terraforming 0.0.5 → 0.1.0

data/lib/terraforming/resource/route53_zone.rb

@@ -3,12 +3,12 @@ module Terraforming
     class Route53Zone
       include Terraforming::Util
 
-      def self.tf(client = Aws::Route53::Client.new)
+      def self.tf(client: Aws::Route53::Client.new)
         self.new(client).tf
       end
 
-      def self.tfstate(client = Aws::Route53::Client.new)
-        self.new(client).tfstate
+      def self.tfstate(client: Aws::Route53::Client.new, tfstate_base: nil)
+        self.new(client).tfstate(tfstate_base)
       end
 
       def initialize(client)
@@ -19,7 +19,7 @@ module Terraforming
         apply_template(@client, "tf/route53_zone")
       end
 
-      def tfstate
+      def tfstate(tfstate_base)
         resources = hosted_zones.inject({}) do |result, hosted_zone|
           zone_id = zone_id_of(hosted_zone)
 
@@ -41,7 +41,7 @@ module Terraforming
           result
         end
 
-        generate_tfstate(resources)
+        generate_tfstate(resources, tfstate_base)
       end
 
       private

data/lib/terraforming/resource/s3.rb

@@ -3,12 +3,12 @@ module Terraforming
     class S3
       include Terraforming::Util
 
-      def self.tf(client = Aws::S3::Client.new)
+      def self.tf(client: Aws::S3::Client.new)
         self.new(client).tf
       end
 
-      def self.tfstate(client = Aws::S3::Client.new)
-        self.new(client).tfstate
+      def self.tfstate(client: Aws::S3::Client.new, tfstate_base: nil)
+        self.new(client).tfstate(tfstate_base)
       end
 
       def initialize(client)
@@ -19,7 +19,7 @@ module Terraforming
         apply_template(@client, "tf/s3")
       end
 
-      def tfstate
+      def tfstate(tfstate_base)
         resources = buckets.inject({}) do |result, bucket|
           result["aws_s3_bucket.#{module_name_of(bucket)}"] = {
             "type" => "aws_s3_bucket",
@@ -36,7 +36,7 @@ module Terraforming
           result
         end
 
-        generate_tfstate(resources)
+        generate_tfstate(resources, tfstate_base)
       end
 
       private

data/lib/terraforming/resource/security_group.rb

@@ -3,12 +3,12 @@ module Terraforming
     class SecurityGroup
       include Terraforming::Util
 
-      def self.tf(client = Aws::EC2::Client.new)
+      def self.tf(client: Aws::EC2::Client.new)
         self.new(client).tf
       end
 
-      def self.tfstate(client = Aws::EC2::Client.new)
-        self.new(client).tfstate
+      def self.tfstate(client: Aws::EC2::Client.new, tfstate_base: nil)
+        self.new(client).tfstate(tfstate_base)
       end
 
       def initialize(client)
@@ -19,17 +19,20 @@ module Terraforming
         apply_template(@client, "tf/security_group")
       end
 
-      def tfstate
+      def tfstate(tfstate_base)
         resources = security_groups.inject({}) do |result, security_group|
           attributes = {
             "description" => security_group.description,
-            "egress.#" => security_group.ip_permissions_egress.length.to_s,
             "id" => security_group.group_id,
-            "ingress.#" => security_group.ip_permissions.length.to_s,
             "name" => security_group.group_name,
             "owner_id" => security_group.owner_id,
             "vpc_id" => security_group.vpc_id || "",
           }
+
+          attributes.merge!(tags_attributes_of(security_group))
+          attributes.merge!(egress_attributes_of(security_group))
+          attributes.merge!(ingress_attributes_of(security_group))
+
           result["aws_security_group.#{module_name_of(security_group)}"] = {
             "type" => "aws_security_group",
             "primary" => {
@@ -41,18 +44,94 @@ module Terraforming
           result
         end
 
