terrafying-components 1.11.15 → 1.11.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. checksums.yaml +4 -4
  2. data/lib/hash/merge_with_arrays.rb +2 -0
  3. data/lib/terrafying/components.rb +1 -0
  4. data/lib/terrafying/components/auditd.rb +7 -7
  5. data/lib/terrafying/components/ca.rb +17 -21
  6. data/lib/terrafying/components/dynamicset.rb +103 -116
  7. data/lib/terrafying/components/endpoint.rb +32 -41
  8. data/lib/terrafying/components/endpointservice.rb +15 -21
  9. data/lib/terrafying/components/ignition.rb +42 -49
  10. data/lib/terrafying/components/instance.rb +56 -55
  11. data/lib/terrafying/components/instanceprofile.rb +35 -44
  12. data/lib/terrafying/components/letsencrypt.rb +60 -71
  13. data/lib/terrafying/components/loadbalancer.rb +43 -43
  14. data/lib/terrafying/components/ports.rb +12 -11
  15. data/lib/terrafying/components/prometheus.rb +124 -95
  16. data/lib/terrafying/components/selfsignedca.rb +90 -104
  17. data/lib/terrafying/components/service.rb +41 -51
  18. data/lib/terrafying/components/staticset.rb +58 -68
  19. data/lib/terrafying/components/subnet.rb +21 -31
  20. data/lib/terrafying/components/templates/ignition.yaml +26 -5
  21. data/lib/terrafying/components/usable.rb +78 -92
  22. data/lib/terrafying/components/version.rb +3 -1
  23. data/lib/terrafying/components/vpc.rb +181 -209
  24. data/lib/terrafying/components/vpn.rb +136 -156
  25. data/lib/terrafying/components/zone.rb +38 -48
  26. metadata +6 -6
data/lib/terrafying/components/instanceprofile.rb CHANGED
@@ -1,13 +1,11 @@
1
+ # frozen_string_literal: true
1
2
 
2
3
  module Terrafying
3
-
4
4
  module Components
5
-
6
5
  class InstanceProfile < Terrafying::Context
7
-
8
6
  attr_reader :id, :resource_name, :role_arn, :role_resource
9
7
 
10
- def self.create(name, options={})
8
+ def self.create(name, options = {})
11
9
  InstanceProfile.new.create name, options
12
10
  end
13
11
 
@@ -15,39 +13,35 @@ module Terrafying
15
13
  InstanceProfile.new.find name
16
14
  end
17
15
 
18
- def initialize()
16
+ def initialize
19
17
  super
20
18
  end
21
19
 
22
- def find(name)
20
+ def find(_name)
23
21
  raise 'unimplemented'
24
22
  end
25
23
 
26
- def create(name, options={})
24
+ def create(name, options = {})
27
25
  options = {
28
- statements: [],
26
+ statements: []
29
27
  }.merge(options)
30
28
 
31
- resource :aws_iam_role, name, {
32
- name: name,
33
- assume_role_policy: JSON.pretty_generate(
29
+ resource :aws_iam_role, name,
30
+ name: name,
31
+ assume_role_policy: JSON.pretty_generate(
32
+ Version: '2012-10-17',
33
+ Statement: [
34
34
  {
35
- Version: "2012-10-17",
36
- Statement: [
37
- {
38
- Effect: "Allow",
39
- Principal: { "Service": "ec2.amazonaws.com"},
40
- Action: "sts:AssumeRole"
41
- }
42
- ]
35
+ Effect: 'Allow',
36
+ Principal: { "Service": 'ec2.amazonaws.com' },
37
+ Action: 'sts:AssumeRole'
43
38
  }
44
- )
45
- }
39
+ ]
40
+ )
46
41
 
47
- @id = resource :aws_iam_instance_profile, name, {
48
- name: name,
49
- role: output_of(:aws_iam_role, name, :name),
50
- }
42
+ @id = resource :aws_iam_instance_profile, name,
43
+ name: name,
44
+ role: output_of(:aws_iam_role, name, :name)
51
45
  @name = name
52
46
  @resource_name = "aws_iam_instance_profile.#{name}"
53
47
 
