks_vpc_template.rb

@@ -34,10 +34,10 @@ module OpsworksVpc
 
     def outputs
       [
-        Chemtrail::Output.new("VPC", vpc),
-        Chemtrail::Output.new("PrivateSubnets", private_network.subnet),
-        Chemtrail::Output.new("PublicSubnets", public_network.subnet),
-        Chemtrail::Output.new("LoadBalancer", load_balancer.elb),
+        Chemtrail::Output.new("VPC", vpc, "VPC"),
+        Chemtrail::Output.new("PrivateSubnets", private_network.subnet, "Private Subnet"),
+        Chemtrail::Output.new("PublicSubnets", public_network.subnet, "Public Subnet"),
+        Chemtrail::Output.new("LoadBalancer", load_balancer.elb, "Load Balancer"),
       ]
     end
 
@@ -56,7 +56,7 @@ module OpsworksVpc
     def vpc
       @vpc ||= Chemtrail::Resource.new("VPC", "AWS::EC2::VPC", stack_config["VPC"]).tap do |config|
         config.properties["CidrBlock"] = subnet_config.find("VPC", "CIDR")
-        config.properties["Tags"] << stack_name.as_tag("Application")
+        config.properties["Tags"].unshift(stack_name.as_tag("Application"))
       end
     end
 

data/examples/spec/integration/parity_spec.rb

@@ -0,0 +1,12 @@
+require "spec_helper"
+
+describe "parity with cloudformation" do
+  let(:template_path) { File.expand_path("../../support/OpsWorksinVPC.template", __FILE__) }
+  let(:template_contents) { File.read(template_path) }
+  let(:template) { JSON.parse(template_contents) }
+  let(:generated) { OpsworksVpc::Stack.new.to_hash }
+
+  it "maintains parity with cloudformation" do
+    template.should == generated
+  end
+end

data/examples/spec/lib/templates/opsworks_vpc/nat_device_spec.rb

@@ -39,7 +39,7 @@ describe OpsworksVpc::NatDevice do
     end
 
     describe "NATIPAddress" do
-      its(:ip) { should have_property("VpcId").with_reference("VPC") }
+      its(:ip) { should have_property("InstanceId").with_reference("NATDevice") }
     end
   end
 end

data/examples/spec/lib/templates/opsworks_vpc/public_network_spec.rb

@@ -27,6 +27,11 @@ describe OpsworksVpc::PublicNetwork do
       its(:gateway_to_internet) { should have_property("InternetGatewayId").with_reference("InternetGateway") }
     end
 
+    describe "PublicRoute" do
+      its(:route) { should have_property("RouteTableId").with_reference("PublicRouteTable") }
+      its(:route) { should have_property("GatewayId").with_reference("InternetGateway") }
+    end
+
     describe "PublicRouteTable" do
       its(:route_table) { should have_property("VpcId").with_reference("VPC") }
       its(:route_table) { should have_tag("Application").with_reference("AWS::StackName") }

data/examples/spec/spec_helper.rb

@@ -2,6 +2,7 @@ $:<< File.expand_path("../../../lib", __FILE__)
 
 require "chemtrail"
 require "chemtrail/rspec"
+require "json"
 
 Dir.glob(File.expand_path("../../lib/templates/**/*_template.rb", __FILE__)).each { |t| require t }
 

