convox_installer 2.0.0 → 3.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +1 -1
- data/.vscode/settings.json +3 -2
- data/Gemfile +1 -0
- data/README.md +110 -42
- data/examples/full_installation.rb +140 -46
- data/lib/convox/client.rb +196 -180
- data/lib/convox_installer/config.rb +8 -0
- data/lib/convox_installer/requirements.rb +15 -4
- data/lib/convox_installer/version.rb +1 -1
- data/lib/convox_installer.rb +10 -4
- data/spec/lib/convox/client_spec.rb +7 -7
- data/spec/lib/convox_installer/requirements_spec.rb +5 -6
- data/terraform/elasticache.tf.erb +46 -0
- data/terraform/rds.tf.erb +45 -0
- data/terraform/s3_bucket.tf.erb +73 -0
- metadata +6 -3
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
require 'convox_installer'
|
|
4
4
|
|
|
5
5
|
RSpec.describe ConvoxInstaller::Requirements do
|
|
6
|
-
let(:convox_cli_version) { '
|
|
6
|
+
let(:convox_cli_version) { '3.3.4' }
|
|
7
7
|
|
|
8
8
|
before do
|
|
9
9
|
allow_any_instance_of(
|
|
@@ -45,8 +45,8 @@ RSpec.describe ConvoxInstaller::Requirements do
|
|
|
45
45
|
end
|
|
46
46
|
end
|
|
47
47
|
|
|
48
|
-
context 'with Convox CLI version
|
|
49
|
-
let(:convox_cli_version) { '
|
|
48
|
+
context 'with Convox CLI version 20210208170413' do
|
|
49
|
+
let(:convox_cli_version) { '20210208170413' }
|
|
50
50
|
|
|
51
51
|
it 'shows the correct error message and quit' do
|
|
52
52
|
req = described_class.new
|
|
@@ -55,11 +55,10 @@ RSpec.describe ConvoxInstaller::Requirements do
|
|
|
55
55
|
expect(req).to receive(:quit!)
|
|
56
56
|
|
|
57
57
|
expect(req.logger).to receive(:error).with(
|
|
58
|
-
'This script requires Convox CLI version
|
|
58
|
+
'This script requires Convox CLI version 3.x.x. Your Convox CLI version is: 20210208170413'
|
|
59
59
|
)
|
|
60
60
|
expect(req.logger).to receive(:error).with(
|
|
61
|
-
|
|
62
|
-
'Convox CLI version: https://docsv2.convox.com/introduction/installation'
|
|
61
|
+
"Please run 'brew update convox' or follow the instructions at https://docs.convox.com/getting-started/introduction"
|
|
63
62
|
)
|
|
64
63
|
|
|
65
64
|
req.ensure_requirements!
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
resource "aws_elasticache_cluster" "elasticache_cluster" {
|
|
2
|
+
cluster_id = "<%= config.fetch(:stack_name) %>-elasticache-<%= config.fetch(:random_id) %>"
|
|
3
|
+
engine = "<%= config[:elasticache_engine] || 'redis' %>"
|
|
4
|
+
engine_version = "<%= config[:elasticache_engine_version] || '6.x' %>"
|
|
5
|
+
node_type = "<%= config[:elasticache_node_type] || 'cache.t3.medium' %>"
|
|
6
|
+
num_cache_nodes = <%= config[:elasticache_num_cache_nodes] || 1 %>
|
|
7
|
+
port = <%= config[:elasticache_port] || 6379 %>
|
|
8
|
+
|
|
9
|
+
subnet_group_name = aws_elasticache_subnet_group.elasticache_subnet_group.name
|
|
10
|
+
security_group_ids = [aws_security_group.elasticache_security_group.id]
