convection 0.2.15 → 0.2.16

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d4e1a5604f949a9fe05e8889deb5f0b00aa52307
-  data.tar.gz: 1bbc1d882ac5bc4780e274b8f8b6dcbaf1b9d834
+  metadata.gz: f32f84317e07800f0022642fd1eae90ad88df71d
+  data.tar.gz: b2db570b8e3a24f2449c1c3c4b42f15f5e0aaf06
 SHA512:
-  metadata.gz: fbee68d7503bf6def7ce8a689404d19fefba9dcdaea255ac5abaeb418f66f94b690b1257f98d7eff1387220a085e32fde6f7a6cca65337bb2b2822b0e3815320
-  data.tar.gz: 019a281498278e5fdb0489f9489aab52ec957c986cca0be41f82b9873296d3af27c58ae07a0daabdfb2f35d601a78a0e32983d377b91c5c78f9b0c5d164d1ed1
+  metadata.gz: 8f699ed14a2c99f6c418a7f0e310b836443332c273d95ec6b0133b05b7ae85970a0ba0ae1b660b29ae931f41bb913d9d45eb766997d04062294b9fc5ee11e2e9
+  data.tar.gz: 191c84293f1bdc3c39cf768613933b57dad072b354f0c83ff1034a2e0f6ee61e14da5ae2a559a325b6364bbd50de169e345c99659d2738707c61e8877d51faf5

data/example/Cloudfile

@@ -1,7 +1,7 @@
 require_relative '../lib/convection'
 require_relative './vpc'
 require_relative './security-groups'
-require_relative './foobar'
+require_relative './instances'
 
 name 'convection-test'
 region 'us-east-1'
@@ -10,4 +10,4 @@ attribute 'vpc', 'subnet', '10.255.0.0/16'
 
 stack 'vpc', Convection::Demo::VPC
 stack 'security-groups', Convection::Demo::SECURITY_GROUPS
-stack 'foobar', Convection::Demo::FOOBAR
+stack 'instances', Convection::Demo::INSTANCES

data/example/instances.rb

@@ -0,0 +1,93 @@
+require_relative '../lib/convection'
+
+module Convection
+  module Demo
+    INSTANCES = Convection.template do
+      description 'Demo Foobar'
+
+      ec2_instance 'Foobar' do
+        subnet stack.get('vpc', 'TargetVPCSubnetPublic3')
+        security_group stack.get('security-groups', 'Foobar')
+
+        image_id stack['foobar-image']
+        instance_type 'm3.medium'
+        key_name 'production'
+
+        tag 'Name', 'foobar-0'
+        tag 'Service', 'foobar'
+        tag 'Stack', stack.cloud
+      end
+
+      #
+      # Create an instance with encrypted EBS mount point
+      # and an ephemeral volume
+      #
+
+      # Create a KMS encryption key to encrypt the volume
+      kms_key 'FoobarKmsKey' do
+        description 'Used to encrypt volumes'
+
+        # don't delete the key when this stack is deleted
+        deletion_policy 'Retain'
+
+        policy do
+          allow do
+            sid 'Enable IAM User Permissions'
+            principal :AWS => ["arn:aws:iam::#{MY_AWS_ACCOUNT_NUMBER}:root"]
+            action 'kms:*'
+            resource '*'
+          end
+        end
+      end
+
+      ec2_volume 'FoobarEncryptedVol' do
+        availability_zone 'us-east-1a'
+        size 20
+        volume_type :gp2
+
+        # encrypt with the key from this stack
+        encrypted true
+        kms_key fn_ref('FoobarKmsKey')
+
+        # don't delete the volume when this stack is deleted
+        deletion_policy 'Retain'
+
+        tag 'Name', 'Foobar Encrypted Volume'
+        tag 'Service', 'foobar'
+        tag 'Stack', stack.cloud
+      end
+
+      ec2_instance 'FoobarWithEncryptedVol' do
+        image_id stack['foobar-image']
+        instance_type 'm3.medium'
+        key_name 'production'
+        availability_zone 'us-east-1a'
+
+        # give the instance a static private IP and ensure
+        # it has a public ip regardless of subnet default setting
+        network_interface do
+          private_ip_address '10.1.2.3'
+          associate_public_ip_address true
+          security_group stack.get('security-groups', 'Foobar')
+          subnet stack.get('vpc', 'TargetVPCSubnetPublic3')
+        end
+
+        # mount the encrypted volume at /dev/xvdf
+        volume do
+          device '/dev/sdf'
+          volume_id fn_ref('FoobarEncryptedVol')
+        end
+
+        # mount an ephemeral drive at /dev/xvdc
+        block_device do
+          device '/dev/sdc'
+          virtual_name 'ephemeral0'
+        end
+
+        tag 'Name', 'Foobar Encrypted'
+        tag 'Service', 'foobar'
+        tag 'Stack', stack.cloud
+      end
+    end
+  end
+end

data/example/vpc.rb

@@ -15,6 +15,10 @@ module Convection
         tag 'Stack', stack.cloud
         with_output 'id'
 
