geoengineer 0.1.0 → 0.1.1

data/lib/geoengineer/resources/aws_lambda_function.rb

@@ -0,0 +1,30 @@
+########################################################################
+# AwsLambdaFunction is the +aws_lambda_function+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/lambda_function.html Terraform Docs}
+########################################################################
+class GeoEngineer::Resources::AwsLambdaFunction < GeoEngineer::Resource
+  validate -> { validate_required_attributes([:function_name, :handler, :role]) }
+  validate -> {
+    if self.vpc_config
+      validate_subresource_required_attributes(:vpc_config, [:subnet_ids, :security_group_ids])
+    end
+  }
+  validate -> {
+    if self.filename && (self.s3_bucket || self.s3_key || self.s3_object_version)
+      ["Can only define filename OR S3 config, not both"]
+    end
+  }
+
+  after :initialize, -> { _terraform_id -> { function_name } }
+
+  def support_tags?
+    false
+  end
+
+  def self._fetch_remote_resources
+    AwsClients.lambda.list_functions['functions'].map(&:to_h).map do |function|
+      function.merge({ _terraform_id: function[:function_name] })
+    end
+  end
+end

data/lib/geoengineer/resources/aws_lambda_permission.rb

@@ -0,0 +1,74 @@
+########################################################################
+# AwsLambdaPermission is the +aws_lambda_function+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/lambda_permission.html Terraform Docs}
+########################################################################
+class GeoEngineer::Resources::AwsLambdaPermission < GeoEngineer::Resource
+  validate -> { validate_required_attributes([:action, :function_name, :principal, :statement_id]) }
+
+  after :initialize, -> { _terraform_id -> { statement_id } }
+
+  def support_tags?
+    false
+  end
+
+  def self._fetch_functions
+    AwsClients
+      .lambda
+      .list_functions['functions']
+      .map(&:to_h)
+  end
+
+  def self._fetch_policy(function)
+    policy = AwsClients.lambda.get_policy({ function_name: function[:function_name] })&.policy
+    parsed = _parse_policy(policy) if policy
+    function.merge({ policy: parsed }) if parsed
+  end
+
+  def self._parse_policy(policy)
+    _deep_symbolize_keys(JSON.parse(policy))
+  rescue JSON::ParserError
+    nil
+  end
+
+  def self._deep_symbolize_keys(obj)
+    if obj.is_a?(Hash)
+      obj.each_with_object({}) do |(key, value), hash|
+        hash[key.to_sym] = _deep_symbolize_keys(value)
+      end
+    elsif obj.is_a?(Array)
+      obj.map { |value| _deep_symbolize_keys(value) }
+    else
+      obj
+    end
+  end
+
+  def self._create_permission(function)
+    policy = function[:policy]
+    policy[:Statement].map do |statement|
+      # Note that the keys for a statement objection are all CamelCased
+      # Whereas most other keys in this repo are snake_cased
+      statement.merge(
+        {
+          _terraform_id: statement[:Sid],
+          function_name: function[:function_name],
+          function_version: function[:version]
+        }
+      )
+    end
+  end
+
+  # Right now, this only fetches policies for the $LATEST version
+  # If we want to support fetching the permissions for all of the aliases as well,
+  # We'll need to add another call per function, bring total calls to 2N+1...
+  # Same deal if we need to support older versions...
+  # (excluding any extra calls for pagination). Less than ideal...
+  def self._fetch_remote_resources
+    _fetch_functions
+      .map { |function| _fetch_policy(function) }
+      .compact
+      .map { |function| _create_permission(function) }
+      .flatten
+      .compact
+  end
+end