-        generate_tfstate(resources)
+        generate_tfstate(resources, tfstate_base)
       end
 
       private
 
+      def ingress_attributes_of(security_group)
+        attributes = { "ingress.#" => security_group.ip_permissions.length.to_s }
+
+        security_group.ip_permissions.each do |permission|
+          attributes.merge!(permission_attributes_of(security_group, permission, "ingress"))
+        end
+
+        attributes
+      end
+
+      def egress_attributes_of(security_group)
+        attributes = { "egress.#" => security_group.ip_permissions_egress.length.to_s }
+
+        security_group.ip_permissions_egress.each do |permission|
+          attributes.merge!(permission_attributes_of(security_group, permission, "egress"))
+        end
+
+        attributes
+      end
+
+      def group_hashcode_of(group)
+        Zlib.crc32(group)
+      end
+
       def module_name_of(security_group)
         normalize_module_name("#{security_group.group_id}-#{security_group.group_name}")
       end
 
+      def permission_attributes_of(security_group, permission, type)
+        hashcode = permission_hashcode_of(security_group, permission)
+        security_groups = security_groups_in(permission).reject { |group_id| group_id == security_group.group_id }
+
+        attributes = {
+          "#{type}.#{hashcode}.from_port" => (permission.from_port || 0).to_s,
+          "#{type}.#{hashcode}.to_port" => (permission.to_port || 0).to_s,
+          "#{type}.#{hashcode}.protocol" => permission.ip_protocol,
+          "#{type}.#{hashcode}.cidr_blocks.#" => permission.ip_ranges.length.to_s,
+          "#{type}.#{hashcode}.security_groups.#" => security_groups.length.to_s,
+          "#{type}.#{hashcode}.self" => self_referenced_permission?(security_group, permission).to_s,
+        }
+
+        permission.ip_ranges.each_with_index do |range, index|
+          attributes["#{type}.#{hashcode}.cidr_blocks.#{index}"] = range.cidr_ip
+        end
+
+        security_groups.each do |group|
+          attributes["#{type}.#{hashcode}.security_groups.#{group_hashcode_of(group)}"] = group
+        end
+
+        attributes
+      end
+
+      def permission_hashcode_of(security_group, permission)
+        string =
+          "#{permission.from_port || 0}-" <<
+          "#{permission.to_port || 0}-" <<
+          "#{permission.ip_protocol}-" <<
+          "#{self_referenced_permission?(security_group, permission).to_s}-"
+
+        permission.ip_ranges.each { |range| string << "#{range.cidr_ip}-" }
+        security_groups_in(permission).each { |group| string << "#{group}-" }
+
+        Zlib.crc32(string)
+      end
+
+      def self_referenced_permission?(security_group, permission)
+        security_groups_in(permission).include?(security_group.group_id)
+      end
+
       def security_groups
         @client.describe_security_groups.security_groups
       end
+
+      def security_groups_in(permission)
+        permission.user_id_group_pairs.map { |range| range.group_id }
+      end
+
+      def tags_attributes_of(security_group)
+        tags = security_group.tags
+        attributes = { "tags.#" => tags.length.to_s }
+        tags.each { |tag| attributes["tags.#{tag.key}"] = tag.value }
+        attributes
+      end
     end
   end
 end

data/lib/terraforming/resource/subnet.rb

@@ -3,12 +3,12 @@ module Terraforming
     class Subnet
       include Terraforming::Util
 
-      def self.tf(client = Aws::EC2::Client.new)
+      def self.tf(client: Aws::EC2::Client.new)
         self.new(client).tf
       end
 
-      def self.tfstate(client = Aws::EC2::Client.new)
-        self.new(client).tfstate
+      def self.tfstate(client: Aws::EC2::Client.new, tfstate_base: nil)
+        self.new(client).tfstate(tfstate_base)
       end
 
       def initialize(client)
@@ -19,7 +19,7 @@ module Terraforming
         apply_template(@client, "tf/subnet")
       end
 
-      def tfstate
+      def tfstate(tfstate_base)
         resources = subnets.inject({}) do |result, subnet|
           attributes = {
             "availability_zone" => subnet.availability_zone,
@@ -40,7 +40,7 @@ module Terraforming
           result
         end
 
-        generate_tfstate(resources)
+        generate_tfstate(resources, tfstate_base)
       end
 
       private

data/lib/terraforming/resource/vpc.rb

@@ -3,12 +3,12 @@ module Terraforming
     class VPC
       include Terraforming::Util
 
-      def self.tf(client = Aws::EC2::Client.new)
+      def self.tf(client: Aws::EC2::Client.new)
         self.new(client).tf
       end
 
