rubycfn 0.4.10 → 0.5.0

data/templates/lib/stacks/vpc_stack/infra_vpc.rb

@@ -0,0 +1,193 @@
+module VpcStack
+  module InfraVpc
+    extend ActiveSupport::Concern
+    included do
+      vpc_subnets = infra_config["subnets"]
+
+      variable :cidr_block,
+               default: "10.0.0.0/16",
+               value: infra_config["environments"][environment]["vpc_cidr"]
+
+      resource :infra_vpc,
+               type: "AWS::EC2::VPC" do |r|
+        r.property(:cidr_block) { cidr_block }
+        r.property(:enable_dns_support) { true }
+        r.property(:enable_dns_hostnames) { true }
+        r.property(:tags) do
+          [
+            {
+              "Key": "Name",
+              "Value": "infra_#{environment}_vpc"
+            },
+            {
+              "Key": "Environment",
+              "Value": environment.to_s
+            }
+          ]
+        end
+      end
+
+      resource :infra_internet_gateway,
+               type: "AWS::EC2::InternetGateway"
+
+      resource :infra_route,
+               type: "AWS::EC2::Route" do |r|
+        r.property(:destination_cidr_block) { "0.0.0.0/0" }
+        r.property(:gateway_id) { :infra_internet_gateway.ref }
+        r.property(:route_table_id) { :infra_route_table.ref }
+      end
+
+      resource :infra_route_table,
+               type: "AWS::EC2::RouteTable" do |r|
+        r.property(:vpc_id) { :infra_vpc.ref }
+        r.property(:tags) do
+          [
+            {
+              "Key": "Name",
+              "Value": "Infra #{environment} Public Route Table"
+            },
+            {
+              "Key": "Environment",
+              "Value": environment.to_s
+            }
+          ]
+        end
+      end
+
+      resource :infra_private_route_table,
+               amount: 3,
+               type: "AWS::EC2::RouteTable" do |r, index|
+        r.property(:vpc_id) { :infra_vpc.ref }
+        r.property(:tags) do
+          [
+            {
+              "Key": "Name",
+              "Value": "Infra #{environment} Private Route Table #{index.zero? && "" || index + 1}"
+            },
+            {
+              "Key": "Environment",
+              "Value": environment.to_s
+            }
+          ]
+        end
+      end
+
+      resource :infra_vpc_gateway_attachment,
+               type: "AWS::EC2::VPCGatewayAttachment" do |r|
+        r.property(:internet_gateway_id) { :infra_internet_gateway.ref }
+        r.property(:vpc_id) { :infra_vpc.ref }
+      end
+
+      vpc_subnets.each_with_index do |subnet, _subnet_count|
+        subnet.each do |subnet_name, arguments|
+          resource "infra_#{subnet_name}_subnet".cfnize,
+                   type: "AWS::EC2::Subnet",
+                   amount: 3 do |r, index|
+            subnet_cidr = [
+              :infra_vpc.ref(:cidr_block),
+              (3 * arguments["offset"]).to_s,
+              (Math.log(256) / Math.log(2)).floor.to_s
+            ].fncidr.fnselect(index + (3 * arguments["offset"]) - 3)
+
+            r.property(:availability_zone) do
+              {
+                "Fn::GetAZs": ""
+              }.fnselect(index)
+            end
+            r.property(:cidr_block) { subnet_cidr }
+            r.property(:map_public_ip_on_launch) { arguments["public"] }
+            r.property(:tags) do
+              [
+                {
+                  "Key": "Name",
+                  "Value": "#{environment}_#{subnet_name}_#{index + 1}".cfnize
+                },
+                {
+                  "Key": "Team",
+                  "Value": arguments["owner"]
+                },
+                {
