terrafying-components 1.10.9 → 1.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/terrafying/components/ca.rb +11 -9
- data/lib/terrafying/components/dynamicset.rb +10 -8
- data/lib/terrafying/components/letsencrypt.rb +6 -4
- data/lib/terrafying/components/loadbalancer.rb +1 -1
- data/lib/terrafying/components/selfsignedca.rb +17 -15
- data/lib/terrafying/components/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 73d7a37c078d36a198f7fa4c962b0efc1866c2372e178d4aa4011ffaff9e83f5
|
|
4
|
+
data.tar.gz: f14456cf4ae27f2f04a3b1a1263911a01ba05d3e8e329130c6b19eb0a50a330e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e7866109fc417b67150e1c607564039e78a6bc87b6901ed6cb430c5e9d09b086c56768eafdba7c40bb9f25e16285206449d9a15bb929e85f4e02e08dc5551cdc
|
|
7
|
+
data.tar.gz: e824409c34d34389993c87f89ff68880172f15e1e86f60b7660cde2e7a019f20da453a3580a1b922ce499897578e80519ad473376b7258893f241b4a99f3eba8
|
|
@@ -9,9 +9,11 @@ module Terrafying
|
|
|
9
9
|
create_keypair_in(self, name, options)
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
-
def
|
|
13
|
-
|
|
12
|
+
def path(object)
|
|
13
|
+
output_of(:aws_s3_bucket_object, object, :bucket).to_s + output_of(:aws_s3_bucket_object, object, :key).to_s
|
|
14
|
+
end
|
|
14
15
|
|
|
16
|
+
def reference_keypair(ctx, name, key, cert)
|
|
15
17
|
ref = {
|
|
16
18
|
name: name,
|
|
17
19
|
ca: self,
|
|
@@ -20,12 +22,12 @@ module Terrafying
|
|
|
20
22
|
key: File.join("/etc/ssl", @name, name, "key"),
|
|
21
23
|
},
|
|
22
24
|
source: {
|
|
23
|
-
cert: File.join("s3://",
|
|
24
|
-
key: File.join("s3://",
|
|
25
|
+
cert: File.join("s3://", path(cert)),
|
|
26
|
+
key: File.join("s3://", path(key)),
|
|
25
27
|
},
|
|
26
28
|
resources: [
|
|
27
|
-
"aws_s3_bucket_object.#{
|
|
28
|
-
"aws_s3_bucket_object.#{
|
|
29
|
+
"aws_s3_bucket_object.#{key}",
|
|
30
|
+
"aws_s3_bucket_object.#{cert}"
|
|
29
31
|
],
|
|
30
32
|
iam_statement: {
|
|
31
33
|
Effect: "Allow",
|
|
@@ -34,9 +36,9 @@ module Terrafying
|
|
|
34
36
|
"s3:GetObject",
|
|
35
37
|
],
|
|
36
38
|
Resource: [
|
|
37
|
-
"arn:aws:s3:::#{
|
|
38
|
-
"arn:aws:s3:::#{
|
|
39
|
-
"arn:aws:s3:::#{
|
|
39
|
+
"arn:aws:s3:::#{path(@name + '-cert')}",
|
|
40
|
+
"arn:aws:s3:::#{path(cert)}",
|
|
41
|
+
"arn:aws:s3:::#{path(key)}",
|
|
40
42
|
]
|
|
41
43
|
}
|
|
42
44
|
}
|
|
@@ -103,14 +103,16 @@ module Terrafying
|
|
|
103
103
|
end
|
|
104
104
|
tags = { Name: ident, service_name: name,}.merge(options[:tags]).merge(options[:instances].fetch(:tags, {})).map { |k,v| { Key: k, Value: v, PropagateAtLaunch: true }}
|
|
105
105
|
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
106
|
+
resource :aws_cloudformation_stack, ident, {
|
|
107
|
+
name: ident,
|
|
108
|
+
disable_rollback: true,
|
|
109
|
+
template_body: generate_template(
|
|
110
|
+
options[:health_check], options[:instances], launch_config,
|
|
111
|
+
options[:subnets].map(&:id), tags, options[:rolling_update]
|
|
112
|
+
),
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
@stack = "arn:aws:cloudformation:#{aws.region}:#{aws.account_id}:stack/#{ident}/*"
|
|
114
116
|
