convection 0.2.15 → 0.2.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d4e1a5604f949a9fe05e8889deb5f0b00aa52307
4
- data.tar.gz: 1bbc1d882ac5bc4780e274b8f8b6dcbaf1b9d834
3
+ metadata.gz: f32f84317e07800f0022642fd1eae90ad88df71d
4
+ data.tar.gz: b2db570b8e3a24f2449c1c3c4b42f15f5e0aaf06
5
5
  SHA512:
6
- metadata.gz: fbee68d7503bf6def7ce8a689404d19fefba9dcdaea255ac5abaeb418f66f94b690b1257f98d7eff1387220a085e32fde6f7a6cca65337bb2b2822b0e3815320
7
- data.tar.gz: 019a281498278e5fdb0489f9489aab52ec957c986cca0be41f82b9873296d3af27c58ae07a0daabdfb2f35d601a78a0e32983d377b91c5c78f9b0c5d164d1ed1
6
+ metadata.gz: 8f699ed14a2c99f6c418a7f0e310b836443332c273d95ec6b0133b05b7ae85970a0ba0ae1b660b29ae931f41bb913d9d45eb766997d04062294b9fc5ee11e2e9
7
+ data.tar.gz: 191c84293f1bdc3c39cf768613933b57dad072b354f0c83ff1034a2e0f6ee61e14da5ae2a559a325b6364bbd50de169e345c99659d2738707c61e8877d51faf5
data/example/Cloudfile CHANGED
@@ -1,7 +1,7 @@
1
1
  require_relative '../lib/convection'
2
2
  require_relative './vpc'
3
3
  require_relative './security-groups'
4
- require_relative './foobar'
4
+ require_relative './instances'
5
5
 
6
6
  name 'convection-test'
7
7
  region 'us-east-1'
@@ -10,4 +10,4 @@ attribute 'vpc', 'subnet', '10.255.0.0/16'
10
10
 
11
11
  stack 'vpc', Convection::Demo::VPC
12
12
  stack 'security-groups', Convection::Demo::SECURITY_GROUPS
13
- stack 'foobar', Convection::Demo::FOOBAR
13
+ stack 'instances', Convection::Demo::INSTANCES
@@ -0,0 +1,93 @@
1
+ require_relative '../lib/convection'
2
+
3
+ module Convection
4
+ module Demo
5
+ INSTANCES = Convection.template do
6
+ description 'Demo Foobar'
7
+
8
+ ec2_instance 'Foobar' do
9
+ subnet stack.get('vpc', 'TargetVPCSubnetPublic3')
10
+ security_group stack.get('security-groups', 'Foobar')
11
+
12
+ image_id stack['foobar-image']
13
+ instance_type 'm3.medium'
14
+ key_name 'production'
15
+
16
+ tag 'Name', 'foobar-0'
17
+ tag 'Service', 'foobar'
18
+ tag 'Stack', stack.cloud
19
+ end
20
+
21
+ #
22
+ # Create an instance with encrypted EBS mount point
23
+ # and an ephemeral volume
24
+ #
25
+
26
+ # Create a KMS encryption key to encrypt the volume
27
+ kms_key 'FoobarKmsKey' do
28
+ description 'Used to encrypt volumes'
29
+
30
+ # don't delete the key when this stack is deleted
31
+ deletion_policy 'Retain'
32
+
33
+ policy do
34
+ allow do
35
+ sid 'Enable IAM User Permissions'
36
+ principal :AWS => ["arn:aws:iam::#{MY_AWS_ACCOUNT_NUMBER}:root"]
37
+ action 'kms:*'
38
+ resource '*'
39
+ end
40
+ end
41
+ end
42
+
43
+ ec2_volume 'FoobarEncryptedVol' do
44
+ availability_zone 'us-east-1a'
45
+ size 20
46
+ volume_type :gp2
47
+
48
+ # encrypt with the key from this stack
49
+ encrypted true
50
+ kms_key fn_ref('FoobarKmsKey')
51
+
52
+ # don't delete the volume when this stack is deleted
53
+ deletion_policy 'Retain'
54
+
55
+ tag 'Name', 'Foobar Encrypted Volume'
56
+ tag 'Service', 'foobar'
57
+ tag 'Stack', stack.cloud
58
+ end
59
+
60
+ ec2_instance 'FoobarWithEncryptedVol' do
61
+ image_id stack['foobar-image']
62
+ instance_type 'm3.medium'
63
+ key_name 'production'
64
+ availability_zone 'us-east-1a'
65
+
66
+ # give the instance a static private IP and ensure
67
+ # it has a public ip regardless of subnet default setting
68
+ network_interface do
69
+ private_ip_address '10.1.2.3'
70
+ associate_public_ip_address true
71
+ security_group stack.get('security-groups', 'Foobar')
72
+ subnet stack.get('vpc', 'TargetVPCSubnetPublic3')
73
+ end
74
+
75
