terrafying-components 1.11.15 → 1.11.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. checksums.yaml +4 -4
  2. data/lib/hash/merge_with_arrays.rb +2 -0
  3. data/lib/terrafying/components.rb +1 -0
  4. data/lib/terrafying/components/auditd.rb +7 -7
  5. data/lib/terrafying/components/ca.rb +17 -21
  6. data/lib/terrafying/components/dynamicset.rb +103 -116
  7. data/lib/terrafying/components/endpoint.rb +32 -41
  8. data/lib/terrafying/components/endpointservice.rb +15 -21
  9. data/lib/terrafying/components/ignition.rb +42 -49
  10. data/lib/terrafying/components/instance.rb +56 -55
  11. data/lib/terrafying/components/instanceprofile.rb +35 -44
  12. data/lib/terrafying/components/letsencrypt.rb +60 -71
  13. data/lib/terrafying/components/loadbalancer.rb +43 -43
  14. data/lib/terrafying/components/ports.rb +12 -11
  15. data/lib/terrafying/components/prometheus.rb +124 -95
  16. data/lib/terrafying/components/selfsignedca.rb +90 -104
  17. data/lib/terrafying/components/service.rb +41 -51
  18. data/lib/terrafying/components/staticset.rb +58 -68
  19. data/lib/terrafying/components/subnet.rb +21 -31
  20. data/lib/terrafying/components/templates/ignition.yaml +26 -5
  21. data/lib/terrafying/components/usable.rb +78 -92
  22. data/lib/terrafying/components/version.rb +3 -1
  23. data/lib/terrafying/components/vpc.rb +181 -209
  24. data/lib/terrafying/components/vpn.rb +136 -156
  25. data/lib/terrafying/components/zone.rb +38 -48
  26. metadata +6 -6
data/lib/terrafying/components/templates/ignition.yaml CHANGED
@@ -1,7 +1,6 @@
1
1
  ---
2
2
  ignition:
3
- version: "2.1.0"
4
-
3
+ version: "2.2.0"
5
4
 
6
5
  passwd:
7
6
  users:
@@ -37,15 +36,37 @@ systemd:
37
36
 
38
37
  <% units.each { |unit| %>
39
38
  - name: "<%= unit[:name] %>"
40
- enabled: true<% if unit.has_key?(:contents) %>
41
- contents: "<%= unit[:contents].dump[1..-2] %>"<% end %><% if unit.has_key?(:dropins) %>
39
+ enabled: <%= unit.fetch(:enabled, 'true') %>
40
+ <% if unit.has_key?(:mask) %>
41
+ mask: <%= unit[:mask] %>
42
+ <% end %>
43
+ <% if unit.has_key?(:contents) %>
44
+ contents: "<%= unit[:contents].dump[1..-2] %>"
45
+ <% end %>
46
+ <% if unit.has_key?(:dropins) %>
42
47
  dropins:
43
48
  <% unit[:dropins].each { |dropin| %>
44
49
  - contents: "<%= dropin[:contents].dump[1..-2] %>"
45
50
  name: "<%= dropin[:name] %>"
46
- <% } %><% end %>
51
+ <% } %>
52
+ <% end %>
47
53
  <% } %>
48
54
 
55
+ networkd:
56
+ units:
57
+ <% networkd_units.each { |unit| %>
58
+ - name: "<%= unit[:name] %>"
59
+ <% if unit.has_key?(:contents) %>
60
+ contents: "<%= unit[:contents].dump[1..-2] %>"
61
+ <% end %>
62
+ <% if unit.has_key?(:dropins) %>
63
+ dropins:
64
+ <% unit[:dropins].each { |dropin| %>
65
+ - contents: "<%= dropin[:contents].dump[1..-2] %>"
66
+ name: "<%= dropin[:name] %>"
67
+ <% } %>
68
+ <% end %>
69
+ <% } %>
49
70
 
50
71
  storage:
51
72
  <% if volumes.count > 0 %>
data/lib/terrafying/components/usable.rb CHANGED
@@ -1,10 +1,8 @@
1
+ # frozen_string_literal: true
1
2
 
2
3
  module Terrafying
3
-
4
4
  module Components
5
-
6
5
  module Usable
7
-
8
6
  def security_group
9
7
  @security_group
10
8
  end
@@ -18,112 +16,100 @@ module Terrafying
18
16
  end
19
17
 
20
18
  def path_mtu_setup!
21
- resource :aws_security_group_rule, "#{@name}-path-mtu", {
22
- security_group_id: self.egress_security_group,
23
- type: "ingress",
24
- protocol: 1, # icmp
25
- from_port: 3, # icmp type
26
- to_port: 4, # icmp code
27
- cidr_blocks: ["0.0.0.0/0"],
28
- }
19
+ resource :aws_security_group_rule, "#{@name}-path-mtu",
20
+ security_group_id: egress_security_group,
21
+ type: 'ingress',
22
+ protocol: 1, # icmp
23
+ from_port: 3, # icmp type
24
+ to_port: 4, # icmp code
25
+ cidr_blocks: ['0.0.0.0/0']
29
26
  end
30
27
 