+                  "Key": "resource_type",
+                  "Value": subnet_name.to_s.cfnize
+                }
+              ]
+            end
+            r.property(:vpc_id) { :infra_vpc.ref }
+
+            if arguments["output_cidr"]
+              cidr_output_name = "#{subnet_name}_subnet#{index.positive? ? (index + 1) : ""}_cidr".cfnize
+
+              output cidr_output_name,
+                     value: subnet_cidr
+            end
+          end
+
+          if arguments["public"]
+            resource "infra_#{subnet_name}_subnet_route_table_association".cfnize,
+                     amount: 3,
+                     type: "AWS::EC2::SubnetRouteTableAssociation" do |r, index|
+              r.property(:route_table_id) { :infra_route_table.ref }
+              r.property(:subnet_id) { "infra_#{subnet_name}_subnet#{index.zero? && "" || index + 1}".cfnize.ref }
+            end
+          else
+            resource "infra_#{subnet_name}_subnet_route_table_association".cfnize,
+                     amount: 3,
+                     type: "AWS::EC2::SubnetRouteTableAssociation" do |r, index|
+              r.property(:route_table_id) { "infra_private_route_table#{index.zero? && "" || index + 1}".cfnize.ref }
+              r.property(:subnet_id) { "infra_#{subnet_name}_subnet#{index.zero? && "" || index + 1}".cfnize.ref }
+            end
+          end
+
+          # Generate outputs for these subnets
+          3.times do |i|
+            output_name = "#{subnet_name}_subnet#{i.positive? ? (i + 1) : ""}_name".cfnize
+
+            output output_name,
+                   value: "infra_#{subnet_name}_subnet#{i.positive? ? (i + 1) : ""}".cfnize.ref
+          end
+
+          # Deploy NAT Gateway in subnet marked with "deploy_nat": true
+          if arguments["deploy_nat"]
+            resource "infra_#{subnet_name}_elastic_ip".cfnize,
+                     amount: 3,
+                     type: "AWS::EC2::EIP" do |r, _|
+              r.property(:domain) { "vpc" }
+            end
+
+            resource "infra_#{subnet_name}_nat_gateway".cfnize,
+                     amount: 3,
+                     type: "AWS::EC2::NatGateway" do |r, index|
+              r.property(:allocation_id) { "infra_#{subnet_name}_elastic_ip#{index.zero? && "" || index + 1}".cfnize.ref(:allocation_id) }
+              r.property(:subnet_id) { "infra_#{subnet_name}_subnet#{index.zero? && "" || index + 1}".cfnize.ref }
+            end
+
+            resource :infra_nat_gateway_route,
+                     depends_on: :infra_vpc_gateway_attachment,
+                     amount: 3,
+                     type: "AWS::EC2::Route" do |r, index|
+              r.depends_on [
+                "InfraEc2PublicNatGateway#{index.zero? && "" || index + 1}"
+              ]
+              r.property(:destination_cidr_block) { "0.0.0.0/0" }
+              r.property(:nat_gateway_id) { "infra_#{subnet_name}_nat_gateway#{index.zero? && "" || index + 1}".cfnize.ref }
+              r.property(:route_table_id) { "infra_private_route_table#{index.zero? && "" || index + 1}".cfnize.ref }
+            end
+
+            # Generate outputs for NAT gateway
+            3.times do |i|
+              output_name = "nat_gateway_#{subnet_name}#{i.positive? ? (i + 1) : ""}"
+
+              output output_name,
+                     value: "infra_#{subnet_name}_nat_gateway#{i.positive? ? (i + 1) : ""}".cfnize.ref
+            end
+          end
+        end
+      end
+
+      output :vpc_cidr,
+             value: :infra_vpc.ref(:cidr_block)
+      output :vpc_id,
+             value: :infra_vpc.ref
+    end
+  end
+end