-      def self.tfstate(client = Aws::EC2::Client.new)
-        self.new(client).tfstate
+      def self.tfstate(client: Aws::EC2::Client.new, tfstate_base: nil)
+        self.new(client).tfstate(tfstate_base)
       end
 
       def initialize(client)
@@ -19,7 +19,7 @@ module Terraforming
         apply_template(@client, "tf/vpc")
       end
 
-      def tfstate
+      def tfstate(tfstate_base)
         resources = vpcs.inject({}) do |result, vpc|
           attributes = {
             "cidr_block" => vpc.cidr_block,
@@ -40,7 +40,7 @@ module Terraforming
           result
         end
 
-        generate_tfstate(resources)
+        generate_tfstate(resources, tfstate_base)
       end
 
       private

data/lib/terraforming/template/tf/elb.erb

@@ -2,8 +2,11 @@
   <%- load_balancer_attributes = load_balancer_attributes_of(load_balancer) -%>
 resource "aws_elb" "<%= module_name_of(load_balancer) %>" {
     name                        = "<%= load_balancer.load_balancer_name %>"
-    availability_zones          = <%= load_balancer.availability_zones.inspect %>
+  <%- if vpc_elb?(load_balancer) -%>
     subnets                     = <%= load_balancer.subnets.inspect %>
+  <%- else -%>
+    availability_zones          = <%= load_balancer.availability_zones.inspect %>
+  <%- end -%>
     security_groups             = <%= load_balancer.security_groups.inspect %>
     instances                   = <%= load_balancer.instances.map { |instance| instance.instance_id }.inspect %>
     cross_zone_load_balancing   = <%= load_balancer_attributes.cross_zone_load_balancing.enabled %>

data/lib/terraforming/template/tf/iam_group_policy.erb

@@ -3,7 +3,7 @@ resource "aws_iam_group_policy" "<%= policy.policy_name %>" {
     name   = "<%= policy.policy_name %>"
     group  = "<%= policy.group_name %>"
     policy = <<POLICY
-<%= CGI.unescape(policy.policy_document).strip %>
+<%= prettify_policy(policy.policy_document) %>
 POLICY
 }
 

data/lib/terraforming/template/tf/iam_instance_profile.erb

@@ -0,0 +1,8 @@
+<% iam_instance_profiles.each do |profile| -%>
+resource "aws_iam_instance_profile" "<%= profile.instance_profile_name %>" {
+    name  = "<%= profile.instance_profile_name %>"
+    path  = "<%= profile.path %>"
+    roles = <%= profile.roles.map { |role| role.role_name }.inspect %>
+}
+
+<% end -%>

data/lib/terraforming/template/tf/iam_policy.erb

@@ -4,7 +4,7 @@ resource "aws_iam_policy" "<%= policy.policy_name %>" {
     name   = "<%= policy.policy_name %>"
     path   = "<%= policy.path %>"
     policy = <<POLICY
-<%= CGI.unescape(version.document).strip %>
+<%= prettify_policy(version.document) %>
 POLICY
 }
 

data/lib/terraforming/template/tf/iam_role.erb

@@ -0,0 +1,10 @@
+<% iam_roles.each do |role| -%>
+resource "aws_iam_role" "<%= role.role_name %>" {
+    name               = "<%= role.role_name %>"
+    path               = "<%= role.path %>"
+    assume_role_policy = <<POLICY
+<%= prettify_policy(role.assume_role_policy_document) %>
+POLICY
+}
+
+<% end -%>

data/lib/terraforming/template/tf/iam_role_policy.erb

@@ -0,0 +1,10 @@
+<% iam_role_policies.each do |policy| -%>
+resource "aws_iam_role_policy" "<%= policy.policy_name %>" {
+    name   = "<%= policy.policy_name %>"
+    role   = "<%= policy.role_name %>"
+    policy = <<POLICY
+<%= prettify_policy(policy.policy_document) %>
+POLICY
+}
+
+<% end -%>

data/lib/terraforming/template/tf/iam_user_policy.erb

@@ -3,7 +3,7 @@ resource "aws_iam_user_policy" "<%= policy.policy_name %>" {
     name   = "<%= policy.policy_name %>"
     user   = "<%= policy.user_name %>"
     policy = <<POLICY
-<%= CGI.unescape(policy.policy_document).strip %>
+<%= prettify_policy(policy.policy_document) %>
 POLICY
 }
 

data/lib/terraforming/template/tf/network_acl.erb

@@ -1,6 +1,7 @@
 <% network_acls.each do |network_acl| -%>
 resource "aws_network_acl" "<%= module_name_of(network_acl) %>" {
-    vpc_id = "<%= network_acl.vpc_id %>"
+    vpc_id     = "<%= network_acl.vpc_id %>"
+    subnet_ids = <%= subnet_ids_of(network_acl).inspect %>
 
