terrafying-components 1.11.1 → 1.11.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/terrafying/components/ca.rb +41 -11
  3. data/lib/terrafying/components/letsencrypt.rb +4 -4
  4. data/lib/terrafying/components/selfsignedca.rb +17 -17
  5. data/lib/terrafying/components/version.rb +1 -1
  6. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ee4074787f808bd89409e8b894451783ed8eec194a04f4f72beb88d2eb65423b
4
- data.tar.gz: e33ac6dfd74898a03be89752a3cf1b51d2de91f5dce7d873d0385304916739f5
3
+ metadata.gz: 499cfe6fa11f73e48e60e02ae9e8542b72dbea6e445e93e70cf855fb5b498fa0
4
+ data.tar.gz: 985649a6af0759d832d408bab622f6edc365f2ab7f8ff482d236d487667190cc
5
5
  SHA512:
6
- metadata.gz: 384ca6d019b261e3491a1aaaf875f2653c545d72fb34472b2f912a1521659ef5c19e1f842b75fb2eaf1976629c7fbb9d880e59ef2239ae761d6899d9e0adb239
7
- data.tar.gz: 4b3568b174c99c9c8b7bb369dcefa0dd1178b302ba03db84484de5facad0fffc33ef494254744b3a4a0e1eb3d9bfa8eeeac4db58fa2f5aa11c737aa5da5ce4ea
6
+ metadata.gz: 43ef035bcd5c195555bbc46092837d0eeefcad2c535cb2191ed79c8c7468789e7bf3e8eccee187279fa2e6e741786c4934be2a93286d94489430b32b86ebfe55
7
+ data.tar.gz: a68d6e1b5d3b8300fd37638ebbad1bf3b60ac2b498eabcb448007a65b3cd929022291abde0ca7f4110061bd171e72e93df7902da098894ac431bede2e3b23c27
data/lib/terrafying/components/ca.rb CHANGED
@@ -9,11 +9,41 @@ module Terrafying
9
9
  create_keypair_in(self, name, options)
10
10
  end
11
11
 
12
- def path(object)
13
- output_of(:aws_s3_bucket_object, object, :bucket).to_s + output_of(:aws_s3_bucket_object, object, :key).to_s
12
+ def ca?(name)
13
+ name == @name
14
14
  end
15
15
 
16
- def reference_keypair(ctx, name, key, cert)
16
+ def object_ident(name)
17
+ (ca? name) ? @name : "#{@name}-#{tf_safe(name)}"
18
+ end
19
+
20
+ def object_name(name, type)
21
+ "#{object_ident(name)}-#{type.to_s}"
22
+ end
23
+
24
+ def object_key(name, type, version='')
25
+ if (ca? name)
26
+ File.join('', @prefix, @name, "ca.#{type.to_s}")
27
+ else
28
+ raise "A non-ca object must have a version" if version.empty?
29
+ File.join('', @prefix, @name, name, version, type.to_s)
30
+ end
31
+ end
32
+
33
+ def object_arn(name, type, version="*")
34
+ key = object_key(name, type, version)
35
+
36
+ "arn:aws:s3:::#{@bucket}#{key}"
37
+ end
38
+
39
+ def object_url(name, type)
40
+ name = object_name(name, type)
41
+ key = output_of(:aws_s3_bucket_object, name, :key).to_s
42
+
43
+ File.join("s3://", "#{@bucket}#{key}")
44
+ end
45
+
46
+ def reference_keypair(ctx, name)
17
47
  ref = {
18
48
  name: name,
19
49
  ca: self,
@@ -22,12 +52,12 @@ module Terrafying
22
52
  key: File.join("/etc/ssl", @name, name, "key"),
23
53
  },
24
54
  source: {
25
- cert: File.join("s3://", path(cert)),
26
- key: File.join("s3://", path(key)),
55
+ cert: object_url(name, :cert),
56
+ key: object_url(name, :key),
27
57
  },
28
58
  resources: [
29
- "aws_s3_bucket_object.#{key}",
30
- "aws_s3_bucket_object.#{cert}"
59
+ "aws_s3_bucket_object.#{object_name(name, :key)}",
60
+ "aws_s3_bucket_object.#{object_name(name, :cert)}"
31
61
  ],
32
62
  iam_statement: {
33
63
  Effect: "Allow",
@@ -36,15 +66,15 @@ module Terrafying
36
66
  "s3:GetObject",
37
67
  ],
38
68
  Resource: [
39
- "arn:aws:s3:::#{path(@name + '-cert')}",
40
- "arn:aws:s3:::#{path(cert)}",
41
- "arn:aws:s3:::#{path(key)}",
69
+ object_arn(@name, :cert),
70
+ object_arn(name, :cert),
71
+ object_arn(name, :key),
42
72
  ]
43
73
  }
44
74
  }
45
75
 