data/templates/{vpc_stack.rb.erb → lib/stacks/vpc_stack/main.rb}

@@ -1,11 +1,10 @@
 module VpcStack
   extend ActiveSupport::Concern
   include Rubycfn
-
   included do
     include Concerns::GlobalVariables
     include Concerns::SharedMethods
-    include VpcStack::Main
+    include VpcStack::InfraVpc
 
     description generate_stack_description("VpcStack")
   end

data/templates/{parent_stack_spec.rb.erb → spec/lib/parent_spec.rb}

@@ -8,10 +8,10 @@ module ParentSpec
   include Rubycfn
 
   included do
-    description "<%= name %> RSpec"
+    description "Infra Stack RSpec"
     include Concerns::GlobalVariables
     include Concerns::SharedMethods
-    include <%= name %>Stack::Parent
+    include InfraStack::Parent
   end
 end
 
@@ -23,15 +23,12 @@ describe ParentSpec do
 
   context "Renders template" do
     subject { template }
-
     it { should have_key "Resources" }
 
     context "Has Required Resources" do
       let(:resources) { template["Resources"] }
       subject { resources }
 
-      it { should have_key "VpcStack" }
-      it { should have_key "EcsStack" }
     end
   end
 end

data/templates/{spec_helper.rb.erb → spec/spec_helper.rb}

@@ -22,7 +22,7 @@ RSpec.configure do |config|
   config.filter_run_excluding broken: true
   config.filter_run_excluding turn_off: true
   config.filter_run focus: true
-  config.run_all_when_everything_filtered = true
   config.filter_run_excluding :slow unless ENV["SLOW_SPECS"]
   config.filter_run_excluding :debug unless ENV["DEBUG_SPECS"]
-end
+  config.run_all_when_everything_filtered = true
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rubycfn
 version: !ruby/object:Gem::Version
-  version: 0.4.10
+  version: 0.5.0
 platform: ruby
 authors:
 - Dennis Vink
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-02-29 00:00:00.000000000 Z
+date: 2020-03-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: neatjson
@@ -265,7 +265,6 @@ files:
 - README.md
 - Rakefile
 - bin/rubycfn
-- format.vim
 - lib/cli_methods.rb
 - lib/monkeypatch.rb
 - lib/rubycfn.rb
@@ -273,42 +272,53 @@ files:
 - rubycfn.gemspec
 - spec/lib/rubycfn_spec.rb
 - spec/spec_helper.rb
-- templates/.env.erb
-- templates/.env.production.erb
-- templates/.env.rspec.erb
-- templates/.env.test.erb
-- templates/.gitignore.erb
-- templates/.gitlab-ci.yml.erb
-- templates/.rubocop.yml.erb
-- templates/Gemfile.erb
-- templates/Rakefile.erb
-- templates/aws_sdk.rb.erb
-- templates/compiler.rb.erb
-- templates/core_compile.rb.erb
-- templates/core_deploy.rb.erb
-- templates/core_diff.rb.erb
-- templates/core_upload.rb.erb
-- templates/dependencies.rb.erb
-- templates/deploy.rb.erb
-- templates/ecs_stack.rb.erb
-- templates/ecs_stack_concern.rb.erb
-- templates/global_variables.rb.erb
-- templates/helper_methods.rb.erb
-- templates/helpers.rb.erb
-- templates/main.rb.erb
-- templates/main_aws_helper.rb.erb
-- templates/new_concern.rb.erb
-- templates/new_stack.rb.erb
-- templates/parent_stack_spec.rb.erb
-- templates/project_concern.rb.erb
-- templates/project_stack.rb.erb
-- templates/shared_methods.rb.erb
-- templates/spec_helper.rb.erb
-- templates/subnets.rb.erb
-- templates/upload_stack.rb.erb
-- templates/vpc_concerns.rb.erb
-- templates/vpc_spec.rb.erb
-- templates/vpc_stack.rb.erb
+- templates/.env
+- templates/.env.acceptance
+- templates/.env.dependencies.rspec
+- templates/.env.development
+- templates/.env.production
+- templates/.env.rspec
+- templates/.env.test
+- templates/.gitignore
+- templates/.rubocop.yml
+- templates/Gemfile
+- templates/README.md
+- templates/Rakefile
+- templates/bootstrap/dependency_stack.rb
+- templates/config.yaml
+- templates/lib/aws_helper/aws_sdk.rb
+- templates/lib/aws_helper/compiler.rb
+- templates/lib/aws_helper/dependencies.rb
+- templates/lib/aws_helper/deploy.rb
+- templates/lib/aws_helper/helpers.rb
+- templates/lib/aws_helper/main.rb
+- templates/lib/aws_helper/upload_stack.rb
+- templates/lib/core/applications.rb
+- templates/lib/core/assume_role.rb
+- templates/lib/core/classes.rb
+- templates/lib/core/compile.rb
+- templates/lib/core/dependencies.rb
+- templates/lib/core/deploy.rb
+- templates/lib/core/git.rb
+- templates/lib/core/init.rb
+- templates/lib/core/upload.rb
+- templates/lib/main.rb
+- templates/lib/shared_concerns/global_variables.rb
+- templates/lib/shared_concerns/helper_functions.rb
+- templates/lib/shared_concerns/helper_methods.rb
+- templates/lib/shared_concerns/shared_methods.rb
+- templates/lib/stacks/acm_stack/certificate_manager.rb
+- templates/lib/stacks/acm_stack/main.rb
+- templates/lib/stacks/ecs_stack/ecs_cluster.rb
+- templates/lib/stacks/ecs_stack/lifecycle_hook.rb
+- templates/lib/stacks/ecs_stack/load_balancer.rb
+- templates/lib/stacks/ecs_stack/main.rb
+- templates/lib/stacks/parent_stack/main.rb
+- templates/lib/stacks/parent_stack/parent.rb
+- templates/lib/stacks/vpc_stack/infra_vpc.rb
+- templates/lib/stacks/vpc_stack/main.rb
+- templates/spec/lib/parent_spec.rb
+- templates/spec/spec_helper.rb
 homepage: https://github.com/dennisvink/rubycfn
 licenses:
 - MIT
@@ -337,8 +347,8 @@ test_files:
 - rubycfn.gemspec
 - spec/lib/rubycfn_spec.rb
 - spec/spec_helper.rb
-- templates/.env.rspec.erb
-- templates/.env.test.erb
-- templates/parent_stack_spec.rb.erb
-- templates/spec_helper.rb.erb
-- templates/vpc_spec.rb.erb
+- templates/.env.dependencies.rspec
+- templates/.env.rspec
+- templates/.env.test
+- templates/spec/lib/parent_spec.rb
+- templates/spec/spec_helper.rb

