kumogata-template 0.0.35 → 0.0.36

data/lib/kumogata/template/kinesis.rb

@@ -0,0 +1,282 @@
+#
+# Helper - Kinesis
+#
+require 'kumogata/template/helper'
+require 'kumogata/template/role'
+
+def _kinesis_firehose_to_delivery_stream_role(args)
+  role = []
+  # TODO add more destination: redshift and elasticsearch service
+  KINESIS_FIREHOSE_DELIVERY_STREAM_ROLE.each do |v|
+    next if v[:service] == 'lambda' and !args.key? :lambda
+    next if v[:service] == 'kms' and !args.key? :key
+
+    _role = { service: v[:service], actions: v[:actions] }
+    _role[:resources] = v[:resources].collect do |vv|
+      if vv.is_a? String
+        if args.key? :bucket
+          vv.gsub('%BUCKET_NAME%', args[:bucket])
+        elsif args.key? :key
+          vv.gsub('%KEY%', args[:key])
+        end
+      elsif vv.is_a? Hash
+        vv.each_pair do |kkk, vvv|
+          vv[kkk] = vvv.
+            gsub('%STREAM_NAME%', args[:name]).
+            gsub('%LOG_GROUP_NAME%', args[:name]).
+            gsub('%LOG_STREAM_NAME%', '*')
+        end
+      end
+    end
+    _role[:condition] = v[:condition].collect do |vv|
+      vv.each_pair do |kkk, vvv|
+        # FIXME s3 or ...
+        case vvv.first[0]
+        when /kms:ViaService/
+          vv[kkk][vvv.first[0]] = _sub_service('s3')
+        when /aws:s3:arn/
+          vv[kkk][vvv.first[0]] = _iam_arn('s3', "#{args[:bucket]}/*")
+        end
+      end
+    end if v.key? :condition
+    role << _role
+  end
+  role
+end
+
+def _kinesis_firehose_to_delivery_stream_type(value)
+  case value
+  when /direct/
+    'DirectPut'
+  when /kinesis/
+    'KinesisStreamAsSource'
+  else
+    'DirectPut'
+  end
+end
+
+def _kinesis_firehose_to_elasticsearch_destination(value)
+  case value
+  when /failed/
+    'FailedDocumentsOnly'
+  when /all/
+    'AllDocuments'
+  else
+    'FailedDocumentsOnly'
+  end
+end
+
+def _kinesis_firehose_to_s3_destinaiton_compression(value)
+  case value
+  when /un/
+    'UNCOMPRESSED'
+  when 'gzip'
+    'GZIP'
+  when 'zip'
+    'ZIP'
+  when 'snappy'
+    'Snappy'
+  else
+    'UNCOMPRESSED'
+  end
+end
+
+def _kinesis_firehose_delivery_stream_elasticsearch_destination(args)
+  return {} if args.nil?
+
+  buffering = _kinesis_firehose_delivery_stream_buffering_hints(args[:buffering_hints])
+  cloudwatch = _kinesis_firehose_delivery_stream_cloudwatch_logging(args[:logging])
+  domain = _ref_attr_string('domain', 'DomainArn', args, 'elasticsearch domain')
+  index_name = args[:index]
+  index_rotation = _valid_values(args[:index_rotation],
+                                 %w( NoRotation OneHour OneDay OneWeek OneMonth ),
+                                 'NoRotation')
+  processing = _kinesis_firehose_delivery_stream_processing(args[:processing])
+  retry_options = _kinesis_firehose_delivery_stream_elasticsearch_retry(args[:retry])
+  role = _ref_attr_string('role', 'Arn', args, 'role')
+  s3_backup = _kinesis_firehose_to_elasticsearch_destination(args[:s3_backup])
+  s3_dest = _kinesis_firehose_delivery_stream_s3_destnation(args[:s3_dest])
+  type = args[:type]
+
+  _{
+    BufferingHints buffering
+    CloudWatchLoggingOptions cloudwatch unless cloudwatch.empty?
+    DomainARN domain
+    IndexName index_name
+    IndexRotationPeriod index_rotation
+    ProcessingConfiguration processing unless processing.empty?
+    RetryOptions retry_options
+    RoleARN role
+    S3BackupMode s3_backup
+    S3Configuration s3_dest
+    Type type
+  }
+end
+
+def _kinesis_firehose_delivery_stream_buffering_hints(args)
+  args = { interval: 300, size: 5 } if args.nil?
+
+  _{
+    IntervalInSeconds args[:interval]
+    SizeInMBs args[:size]
+  }
+end
+
+def _kinesis_firehose_delivery_stream_cloudwatch_logging(args)
+  # FIXME change name by delivery name
+  args = { enabled: true, group: '/aws/kinesisfirehorse', stream: 'S3Delivery' } if args.nil?
+
+  enabled = _bool('enabled', args, true)
+  group = args[:group]
+  stream = args[:stream]
+
+  _{
+    Enabled enabled
+    LogGroupName group
+    LogStreamName stream
+  }
+end
+
+def _kinesis_firehose_delivery_stream_processing(args)
+  return {} if args.nil?
+
+  enabled = _bool('enabled', args, true)
+  processors = _kinesis_firehose_delivery_stream_processor(args[:processor])
+
+  _{
+    Enabled enabled