31
28
  def pingable_by_cidr(*cidrs)
32
29
  ident = Digest::SHA2.hexdigest cidrs.to_s
33
30
 
34
- resource :aws_security_group_rule, "#{@name}-to-#{ident}-ping", {
35
- security_group_id: self.ingress_security_group,
36
- type: "ingress",
37
- protocol: 1, # icmp
38
- from_port: 8, # icmp type
39
- to_port: 0, # icmp code
40
- cidr_blocks: cidrs,
41
- }
31
+ resource :aws_security_group_rule, "#{@name}-to-#{ident}-ping",
32
+ security_group_id: ingress_security_group,
33
+ type: 'ingress',
34
+ protocol: 1, # icmp
35
+ from_port: 8, # icmp type
36
+ to_port: 0, # icmp code
37
+ cidr_blocks: cidrs
42
38
  end
43
39
 
44
40
  def used_by_cidr(*cidrs, &block)
45
- cidrs.map { |cidr|
41
+ cidrs.map do |cidr|
46
42
  cidr_ident = cidr.tr('./', '-')
47
43
 
48
- @ports.select(&block).map { |port|
49
- resource :aws_security_group_rule, "#{@name}-to-#{cidr_ident}-#{port[:name]}", {
50
- security_group_id: ingress_security_group,
51
- type: "ingress",
52
- from_port: from_port(port[:upstream_port]),
53
- to_port: to_port(port[:upstream_port]),
54
- protocol: port[:type] == "udp" ? "udp" : "tcp",
55
- cidr_blocks: [cidr]
56
- }
57
- }
58
- }
44
+ @ports.select(&block).map do |port|
45
+ resource :aws_security_group_rule, "#{@name}-to-#{cidr_ident}-#{port[:name]}",
46
+ security_group_id: ingress_security_group,
47
+ type: 'ingress',
48
+ from_port: from_port(port[:upstream_port]),
49
+ to_port: to_port(port[:upstream_port]),
50
+ protocol: port[:type] == 'udp' ? 'udp' : 'tcp',
51
+ cidr_blocks: [cidr]
52
+ end
53
+ end
59
54
  end
60
55
 
61
56
  def pingable_by(*other_resources)
62
- other_resources.map { |other_resource|
63
- resource :aws_security_group_rule, "#{@name}-to-#{other_resource.name}-ping", {
64
- security_group_id: self.ingress_security_group,
65
- type: "ingress",
66
- protocol: 1, # icmp
67
- from_port: 8, # icmp type
68
- to_port: 0, # icmp code
69
- source_security_group_id: other_resource.egress_security_group,
70
- }
71
-
72
- resource :aws_security_group_rule, "#{@name}-to-#{other_resource.name}-pingv6", {
73
- security_group_id: self.ingress_security_group,
74
- type: "ingress",
75
- protocol: 58, # icmpv6
76
- from_port: 128, # icmp type
77
- to_port: 0, # icmp code
78
- source_security_group_id: other_resource.egress_security_group,
79
- }
80
-
81
- resource :aws_security_group_rule, "#{other_resource.name}-to-#{@name}-ping", {
82
- security_group_id: other_resource.egress_security_group,
83
- type: "egress",
84
- protocol: 1, # icmp
85
- from_port: 8, # icmp type
86
- to_port: 0, # icmp code
87
- source_security_group_id: self.ingress_security_group,
88
- }
89
-
90
- resource :aws_security_group_rule, "#{other_resource.name}-to-#{@name}-pingv6", {
91
- security_group_id: other_resource.egress_security_group,
92
- type: "egress",
93
- protocol: 58, # icmpv6
94
- from_port: 128, # icmp type
95
- to_port: 0, # icmp code
96
- source_security_group_id: self.ingress_security_group,
97
- }
98
- }
57
+ other_resources.map do |other_resource|
58
+ resource :aws_security_group_rule, "#{@name}-to-#{other_resource.name}-ping",
59
+ security_group_id: ingress_security_group,
60
+ type: 'ingress',
61
+ protocol: 1, # icmp
62
+ from_port: 8, # icmp type
63
+ to_port: 0, # icmp code
64
+ source_security_group_id: other_resource.egress_security_group
65
+
66
+ resource :aws_security_group_rule, "#{@name}-to-#{other_resource.name}-pingv6",
67
+ security_group_id: ingress_security_group,
68
+ type: 'ingress',
69
+ protocol: 58, # icmpv6
70
+ from_port: 128, # icmp type
71
+ to_port: 0, # icmp code
72
+ source_security_group_id: other_resource.egress_security_group
73
+
74
+ resource :aws_security_group_rule, "#{other_resource.name}-to-#{@name}-ping",
75
+ security_group_id: other_resource.egress_security_group,
76
+ type: 'egress',
77
+ protocol: 1, # icmp
78
+ from_port: 8, # icmp type
79
+ to_port: 0, # icmp code
80
+ source_security_group_id: ingress_security_group
81
+
82
+ resource :aws_security_group_rule, "#{other_resource.name}-to-#{@name}-pingv6",
83
+ security_group_id: other_resource.egress_security_group,
84
+ type: 'egress',
85
+ protocol: 58, # icmpv6
86
+ from_port: 128, # icmp type
87
+ to_port: 0, # icmp code
88
+ source_security_group_id: ingress_security_group
89
+ end
99
90
  end
100
91
 
