gclouder 0.1.1

data/lib/gclouder/resources/compute/networks.rb

@@ -0,0 +1,110 @@
+#!/usr/bin/env ruby
+
+module GClouder
+  module Resources
+    module Compute
+      module Networks
+        include GClouder::Config::CLIArgs
+        include GClouder::Config::Project
+        include GClouder::Logging
+        include GClouder::Resource::Cleaner
+
+        def self.header(stage = :ensure)
+          info "[#{stage}] compute / network", indent: 1, title: true
+        end
+
+        def self.ensure
+          return if Local.list.empty?
+          header
+
+          Local.list.each do |region, networks|
+            info region, indent: 2, heading: true
+            info
+            networks.each do |network|
+              Network.ensure(network["name"])
+            end
+          end
+        end
+
+        def self.validate
+          return if Local.list.empty?
+          header :validate
+          Local.validate
+        end
+
+        module Local
+          include GClouder::Config::CLIArgs
+          include GClouder::Config::Project
+          include GClouder::Logging
+
+          def self.list
+            { "global" => resources }.delete_if { |_k, v| v.empty? }
+          end
+
+          def self.resources
+            merged = networks.merge(subnet_networks)["global"]
+            return [] unless merged
+            merged.uniq { |network| network["name"] }
+          end
+
+          def self.validate
+            return if list.empty?
+
+            failure = false
+
+            list.each do |region, networks|
+              info region, indent: 2, heading: true
+              networks.each do |network|
+                info network["name"], indent: 3, heading: true
+                if !network["name"].is_a?(String)
+                  bad "#{network['name']} is incorrect type #{network['name'].class}, should be: String", indent: 4
+                  failure = true
+                end
+
+                if cli_args[:debug] || !cli_args[:output_validation]
+                  good "network is a String", indent: 4
+                end
+              end
+            end
+
+            fatal "\nerror: validation failure" if failure
+          end
+
+          def self.networks
+            GClouder::Resources::Global.instances(path: ["networks"])
+          end
+
+          def self.subnet_networks
+            GClouder::Resources::Compute::Networks::Subnets::Local.networks
+          end
+        end
+
+        module Remote
+          def self.list
+            { "global" => instances.fetch("global", []).map { |network| { "name" => network["name"]  } } }.delete_if { |_k, v| v.empty? }
+          end
+
+          def self.instances
+            Resources::Remote.instances(
+              path:           ["compute", "networks"],
+              ignore_keys:    ["auto_create_subnetworks", "subnetworks", "x_gcloud_mode", "range"],
+              skip_instances: { "name" => /^default$/ },
+            )
+          end
+        end
+
+        module Network
+          include GClouder::GCloud
+
+          def self.ensure(network)
+            Resource.ensure :"compute networks", network, "--mode custom"
+          end
+
+          def self.purge(network)
+            Resource.purge :"compute networks", network
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gclouder/resources/compute/project_info/ssh_keys.rb

@@ -0,0 +1,171 @@
+#!/usr/bin/env ruby
+
+module GClouder
+  module Resources
+    module Compute
+      module ProjectInfo
+        module SSHKeys
+          include GClouder::Logging
+          include GClouder::Config::Project
+          include GClouder::Config::CLIArgs
+
+          def self.header(stage = :ensure)
+            info "[#{stage}] compute / metadata / ssh_keys", title: true
+          end
+
+          def self.clean
+            return unless project.key?("users")
+            header :clean
+          end
+
+          def self.check
+          end
+
+          def self.validate
+            return if Local.data.empty?
+            header :validate
+            Local.validate
+          end
+
+          def self.ensure
+            return unless project.key?("users")
+            header :ensure
+
+            info "global", heading: true, indent: 2
+            info
+
+            Local.data.each do |user_data|
+              description = user_data[:description]
+
+              user = Remote.data.find { |entry| entry[:description] == description }
+
+              # user doesn't exist, add it..
+              if user.nil?