+    Processors processors
+  }
+end
+
+def _kinesis_firehose_delivery_stream_processor(args)
+  parameters = _kinesis_firehose_delivery_stream_processor_parameters(args[:parameters])
+
+  _{
+    Parameters parameters
+    Type 'Lambda'
+  }
+end
+
+def _kinesis_firehose_delivery_stream_processor_parameters(args)
+  args.collect do |k, v|
+    _{
+      ParameterName k
+      ParameterValue v
+    }
+  end
+end
+
+def _kinesis_firehose_delivery_stream_retry(args)
+  duration = args[:duration] || 300
+
+  _{
+    DurationInSeconds duration
+  }
+end
+
+def _kinesis_firehose_delivery_stream_s3_destnation(args)
+  return {} if args.nil?
+
+  bucket = _ref_attr_string('bucket', 'Arn', args, 'bucket')
+  buffering = _kinesis_firehose_delivery_stream_buffering_hints(args[:buffering_hints])
+  cloudwatch = _kinesis_firehose_delivery_stream_cloudwatch_logging(args[:logging])
+  compression = _kinesis_firehose_to_s3_destinaiton_compression(args[:compression])
+  encryption = _kinesis_firehose_delivery_stream_encryption(args[:encryption])
+  prefix = args[:prefix] || ''
+  prefix = "#{prefix}/" if prefix !~ /^.*[-|\/]$/
+  role = _ref_attr_string('role', 'Arn', args, 'role')
+
+  _{
+    BucketARN bucket
+    BufferingHints buffering
+    CloudWatchLoggingOptions cloudwatch
+    CompressionFormat compression
+    EncryptionConfiguration encryption
+    Prefix prefix unless prefix.empty?
+    RoleARN role
+  }
+end
+
+def _kinesis_firehose_delivery_stream_encryption(args)
+  return _{ NoEncryptionConfig 'NoEncryption' } if args.nil?
+
+  kms = _kinesis_firehose_delivery_stream_kms_encryption(args[:kms])
+
+  _{
+    KMSEncryptionConfig kms unless kms.empty?
+    NoEncryptionConfig 'NoEncryption' if kms.empty?
+  }
+end
+
+def _kinesis_firehose_delivery_stream_kms_encryption(args)
+  return {} if args.nil?
+
+  kms = _ref_attr_string('kms', 'Arn', args, 'kms key')
+
+  _{
+    AWSKMSKeyARN kms
+  }
+end
+
+def _kinesis_firehose_delivery_stream_kinesis_stream_source(args)
+  return {} if args.nil?
+
+  kinesis = _ref_attr_string('stream', 'Arn', args, 'kinesis stream')
+  role = _ref_attr_string('role', 'Arn', args, 'role')
+
+  _{
+    KinesisStreamARN kinesis
+    RoleARN role
+  }
+end
+
+def _kinesis_firehose_delivery_stream_extended_s3_destination(args)
+  return {} if args.nil?
+
+  bucket = _ref_attr_string('bucket', 'Arn', args, 'bucket')
+  buffering = _kinesis_firehose_delivery_stream_buffering_hints(args[:buffering_hints])
+  cloudwatch = _kinesis_firehose_delivery_stream_cloudwatch_logging(args[:logging])
+  compression = _kinesis_firehose_to_s3_destinaiton_compression(args[:compression])
+  encryption = _kinesis_firehose_delivery_stream_encryption(args[:encryption])
+  prefix = args[:prefix] || ''
+  role = _ref_attr_string('role', 'Arn', args, 'role')
+  s3_backup = _kinesis_firehose_delivery_stream_s3_destnation(args[:s3_backup])
+  s3_backup_mode = _kinesis_firehose_to_elasticsearch_destination(args[:s3_backup_mode])
+
+  _{
+    BucketARN bucket
+    BufferingHints buffering
+    CloudWatchLoggingOptions cloudwatch unless cloudwatch.empty?
+    CompressionFormat compression
+    EncryptionConfiguration encryption unless encryption.empty?
+    Prefix prefix
+    ProcessingConfiguration processing unless processing.empty?
+    RoleARN role
+    S3BackupConfiguration s3_backup unless s3_backup.empty?
+    S3BackupMode s3_backup_mode
+  }
+end
+
+def _kinesis_firehose_delivery_stream_redshift_destination(args)
+  return {} if args.nil?
+
+  cloudwatch = _kinesis_firehose_delivery_stream_cloudwatch_logging(args[:logging])
+  cluster = _ref_string('cluster', args, 'redshift cluster jdbc url')
+  password = _ref_string('password', args, 'redshift cluster master user password')
+  processing = _kinesis_firehose_delivery_stream_processing(args[:processing])
+  role = _ref_attr_string('role', 'Arn', args, 'role')
+  s3 = _kinesis_firehose_delivery_stream_s3_destnation(args[:s3])
+  user = _ref_string('user', args, 'redshift cluster master user name')
+
+  _{
+    CloudWatchLoggingOptions cloudwatch unless cloudwatch.empty?
+    ClusterJDBCURL cluster
+    CopyCommand copy
+    Password password
+    ProcessingConfiguration processing unless processing.empty?
+    RoleARN role
+    S3Configuration s3
+    Username user
+  }
+end