+ # mount the encrypted volume at /dev/xvdf
76
+ volume do
77
+ device '/dev/sdf'
78
+ volume_id fn_ref('FoobarEncryptedVol')
79
+ end
80
+
81
+ # mount an ephemeral drive at /dev/xvdc
82
+ block_device do
83
+ device '/dev/sdc'
84
+ virtual_name 'ephemeral0'
85
+ end
86
+
87
+ tag 'Name', 'Foobar Encrypted'
88
+ tag 'Service', 'foobar'
89
+ tag 'Stack', stack.cloud
90
+ end
91
+ end
92
+ end
93
+ end
data/example/vpc.rb CHANGED
@@ -15,6 +15,10 @@ module Convection
15
15
  tag 'Stack', stack.cloud
16
16
  with_output 'id'
17
17
 
18
+ #
19
+ # PUBLIC SUBNETS
20
+ #
21
+
18
22
  ## Add an InternetGateway
19
23
  add_internet_gateway
20
24
 
@@ -61,6 +65,78 @@ module Convection
61
65
  tag 'Service', 'Public'
62
66
  end
63
67
  end
68
+
69
+
70
+ #
71
+ # PRIVATE SUBNETS
72
+ # These subnets don't support a public IP, but can access the internet
73
+ # via a NAT Gateway
74
+ #
75
+
76
+ private_acl = add_network_acl('Private') do
77
+ entry 'AllowAllIngress' do
78
+ action 'allow'
79
+ number 100
80
+ network '0.0.0.0/0'
81
+ protocol :any
82
+ range :From => 0,
83
+ :To => 65_535
84
+ end
85
+
86
+ entry 'AllowAllEgress' do
87
+ action 'allow'
88
+ number 100
89
+ egress true
90
+ network '0.0.0.0/0'
91
+ protocol :any
92
+ range :From => 0,
93
+ :To => 65_535
94
+ end
95
+
96
+ tag 'Name', "acl-private-#{ stack.cloud }"
97
+ tag 'Stack', stack.cloud
98
+ end
99
+
100
+ private_table = add_route_table('Private', :gateway_route => false) do
101
+ tag 'Name', "routes-private-#{ stack.cloud }"
102
+ tag 'Stack', stack.cloud
103
+ end
104
+
105
+ stack.availability_zones do |zone, i|
106
+ add_subnet "Private#{ i }" do
107
+ availability_zone zone
108
+ acl private_acl
109
+ route_table private_table
110
+
111
+ with_output
112
+
113
+ immutable_metadata "private-#{ stack.cloud }"
114
+ tag 'Name', "subnet-public-#{ stack.cloud }-#{ zone }"
115
+ tag 'Stack', stack.cloud
116
+ tag 'Service', 'Private'
117
+ end
118
+ end
119
+
120
+ ## Add a NAT Gateway
121
+ stack.availability_zones do |zone, i|
122
+ ec2_eip "NatGatewayIP#{i}" do
123
+ domain 'vpc'
124
+ end
125
+
126
+ ec2_nat_gateway "NatGateway#{i}" do
127
+ subnet fn_ref("TargetVPCSubnetPublic#{i}")
128
+ allocation_id get_att("NatGatewayIP#{i}", 'AllocationId')
129
+ end
130
+
131
+ ec2_route "NatGatewayRoute#{i}" do
132
+ destination '0.0.0.0/0'
133
+ nat_gateway fn_ref("NatGateway#{i}")
134
+ route_table_id private_table
135
+ end
136
+
137
+ # Create a NAT Gateway in only one AZ to save $$$
138
+ break
139
+ end
64
140
  end
65
141
  end
66
142
  end
@@ -295,6 +295,7 @@ module Convection
295
295
  @template = parent.template
296
296
  @type = self.class.type
297
297
  @depends_on = []
298
+ @deletion_policy = nil
298
299
  @exist = false
299
300
 
300
301
  ## Instantiate properties
@@ -317,6 +318,14 @@ module Convection
317
318
  @depends_on << (resource.is_a?(Resource) ? resource.name : resource)
318
319
  end
319
320
 
321
+ # rubocop:disable Style/TrivialAccessors
322
+ # We don't want to use an accessor (e.g. deletion_policy=) because
323
+ # this is a DSL method
324
+ def deletion_policy(deletion_policy)
325
+ @deletion_policy = deletion_policy
326
+ end
327
+ # rubocop:enable Style/TrivialAccessors
328
+
320
329
  def reference
321
330
  {
322
331
  'Ref' => name
@@ -345,6 +354,7 @@ module Convection
345
354
  'Properties' => properties.map(true, &:render)
346
355
  }.tap do |resource|
347
356
  resource['DependsOn'] = @depends_on unless @depends_on.empty?
