geoengineer 0.1.0

data/lib/geoengineer/resources/aws_security_group.rb

@@ -0,0 +1,53 @@
+########################################################################
+# AwsSecurityGroup is the +aws_security_group+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/security_group.html Terraform Docs}
+########################################################################
+class GeoEngineer::Resources::AwsSecurityGroup < GeoEngineer::Resource
+  validate :validate_correct_cidr_blocks
+  validate -> { validate_required_attributes([:name, :description]) }
+  validate -> {
+    validate_subresource_required_attributes(:ingress, [:from_port, :protocol, :to_port])
+  }
+  validate -> {
+    validate_subresource_required_attributes(:egress, [:from_port, :protocol, :to_port])
+  }
+  validate -> { validate_has_tag(:Name) }
+
+  before :validation, -> { flatten_cidr_and_sg_blocks }
+
+  after :initialize, -> { _terraform_id -> { NullObject.maybe(remote_resource)._terraform_id } }
+  after :initialize, -> { _geo_id       -> { NullObject.maybe(tags)[:Name] } }
+
+  def flatten_cidr_and_sg_blocks
+    (self.all_ingress + self.all_egress).each do |in_eg|
+      in_eg.cidr_blocks      = in_eg.cidr_blocks.flatten     if in_eg.cidr_blocks
+      in_eg.security_groups  = in_eg.security_groups.flatten if in_eg.security_groups
+    end
+  end
+
+  def validate_correct_cidr_blocks
+    errors = []
+    (self.all_ingress + self.all_egress).each do |in_eg|
+      next unless in_eg.cidr_blocks
+      in_eg.cidr_blocks.each do |cidr|
+        _, error = validate_cidr_block(cidr)
+        errors << error unless error.nil?
+      end
+    end
+    errors
+  end
+
+  def short_type
+    "sg"
+  end
+
+  def self._fetch_remote_resources
+    AwsClients.ec2.describe_security_groups['security_groups'].map(&:to_h).map do |sg|
+      sg[:name] = sg[:group_name]
+      sg[:_terraform_id] = sg[:group_id]
+      sg[:_geo_id] = sg[:tags] ? sg[:tags].select { |x| x[:key] == "Name" }.first[:value] : nil
+      sg
+    end
+  end
+end

data/lib/geoengineer/resources/aws_ses_receipt_rule.rb

@@ -0,0 +1,38 @@
+########################################################################
+# AwsSesReceiptRule is the +ses_receipt_rule+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/ses_receipt_rule.html Terraform Docs}
+########################################################################
+class GeoEngineer::Resources::AwsSesReceiptRule < GeoEngineer::Resource
+  validate -> { validate_required_attributes([:name, :rule_set_name]) }
+
+  after :initialize, -> {
+    _terraform_id -> { NullObject.maybe(remote_resource)._terraform_id }
+  }
+  after :initialize, -> {
+    _geo_id -> { name.to_s }
+  }
+
+  def to_terraform_state
+    tfstate = super
+    tfstate[:primary][:attributes] = {
+      'name' => name,
+      'rule_set_name' => rule_set_name,
+      'enabled' => (enabled || 'false')
+    }
+    tfstate
+  end
+
+  def support_tags?
+    false
+  end
+
+  def self._fetch_remote_resources
+    AwsClients.ses.describe_active_receipt_rule_set.rules.map(&:to_h).map do |rule|
+      {
+        '_terraform_id' => rule[:name],
+        '_geo_id' => rule[:name]
+      }
+    end
+  end
+end

data/lib/geoengineer/resources/aws_ses_receipt_rule_set.rb

@@ -0,0 +1,28 @@
+########################################################################
+# AwsSesReceiptRuleSet is the +ses_receipt_rule_set+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/ses_receipt_rule_set.html Terraform Docs}
+########################################################################
+class GeoEngineer::Resources::AwsSesReceiptRuleSet < GeoEngineer::Resource
+  validate -> { validate_required_attributes([:rule_set_name]) }
+
+  after :initialize, -> {
+    _terraform_id -> { NullObject.maybe(remote_resource)._terraform_id }
+  }
+  after :initialize, -> {
+    _geo_id -> { rule_set_name.to_s }
+  }
+
+  def support_tags?
+    false
+  end
+
+  def self._fetch_remote_resources
+    AwsClients.ses.list_receipt_rule_sets.rule_sets.map(&:to_h).map do |rule_set|
+      {
+        '_terraform_id' => rule_set[:name],
+        '_geo_id' => rule_set[:name]
+      }
+    end
+  end
+end

