kumogata-template 0.0.1

data/lib/kumogata/template/iam.rb

@@ -0,0 +1,96 @@
+#
+# Helper - IAM
+#
+require 'kumogata/template/helper'
+
+def _iam_policies(name, args)
+  array = []
+  policies = args["#{name}".to_sym] || []
+  policies.each_with_index do |v, i|
+    array << _{
+      PolicyDocument _iam_policy_document("document", v)
+      PolicyName v[:name] || _resource_name("policy", i)
+    }
+  end
+  array
+end
+
+def _iam_policy_document(name, args)
+  array = []
+  documents = args["#{name}".to_sym] || []
+
+  documents.each do |v|
+    service = v[:service] || ""
+    action = v[:action] || [ "*" ]
+    next if service.empty? or action.empty?
+
+    actions = action.collect{|v| "#{service}:#{v}" }
+    if v.key? :resource
+      if v[:resource].is_a? String
+        resource = _iam_arn(service, v[:resource])
+      else
+        resource = v[:resource].collect{|v| _iam_arn(service, v) }
+      end
+    else
+      resource = [ "*" ]
+    end
+
+    array << _{
+      Effect v[:effect] || "Allow"
+      Action actions
+      Resource resource
+      Principal v[:principal] if v.key? :principal
+    }
+  end
+  array
+end
+
+def _iam_assume_role_policy_document(service)
+  [
+   _{
+     Effect "Allow"
+     Principal _{ Service [ "#{service}.amazonaws.com" ] }
+     Action [ "sts:AssumeRole" ]
+   }
+  ]
+end
+
+# Amazon Resource Names (ARNs) and AWS Service Namespaces
+# https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+def _iam_arn(service, resource)
+  arn_prefix = "arn:aws:#{service}"
+
+  case service
+  when "s3"
+    if resource.is_a? String
+      "#{arn_prefix}:::#{resource}"
+    else
+      resources = [ "#{arn_prefix}:::" ]
+      resource.each do |v|
+        if v =~ /^Ref_(.*)/
+          resources << _{ Ref _resource_name($1) }
+        else
+          resources << v
+        end
+      end
+      _{ Fn__Join "", resources }
+    end
+
+  when "cloudformation"
+    if resource == "*"
+      resource
+    else
+      "#{arn_prefix}:#{resource[:region]}:#{resource[:account_id]}:stack/#{resource[:stack]}"
+    end
+
+  when "iam"
+    if resource.key? :sts
+      "arn:aws:sts::#{account_id}:#{resource[:type]}/#{resource[:user]}"
+    else
+      "#{arn_prefix}::#{account_id}:#{resource[:type]}/#{resource[:user]}"
+    end
+
+  when "elasticloadbalancing"
+    "#{arn_prefix}:*:*:loadbalancer/#{resource}"
+  end
+end

data/lib/kumogata/template/lambda.rb

@@ -0,0 +1,34 @@
+#
+# Helper - Lambda
+#
+require 'kumogata/template/helper'
+
+def _lambda_function_code(args)
+  return "" unless args.key? :code
+
+  code = args[:code]
+  s3_bucket = code[:s3_bucket]
+  s3_key = code[:s3_key]
+  s3_object_version = code[:s3_object_version] || ""
+
+  _{
+    S3Bucket s3_bucket
+    S3Key s3_key
+    S3ObjectVersion s3_object_version unless s3_object_version.empty?
+    #ZipFile
+  }
+end
+
+def _lambda_vpc_config(args)
+  return "" unless args.key? :vpc
+
+  vpc = args[:vpc]
+  security_group_ids = _ref_array("security_groups", vpc, "security group")
+  subnet_ids = _ref_array("subnets", vpc, "subnet")
+  return {} if security_group_ids.empty? and subnet_ids.empty?
+
+  _{
+    SecurityGroupIds security_group_ids unless security_group_ids.empty?
+    SubnetIds subnet_ids unless subnet_ids.empty?
+  }
+end

