RubyGems - geoengineer - Versions diffs - 0.1.2 → 0.1.3 - Mend

geoengineer 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/lib/geoengineer/cli/geo_cli.rb +16 -5
data/lib/geoengineer/cli/status_command.rb +38 -46
data/lib/geoengineer/cli/terraform_commands.rb +8 -2
data/lib/geoengineer/environment.rb +5 -1
data/lib/geoengineer/resource.rb +54 -35
data/lib/geoengineer/resources/aws_cloudwatch_metric_alarm.rb +48 -0
data/lib/geoengineer/resources/aws_iam_account_password_policy.rb +32 -0
data/lib/geoengineer/resources/aws_iam_instance_profile.rb +28 -0
data/lib/geoengineer/resources/aws_iam_policy.rb +5 -5
data/lib/geoengineer/resources/aws_iam_user.rb +3 -3
data/lib/geoengineer/resources/aws_kms_key.rb +27 -0
data/lib/geoengineer/resources/aws_lambda_function.rb +3 -0
data/lib/geoengineer/resources/aws_lambda_permission.rb +24 -18
data/lib/geoengineer/resources/aws_ses_receipt_rule.rb +2 -2
data/lib/geoengineer/resources/aws_ses_receipt_rule_set.rb +2 -2
data/lib/geoengineer/resources/aws_sns_topic.rb +3 -3
data/lib/geoengineer/resources/aws_sns_topic_subscription.rb +17 -6
data/lib/geoengineer/resources/aws_sqs_queue.rb +3 -3
data/lib/geoengineer/template.rb +3 -0
data/lib/geoengineer/utils/aws_clients.rb +7 -0
data/lib/geoengineer/version.rb +1 -1
data/spec/resource_spec.rb +119 -18
data/spec/resources/aws_cloudwatch_metric_alarm_spec.rb +38 -0
data/spec/resources/aws_iam_account_password_policy_spec.rb +51 -0
data/spec/resources/aws_iam_instance_profile_spec.rb +40 -0
data/spec/resources/aws_kinesis_stream_spec.rb +1 -0
data/spec/resources/aws_kms_key_spec.rb +44 -0
data/spec/resources/aws_lambda_permission_spec.rb +0 -38
metadata +17 -5
metadata.gz.sig +0 -0

data/lib/geoengineer/resources/aws_iam_account_password_policy.rb ADDED Viewed

@@ -0,0 +1,32 @@
+########################################################################
+# AwsIamPasswordPolicy +aws_iam_password_policy+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/iam_account_password_policy.html Terraform Docs}
+########################################################################
+class GeoEngineer::Resources::AwsIamAccountPasswordPolicy < GeoEngineer::Resource
+  # There can only be a single IAM account password policy - use this constant as the Geo ID
+  SINGLETON_ID = 'GEO_SINGLETON_RESOURCE_ID'.freeze
+  validate -> { validate_required_attributes([:allow_users_to_change_password]) }
+  after :initialize, -> {
+    _terraform_id -> { NullObject.maybe(remote_resource)._terraform_id }
+  }
+  after :initialize, -> { _geo_id -> { SINGLETON_ID } }
+  def support_tags?
+    false
+  end
+  def find_remote_as_individual?
+    true
+  end
+  def remote_resource_params
+    password_policy = AwsClients.iam.get_account_password_policy.password_policy.to_h
+    password_policy.merge({ _geo_id: SINGLETON_ID, _terraform_id: SINGLETON_ID })
+  rescue Aws::IAM::Errors::NoSuchEntity
+    {}
+  end
+end

data/lib/geoengineer/resources/aws_iam_instance_profile.rb ADDED Viewed

@@ -0,0 +1,28 @@
+########################################################################
+# AwsIamInstanceProfile +aws_iam_instance_profile+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/iam_instance_profile.html Terraform Docs}
+########################################################################
+class GeoEngineer::Resources::AwsIamInstanceProfile < GeoEngineer::Resource
+  validate -> { validate_required_attributes([:name, :roles]) }
+  before :validation, -> { policy_arn _policy.to_ref(:arn) if _policy }
+  after :initialize, -> { _terraform_id -> { NullObject.maybe(remote_resource)._terraform_id } }
+  after :initialize, -> { _geo_id -> { name.to_s } }
+  def support_tags?
+    false
+  end
+  def self._fetch_remote_resources
+    profiles = AwsClients.iam.list_instance_profiles['instance_profiles'].map(&:to_h)
+    profiles.map do |p|
+      {
+        name: p[:instance_profile_name],
+        _geo_id: p[:instance_profile_name],
+        _terraform_id: p[:instance_profile_name]
+      }
+    end
+  end
+end