 <% ingresses_of(network_acl).each do |ingress| -%>
     ingress {

data/lib/terraforming/template/tf/security_group.erb

@@ -5,6 +5,7 @@ resource "aws_security_group" "<%= module_name_of(security_group) %>" {
     vpc_id      = "<%= security_group.vpc_id || '' %>"
 
 <% security_group.ip_permissions.each do |permission| -%>
+  <%- security_groups = security_groups_in(permission).reject { |group_id| group_id == security_group.group_id } -%>
     ingress {
         from_port       = <%= permission.from_port || 0 %>
         to_port         = <%= permission.to_port || 0 %>
@@ -13,7 +14,11 @@ resource "aws_security_group" "<%= module_name_of(security_group) %>" {
         cidr_blocks     = <%= permission.ip_ranges.map { |range| range.cidr_ip }.inspect %>
 <%- end -%>
 <%- if permission.user_id_group_pairs.length > 0 -%>
-        security_groups = <%= permission.user_id_group_pairs.map { |range| range.group_id }.inspect %>
+  <%- self_referenced = self_referenced_permission?(security_group, permission) -%>
+  <%- unless self_referenced -%>
+        security_groups = <%= security_groups.inspect %>
+  <%- end -%>
+        self            = <%= self_referenced %>
 <%- end -%>
     }
 
@@ -28,7 +33,11 @@ resource "aws_security_group" "<%= module_name_of(security_group) %>" {
         cidr_blocks     = <%= permission.ip_ranges.map { |range| range.cidr_ip }.inspect %>
 <%- end -%>
 <%- if permission.user_id_group_pairs.length > 0 -%>
-        security_groups = <%= permission.user_id_group_pairs.map { |range| range.group_id }.inspect %>
+  <%- self_referenced = self_referenced_permission?(security_group, permission) -%>
+  <%- unless self_referenced -%>
+        security_groups = <%= security_groups_in(permission).inspect %>
+  <%- end -%>
+        self            = <%= self_referenced %>
 <%- end -%>
     }
 

data/lib/terraforming/util.rb

@@ -17,22 +17,37 @@ module Terraforming
       File.join(File.expand_path(File.dirname(__FILE__)), "template", template_name) << ".erb"
     end
 
-    def generate_tfstate(resources)
-      tfstate = {
+    def generate_tfstate(resources, tfstate_base = nil)
+      tfstate = tfstate_base || tfstate_skeleton
+      tfstate["serial"] = tfstate["serial"] + 1
+      tfstate["modules"][0]["resources"] = tfstate["modules"][0]["resources"].merge(resources)
+      JSON.pretty_generate(tfstate)
+    end
+
+    def prettify_policy(policy_document, breakline = false)
+      json = JSON.pretty_generate(JSON.parse(CGI.unescape(policy_document)))
+
+      if breakline
+        json[-1] != "\n" ? json << "\n" : json
+      else
+        json.strip
+      end
+    end
+
+    def tfstate_skeleton
+      {
         "version" => 1,
-        "serial" => 1,
+        "serial" => 0,
         "modules" => [
           {
             "path" => [
               "root"
             ],
             "outputs" => {},
-            "resources" => resources
+            "resources" => {},
           }
         ]
       }
-
-      JSON.pretty_generate(tfstate)
     end
   end
 end

data/lib/terraforming/version.rb

@@ -1,3 +1,3 @@
 module Terraforming
-  VERSION = "0.0.5"
+  VERSION = "0.1.0"
 end

data/terraforming.gemspec

@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "aws-sdk", "~> 2.0", ">= 2.0.36"
+  spec.add_dependency "aws-sdk", "~> 2.1.0"
   spec.add_dependency "oj"
   spec.add_dependency "ox"
   spec.add_dependency "thor"