46
76
  if self == ctx
47
- ref[:resources] << "aws_s3_bucket_object.#{@name}-cert"
77
+ ref[:resources] << "aws_s3_bucket_object.#{object_name(@name, :cert)}"
48
78
  end
49
79
 
50
80
  ref
data/lib/terrafying/components/letsencrypt.rb CHANGED
@@ -74,14 +74,14 @@ module Terrafying
74
74
  @ca_cert = cert.read
75
75
  end
76
76
 
77
- resource :aws_s3_bucket_object, "#{@name}-cert", {
77
+ resource :aws_s3_bucket_object, object_name(@name, :cert), {
78
78
  bucket: @bucket,
79
- key: File.join('', @prefix, @name, "ca.cert"),
79
+ key: object_key(@name, :cert),
80
80
  content: @ca_cert,
81
81
  acl: @ca_cert_acl
82
82
  }
83
83
 
84
- @source = File.join("s3://", path("#{@name}-cert"))
84
+ @source = object_url(@name, :cert)
85
85
 
86
86
  self
87
87
  end
@@ -142,7 +142,7 @@ module Terrafying
142
142
  content: output_of(:acme_certificate, key_ident, :certificate_pem).to_s + @ca_cert,
143
143
  }
144
144
 
145
- reference_keypair(ctx, name, "#{key_ident}-key", "#{key_ident}-cert")
145
+ reference_keypair(ctx, name)
146
146
  end
147
147
 
148
148
  end
data/lib/terrafying/components/selfsignedca.rb CHANGED
@@ -41,14 +41,14 @@ module Terrafying
41
41
  cert_acl = "private"
42
42
  end
43
43
 
44
- @source = File.join("s3://", path("#{@name}-cert"))
44
+ @source = object_url(@name, :cert)
45
45
 
46
46
  if options[:ca_key] && options[:ca_cert]
47
47
  @ca_key = options[:ca_key]
48
48
  @ca_cert = options[:ca_cert]
49
49
  resource :aws_s3_bucket_object, "#{@name}-cert", {
50
50
  bucket: @bucket,
51
- key: File.join('', @prefix, @name, "ca.cert"),
51
+ key: object_key(@name, :cert),
52
52
  content: @ca_cert,
53
53
  acl: cert_acl,
54
54
  }
@@ -80,9 +80,9 @@ module Terrafying
80
80
  @ca_key = output_of(:tls_private_key, @ident, :private_key_pem)
81
81
  @ca_cert = output_of(:tls_self_signed_cert, @ident, :cert_pem)
82
82
 
83
- resource :aws_s3_bucket_object, "#{@name}-cert", {
83
+ resource :aws_s3_bucket_object, object_name(@name, :cert), {
84
84
  bucket: @bucket,
85
- key: File.join('', @prefix, @name, "ca.cert"),
85
+ key: object_key(@name, :cert),
86
86
  content: @ca_cert,
87
87
  acl: cert_acl,
88
88
  }
@@ -91,7 +91,7 @@ module Terrafying
91
91
  end
92
92
 