data/lib/geoengineer/resources/aws_iam_policy.rb CHANGED Viewed

@@ -51,11 +51,11 @@ class GeoEngineer::Resources::AwsIamPolicy < GeoEngineer::Resource
   def self._fetch_remote_resources
     _all_remote_policies.map(&:to_h).map do |policy|
       {
-        '_terraform_id' => policy[:arn],
-        '_geo_id' => policy[:policy_name],
-        'arn' => policy[:arn],
-        'default_version_id' => policy[:default_version_id],
-        'name' => policy[:policy_name]
+        _terraform_id: policy[:arn],
+        _geo_id: policy[:policy_name],
+        arn: policy[:arn],
+        default_version_id: policy[:default_version_id],
+        name: policy[:policy_name]
       }
     end
   end

data/lib/geoengineer/resources/aws_iam_user.rb CHANGED Viewed

@@ -33,9 +33,9 @@ class GeoEngineer::Resources::AwsIamUser < GeoEngineer::Resource
   def self._fetch_remote_resources
     _all_remote_users.map do |user|
       {
-        '_terraform_id' => user[:user_name],
-        '_geo_id' => user[:user_name],
-        'name' => user[:user_name]
+        _terraform_id: user[:user_name],
+        _geo_id: user[:user_name],
+        name: user[:user_name]
       }
     end
   end

data/lib/geoengineer/resources/aws_kms_key.rb ADDED Viewed

@@ -0,0 +1,27 @@
+########################################################################
+# AwsKmsKey is the +aws_kms_key+ terrform resource,
+#
+# {https://www.terraform.io/docs/providers/aws/r/kms_key.html}
+########################################################################
+class GeoEngineer::Resources::AwsKmsKey < GeoEngineer::Resource
+  validate -> { validate_required_attributes([:description]) }
+  after :initialize, -> { _terraform_id -> { NullObject.maybe(remote_resource)._terraform_id } }
+  after :initialize, -> { _geo_id -> { description } }
+  def self._fetch_remote_resources
+    keys = AwsClients.kms.list_keys[:keys].map do |i|
+      AwsClients.kms.describe_key({ key_id: i.key_id }).key_metadata.to_h
+    end
+    keys.map do |k|
+      k[:_terraform_id] = k[:key_id]
+      k[:_geo_id] = k[:description]
+      k
+    end
+  end
+  def support_tags?
+    false
+  end
+end

data/lib/geoengineer/resources/aws_lambda_function.rb CHANGED Viewed

@@ -26,6 +26,9 @@ class GeoEngineer::Resources::AwsLambdaFunction < GeoEngineer::Resource
       's3_bucket' => (s3_bucket || ""),
       's3_key' => (s3_key || "")
     }
+    tfstate[:primary][:attributes]['filename'] = filename if filename
     tfstate
   end

data/lib/geoengineer/resources/aws_lambda_permission.rb CHANGED Viewed

@@ -40,38 +40,26 @@ class GeoEngineer::Resources::AwsLambdaPermission < GeoEngineer::Resource
     nil
   end
-  def self._deep_symbolize_keys(obj)
-    if obj.is_a?(Hash)
-      obj.each_with_object({}) do |(key, value), hash|
-        hash[key.to_sym] = _deep_symbolize_keys(value)
-      end
-    elsif obj.is_a?(Array)
-      obj.map { |value| _deep_symbolize_keys(value) }
-    else
-      obj
-    end
-  end
   def self._create_permission(function)
     policy = function[:policy]
     policy[:Statement].map do |statement|
-      # Note that the keys for a statement objection are all CamelCased
+      # Note that the keys for a statement object are all CamelCased
       # Whereas most other keys in this repo are snake_cased
       statement.merge(
         {
           _terraform_id: statement[:Sid],
           function_name: function[:function_name],
-          function_version: function[:version]
+          function_version: function[:version],
+          qualifer: function[:qualifer] || "$LATEST",
+          statement_id: statement[:Sid]
         }
       )
     end
   end
   # Right now, this only fetches policies for the $LATEST version
-  # If we want to support fetching the permissions for all of the aliases as well,
-  # We'll need to add another call per function, bring total calls to 2N+1...
-  # Same deal if we need to support older versions...
-  # (excluding any extra calls for pagination). Less than ideal...
+  # If you want to fetch the policy for a version other than $LATEST
+  # set `find_remote_as_individual?` to `true` for that resource
   def self._fetch_remote_resources
     _fetch_functions
       .map { |function| _fetch_policy(function) }
@@ -80,4 +68,22 @@ class GeoEngineer::Resources::AwsLambdaPermission < GeoEngineer::Resource
       .flatten
       .compact
   end
+  def remote_resource_params
+    params = { function_name: function_name }
+    params[:qualifier] = qualifier if qualifier
+    begin
+      policy = _fetch_policy(params)[:policy]
+      return {} if policy.nil?
+    rescue Aws::Lambda::Errors::ResourceNotFoundException
+      return {}
+    end
+    permission = _create_permission(policy).find do |statement|
+      statement[:_terraform_id] == statement_id
+    end
+    permission || {}
+  end
 end