@@ -55,25 +49,25 @@ module Terrafying
55
49
  @role_resource = "aws_iam_role.#{name}"
56
50
 
57
51
  @statements = [
58
- {
59
- Sid: "Stmt1442396947000",
60
- Effect: "Allow",
61
- Action: [
62
- "iam:GetGroup",
63
- "iam:GetSSHPublicKey",
64
- "iam:GetUser",
65
- "iam:ListSSHPublicKeys"
66
- ],
67
- Resource: [
68
- "arn:aws:iam::*"
69
- ]
70
- }
52
+ {
53
+ Sid: 'Stmt1442396947000',
54
+ Effect: 'Allow',
55
+ Action: [
56
+ 'iam:GetGroup',
57
+ 'iam:GetSSHPublicKey',
58
+ 'iam:GetUser',
59
+ 'iam:ListSSHPublicKeys'
60
+ ],
61
+ Resource: [
62
+ 'arn:aws:iam::*'
63
+ ]
64
+ }
71
65
  ].push(*options[:statements])
72
66
 
73
67
  @policy_config = {
74
68
  name: @name,
75
69
  policy: policy,
76
- role: output_of(:aws_iam_role, @name, :name),
70
+ role: output_of(:aws_iam_role, @name, :name)
77
71
  }
78
72
 
79
73
  resource :aws_iam_role_policy, @name, @policy_config
@@ -83,10 +77,8 @@ module Terrafying
83
77
 
84
78
  def policy
85
79
  JSON.pretty_generate(
86
- {
87
- Version: "2012-10-17",
88
- Statement: @statements,
89
- }
80
+ Version: '2012-10-17',
81
+ Statement: @statements
90
82
  )
91
83
  end
92
84
 
@@ -94,7 +86,6 @@ module Terrafying
94
86
  @statements << statement
95
87
  @policy_config[:policy] = policy
96
88
  end
97
-
98
89
  end
99
90
  end
100
91
  end
data/lib/terrafying/components/letsencrypt.rb CHANGED
@@ -6,12 +6,11 @@ require 'open-uri'
6
6
  module Terrafying
7
7
  module Components
8
8
  class LetsEncrypt < Terrafying::Context
9
-
10
9
  attr_reader :name, :source
11
10
 
12
11
  include CA
13
12
 
14
- def self.create(name, bucket, options={})
13
+ def self.create(name, bucket, options = {})
15
14
  LetsEncrypt.new.create name, bucket, options
16
15
  end
17
16
 
@@ -33,13 +32,13 @@ module Terrafying
33
32
  }
34
33
  end
35
34
 
36
- def create(name, bucket, options={})
35
+ def create(name, bucket, options = {})
37
36
  options = {
38
- prefix: "",
37
+ prefix: '',
39
38
  provider: :staging,
40
- email_address: "cloud@uswitch.com",
39
+ email_address: 'cloud@uswitch.com',
41
40
  public_certificate: false,
42
- curve: "P384",
41
+ curve: 'P384'
43
42
  }.merge(options)
44
43
 
45
44
  @name = name
@@ -49,24 +48,21 @@ module Terrafying
49
48
 
50
49
  provider :tls, {}
51
50
 
52
- resource :tls_private_key, "#{@name}-account", {
53
- algorithm: "ECDSA",
54
- ecdsa_curve: options[:curve],
55
- }
51
+ resource :tls_private_key, "#{@name}-account",
52
+ algorithm: 'ECDSA',
53
+ ecdsa_curve: options[:curve]
56
54
 