|
|
11
|
+
|
|
12
|
+
# Workaround for weird engine_version issue where 6.x works for creation, and fails for update
|
|
13
|
+
# See: https://github.com/hashicorp/terraform-provider-aws/issues/15625#issuecomment-727759811
|
|
14
|
+
# Fixed in version 3.38.0 of the Terraform AWS provider.
|
|
15
|
+
lifecycle {
|
|
16
|
+
ignore_changes = [engine_version]
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
resource "aws_elasticache_subnet_group" "elasticache_subnet_group" {
|
|
21
|
+
name = "<%= config.fetch(:stack_name) %>-elasticache-cluster-subnetgroup-<%= config.fetch(:random_id) %>"
|
|
22
|
+
subnet_ids = module.system.cluster.subnets
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
resource "aws_security_group" "elasticache_security_group" {
|
|
26
|
+
name = "<%= config.fetch(:stack_name) %>-elasticache-securitygroup-<%= config.fetch(:random_id) %>"
|
|
27
|
+
|
|
28
|
+
description = "Elasticache Security Group (Managed by Terraform)"
|
|
29
|
+
vpc_id = module.system.cluster.vpc
|
|
30
|
+
|
|
31
|
+
# Only Redis in
|
|
32
|
+
ingress {
|
|
33
|
+
from_port = 6379
|
|
34
|
+
to_port = 6379
|
|
35
|
+
protocol = "tcp"
|
|
36
|
+
cidr_blocks = ["10.1.0.0/16"]
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
# Allow all outbound traffic
|
|
40
|
+
egress {
|
|
41
|
+
from_port = 0
|
|
42
|
+
to_port = 0
|
|
43
|
+
protocol = "-1"
|
|
44
|
+
cidr_blocks = ["0.0.0.0/0"]
|
|
45
|
+
}
|
|
46
|
+
}
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
resource "aws_db_instance" "rds_database" {
|
|
2
|
+
allocated_storage = <%= config[:database_allocated_storage] || 30 %>
|
|
3
|
+
engine = "<%= config[:database_engine] || 'postgres' %>"
|
|
4
|
+
engine_version = "<%= config[:database_engine_version] || '14.2' %>"
|
|
5
|
+
instance_class = "<%= config[:database_instance_class] || 'db.t3.medium' %>"
|
|
6
|
+
name = "<%= config.fetch(:stack_name).gsub('-', '_') %>_database"
|
|
7
|
+
identifier = "<%= config.fetch(:stack_name) %>-rds-<%= config.fetch(:random_id) %>"
|
|
8
|
+
multi_az = <%= config[:database_multi_az] || true %>
|
|
9
|
+
username = "<%= config.fetch(:database_username) %>"
|
|
10
|
+
password = "<%= config.fetch(:database_password) %>"
|
|
11
|
+
|
|
12
|
+
final_snapshot_identifier = "<%= config.fetch(:stack_name) %>-rds-<%= config.fetch(:random_id) %>-final-snapshot"
|
|
13
|
+
skip_final_snapshot = false
|
|
14
|
+
|
|
15
|
+
db_subnet_group_name = aws_db_subnet_group.rds_subnet_group.name
|
|
16
|
+
vpc_security_group_ids = [aws_security_group.rds_security_group.id]
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
resource "aws_db_subnet_group" "rds_subnet_group" {
|
|
20
|
+
name = "<%= config.fetch(:stack_name) %>-rds-subnetgroup-<%= config.fetch(:random_id) %>"
|
|
21
|
+
subnet_ids = module.system.cluster.subnets
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
resource "aws_security_group" "rds_security_group" {
|
|
25
|
+
name = "<%= config.fetch(:stack_name) %>-rds-database-securitygroup-<%= config.fetch(:random_id) %>"
|
|
26
|
+
|
|
27
|
+
description = "RDS Security Group (Managed by Terraform)"
|
|
28
|
+
vpc_id = module.system.cluster.vpc
|
|
29
|
+
|
|
30
|
+
# Only Postgres in
|
|
31
|
+
ingress {
|
|
32
|
+
from_port = 5432
|
|
33
|
+
to_port = 5432
|
|
34
|
+
protocol = "tcp"
|
|
35
|
+
cidr_blocks = ["10.1.0.0/16"]
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
# Allow all outbound traffic
|
|
39
|
+
egress {
|
|
40
|
+
from_port = 0
|
|
41
|
+
to_port = 0
|
|
42
|
+
protocol = "-1"
|
|
43
|
+
cidr_blocks = ["0.0.0.0/0"]
|
|
44
|
+
}
|
|
45
|
+
}
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
# AWS provider version is 3.33.0
|
|
2
|
+
# https://registry.terraform.io/providers/hashicorp/aws/3.33.0
|
|
3
|
+
|
|
4
|
+
provider "aws" {
|
|
5
|
+
region = "<%= config[:aws_region] %>"
|
|
6
|
+
}
|
|
7
|
+
|
|
8
|
+
resource "aws_kms_key" "docs_kms_key" {
|
|
9
|
+
description = "This key is used to encrypt objects in the DocSpring S3 bucket"