data/lib/geoengineer/resources/aws_ses_receipt_rule.rb CHANGED Viewed

@@ -30,8 +30,8 @@ class GeoEngineer::Resources::AwsSesReceiptRule < GeoEngineer::Resource
   def self._fetch_remote_resources
     AwsClients.ses.describe_active_receipt_rule_set.rules.map(&:to_h).map do |rule|
       {
-        '_terraform_id' => rule[:name],
-        '_geo_id' => rule[:name]
+        _terraform_id: rule[:name],
+        _geo_id: rule[:name]
       }
     end
   end

data/lib/geoengineer/resources/aws_ses_receipt_rule_set.rb CHANGED Viewed

@@ -20,8 +20,8 @@ class GeoEngineer::Resources::AwsSesReceiptRuleSet < GeoEngineer::Resource
   def self._fetch_remote_resources
     AwsClients.ses.list_receipt_rule_sets.rule_sets.map(&:to_h).map do |rule_set|
       {
-        '_terraform_id' => rule_set[:name],
-        '_geo_id' => rule_set[:name]
+        _terraform_id: rule_set[:name],
+        _geo_id: rule_set[:name]
       }
     end
   end

data/lib/geoengineer/resources/aws_sns_topic.rb CHANGED Viewed

@@ -19,9 +19,9 @@ class GeoEngineer::Resources::AwsSnsTopic < GeoEngineer::Resource
   def self._fetch_remote_resources
     AwsClients.sns.list_topics.topics.map(&:to_h).map do |topic|
       {
-        '_terraform_id' => topic[:topic_arn],
-        '_geo_id' => topic[:topic_arn],
-        'name' => topic[:topic_arn].split(':').last
+        _terraform_id: topic[:topic_arn],
+        _geo_id: topic[:topic_arn],
+        name: topic[:topic_arn].split(':').last
       }
     end
   end

data/lib/geoengineer/resources/aws_sns_topic_subscription.rb CHANGED Viewed

@@ -20,7 +20,8 @@ class GeoEngineer::Resources::AwsSnsTopicSubscription < GeoEngineer::Resource
       'endpoint' => endpoint,
       'protocol' => protocol,
       'confirmation_timeout_in_minutes' => "1",
-      'endpoint_auto_confirms' => "false"
+      'endpoint_auto_confirms' => "false",
+      'raw_message_delivery' => "false"
     }
     tfstate
   end
@@ -30,13 +31,23 @@ class GeoEngineer::Resources::AwsSnsTopicSubscription < GeoEngineer::Resource
   end
   def self._fetch_remote_resources
-    AwsClients.sns.list_subscriptions.subscriptions.map(&:to_h).map do |subscription|
+    _get_all_subscriptions.map do |subscription|
       {
-        '_terraform_id' => subscription[:subscription_arn],
-        '_geo_id' => "#{subscription[:topic_arn]}::" \
-                     "#{subscription[:protocol]}::" \
-                     "#{subscription[:endpoint]}"
+        _terraform_id: subscription[:subscription_arn],
+        _geo_id: "#{subscription[:topic_arn]}::" \
+                 "#{subscription[:protocol]}::" \
+                 "#{subscription[:endpoint]}"
       }
     end
   end
+  def self._get_all_subscriptions
+    subs_page = AwsClients.sns.list_subscriptions
+    subs = subs_page.subscriptions.map(&:to_h)
+    while subs_page.next_token
+      subs_page = AwsClients.sns.list_subscriptions({ next_token: subs_page.next_token })
+      subs.concat subs_page.subscriptions.map(&:to_h)
+    end
+    subs
+  end
 end

