kumogata-template 0.0.35 → 0.0.36

data/lib/kumogata/template/cloudfront.rb

@@ -5,9 +5,9 @@ require 'kumogata/template/helper'
 
 def _cloudfront_distribution_config(args)
   aliases = args[:aliases] || []
-  cache =
-    if args.key? :cache
-      _cloudfront_cache_behavior(args[:cache])
+  behaivors =
+    if args.key? :behaivors
+      args[:behaivors].collect{|v| _cloudfront_cache_behavior(v) }
     else
       ""
     end
@@ -20,10 +20,10 @@ def _cloudfront_distribution_config(args)
     end
   default_cache =
     if args.key? :default_cache
-      _cloudfront_cache_behavior(args[:default_cache], true)
+      _cloudfront_cache_behavior(args[:default_cache], args[:origins], true)
     else
       ""
-   end
+    end
   default_root = args[:default_root] || "index.html"
   enabled = _bool("enabled", args, true)
   http = _valid_values(args[:http], %w( http1.1 http2 ), "http2")
@@ -46,7 +46,7 @@ def _cloudfront_distribution_config(args)
 
   _{
     Aliases aliases unless aliases.empty?
-    CacheBehaviors cache unless comment.empty?
+    CacheBehaviors behaivors unless behaivors.empty?
     Comment comment unless comment.empty?
     CustomErrorResponses custom_errors unless custom_errors.empty?
     DefaultCacheBehavior default_cache unless default_cache.empty?
@@ -62,7 +62,7 @@ def _cloudfront_distribution_config(args)
   }
 end
 
-def _cloudfront_cache_behavior(args, default = false)
+def _cloudfront_cache_behavior(args, origins = [], default = false)
   allowed_methods =
     if args.key? :allowed_methods
       case args[:allowed_methods]
@@ -93,23 +93,20 @@ def _cloudfront_cache_behavior(args, default = false)
     else
       ""
     end
-  default_ttl = args[:default_ttl] || nil
-  forwarded_values =
-    if args.key? :forwarded
-      _cloudfront_forwarded_values(args[:forwarded])
-    else
-      ""
-    end
-  max_ttl = args[:max_ttl] || ""
-  min_ttl = args[:min_ttl] || ""
+  default_ttl = args[:default_ttl] || 86400
+  forwarded_values = _cloudfront_forwarded_values(args[:forwarded] || {})
+  lambda = (args[:lambda_functions] || []).collect{|v| _cloudfront_lambda(v) }
+  max_ttl = args[:max_ttl] || 31536000
+  min_ttl = args[:min_ttl] || 0
   path = args[:path]
   smooth =
     if args.key? :smooth
-      _bool(args[:smooth])
+      _bool("smooth", args, false)
     else
       ""
     end
-  target = args[:target]
+  target = args[:target] || ""
+  target = origins[0][:id] if target.empty? and (origins[0] and origins[0].is_a? Hash and origins[0][:id])
   trusted = args[:trusted] || ""
   viewer = _valid_values(args[:viewer], %w( allow-all redirect-to-https https-only ), "redirect-to-https")
 
@@ -119,8 +116,9 @@ def _cloudfront_cache_behavior(args, default = false)
     Compress compress unless compress.empty?
     DefaultTTL default_ttl unless default_ttl.nil?
     ForwardedValues forwarded_values
-    MaxTTL max_ttl unless max_ttl.empty?
-    MinTTL min_ttl unless min_ttl.empty?
+    LambdaFunctionAssociations lambda unless lambda.empty?
+    MaxTTL max_ttl unless max_ttl.nil?
+    MinTTL min_ttl unless min_ttl.nil?
     PathPattern path if default == false
     SmoothStreaming smooth unless smooth.empty?
     TargetOriginId target
@@ -158,8 +156,22 @@ def _cloudfront_forwarded_values(args)
   }
 end
 
+def _cloudfront_lambda(args)
+  return '' if args.empty?
+
+  event = _valid_values(args[:envet],
+                        %w( viewer-request origin-request origin-response viewer-response ),
+                        'viewer-request')
+  function = _ref_string('version', args, 'lambda version')
+
+  _{
+    EventType event
+    LambdaFunctionARN function
+  }
+end
+
 def _cloudfront_custom_error(args)
-  error_min_ttl = args[:error_min_ttl] || ""
+  error_min_ttl = args[:error_min_ttl] || 300
   error_code = args[:error_code] || 404
   response_code =
     if args.key? :response_code
@@ -175,21 +187,15 @@ def _cloudfront_custom_error(args)
     end
 