357
+ resource['DeletionPolicy'] = @deletion_policy unless @deletion_policy.nil?
348
358
  render_condition(resource)
349
359
  end
350
360
  end
@@ -0,0 +1,18 @@
1
+ require_relative '../resource'
2
+
3
+ module Convection
4
+ module Model
5
+ class Template
6
+ class Resource
7
+ ##
8
+ # AWS::EC2::EIP
9
+ ##
10
+ class EC2EIP < Resource
11
+ type 'AWS::EC2::EIP'
12
+ property :instance, 'InstanceId'
13
+ property :domain, 'Domain'
14
+ end
15
+ end
16
+ end
17
+ end
18
+ end
@@ -22,6 +22,8 @@ module Convection
22
22
  property :src_dst_checks, 'SourceDestCheck'
23
23
  property :disable_api_termination, 'DisableApiTermination'
24
24
  property :network_interfaces, 'NetworkInterfaces', :type => :list
25
+ property :block_devices, 'BlockDeviceMappings', :type => :list
26
+ property :volumes, 'Volumes', :type => :list
25
27
 
26
28
  # Append a network interface to network_interfaces
27
29
  def network_interface(&block)
@@ -31,6 +33,20 @@ module Convection
31
33
  network_interfaces << interface
32
34
  end
33
35
 
36
+ # Append a block device mapping
37
+ def block_device(&block)
38
+ block_device = ResourceProperty::EC2BlockDeviceMapping.new(self)
39
+ block_device.instance_exec(&block) if block
40
+ block_devices << block_device
41
+ end
42
+
43
+ # Append a volume to volumes
44
+ def volume(&block)
45
+ volume = ResourceProperty::EC2MountPoint.new(self)
46
+ volume.instance_exec(&block) if block
47
+ volumes << volume
48
+ end
49
+
34
50
  def render(*args)
35
51
  super.tap do |resource|
36
52
  render_tags(resource)
@@ -0,0 +1,18 @@
1
+ require_relative '../resource'
2
+
3
+ module Convection
4
+ module Model
5
+ class Template
6
+ class Resource
7
+ ##
8
+ # AWS::EC2::NatGateway
9
+ ##
10
+ class EC2NatGateway < Resource
11
+ type 'AWS::EC2::NatGateway'
12
+ property :allocation_id, 'AllocationId'
13
+ property :subnet, 'SubnetId'
14
+ end
15
+ end
16
+ end
17
+ end
18
+ end
@@ -12,6 +12,7 @@ module Convection
12
12
  property :route_table_id, 'RouteTableId'
13
13
  property :destination, 'DestinationCidrBlock'
14
14
  property :gateway, 'GatewayId'
15
+ property :nat_gateway, 'NatGatewayId'
15
16
  property :instance, 'InstanceId'
16
17
  property :interface, 'NetworkInterfaceId'
17
18
  property :peer, 'VpcPeeringConnectionId'
@@ -0,0 +1,32 @@
1
+ require_relative '../resource'
2
+
3
+ module Convection
4
+ module Model
5
+ class Template
6
+ class Resource
7
+ ##
8
+ # AWS::EC2::Volume
9
+ ##
10
+ class EC2Volume < Resource
11
+ include Model::Mixin::Taggable
12
+
13
+ type 'AWS::EC2::Volume'
14
+ property :auto_enable_io, 'AutoEnableIO'
15
+ property :availability_zone, 'AvailabilityZone'
16
+ property :encrypted, 'Encrypted'
17
+ property :iops, 'Iops'
18
+ property :kms_key, 'KmsKeyId'
19
+ property :size, 'Size'
20
+ property :snapshot, 'SnapshotId'
21
+ property :volume_type, 'VolumeType'
22
+
23
+ def render(*args)
24
+ super.tap do |resource|
25
+ render_tags(resource)
26
+ end
27
+ end
28
+ end
29
+ end
30
+ end
31
+ end
32
+ end
@@ -0,0 +1,38 @@
1
+ require_relative '../resource'
2
+
3
+ module Convection
4
+ module DSL
5
+ module Template
6
+ module Resource
7
+ ## Role DSL
8
+ module KmsKey
9
+ def policy(&block)
10