data/lib/geoengineer/resources/aws_sqs_queue.rb CHANGED Viewed

@@ -28,9 +28,9 @@ class GeoEngineer::Resources::AwsSqsQueue < GeoEngineer::Resource
   def self._fetch_remote_resources
     AwsClients.sqs.list_queues['queue_urls'].map do |queue|
       {
-        '_terraform_id' => queue,
-        '_geo_id' => queue,
-        'name' => URI.parse(queue).path.split('/').last
+        _terraform_id: queue,
+        _geo_id: queue,
+        name: URI.parse(queue).path.split('/').last
       }
     end
   end

data/lib/geoengineer/template.rb CHANGED Viewed

@@ -5,8 +5,11 @@ class GeoEngineer::Template
   include HasAttributes
   include HasResources
+  attr_accessor :name, :parameters
   def initialize(name, parent, parameters = {})
     @name = name
+    @parameters = parameters
     case parent
     when GeoEngineer::Project then add_project_attributes(parent)
     when GeoEngineer::Environment then add_env_attributes(parent)

data/lib/geoengineer/utils/aws_clients.rb CHANGED Viewed

@@ -12,6 +12,9 @@ class AwsClients
   end
   # Clients
+  def self.cloudwatch
+    @aws_cloudwatch ||= Aws::CloudWatch::Client.new({ stub_responses: stubbed? })
+  end
   def self.cloudwatchevents
     @aws_cloudwatchevents ||= Aws::CloudWatchEvents::Client.new({ stub_responses: stubbed? })
@@ -80,4 +83,8 @@ class AwsClients
   def self.cloudtrail
     @aws_cloudtrail ||= Aws::CloudTrail::Client.new({ stub_responses: stubbed? })
   end
+  def self.kms
+    @aws_kms ||= Aws::KMS::Client.new({ stub_responses: stubbed? })
+  end
 end

data/lib/geoengineer/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module GeoEngineer
-  VERSION = '0.1.2'.freeze
+  VERSION = '0.1.3'.freeze
 end