+        #
+        # PUBLIC SUBNETS
+        #
+
         ## Add an InternetGateway
         add_internet_gateway
 
@@ -61,6 +65,78 @@ module Convection
             tag 'Service', 'Public'
           end
         end
+
+
+        #
+        # PRIVATE SUBNETS
+        # These subnets don't support a public IP, but can access the internet
+        # via a NAT Gateway
+        #
+
+        private_acl = add_network_acl('Private') do
+          entry 'AllowAllIngress' do
+            action 'allow'
+            number 100
+            network '0.0.0.0/0'
+            protocol :any
+            range :From => 0,
+                  :To => 65_535
+          end
+
+          entry 'AllowAllEgress' do
+            action 'allow'
+            number 100
+            egress true
+            network '0.0.0.0/0'
+            protocol :any
+            range :From => 0,
+                  :To => 65_535
+          end
+
+          tag 'Name', "acl-private-#{ stack.cloud }"
+          tag 'Stack', stack.cloud
+        end
+
+        private_table = add_route_table('Private', :gateway_route => false) do
+          tag 'Name', "routes-private-#{ stack.cloud }"
+          tag 'Stack', stack.cloud
+        end
+
+        stack.availability_zones do |zone, i|
+          add_subnet "Private#{ i }" do
+            availability_zone zone
+            acl private_acl
+            route_table private_table
+
+            with_output
+
+            immutable_metadata "private-#{ stack.cloud }"
+            tag 'Name', "subnet-public-#{ stack.cloud }-#{ zone }"
+            tag 'Stack', stack.cloud
+            tag 'Service', 'Private'
+          end
+        end
+
+        ## Add a NAT Gateway
+        stack.availability_zones do |zone, i|
+          ec2_eip "NatGatewayIP#{i}" do
+            domain 'vpc'
+          end
+
+          ec2_nat_gateway "NatGateway#{i}" do
+            subnet fn_ref("TargetVPCSubnetPublic#{i}")
+            allocation_id get_att("NatGatewayIP#{i}", 'AllocationId')
+          end
+
+          ec2_route "NatGatewayRoute#{i}" do
+            destination '0.0.0.0/0'
+            nat_gateway fn_ref("NatGateway#{i}")
+            route_table_id private_table
+          end
+
+          # Create a NAT Gateway in only one AZ to save $$$
+          break
+        end
       end
     end
   end

data/lib/convection/model/template/resource.rb

@@ -295,6 +295,7 @@ module Convection
           @template = parent.template
           @type = self.class.type
           @depends_on = []
+          @deletion_policy = nil
           @exist = false
 
           ## Instantiate properties
@@ -317,6 +318,14 @@ module Convection
           @depends_on << (resource.is_a?(Resource) ? resource.name : resource)
         end
 
+        # rubocop:disable Style/TrivialAccessors
+        #   We don't want to use an accessor (e.g. deletion_policy=) because
+        #   this is a DSL method
+        def deletion_policy(deletion_policy)
+          @deletion_policy = deletion_policy
+        end
+        # rubocop:enable Style/TrivialAccessors
+
         def reference
           {
             'Ref' => name
@@ -345,6 +354,7 @@ module Convection
             'Properties' => properties.map(true, &:render)
           }.tap do |resource|
             resource['DependsOn'] = @depends_on unless @depends_on.empty?
+            resource['DeletionPolicy'] = @deletion_policy unless @deletion_policy.nil?
             render_condition(resource)
           end
         end

data/lib/convection/model/template/resource/aws_ec2_eip.rb

@@ -0,0 +1,18 @@
+require_relative '../resource'
+
+module Convection
+  module Model
+    class Template
+      class Resource
+        ##
+        # AWS::EC2::EIP
+        ##
+        class EC2EIP < Resource
+          type 'AWS::EC2::EIP'
+          property :instance, 'InstanceId'
+          property :domain, 'Domain'
+        end
+      end
+    end
+  end
+end

data/lib/convection/model/template/resource/aws_ec2_instance.rb

@@ -22,6 +22,8 @@ module Convection
           property :src_dst_checks, 'SourceDestCheck'
           property :disable_api_termination, 'DisableApiTermination'
           property :network_interfaces, 'NetworkInterfaces', :type => :list
+          property :block_devices, 'BlockDeviceMappings', :type => :list
+          property :volumes, 'Volumes', :type => :list
 