data/lib/geoengineer/resources/aws_main_route_table_association.rb

@@ -0,0 +1,51 @@
+########################################################################
+# AwsMainRouteTableAssociation is the +aws_main_route_table_association+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/main_route_table_assoc.html Terraform Docs}
+########################################################################
+class GeoEngineer::Resources::AwsMainRouteTableAssociation < GeoEngineer::Resource
+  validate -> { validate_required_attributes([:vpc_id, :route_table_id]) }
+
+  after :initialize, -> { _terraform_id -> { NullObject.maybe(remote_resource)._terraform_id } }
+  after :initialize, -> { _geo_id -> { "#{vpc_id}::#{route_table_id}" } }
+
+  def to_terraform_state
+    tfstate = super
+    tfstate[:primary][:attributes] = {
+      'vpc_id' => vpc_id,
+      'route_table_id' => route_table_id
+    }
+    tfstate
+  end
+
+  def support_tags?
+    false
+  end
+
+  def self._fetch_remote_resources
+    AwsClients
+      .ec2
+      .describe_route_tables['route_tables']
+      .map(&:to_h)
+      .select { |route_table| route_table[:associations] }
+      .map { |route_table| _extract_associations(route_table) }
+      .flatten
+      .select { |association| association[:main] }
+      .map { |association| _merge_ids(association) }
+  end
+
+  def self._merge_ids(association)
+    association.merge(
+      {
+        _terraform_id: association[:route_table_association_id],
+        _geo_id: "#{association[:vpc_id]}::#{association[:route_table_id]}"
+      }
+    )
+  end
+
+  def self._extract_associations(route_table)
+    route_table[:associations].map do |association|
+      association.merge({ vpc_id: route_table[:vpc_id] })
+    end
+  end
+end

data/lib/geoengineer/resources/aws_nat_gateway.rb

@@ -0,0 +1,29 @@
+########################################################################
+# AwsNatGateway is the +aws_nat_gateway+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/nat_gateway.html Terraform Docs}
+########################################################################
+class GeoEngineer::Resources::AwsNatGateway < GeoEngineer::Resource
+  validate -> { validate_required_attributes([:subnet_id, :allocation_id]) }
+
+  after :initialize, -> { _terraform_id -> { NullObject.maybe(remote_resource)._terraform_id } }
+  after :initialize, -> { _geo_id -> { "#{allocation_id}::#{subnet_id}" } }
+
+  def support_tags?
+    false
+  end
+
+  def self._fetch_remote_resources
+    AwsClients.ec2.describe_nat_gateways['nat_gateways'].map(&:to_h).map do |gateway|
+      # AWS SDK has `nat_gateway_addresses` as an array, but you should only be able to
+      # have exactly 1 elastic IP association. This logic should cover the bases...
+      allocation = gateway[:nat_gateway_addresses].find { |addr| addr.key?(:allocation_id) }
+      gateway.merge(
+        {
+          _terraform_id: gateway[:nat_gateway_id],
+          _geo_id: "#{allocation[:allocation_id]}::#{gateway[:subnet_id]}"
+        }
+      )
+    end
+  end
+end

data/lib/geoengineer/resources/aws_network_acl.rb

@@ -0,0 +1,38 @@
+########################################################################
+# AwsNetworkAcl is the +aws_network_acl+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/network_acl.html Terraform Docs}
+########################################################################
+class GeoEngineer::Resources::AwsNetworkAcl < GeoEngineer::Resource
+  validate -> { validate_required_attributes([:vpc_id]) }
+  validate -> { validate_has_tag(:Name) }
+  validate -> {
+    unless self.all_egress.empty?
+      validate_subresource_required_attributes(
+        :egress,
+        [:from_port, :to_port, :rule_no, :action, :protocol]
+      )
+    end
+
+    unless self.all_ingress.empty?
+      validate_subresource_required_attributes(
+        :ingress,
+        [:from_port, :to_port, :rule_no, :action, :protocol]
+      )
+    end
+  }
+
+  after :initialize, -> { _terraform_id -> { NullObject.maybe(remote_resource)._terraform_id } }
+  after :initialize, -> { _geo_id -> { NullObject.maybe(tags)[:Name] } }
+
+  def self._fetch_remote_resources
+    AwsClients.ec2.describe_network_acls['network_acls'].map(&:to_h).map do |network_acl|
+      network_acl.merge(
+        {
+          _terraform_id: network_acl[:network_acl_id],
+          _geo_id: network_acl[:tags]&.find { |tag| tag[:key] == "Name" }&.dig(:value)
+        }
+      )
+    end
+  end
+end

