sumomo 0.8.3 → 0.8.9

Sign up to get free protection for your applications and to get access to all the features.
Files changed (30) hide show
  1. checksums.yaml +5 -5
  2. data/.rubocop.yml +1 -0
  3. data/.rubocop_todo.yml +169 -0
  4. data/Gemfile +2 -0
  5. data/Rakefile +5 -3
  6. data/bin/console +4 -3
  7. data/data/sumomo/api_modules/node_modules/.bin/uuid +1 -1
  8. data/data/sumomo/api_modules/real_script.js +37 -1
  9. data/data/sumomo/api_modules/test_script.js +212 -175
  10. data/data/sumomo/custom_resources/AMILookup.js +146 -58
  11. data/data/sumomo/custom_resources/Echo.js +25 -0
  12. data/data/sumomo/custom_resources/SelectSpot.js +142 -54
  13. data/data/sumomo/custom_resources/TempS3Bucket.js +213 -0
  14. data/data/sumomo/custom_resources/USEastCertificate.js +44 -31
  15. data/data/sumomo/custom_resources/USEastCertificateWaiter.js +60 -0
  16. data/exe/sumomo +50 -41
  17. data/lib/sumomo.rb +236 -233
  18. data/lib/sumomo/api.rb +148 -151
  19. data/lib/sumomo/cdn.rb +119 -113
  20. data/lib/sumomo/dns.rb +20 -20
  21. data/lib/sumomo/ec2.rb +490 -491
  22. data/lib/sumomo/ecs.rb +256 -262
  23. data/lib/sumomo/irregular.rb +9 -0
  24. data/lib/sumomo/momo_extensions/resource.rb +8 -7
  25. data/lib/sumomo/momo_extensions/stack.rb +4 -3
  26. data/lib/sumomo/network.rb +109 -106
  27. data/lib/sumomo/stack.rb +191 -189
  28. data/lib/sumomo/version.rb +3 -1
  29. data/sumomo.gemspec +23 -22
  30. metadata +27 -22
data/lib/sumomo/api.rb CHANGED
@@ -1,117 +1,118 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'sumomo/irregular'
1
4
 
2
5
  module Sumomo
3
6
  module Stack
4
-
5
7
  class APIGenerator
8
+ extend HasIrregularlyNamedFunctions
6
9
 
7
10
  class CorsInfo
11
+ extend HasIrregularlyNamedFunctions
8
12
  attr_accessor :allowed_origins, :allowed_headers
9
13
 
10
14
  def apply(&block)
11
- @allowed_origins = []
12
- @allowed_headers = []
13
- instance_eval(&block) if block
15
+ @allowed_origins = []
16
+ @allowed_headers = []
17
+ instance_eval(&block) if block
14
18
  end
15
19
 
16
- def AllowOrigin(value)
17
- @allowed_origins << value
20
+ defi :AllowOrigin do |value|
21
+ @allowed_origins << value
18
22
  end
19
23
 
20
- def AllowHeader(value)
21
- @allowed_headers << value
24
+ defi :AllowHeader do |value|
25
+ @allowed_headers << value
22
26
  end
23
27
  end
24
28
 
25
29
  def initialize(pretty_print: false, &block)
26
30
  @methods = {}
27
31
  @cors = CorsInfo.new
28
- @script = ""
32
+ @script = ''
29
33
  # defaults
30
34
  @cors.apply do
31
- AllowOrigin "*"
32
- AllowHeader 'origin'
33
- AllowHeader 'content-type'
34
- AllowHeader 'accept'
35
- AllowHeader 'cache-control'
36
- AllowHeader 'x-requested-with'
37
- AllowHeader 'if-modified-since'
35
+ AllowOrigin '*'
36
+ AllowHeader 'origin'
37
+ AllowHeader 'content-type'
38
+ AllowHeader 'accept'
39
+ AllowHeader 'cache-control'
40
+ AllowHeader 'x-requested-with'
41
+ AllowHeader 'if-modified-since'
38
42
  end
39
43
  @pretty_print = pretty_print
40
44
  instance_eval(&block)
41
45
  end
42
46
 