|
|
10
|
+
deletion_window_in_days = 14
|
|
11
|
+
}
|
|
12
|
+
|
|
13
|
+
# Later versions of aws provider (e.g. 4.8.0) use separate resources for
|
|
14
|
+
# aws_s3_bucket_acl and aws_s3_bucket_cors_configuration.
|
|
15
|
+
# This will need to be updated in the future.
|
|
16
|
+
resource "aws_s3_bucket" "docs_s3_bucket" {
|
|
17
|
+
bucket = "<%= config.fetch(:stack_name) %>-<%= config.fetch(:s3_bucket_name) %>"
|
|
18
|
+
acl = "private"
|
|
19
|
+
|
|
20
|
+
server_side_encryption_configuration {
|
|
21
|
+
rule {
|
|
22
|
+
apply_server_side_encryption_by_default {
|
|
23
|
+
kms_master_key_id = aws_kms_key.docs_kms_key.arn
|
|
24
|
+
sse_algorithm = "aws:kms"
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
<%= config[:s3_bucket_cors_rule] %>
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
resource "aws_iam_user" "docspring_s3_user" {
|
|
33
|
+
name = "<%= config.fetch(:stack_name) %>-<%= config.fetch(:s3_bucket_name) %>"
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
resource "aws_iam_access_key" "docspring_user_access_key" {
|
|
37
|
+
user = aws_iam_user.docspring_s3_user.name
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
resource "aws_iam_user_policy" "docspring_user_s3_policy" {
|
|
41
|
+
name = "docspring_user_s3_policy"
|
|
42
|
+
user = aws_iam_user.docspring_s3_user.name
|
|
43
|
+
|
|
44
|
+
policy = jsonencode({
|
|
45
|
+
"Version": "2012-10-17",
|
|
46
|
+
"Statement": [
|
|
47
|
+
{
|
|
48
|
+
"Effect": "Allow",
|
|
49
|
+
"Action": [
|
|
50
|
+
"s3:PutObject",
|
|
51
|
+
"s3:PutObjectAcl",
|
|
52
|
+
"s3:GetObject",
|
|
53
|
+
"s3:GetObjectAcl",
|
|
54
|
+
"s3:DeleteObject"
|
|
55
|
+
],
|
|
56
|
+
"Resource": [
|
|
57
|
+
"arn:aws:s3:::<%= config.fetch(:stack_name) %>-<%= config.fetch(:s3_bucket_name) %>/*",
|
|
58
|
+
]
|
|
59
|
+
},
|
|
60
|
+
{
|
|
61
|
+
"Effect": "Allow",
|
|
62
|
+
"Action": [
|
|
63
|
+
"kms:Encrypt",
|
|
64
|
+
"kms:Decrypt",
|
|
65
|
+
"kms:ReEncrypt*",
|
|
66
|
+
"kms:GenerateDataKey*",
|
|
67
|
+
"kms:DescribeKey"
|
|
68
|
+
],
|
|
69
|
+
"Resource": "*"
|
|
70
|
+
}
|
|
71
|
+
]
|
|
72
|
+
})
|
|
73
|
+
}
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: convox_installer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 3.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Form Applications Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-11-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -109,6 +109,9 @@ files:
|
|
|
109
109
|
- spec/lib/convox_installer/config_spec.rb
|
|
110
110
|
- spec/lib/convox_installer/requirements_spec.rb
|
|
111
111
|
- spec/spec_helper.rb
|
|
112
|
+
- terraform/elasticache.tf.erb
|
|
113
|
+
- terraform/rds.tf.erb
|
|
114
|
+
- terraform/s3_bucket.tf.erb
|
|
112
115
|
homepage: https://github.com/FormAPI/convox_installer
|
|
113
116
|
licenses:
|
|
114
117
|
- MIT
|
|
@@ -129,7 +132,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
129
132
|
- !ruby/object:Gem::Version
|
|
130
133
|
version: '0'
|
|
131
134
|
requirements: []
|
|
132
|
-
rubygems_version: 3.
|
|
135
|
+
rubygems_version: 3.3.7
|
|
133
136
|
signing_key:
|
|
134
137
|
specification_version: 4
|
|
135
138
|
summary: Build a Convox installation workflow
|