data/format.vim

@@ -1,3 +0,0 @@
-gg=G
-:retab
-ZZ

data/templates/.env.erb

@@ -1,4 +0,0 @@
-AWS_ACCOUNT_ID="<%= account_id %>"
-AWS_REGION="<%= region %>"
-ENVIRONMENT="test"
-PROJECT_NAME="<%= project_name %>"

data/templates/.env.production.erb

@@ -1,6 +0,0 @@
-# ENV vars for production environment
-CLOUD_TRAIL_MONITOR_SNS_RECIPIENTS="changeme@example.com,changemetoo@example.com"
-ROOT_MONITOR_SNS_RECIPIENTS="changeme@example.com,changemetoo@example.com"
-VPC_CIDR_BLOCK="10.200.0.0/16"
-ARTIFACT_BUCKET="my-awesome-cloudformation-artifact-bucket-for-production"
-STACK_NAME="production"

data/templates/.env.rspec.erb

@@ -1,6 +0,0 @@
-# ENV vars for rspec environment
-CLOUD_TRAIL_MONITOR_SNS_RECIPIENTS="should@match"
-ROOT_MONITOR_SNS_RECIPIENTS="should@match"
-VPC_CIDR_BLOCK="10.0.0.0/16"
-ARTIFACT_BUCKET="my-mock-bucket"
-STACK_NAME="rspec"

data/templates/.env.test.erb

@@ -1,6 +0,0 @@
-# ENV vars for test environment
-CLOUD_TRAIL_MONITOR_SNS_RECIPIENTS="changeme@example.com,changemetoo@example.com"
-ROOT_MONITOR_SNS_RECIPIENTS="changeme@example.com,changemetoo@example.com"
-VPC_CIDR_BLOCK="10.100.0.0/16"
-ARTIFACT_BUCKET="my-awesome-cloudformation-artifact-bucket"
-STACK_NAME="test"