           # Append a network interface to network_interfaces
           def network_interface(&block)
@@ -31,6 +33,20 @@ module Convection
             network_interfaces << interface
           end
 
+          # Append a block device mapping
+          def block_device(&block)
+            block_device = ResourceProperty::EC2BlockDeviceMapping.new(self)
+            block_device.instance_exec(&block) if block
+            block_devices << block_device
+          end
+
+          # Append a volume to volumes
+          def volume(&block)
+            volume = ResourceProperty::EC2MountPoint.new(self)
+            volume.instance_exec(&block) if block
+            volumes << volume
+          end
+
           def render(*args)
             super.tap do |resource|
               render_tags(resource)

data/lib/convection/model/template/resource/aws_ec2_nat_gateway.rb

@@ -0,0 +1,18 @@
+require_relative '../resource'
+
+module Convection
+  module Model
+    class Template
+      class Resource
+        ##
+        # AWS::EC2::NatGateway
+        ##
+        class EC2NatGateway < Resource
+          type 'AWS::EC2::NatGateway'
+          property :allocation_id, 'AllocationId'
+          property :subnet, 'SubnetId'
+        end
+      end
+    end
+  end
+end

data/lib/convection/model/template/resource/aws_ec2_route.rb

@@ -12,6 +12,7 @@ module Convection
           property :route_table_id, 'RouteTableId'
           property :destination, 'DestinationCidrBlock'
           property :gateway, 'GatewayId'
+          property :nat_gateway, 'NatGatewayId'
           property :instance, 'InstanceId'
           property :interface, 'NetworkInterfaceId'
           property :peer, 'VpcPeeringConnectionId'

data/lib/convection/model/template/resource/aws_ec2_volume.rb

@@ -0,0 +1,32 @@
+require_relative '../resource'
+
+module Convection
+  module Model
+    class Template
+      class Resource
+        ##
+        # AWS::EC2::Volume
+        ##
+        class EC2Volume < Resource
+          include Model::Mixin::Taggable
+
+          type 'AWS::EC2::Volume'
+          property :auto_enable_io, 'AutoEnableIO'
+          property :availability_zone, 'AvailabilityZone'
+          property :encrypted, 'Encrypted'
+          property :iops, 'Iops'
+          property :kms_key, 'KmsKeyId'
+          property :size, 'Size'
+          property :snapshot, 'SnapshotId'
+          property :volume_type, 'VolumeType'
+
+          def render(*args)
+            super.tap do |resource|
+              render_tags(resource)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/convection/model/template/resource/aws_kms_key.rb

@@ -0,0 +1,38 @@
+require_relative '../resource'
+
+module Convection
+  module DSL
+    module Template
+      module Resource
+        ## Role DSL
+        module KmsKey
+          def policy(&block)
+            add_policy = Model::Mixin::Policy.new(:name => 'kms_policy', :template => @template)
+            add_policy.instance_exec(&block) if block
+            self.key_policy = add_policy.document
+          end
+        end
+      end
+    end
+  end
+
+  module Model
+    class Template
+      class Resource
+        ##
+        # AWS::KMS::Key
+        ##
+        class KmsKey < Resource
+          include DSL::Template::Resource::KmsKey
+
+          type 'AWS::KMS::Key'
+          property :description, 'Description'
+          property :enabled, 'Enabled'
+          property :enabled_key_rotation, 'EnabledKeyRotation'
+          alias key_rotation enabled_key_rotation
+          property :key_policy, 'KeyPolicy'
+        end
+      end
+    end
+  end
+end

data/lib/convection/model/template/resource_property/aws_ec2_block_device_mapping.rb

@@ -0,0 +1,25 @@
+require_relative '../resource_property'
+
+module Convection
+  module Model
+    class Template
+      class ResourceProperty
+        # Represents an {http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-blockdev-mapping.html
+        # EC2 Block Device Mapping Property Type}
+        class EC2BlockDeviceMapping < ResourceProperty
+          property :device_name, 'DeviceName'
+          alias device device_name
+          property :ebs, 'Ebs'
+          property :no_device, 'NoDevice'
+          property :virtual_name, 'VirtualName'
+
+          def ebs(&block)
+            ebs = ResourceProperty::EC2BlockStoreBlockDevice.new(self)
+            ebs.instance_exec(&block) if block
+            properties['Ebs'].set(config)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/convection/model/template/resource_property/aws_ec2_block_store_block_device.rb

