terrafying-components 1.11.15 → 1.11.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. checksums.yaml +4 -4
  2. data/lib/hash/merge_with_arrays.rb +2 -0
  3. data/lib/terrafying/components.rb +1 -0
  4. data/lib/terrafying/components/auditd.rb +7 -7
  5. data/lib/terrafying/components/ca.rb +17 -21
  6. data/lib/terrafying/components/dynamicset.rb +103 -116
  7. data/lib/terrafying/components/endpoint.rb +32 -41
  8. data/lib/terrafying/components/endpointservice.rb +15 -21
  9. data/lib/terrafying/components/ignition.rb +42 -49
  10. data/lib/terrafying/components/instance.rb +56 -55
  11. data/lib/terrafying/components/instanceprofile.rb +35 -44
  12. data/lib/terrafying/components/letsencrypt.rb +60 -71
  13. data/lib/terrafying/components/loadbalancer.rb +43 -43
  14. data/lib/terrafying/components/ports.rb +12 -11
  15. data/lib/terrafying/components/prometheus.rb +124 -95
  16. data/lib/terrafying/components/selfsignedca.rb +90 -104
  17. data/lib/terrafying/components/service.rb +41 -51
  18. data/lib/terrafying/components/staticset.rb +58 -68
  19. data/lib/terrafying/components/subnet.rb +21 -31
  20. data/lib/terrafying/components/templates/ignition.yaml +26 -5
  21. data/lib/terrafying/components/usable.rb +78 -92
  22. data/lib/terrafying/components/version.rb +3 -1
  23. data/lib/terrafying/components/vpc.rb +181 -209
  24. data/lib/terrafying/components/vpn.rb +136 -156
  25. data/lib/terrafying/components/zone.rb +38 -48
  26. metadata +6 -6
data/lib/terrafying/components/service.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
 
2
3
  require 'digest'
3
4
  require 'hash/merge_with_arrays'
@@ -16,16 +17,13 @@ require 'terrafying/components/staticset'
16
17
  require 'terrafying/components/usable'
17
18
 
18
19
  module Terrafying
19
-
20
20
  module Components
21
-
22
21
  class Service < Terrafying::Context
23
-
24
22
  attr_reader :name, :zone, :domain_names, :ports, :instance_profile, :load_balancer, :instance_set
25
23
 
26
24
  include Usable
27
25
 
28
- def self.create_in(vpc, name, options={})
26
+ def self.create_in(vpc, name, options = {})
29
27
  Service.new.create_in vpc, name, options
30
28
  end
31
29
 
@@ -33,18 +31,18 @@ module Terrafying
33
31
  Service.new.find_in vpc, name
34
32
  end
35
33
 
36
- def initialize()
34
+ def initialize
37
35
  super
38
36
  end
39
37
 
40
- def find_in(vpc, name)
38
+ def find_in(_vpc, _name)
41
39
  raise 'unimplemented'
42
40
  end
43
41
 
44
- def create_in(vpc, name, options={})
42
+ def create_in(vpc, name, options = {})
45
43
  options = {
46
- ami: aws.ami("base-image-24b8d5fb", owners=["136393635417"]),
47
- instance_type: "t2.micro",
44
+ ami: aws.ami('base-image-24b8d5fb', owners = ['136393635417']),
45
+ instance_type: 't2.micro',
48
46
  ports: [],
49
47
  instances: [{}],
50
48
  zone: vpc.zone,
@@ -60,7 +58,7 @@ module Terrafying
60
58
  startup_grace_period: 300,
61
59
  depends_on: [],
62
60
  audit_role: "arn:aws:iam::#{aws.account_id}:role/auditd_logging",
63
- metrics_ports: [],
61
+ metrics_ports: []
64
62
  }.merge(options)
65
63
 
66
64
  unless options[:audit_role].nil?
@@ -68,15 +66,15 @@ module Terrafying
68
66
  options = options.merge_with_arrays_merged(fluentd_conf)
69
67
  end
70
68
 
71
- if ! options.has_key? :user_data
69
+ unless options.key? :user_data
72
70
  options[:user_data] = Ignition.generate(options)
73
71
  end
74
72
 
75
- if ! options.has_key?(:loadbalancer_subnets)
73
+ unless options.key?(:loadbalancer_subnets)
76
74
  options[:loadbalancer_subnets] = options[:subnets]
77
75
  end
78
76
 