data/templates/.gitlab-ci.yml.erb

@@ -1,75 +0,0 @@
-image: rubycfn/rubycfn:latest
-
-before_script:
-  - bundle
-
-variables:
-  CFN_ARTIFACT_BUCKET: "my-awesome-cloudformation-bucket"
-  STAGING_AWS_REGION: eu-west-1
-  PROD_AWS_REGION: eu-west-1
-
-stages:
-  - build
-  - test
-  - upload
-  - staging
-  - production
-
-build:
-  stage: build
-  variables:
-    ARTIFACT_BUCKET: ${CFN_ARTIFACT_BUCKET}
-  script:
-    - export SLACK_WEBHOOK=$K8S_SECRET_SLACK_POST_HOOK
-    - ENVIRONMENT="test" rake compile
-    - ENVIRONMENT="production" rake compile
-    - rubocop
-    - cfn_nag_scan --input-path build/ || true
-  artifacts:
-    paths:
-      - build/
-
-test:
-  stage: test
-  script: 
-    - rake spec
-  dependencies:
-    - build
-
-upload:
-  stage: upload
-  variables:
-    ARTIFACT_BUCKET: ${CFN_ARTIFACT_BUCKET}
-    AWS_REGION: ${STAGING_AWS_REGION}
-  script:
-    - export AWS_SECRET_ACCESS_KEY=$K8S_SECRET_AWS_SECRET_ACCESS_KEY
-    - export AWS_ACCESS_KEY_ID=$K8S_SECRET_AWS_ACCESS_KEY_ID
-    - ENVIRONMENT="test" rake upload
-    - ENVIRONMENT="production" rake upload
-
-deploy_staging:
-  stage: staging
-  variables:
-    ARTIFACT_BUCKET: ${CFN_ARTIFACT_BUCKET}
-    AWS_REGION: ${STAGING_AWS_REGION}
-  script:
-    - export AWS_SECRET_ACCESS_KEY=$K8S_SECRET_AWS_SECRET_ACCESS_KEY
-    - export AWS_ACCESS_KEY_ID=$K8S_SECRET_AWS_ACCESS_KEY_ID
-    - export ENVIRONMENT="test"
-    - rake apply
-  allow_failure: false
-
-deploy_prod:
-  stage: production
-  variables:
-    ARTIFACT_BUCKET: ${CFN_ARTIFACT_BUCKET}
-    AWS_REGION: ${PROD_AWS_REGION}
-  script:
-    - export AWS_SECRET_ACCESS_KEY=$K8S_SECRET_AWS_SECRET_ACCESS_KEY
-    - export AWS_ACCESS_KEY_ID=$K8S_SECRET_AWS_ACCESS_KEY_ID
-    - export ENVIRONMENT="production"
-    - rake apply
-  dependencies:
-    - deploy_staging
-  when: manual
-  allow_failure: false

data/templates/aws_sdk.rb.erb

@@ -1,18 +0,0 @@
-def create_bucket_if_not_exists(aws_region, artifact_bucket)
-  s3 = Aws::S3::Resource.new(region: aws_region)
-  begin
-    s3.create_bucket(bucket: artifact_bucket)
-  rescue => exception
-    raise exception unless exception.class == Aws::S3::Errors::BucketAlreadyOwnedByYou
-  end
-  s3
-end
-
-def set_aws_credentials(region, access_key_id, secret_access_key)
-  Aws.config.update(
-    region: region,
-    credentials: Aws::Credentials.new(
-      access_key_id, secret_access_key
-    )
-  )
-end

data/templates/core_diff.rb.erb

@@ -1,59 +0,0 @@
-require "diffy"
-require_relative "../aws_helper/main"
-
-env_vars = load_env_vars
-
-set_aws_credentials(
-  env_vars[:aws_region],
-  env_vars[:aws_access_key_id],
-  env_vars[:aws_secret_access_key]
-)
-
-client = Aws::CloudFormation::Client.new
-template = client.get_template(
-  stack_name: "#{ENV["ENVIRONMENT"]}-#{ENV["PROJECT_NAME"]}"
-)
-
-s3 = Aws::S3::Resource.new(region: env_vars[:aws_region])
-orig_template = {}
-
-template = JSON.parse(template.template_body)
-template["Resources"].each do |resource_name, content|
-  if content["Type"] == "AWS::CloudFormation::Stack"
-    stack_name = "#{ENV["PROJECT_NAME"].capitalize}Stack"
-    orig_template[stack_name] = JSON.pretty_generate(
-      JSON.parse(
-        template.to_json
-      )
-    )
-  end
-  next unless content["Type"] == "AWS::CloudFormation::Stack"
-  s3_filename = content["Properties"]["TemplateURL"].split("/").last
-  orig_template[resource_name] = JSON.pretty_generate(
-    JSON.parse(
-      s3.client.get_object(
-        bucket: env_vars[:artifact_bucket],
-        key: s3_filename
-      ).body.read
-    )
-  )
-end
-
-stacks = compile_stacks(true)
-@stack_hashes.each do |stack_name, _hash|
-  new_template = JSON.pretty_generate(
-    JSON.parse(
-      stacks[stack_name]
-    )
-  )
-  diff = Diffy::Diff.new(
-    orig_template[stack_name.to_s], new_template
-  ).to_s(:color)
-
-  if diff.strip.empty?
-    puts "No difference between local #{stack_name} and remote #{stack_name}"
-  else
-    puts "Orig #{stack_name} vs #{stack_name}:"
-    puts diff
-  end
-end