43
47
  def method_missing(name, *args, &block)
44
- "#{name}".split("_").each do |meth|
45
- valid_methods = ["GET", "PUT", "POST", "PATCH", "DELETE", "HEAD", "OPTIONS"]
46
- if valid_methods.include?("#{meth}")
48
+ name.to_s.split('_').each do |meth|
49
+ valid_methods = %w[GET PUT POST PATCH DELETE HEAD OPTIONS]
50
+ if valid_methods.include?(meth.to_s)
47
51
  path = args[0]
48
- @methods[path] = {} if !@methods.has_key?(path)
49
-
50
- @methods[path][meth] = { script: args.last, params: args.select{|arg| arg.is_a?(Symbol) && /\A[a-zA-Z\-0-9_]+\Z/.match("#{arg}") } }
52
+ @methods[path] = {} unless @methods.key?(path)
53
+
54
+ @methods[path][meth] = { script: args.last, params: args.select { |arg| arg.is_a?(Symbol) && /\A[a-zA-Z\-0-9_]+\Z/.match(arg.to_s) } }
51
55
  else
52
56
  super
53
57
  end
54
58
  end
55
59
  end
56
60
 
57
- def CORS(&block)
61
+ defi :CORS do |&block|
58
62
  @cors.apply(&block)
59
63
  end
60
64
 
61
- def SCRIPT(value)
65
+ defi :SCRIPT do |value|
62
66
  @script = value
63
67
  end
64
68
 
65
69
  def init_script
66
- @script
70
+ @script
67
71
  end
68
72
 
69
73
  def self.combine_modules(dest)
70
- orig_modules = File.join(Gem.loaded_specs['sumomo'].full_gem_path, "data", "sumomo", "api_modules", "node_modules")
74
+ orig_modules = File.join(Gem.loaded_specs['sumomo'].full_gem_path, 'data', 'sumomo', 'api_modules', 'node_modules')
71
75
 
72
- `cp -Ra #{orig_modules}/ #{dest}/`
73
- `cp -Ra node_modules/* #{dest}/`
76
+ `cp -Ra #{orig_modules}/ #{dest}/`
77
+ `cp -Ra node_modules/* #{dest}/`
74
78
  end
75
79
 
76
80
  def generate
81
+ pretty_print = if @pretty_print
82
+ ', null, 2'
83
+ else
84
+ ''
85
+ end
77
86
 
78
- if @pretty_print
79
- pretty_print = ", null, 2"
80
- else
81
- pretty_print = ""
82
- end
83
-
84
- result = ""
87
+ result = ''
85
88
 
86
89
  all_methods = @methods.clone
87
90
 
88
91
  # Generate appropriate options methods as well
89
92
 
90
93
  @methods.each do |path, resource|
91
- meths = resource.map{|meth,info| meth}
94
+ meths = resource.map { |meth, _info| meth }
92
95
 
93
- # Insert OPTIONS method if there isn't already one
94
- if !all_methods[path].has_key?("OPTIONS")
95
- all_methods[path]["OPTIONS"] = { script: <<-SCRIPT, params: [] }
96
+ # Insert OPTIONS method if there isn't already one
97
+ next if all_methods[path].key?('OPTIONS')
98
+
99
+ all_methods[path]['OPTIONS'] = { script: <<-SCRIPT, params: [] }
96
100
  var headers = {}
97
- headers["Access-Control-Allow-Origin"] = #{@cors.allowed_origins.join(",").inspect}
101
+ headers["Access-Control-Allow-Origin"] = #{@cors.allowed_origins.join(',').inspect}
98
102
  headers["Access-Control-Request-Method"] = '*'
99
103
  headers["Access-Control-Allow-Methods"] = '#{meths.join(', ')}'
100
- headers["Access-Control-Allow-Headers"] = #{@cors.allowed_headers.join(",").inspect}
104
+ headers["Access-Control-Allow-Headers"] = #{@cors.allowed_headers.join(',').inspect}
101
105
 
102
106
  respond_with({methods: #{meths.inspect}}, 200, headers)
103
- SCRIPT
104
- end
107
+ SCRIPT
105
108
  end
106
109
 
107
-
108
110
  all_methods.each do |path, resource|
109
- resource.each do |method, method_info|
111
+ resource.each do |method, method_info|
112
+ parameter_list = method_info[:params].join(', ')
113
+ parameter_call_list = method_info[:params].map { |parm| "params['#{parm}']" }.join(', ')
110
114
 