+                add description
+                next
+              end
+
+              # user exists but has been modified
+              if user_data[:key] != user[:key]
+                change description
+                next
+              end
+
+              # user exists and is the same
+              good description
+            end
+
+            Remote.data.each do |user_data|
+              description = user_data[:description]
+
+              next if Local.data.find { |entry| entry[:description] == description }
+
+              # user isn't defined locally, remove it
+              remove description, indent: 3
+            end
+
+            return if Local.list == Remote.list
+            return if cli_args[:dry_run]
+
+            Key.ensure(Local.list)
+          end
+
+          module Local
+            include GClouder::Config::Project
+            include GClouder::Logging
+
+            def self.list
+              return [] unless project.key?("users")
+
+              project["users"].sort
+            end
+
+            def self.data
+              list.map do |line|
+                components = line.split
+                user, type = components[0].split(":")
+                key = components[1]
+                description = components.length >= 2 ? components[2] : components[0]
+
+                { key: key, type: type, user: user, description: description }
+              end
+            end
+
+            def self.validate
+              return if data.empty?
+
+              info "global", heading: true, indent: 2
+
+              data.each do |entry|
+                info
+                info entry[:description], indent: 3
+
+                if entry[:user].is_a?(String)
+                  good "user is a String (#{entry[:user]})", indent: 4
+                else
+                  bad "user is a String (#{entry[:user]})", indent: 4
+                end
+
+                if entry[:key].is_a?(String)
+                  good "key is a String (#{entry[:key].reverse.truncate(20).reverse})", indent: 4
+                else
+                  bad "key isn't a String (#{entry[:key]})", indent: 4
+                end
+
+                if entry[:type].is_a?(String)
+                  good "type is a String (#{entry[:type]})", indent: 4
+                else
+                  bad "type isn't a String (#{entry[:type]})", indent: 4
+                end
+
+                # check if description exists for key
+                # output useruser
+                # output key.truncate
+                # output description
+              end
+            end
+          end
+
+          module Remote
+            include GClouder::GCloud
+
+            def self.list
+              keys = metadata.dig("items")
+
+              return [] unless keys
+              return [] if keys.empty?
+
+              keys.delete_if { |h| h["key"] != "sshKeys" }
+              keys[0]["value"].split("\n").delete_if { |key| key =~ /^gke-/ }.sort
+            end
+
+            def self.data
+              list.map do |line|
+                components = line.split
+                user, type = components[0].split(":")
+                key = components[1]
+                description = components.length >= 2 ? components[2] : components[0]
+
+                { key: key, type: type, user: user, description: description }
+              end
+            end
+
+            def self.metadata
+              gcloud("compute project-info describe | jq -r '.commonInstanceMetadata'", force: true)
+            end
+          end
+        end
+
+        module Key
+          include GClouder::Config::Project
+          include GClouder::GCloud
+
+          def self.ensure(list)
+            list = list.join("\n") if list.is_a?(Array)
+            gcloud("compute project-info add-metadata --metadata sshKeys=\"#{list}\"")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gclouder/resources/compute/routers.rb

@@ -0,0 +1,83 @@
+#!/usr/bin/env ruby
+
+module GClouder
+  module Resources
+    module Compute
+      module Routers
+        include GClouder::Config::CLIArgs
+        include GClouder::Config::Project
+        include GClouder::Logging
+        include GClouder::Helpers
+        include GClouder::Config::Arguments
+        include GClouder::Resource::Cleaner
+
+        def self.header(stage = :ensure)
+          info "[#{stage}] compute / router", title: true
+        end
+
+        def self.validate
+          return if Local.list.empty?
+          header :validate
+          Local.validate
+        end
+
+        def self.ensure
+          return if Local.list.empty?
+          header
+
+          Local.list.each do |region, routers|
+            next if routers.empty?