data/lib/kumogata/template/s3.rb

@@ -0,0 +1,223 @@
+#
+# Helper - S3
+#
+require 'kumogata/template/helper'
+
+def _s3_cors(args)
+  rules = args[:cors] || []
+
+  array = []
+  rules.each do |rule|
+    array << _{
+      AllowedHeaders _array(rule[:headers]) if rule.key? :headers
+      AllowedMethods _array(rule[:methods])
+      AllowedOrigins _array(rule[:origins])
+      ExposedHeaders _array(rule[:exposed_headers]) if rule.key? :exposed_headers
+      Id rule[:id] if rule.key? :id
+      MaxAge rule[:max_age] if rule.key? :max_age
+    }
+  end
+  return [] if array.empty?
+
+  _{
+    CorsRules array
+  }
+end
+
+def _s3_lifecycle(args)
+  rules = args[:lifecycle] || []
+  expiration_values = %w( ExpirationDate
+                          NoncurrentVersionExpirationInDays
+                          NoncurrentVersionTransition NoncurrentVersionTransitions
+                          Transition Transitions )
+  status_values = %w( Enabled Disabled )
+
+  array = []
+  rules.each do |rule|
+    expiration_date = _valid_values(rule[:expiration_date],
+                                    expiration_values, "ExpirationInDays")
+    noncurrent_transitions = _s3_lifecycle_noncurrent_version_transition(rule)
+    status = _valid_values(rule[:status], status_values, "Enabled")
+    transitions = _s3_lifecycle_transition(rule)
+    array << _{
+      ExpirationDate expiration_date if rule.key? :expiration_date
+      ExpirationInDays rule[:expiration_in_days] if rule.key? :expiration_in_days
+      Id rule[:id] if rule.key? :id
+      NoncurrentVersionExpirationInDays rule[:non_expiration_in_days] if rule.key? :non_expiration_in_days
+      NoncurrentVersionTransitions noncurrent_transitions unless noncurrent_transitions.empty?
+      Prefix rule[:prefix] if rule.key? :prefix
+      Status status
+      Transitions transitions unless transitions.empty?
+    }
+  end
+  return [] if array.empty?
+
+  _{
+    Rules array
+  }
+end
+
+def _s3_lifecycle_noncurrent_version_transition(args)
+  transitions = args[:noncurrent_version_transitions] || []
+
+  array = []
+  transitions.each do |transition|
+    array << _{
+      StorageClass transition[:storage]
+      TransitionInDays transition[:transition]
+    }
+  end
+  array
+end
+
+def _s3_lifecycle_transition(args)
+  transitions = args[:transitions] || []
+
+  array = []
+  transitions.each do |transition|
+    array << _{
+      StorageClass transition[:storage]
+      TransitionDate transition[:date] if transition.key? :date
+      TransitionInDays transition[:in_days] if transition.key? :in_days
+    }
+  end
+  array
+end
+
+def _s3_logging(args)
+  return "" unless args.key? :logging
+  logging = args[:logging]
+
+  _{
+    DestinationBucketName logging[:destination]
+    LogFilePrefix logging[:prefix] || ""
+  }
+end
+
+def _s3_notification(args)
+  return "" unless args.key? :notification
+  notification = args[:notification]
+  lambda = _s3_notification_configuration(notification, :lambda)
+  queue = _s3_notification_configuration(notification, :queue)
+  topic = _s3_notification_configuration(notification, :topic)
+
+  _{
+    LambdaConfigurations lambda unless lambda.empty?
+    QueueConfigurations queue unless queue.empty?
+    TopicConfigurations topic unless topic.empty?
+  }
+end
+
+def _s3_notification_configuration(args, key)
+  values = args[key] || []
+
+  array = []
+  values.each do |value|
+    array << _{
+      Event value[:event]
+      Filter _{ S3Key value[:filter] } if value.key? :filter
+      case key
+      when :lambda
+        Function value[:function]
+      when :queue
+        Queue value[:queue]
+      when :topic
+        Topic value[:topic]
+      end
+    }
+  end
+  array
+end
+
+def _s3_replication(args)
+  return "" unless args.key? :replication
+  replication = args[:replication]
+  rules = _s3_replication_rules(replication)
+
+  _{
+    Role replication[:role]
+    Rules rules
+  }
+end
+
+def _s3_replication_rules(args)
+  rules = args[:rules] || []
+
+  array = []
+  rules.each do |rule|
+    destination = _s3_replication_rules_destination(rule[:destination])
+    array << _{
+      Destination destination
+      Id rule[:id]
+      Prefix rule[:prefix]
+      Status rule[:status]
+    }
+  end
+  array
+end
+
+def _s3_replication_rules_destination(args)
+  _{
+    Bucket args[:bucket]
+    StorageClass args[:storage]
+  }
+end
+
+def _s3_versioning(args)
+  return "" unless args.key? :versioning
+  versioning = args[:versioning]
+  status_values = %w( Enabled Disabled )
+  status = _valid_values(versioning[:status], status_values, "Enabled")
+
+  _{
+    Status status
+  }
+end
+
+def _s3_website(args)
+  return "" unless args.key? :website
+  website = args[:website]
+  redirect = _s3_website_redirect_all_request(website)
+  routing = _s3_website_routing_rules(website)
+
+  _{
+    ErrorDocument website[:error] || "404.html"
+    IndexDocument website[:index] || "index.html"
+    RedirectAllRequestsTo redirect unless redirect.empty?
+    RoutingRules routing unless routing.empty?
+  }
+end
+
+def _s3_website_redirect_all_request(args)
+  return "" unless args.key? :redirect
+  redirect = args[:redirect] || {}
+
+  _{
+    HostName redirect[:hostname]
+    Protocol _valid_values(redirect[:protocol], %w( http https ), "http")
+  }
+end
+
+def _s3_website_routing_rules(args)
+  routing = args[:routing] || []
+
+  array = []
+  routing.each do |route|
+    array << _{
+      RedirectRule do
+        redirect = route[:redirect] || {}
+        HostName redirect[:host] if redirect.key? :host
+        HttpRedirectCode redirect[:http] if redirect.key? :http
+        Protocol redirect[:protocol] if redirect.key? :protocol
+        ReplaceKeyPrefixWith redirect[:replace_key_prefix] if redirect.key? :replace_key_prefix
+        ReplaceKeyWith redirect[:replace_key_with] if redirect.key? :replace_key_with
+      end
+      RoutingRuleCondition do
+        routing = route[:routing] || {}
+        HttpErrorCodeReturnedEquals routing[:http]
+        KeyPrefixEquals routing[:key_prefix]
+      end
+    }
+  end
+  array
+end