79
- unless options[:instances].is_a?(Hash) or options[:instances].is_a?(Array)
77
+ unless options[:instances].is_a?(Hash) || options[:instances].is_a?(Array)
80
78
  raise 'Unknown instances option, should be hash or array'
81
79
  end
82
80
 
@@ -85,21 +83,21 @@ module Terrafying
85
83
  @name = ident
86
84
  @zone = options[:zone]
87
85
  @ports = enrich_ports(options[:ports])
88
- @domain_names = [ options[:zone].qualify(name) ]
86
+ @domain_names = [options[:zone].qualify(name)]
89
87
 
90
- depends_on = options[:depends_on] + options[:keypairs].map{ |kp| kp[:resources] }.flatten.compact
88
+ depends_on = options[:depends_on] + options[:keypairs].map { |kp| kp[:resources] }.flatten.compact
91
89
  if options.key? :instance_profile
92
90
  @instance_profile = options[:instance_profile]
93
91
  else
94
92
  iam_statements = options[:iam_policy_statements] + options[:keypairs].map { |kp| kp[:iam_statement] }.compact
95
- @instance_profile = add! InstanceProfile.create(ident, { statements: iam_statements })
93
+ @instance_profile = add! InstanceProfile.create(ident, statements: iam_statements)
96
94
  end
97
95
 
98
- tags = options[:tags].merge({ service_name: name })
96
+ tags = options[:tags].merge(service_name: name)
99
97
 
100
98
  set = options[:instances].is_a?(Hash) ? DynamicSet : StaticSet
101
99
 
102
- if options.has_key?(:loadbalancer) # explicitly requested or rejected a loadbalancer
100
+ if options.key?(:loadbalancer) # explicitly requested or rejected a loadbalancer
103
101
  wants_load_balancer = options[:loadbalancer]
104
102
  else
105
103
  # by default we want one if we are an ASG with exposed ports
@@ -109,11 +107,11 @@ module Terrafying
109
107
  instance_set_options = {
110
108
  instance_profile: @instance_profile,
111
109
  depends_on: depends_on,
112
- tags: tags,
110
+ tags: tags
113
111
  }
114
112
 
115
- if wants_load_balancer && @ports.any? { |p| p.has_key?(:health_check) }
116
- instance_set_options[:health_check] = { type: "ELB", grace_period: options[:startup_grace_period] }
113
+ if wants_load_balancer && @ports.any? { |p| p.key?(:health_check) }
114
+ instance_set_options[:health_check] = { type: 'ELB', grace_period: options[:startup_grace_period] }
117
115
  end
118
116
 
119
117
  @instance_set = add! set.create_in(vpc, name, options.merge(instance_set_options))
@@ -125,37 +123,33 @@ module Terrafying
125
123
 
126
124
  if wants_load_balancer
127
125
  @load_balancer = add! LoadBalancer.create_in(
128
- vpc, name, options.merge(
129
- {
130
- subnets: options[:loadbalancer_subnets],
131
- tags: tags,
132
- }
133
- ),
134
- )
126
+ vpc, name, options.merge(
127
+ subnets: options[:loadbalancer_subnets],
128
+ tags: tags
129
+ )
130
+ )
135
131
 
136
132
  @load_balancer.attach(@instance_set)
137
133
 
138
- if @load_balancer.type == "application"
134
+ if @load_balancer.type == 'application'
139
135
  @security_group = @load_balancer.security_group
140
136
  @egress_security_group = @instance_set.security_group
141
137
  end
142
138
 
143
139
  vpc.zone.add_alias_in(self, name, @load_balancer.alias_config)
144
140
  elsif set == StaticSet
145
- vpc.zone.add_record_in(self, name, @instance_set.instances.map { |i| i.ip_address })
146
- @instance_set.instances.each { |i|
141
+ vpc.zone.add_record_in(self, name, @instance_set.instances.map(&:ip_address))
142
+ @instance_set.instances.each do |i|
147
143
  @domain_names << vpc.zone.qualify(i.name)
148
144
  vpc.zone.add_record_in(self, i.name, [i.ip_address])
149
- }
145
+ end
150
146
  end
151
147
 
152
148
  if set == DynamicSet && options[:rolling_update] == :signal
153
149
  @instance_profile.add_statement!(
154
- {
155
- Effect: "Allow",
156
- Action: [ "cloudformation:SignalResource" ],
157
- Resource: [ @instance_set.stack ],
158
- }
150
+ Effect: 'Allow',
151
+ Action: ['cloudformation:SignalResource'],
152
+ Resource: [@instance_set.stack]
159
153
  )
160
154
  end
161
155
 