+            info region, heading: true, indent: 2
+
+            routers.each do |router|
+              info
+              Router.ensure(region, router["name"], hash_to_args(router))
+            end
+          end
+        end
+
+        module Local
+          include GClouder::Logging
+
+          def self.section
+            ["compute", "routers"]
+          end
+
+          def self.list
+            Resources::Region.instances(path: ["routers"])
+          end
+
+          def self.validate
+            Resources::Validate::Region.instances(
+              list,
+              required_keys:  GClouder::Config::Arguments.required(section),
+              permitted_keys: GClouder::Config::Arguments.permitted(section),
+              # ignore ASN until Fixnums are supported
+              ignore_keys: [ "asn" ],
+            )
+          end
+        end
+
+        module Remote
+          def self.list
+            Resources::Remote.instances(
+              path: ["compute", "routers"],
+            )
+          end
+        end
+
+        module Router
+          include GClouder::Resource
+
+          def self.ensure(region, router, args)
+            Resource.ensure :"compute routers", router, "--region #{region} #{args}"
+          end
+
+          def self.purge(region, router)
+            Resource.purge :"compute routers", router, "--region #{region}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gclouder/resources/compute/vpns.rb

@@ -0,0 +1,199 @@
+#!/usr/bin/env ruby
+
+module GClouder
+  module Resources
+    module Compute
+      module VPNs
+        include GClouder::GCloud
+        include GClouder::Shell
+        include GClouder::Logging
+        include GClouder::Config::Project
+        include GClouder::Config::CLIArgs
+        include GClouder::Resource::Cleaner
+
+        def self.header(stage = :ensure)
+          info "[#{stage}] compute / vpns", indent: 1, title: true
+        end
+
+        def self.validate
+          return if Local.list.empty?
+          header :validate
+          Local.validate
+        end
+
+        def self.dir
+          cli_args[:keys_dir] || File.join(ENV["HOME"], "keys")
+        end
+
+        def self.ensure
+          return if Local.list.empty?
+
+          header
+
+          Local.list.each do |region, instances|
+            info region, indent: 2, heading: true
+            info
+
+            instances.each do |vpn|
+              skip_vpn = false
+
+              # if 'shared_secret' key is set, use it
+              # if not, fall back to trying to read the secret from an environment variable, the name
+              # of which is provided by the 'shared_secret_env_var' key
+              unless vpn.key?("shared_secret") || vpn.key?("shared_secret_env_var") || vpn.key?("shared_secret_file")
+                if cli_args[:dry_run]
+                  warning "skipping resource since no shared secret found for VPN and this is a dry run"
+                  skip_vpn = true
+                else
+                  fatal "shared_secret_env_var or shared_secret must be set for region/vpn: #{region}/#{vpn["name"]}"
+                end
+              end
+
+              vpn["shared_secret"] = if vpn.key?("shared_secret") && !vpn["shared_secret"].empty? && !vpn["shared_secret"].nil?
+                vpn["shared_secret"]
+              else
+                ENV[vpn["shared_secret_env_var"]] if vpn["shared_secret_env_var"]
+              end
+
+              # this overrides the above for now..
+              if vpn.key?("shared_secret_file")
+                config_file = File.join(dir, vpn["shared_secret_file"])
+
+                if !File.exists?(config_file)
+                  fatal "shared_secret_file specified for vpn but no file found for region/vpn: #{region}/#{vpn["name"]}"
+                end
+
+                vpn["shared_secret"] = File.read(config_file)
+              end
+
+              vpn.delete("shared_secret_env_var") if vpn.key?("shared_secret_env_var")
+              vpn.delete("shared_secret_file") if vpn.key?("shared_secret_file")
+
+              required_params = %w(peer_address shared_secret ike_version remote_traffic_selector
+                                   local_traffic_selector target_vpn_gateway network)
+
+              required_params.each do |param|
+                fatal "no #{param} defined for region/vpn: #{region}/#{vpn}" unless vpn.key?(param)
+
+                # FIXME: change once hashie has been ripped out
+                if vpn[param].nil?