111
- parameter_list = method_info[:params].join(", ")
112
- parameter_call_list = method_info[:params].map{|parm| "params['#{parm}']"}.join(", ")
113
-
114
- result += <<-SCRIPT
115
+ result += <<-SCRIPT
115
116
 
116
117
  router.#{method.downcase}('#{path}', prepare(function (event, callback) {
117
118
 
@@ -126,7 +127,7 @@ module Sumomo
126
127
  {
127
128
  var headers = {}
128
129
  headers["Content-Type"] = "application/json; charset=utf-8"
129
- headers["Access-Control-Allow-Origin"] = #{@cors.allowed_origins.join(",").inspect}
130
+ headers["Access-Control-Allow-Origin"] = #{@cors.allowed_origins.join(',').inspect}
130
131
 
131
132
  if (response_headers)
132
133
  {
@@ -147,141 +148,137 @@ module Sumomo
147
148
 
148
149
  var retval = function (#{parameter_list}) {
149
150
  #{method_info[:script]}
150
- }( #{ parameter_call_list } );
151
+ }( #{parameter_call_list} );
151
152
 
152
153
  }));
153
154
 
154
- SCRIPT
155
- end
155
+ SCRIPT
156
156
  end
157
+ end
157
158
  result
158
159
  end
159
160
  end
160
161
 
162
+ def make_api(domain_name, name:, script: nil, dns: nil, cert: nil, with_statements: [], &block)
163
+ api = make 'AWS::ApiGateway::RestApi', name: name do
164
+ Name name
165
+ end
161
166
 
162
- def make_api(domain_name, name:, script:nil, dns:nil, cert:nil, with_statements:[], &block)
163
-
164
- api = make "AWS::ApiGateway::RestApi", name: name do
165
- Name name
166
- end
167
+ script ||= File.read(File.join(Gem.loaded_specs['sumomo'].full_gem_path, 'data', 'sumomo', 'api_modules', 'real_script.js'))
167
168
 
168
- script ||= File.read(File.join(Gem.loaded_specs['sumomo'].full_gem_path, "data", "sumomo", "api_modules", "real_script.js"))
169
+ apigen = APIGenerator.new(&block)
170
+ script.sub!('// {{ ROUTES }}', apigen.generate)
171
+ script.gsub!('{{ SCRIPT }}', apigen.init_script)
172
+ script.gsub!('{{ REGION }}', @region)
173
+ script.gsub!('{{ BUCKET }}', @bucket_name)
174
+ script.gsub!('{{ STORE_PREFIX }}', 'functions/' + name)
169
175
 
170
- apigen = APIGenerator.new(&block);
171
- script.sub!("// {{ ROUTES }}", apigen.generate);
172
- script.gsub!("{{ SCRIPT }}", apigen.init_script);
173
- script.gsub!("{{ REGION }}", @region);
174
- script.gsub!("{{ BUCKET }}", @bucket_name);
175
- script.gsub!("{{ STORE_PREFIX }}", "functions/" + name);
176
+ module_dir = '.build_modules'
176
177
 
177
- module_dir = ".build_modules"
178
+ APIGenerator.combine_modules(module_dir)
178
179
 
179
- APIGenerator.combine_modules(module_dir)
180
+ files = Dir[File.join(module_dir, '**/*')].select { |x| File.file?(x) }.map do |x|
181
+ { name: x.sub(%r{^#{module_dir}/}, ''), code: File.read(x) }
182
+ end
180
183
 
181
- files = Dir[File.join(module_dir, "**/*")].select{|x| File.file?(x)}.map do |x|
182
- { name: x.sub(/^#{module_dir}\//, ""), code: File.read(x) }
183
- end
184
+ files += [{ name: 'index.js', code: script }]
184
185
 
185
- files += [ {name:"index.js", code:script} ]
186
+ fun = make_lambda(name: "#{name}Lambda#{@version_number}", files: files, with_statements: with_statements)
186
187
 
187
- fun = make_lambda(name: "#{name}Lambda#{@version_number}", files:files, with_statements:with_statements)
188
+ resource = make 'AWS::ApiGateway::Resource', name: "#{name}Resource" do
189
+ ParentId api.RootResourceId
190
+ PathPart '{proxy+}'
191
+ RestApiId api
192
+ end
188
193
 