data/examples/spec/support/OpsWorksinVPC.template

@@ -0,0 +1,394 @@
+{
+  "AWSTemplateFormatVersion" : "2010-09-09",
+
+  "Description" : "Sample template showing how to create a VPC environment for AWS OpsWorks. The stack contains 2 subnets: the first subnet is public and contains the load balancer, a NAT device for internet access from the private subnet. The second subnet is private. You will be billed for the AWS resources used if you create a stack from this template.",
+
+  "Parameters" : {
+
+    "NATInstanceType" : {
+      "Description" : "NAT Device EC2 instance type",
+      "Type" : "String",
+      "Default" : "m1.small",
+      "AllowedValues" : [ "t1.micro","m1.small","m1.medium","m1.large","m1.xlarge","m2.xlarge","m2.2xlarge","m2.4xlarge","c1.medium","c1.xlarge","cc1.4xlarge","cc2.8xlarge","cg1.4xlarge"],
+      "ConstraintDescription" : "must be a valid EC2 instance type."
+    }
+  },
+
+  "Mappings" : {
+    "AWSNATAMI" : {
+      "us-east-1"      : { "AMI" : "ami-c6699baf" },
+      "us-west-2"      : { "AMI" : "ami-52ff7262" },
+      "us-west-1"      : { "AMI" : "ami-3bcc9e7e" },
+      "eu-west-1"      : { "AMI" : "ami-0b5b6c7f" },
+      "ap-southeast-1" : { "AMI" : "ami-02eb9350" },
+      "ap-southeast-2" : { "AMI" : "ami-ab990e91" },
+      "ap-northeast-1" : { "AMI" : "ami-14d86d15" },
+      "sa-east-1"      : { "AMI" : "ami-0439e619" }
+    },
+
+    "AWSInstanceType2Arch" : {
+      "t1.micro"    : { "Arch" : "64" },
+      "m1.small"    : { "Arch" : "64" },
+      "m1.medium"   : { "Arch" : "64" },
+      "m1.large"    : { "Arch" : "64" },
+      "m1.xlarge"   : { "Arch" : "64" },
+      "m2.xlarge"   : { "Arch" : "64" },
+      "m2.2xlarge"  : { "Arch" : "64" },
+      "m2.4xlarge"  : { "Arch" : "64" },
+      "c1.medium"   : { "Arch" : "64" },
+      "c1.xlarge"   : { "Arch" : "64" },
+      "cc1.4xlarge" : { "Arch" : "64Cluster" },
+      "cc2.8xlarge" : { "Arch" : "64Cluster" },
+      "cg1.4xlarge" : { "Arch" : "64GPU" }
+    },
+
+    "SubnetConfig" : {
+      "VPC"     : { "CIDR" : "10.0.0.0/16" },
+      "Public"  : { "CIDR" : "10.0.0.0/24" },
+      "Private" : { "CIDR" : "10.0.1.0/24" }
+    }
+  },
+
+  "Resources" : {
+
+    "VPC" : {
+      "Type" : "AWS::EC2::VPC",
+      "Properties" : {
+        "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "VPC", "CIDR" ]},
+        "Tags" : [
+          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
+          { "Key" : "Network", "Value" : "Public" }
+        ]
+      }
+    },
+
+    "PublicSubnet" : {
+      "Type" : "AWS::EC2::Subnet",
+      "Properties" : {
+        "VpcId" : { "Ref" : "VPC" },
+        "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Public", "CIDR" ]},
+        "Tags" : [
+          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
+          { "Key" : "Network", "Value" : "Public" }
+        ]
+      }
+    },
+
+    "InternetGateway" : {
+      "Type" : "AWS::EC2::InternetGateway",
+      "Properties" : {
+        "Tags" : [
+          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
+          { "Key" : "Network", "Value" : "Public" }
+        ]
+      }
+    },
+
+    "GatewayToInternet" : {
