RubyGems - convection - Versions diffs - 0.0.1 → 0.2.1 - Mend

convection 0.0.1 → 0.2.1

Files changed (97) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/.rubocop.yml +26 -8
data/.rubocop_todo.yml +77 -0
data/.ruby-version +1 -0
data/.travis.yml +10 -0
data/Gemfile +9 -0
data/README.md +27 -2
data/Rakefile +11 -1
data/bin/convection +49 -0
data/convection.gemspec +5 -7
data/example/.ruby-version +1 -0
data/example/Cloudfile +13 -0
data/example/deprecated/elb.rb +27 -0
data/example/deprecated/iam_access_key.rb +18 -0
data/example/deprecated/iam_group.rb +31 -0
data/example/{iam_role.rb → deprecated/iam_role.rb} +21 -32
data/example/deprecated/iam_user.rb +31 -0
data/example/deprecated/rds.rb +70 -0
data/example/{s3.rb → deprecated/s3.rb} +0 -0
data/example/deprecated/sqs.rb +32 -0
data/example/deprecated/vpc.rb +85 -0
data/example/foobar.rb +22 -0
data/example/output/vpc.json +335 -0
data/example/security-groups.rb +40 -0
data/example/trust_cloudtrail.rb +24 -0
data/example/vpc.rb +63 -81
data/ext/resource_generator.sh +21 -0
data/lib/convection.rb +5 -4
data/lib/convection/control/cloud.rb +59 -0
data/lib/convection/control/stack.rb +261 -60
data/lib/convection/dsl/helpers.rb +63 -5
data/lib/convection/model/attributes.rb +60 -0
data/lib/convection/model/cloudfile.rb +58 -0
data/lib/convection/model/diff.rb +39 -0
data/lib/convection/model/event.rb +62 -0
data/lib/convection/model/exceptions.rb +18 -0
data/lib/convection/model/mixin/cidr_block.rb +4 -4
data/lib/convection/model/mixin/colorize.rb +20 -0
data/lib/convection/model/mixin/conditional.rb +1 -3
data/lib/convection/model/mixin/policy.rb +89 -0
data/lib/convection/model/mixin/protocol.rb +29 -0
data/lib/convection/model/mixin/taggable.rb +2 -2
data/lib/convection/model/template.rb +248 -21
data/lib/convection/model/template/condition.rb +56 -0
data/lib/convection/model/template/mapping.rb +4 -3
data/lib/convection/model/template/output.rb +9 -7
data/lib/convection/model/template/parameter.rb +19 -4
data/lib/convection/model/template/resource.rb +317 -23
data/lib/convection/model/template/resource/aws_auto_scaling_auto_scaling_group.rb +39 -0
data/lib/convection/model/template/resource/aws_auto_scaling_launch_configuration.rb +30 -0
data/lib/convection/model/template/resource/aws_auto_scaling_scaling_policy.rb +20 -0
data/lib/convection/model/template/resource/aws_cloud_watch_alarm.rb +31 -0
data/lib/convection/model/template/resource/aws_ec2_instance.rb +10 -46
data/lib/convection/model/template/resource/aws_ec2_internet_gateway.rb +3 -14
data/lib/convection/model/template/resource/aws_ec2_network_acl.rb +45 -0
data/lib/convection/model/template/resource/aws_ec2_network_acl_entry.rb +27 -0
data/lib/convection/model/template/resource/aws_ec2_route.rb +7 -40
data/lib/convection/model/template/resource/aws_ec2_route_table.rb +2 -17
data/lib/convection/model/template/resource/aws_ec2_security_group.rb +24 -30
data/lib/convection/model/template/resource/aws_ec2_security_group_ingres.rb +25 -0
data/lib/convection/model/template/resource/aws_ec2_subnet.rb +21 -28
data/lib/convection/model/template/resource/aws_ec2_subnet_network_acl_association.rb +18 -0
data/lib/convection/model/template/resource/aws_ec2_subnet_route_table_association.rb +3 -24
data/lib/convection/model/template/resource/aws_ec2_vpc.rb +20 -22
data/lib/convection/model/template/resource/aws_ec2_vpc_gateway_attachment.rb +4 -28
data/lib/convection/model/template/resource/aws_elasticache_cluster.rb +24 -0
data/lib/convection/model/template/resource/aws_elasticache_parameter_group.rb +19 -0
data/lib/convection/model/template/resource/aws_elasticache_security_group.rb +17 -0
data/lib/convection/model/template/resource/aws_elasticache_security_group_ingress.rb +19 -0
data/lib/convection/model/template/resource/aws_elb.rb +39 -0
data/lib/convection/model/template/resource/aws_iam_access_key.rb +19 -0
data/lib/convection/model/template/resource/aws_iam_group.rb +18 -0
data/lib/convection/model/template/resource/aws_iam_instance_profile.rb +21 -0
data/lib/convection/model/template/resource/aws_iam_policy.rb +28 -24
data/lib/convection/model/template/resource/aws_iam_role.rb +88 -19
data/lib/convection/model/template/resource/aws_iam_user.rb +53 -0
data/lib/convection/model/template/resource/aws_logs_loggroup.rb +33 -0
data/lib/convection/model/template/resource/aws_rds_db_instance.rb +59 -0
data/lib/convection/model/template/resource/aws_rds_db_parameter_group.rb +27 -0
data/lib/convection/model/template/resource/aws_rds_db_security_group.rb +40 -0
data/lib/convection/model/template/resource/aws_rds_db_subnet_group.rb +26 -0
data/lib/convection/model/template/resource/aws_route53_health_check.rb +17 -0
data/lib/convection/model/template/resource/aws_route53_recordset.rb +30 -0
data/lib/convection/model/template/resource/aws_s3_bucket.rb +8 -44
data/lib/convection/model/template/resource/aws_s3_bucket_policy.rb +14 -19
data/lib/convection/model/template/resource/aws_sns_topic.rb +19 -0
data/lib/convection/model/template/resource/aws_sqs_queue.rb +31 -0
data/lib/convection/model/template/resource/aws_sqs_queue_policy.rb +18 -0
data/test/convection/model/test_conditions.rb +121 -0
data/test/convection/model/test_elasticache.rb +97 -0
data/test/convection/model/test_loggroups.rb +25 -0
data/test/convection/model/test_rds.rb +76 -0
data/test/convection/model/test_template.rb +64 -0
data/test/convection/model/test_validation.rb +216 -0
data/test/test_helper.rb +17 -0
metadata +131 -50