data/lib/kumogata/template/lambda.rb

@@ -3,6 +3,29 @@
 #
 require 'kumogata/template/helper'
 
+def _lambda_to_runtime(value)
+  case value
+  when 'node4'
+    'nodejs4.3'
+  when 'node6'
+    'nodejs6.10'
+  when 'node8'
+    'nodejs8.10'
+  when 'python2'
+    'python2.7'
+  when 'python3'
+    'python3.6'
+  when '.net1'
+    'dotnetcore1.0'
+  when '.net2'
+    'dotnetcore2.0'
+  when 'go'
+    'go1.x'
+  else
+    value
+  end
+end
+
 def _lambda_function_code(args)
   return "" unless args.key? :code
 
@@ -23,13 +46,15 @@ def _lambda_function_code(args)
     S3Bucket s3_bucket if is_s3
     S3Key s3_key if is_s3
     S3ObjectVersion s3_object_version if is_s3 and !s3_object_version.empty?
-    ZipFile _join(zip_file_code, '\n') unless is_s3
+    ZipFile _join(zip_file_code, "\n") unless is_s3
   }
 end
 
 def _lambda_function_environment(args)
   environment = args[:environment] || {}
-  environment.empty? ? '' : _{ Variables variables }
+  return {} if environment.empty?
+
+  _{ Variables environment }
 end
 
 def _lambda_vpc_config(args)
@@ -54,3 +79,19 @@ def _lambda_dead_letter(args)
     TargetArn dead_letter
   }
 end
+
+def _lambda_trace_config(args)
+  trace = args[:trace] || ""
+  return trace if trace.empty?
+
+  mode =
+    case trace
+    when "active"
+      "Active"
+    else
+      "PassThrough"
+    end
+  _{
+    Mode mode
+  }
+end

data/lib/kumogata/template/logs.rb

@@ -4,15 +4,11 @@
 require 'kumogata/template/helper'
 
 def _logs_metric_filter_transformations(args)
-  trans = args[:transformations] || []
-
-  array = []
-  trans.each do |tran|
-    array << _{
+  (args[:transformations] || []).collect do |tran|
+    _{
       MetricName tran[:name]
       MetricNamespace tran[:ns]
       MetricValue tran[:value]
     }
   end
-  array
 end

data/lib/kumogata/template/nlb.rb

@@ -0,0 +1,10 @@
+#
+# Helper - NLB
+#
+require 'kumogata/template/helper'
+
+def _nlb_to_lb_cross_zone(value = true)
+  {
+    "load_balancing.cross_zone.enabled": value
+  }
+end