57
- resource :acme_registration, "#{@name}-reg", {
58
- provider: @acme_provider[:ref],
59
- account_key_pem: output_of(:tls_private_key, "#{@name}-account", "private_key_pem"),
60
- email_address: options[:email_address],
61
- }
55
+ resource :acme_registration, "#{@name}-reg",
56
+ provider: @acme_provider[:ref],
57
+ account_key_pem: output_of(:tls_private_key, "#{@name}-account", 'private_key_pem'),
58
+ email_address: options[:email_address]
62
59
 
63
60
  @account_key = output_of(:acme_registration, "#{@name}-reg", 'account_key_pem')
64
61
 
65
- resource :aws_s3_bucket_object, "#{@name}-account", {
66
- bucket: @bucket,
67
- key: File.join('', @prefix, @name, "account.key"),
68
- content: @account_key,
69
- }
62
+ resource :aws_s3_bucket_object, "#{@name}-account",
63
+ bucket: @bucket,
64
+ key: File.join('', @prefix, @name, 'account.key'),
65
+ content: @account_key
70
66
 
71
67
  @ca_cert_acl = options[:public_certificate] ? 'public-read' : 'private'
72
68
 
@@ -74,77 +70,70 @@ module Terrafying
74
70
  @ca_cert = cert.read
75
71
  end
76
72
 
77
- resource :aws_s3_bucket_object, object_name(@name, :cert), {
78
- bucket: @bucket,
79
- key: object_key(@name, :cert),
80
- content: @ca_cert,
81
- acl: @ca_cert_acl
82
- }
73
+ resource :aws_s3_bucket_object, object_name(@name, :cert),
74
+ bucket: @bucket,
75
+ key: object_key(@name, :cert),
76
+ content: @ca_cert,
77
+ acl: @ca_cert_acl
83
78
 
84
79
  @source = object_url(@name, :cert)
85
80
 
86
81
  self
87
82
  end
88
83
 
89
- def create_keypair_in(ctx, name, options={})
84
+ def create_keypair_in(ctx, name, options = {})
90
85
  options = {
91
86
  common_name: name,
92
- organization: "uSwitch Limited",
87
+ organization: 'uSwitch Limited',
93
88
  validity_in_hours: 24 * 365,
94
- allowed_uses: [
95
- "nonRepudiation",
96
- "digitalSignature",
97
- "keyEncipherment"
89
+ allowed_uses: %w[
90
+ nonRepudiation
91
+ digitalSignature
92
+ keyEncipherment
98
93
  ],
99
94
  dns_names: [],
100
95
  ip_addresses: [],
101
96
  min_days_remaining: 21,
102
- curve: "P384",
97
+ curve: 'P384'
103
98
  }.merge(options)
104
99
 