|
|
115
117
|
@asg = output_of(:aws_cloudformation_stack, ident, 'outputs["AsgName"]')
|
|
116
118
|
|
|
@@ -39,6 +39,7 @@ module Terrafying
|
|
|
39
39
|
provider: :staging,
|
|
40
40
|
email_address: "cloud@uswitch.com",
|
|
41
41
|
public_certificate: false,
|
|
42
|
+
curve: "P384",
|
|
42
43
|
}.merge(options)
|
|
43
44
|
|
|
44
45
|
@name = name
|
|
@@ -50,7 +51,7 @@ module Terrafying
|
|
|
50
51
|
|
|
51
52
|
resource :tls_private_key, "#{@name}-account", {
|
|
52
53
|
algorithm: "ECDSA",
|
|
53
|
-
ecdsa_curve:
|
|
54
|
+
ecdsa_curve: options[:curve],
|
|
54
55
|
}
|
|
55
56
|
|
|
56
57
|
resource :acme_registration, "#{@name}-reg", {
|
|
@@ -80,7 +81,7 @@ module Terrafying
|
|
|
80
81
|
acl: @ca_cert_acl
|
|
81
82
|
}
|
|
82
83
|
|
|
83
|
-
@source = File.join("s3://", @
|
|
84
|
+
@source = File.join("s3://", path("#{@name}-cert"))
|
|
84
85
|
|
|
85
86
|
self
|
|
86
87
|
end
|
|
@@ -98,13 +99,14 @@ module Terrafying
|
|
|
98
99
|
dns_names: [],
|
|
99
100
|
ip_addresses: [],
|
|
100
101
|
min_days_remaining: 21,
|
|
102
|
+
curve: "P384",
|
|
101
103
|
}.merge(options)
|
|
102
104
|
|
|
103
105
|
key_ident = "#{@name}-#{tf_safe(name)}"
|
|
104
106
|
|
|
105
107
|
ctx.resource :tls_private_key, key_ident, {
|
|
106
108
|
algorithm: "ECDSA",
|
|
107
|
-
ecdsa_curve:
|
|
109
|
+
ecdsa_curve: options[:curve],
|
|
108
110
|
}
|
|
109
111
|
|
|
110
112
|
ctx.resource :tls_cert_request, key_ident, {
|
|
@@ -140,7 +142,7 @@ module Terrafying
|
|
|
140
142
|
content: output_of(:acme_certificate, key_ident, :certificate_pem).to_s + @ca_cert,
|
|
141
143
|
}
|
|
142
144
|
|
|
143
|
-
reference_keypair(ctx, name)
|
|
145
|
+
reference_keypair(ctx, name, "#{key_ident}-key", "#{key_ident}-cert")
|
|
144
146
|
end
|
|
145
147
|
|
|
146
148
|
end
|
|
@@ -113,7 +113,7 @@ module Terrafying
|
|
|
113
113
|
internal: !options[:public],
|
|
114
114
|
tags: @tags,
|
|
115
115
|
}.merge(subnets_for(options[:subnets]))
|
|
116
|
-
.merge(application? ? { security_groups: [@security_group], idle_timeout: options[:idle_timeout] } : {})
|
|
116
|
+
.merge(application? ? { security_groups: [@security_group], idle_timeout: options[:idle_timeout], access_logs: options[:access_logs] } : {})
|
|
117
117
|
.compact
|
|
118
118
|
|
|
119
119
|
@targets = []
|
|
@@ -25,6 +25,7 @@ module Terrafying
|
|
|
25
25
|
common_name: name,
|
|
26
26
|
organization: "uSwitch Limited",
|
|
27
27
|
public_certificate: false,
|
|
28
|
+
curve: "P384",
|
|
28
29
|
}.merge(options)
|
|
29
30
|
|
|
30
31
|
@name = name
|
|
@@ -40,7 +41,7 @@ module Terrafying
|
|
|
40
41
|
cert_acl = "private"
|
|
41
42
|
end
|
|
42
43
|
|
|
43
|
-
@source = File.join("s3://", @
|
|
44
|
+
@source = File.join("s3://", path("#{@name}-cert"))
|
|
44
45
|
|
|
45
46
|
if options[:ca_key] && options[:ca_cert]
|
|
46
47
|
@ca_key = options[:ca_key]
|
|
@@ -58,7 +59,7 @@ module Terrafying
|
|
|
58
59
|
|
|
59
60
|
resource :tls_private_key, @ident, {
|
|
60
61
|
algorithm: @algorithm,
|
|
61
|
-
ecdsa_curve:
|
|
62
|
+
ecdsa_curve: options[:curve],
|
|
62
63
|
}
|
|
63
64
|
|
|
64
65
|
resource :tls_self_signed_cert, @ident, {