data/lib/convection/model/template/resource/aws_iam_instance_profile.rb ADDED

@@ -0,0 +1,21 @@
+require_relative '../resource'
+module Convection
+  module Model
+    class Template
+      class Resource
+        ##
+        # AWS::IAM::IstanceProfile
+        ##
+        class IAMInstanceProfile < Resource
+          type 'AWS::IAM::InstanceProfile'
+          property :path, 'Path'
+          ## List of references to AWS::IAM::Roles.
+          ## Currently, a maximum of one role can be assigned to an instance profile.
+          property :role, 'Roles', :type => :list
+        end
+      end
+    end
+  end
+end

data/lib/convection/model/template/resource/aws_iam_policy.rb CHANGED

@@ -1,18 +1,7 @@
+require 'forwardable'
 require_relative '../resource'
 module Convection
-  module DSL
-    ## Add DSL method to template namespace
-    module Template
-      def iam_policy(name, &block)
-        r = Model::Template::Resource::IAMPolicy.new(name, self)
-        r.instance_exec(&block) if block
-        resources[name] = r
-      end
-    end
-  end
   module Model
     class Template
       class Resource
@@ -20,23 +9,38 @@ module Convection
         # AWS::IAM::Policy
         ##
         class IAMPolicy < Resource
-          def initialize(*args)
-            super
+          extend Forwardable
-            type 'AWS::IAM::Policy'
-            @properties['Roles'] = []
-          end
+          type 'AWS::IAM::Policy'
+          property :group, 'Groups', :type => :list,
+                                     :transform => (proc do |resource|
+                                       depends_on(resource)
+                                       resource
+                                     end)
+          property :role, 'Roles', :type => :list,
+                                   :transform => (proc do |resource|
+                                     depends_on(resource)
+                                     resource
+                                   end)
+          property :user, 'Users', :type => :list,
+                                   :transform => (proc do |resource|
+                                     depends_on(resource)
+                                     resource
+                                   end)
-          def role(value)
-            @properties['Roles'] << value
-          end
+          attr_reader :document
+          def_delegators :@document, :allow, :id, :version, :statement
+          def_delegator :@document, :name, :policy_name
-          def name(value)
-            property('PolicyName', value)
+          def initialize(*args)
+            super
+            @document = Model::Mixin::Policy.new(:template => @template)
           end
-          def policy_document(value)
-            property('PolicyDocument', value)
+          def render
+            super.tap do |r|
+              document.render(r['Properties'])
+            end
           end
         end
       end

data/lib/convection/model/template/resource/aws_iam_role.rb CHANGED

@@ -2,13 +2,86 @@ require_relative '../resource'
 module Convection
   module DSL
-    ## Add DSL method to template namespace
     module Template
-      def iam_role(name, &block)
-        r = Model::Template::Resource::IAMRole.new(name, self)
-        r.instance_exec(&block) if block
+      module Resource
+        ## Role DSL
+        module IAMRole
+          def policy(policy_name, &block)
+            add_policy = Model::Mixin::Policy.new(:name => policy_name, :template => @template)
+            add_policy.instance_exec(&block) if block
-        resources[name] = r
+            policies << add_policy
+          end
+          ## Create an IAM Instance Profile for this role
+          def with_instance_profile(&block)