+       "Type" : "AWS::EC2::VPCGatewayAttachment",
+       "Properties" : {
+         "VpcId" : { "Ref" : "VPC" },
+         "InternetGatewayId" : { "Ref" : "InternetGateway" }
+       }
+    },
+
+    "PublicRouteTable" : {
+      "Type" : "AWS::EC2::RouteTable",
+      "Properties" : {
+        "VpcId" : { "Ref" : "VPC" },
+        "Tags" : [
+          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
+          { "Key" : "Network", "Value" : "Public" }
+        ]
+      }
+    },
+
+    "PublicRoute" : {
+      "Type" : "AWS::EC2::Route",
+      "Properties" : {
+        "RouteTableId" : { "Ref" : "PublicRouteTable" },
+        "DestinationCidrBlock" : "0.0.0.0/0",
+        "GatewayId" : { "Ref" : "InternetGateway" }
+      }
+    },
+
+    "PublicSubnetRouteTableAssociation" : {
+      "Type" : "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties" : {
+        "SubnetId" : { "Ref" : "PublicSubnet" },
+        "RouteTableId" : { "Ref" : "PublicRouteTable" }
+      }
+    },
+
+    "PublicNetworkAcl" : {
+      "Type" : "AWS::EC2::NetworkAcl",
+      "Properties" : {
+        "VpcId" : { "Ref" : "VPC" },
+        "Tags" : [
+          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
+          { "Key" : "Network", "Value" : "Public" }
+        ]
+      }
+    },
+
+    "InboundHTTPPublicNetworkAclEntry" : {
+      "Type" : "AWS::EC2::NetworkAclEntry",
+      "Properties" : {
+        "NetworkAclId" : { "Ref" : "PublicNetworkAcl" },
+        "RuleNumber" : "100",
+        "Protocol" : "6",
+        "RuleAction" : "allow",
+        "Egress" : "false",
+        "CidrBlock" : "0.0.0.0/0",
+        "PortRange" : { "From" : "80", "To" : "80" }
+      }
+    },
+
+    "InboundHTTPSPublicNetworkAclEntry" : {
+      "Type" : "AWS::EC2::NetworkAclEntry",
+      "Properties" : {
+        "NetworkAclId" : { "Ref" : "PublicNetworkAcl" },
+        "RuleNumber" : "101",
+        "Protocol" : "6",
+        "RuleAction" : "allow",
+        "Egress" : "false",
+        "CidrBlock" : "0.0.0.0/0",
+        "PortRange" : { "From" : "443", "To" : "443" }
+      }
+    },
+
+    "InboundSSHPublicNetworkAclEntry" : {
+      "Type" : "AWS::EC2::NetworkAclEntry",
+      "Properties" : {
+        "NetworkAclId" : { "Ref" : "PublicNetworkAcl" },
+        "RuleNumber" : "102",
+        "Protocol" : "6",
+        "RuleAction" : "allow",
+        "Egress" : "false",
+        "CidrBlock" : "0.0.0.0/0",
+        "PortRange" : { "From" : "22", "To" : "22" }
+      }
+    },
+
+    "InboundEmphemeralPublicNetworkAclEntry" : {
+      "Type" : "AWS::EC2::NetworkAclEntry",
+      "Properties" : {
+        "NetworkAclId" : { "Ref" : "PublicNetworkAcl" },
+        "RuleNumber" : "103",
+        "Protocol" : "6",
+        "RuleAction" : "allow",
+        "Egress" : "false",
+        "CidrBlock" : "0.0.0.0/0",
+        "PortRange" : { "From" : "1024", "To" : "65535" }
+      }
+    },
+
+    "OutboundPublicNetworkAclEntry" : {
+      "Type" : "AWS::EC2::NetworkAclEntry",
+      "Properties" : {
+        "NetworkAclId" : { "Ref" : "PublicNetworkAcl" },
+        "RuleNumber" : "100",
+        "Protocol" : "6",
+        "RuleAction" : "allow",
+        "Egress" : "true",