data/lib/kumogata/template/sns.rb

@@ -0,0 +1,25 @@
+#
+# Helper - SNS
+#
+require 'kumogata/template/helper'
+
+def _sns_subscription(args)
+  array = []
+  types = args[:subscription] || []
+  types.each do |v|
+    protocol = _valid_values(v[:protocol],
+                             [ "http", "https", "email", "email-json", "sms", "sqs", "application", "lambda" ],
+                             "email")
+    case protocol
+    when "lambda", "sqs"
+      endpoint = _attr_string(v[:endpoint], "Arn")
+    else
+      endpoint = v[:endpoint]
+    end
+    array << _{
+      Endpoint endpoint
+      Protocol protocol
+    }
+  end
+  array
+end

data/lib/kumogata/template/version.rb

@@ -0,0 +1 @@
+KUMOGATA_TEMPLATE_VERSION = '0.0.1'

data/template/_template.rb

@@ -0,0 +1,25 @@
+AWSTemplateFormatVersion "2010-09-09"
+
+Description (<<-EOS).undent
+  Kumogata Template - #{NAME} stack
+EOS
+
+Parameters do
+  _parameter "name", default: "#{NAME}",
+                     description: "name of this stack"
+  _parameter "service", default: "service",
+                        description: "#{NAME} service"
+  _parameter "version", default: "1.0.0",
+                        description: "#{NAME} version"
+end
+
+Mappings do
+end
+
+Resources do
+  _s3_bucket "#{NAME}"
+end
+
+Outputs do
+  _output_s3 "#{NAME}"
+end

data/template/autoscaling-group.rb

@@ -0,0 +1,47 @@
+#
+# Autoscaling AutoScalingGroup resource
+# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html
+#
+require 'kumogata/template/helper'
+require 'kumogata/template/autoscaling'
+
+name = _resource_name(args[:name], "autoscaling group")
+azs = _availability_zones(args)
+cooldown = args[:cooldown] || -1
+desired = args[:desired] || ""
+health_check_grace = args[:health_check_grace] || -1
+health_check_type = _valid_values(args[:helath_check_type], %w( ec2 elb ), "ec2")
+instance = _ref_string("instance", args)
+launch = _ref_string("launch", args, "autoscaling launch configuration")
+load_balancers = _ref_array("load_balancers", args)
+max = args[:max] || 1
+metrics = [ _autoscaling_metrics ]
+min = args[:min] || 0
+max = min if max < min
+notifications = (args[:notifications] || []).collect{|v| _autoscaling_notification(v) }
+placement = args[:placement] || ""
+tags = _autoscaling_tags(args)
+termination = args[:termination] || []
+vpc_zones = _ref_array("vpc_zones", args, "subnet")
+
+_(name) do
+  Type "AWS::AutoScaling::AutoScalingGroup"
+  Properties do
+    AvailabilityZones azs if vpc_zones.empty?
+    Cooldown cooldown unless cooldown == -1
+    DesiredCapacity desired unless desired.empty?
+    HealthCheckGracePeriod health_check_grace unless health_check_grace == -1
+    HealthCheckType health_check_type.upcase
+    InstanceId instance unless instance.empty?
+    LaunchConfigurationName launch if instance.empty?
+    LoadBalancerNames load_balancers unless load_balancers.empty?
+    MaxSize max
+    MetricsCollection metrics
+    MinSize min
+    NotificationConfigurations notifications
+    PlacementGroup placement unless placement.empty?
+    Tags tags
+    TerminationPolicies termination unless termination.empty?
+    VPCZoneIdentifier vpc_zones unless vpc_zones.empty?
+  end
+end