data/lib/geoengineer/resources/aws_sns_topic.rb

@@ -0,0 +1,28 @@
+########################################################################
+# AwsSnsTopic is the +aws_sns_topic+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/sns_topic.html Terraform Docs}
+########################################################################
+class GeoEngineer::Resources::AwsSnsTopic < GeoEngineer::Resource
+  validate -> { validate_required_attributes([:name]) }
+
+  after :initialize, -> {
+    _terraform_id -> {
+      "arn:aws:sns:#{environment.region}:#{environment.account_id}:#{name}"
+    }
+  }
+
+  def support_tags?
+    false
+  end
+
+  def self._fetch_remote_resources
+    AwsClients.sns.list_topics.topics.map(&:to_h).map do |topic|
+      {
+        '_terraform_id' => topic[:topic_arn],
+        '_geo_id' => topic[:topic_arn],
+        'name' => topic[:topic_arn].split(':').last
+      }
+    end
+  end
+end

data/lib/geoengineer/resources/aws_sns_topic_subscription.rb

@@ -0,0 +1,42 @@
+########################################################################
+# AwsSnsSubscription is the +sns_topic_subscription+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/sns_topic_subscription.html Terraform Docs}
+########################################################################
+class GeoEngineer::Resources::AwsSnsTopicSubscription < GeoEngineer::Resource
+  validate -> { validate_required_attributes([:protocol, :topic_arn, :endpoint]) }
+
+  after :initialize, -> {
+    _terraform_id -> { NullObject.maybe(remote_resource)._terraform_id }
+  }
+  after :initialize, -> {
+    _geo_id -> { "#{topic_arn}::#{protocol}::#{endpoint}" }
+  }
+
+  def to_terraform_state
+    tfstate = super
+    tfstate[:primary][:attributes] = {
+      'topic_arn' => topic_arn,
+      'endpoint' => endpoint,
+      'protocol' => protocol,
+      'confirmation_timeout_in_minutes' => "1",
+      'endpoint_auto_confirms' => "false"
+    }
+    tfstate
+  end
+
+  def support_tags?
+    false
+  end
+
+  def self._fetch_remote_resources
+    AwsClients.sns.list_subscriptions.subscriptions.map(&:to_h).map do |subscription|
+      {
+        '_terraform_id' => subscription[:subscription_arn],
+        '_geo_id' => "#{subscription[:topic_arn]}::" \
+                     "#{subscription[:protocol]}::" \
+                     "#{subscription[:endpoint]}"
+      }
+    end
+  end
+end

data/lib/geoengineer/resources/aws_sqs_queue.rb

@@ -0,0 +1,37 @@
+########################################################################
+# AwsSqsQueue is the +aws_sqs_queue+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/sqs_queue.html Terraform Docs}
+########################################################################
+class GeoEngineer::Resources::AwsSqsQueue < GeoEngineer::Resource
+  validate -> { validate_required_attributes([:name]) }
+
+  after :initialize, -> {
+    _terraform_id -> {
+      "https://sqs.#{environment.region}.amazonaws.com/#{environment.account_id}/#{name}"
+    }
+  }
+
+  # The loadbalancer and the instance ports are necessary in the terraform state for the policy
+  def to_terraform_state
+    tfstate = super
+    tfstate[:primary][:attributes] = {
+      'name' => name
+    }
+    tfstate
+  end
+
+  def support_tags?
+    false
+  end
+
+  def self._fetch_remote_resources
+    AwsClients.sqs.list_queues['queue_urls'].map do |queue|
+      {
+        '_terraform_id' => queue,
+        '_geo_id' => queue,
+        'name' => URI.parse(queue).path.split('/').last
+      }
+    end
+  end
+end