+ add_policy = Model::Mixin::Policy.new(:name => 'kms_policy', :template => @template)
11
+ add_policy.instance_exec(&block) if block
12
+ self.key_policy = add_policy.document
13
+ end
14
+ end
15
+ end
16
+ end
17
+ end
18
+
19
+ module Model
20
+ class Template
21
+ class Resource
22
+ ##
23
+ # AWS::KMS::Key
24
+ ##
25
+ class KmsKey < Resource
26
+ include DSL::Template::Resource::KmsKey
27
+
28
+ type 'AWS::KMS::Key'
29
+ property :description, 'Description'
30
+ property :enabled, 'Enabled'
31
+ property :enabled_key_rotation, 'EnabledKeyRotation'
32
+ alias key_rotation enabled_key_rotation
33
+ property :key_policy, 'KeyPolicy'
34
+ end
35
+ end
36
+ end
37
+ end
38
+ end
@@ -0,0 +1,25 @@
1
+ require_relative '../resource_property'
2
+
3
+ module Convection
4
+ module Model
5
+ class Template
6
+ class ResourceProperty
7
+ # Represents an {http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-blockdev-mapping.html
8
+ # EC2 Block Device Mapping Property Type}
9
+ class EC2BlockDeviceMapping < ResourceProperty
10
+ property :device_name, 'DeviceName'
11
+ alias device device_name
12
+ property :ebs, 'Ebs'
13
+ property :no_device, 'NoDevice'
14
+ property :virtual_name, 'VirtualName'
15
+
16
+ def ebs(&block)
17
+ ebs = ResourceProperty::EC2BlockStoreBlockDevice.new(self)
18
+ ebs.instance_exec(&block) if block
19
+ properties['Ebs'].set(config)
20
+ end
21
+ end
22
+ end
23
+ end
24
+ end
25
+ end
@@ -0,0 +1,22 @@
1
+ require_relative '../resource_property'
2
+
3
+ module Convection
4
+ module Model
5
+ class Template
6
+ class ResourceProperty
7
+ # Represents an {http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-blockdev-template.html
8
+ # EC2 Block Store Block Device Property Type}
9
+ class EC2BlockStoreBlockDevice < ResourceProperty
10
+ property :delete_on_termination, 'DeleteOnTermination'
11
+ property :encrypted, 'Encrypted'
12
+ property :iops, 'Iops'
13
+ property :snapshot, 'SnapshotId'
14
+ property :volume_size, 'VolumeSize'
15
+ alias size volume_size
16
+ property :volume_type, 'VolumeType'
17
+ alias type volume_type
18
+ end
19
+ end
20
+ end
21
+ end
22
+ end
@@ -0,0 +1,16 @@
1
+ require_relative '../resource_property'
2
+
3
+ module Convection
4
+ module Model
5
+ class Template
6
+ class ResourceProperty
7
+ # Represents an {http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-mount-point.html
8
+ # EC2 MountPoint Property Type}
9
+ class EC2MountPoint < ResourceProperty
10
+ property :device, 'Device'
11
+ property :volume_id, 'VolumeId'
12
+ end
13
+ end
14
+ end
15
+ end
16
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: convection
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.15
4
+ version: 0.2.16
5
5
  platform: ruby
6
6
  authors:
7
7
  - John Manero
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-03-02 00:00:00.000000000 Z
11
+ date: 2016-03-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk
@@ -99,7 +99,7 @@ files:
99
99
  - example/deprecated/s3.rb
100
100
  - example/deprecated/sqs.rb
101
101
  - example/deprecated/vpc.rb
102
- - example/foobar.rb
102
+ - example/instances.rb
103
103
  - example/output/vpc.json
104
104
  - example/security-groups.rb
105
105
  - example/trust_cloudtrail.rb
@@ -132,9 +132,11 @@ files:
132
132
  - lib/convection/model/template/resource/aws_auto_scaling_scaling_policy.rb
133
133
  - lib/convection/model/template/resource/aws_cloud_watch_alarm.rb
134
134
  - lib/convection/model/template/resource/aws_cloudfront_distribution.rb
135
+ - lib/convection/model/template/resource/aws_ec2_eip.rb
135
136
  - lib/convection/model/template/resource/aws_ec2_eip_association.rb
136
137
  - lib/convection/model/template/resource/aws_ec2_instance.rb
137
138
  - lib/convection/model/template/resource/aws_ec2_internet_gateway.rb
139
+ - lib/convection/model/template/resource/aws_ec2_nat_gateway.rb
138
140
  - lib/convection/model/template/resource/aws_ec2_network_acl.rb
139
141
  - lib/convection/model/template/resource/aws_ec2_network_acl_entry.rb
140
142
  - lib/convection/model/template/resource/aws_ec2_route.rb
@@ -144,6 +146,7 @@ files:
144
146
  - lib/convection/model/template/resource/aws_ec2_subnet.rb
145
147
  - lib/convection/model/template/resource/aws_ec2_subnet_network_acl_association.rb
146
148
  - lib/convection/model/template/resource/aws_ec2_subnet_route_table_association.rb
149
+ - lib/convection/model/template/resource/aws_ec2_volume.rb
147
150
  - lib/convection/model/template/resource/aws_ec2_vpc.rb
148
151
  - lib/convection/model/template/resource/aws_ec2_vpc_gateway_attachment.rb
149
152
  - lib/convection/model/template/resource/aws_elasticache_cluster.rb
@@ -164,6 +167,7 @@ files:
164
167
  - lib/convection/model/template/resource/aws_iam_policy.rb
165
168
  - lib/convection/model/template/resource/aws_iam_role.rb
166
169
  - lib/convection/model/template/resource/aws_iam_user.rb
170
+ - lib/convection/model/template/resource/aws_kms_key.rb
167
171
  - lib/convection/model/template/resource/aws_logs_loggroup.rb
168
172
  - lib/convection/model/template/resource/aws_rds_db_instance.rb
169
173
  - lib/convection/model/template/resource/aws_rds_db_parameter_group.rb
@@ -190,6 +194,9 @@ files:
190
194
  - lib/convection/model/template/resource_property/aws_cloudfront_restrictions.rb
191
195
  - lib/convection/model/template/resource_property/aws_cloudfront_s3origin.rb
192
196
  - lib/convection/model/template/resource_property/aws_cloudfront_viewercertificate.rb
197
+ - lib/convection/model/template/resource_property/aws_ec2_block_device_mapping.rb
198
+ - lib/convection/model/template/resource_property/aws_ec2_block_store_block_device.rb
199
+ - lib/convection/model/template/resource_property/aws_ec2_mount_point.rb
193
200
  - lib/convection/model/template/resource_property/aws_ec2_network_interface.rb
194
201
  - lib/convection/version.rb
195
202
  - test/convection/model/test_conditions.rb
data/example/foobar.rb DELETED
@@ -1,22 +0,0 @@
1
- require_relative '../lib/convection'
2
-
3
- module Convection
4
- module Demo
5
- FOOBAR = Convection.template do
6
- description 'Demo Foobar'
7
-
8
- ec2_instance 'Foobar' do
9
- subnet stack.get('vpc', 'TargetVPCSubnetPublic3')
10
- security_group stack.get('security-groups', 'Foobar')
11
-
12
- image_id stack['foobar-image']
13
- instance_type 'm3.medium'
14
- key_name 'production'
15
-
16
- tag 'Name', 'foobar-0'
17
- tag 'Service', 'foobar'
18
- tag 'Stack', stack.cloud
19
- end
20
- end
21
- end
22
- end