@@ -166,26 +160,22 @@ module Terrafying
166
160
  prom = Prometheus.find_in(vpc: vpc)
167
161
  ports.each do |port|
168
162
  sg_rule_ident = Digest::SHA256.hexdigest("#{vpc.name}-#{port}-#{security_group}-#{prom.security_group}")
169
- resource :aws_security_group_rule, sg_rule_ident, {
170
- security_group_id: security_group,
171
- type: 'ingress',
172
- from_port: port,
173
- to_port: port,
174
- protocol: 'tcp',
175
- source_security_group_id: prom.security_group
176
- }
163
+ resource :aws_security_group_rule, sg_rule_ident,
164
+ security_group_id: security_group,
165
+ type: 'ingress',
166
+ from_port: port,
167
+ to_port: port,
168
+ protocol: 'tcp',
169
+ source_security_group_id: prom.security_group
177
170
  end
178
171
  end
179
172
 
180
173
  def with_endpoint_service(options = {})
181
174
  add! EndpointService.create_for(@load_balancer, @name, {
182
- fqdn: @domain_names[0],
183
- zone: @zone,
184
- }.merge(options))
175
+ fqdn: @domain_names[0],
176
+ zone: @zone
177
+ }.merge(options))
185
178
  end
186
-
187
179
  end
188
-
189
180
  end
190
-
191
181
  end
data/lib/terrafying/components/staticset.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
 
2
3
  require 'xxhash'
3
4
 
@@ -7,16 +8,13 @@ require 'terrafying/components/usable'
7
8
  require_relative './ports'
8
9
 
9
10
  module Terrafying
10
-
11
11
  module Components
12
-
13
12
  class StaticSet < Terrafying::Context
14
-
15
13
  attr_reader :name, :instances
16
14
 
17
15
  include Usable
18
16
 
19
- def self.create_in(vpc, name, options={})
17
+ def self.create_in(vpc, name, options = {})
20
18
  StaticSet.new.create_in vpc, name, options
21
19
  end
22
20
 
@@ -24,11 +22,11 @@ module Terrafying
24
22
  StaticSet.new.find_in vpc, name
25
23
  end
26
24
 
27
- def initialize()
25
+ def initialize
28
26
  super
29
27
  end
30
28
 
31
- def find_in(vpc, name)
29
+ def find_in(_vpc, name)
32
30
  @name = name
33
31
 
34
32
  raise 'unimplemented'
@@ -36,21 +34,21 @@ module Terrafying
36
34
  self
37
35
  end
38
36
 
39
- def create_in(vpc, name, options={})
37
+ def create_in(vpc, name, options = {})
40
38
  options = {
41
39
  public: false,
42
- ami: aws.ami("base-image-24b8d5fb", owners=["136393635417"]),
43
- instance_type: "t2.micro",
40
+ ami: aws.ami('base-image-24b8d5fb', owners = ['136393635417']),
41
+ instance_type: 't2.micro',
44
42
  subnets: vpc.subnets.fetch(:private, []),
45
43
  ports: [],
46
44
  instances: [{}],
47
45
  instance_profile: nil,
48
46
  security_groups: [],
49
- user_data: "",
47
+ user_data: '',
50
48
  tags: {},
51
49
  ssh_group: vpc.ssh_group,
52
50
  depends_on: [],
53
- volumes: [],
51
+ volumes: []
54
52
  }.merge(options)
55
53
 
56
54
  ident = "#{tf_safe(vpc.name)}-#{name}"
@@ -58,12 +56,11 @@ module Terrafying
58
56
  @name = ident
59
57
  @ports = enrich_ports(options[:ports])
60
58
 
61
- @security_group = resource :aws_security_group, ident, {
62
- name: "staticset-#{ident}",
63
- description: "Describe the ingress and egress of the static set #{ident}",
64
- tags: options[:tags],
65
- vpc_id: vpc.id,
66
- }
59
+ @security_group = resource :aws_security_group, ident,
60
+ name: "staticset-#{ident}",
61
+ description: "Describe the ingress and egress of the static set #{ident}",
62
+ tags: options[:tags],
63
+ vpc_id: vpc.id
67
64
 
68
65
  default_egress_rule(ident, @security_group)
69
66
 
@@ -73,49 +70,47 @@ module Terrafying
73
70
  instance_ident = "#{name}-#{i}"
74
71
 