data/lib/geoengineer/resources/iam/statement.rb

@@ -0,0 +1,43 @@
+module GeoEngineer::IAM
+  ########################################################################
+  # A Statement object is a single iam policy statement with a Sid,
+  # effect, action, and condition. Used to assist validating IAM policies.
+  ########################################################################
+  class Statement
+    attr_reader :sid, :action, :effect
+
+    def initialize(raw)
+      @action = raw["Action"]
+      @effect = raw["Effect"]
+      @raw = raw
+      @sid = raw["Sid"]
+    end
+
+    def secure_transport?
+      secure_transport = @raw.dig('Condition', 'Bool', 'aws:SecureTransport')
+      secure_transport == "true"
+    end
+
+    def ip_restrictions
+      cidr_blocks = []
+      cidr_blocks << @raw.dig('Condition', 'IpAddress', 'aws:SourceIP')
+      cidr_blocks << @raw.dig('Condition', 'IpAddressIfExists', 'aws:SourceIP')
+      cidr_blocks.flatten.compact
+    end
+
+    def ip_restriction_exists?
+      return true unless ip_restrictions.empty?
+    end
+
+    def vpc_restrictions
+      vpcs = []
+      vpcs << @raw.dig('Condition', 'StringEqualsifExists', 'aws:sourceVpce')
+      vpcs << @raw.dig('Condition', 'ForAnyValue:StringEquals', 'aws:sourceVpce')
+      vpcs.flatten.compact
+    end
+
+    def vpc_restriction_exists?
+      return true unless vpc_restrictions.empty?
+    end
+  end
+end

data/lib/geoengineer/sub_resource.rb

@@ -0,0 +1,35 @@
+########################################################################
+# SubResources are included in resources with their own rules
+#
+# For example, +ingress+ in +aws_security_group+ is a subresource.
+#
+# A SubResource can have arbitrary attributes
+########################################################################
+class GeoEngineer::SubResource
+  include HasAttributes
+
+  attr_reader :type
+
+  def initialize(resource, type, &block)
+    @resource = resource
+    @type = type.to_s
+    instance_exec(self, &block) if block_given?
+  end
+
+  def _terraform_id
+    @resource._terraform_id
+  end
+
+  def to_terraform
+    sb = ["  #{@type} { "]
+    sb.concat terraform_attributes.map { |k, v|
+      "    #{k.to_s.inspect} = #{v.inspect}"
+    }
+    sb << "  }"
+    sb.join("\n")
+  end
+
+  def to_terraform_json
+    [@type, terraform_attributes]
+  end
+end

data/lib/geoengineer/template.rb

@@ -0,0 +1,28 @@
+########################################################################
+# Override to define recommended patterns of resource use
+########################################################################
+class GeoEngineer::Template
+  include HasAttributes
+  include HasResources
+
+  def initialize(name, project, parameters = {})
+    @project = project
+    @name = name
+    @environment = @project.environment
+  end
+
+  def resource(type, id, &block)
+    return find_resource(type, id) unless block_given?
+    resource = create_resource(type, id, &block)
+    resource.template = self
+    resource.project = @project
+    resource.environment = @environment
+    resource
+  end
+
+  # The resources that are passed to the block on instantiation
+  # This can be overridden to specify the order of the templates resources
+  def template_resources
+    resources
+  end
+end