+            profile = Model::Template::Resource::IAMInstanceProfile.new("#{ name }Profile", @template)
+            profile.role(self)
+            profile.path(path)
+            profile.instance_exec(&block) if block
+            @instance_profile = profile
+            @template.resources[profile.name] = profile
+          end
+          ## Add a canned trust policy for EC2 instances
+          def trust_ec2_instances(&block)
+            @trust_relationship = Model::Mixin::Policy.new(:name => 'trust-ec2-instances', :template => @template)
+            trust_relationship.allow do
+              action 'sts:AssumeRole'
+              principal :Service => 'ec2.amazonaws.com'
+            end
+            trust_relationship.instance_exec(&block) if block
+            trust_relationship
+          end
+          ## Add a canned trust policy for Flow Logs
+          def trust_flow_logs(&block)
+            @trust_relationship = Model::Mixin::Policy.new(:name => 'trust-flow-logs', :template => @template)
+            trust_relationship.allow do
+              action 'sts:AssumeRole'
+              principal :Service => 'vpc-flow-logs.amazonaws.com'
+            end
+            trust_relationship.instance_exec(&block) if block
+            trust_relationship
+          end
+          ## Add a canned trust policy for Cloudtrail
+          def trust_cloudtrail(&block)
+            @trust_relationship =
+              Model::Mixin::Policy.new(:name => 'trust-cloudtrail-instances', :template => @template)
+            trust_relationship.allow do
+              action 'sts:AssumeRole'
+              principal :Service => 'cloudtrail.amazonaws.com'
+            end
+            trust_relationship.instance_exec(&block) if block
+            trust_relationship
+          end
+          ## Add a policy to allow instance to self-terminate
+          def allow_instance_termination(&block)
+            with_instance_profile if instance_profile.nil?
+            term_policy = Model::Template::Resource::IAMPolicy.new("#{ name }TerminationPolicy", @template)
+            term_policy.policy_name('allow-instance-termination')
+            parent_role = self
+            term_policy.allow do
+              action 'ec2:TerminateInstances'
+              resource '*'
+              condition :StringEquals => {
+                'ec2:InstanceProfile' => get_att(parent_role.instance_profile.name, 'Arn')
+              }
+            end
+            term_policy.role(self)
+            term_policy.depends_on(instance_profile)
+            term_policy.instance_exec(&block) if block
+            @template.resources[term_policy.name] = term_policy
+          end
+        end
       end
     end
   end
@@ -20,23 +93,19 @@ module Convection
         # AWS::IAM::Role
         ##
         class IAMRole < Resource
-          def initialize(*args)
-            super
+          include DSL::Template::Resource::IAMRole
-            type 'AWS::IAM::Role'
-            @properties['Policies'] = []
-          end
+          type 'AWS::IAM::Role'
+          property :path, 'Path'
+          property :policies, 'Policies', :type => :list
-          def path(value)
-            property('Path', value)
-          end
-          def policies(value)
-            @properties['Policies'] << value
-          end
+          attr_accessor :trust_relationship
+          attr_reader :instance_profile
-          def assume_role_policy_document(value)
-            property('AssumeRolePolicyDocument', value)
+          def render
+            super.tap do |r|
+              r['Properties']['AssumeRolePolicyDocument'] = trust_relationship.document unless trust_relationship.nil?
+            end
           end
         end
       end