189
- resource = make "AWS::ApiGateway::Resource", name: "#{name}Resource" do
190
- ParentId api.RootResourceId
191
- PathPart "{proxy+}"
192
- RestApiId api
193
- end
194
+ meth = make 'AWS::ApiGateway::Method', name: "#{name}MethodOther" do
195
+ RestApiId api
196
+ ResourceId resource
197
+ HttpMethod 'ANY'
198
+ AuthorizationType 'NONE'
199
+ Integration ({
200
+ Type: 'AWS_PROXY',
201
+ IntegrationHttpMethod: 'POST',
202
+ Uri: call('Fn::Join', '', ['arn:aws:apigateway:', ref('AWS::Region'), ':lambda:path', '/2015-03-31/functions/', fun.Arn, '/invocations'])
203
+ })
204
+ end
194
205
 
195
- meth = make "AWS::ApiGateway::Method", name: "#{name}MethodOther" do
196
- RestApiId api
197
- ResourceId resource
198
- HttpMethod "ANY"
199
- AuthorizationType "NONE"
200
- Integration ({
201
- Type: "AWS_PROXY",
202
- IntegrationHttpMethod: "POST",
203
- Uri: call("Fn::Join", "", ["arn:aws:apigateway:" ,ref("AWS::Region") ,":lambda:path", "/2015-03-31/functions/", fun.Arn, "/invocations"])
204
- })
205
- end
206
+ meth2 = make 'AWS::ApiGateway::Method', name: "#{name}MethodRoot" do
207
+ RestApiId api
208
+ ResourceId api.RootResourceId
209
+ HttpMethod 'ANY'
210
+ AuthorizationType 'NONE'
211
+ Integration ({
212
+ Type: 'AWS_PROXY',
213
+ IntegrationHttpMethod: 'POST',
214
+ Uri: call('Fn::Join', '', ['arn:aws:apigateway:', ref('AWS::Region'), ':lambda:path', '/2015-03-31/functions/', fun.Arn, '/invocations'])
215
+ })
216
+ end
206
217
 
207
- meth2 = make "AWS::ApiGateway::Method", name: "#{name}MethodRoot" do
208
- RestApiId api
209
- ResourceId api.RootResourceId
210
- HttpMethod "ANY"
211
- AuthorizationType "NONE"
212
- Integration ({
213
- Type: "AWS_PROXY",
214
- IntegrationHttpMethod: "POST",
215
- Uri: call("Fn::Join", "", ["arn:aws:apigateway:" ,ref("AWS::Region") ,":lambda:path", "/2015-03-31/functions/", fun.Arn, "/invocations"])
216
- })
217
- end
218
+ make 'AWS::Lambda::Permission', name: "#{name}LambdaPermission" do
219
+ FunctionName fun.Arn
220
+ Action 'lambda:InvokeFunction'
221
+ Principal 'apigateway.amazonaws.com'
222
+ end
218
223
 
219
- make "AWS::Lambda::Permission", name: "#{name}LambdaPermission" do
220
- FunctionName fun.Arn
221
- Action "lambda:InvokeFunction"
222
- Principal "apigateway.amazonaws.com"
223
- end
224
+ deployment = make 'AWS::ApiGateway::Deployment', name: "#{name}Deployment#{@version_number}" do
225
+ depends_on meth
226
+ depends_on meth2
227
+ RestApiId api
228
+ end
224
229
 
225
- deployment = make "AWS::ApiGateway::Deployment", name: "#{name}Deployment#{@version_number}" do
226
- depends_on meth
227
- depends_on meth2
228
- RestApiId api
229
- end
230
+ stage = make 'AWS::ApiGateway::Stage', name: "#{name}Stage" do
231
+ RestApiId api
232
+ DeploymentId deployment
233
+ StageName 'test'
234
+ end
230
235
 
231
- stage = make "AWS::ApiGateway::Stage", name: "#{name}Stage" do
232
- RestApiId api
233
- DeploymentId deployment
234
- StageName "test"
235
- end
236
+ root_name = /(?<root_name>[^.]+\.[^.]+)$/.match(domain_name)[:root_name]
236
237
 
237
- root_name = /(?<root_name>[^.]+\.[^.]+)$/.match(domain_name)[:root_name]
238
+ cert ||= make 'Custom::USEastCertificate', name: "#{name}Certificate" do
239
+ DomainName domain_name
240
+ end
238
241
 