+        "CidrBlock" : "0.0.0.0/0",
+        "PortRange" : { "From" : "0", "To" : "65535" }
+      }
+    },
+
+    "PublicSubnetNetworkAclAssociation" : {
+      "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
+      "Properties" : {
+        "SubnetId" : { "Ref" : "PublicSubnet" },
+        "NetworkAclId" : { "Ref" : "PublicNetworkAcl" }
+      }
+    },
+
+    "PrivateSubnet" : {
+      "Type" : "AWS::EC2::Subnet",
+      "Properties" : {
+        "VpcId" : { "Ref" : "VPC" },
+        "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Private", "CIDR" ]},
+        "Tags" : [
+          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
+          { "Key" : "Name", "Value" : "Private" }
+        ]
+      }
+    },
+
+    "PrivateRouteTable" : {
+      "Type" : "AWS::EC2::RouteTable",
+      "Properties" : {
+        "VpcId" : { "Ref" : "VPC" },
+        "Tags" : [
+          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
+          { "Key" : "Network", "Value" : "Private" }
+        ]
+      }
+    },
+
+    "PrivateSubnetRouteTableAssociation" : {
+      "Type" : "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties" : {
+        "SubnetId" : { "Ref" : "PrivateSubnet" },
+        "RouteTableId" : { "Ref" : "PrivateRouteTable" }
+      }
+    },
+
+    "PrivateRoute" : {
+      "Type" : "AWS::EC2::Route",
+      "Properties" : {
+        "RouteTableId" : { "Ref" : "PrivateRouteTable" },
+        "DestinationCidrBlock" : "0.0.0.0/0",
+        "InstanceId" : { "Ref" : "NATDevice" }
+      }
+    },
+
+    "PrivateNetworkAcl" : {
+      "Type" : "AWS::EC2::NetworkAcl",
+      "Properties" : {
+        "VpcId" : { "Ref" : "VPC" },
+        "Tags" : [
+          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
+          { "Key" : "Network", "Value" : "Private" }
+        ]
+      }
+    },
+
+    "InboundPrivateNetworkAclEntry" : {
+      "Type" : "AWS::EC2::NetworkAclEntry",
+      "Properties" : {
+        "NetworkAclId" : { "Ref" : "PrivateNetworkAcl" },
+        "RuleNumber" : "100",
+        "Protocol" : "6",
+        "RuleAction" : "allow",
+        "Egress" : "false",
+        "CidrBlock" : "0.0.0.0/0",
+        "PortRange" : { "From" : "0", "To" : "65535" }
+      }
+    },
+
+    "OutBoundPrivateNetworkAclEntry" : {
+      "Type" : "AWS::EC2::NetworkAclEntry",
+      "Properties" : {
+        "NetworkAclId" : { "Ref" : "PrivateNetworkAcl" },
+        "RuleNumber" : "100",
+        "Protocol" : "6",
+        "RuleAction" : "allow",
+        "Egress" : "true",
+        "CidrBlock" : "0.0.0.0/0",
+        "PortRange" : { "From" : "0", "To" : "65535" }
+      }
+    },
+
+    "PrivateSubnetNetworkAclAssociation" : {
+      "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
+      "Properties" : {
+        "SubnetId" : { "Ref" : "PrivateSubnet" },
+        "NetworkAclId" : { "Ref" : "PrivateNetworkAcl" }
+      }
+    },
+
+    "NATIPAddress" : {
+      "Type" : "AWS::EC2::EIP",
+      "Properties" : {
+        "Domain" : "vpc",
+        "InstanceId" : { "Ref" : "NATDevice" }
+      }
+    },
+
+    "NATDevice" : {
+      "Type" : "AWS::EC2::Instance",
+      "Properties" : {
+        "InstanceType" : { "Ref" : "NATInstanceType" },