|
|
@@ -90,11 +91,11 @@ module Terrafying
|
|
|
90
91
|
end
|
|
91
92
|
|
|
92
93
|
def keypair
|
|
93
|
-
resource :aws_s3_bucket_object, "#{@name}-key", {
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
94
|
+
@ca_key_ref ||= resource :aws_s3_bucket_object, "#{@name}-key", {
|
|
95
|
+
bucket: @bucket,
|
|
96
|
+
key: File.join(@prefix, @name, "ca.key"),
|
|
97
|
+
content: @ca_key,
|
|
98
|
+
}
|
|
98
99
|
|
|
99
100
|
{
|
|
100
101
|
ca: self,
|
|
@@ -103,8 +104,8 @@ module Terrafying
|
|
|
103
104
|
key: File.join("/etc/ssl", @name, "ca.key"),
|
|
104
105
|
},
|
|
105
106
|
source: {
|
|
106
|
-
cert: File.join("s3://", @
|
|
107
|
-
key: File.join("s3://", @
|
|
107
|
+
cert: File.join("s3://", path("#{@name}-cert")),
|
|
108
|
+
key: File.join("s3://", path("#{@name}-key")),
|
|
108
109
|
},
|
|
109
110
|
resources: [
|
|
110
111
|
"aws_s3_bucket_object.#{@name}-key",
|
|
@@ -117,8 +118,8 @@ module Terrafying
|
|
|
117
118
|
"s3:GetObject",
|
|
118
119
|
],
|
|
119
120
|
Resource: [
|
|
120
|
-
"arn:aws:s3:::#{
|
|
121
|
-
"arn:aws:s3:::#{
|
|
121
|
+
"arn:aws:s3:::#{path(@name + '-cert')}",
|
|
122
|
+
"arn:aws:s3:::#{path(@name + '-key')}",
|
|
122
123
|
]
|
|
123
124
|
}
|
|
124
125
|
}
|
|
@@ -136,13 +137,14 @@ module Terrafying
|
|
|
136
137
|
],
|
|
137
138
|
dns_names: [],
|
|
138
139
|
ip_addresses: [],
|
|
140
|
+
curve: "P384",
|
|
139
141
|
}.merge(options)
|
|
140
142
|
|
|
141
143
|
key_ident = "#{@name}-#{tf_safe(name)}"
|
|
142
144
|
|
|
143
145
|
ctx.resource :tls_private_key, key_ident, {
|
|
144
146
|
algorithm: @algorithm,
|
|
145
|
-
ecdsa_curve:
|
|
147
|
+
ecdsa_curve: options[:curve],
|
|
146
148
|
}
|
|
147
149
|
|
|
148
150
|
ctx.resource :tls_cert_request, key_ident, {
|
|
@@ -167,17 +169,17 @@ module Terrafying
|
|
|
167
169
|
|
|
168
170
|
ctx.resource :aws_s3_bucket_object, "#{key_ident}-key", {
|
|
169
171
|
bucket: @bucket,
|
|
170
|
-
key: File.join(@prefix, @name, name, "key"),
|
|
172
|
+
key: File.join(@prefix, @name, name, "${sha256(tls_private_key.#{key_ident}.private_key_pem)}", "key"),
|
|
171
173
|
content: output_of(:tls_private_key, key_ident, :private_key_pem),
|
|
172
174
|
}
|
|
173
175
|
|
|
174
176
|
ctx.resource :aws_s3_bucket_object, "#{key_ident}-cert", {
|
|
175
177
|
bucket: @bucket,
|
|
176
|
-
key: File.join(@prefix, @name, name, "cert"),
|
|
178
|
+
key: File.join(@prefix, @name, name, "${sha256(tls_locally_signed_cert.#{key_ident}.cert_pem)}", "cert"),
|
|
177
179
|
content: output_of(:tls_locally_signed_cert, key_ident, :cert_pem),
|
|
178
180
|
}
|
|
179
181
|
|
|
180
|
-
reference_keypair(ctx, name)
|
|
182
|
+
reference_keypair(ctx, name, "#{key_ident}-key", "#{key_ident}-cert")
|
|
181
183
|
end
|
|
182
184
|
|
|
183
185
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: terrafying-components
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.11.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- uSwitch Limited
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-01-
|
|
11
|
+
date: 2019-01-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|