105
100
  key_ident = "#{@name}-#{tf_safe(name)}"
106
101
 
107
- ctx.resource :tls_private_key, key_ident, {
108
- algorithm: "ECDSA",
109
- ecdsa_curve: options[:curve],
110
- }
111
-
112
- ctx.resource :tls_cert_request, key_ident, {
113
- key_algorithm: "ECDSA",
114
- private_key_pem: output_of(:tls_private_key, key_ident, :private_key_pem),
115
- subject: {
116
- common_name: options[:common_name],
117
- organization: options[:organization],
118
- },
119
- dns_names: options[:dns_names],
120
- ip_addresses: options[:ip_addresses],
121
- }
122
-
123
- ctx.resource :acme_certificate, key_ident, {
124
- provider: @acme_provider[:ref],
125
- account_key_pem: @account_key,
126
- min_days_remaining: options[:min_days_remaining],
127
- dns_challenge: {
128
- provider: "route53",
129
- },
130
- certificate_request_pem: output_of(:tls_cert_request, key_ident, :cert_request_pem),
131
- }
132
-
133
- ctx.resource :aws_s3_bucket_object, "#{key_ident}-key", {
134
- bucket: @bucket,
135
- key: File.join('', @prefix, @name, name, "${sha256(tls_private_key.#{key_ident}.private_key_pem)}", "key"),
136
- content: output_of(:tls_private_key, key_ident, :private_key_pem),
137
- }
138
-
139
- ctx.resource :aws_s3_bucket_object, "#{key_ident}-cert", {
140
- bucket: @bucket,
141
- key: File.join('', @prefix, @name, name, "${sha256(acme_certificate.#{key_ident}.certificate_pem)}", "cert"),
142
- content: output_of(:acme_certificate, key_ident, :certificate_pem).to_s + @ca_cert,
143
- }
102
+ ctx.resource :tls_private_key, key_ident,
103
+ algorithm: 'ECDSA',
104
+ ecdsa_curve: options[:curve]
105
+
106
+ ctx.resource :tls_cert_request, key_ident,
107
+ key_algorithm: 'ECDSA',
108
+ private_key_pem: output_of(:tls_private_key, key_ident, :private_key_pem),
109
+ subject: {
110
+ common_name: options[:common_name],
111
+ organization: options[:organization]
112
+ },
113
+ dns_names: options[:dns_names],
114
+ ip_addresses: options[:ip_addresses]
115
+
116
+ ctx.resource :acme_certificate, key_ident,
117
+ provider: @acme_provider[:ref],
118
+ account_key_pem: @account_key,
119
+ min_days_remaining: options[:min_days_remaining],
120
+ dns_challenge: {
121
+ provider: 'route53'
122
+ },
123
+ certificate_request_pem: output_of(:tls_cert_request, key_ident, :cert_request_pem)
124
+
125
+ ctx.resource :aws_s3_bucket_object, "#{key_ident}-key",
126
+ bucket: @bucket,
127
+ key: File.join('', @prefix, @name, name, "${sha256(tls_private_key.#{key_ident}.private_key_pem)}", 'key'),
128
+ content: output_of(:tls_private_key, key_ident, :private_key_pem)
129
+
130
+ ctx.resource :aws_s3_bucket_object, "#{key_ident}-cert",
131
+ bucket: @bucket,
132
+ key: File.join('', @prefix, @name, name, "${sha256(acme_certificate.#{key_ident}.certificate_pem)}", 'cert'),
133
+ content: output_of(:acme_certificate, key_ident, :certificate_pem).to_s + @ca_cert
144
134
 
145
135
  reference_keypair(ctx, name)
146
136
  end
147
-
148
137
  end
149
138
  end
150
139
  end
data/lib/terrafying/components/loadbalancer.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'digest'
2
4
  require 'terrafying/components/usable'
3
5
  require 'terrafying/generator'
@@ -7,14 +9,13 @@ require_relative './ports'
7
9
  module Terrafying
8
10
  module Components
9
11
  class LoadBalancer < Terrafying::Context
10
-
11
12
  attr_reader :id, :name, :type, :security_group, :ports, :targets, :alias_config
12
13
 
13
14
  Struct.new('Target', :target_group, :listener, keyword_init: true)
14
15
 
15
16
  include Usable
16
17
 
17
- def self.create_in(vpc, name, options={})
18
+ def self.create_in(vpc, name, options = {})
18
19
  LoadBalancer.new.create_in vpc, name, options
19
20
  end
20
21
 
@@ -22,23 +23,23 @@ module Terrafying
22
23
  LoadBalancer.new.find_in vpc, name
23
24
  end
24
25
 
25
- def initialize()
26
+ def initialize
26
27
  super
27
28
  end
28
29
 
29
30
  def find_in(vpc, name)
30
- @type = "network"
31
+ @type = 'network'
31
32
  ident = make_identifier(@type, vpc.name, name)
32
33
 
33
34
  begin
34
35
  lb = aws.lb_by_name(ident)
35
- rescue
36
- @type = "application"
36
+ rescue StandardError
37
+ @type = 'application'
37
38
  ident = make_identifier(@type, vpc.name, name)
38
39
 
39
40
  lb = aws.lb_by_name(ident)
40
41
 
41
- @security_group = aws.security_group_by_tags({ loadbalancer_name: ident })
42
+ @security_group = aws.security_group_by_tags(loadbalancer_name: ident)
42
43
  end
43
44
 