data/lib/geoengineer/resources/aws_network_acl_rule.rb

@@ -0,0 +1,50 @@
+########################################################################
+# AwsNetworkAclRule is the +aws_network_acl_rule+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/network_acl_rule.html Terraform Docs}
+########################################################################
+class GeoEngineer::Resources::AwsNetworkAclRule < GeoEngineer::Resource
+  validate -> {
+    validate_required_attributes(
+      [:network_acl_id, :rule_number, :protocol, :rule_action, :cidr_block]
+    )
+  }
+
+  after :initialize, -> {
+    _terraform_id -> {
+      terraform_id_components = [
+        "#{network_acl_id}-",
+        "#{rule_number}-",
+        "#{egress}-",
+        "#{protocol == 'all' ? '-1' : protocol}-"
+      ]
+      "nacl-#{Crc32.hashcode(terraform_id_components.join)}"
+    }
+  }
+
+  def support_tags?
+    false
+  end
+
+  def self._fetch_remote_resources
+    AwsClients
+      .ec2
+      .describe_network_acls['network_acls']
+      .map(&:to_h)
+      .select { |network_acl| !network_acl[:entries].empty? }
+      .map { |network_acl| _generate_rules(network_acl) }
+      .flatten
+  end
+
+  def self._generate_rules(network_acl)
+    network_acl[:entries].map do |rule|
+      terraform_id_components = [
+        "#{network_acl[:network_acl_id]}-",
+        "#{rule[:rule_number]}-",
+        "#{rule[:egress]}-",
+        "#{rule[:protocol] == 'all' ? '-1' : rule[:protocol]}-"
+      ]
+      rule.merge({ _terraform_id: "nacl-#{Crc32.hashcode(terraform_id_components.join)}" })
+    end
+  end
+end

data/lib/geoengineer/resources/aws_route.rb

@@ -0,0 +1,47 @@
+########################################################################
+# AwsRoute is the +aws_route+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/route.html Terraform Docs}
+########################################################################
+class GeoEngineer::Resources::AwsRoute < GeoEngineer::Resource
+  validate -> { validate_required_attributes([:route_table_id, :destination_cidr_block]) }
+
+  after :initialize, -> { _terraform_id -> { NullObject.maybe(remote_resource)._terraform_id } }
+  after :initialize, -> { _geo_id -> { "#{route_table_id}::#{destination_cidr_block}" } }
+
+  def to_terraform_state
+    tfstate = super
+    tfstate[:primary][:attributes] = {
+      'route_table_id' => route_table_id,
+      'destination_cidr_block' => destination_cidr_block
+    }
+    tfstate
+  end
+
+  def support_tags?
+    false
+  end
+
+  def self._fetch_remote_resources
+    AwsClients
+      .ec2
+      .describe_route_tables['route_tables']
+      .map(&:to_h)
+      .map { |route_table| _extract_routes(route_table) }
+      .flatten
+      .compact
+  end
+
+  def self._extract_routes(route_table)
+    route_table[:routes]&.map do |route|
+      id = "r-#{route_table[:route_table_id]}#{Crc32.hashcode(route[:destination_cidr_block])}"
+      route.merge(
+        {
+          route_table_id: route_table[:route_table_id],
+          _terraform_id: id,
+          _geo_id: "#{route_table[:route_table_id]}::#{route[:destination_cidr_block]}"
+        }
+      )
+    end
+  end
+end

data/lib/geoengineer/resources/aws_route53_record.rb

@@ -15,6 +15,10 @@ class GeoEngineer::Resources::AwsRoute53Record < GeoEngineer::Resource
 
   after :initialize, -> { _terraform_id -> { "#{zone_id}_#{name}_#{type}" } }
 
+  def support_tags?
+    false
+  end
+
   def self._fetch_remote_resources
     _fetch_zones.map { |zone| _fetch_records_for_zone(zone) }.flatten.compact
   end

data/lib/geoengineer/resources/aws_route_table.rb

@@ -0,0 +1,26 @@
+########################################################################
+# AwsRouteTable is the +aws_route_table+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/route_table.html Terraform Docs}
+########################################################################
+class GeoEngineer::Resources::AwsRouteTable < GeoEngineer::Resource
+  validate -> { validate_required_attributes([:vpc_id]) }
+  validate -> { validate_has_tag(:Name) }
+  validate -> {
+    validate_subresource_required_attributes(:route, [:cider_block]) unless self.all_route.empty?
+  }
+
+  after :initialize, -> { _terraform_id -> { NullObject.maybe(remote_resource)._terraform_id } }
+  after :initialize, -> { _geo_id -> { NullObject.maybe(tags)[:Name] } }
+
+  def self._fetch_remote_resources
+    AwsClients.ec2.describe_route_tables['route_tables'].map(&:to_h).map do |route_table|
+      route_table.merge(
+        {
+          _terraform_id: route_table[:route_table_id],
+          _geo_id: route_table[:tags]&.find { |tag| tag[:key] == "Name" }&.dig(:value)
+        }
+      )
+    end
+  end
+end