data/lib/convection/model/template/resource/aws_iam_user.rb ADDED

@@ -0,0 +1,53 @@
+require_relative '../resource'
+module Convection
+  module DSL
+    module Template
+      module Resource
+        ## Role DSL
+        module IAMUser
+          def policy(policy_name, &block)
+            add_policy = Model::Mixin::Policy.new(:name => policy_name, :template => @template)
+            add_policy.instance_exec(&block) if block
+            policies << add_policy
+          end
+          def with_key(serial = 0, &block)
+            key = Model::Template::Resource::IAMAccessKey.new("#{ name }Key", @template)
+            key.user_name = self
+            key.serial = serial
+            key.depends_on(self)
+            key.with_output("#{ name }Id", key.reference)
+            key.with_output("#{ name }Secret", get_att(key.name, 'SecretAccessKey'))
+            key.instance_exec(&block) if block
+            @template.resources[key.name] = key
+          end
+        end
+      end
+    end
+  end
+  module Model
+    class Template
+      class Resource
+        ##
+        # AWS::IAM::User
+        ##
+        class IAMUser < Resource
+          include DSL::Template::Resource::IAMUser
+          type 'AWS::IAM::User'
+          property :path, 'Path'
+          property :login_profile, 'LoginProfile'
+          property :group, 'Groups', :type => :list
+          property :policies, 'Policies', :type => :list
+        end
+      end
+    end
+  end
+end

data/lib/convection/model/template/resource/aws_logs_loggroup.rb ADDED

@@ -0,0 +1,33 @@
+require_relative '../resource'
+module Convection
+  module Model
+    class Template
+      class Resource
+        ##
+        # AWS::Logs::LogGroup
+        ##
+        class LogGroup < Resource
+          property :retention_in_days, 'RetentionInDays'
+          def initialize(*args)
+            super
+            type 'AWS::Logs::LogGroup'
+          end
+        end
+      end
+    end
+  end
+  module DSL
+    ## Add DSL method to template namespace
+    module Template
+      def logs_log_group(name, &block)
+        r = Model::Template::Resource::LogGroup.new(name, self)
+        r.instance_exec(&block) if block
+        resources[name] = r
+      end
+    end
+  end
+end