+        "SubnetId" : { "Ref" : "PublicSubnet" },
+        "SourceDestCheck" : "false",
+        "ImageId" : { "Fn::FindInMap" : [ "AWSNATAMI", { "Ref" : "AWS::Region" }, "AMI" ]},
+        "SecurityGroupIds" : [{ "Ref" : "NATSecurityGroup" }]
+      }
+    },
+
+    "NATSecurityGroup" : {
+      "Type" : "AWS::EC2::SecurityGroup",
+      "Properties" : {
+        "GroupDescription" : "Enable internal access to the NAT device",
+        "VpcId" : { "Ref" : "VPC" },
+        "SecurityGroupIngress" : [
+           { "IpProtocol" : "tcp", "FromPort" : "80",  "ToPort" : "80",  "SourceSecurityGroupId" : { "Ref" : "OpsWorksSecurityGroup" }} ,
+           { "IpProtocol" : "tcp", "FromPort" : "9418",  "ToPort" : "9418",  "SourceSecurityGroupId" : { "Ref" : "OpsWorksSecurityGroup" }} ,
+           { "IpProtocol" : "tcp", "FromPort" : "443", "ToPort" : "443", "SourceSecurityGroupId" : { "Ref" : "OpsWorksSecurityGroup" } } ],
+        "SecurityGroupEgress" : [
+           { "IpProtocol" : "tcp", "FromPort" : "80",  "ToPort" : "80",  "CidrIp" : "0.0.0.0/0" } ,
+           { "IpProtocol" : "tcp", "FromPort" : "9418",  "ToPort" : "9418",  "CidrIp" : "0.0.0.0/0" } ,
+           { "IpProtocol" : "tcp", "FromPort" : "443", "ToPort" : "443", "CidrIp" : "0.0.0.0/0" } ]
+      }
+    },
+
+
+    "OpsWorksSecurityGroup" : {
+      "Type" : "AWS::EC2::SecurityGroup",
+      "Properties" : {
+        "GroupDescription" : "Allow the OpsWorks instances to access the NAT device",
+        "VpcId" : { "Ref" : "VPC" },
+        "SecurityGroupIngress" : [
+           { "IpProtocol" : "tcp", "FromPort" : "80",  "ToPort" : "80",  "SourceSecurityGroupId" : { "Ref" : "LoadBalancerSecurityGroup" }} ]
+      }
+    },
+
+    "ElasticLoadBalancer" : {
+      "Type" : "AWS::ElasticLoadBalancing::LoadBalancer",
+      "Properties" : {
+        "SecurityGroups" : [ { "Ref" : "LoadBalancerSecurityGroup" } ],
+        "Subnets" : [ { "Ref" : "PublicSubnet" } ],
+        "Listeners" : [ { "LoadBalancerPort" : "80", "InstancePort" : "80", "Protocol" : "HTTP" } ],
+        "HealthCheck" : {
+          "Target" : "HTTP:80/",
+          "HealthyThreshold" : "3",
+          "UnhealthyThreshold" : "5",
+          "Interval" : "90",
+          "Timeout" : "60"
+        }
+      }
+    },
+
+    "LoadBalancerSecurityGroup" : {
+      "Type" : "AWS::EC2::SecurityGroup",
+      "Properties" : {
+        "GroupDescription" : "Enable HTTP access on port 80",
+        "VpcId" : { "Ref" : "VPC" },
+        "SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0" } ],
+        "SecurityGroupEgress" : [ { "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0"} ]
+      }
+    }
+
+
+
+
+
+
+
+  },
+
+  "Outputs" : {
+
+    "VPC" : {
+      "Description" : "VPC",
+      "Value" : {"Ref" : "VPC"}
+    },
+
+    "PublicSubnets" : {
+      "Description" : "Public Subnet",
+      "Value" : {"Ref" : "PublicSubnet" }
+    },
+
+    "PrivateSubnets" : {
+      "Description" : "Private Subnet",
+      "Value" : {"Ref" : "PrivateSubnet" }
+    },
+
+    "LoadBalancer" : {
+      "Description" : "Load Balancer",
+      "Value" : {"Ref" : "ElasticLoadBalancer" }
+    }
+  }
+}