   _{
-    ErrorCachingMinTTL error_min_ttl unless error_min_ttl.empty?
+    ErrorCachingMinTTL error_min_ttl
     ErrorCode error_code
-    ResponseCode response_code unless response_code.nil?
-    ResponsePagePath response_page unless response_page.empty?
+    ResponseCode response_code
+    ResponsePagePath response_page
   }
 end
 
 def _cloudfront_custom_errors(args)
-  errors = args || []
-
-  array = []
-  errors.each do |error|
-    array << _cloudfront_custom_error(error)
-  end
-  array
+  (args || []).collect{|error| _cloudfront_custom_error(error) }
 end
 
 def _cloudfront_logging(args)
@@ -214,7 +220,7 @@ def _cloudfront_origin(args)
     if args.key? :custom
       _cloudfront_custom_origin(args[:custom])
     else
-      nil
+      {}
     end
   domain = _ref_attr_string("domain", "DomainName", args, "bucket")
   id = args[:id]
@@ -224,50 +230,49 @@ def _cloudfront_origin(args)
     else
       ""
     end
-  path = args[:origin_path] || ""
-  s3 =
-    if args.key? :s3
-      _cloudfront_s3_origin(args[:s3])
-    else
-      nil
-    end
+  path = args[:path] || ""
+  s3 = _cloudfront_s3_origin(args)
 
   _{
-    CustomOriginConfig custom if s3.nil?
-    DomainName domain
+    CustomOriginConfig custom if s3.empty? and !custom.empty?
+    DomainName "#{domain}.s3.#{DOMAIN}"
     Id id
     OriginCustomHeaders headers unless headers.empty?
     OriginPath path unless path.empty?
-    S3OriginConfig s3 if custom.nil?
+    S3OriginConfig s3 if custom.empty?
   }
 end
 
 def _cloudfront_origins(args)
-  origins = args || []
-
-  array = []
-  origins.each do |origin|
-    array << _cloudfront_origin(origin)
-  end
-  array
+  (args || []).collect{|origin| _cloudfront_origin(origin) }
 end
 
 def _cloudfront_custom_origin(args)
-  http_port = args[:http_port] || ""
-  https_port = args[:https_port] || ""
-  origin_protocol = args[:origin_protocol] || ""
-  origin_ssl_protocols = args[:origin_ssl_protocols] || []
+  http_port = args[:http] || 80
+  https_port = args[:https] || 443
+  keepalive = args[:keepalive] || 5
+  protocol = _valid_values(args[:protocol],
+                           %w( https-only http-only match-viewer ), "match-viewer")
+  read_timeout = args[:read_timeout] || 30
+  ssl_protocols = (_array(args[:ssl_protocols]) || [ '' ] ).collect{|v|
+    _valid_values(v, %w( SSLv3 TLSv1 TLSv1.1 TLSv1.2 ), "TLSv1.1")
+  }
 
   _{
-    HTTPPort http_port unless http_port.empty?
-    HTTPSPort https_port unless https_port.empty?
-    OriginProtocolPolicy origin_protocol unless origin_protocol.empty?
-    OriginSSLProtocols origin_ssl_protocols unless origin_ssl_protocols.empty?
+    HTTPPort http_port
+    HTTPSPort https_port
+    OriginKeepaliveTimeout keepalive
+    OriginProtocolPolicy protocol
+    OriginReadTimeout read_timeout
+    OriginSSLProtocols ssl_protocols
   }
 end
 
 def _cloudfront_s3_origin(args)
-  origin = args[:origin] || ""
+  s3 = _ref_string("s3", args, 'origin access identity')
+  return {} if s3.empty?
+
+  origin = _join([ 'origin-access-identity', 'cloudfront', s3 ], '/')
 
   _{
     OriginAccessIdentity origin unless origin.empty?
@@ -293,12 +298,14 @@ def _cloudfront_viewer_cert(args)
       ""
     end
   iam = args[:iam] || ""
-  min_protocol = args[:min_protocol] || ""
+  min_protocol = _valid_values(args[:min_protocol],
+                               %w( SSLv3 | TLSv1 | TLSv1_2016 | TLSv1.1_2016 | TLSv1.2_2018 ),
+                               "TLSv1.1_2016")
   ssl = _valid_values(args[:ssl], %w( vip sni-only ), "sni-only")
 
  _{
    AcmCertificateArn acm unless acm.empty?
-   CloudFrontDefaultCertificate default_cert unless default.empty?
+   CloudFrontDefaultCertificate default unless default.empty?
    IamCertificateId iam unless iam.empty?
    MinimumProtocolVersion min_protocol unless min_protocol.empty?
    SslSupportMethod ssl unless acm.empty? and iam.empty?