data/lib/convection/model/template/resource/aws_rds_db_instance.rb ADDED

@@ -0,0 +1,59 @@
+require_relative '../resource'
+module Convection
+  module Model
+    class Template
+      class Resource
+        ##
+        # AWS::RDS::DBInstance
+        ##
+        class RDSDBInstance < Resource
+          include Model::Mixin::Taggable
+          type 'AWS::RDS::DBInstance', :rds_instance
+          property :identifier, 'DBInstanceIdentifier'
+          property :source_identifier, 'SourceDBInstanceIdentifier'
+          property :instance_class, 'DBInstanceClass'
+          property :engine, 'Engine'
+          property :engine_version, 'EngineVersion'
+          property :license_model, 'LicenseModel'
+          property :storage_type, 'StorageType'
+          property :storage_encrypted, 'StorageEncrypted'
+          property :iops, 'Iops'
+          property :port, 'Port'
+          property :master, 'SourceDBInstanceIdentifier'
+          property :database_name, 'DBName'
+          property :master_username, 'MasterUsername'
+          property :master_password, 'MasterUserPassword'
+          property :parameter_group, 'DBParameterGroupName'
+          property :option_group, 'OptionGroupName'
+          property :storage_encrypted, 'StorageEncrypted'
+          property :kms_key_id, 'KmsKeyId'
+          property :allocated_storage, 'AllocatedStorage'
+          property :allow_major_version_upgrade, 'AllowMajorVersionUpgrade'
+          property :auto_minor_version_upgrade, 'AutoMinorVersionUpgrade'
+          property :snapshot_identifier, 'DBSnapshotIdentifier'
+          property :backup_retention_period, 'BackupRetentionPeriod'
+          property :preferred_backup_window, 'PreferredBackupWindow'
+          property :preferred_maintenance_window, 'PreferredMaintenanceWindow'
+          property :availability_zone, 'AvailabilityZone'
+          property :multi_az, 'MultiAZ'
+          property :publicly_accessible, 'PubliclyAccessible'
+          property :subnet_group, 'DBSubnetGroupName'
+          property :security_group, 'DBSecurityGroups', :type => :list
+          property :vpc_security_group, 'VPCSecurityGroups', :type => :list
+          def render(*args)
+            super.tap do |resource|
+              render_tags(resource)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/convection/model/template/resource/aws_rds_db_parameter_group.rb ADDED

@@ -0,0 +1,27 @@
+require_relative '../resource'
+module Convection
+  module Model
+    class Template
+      class Resource
+        ##
+        # AWS::RDS::DBParameterGroup
+        ##
+        class RDSDBParameterGroup < Resource
+          include Model::Mixin::Taggable
+          type 'AWS::RDS::DBParameterGroup', :rds_parameter_group
+          property :description, 'Description'
+          property :family, 'Family'
+          property :parameter, 'Parameters', :type => :hash
+          def render(*args)
+            super.tap do |resource|
+              render_tags(resource)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/convection/model/template/resource/aws_rds_db_security_group.rb ADDED

@@ -0,0 +1,40 @@
+require_relative '../resource'
+module Convection
+  module Model
+    class Template
+      class Resource
+        ##
+        # AWS::RDS::DBSecurityGroup
+        ##
+        class RDSDBSecurityGroup < Resource
+          include Model::Mixin::Taggable
+          type 'AWS::RDS::DBSecurityGroup', :rds_security_group
+          property :description, 'GroupDescription'
+          property :vpc, 'EC2VpcId'
+          property :ingress, 'DBSecurityGroupIngress', :type => :list
+          def ec2_security_group(group, owner)
+            ingress(
+              :EC2SecurityGroupName => group,
+              :EC2SecurityGroupOwnerId => owner
+            )
+          end
+          def cidr_ip(cidr_block)
+            ingress(
+              :CIDRIP => cidr_block
+            )
+          end
+          def render(*args)
+            super.tap do |resource|
+              render_tags(resource)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/convection/model/template/resource/aws_rds_db_subnet_group.rb ADDED

@@ -0,0 +1,26 @@
+require_relative '../resource'
+module Convection
+  module Model
+    class Template
+      class Resource
+        ##
+        # AWS::RDS::DBSubnetGroup
+        ##
+        class RDSDBSubnetGroup < Resource
+          include Model::Mixin::Taggable
+          type 'AWS::RDS::DBSubnetGroup', :rds_subnet_group
+          property :subnet, 'SubnetIds', :type => :list
+          property :description, 'DBSubnetGroupDescription'
+          def render(*args)
+            super.tap do |resource|
+              render_tags(resource)
+            end
+          end
+        end
+      end
+    end
+  end
+end