data/lib/chemtrail/cli.rb

@@ -1,8 +1,11 @@
 require "thor"
 require "json"
 require "chemtrail"
+require "aws-sdk-core"
 
 class Chemtrail::Cli < Thor
+  attr_writer :cloud_formation
+
   default_task :list
 
   desc "list", "Lists all available templates"
@@ -15,14 +18,33 @@ class Chemtrail::Cli < Thor
   desc "build TEMPLATE", "Builds the selected template"
   method_option :path, :default => File.expand_path("lib/templates")
   def build(template_name)
-    require_templates_from(options[:path])
-    template_class = fetch_template_class_named(template_name)
-    template_json = JSON.pretty_generate(template_class.new.to_hash)
+    template_json = extract_template_json(template_name, options[:path])
     Kernel.puts(template_json)
   end
 
+  desc "validate TEMPLATE", "Validates the selected template with AWS"
+  method_option :path, :default => File.expand_path("lib/templates")
+  def validate(template_name)
+    template_json = extract_template_json(template_name, options[:path])
+    cloud_formation.validate_template(template_body: template_json)
+    Kernel.puts("Template #{template_name} is valid")
+  rescue Aws::CloudFormation::Errors::ValidationError => e
+    raise Thor::Error.new(e)
+  end
+
   protected
 
+  def extract_template_json(template_name, template_path)
+    require_templates_from(template_path)
+    template_class = fetch_template_class_named(template_name)
+    template_instance = template_class.new
+    JSON.pretty_generate(template_instance.to_hash)
+  end
+
+  def cloud_formation
+    @cloud_formation ||= Aws::CloudFormation.new
+  end
+
   def require_templates_from(path)
     Dir.glob(File.expand_path("**/*_template.rb", path)).each { |t| require t }
   end

data/lib/chemtrail/version.rb

@@ -1,3 +1,3 @@
 module Chemtrail
-  VERSION = "0.4.0"
+  VERSION = "0.5.0"
 end

data/spec/lib/chemtrail/cli_spec.rb

@@ -1,8 +1,13 @@
 require "spec_helper"
 
 describe Chemtrail::Cli do
+  let(:taco_json) { JSON.pretty_generate(Tacos.new.to_hash) }
+  let(:fake_cloud_formation) { double(:cloud_formation) }
+
   subject(:cli) { Chemtrail::Cli.new }
 
+  before { cli.cloud_formation = fake_cloud_formation }
+
   describe "#list" do
     it "lists available templates" do
       got_tacos = false
@@ -13,7 +18,7 @@ describe Chemtrail::Cli do
 
   describe "#build" do
     it "builds the specified template" do
-      Kernel.should_receive(:puts).with(JSON.pretty_generate(Tacos.new.to_hash))
+      Kernel.should_receive(:puts).with(taco_json)
       cli.build("tacos")
     end
 
@@ -23,4 +28,31 @@ describe Chemtrail::Cli do
       end
     end
   end
+
+  describe "#validate" do
+    before { Kernel.stub(:puts) }
+
+    it "validates verifies the specified template" do
+      fake_cloud_formation.should_receive(:validate_template).with(template_body: taco_json)
+      cli.validate("tacos")
+    end
+
+    context "when the template does not exist" do
+      it "blows up" do
+        expect { cli.build("an toenails") }.to raise_error(Thor::Error)
+      end
+    end
+
+    context "when the template validation blows up" do
+      before do
+        fake_cloud_formation.stub(:validate_template) do
+          raise Aws::CloudFormation::Errors::ValidationError.new("ugh swans")
+        end
+      end
+
+      it "blows up" do
+        expect { cli.build("sustainable hookahs") }.to raise_error(Thor::Error)
+      end
+    end
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: chemtrail
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Doc Ritezel
@@ -115,6 +115,7 @@ files:
 - examples/lib/templates/opsworks_vpc/public_network.rb
 - examples/lib/templates/opsworks_vpc/public_network_acl.rb
 - examples/lib/templates/opsworks_vpc_template.rb
+- examples/spec/integration/parity_spec.rb
 - examples/spec/lib/templates/opsworks_vpc/load_balancer_spec.rb
 - examples/spec/lib/templates/opsworks_vpc/nat_device_spec.rb
 - examples/spec/lib/templates/opsworks_vpc/opsworks_spec.rb
@@ -123,6 +124,7 @@ files:
 - examples/spec/lib/templates/opsworks_vpc/public_network_spec.rb
 - examples/spec/lib/templates/opsworks_vpc_template_spec.rb
 - examples/spec/spec_helper.rb
+- examples/spec/support/OpsWorksinVPC.template
 - lib/chemtrail.rb
 - lib/chemtrail/class_name_inflector.rb
 - lib/chemtrail/cli.rb