239
- cert ||= make "Custom::USEastCertificate", name: "#{name}Certificate" do
240
- DomainName domain_name
241
- end
242
+ domain = make 'Custom::APIDomainName', name: "#{name}DomainName" do
243
+ DomainName domain_name
244
+ CertificateArn cert
245
+ end
242
246
 
243
- domain = make "Custom::APIDomainName", name: "#{name}DomainName" do
244
- DomainName domain_name
245
- CertificateArn cert
246
- end
247
+ make 'AWS::ApiGateway::BasePathMapping', name: "#{name}BasePathMapping" do
248
+ BasePath '(none)'
249
+ DomainName domain
250
+ RestApiId api
251
+ Stage stage
252
+ end
247
253
 
248
- make "AWS::ApiGateway::BasePathMapping", name: "#{name}BasePathMapping" do
249
- BasePath "(none)"
250
- DomainName domain
251
- RestApiId api
252
- Stage stage
254
+ if dns[:type] == :cloudflare
255
+ make 'Custom::CloudflareDNSEntry', name: "#{name}CloudFlareEntry" do
256
+ Key dns[:key]
257
+ Email dns[:email]
258
+ Domain root_name
259
+ Entry domain_name.sub(/#{root_name}$/, '').chomp('.')
260
+ CNAME call('Fn::Join', '', [api, '.execute-api.', ref('AWS::Region'), '.amazonaws.com'])
253
261
  end
254
-
255
- if dns[:type] == :cloudflare
256
- make "Custom::CloudflareDNSEntry", name: "#{name}CloudFlareEntry" do
257
- Key dns[:key]
258
- Email dns[:email]
259
- Domain root_name
260
- Entry domain_name.sub(/#{root_name}$/, "").chomp(".")
261
- CNAME call("Fn::Join", "", [api, ".execute-api.", ref("AWS::Region"), ".amazonaws.com"])
262
- end
263
- domain_name
264
- elsif dns[:type] == :route53
265
- make "AWS::Route53::RecordSet", name: "#{name}Route53Entry" do
266
- HostedZoneId dns[:hosted_zone]
267
- Name domain_name
268
- Type "CNAME"
269
- ResourceRecords [ call("Fn::Join", "", [api, ".execute-api.", ref("AWS::Region"), ".amazonaws.com"]) ]
270
- end
271
- domain_name
272
- else
273
- call("Fn::Join", "", [api, ".execute-api.", ref("AWS::Region"), ".amazonaws.com"])
262
+ domain_name
263
+ elsif dns[:type] == :route53
264
+ make 'AWS::Route53::RecordSet', name: "#{name}Route53Entry" do
265
+ HostedZoneId dns[:hosted_zone]
266
+ Name domain_name
267
+ Type 'CNAME'
268
+ ResourceRecords [call('Fn::Join', '', [api, '.execute-api.', ref('AWS::Region'), '.amazonaws.com'])]
274
269
  end
275
-
270
+ domain_name
271
+ else
272
+ call('Fn::Join', '', [api, '.execute-api.', ref('AWS::Region'), '.amazonaws.com'])
273
+ end
276
274
  end
277
275
 
278
276
  def cloudflare_dns(key:, email:)
279
- {type: :cloudflare, key: key, email: email}
277
+ { type: :cloudflare, key: key, email: email }
280
278
  end
281
279
 
282
280
  def route53_dns(hosted_zone:)
283
- {type: :route53, hosted_zone: hosted_zone}
281
+ { type: :route53, hosted_zone: hosted_zone }
284
282
  end
285
-
286
283
  end
287
284
  end
data/lib/sumomo/cdn.rb CHANGED
@@ -1,128 +1,134 @@
1
+ # frozen_string_literal: true
1
2
 