44
45
  @id = lb.load_balancer_arn
@@ -46,25 +47,25 @@ module Terrafying
46
47
 
47
48
  target_groups = aws.target_groups_by_lb(@id)
48
49
 
49
- @targets = target_groups.map { |tg|
50
+ @targets = target_groups.map do |tg|
50
51
  Struct::Target.new(
51
52
  target_group: tg.target_group_arn,
52
53
  listener: nil
53
54
  )
54
- }
55
+ end
55
56
 
56
57
  @ports = enrich_ports(target_groups.map(&:port).sort.uniq)
57
58
 
58
59
  @alias_config = {
59
60
  name: lb.dns_name,
60
61
  zone_id: lb.canonical_hosted_zone_id,
61
- evaluate_target_health: true,
62
+ evaluate_target_health: true
62
63
  }
63
64
 
64
65
  self
65
66
  end
66
67
 
67
- def create_in(vpc, name, options={})
68
+ def create_in(vpc, name, options = {})
68
69
  options = {
69
70
  ports: [],
70
71
  public: false,
@@ -72,7 +73,7 @@ module Terrafying
72
73
  hex_ident: false,
73
74
  idle_timeout: nil,
74
75
  tags: {},
75
- security_groups: [],
76
+ security_groups: []
76
77
  }.merge(options)
77
78
 
78
79
  @tags = {
@@ -82,48 +83,45 @@ module Terrafying
82
83
  @hex_ident = options[:hex_ident]
83
84
  @ports = enrich_ports(options[:ports])
84
85
 
85
- l4_ports = @ports.select{ |p| is_l4_port(p) }
86
+ l4_ports = @ports.select { |p| is_l4_port(p) }
86
87
 
87
88
  if l4_ports.count > 0 && l4_ports.count < @ports.count
88
89
  raise 'Ports have to either be all layer 4 or 7'
89
90
  end
90
91
 
91
- @type = l4_ports.count == 0 ? "application" : "network"
92
+ @type = l4_ports.count == 0 ? 'application' : 'network'
92
93
 
93
94
  ident = make_identifier(@type, vpc.name, name)
94
95
  @name = ident
95
96
 
96
97
  if application?
97
- @security_group = resource :aws_security_group, ident, {
98
- name: "loadbalancer-#{ident}",
99
- description: "Describe the ingress and egress of the load balancer #{ident}",
100
- tags: @tags.merge(
101
- {
102
- loadbalancer_name: ident,
103
- }
104
- ),
105
- vpc_id: vpc.id,
106
- }
98
+ @security_group = resource :aws_security_group, ident,
99
+ name: "loadbalancer-#{ident}",
100
+ description: "Describe the ingress and egress of the load balancer #{ident}",
101
+ tags: @tags.merge(
102
+ loadbalancer_name: ident
103
+ ),
104
+ vpc_id: vpc.id
107
105
 
108
106
  path_mtu_setup!
109
107
  end
110
108
 
111
109
  if network? && options[:security_groups].count > 0
112
- warn "You cannot set security groups on a network loadbalancer, set them on the instances behind it."
110
+ warn 'You cannot set security groups on a network loadbalancer, set them on the instances behind it.'
113
111
  end
114
112
 
115
113
  @id = resource :aws_lb, ident, {
116
114
  name: ident,
117
115
  load_balancer_type: type,
118
116
  internal: !options[:public],
119
- tags: @tags,
117
+ tags: @tags
120
118
  }.merge(subnets_for(options[:subnets]))
121
- .merge(application? ? { security_groups: [@security_group] + options[:security_groups], idle_timeout: options[:idle_timeout], access_logs: options[:access_logs] } : {})
122
- .compact
119
+ .merge(application? ? { security_groups: [@security_group] + options[:security_groups], idle_timeout: options[:idle_timeout], access_logs: options[:access_logs] } : {})
120
+ .compact
123
121
 