data/lib/kumogata/template/cloudwatch.rb

@@ -153,7 +153,7 @@ def _cloudwatch_to_namespace(value)
       "WAF"
     when "work spaces", "ws"
       "WorkSpaces"
-  end
+    end
   "AWS/#{value}"
 end
 
@@ -249,20 +249,15 @@ def _cloudwatch_dimension(args)
 end
 
 def _cloudwatch_actions(args)
-  actions = args[:actions] || args[:ref_actions] || []
-  is_ref = args.key? :ref_actions
-
-  array = []
-  actions.each do |v|
-    if v =~ /ec2 (\w)/
-      array << _cloudwatch_to_ec2_action($1)
+  (args[:actions] || args[:ref_actions] || []).collect do |action|
+    if action =~ /ec2 (\w)/
+      _cloudwatch_to_ec2_action($1)
     else
-      if is_ref
-        array << _ref_string("action", { ref_action: v })
+      if args.key? :ref_actions
+        _ref_string("action", { ref_action: action })
       else
-        array << v
+        action
       end
     end
   end
-  array
 end

data/lib/kumogata/template/codebuild.rb

@@ -61,16 +61,12 @@ def _codebuild_environement(args)
 end
 
 def _codebuild_environement_hash(args)
-  hash = args || {}
-
-  array = []
-  hash.each_pair do |k, v|
-    array << _{
-      Name k
-      Value v
+  (args || {}).collect do |name, value|
+    _{
+      Name name
+      Value value
     }
   end
-  array
 end
 
 def _codebuild_source(args)

data/lib/kumogata/template/codecommit.rb

@@ -4,11 +4,8 @@
 require 'kumogata/template/helper'
 
 def _codecommit_triggers(args)
-  triggers = args[:trigger] || []
-
-  array = []
-  triggers.each do |trigger|
-    array << _{
+  (args[:trigger] || []).each do |trigger|
+    _{
       Branches trigger[:branchs] || []
       CustomData trigger[:custom] || ""
       DestinationArn trigger[:dest] || ""
@@ -16,5 +13,4 @@ def _codecommit_triggers(args)
       Name trigger[:name] || ""
     }
   end
-  array
 end

data/lib/kumogata/template/codedeploy.rb

@@ -13,6 +13,21 @@ def _codedeploy_minimum(args)
   }
 end
 
+def _codedeploy_alarm(args)
+  alarm = args[:alarm] || ""
+  return alarm if alarm.empty?
+
+  alarms = alarm[:alarms].collect{|v| _{ Name v } }
+  enabled = _bool("enabled", args, true)
+  ignore = _bool("ignore", args, false)
+
+  _{
+    Alarms alarms
+    Enabled enabled
+    IgnorePollAlarmFailure ignore
+  }
+end
+
 def _codedeploy_deployment(args)
   description = args[:description] || ""
   ignore = _bool("ignore", args, true)