data/templates/ecs_stack_concern.rb.erb

@@ -1,20 +0,0 @@
-module EcsStack
-  module EcsCluster
-    extend ActiveSupport::Concern
-
-    included do
-      transform
-      parameter :vpc,
-                description: "VPC ID"
-
-      # Create an empty ECS Cluster to launch fargate bastions (or other things) in
-      resource :<%= name.downcase %>_ecs_cluster,
-               type: "AWS::ECS::Cluster"
-
-      output :<%= name.downcase %>_ecs_cluster,
-             value: "<%= name %>EcsCluster".ref
-      output :<%= name.downcase %>_ecs_cluster_arn,
-             value: "<%= name.downcase %>EcsCluster".ref("Arn")
-    end
-  end
-end

data/templates/global_variables.rb.erb

@@ -1,16 +0,0 @@
-module Concerns
-  module GlobalVariables
-    extend ActiveSupport::Concern
-
-    included do
-      variable :environment,
-               default: "test",
-               global: true,
-               value: ENV["ENVIRONMENT"]
-
-      variable :stack_name,
-               default: "#{environment}-<%= name %>",
-               value: ENV["STACK_NAME"]
-    end
-  end
-end

data/templates/helpers.rb.erb

@@ -1,7 +0,0 @@
-def stack_to_md5(stack_name, stack)
-  @stack_hashes[stack_name] = Digest::MD5.hexdigest(JSON.pretty_generate(JSON.parse(stack.to_s)))
-end
-
-def generate_s3_filename(filename, hash)
-  "#{File.basename(filename, ".json")}-#{hash}.json"
-end

data/templates/new_concern.rb.erb

@@ -1,10 +0,0 @@
-module <%= stack_name %>
-  module MyModule
-    extend ActiveSupport::Concern
-
-    included do
-      resource :sample_resource,
-               type: "AWS::SQS::Queue"
-    end
-  end
-end

data/templates/project_concern.rb.erb

@@ -1,26 +0,0 @@
-require_relative "../vpc_stack/subnets"
-
-module <%= name %>Stack
-  module Parent
-    extend ActiveSupport::Concern
-
-    included do
-      resource :vpc_stack,
-               type: "AWS::CloudFormation::Stack" do |r|
-        r.property(:template_u_r_l) { "vpcstack" }
-        r.property(:timeout_in_minutes) { "5" }
-      end
-
-      resource :ecs_stack,
-               type: "AWS::CloudFormation::Stack" do |r|
-        r.depends_on %w(VpcStack)
-        r.property(:template_u_r_l) { "ecsstack" }
-        r.property(:parameters) do
-          {
-            "Vpc": "VpcStack".ref("Outputs.<%= name %>Vpc")
-          }
-        end
-      end
-    end
-  end
-end

data/templates/subnets.rb.erb

@@ -1,18 +0,0 @@
-def vpc_subnets
-  [
-    {
-      "ec2_public": {
-        "owner": "<%= name.downcase %>",
-        "public": true,
-        "offset": 2
-      }
-    },
-    {
-      "ec2_private": {
-        "owner": "<%= name.downcase %>",
-        "public": false,
-        "offset": 3
-      }
-    }
-  ]
-end