2
3
  module Sumomo
3
4
  module Stack
4
- def make_cdn_from_dir(domain:, cert:nil, dns:nil, name:nil, dir:, low_ttl: [], lambda_assocs:{})
5
-
6
- bucket_name = @bucket_name
7
-
8
- name ||= make_default_resource_name("CDN")
9
-
10
- puts "Uploading files..."
11
- `aws --version`
12
- `aws s3 --region #{@region} sync #{dir} "s3://#{bucket_name}/uploads/#{domain}" --size-only --delete`
13
- puts "Done."
14
-
15
- oai = make "Custom::OriginAccessIdentity"
16
-
17
- make "AWS::S3::BucketPolicy" do
18
- Bucket "#{bucket_name}"
19
- PolicyDocument({
20
- Version: "2008-10-17",
21
- Id: "PolicyForCloudFrontPrivateContent",
22
- Statement: [
23
- {
24
- Effect: "Allow",
25
- Principal: {
26
- CanonicalUser: oai.S3CanonicalUserId
27
- },
28
- Action: "s3:GetObject",
29
- Resource: "arn:aws:s3:::#{bucket_name}/uploads/#{domain}/*"
30
- }
31
- ]
32
- })
33
- end
5
+ def copy_to_uploads!(from_directory, to_directory)
6
+ bucket_name = @bucket_name
7
+ location = "s3://#{bucket_name}/uploads/#{to_directory}"
34
8
 
35
- viewer_policy = "allow-all"
36
- if cert
37
- viewer_policy = "redirect-to-https"
38
- end
9
+ puts 'Uploading files...'
10
+ `aws --version`
11
+ `aws s3 --region #{@region} sync #{from_directory} "#{location}" --size-only --delete`
12
+ puts 'Done.'
39
13
 
40
- cdn = make "AWS::CloudFront::Distribution", name: name do
41
- DistributionConfig do
42
- Origins [{
43
- Id: "originBucket",
44
- DomainName: "#{bucket_name}.s3.amazonaws.com",
45
- OriginPath: "/uploads/#{domain}",
46
- S3OriginConfig: {
47
- OriginAccessIdentity: oai
48
- }
49
- }]
50
-
51
- CacheBehaviors low_ttl.map{ |pattern|
52
- {
53
- PathPattern: pattern,
54
- ForwardedValues: {
55
- QueryString: "false",
56
- Cookies: { Forward: "none" }
57
- },
58
- TargetOriginId: "originBucket",
59
- ViewerProtocolPolicy: viewer_policy,
60
- DefaultTTL: 60,
61
- MaxTTL: 60,
62
- MinTTL: 60
63
- }
64
- }.to_a
65
-
66
- Enabled "true"
67
- DefaultRootObject "index.html"
68
- Aliases [ domain ]
69
-
70
- if cert
71
- ViewerCertificate {
72
- AcmCertificateArn cert
73
- SslSupportMethod "sni-only"
74
- }
75
- else
76
- ViewerCertificate { CloudFrontDefaultCertificate "true" }
77
- end
78
-
79
- DefaultCacheBehavior do
80
- AllowedMethods ["GET", "HEAD", "OPTIONS"]
81
- TargetOriginId "originBucket"
82
- ViewerProtocolPolicy viewer_policy
83
- ForwardedValues {
84
- QueryString "false"
85
- Cookies { Forward "none" }
86
- }
87
-
88
- LambdaFunctionAssociations (lambda_assocs.map do |event_type,arns|
89
- arns.map do |arn|
90
- {EventType: event_type, LambdaFunctionARN: arn}
91
- end.to_a
92
- end.flatten)
93
- end
94
-
95
- Logging do
96
- IncludeCookies "false"
97
- Bucket "#{bucket_name}.s3.amazonaws.com"
98
- Prefix "logs/#{domain}/"
99
- end
14
+ location
15
+ end
16
+
17
+ def make_cdn_from_dir(domain:, cert: nil, dns: nil, name: nil, dir:, low_ttl: [], lambda_assocs: {})
18
+ bucket_name = @bucket_name
19
+
20
+ name ||= make_default_resource_name('CDN')
21
+
22
+ copy_to_uploads!(dir, domain)
23
+
24
+ oai = make 'Custom::OriginAccessIdentity'
25
+
26
+ make 'AWS::S3::BucketPolicy' do
27
+ Bucket bucket_name.to_s
28
+ PolicyDocument(
29
+ Version: '2008-10-17',
30
+ Id: 'PolicyForCloudFrontPrivateContent',
31
+ Statement: [
32
+ {
33
+ Effect: 'Allow',
34
+ Principal: {
35
+ CanonicalUser: oai.S3CanonicalUserId
36
+ },
37
+ Action: 's3:GetObject',
38
+ Resource: "arn:aws:s3:::#{bucket_name}/uploads/#{domain}/*"
39
+ }
40
+ ]
41
+ )
42
+ end
43
+
44
+ viewer_policy = 'allow-all'
45
+ viewer_policy = 'redirect-to-https' if cert
46
+
47
+ cdn = make 'AWS::CloudFront::Distribution', name: name do
48
+ DistributionConfig do
49
+ Origins [{
50
+ Id: 'originBucket',
51
+ DomainName: "#{bucket_name}.s3.amazonaws.com",
52
+ OriginPath: "/uploads/#{domain}",
53
+ S3OriginConfig: {
54
+ OriginAccessIdentity: oai
55
+ }
56
+ }]
57
+
58
+ CacheBehaviors low_ttl.map { |pattern|
59
+ {
60
+ PathPattern: pattern,
61
+ ForwardedValues: {
62
+ QueryString: 'false',
63
+ Cookies: { Forward: 'none' }
64
+ },
65
+ TargetOriginId: 'originBucket',
66
+ ViewerProtocolPolicy: viewer_policy,
67
+ DefaultTTL: 60,
68
+ MaxTTL: 60,
69
+ MinTTL: 60
70
+ }
71
+ }.to_a
72
+
73
+ Enabled 'true'
74
+ DefaultRootObject 'index.html'
75
+ Aliases [domain]
76
+
77
+ if cert
78
+ ViewerCertificate do
79
+ AcmCertificateArn cert
80
+ SslSupportMethod 'sni-only'
81
+ end
82
+ else
83
+ ViewerCertificate { CloudFrontDefaultCertificate 'true' }
84
+ end
85
+
86
+ DefaultCacheBehavior do
87
+ AllowedMethods %w[GET HEAD OPTIONS]
88
+ TargetOriginId 'originBucket'
89
+ ViewerProtocolPolicy viewer_policy
90
+ ForwardedValues do
91
+ QueryString 'false'
92
+ Cookies { Forward 'none' }
100
93
  end
94
+
95
+ LambdaFunctionAssociations lambda_assocs.map do |event_type, arns|
96
+ arns.map do |arn|
97
+ { EventType: event_type, LambdaFunctionARN: arn }
98
+ end.to_a
99
+ end.flatten
100
+ end
101
+
102
+ Logging do
103
+ IncludeCookies 'false'
104
+ Bucket "#{bucket_name}.s3.amazonaws.com"
105
+ Prefix "logs/#{domain}/"
106
+ end
101
107
  end
108
+ end
102
109
 