93
93
  def keypair
94
- @ca_key_ref ||= resource :aws_s3_bucket_object, "#{@name}-key", {
94
+ @ca_key_ref ||= resource :aws_s3_bucket_object, object_name(@name, :key), {
95
95
  bucket: @bucket,
96
96
  key: File.join('', @prefix, @name, "ca.key"),
97
97
  content: @ca_key,
@@ -104,12 +104,12 @@ module Terrafying
104
104
  key: File.join("/etc/ssl", @name, "ca.key"),
105
105
  },
106
106
  source: {
107
- cert: File.join("s3://", path("#{@name}-cert")),
108
- key: File.join("s3://", path("#{@name}-key")),
107
+ cert: object_url(@name, :cert),
108
+ key: object_url(@name, :key),
109
109
  },
110
110
  resources: [
111
- "aws_s3_bucket_object.#{@name}-key",
112
- "aws_s3_bucket_object.#{@name}-cert"
111
+ "aws_s3_bucket_object.#{object_name(@name, :key)}",
112
+ "aws_s3_bucket_object.#{object_name(@name, :cert)}"
113
113
  ],
114
114
  iam_statement: {
115
115
  Effect: "Allow",
@@ -118,8 +118,8 @@ module Terrafying
118
118
  "s3:GetObject",
119
119
  ],
120
120
  Resource: [
121
- "arn:aws:s3:::#{path(@name + '-cert')}",
122
- "arn:aws:s3:::#{path(@name + '-key')}",
121
+ object_arn(@name, :cert),
122
+ object_arn(@name, :key),
123
123
  ]
124
124
  }
125
125
  }
@@ -140,7 +140,7 @@ module Terrafying
140
140
  curve: "P384",
141
141
  }.merge(options)
142
142
 
143
- key_ident = "#{@name}-#{tf_safe(name)}"
143
+ key_ident = object_ident(name)
144
144
 
145
145
  ctx.resource :tls_private_key, key_ident, {
146
146
  algorithm: @algorithm,
@@ -167,19 +167,19 @@ module Terrafying
167
167
  allowed_uses: options[:allowed_uses],
168
168
  }
169
169
 
170
- ctx.resource :aws_s3_bucket_object, "#{key_ident}-key", {
170
+ ctx.resource :aws_s3_bucket_object, object_name(name, :key), {
171
171
  bucket: @bucket,
172
- key: File.join('', @prefix, @name, name, "${sha256(tls_private_key.#{key_ident}.private_key_pem)}", "key"),
172
+ key: object_key(name, :key, "${sha256(tls_private_key.#{key_ident}.private_key_pem)}"),
173
173
  content: output_of(:tls_private_key, key_ident, :private_key_pem),
174
174
  }
175
175
 
176
- ctx.resource :aws_s3_bucket_object, "#{key_ident}-cert", {
176
+ ctx.resource :aws_s3_bucket_object, object_name(name, :cert), {
177
177
  bucket: @bucket,
178
- key: File.join('', @prefix, @name, name, "${sha256(tls_locally_signed_cert.#{key_ident}.cert_pem)}", "cert"),
178
+ key: object_key(name, :cert, "${sha256(tls_locally_signed_cert.#{key_ident}.cert_pem)}"),
179
179
  content: output_of(:tls_locally_signed_cert, key_ident, :cert_pem),
180
180
  }
181
181
 
182
- reference_keypair(ctx, name, "#{key_ident}-key", "#{key_ident}-cert")
182
+ reference_keypair(ctx, name)
183
183
  end
184
184
 
185
185
  end
data/lib/terrafying/components/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Terrafying
2
2
  module Components
3
- VERSION = "1.11.1"
3
+ VERSION = "1.11.2"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: terrafying-components
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.11.1
4
+ version: 1.11.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - uSwitch Limited