data/lib/geoengineer/utils/aws_clients.rb

@@ -0,0 +1,63 @@
+########################################################################
+# AwsClients contains a list of aws-clients for use
+# The main reason for their central management is their initialisation testing and stubbing
+########################################################################
+class AwsClients
+  def self.stub!
+    @stub_aws = true
+  end
+
+  def self.stubbed?
+    @stub_aws || false
+  end
+
+  # Clients
+
+  def self.ec2
+    @aws_ec2 ||= Aws::EC2::Client.new({ stub_responses: stubbed? })
+  end
+
+  def self.elasticache
+    @aws_elasticache ||= Aws::ElastiCache::Client.new({ stub_responses: stubbed? })
+  end
+
+  def self.elasticsearch
+    @aws_elasticsearch ||= Aws::ElasticsearchService::Client.new({ stub_responses: stubbed? })
+  end
+
+  def self.elb
+    @aws_elb ||= Aws::ElasticLoadBalancing::Client.new({ stub_responses: stubbed? })
+  end
+
+  def self.iam
+    @aws_iam ||= Aws::IAM::Client.new({ stub_responses: stubbed? })
+  end
+
+  def self.rds
+    @aws_rds ||= Aws::RDS::Client.new({ stub_responses: stubbed? })
+  end
+
+  def self.redshift
+    @aws_redshift ||= Aws::Redshift::Client.new({ stub_responses: stubbed? })
+  end
+
+  def self.route53
+    @aws_route53 ||= Aws::Route53::Client.new({ stub_responses: stubbed? })
+  end
+
+  def self.s3
+    @aws_s3 ||= Aws::S3::Client.new({ stub_responses: stubbed? })
+  end
+
+  def self.ses
+    @aws_ses ||= Aws::SES::Client.new({ stub_responses: stubbed? })
+  end
+
+  def self.sns
+    @aws_sns ||= Aws::SNS::Client.new({ stub_responses: stubbed? })
+  end
+
+  def self.sqs
+    @aws_sqs ||= Aws::SQS::Client.new({ stub_responses: stubbed? })
+  end
+end

data/lib/geoengineer/utils/has_attributes.rb

@@ -0,0 +1,97 @@
+########################################################################
+# HasAttributes allows objects to have arbitrary attributes associated with it.
+########################################################################
+module HasAttributes
+  def attributes
+    @_attributes = {} unless @_attributes
+    @_attributes
+  end
+
+  def [](key)
+    retrieve_attribute(key.to_s)
+  end
+
+  def []=(key, val)
+    assign_attribute(key.to_s, [val])
+  end
+
+  def delete(key)
+    attributes.delete(key.to_s)
+  end
+
+  def assign_block(name, *args, &block)
+    throw "#{self.class.inspect} cannot handle block"
+  end
+
+  def assign_attribute(name, args)
+    # this is a setter
+    name = name[0...-1] if name.end_with?"="
+    val = args.length == 1 ? args[0] : args
+    attributes[name] = val
+    val
+  end
+
+  def retrieve_attribute(name)
+    # this is a getter
+    val = attributes[name]
+    val = attribute_missing(name) if val.nil?
+    if val.is_a? Proc
+      val = val.call()
+      # cache the value to override the Proc
+      attributes[name] = val
+    end
+    val
+  end
+
+  def attribute_missing(name)
+    nil
+  end
+
+  # This method allows attributes to be defined on an instance
+  # without explicitly defining which attributes are allowed
+  #
+  # The flow is:
+  # 1. If the method receives a block, it will pass it to the `assign_block` method to be handled.
+  #    By default this method will throw an error, but can be overridden by the class.
+  # 2. If the method has one or more argument it will assume it is a setter
+  #    and store the argument as an attribute.
+  # 3. If the method has no arguments it will assume it is a getter and retrieve the value.
+  #    If the retrieved value is a `Proc` it will execute it and store the returned value,
+  #    this will allow for caching expensive calls and only calling if requested
+  def method_missing(name, *args, &block)
+    name = name.to_s
+    if block_given?
+      # A class can override a
+      assign_block(name, *args, &block)
+    elsif args.length >= 1
+      assign_attribute(name, args)
+    elsif args.empty?
+      retrieve_attribute(name)
+    end
+  end
+
+  # must override because of Object#timeout
+  def timeout(*args)
+    method_missing(:timeout, *args)
+  end
+
+  # This method creates a set of attributes for terraform to consume
+  def terraform_attributes
+    attributes
+      .select { |k, v| !k.nil? && !k.start_with?('_') }
+      .map { |k, v| [k, terraform_attribute_ref(k)] }
+      .select { |k, v| !v.nil? }
+      .to_h
+  end
+
+  def terraform_attribute_ref(k)
+    v = retrieve_attribute(k)
+    if v.is_a? GeoEngineer::Resource # convert Resource to reference for terraform
+      v.to_ref
+    elsif v.is_a? Array # map resources if attribute is an array
+      v.map { |vi| vi.is_a?(GeoEngineer::Resource) ? vi.to_ref : vi }
+    else
+      v
+    end
+  end
+end