75
72
  instance = add! Instance.create_in(
76
- vpc, instance_ident, options.merge(
77
- {
78
- subnets: options[:subnets],
79
- security_groups: [@security_group] + options[:security_groups],
80
- depends_on: options[:depends_on],
81
- instance_profile: options[:instance_profile],
82
- tags: {
83
- staticset_name: ident,
84
- }.merge(options[:tags])
85
- }.merge(config)
86
- )
87
- )
88
-
89
- options[:volumes].each.with_index { |volume, vol_i|
73
+ vpc, instance_ident, options.merge(
74
+ {
75
+ subnets: options[:subnets],
76
+ security_groups: [@security_group] + options[:security_groups],
77
+ depends_on: options[:depends_on],
78
+ instance_profile: options[:instance_profile],
79
+ tags: {
80
+ staticset_name: ident
81
+ }.merge(options[:tags])
82
+ }.merge(config)
83
+ )
84
+ )
85
+
86
+ options[:volumes].each.with_index do |volume, vol_i|
90
87
  volume_for("#{instance_ident}-#{vol_i}", instance, volume, options[:tags])
91
- }
88
+ end
92
89
 
93
90
  instance
94
91
  end
95
92
 
96
- @ports.each { |port|
97
- resource :aws_security_group_rule, "#{@name}-to-self-#{port[:name]}", {
98
- security_group_id: @security_group,
99
- type: "ingress",
100
- from_port: from_port(port[:upstream_port]),
101
- to_port: to_port(port[:upstream_port]),
102
- protocol: port[:type],
103
- self: true,
104
- }
105
- }
93
+ @ports.each do |port|
94
+ resource :aws_security_group_rule, "#{@name}-to-self-#{port[:name]}",
95
+ security_group_id: @security_group,
96
+ type: 'ingress',
97
+ from_port: from_port(port[:upstream_port]),
98
+ to_port: to_port(port[:upstream_port]),
99
+ protocol: port[:type],
100
+ self: true
101
+ end
106
102
 
107
103
  self
108
104
  end
109
105
 
110
106
  def default_egress_rule(ident, security_group)
111
- resource :aws_security_group_rule, "#{ident}-default-egress", {
112
- security_group_id: security_group,
113
- type: 'egress',
114
- from_port: 0,
115
- to_port: 0,
116
- protocol: -1,
117
- cidr_blocks: ['0.0.0.0/0'],
118
- }
107
+ resource :aws_security_group_rule, "#{ident}-default-egress",
108
+ security_group_id: security_group,
109
+ type: 'egress',
110
+ from_port: 0,
111
+ to_port: 0,
112
+ protocol: -1,
113
+ cidr_blocks: ['0.0.0.0/0']
119
114
  end
120
115
 
121
116
  def volume_for(name, instance, volume, tags)
@@ -123,7 +118,7 @@ module Terrafying
123
118
  availability_zone: instance.subnet.az,
124
119
  size: volume[:size],
125
120
  type: volume[:type] || 'gp2',
126
- encrypted: volume[:encrypted] || false,
121
+ encrypted: volume[:encrypted] || false,
127
122
  kms_key_id: volume[:kms_key_id],
128
123
  tags: {
129
124
  Name: name
@@ -132,27 +127,22 @@ module Terrafying
132
127
 
133
128
  volume_id = resource :aws_ebs_volume, name, vol_opts
134
129
 
135
- resource :aws_volume_attachment, name, {
136
- device_name: volume[:device],
137
- volume_id: volume_id,
138
- instance_id: instance.id,
139
- force_detach: true
140
- }
130
+ resource :aws_volume_attachment, name,
131
+ device_name: volume[:device],
132
+ volume_id: volume_id,
133
+ instance_id: instance.id,
134
+ force_detach: true
141
135
  end
142
136
 
143
137
  def attach_load_balancer(load_balancer)
144
- @instances.product(load_balancer.targets).each.with_index { |(instance, target), i|
145
- resource :aws_lb_target_group_attachment, "#{load_balancer.name}-#{@name}-#{i}", {
146
- target_group_arn: target.target_group,
147
- target_id: instance.id,
148
- }
149
- }
150
-
151
- self.used_by(load_balancer) if load_balancer.type == "application"
152
- end
138
+ @instances.product(load_balancer.targets).each.with_index do |(instance, target), i|
139
+ resource :aws_lb_target_group_attachment, "#{load_balancer.name}-#{@name}-#{i}",
140
+ target_group_arn: target.target_group,
141
+ target_id: instance.id
142
+ end
153
143
 