@@ -0,0 +1,22 @@
+require_relative '../resource_property'
+
+module Convection
+  module Model
+    class Template
+      class ResourceProperty
+        # Represents an {http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-blockdev-template.html
+        # EC2 Block Store Block Device Property Type}
+        class EC2BlockStoreBlockDevice < ResourceProperty
+          property :delete_on_termination, 'DeleteOnTermination'
+          property :encrypted, 'Encrypted'
+          property :iops, 'Iops'
+          property :snapshot, 'SnapshotId'
+          property :volume_size, 'VolumeSize'
+          alias size volume_size
+          property :volume_type, 'VolumeType'
+          alias type volume_type
+        end
+      end
+    end
+  end
+end

data/lib/convection/model/template/resource_property/aws_ec2_mount_point.rb

@@ -0,0 +1,16 @@
+require_relative '../resource_property'
+
+module Convection
+  module Model
+    class Template
+      class ResourceProperty
+        # Represents an {http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-mount-point.html
+        # EC2 MountPoint Property Type}
+        class EC2MountPoint < ResourceProperty
+          property :device, 'Device'
+          property :volume_id, 'VolumeId'
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: convection
 version: !ruby/object:Gem::Version
-  version: 0.2.15
+  version: 0.2.16
 platform: ruby
 authors:
 - John Manero
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-03-02 00:00:00.000000000 Z
+date: 2016-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -99,7 +99,7 @@ files:
 - example/deprecated/s3.rb
 - example/deprecated/sqs.rb
 - example/deprecated/vpc.rb
-- example/foobar.rb
+- example/instances.rb
 - example/output/vpc.json
 - example/security-groups.rb
 - example/trust_cloudtrail.rb
@@ -132,9 +132,11 @@ files:
 - lib/convection/model/template/resource/aws_auto_scaling_scaling_policy.rb
 - lib/convection/model/template/resource/aws_cloud_watch_alarm.rb
 - lib/convection/model/template/resource/aws_cloudfront_distribution.rb
+- lib/convection/model/template/resource/aws_ec2_eip.rb
 - lib/convection/model/template/resource/aws_ec2_eip_association.rb
 - lib/convection/model/template/resource/aws_ec2_instance.rb
 - lib/convection/model/template/resource/aws_ec2_internet_gateway.rb
+- lib/convection/model/template/resource/aws_ec2_nat_gateway.rb
 - lib/convection/model/template/resource/aws_ec2_network_acl.rb
 - lib/convection/model/template/resource/aws_ec2_network_acl_entry.rb
 - lib/convection/model/template/resource/aws_ec2_route.rb
@@ -144,6 +146,7 @@ files:
 - lib/convection/model/template/resource/aws_ec2_subnet.rb
 - lib/convection/model/template/resource/aws_ec2_subnet_network_acl_association.rb
 - lib/convection/model/template/resource/aws_ec2_subnet_route_table_association.rb
+- lib/convection/model/template/resource/aws_ec2_volume.rb
 - lib/convection/model/template/resource/aws_ec2_vpc.rb
 - lib/convection/model/template/resource/aws_ec2_vpc_gateway_attachment.rb
 - lib/convection/model/template/resource/aws_elasticache_cluster.rb
@@ -164,6 +167,7 @@ files:
 - lib/convection/model/template/resource/aws_iam_policy.rb
 - lib/convection/model/template/resource/aws_iam_role.rb
 - lib/convection/model/template/resource/aws_iam_user.rb
+- lib/convection/model/template/resource/aws_kms_key.rb
 - lib/convection/model/template/resource/aws_logs_loggroup.rb
 - lib/convection/model/template/resource/aws_rds_db_instance.rb
 - lib/convection/model/template/resource/aws_rds_db_parameter_group.rb
@@ -190,6 +194,9 @@ files:
 - lib/convection/model/template/resource_property/aws_cloudfront_restrictions.rb
 - lib/convection/model/template/resource_property/aws_cloudfront_s3origin.rb
 - lib/convection/model/template/resource_property/aws_cloudfront_viewercertificate.rb
+- lib/convection/model/template/resource_property/aws_ec2_block_device_mapping.rb
+- lib/convection/model/template/resource_property/aws_ec2_block_store_block_device.rb
+- lib/convection/model/template/resource_property/aws_ec2_mount_point.rb
 - lib/convection/model/template/resource_property/aws_ec2_network_interface.rb
 - lib/convection/version.rb
 - test/convection/model/test_conditions.rb

data/example/foobar.rb

@@ -1,22 +0,0 @@
-require_relative '../lib/convection'
-
-module Convection
-  module Demo
-    FOOBAR = Convection.template do
-      description 'Demo Foobar'
-
-      ec2_instance 'Foobar' do
-        subnet stack.get('vpc', 'TargetVPCSubnetPublic3')
-        security_group stack.get('security-groups', 'Foobar')
-
-        image_id stack['foobar-image']
-        instance_type 'm3.medium'
-        key_name 'production'
-
-        tag 'Name', 'foobar-0'
-        tag 'Service', 'foobar'
-        tag 'Stack', stack.cloud
-      end
-    end
-  end
-end