data/lib/geoengineer/resources/aws_route_table_association.rb

@@ -0,0 +1,45 @@
+########################################################################
+# AwsRouteTableAssociation is the +aws_route_table_association+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/route_table_association.html Terraform Docs}
+########################################################################
+class GeoEngineer::Resources::AwsRouteTableAssociation < GeoEngineer::Resource
+  validate -> { validate_required_attributes([:subnet_id, :route_table_id]) }
+
+  after :initialize, -> { _terraform_id -> { NullObject.maybe(remote_resource)._terraform_id } }
+  after :initialize, -> { _geo_id -> { "#{subnet_id}::#{route_table_id}" } }
+
+  def to_terraform_state
+    tfstate = super
+    tfstate[:primary][:attributes] = {
+      'subnet_id' => subnet_id,
+      'route_table_id' => route_table_id
+    }
+    tfstate
+  end
+
+  def support_tags?
+    false
+  end
+
+  def self._fetch_remote_resources
+    AwsClients
+      .ec2
+      .describe_route_tables['route_tables']
+      .map(&:to_h)
+      .map { |route_table| route_table[:associations] }
+      .flatten
+      .compact
+      .reject { |association| association[:main] }
+      .map { |association| _merge_ids(association) }
+  end
+
+  def self._merge_ids(association)
+    association.merge(
+      {
+        _terraform_id: association[:route_table_association_id],
+        _geo_id: "#{association[:subnet_id]}::#{association[:route_table_id]}"
+      }
+    )
+  end
+end

data/lib/geoengineer/resources/aws_security_group.rb

@@ -31,7 +31,7 @@ class GeoEngineer::Resources::AwsSecurityGroup < GeoEngineer::Resource
     (self.all_ingress + self.all_egress).each do |in_eg|
       next unless in_eg.cidr_blocks
       in_eg.cidr_blocks.each do |cidr|
-        _, error = validate_cidr_block(cidr)
+        error = validate_cidr_block(cidr)
         errors << error unless error.nil?
       end
     end
@@ -44,10 +44,13 @@ class GeoEngineer::Resources::AwsSecurityGroup < GeoEngineer::Resource
 
   def self._fetch_remote_resources
     AwsClients.ec2.describe_security_groups['security_groups'].map(&:to_h).map do |sg|
-      sg[:name] = sg[:group_name]
-      sg[:_terraform_id] = sg[:group_id]
-      sg[:_geo_id] = sg[:tags] ? sg[:tags].select { |x| x[:key] == "Name" }.first[:value] : nil
-      sg
+      sg.merge(
+        {
+          name: sg[:group_name],
+          _terraform_id: sg[:group_id],
+          _geo_id: sg[:tags]&.find { |tag| tag[:key] == "Name" }&.dig(:value)
+        }
+      )
     end
   end
 end

data/lib/geoengineer/resources/aws_subnet.rb

@@ -0,0 +1,24 @@
+########################################################################
+# AwsSubnet is the +aws_subnet+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/subnet.html Terraform Docs}
+########################################################################
+class GeoEngineer::Resources::AwsSubnet < GeoEngineer::Resource
+  validate -> { validate_required_attributes([:cidr_block, :vpc_id]) }
+  validate -> { validate_has_tag(:Name) }
+  validate -> { validate_cidr_block(self.cidr_block) if self.cidr_block }
+
+  after :initialize, -> { _terraform_id -> { NullObject.maybe(remote_resource)._terraform_id } }
+  after :initialize, -> { _geo_id -> { NullObject.maybe(tags)[:Name] } }
+
+  def self._fetch_remote_resources
+    AwsClients.ec2.describe_subnets['subnets'].map(&:to_h).map do |subnet|
+      subnet.merge(
+        {
+          _terraform_id: subnet[:subnet_id],
+          _geo_id: subnet[:tags]&.find { |tag| tag[:key] == "Name" }&.dig(:value)
+        }
+      )
+    end
+  end
+end