144
+ used_by(load_balancer) if load_balancer.type == 'application'
145
+ end
154
146
  end
155
-
156
147
  end
157
-
158
148
  end
data/lib/terrafying/components/subnet.rb CHANGED
@@ -1,19 +1,17 @@
1
+ # frozen_string_literal: true
1
2
 
2
3
  require 'netaddr'
3
4
 
4
5
  require 'terrafying/generator'
5
6
 
6
7
  module Terrafying
7
-
8
8
  module Components
9
-
10
9
  CIDR_PADDING = 5
11
10
 
12
11
  class Subnet < Terrafying::Context
13
-
14
12
  attr_reader :id, :cidr, :az, :public, :route_table
15
13
 
16
- def self.create_in(vpc, name, az, cidr, options={})
14
+ def self.create_in(vpc, name, az, cidr, options = {})
17
15
  Subnet.new.create_in vpc, name, az, cidr, options
18
16
  end
19
17
 
@@ -21,7 +19,7 @@ module Terrafying
21
19
  Subnet.new.find(id)
22
20
  end
23
21
 
24
- def initialize()
22
+ def initialize
25
23
  super
26
24
  end
27
25
 
@@ -34,39 +32,35 @@ module Terrafying
34
32
 
35
33
  begin
36
34
  route_table = aws.route_table_for_subnet(id)
37
- rescue
35
+ rescue StandardError
38
36
  # fallback to main route table if ones not explicitly associated
39
37
  route_table = aws.route_table_for_vpc(subnet.vpc_id)
40
38
  end
41
39
 
42
40
  @route_table = route_table.route_table_id
43
- @public = route_table.routes.select { |r| r.destination_cidr_block == "0.0.0.0/0" }.first.gateway_id != nil
41
+ @public = route_table.routes.select { |r| r.destination_cidr_block == '0.0.0.0/0' }.first.gateway_id != nil
44
42
 
45
43
  self
46
44
  end
47
45
 
48
- def create_in(vpc, name, az, cidr, options={})
46
+ def create_in(vpc, name, az, cidr, options = {})
49
47
  options = {
50
- tags: {},
48
+ tags: {}
51
49
  }.merge(options)
52
50
 
53
51
  ident = "#{tf_safe(vpc.name)}-#{name}-#{az}"
54
52
 
55
53
  @cidr = cidr
56
54
  @az = az
57
- @id = resource :aws_subnet, ident, {
58
- vpc_id: vpc.id,
59
- cidr_block: cidr,
60
- availability_zone: az,
61
- tags: { Name: ident }.merge(options[:tags]),
62
- }
63
-
64
- @route_table = resource :aws_route_table, ident, {
65
- vpc_id: vpc.id,
66
- tags: { Name: ident }.merge(options[:tags]),
67
- }
68
-
55
+ @id = resource :aws_subnet, ident,
56
+ vpc_id: vpc.id,
57
+ cidr_block: cidr,
58
+ availability_zone: az,
59
+ tags: { Name: ident }.merge(options[:tags])
69
60
 
61
+ @route_table = resource :aws_route_table, ident,
62
+ vpc_id: vpc.id,
63
+ tags: { Name: ident }.merge(options[:tags])
70
64
 
71
65
  if options[:nat_gateway]
72
66
  gateway = { nat_gateway_id: options[:nat_gateway] }
@@ -81,15 +75,14 @@ module Terrafying
81
75
 
82
76
  if gateway
83
77
  resource :aws_route, "#{ident}-default", {
84
- route_table_id: @route_table,
85
- destination_cidr_block: "0.0.0.0/0",
86
- }.merge(gateway)
78
+ route_table_id: @route_table,
79
+ destination_cidr_block: '0.0.0.0/0'
80
+ }.merge(gateway)
87
81
  end
88
82
 
89
- resource :aws_route_table_association, ident, {
90
- subnet_id: @id,
91
- route_table_id: @route_table,
92
- }
83
+ resource :aws_route_table_association, ident,
84
+ subnet_id: @id,
85
+ route_table_id: @route_table
93
86
 
94
87
  self
95
88
  end
@@ -97,9 +90,6 @@ module Terrafying
97
90
  def ip_addresses
98
91
  NetAddr::CIDR.create(@cidr).enumerate.drop(CIDR_PADDING)
99
92
  end
100
-
101
93
  end
102
-
103
94
  end
104
-
105
95
  end