data/lib/kumogata/template/cognito.rb

@@ -0,0 +1,203 @@
+#
+# Helper - Cognito
+#
+require 'kumogata/template/helper'
+
+def _cognito_providers(args)
+  providers = args[:providers] || {}
+  return providers if providers.empty?
+
+  # providers: [ ref_client: 'admin', ref_name: 'admin' ]
+  providers.collect do |provider|
+    _{
+      ClientId _ref_string("client", provider, "user pool client")
+      ProviderName _ref_attr_string("pool", "ProviderName", provider, "user pool")
+      ServerSideTokenCheck _bool("check", provider, false)
+    }
+  end
+end
+
+def _cognito_streams(args)
+  stream = args[:stream] || {}
+  return stream if stream.empty?
+
+  _{
+    RoleArn stream[:role]
+    StreamingStatus _bool("status", stream, false) ? "ENABLED" : "DISABLED"
+    StreamName stream[:name]
+  }
+end
+
+def _cognito_push_sync(args)
+  push_sync = args[:push_sync] || {}
+  return push_sync if push_sync.empty?
+
+  _{
+    ApplicationArns push_sync[:applications]
+    RoleArn push_sync[:role]
+  }
+end
+
+def _cognito_roles_mappings(args)
+  # T.B.D
+end
+
+def _cognito_roles(args)
+  roles = args[:roles] || {}
+  return roles if roles.empty?
+
+  unauth = _ref_attr_string("unauth", "Arn", roles, "role")
+  auth = _ref_attr_string("auth", "Arn", roles, "role")
+
+  _{
+    unauthenticated unauth unless unauth.empty?
+    authenticated auth
+  }
+end
+
+def _cognito_admin_config(args)
+  admin_config = args[:admin_config] || {}
+  return admin_config if admin_config.empty?
+
+  invite = _cognito_invite(admin_config)
+  unused = admin_config[:unused] || 7
+
+  _{
+    AllowAdminCreateUserOnly _bool("allow", admin_config, false)
+    InviteMessageTemplate invite unless invite.empty?
+    UnusedAccountValidityDays unused
+  }
+end
+
+def _cognito_invite(args)
+  invite = args[:invite] || {}
+  return invite if invite.empty?
+
+  email_message = _ref_string_default("email_message", invite,
+                                      "Your username is {username} and temporary password is {####}.")
+  email_subject = _ref_string_default("email_subject", invite,
+                                      "Your temporary password")
+  sms = _ref_string_default("sms", invite,
+                            "Your username is {username} and temporary password is {####}.")
+
+  _{
+    EmailMessage email_message
+    EmailSubject email_subject
+    SMSMessage sms
+  }
+end
+
+def _cognito_device_config(args)
+  device_config = args[:device_config] || {}
+  return device_config if device_config.empty?
+
+  _{
+    ChallengeRequiredOnNewDevice _bool("challenge", device_config, false)
+    DeviceOnlyRememberedOnUserPrompt _bool("device_only", device_config, false)
+  }
+end
+
+def _cognito_email_config(args)
+  email_config = args[:email_config] || {}
+  return email_config if email_config.empty?
+
+  reply_to = _ref_string_default("reply_to", email_config)
+  source = _ref_string_default("source", email_config)
+
+  _{
+    ReplyToEmailAddress reply_to unless reply_to.empty?
+    SourceArn source
+  }
+end
+
+def _cognito_email_verify(args)
+  email_verify = args[:email_verify] || {}
+  return {} if email_verify.empty?
+
+  {
+    message: email_verify[:message] || "Your verification code is {####}.",
+    subject: email_verify[:subject] || "Your verification code",
+  }
+end
+
+def _cognito_lambda_config(args)
+  lambda_config = args[:lambda_config] || {}
+  return {} if lambda_config.empty?
+
+  create_auth = _ref_string_default("create_auth", lambda_config)
+  custom_message = _ref_string_default("custom_message", lambda_config)
+  defined_auth = _ref_string_default("defined_auth", lambda_config)
+  post_auth = _ref_string_default("post_auth", lambda_config)
+  post_confirm = _ref_string_default("post_confirm", lambda_config)
+  pre_auth = _ref_string_default("pre_auth", lambda_config)
+  pre_sign = _ref_string_default("pre_sign", lambda_config)
+  verify_auth = _ref_string_default("verify_auth", lambda_config)
+
+  _{
+    CreateAuthChallenge create_auth unless create_auth.empty?
+    CustomMessage custom_message unless custom_message.empty?
+    DefineAuthChallenge defined_auth unless defined_auth.empty?
+    PostAuthentication post_auth unless post_auth.empty?
+    PostConfirmation post_confirm unless post_confirm.empty?
+    PreAuthentication pre_auth unless pre_auth.empty?
+    PreSignUp pre_sign unless pre_sign.empty?
+    VerifyAuthChallengeResponse verify_auth unless verify_auth.empty?
+  }
+end
+
+def _cognito_policies(args)
+  policies = args[:policies] || {}
+  password = _cognito_password_policy(policies)
+
+  _{
+    PasswordPolicy password
+  }
+end
+
+def _cognito_password_policy(args)
+  policy = args[:password] || {}
+
+  _{
+    MinimumLength policy[:min] || 6
+    RequireLowercase _bool("lowercase", policy, false)
+    RequireNumbers _bool("numbers", policy, false)
+    RequireSymbols _bool("symbols", policy, false)
+    RequireUppercase _bool("uppercase", policy, false)
+  }
+end
+
+def _cognito_schemas(args)
+  (args[:schemas] || []).collect do |schema|
+    data_type = schema[:data_type] || "String" # String, Number, DateTime, or Boolean
+    number = schema[:number] || {}
+    string = schema[:string] || {}
+
+    _{
+      AttributeDataType data_type unless data_type.empty?
+      DeveloperOnlyAttribute _bool("developer", schema, false)
+      Mutable _bool("mutable", schema, true)
+      Name schema[:name]
+      NumberAttributeConstraints do
+        MaxValue number[:max]
+        MinValue number[:min]
+      end unless number.empty?
+      StringAttributeConstraints do
+        MaxLength string[:max]
+        MinLength string[:min]
+      end unless string.empty?
+      Required _bool("required", schema, true)
+    }
+  end
+end
+
+def _cognito_sms_config(args)
+  sms_config = args[:sms_config] || {}
+  return sms_config if sms_config.empty?
+
+  external = _ref_string_default("external", sms_config)
+
+  _{
+    ExternalId external unless external.empty?
+    SnsCallerArn _ref_string("sns_caller", args)
+  }
+end