103
- root_name = /(?<root_name>[^.]+\.[^.]+)$/.match(domain)[:root_name]
110
+ root_name = /(?<root_name>[^.]+\.[^.]+)$/.match(domain)[:root_name]
104
111
 
105
- if !dns
112
+ if !dns
106
113
 
107
- elsif dns[:type] == :cloudflare
108
- make "Custom::CloudflareDNSEntry", name: "#{name}CloudFlareEntry" do
109
- Key dns[:key]
110
- Email dns[:email]
111
- Domain root_name
112
- Entry domain.sub(/#{root_name}$/, "").chomp(".")
113
- CNAME cdn.DomainName
114
- end
115
- elsif dns[:type] == :route53
116
- make "AWS::Route53::RecordSet", name: "#{name}Route53Entry" do
117
- HostedZoneId dns[:hosted_zone]
118
- Name domain
119
- Type "CNAME"
120
- ResourceRecords [ cdn.DomainName ]
121
- end
114
+ elsif dns[:type] == :cloudflare
115
+ make 'Custom::CloudflareDNSEntry', name: "#{name}CloudFlareEntry" do
116
+ Key dns[:key]
117
+ Email dns[:email]
118
+ Domain root_name
119
+ Entry domain.sub(/#{root_name}$/, '').chomp('.')
120
+ CNAME cdn.DomainName
122
121
  end
122
+ elsif dns[:type] == :route53
123
+ make 'AWS::Route53::RecordSet', name: "#{name}Route53Entry" do
124
+ HostedZoneId dns[:hosted_zone]
125
+ Name domain
126
+ Type 'CNAME'
127
+ ResourceRecords [cdn.DomainName]
128
+ end
129
+ end
123
130
 
124
- cdn
125
-
131
+ cdn
126
132
  end
127
133
  end
128
134
  end