terraforming 0.8.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 244d11650e141679a1bc58831f9e1d54b5f15cba
-  data.tar.gz: 7fe2d54b847abc14c4069ae8186bb3378cbe635e
+  metadata.gz: e25c86438b0694ab932b97b00822656e83141f71
+  data.tar.gz: 861aa06a491303fa7cdf1c58a6d85af7190e232d
 SHA512:
-  metadata.gz: 111cd0aa7c13dd04f64afcf8562756a88bdbaaf6df8698bbbb390b65504f3d7196feeeab90692a41254599f62bbff86db16e2c68aeff3200afa3858b32936ec6
-  data.tar.gz: 9d4870b66f7e9fa38c7f05179be35db7cb0fec3a3e08533519e0128d1e9cff8e637890b15a33ff4c7d018eb5a65147c5e3b18bb60f679bc03bc7449ebc986884
+  metadata.gz: 71bdf8cf49d0a7ba4920c2c798671a81e72c572aae3226ac25d4f93596a14e9b1919f63607f79e0f7595b8bbb2f5111dd61a4d67c7443d891e72e5de151180f9
+  data.tar.gz: 323795cc9c10264244424123ed34df95e11b3a75384d0067588a8aa759c20c2a77c14aed9572e989ac49dce7701500cf39b15b99aac7d3ef46f44e5a246b744b

data/CHANGELOG.md

@@ -1,3 +1,14 @@
+# [v0.9.0](https://github.com/dtan4/terraforming/releases/tag/v0.8.0) (2016-06-12)
+
+## Resource
+
+- AWS IAM Policy Attachment #225
+
+## Fixed / Updated
+
+- Add `access_logs` attribute to ELB #223
+- Add `internal` attribute to ELB #221 (thanks @kbruner)
+
 # [v0.8.0](https://github.com/dtan4/terraforming/releases/tag/v0.8.0) (2016-05-29)
 