124
122
  @targets = []
125
123
 
126
- @ports.each { |port|
124
+ @ports.each do |port|
127
125
  port_ident = "#{ident}-#{port[:downstream_port]}"
128
126
 
129
127
  default_action = port.key?(:action) ? port[:action] : forward_to_tg(port, port_ident, vpc)
@@ -131,19 +129,19 @@ module Terrafying
131
129
  ssl_options = alb_certs(port, port_ident)
132
130
 
133
131
  listener = resource :aws_lb_listener, port_ident, {
134
- load_balancer_arn: @id,
135
- port: port[:upstream_port],
136
- protocol: port[:type].upcase,
137
- default_action: default_action,
138
- }.merge(ssl_options)
132
+ load_balancer_arn: @id,
133
+ port: port[:upstream_port],
134
+ protocol: port[:type].upcase,
135
+ default_action: default_action
136
+ }.merge(ssl_options)
139
137
 
140
138
  register_target(default_action[:target_group_arn], listener) if default_action[:type] == 'forward'
141
- }
139
+ end
142
140
 
143
141
  @alias_config = {
144
142
  name: output_of(:aws_lb, ident, :dns_name),
145
143
  zone_id: output_of(:aws_lb, ident, :zone_id),
146
- evaluate_target_health: true,
144
+ evaluate_target_health: true
147
145
  }
148
146
  self
149
147
  end
@@ -153,8 +151,8 @@ module Terrafying
153
151
  name: port_ident,
154
152
  port: port[:downstream_port],
155
153
  protocol: port[:type].upcase,
156
- vpc_id: vpc.id,
157
- }.merge(port.key?(:health_check) ? { health_check: port[:health_check] }: {})
154
+ vpc_id: vpc.id
155
+ }.merge(port.key?(:health_check) ? { health_check: port[:health_check] } : {})
158
156
 
159
157
  {
160
158
  type: 'forward',
@@ -185,10 +183,9 @@ module Terrafying
185
183
  def alb_cert(cert_arn, port_ident)
186
184
  cert_ident = "#{port_ident}-#{Digest::SHA2.hexdigest(cert_arn)[0..8]}"
187
185
 
188
- resource :aws_lb_listener_certificate, cert_ident, {
189
- listener_arn: "${aws_lb_listener.#{port_ident}.arn}",
190
- certificate_arn: cert_arn
191
- }
186
+ resource :aws_lb_listener_certificate, cert_ident,
187
+ listener_arn: "${aws_lb_listener.#{port_ident}.arn}",
188
+ certificate_arn: cert_arn
192
189
  end
193
190
 
194
191
  def application?
@@ -196,7 +193,7 @@ module Terrafying
196
193
  end
197
194
 
198
195
  def subnets_for(subnets)
199
- return { subnets: subnets.map(&:id) }
196
+ { subnets: subnets.map(&:id) }
200
197
  end
201
198
 
202
199
  def network?
@@ -205,18 +202,21 @@ module Terrafying
205
202
 
206
203
  def attach(set)
207
204
  raise "Dont' know how to attach object to LB" unless set.respond_to?(:attach_load_balancer)
205
+
208
206
  set.attach_load_balancer(self)
209
207
  @security_group = set.ingress_security_group if network?
210
208
  end
211
209
 
212
210
  def autoscale(set, target_value:, disable_scale_in:)
213
211
  raise "Dont' know how to attach object to LB" unless set.respond_to?(:autoscale_on_load_balancer)
212
+
214
213
  set.autoscale_on_load_balancer(self, target_value: target_value, disable_scale_in: disable_scale_in)
215
214
  end
216
215
 
217
216
  def make_identifier(type, vpc_name, name)
218
217
  gen_id = "#{type}-#{tf_safe(vpc_name)}-#{name}"
219
218
  return Digest::SHA2.hexdigest(gen_id)[0..24] if @hex_ident || gen_id.size > 26
219
+
220
220
  gen_id[0..31]
221
221
  end
222
222
  end