data/spec/resource_spec.rb CHANGED Viewed

@@ -6,7 +6,9 @@ class GeoEngineer::RemoteResources < GeoEngineer::Resource
   end
 end
-describe("GeoEngineer::Resource") do
+describe GeoEngineer::Resource do
+  let(:env) { GeoEngineer::Environment.new("testing") }
   describe '#remote_resource' do
     it 'should return a list of resources' do
       rem_res = GeoEngineer::RemoteResources.new('rem', 'id') {
@@ -99,6 +101,24 @@ describe("GeoEngineer::Resource") do
     end
   end
+  describe '#_resources_to_ignore' do
+    it 'lets you ignore certain resources' do
+      class GeoEngineer::IgnorableResources < GeoEngineer::Resource
+        def self._fetch_remote_resources
+          [{ _geo_id: "geoid1" }, { _geo_id: "geoid2" }]
+        end
+        def self._resources_to_ignore
+          ["geoid1"]
+        end
+      end
+      resources = GeoEngineer::IgnorableResources.fetch_remote_resources()
+      expect(resources.length).to eq 1
+      expect(resources[0]._geo_id).to eq "geoid2"
+    end
+  end
   describe '#validate_required_subresource' do
     it 'should return errors if it does not have a tag' do
       class GeoEngineer::HasSRAttrResource < GeoEngineer::Resource
@@ -168,57 +188,100 @@ describe("GeoEngineer::Resource") do
   end
   describe '#validate_tag_merge' do
-    it 'should combine resource and project tags' do
-      project = GeoEngineer::Project.new('org', 'project_name', 'test') {
+    it 'combines resource and parent tags' do
+      environment = GeoEngineer::Environment.new('test') {
+        tags {
+          a '1'
+        }
+      }
+      project = GeoEngineer::Project.new('org', 'project_name', environment) {
+        tags {
+          b  '2'
+        }
+      }
+      resource = project.resource('type', '1') {
+        tags {
+          c  '3'
+        }
+      }
+      resource.merge_parent_tags
+      expect(resource.tags.attributes).to eq({ 'a' => '1', 'b' => '2', 'c' => '3' })
+    end
+    it 'works if just project is present' do
+      project = GeoEngineer::Project.new('org', 'project_name', nil) {
         tags {
           a  '1'
         }
       }
       resource = project.resource('type', '1') {
         tags {
-          d  '4'
+          b  '2'
         }
       }
-      resource.merge_project_tags
-      expect(resource.tags.attributes).to eq({ 'a' => '1', 'd' => '4' })
+      resource.merge_parent_tags
+      expect(resource.tags.attributes).to eq({ 'a' => '1', 'b' => '2' })
     end
-    it 'should give priority to resource tags' do
-      project = GeoEngineer::Project.new('org', 'project_name', 'test') {
+    it 'works if just environment is present' do
+      environment = GeoEngineer::Environment.new('test') {
         tags {
-          a  'project_value'
+          a  '1'
+        }
+      }
+      resource = environment.resource('type', '1') {
+        tags {
+          b  '2'
+        }
+      }
+      resource.merge_parent_tags
+      expect(resource.tags.attributes).to eq({ 'a' => '1', 'b' => '2' })
+    end
+    it 'uses priority: resource > project > environment' do
+      environment = GeoEngineer::Environment.new('test') {
+        tags {
+          a '1'
+        }
+      }
+      project = GeoEngineer::Project.new('org', 'project_name', environment) {
+        tags {
+          a  '2'
+          b  '1'
         }
       }
       resource = project.resource('type', '1') {
         tags {
-          a  'resource_value'
+          a  '3'
+          b  '2'
+          c  '1'
         }
       }
-      resource.merge_project_tags
-      expect(resource.tags.attributes).to eq({ 'a' => 'resource_value' })
+      resource.merge_parent_tags
+      expect(resource.tags.attributes).to eq({ 'a' => '3', 'b' => '2', 'c' => '1' })
     end
-    it 'should return project tags if there are no resource tags' do
-      project = GeoEngineer::Project.new('org', 'project_name', 'test') {
+    it 'returns project tags if there are no resource tags' do
+      project = GeoEngineer::Project.new('org', 'project_name', env) {
         tags {
           a  '1'
           b  '2'
         }
       }
       resource = project.resource('type', '1') {}
-      resource.merge_project_tags
+      resource.merge_parent_tags
       expect(resource.tags.attributes).to eq({ 'a' => '1', 'b' => '2' })
     end
-    it 'should return resource tags if there are no project tags' do
-      project = GeoEngineer::Project.new('org', 'project_name', 'test') {}
+    it 'returns resource tags if there are no project tags' do
+      project = GeoEngineer::Project.new('org', 'project_name', env) {}
       resource = project.resource('type', '1') {
         tags {
           c  '3'
           d  '4'
         }
       }
-      resource.merge_project_tags
+      resource.merge_parent_tags
       expect(resource.tags.attributes).to eq({ 'c' => '3', 'd' => '4' })
     end
   end
@@ -261,4 +324,42 @@ describe("GeoEngineer::Resource") do
       end
     end
   end
+  describe '#_deep_symbolize_keys' do
+    let(:simple_obj) { JSON.parse({ foo: "bar", baz: "qux" }.to_json) }
+    let(:complex_obj) do
+      JSON.parse(
+        {
+          foo: {
+            bar: {
+              baz: [
+                { qux: "quack" }
+              ]
+            }
+          },
+          bar: [
+            { foo: "bar" },
+            nil,
+            [{ baz: "qux" }],
+            1,
+            "baz"
+          ]
+        }.to_json
+      )
+    end
+    it "converts top level keys to symbols" do
+      expect(simple_obj.keys.include?(:foo)).to eq(false)
+      expect(simple_obj.keys.include?("foo")).to eq(true)
+      converted = described_class._deep_symbolize_keys(simple_obj)
+      expect(converted.keys.include?(:foo)).to eq(true)
+      expect(converted.keys.include?("foo")).to eq(false)
+    end
+    it "converts deeply nested keys to symbols" do
+      converted = described_class._deep_symbolize_keys(complex_obj)
+      expect(converted[:foo][:bar][:baz].first[:qux]).to eq("quack")
+      expect(converted[:bar].first[:foo]).to eq("bar")
+    end
+  end
 end