data/lib/kumogata/template/pinpoint.rb

@@ -0,0 +1,83 @@
+#
+# Helper - Pinpoint
+#
+require 'kumogata/template/helper'
+require 'kumogata/template/role'
+
+def _pinpoint_to_iam_readonly(app)
+  [
+    {
+      service: 'mobiletargeting',
+      actions: [
+                'get *',
+               ],
+      resource: [
+                 { app: app },
+                 { app: "#{app}/*" },
+                ],
+    },
+    {
+      service: 'mobiletargeting',
+      actions: [
+                'get reports',
+               ],
+      resource: [
+                 { reports: true },
+                ],
+    },
+  ]
+end
+
+def _pinpoint_to_iam_full(app)
+  [
+    {
+      service: 'mobiletargeting',
+      actions: [
+                'delete *',
+                'get *',
+                'update *',
+               ],
+      resource: [
+                 { app: app },
+                 { app: "#{app}/*" },
+                ],
+    },
+    {
+      service: 'mobiletargeting',
+      actions: [
+                'get reports',
+               ],
+      resource: [
+                 { reports: true },
+                ],
+    },
+  ]
+end
+
+def _pinpoint_to_kinesis_stream_role(args)
+  role = []
+  PINPOINT_KINESIS_STREAM_ROLE.each do |v|
+    _role = { service: v[:service], actions: v[:actions] }
+    _role[:resources] = v[:resources].collect do |vv|
+      vv.each_pair do |kkk, vvv|
+        vv[kkk] = vvv.gsub(/%KINESIS_STREAM_NAME%/, args[:name])
+      end
+    end
+    role << _role
+  end
+  role
+end
+
+def _pinpoint_to_kinesis_firehose_delivery_stream_role(args)
+  role = []
+  PINPOINT_KINESIS_FIREHOSE_DELIVERY_STREAM_ROLE.each do |v|
+    _role = { service: v[:service], actions: v[:actions] }
+    _role[:resources] = v[:resources].collect do |vv|
+      vv.each_pair do |kkk, vvv|
+        vv[kkk] = vvv.gsub(/%FIREHOSE_DELIVERY_STREAM_NAME%/, args[:name])
+      end
+    end
+    role << _role
+  end
+  role
+end

data/lib/kumogata/template/rds.rb

@@ -0,0 +1,52 @@
+#
+# Helper - RDS
+#
+require 'kumogata/template/helper'
+
+def _rds_to_parameter_charset(charset = 'utf8mb4')
+  {
+    "character-set-client-handshake": 1,
+    "character_set_client": charset,
+    "character_set_connection": charset,
+    "character_set_database": charset,
+    "character_set_results": charset,
+    "character_set_server": charset,
+  }
+end
+
+def _rds_to_event_subscription_source(value)
+  case value
+  when "instance"
+    "db-instance"
+  when "parameter", "parameter group"
+    "db-parameter-group"
+  when "security", "security group"
+    "db-security-group"
+  when "snapshot"
+    "db-snapshot"
+  when /db-/
+    value
+  else
+    "db-instance"
+  end
+end
+
+def _rds_option_group_configurations(args)
+  (args[:configurations] || []).collect do |v|
+    security_groups = v[:security_groups] || []
+    settings = v[:settings] || {}
+    port = v[:port] || ""
+    vpc_security_groups = v[:security_groups] || []
+
+    _{
+      DBSecurityGroupMemberships security_groups unless security_groups.empty?
+      OptionName v[:name]
+      OptionSettings _{
+        Name settings[:name]
+        Value settings[:value]
+      } unless settings.empty?
+      Port port unless port.empty?
+      VpcSecurityGroupMemberships vpc_security_groups unless vpc_security_groups.empty?
+    }
+  end
+end

data/lib/kumogata/template/redshift.rb

@@ -4,10 +4,7 @@
 require 'kumogata/template/helper'
 
 def _redshift_parameters(args)
-  parameters = args[:parameters] || []
-
-  array = []
-  parameters.collect do |v|
+  (args[:parameters] || []).collect do |v|
     name = v[:name] || ""
     value =
       if name == "wlm_json_configuration"
@@ -17,10 +14,22 @@ def _redshift_parameters(args)
       end
     next if name.empty? or value.empty?
 
-    array << _{
+    _{
       ParameterName name
       ParameterValue value
     }
   end
-  array
+end
+
+def _redshift_logging(args)
+  logging = args[:logging] || ""
+  return logging if logging.empty?
+
+  bucket = _ref_string("bucket", logging, "bucket")
+  key = _ref_string("key", logging, "key")
+
+  _{
+    BucketName bucket
+    S3KeyPrefix key
+  }
 end