+                  if cli_args[:dry_run]
+                    warning "no #{param} defined for region/vpn: #{vpn["name"]} [#{region}]"
+                    skip_vpn = true
+                  else
+                    fatal "no #{param} defined for region/vpn: #{vpn["name"]} [#{region}]"
+                  end
+                end
+
+                if vpn[param].is_a?(String)
+                  if cli_args[:dry_run]
+                    warning "no #{param} defined for region/vpn: #{vpn["name"]} [#{region}]" if vpn[param].empty?
+                    skip_vpn = true
+                  else
+                    fatal "no #{param} defined for region/vpn: #{vpn["name"]} [#{region}]" if vpn[param].empty?
+                  end
+                end
+              end
+
+              next if skip_vpn && !cli_args[:dry_run]
+
+              VPN.create(region, vpn["name"], vpn)
+            end
+          end
+        end
+
+        module Local
+          def self.section
+            ["vpns"]
+          end
+
+          def self.list
+            Resources::Region.instances(path: section).delete_if { |_k, v| v.empty? }
+          end
+
+          def self.validate
+            Resources::Validate::Region.instances(
+              list,
+              required_keys:  GClouder::Config::Arguments.required(["compute", "vpn-tunnels"]),
+              permitted_keys: GClouder::Config::Arguments.permitted(["compute", "vpn-tunnels"]),
+              ignore_keys:    ["ike_version", "shared_secret_file", "network"]
+            )
+          end
+        end
+
+        module Remote
+          def self.list
+            Resources::Remote.instances(path: %w(compute vpn-tunnels))
+          end
+        end
+
+        module VPN
+          include GClouder::GCloud
+          include GClouder::Shell
+          include GClouder::Logging
+          include GClouder::Helpers
+          include GClouder::Config::CLIArgs
+
+          def self.create(region, vpn, vpn_config)
+            network = vpn_config['network']
+            Resource.ensure :"compute target-vpn-gateways", vpn_config["target_vpn_gateway"],
+                            "--network #{network} --region #{region}"
+
+            vpn_config.delete("network")
+
+            return if cli_args[:dry_run]
+
+            ip_data = gcloud("--format json compute addresses describe vpn-#{vpn} --region=#{region}", force: true)
+
+            unless ip_data.key?("address")
+              fatal "could not find address for static ip with key: vpn-#{vpn} (is key allocated in project config?)"
+            end
+
+            address = ip_data["address"]
+
+            Resource.ensure :"compute forwarding-rules",
+                            "#{vpn}-esp",
+                            "--region #{region} \
+                            --ip-protocol ESP \
+                            --address #{address} \
+                            --target-vpn-gateway=#{vpn_config['target_vpn_gateway']}",
+                            silent: true
+
+            Resource.ensure :"compute forwarding-rules",
+                            "#{vpn}-udp500",
+                            "--region #{region} \
+                            --ip-protocol UDP \
+                            --ports 500 \
+                            --address #{address} \
+                            --target-vpn-gateway=#{vpn_config['target_vpn_gateway']}",
+                            silent: true
+
+            Resource.ensure :"compute forwarding-rules",
+                            "#{vpn}-udp4500",
+                            "--region #{region} --ip-protocol UDP --ports 4500 --address #{address} \
+                            --target-vpn-gateway=#{vpn_config['target_vpn_gateway']}",
+                            silent: true
+
+            Resource.ensure :"compute vpn-tunnels", vpn,
+                            "--region=#{region} #{hash_to_args(vpn_config)}",
+                            silent: true
+
+            vpn_config["remote_traffic_selector"].each_with_index do |range, index|
+              Resource.ensure :"compute routes",
+                              "route-#{vpn}-#{index}",
+                              "--network=#{network} --next-hop-vpn-tunnel=#{vpn} \
+                              --next-hop-vpn-tunnel-region=#{region} --destination-range=#{range}",
+                              silent: true
+            end
+
+            GClouder::Resources::Compute::FirewallRules::Rule.ensure("vpn-#{vpn}-icmp", {
+              "network"       => network,
+              "source-ranges" => vpn_config["remote_traffic_selector"],
+              "allow"         => "icmp"
+            }, silent: true)
+          end
+        end
+      end
+    end
+  end
+end