 ## Notice

data/README.md

@@ -79,11 +79,13 @@ Commands:
   terraforming ecsn            # ElastiCache Subnet Group
   terraforming eip             # EIP
   terraforming elb             # ELB
+  terraforming help [COMMAND]  # Describe available commands or one specifi...
   terraforming iamg            # IAM Group
   terraforming iamgm           # IAM Group Membership
   terraforming iamgp           # IAM Group Policy
   terraforming iamip           # IAM Instance Profile
   terraforming iamp            # IAM Policy
+  terraforming iamp            # IAM Policy Attachment
   terraforming iamr            # IAM Role
   terraforming iamrp           # IAM Role Policy
   terraforming iamu            # IAM User
@@ -104,6 +106,13 @@ Commands:
   terraforming sqs             # SQS
   terraforming vgw             # VPN Gateway
   terraforming vpc             # VPC
+
+Options:
+  [--merge=MERGE]                  # tfstate file to merge
+  [--overwrite], [--no-overwrite]  # Overwrite existng tfstate
+  [--tfstate], [--no-tfstate]      # Generate tfstate
+  [--profile=PROFILE]              # AWS credentials profile
+  [--region=REGION]                # AWS region
 ```
 
 ### Export tf

data/lib/terraforming.rb

@@ -25,6 +25,7 @@ require "terraforming/resource/iam_group_membership"
 require "terraforming/resource/iam_group_policy"
 require "terraforming/resource/iam_instance_profile"
 require "terraforming/resource/iam_policy"
+require "terraforming/resource/iam_policy_attachment"
 require "terraforming/resource/iam_role"
 require "terraforming/resource/iam_role_policy"
 require "terraforming/resource/iam_user"

data/lib/terraforming/cli.rb

@@ -76,6 +76,11 @@ module Terraforming
       execute(Terraforming::Resource::IAMPolicy, options)
     end
 
+    desc "iamp", "IAM Policy Attachment"
+    def iampa
+      execute(Terraforming::Resource::IAMPolicyAttachment, options)
+    end
+
     desc "iamr", "IAM Role"
     def iamr
       execute(Terraforming::Resource::IAMRole, options)

data/lib/terraforming/resource/elb.rb

@@ -31,10 +31,16 @@ module Terraforming
             "id" => load_balancer.load_balancer_name,
             "idle_timeout" => load_balancer_attributes.connection_settings.idle_timeout.to_s,
             "instances.#" => load_balancer.instances.length.to_s,
+            "internal" => internal?(load_balancer).to_s,
             "name" => load_balancer.load_balancer_name,
             "source_security_group" => load_balancer.source_security_group.group_name,
           }
 
+          if load_balancer_attributes.access_log.enabled
+
+          end
+
+          attributes.merge!(access_logs_attributes_of(load_balancer_attributes))
           attributes.merge!(healthcheck_attributes_of(load_balancer))
           attributes.merge!(listeners_attributes_of(load_balancer))
           attributes.merge!(sg_attributes_of(load_balancer))
@@ -55,6 +61,23 @@ module Terraforming
         end
       end
 
+      def access_logs_attributes_of(load_balancer_attributes)
+        access_log = load_balancer_attributes.access_log
+
+        if access_log.enabled
+          {
+            "access_logs.#" => "1",
+            "access_logs.0.bucket" => access_log.s3_bucket_name,
+            "access_logs.0.bucket_prefix" => access_log.s3_bucket_prefix,
+            "access_logs.0.interval" => access_log.emit_interval.to_s,
+          }
+        else
+          {
+            "access_logs.#" => "0",
+          }
+        end
+      end
+
       def healthcheck_attributes_of(elb)
         hashcode = healthcheck_hashcode_of(elb.health_check)
         attributes = {
@@ -172,6 +195,10 @@ module Terraforming
       def vpc_elb?(load_balancer)
         load_balancer.vpc_id != ""
       end
+
+      def internal?(load_balancer)
+        load_balancer.scheme == "internal"
+      end
     end
   end
 end

data/lib/terraforming/resource/iam_policy_attachment.rb

@@ -0,0 +1,69 @@
+module Terraforming
+  module Resource
+    class IAMPolicyAttachment
+      include Terraforming::Util
+
+      def self.tf(client: Aws::IAM::Client.new)
+        self.new(client).tf
+      end
+
+      def self.tfstate(client: Aws::IAM::Client.new)
+        self.new(client).tfstate
+      end
+
+      def initialize(client)
+        @client = client
+      end
+
+      def tf
+        apply_template(@client, "tf/iam_policy_attachment")
+      end
+
+      def tfstate
+        iam_policy_attachments.inject({}) do |resources, policy_attachment|
+          attributes = {
+            "id" => policy_attachment[:name],
+            "name" => policy_attachment[:name],
+            "policy_arn" => policy_attachment[:arn],
+            "groups.#" => policy_attachment[:entities].policy_groups.length.to_s,
+            "users.#" => policy_attachment[:entities].policy_users.length.to_s,
+            "roles.#" => policy_attachment[:entities].policy_roles.length.to_s,
+          }
+          resources["aws_iam_policy_attachment.#{policy_attachment[:name]}"] = {
+            "type" => "aws_iam_policy_attachment",
+            "primary" => {
+              "id" => policy_attachment[:name],
+              "attributes" => attributes
+            }
+          }
+
+          resources
+        end
+      end
+
+      private
+
+      def attachment_name_from(policy)
+        "#{policy.policy_name}-policy-attachment"
+      end
+
+      def entities_for_policy(policy)
+        @client.list_entities_for_policy(policy_arn: policy.arn)
+      end
+
+      def iam_policies
+        @client.list_policies(scope: "Local").policies
+      end
+
+      def iam_policy_attachments
+        iam_policies.map do |policy|
+          {
+            arn: policy.arn,
+            entities: entities_for_policy(policy),
+            name: attachment_name_from(policy),
+          }
+        end
+      end
+    end
+  end
+end

data/lib/terraforming/template/tf/elb.erb

@@ -13,7 +13,16 @@ resource "aws_elb" "<%= module_name_of(load_balancer) %>" {
     idle_timeout                = <%= load_balancer_attributes.connection_settings.idle_timeout %>
     connection_draining         = <%= load_balancer_attributes.connection_draining.enabled %>
     connection_draining_timeout = <%= load_balancer_attributes.connection_draining.timeout %>
+    internal                    = <%= internal?(load_balancer).to_s %>
 
+<%- if load_balancer_attributes.access_log.enabled -%>
+    access_logs {
+        bucket        = "<%= load_balancer_attributes.access_log.s3_bucket_name %>"
+        bucket_prefix = "<%= load_balancer_attributes.access_log.s3_bucket_prefix %>"
+        interval      = <%= load_balancer_attributes.access_log.emit_interval %>
+    }
+
+<%- end -%>
 <% load_balancer.listener_descriptions.map { |ld| ld.listener }.map do |listener| -%>
     listener {
         instance_port      = <%= listener.instance_port %>

data/lib/terraforming/template/tf/iam_policy_attachment.erb

@@ -0,0 +1,10 @@
+<% iam_policy_attachments.each do |policy_attachment| -%>
+resource "aws_iam_policy_attachment" "<%= policy_attachment[:name] %>" {
+    name       = "<%= policy_attachment[:name] %>"
+    policy_arn = "<%= policy_attachment[:arn] %>"
+    groups     = <%= policy_attachment[:entities].policy_groups.map(&:group_name).inspect %>
+    users      = <%= policy_attachment[:entities].policy_users.map(&:user_name).inspect %>
+    roles      = <%= policy_attachment[:entities].policy_roles.map(&:role_name).inspect %>
+}
+
+<% end -%>

data/lib/terraforming/version.rb

@@ -1,3 +1,3 @@
 module Terraforming
-  VERSION = "0.8.0"
+  VERSION = "0.9.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: terraforming
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.9.0
 platform: ruby
 authors:
 - Daisuke Fujita
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-05-29 00:00:00.000000000 Z
+date: 2016-06-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -172,6 +172,7 @@ files:
 - lib/terraforming/resource/iam_group_policy.rb
 - lib/terraforming/resource/iam_instance_profile.rb
 - lib/terraforming/resource/iam_policy.rb
+- lib/terraforming/resource/iam_policy_attachment.rb
 - lib/terraforming/resource/iam_role.rb
 - lib/terraforming/resource/iam_role_policy.rb
 - lib/terraforming/resource/iam_user.rb
@@ -206,6 +207,7 @@ files:
 - lib/terraforming/template/tf/iam_group_policy.erb
 - lib/terraforming/template/tf/iam_instance_profile.erb
 - lib/terraforming/template/tf/iam_policy.erb
+- lib/terraforming/template/tf/iam_policy_attachment.erb
 - lib/terraforming/template/tf/iam_role.erb
 - lib/terraforming/template/tf/iam_role_policy.erb
 - lib/terraforming/template/tf/iam_user.erb