101
92
  def used_by(*other_resources, &block)
102
- other_resources.map { |other_resource|
103
- @ports.select(&block).map.map {|port|
104
- resource :aws_security_group_rule, "#{@name}-to-#{other_resource.name}-#{port[:name]}", {
105
- security_group_id: self.ingress_security_group,
106
- type: "ingress",
107
- from_port: from_port(port[:upstream_port]),
108
- to_port: to_port(port[:upstream_port]),
109
- protocol: port[:type] == "udp" ? "udp" : "tcp",
110
- source_security_group_id: other_resource.egress_security_group,
111
- }
112
-
113
- resource :aws_security_group_rule, "#{other_resource.name}-to-#{@name}-#{port[:name]}", {
114
- security_group_id: other_resource.egress_security_group,
115
- type: "egress",
116
- from_port: from_port(port[:downstream_port]),
117
- to_port: to_port(port[:downstream_port]),
118
- protocol: port[:type] == "udp" ? "udp" : "tcp",
119
- source_security_group_id: self.ingress_security_group,
120
- }
121
- }
122
- }
93
+ other_resources.map do |other_resource|
94
+ @ports.select(&block).map.map do |port|
95
+ resource :aws_security_group_rule, "#{@name}-to-#{other_resource.name}-#{port[:name]}",
96
+ security_group_id: ingress_security_group,
97
+ type: 'ingress',
98
+ from_port: from_port(port[:upstream_port]),
99
+ to_port: to_port(port[:upstream_port]),
100
+ protocol: port[:type] == 'udp' ? 'udp' : 'tcp',
101
+ source_security_group_id: other_resource.egress_security_group
102
+
103
+ resource :aws_security_group_rule, "#{other_resource.name}-to-#{@name}-#{port[:name]}",
104
+ security_group_id: other_resource.egress_security_group,
105
+ type: 'egress',
106
+ from_port: from_port(port[:downstream_port]),
107
+ to_port: to_port(port[:downstream_port]),
108
+ protocol: port[:type] == 'udp' ? 'udp' : 'tcp',
109
+ source_security_group_id: ingress_security_group
110
+ end
111
+ end
123
112
  end
124
-
125
113
  end
126
-
127
114
  end
128
-
129
115
  end
data/lib/terrafying/components/version.rb CHANGED
@@ -1,5 +1,7 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Terrafying
2
4
  module Components
3
- VERSION = "1.11.15"
5
+ VERSION = '1.11.16'
4
6
  end
5
7
  end
data/lib/terrafying/components/vpc.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
 
2
3
  require 'netaddr'
3
4
 
@@ -6,28 +7,25 @@ require 'terrafying/components/zone'
6
7
  require 'terrafying/generator'
7
8
 
8
9
  module Terrafying
9
-
10
10
  module Components
11
11
  DEFAULT_SSH_GROUP = 'cloud-team'
12
- DEFAULT_ZONE = "vpc.usw.co"
12
+ DEFAULT_ZONE = 'vpc.usw.co'
13
13
 
14
14
  class VPC < Terrafying::Context
15
-
16
15
  attr_reader :id, :name, :cidr, :zone, :azs, :subnets, :internal_ssh_security_group, :ssh_group
17
16
 
18
17
  def self.find(name)
19
18
  VPC.new.find name
20
19
  end
21
20
 
22
- def self.create(name, cidr, options={})
21
+ def self.create(name, cidr, options = {})
23
22
  VPC.new.create name, cidr, options
24
23
  end
25
24
 
26
- def initialize()
25
+ def initialize
27
26
  super
28
27
  end
29
28
 
30
-
31
29
  def find(name)
32
30
  vpc = aws.vpc(name)
33
31
 
@@ -35,51 +33,49 @@ module Terrafying
35
33
  @id = vpc.vpc_id
36
34
  @cidr = vpc.cidr_block
37
35
  @tags = {}
38
- @zone = Terrafying::Components::Zone.find_by_tag({vpc: @id})
39
- if @zone.nil?
40
- raise "Failed to find zone"
41
- end
36
+ @zone = Terrafying::Components::Zone.find_by_tag(vpc: @id)
37
+ raise 'Failed to find zone' if @zone.nil?
42
38
 
43
- @subnets = aws.subnets_for_vpc(vpc.vpc_id).each_with_object({}) { |subnet, subnets|
39
+ @subnets = aws.subnets_for_vpc(vpc.vpc_id).each_with_object({}) do |subnet, subnets|
44
40
  subnet_inst = Subnet.find(subnet.subnet_id)
45
41
 
46
- subnet_name_tag = subnet.tags.detect { |tag| tag.key == "subnet_name" }
42
+ subnet_name_tag = subnet.tags.detect { |tag| tag.key == 'subnet_name' }
47
43
 
48
- if subnet_name_tag
49
- key = subnet_name_tag.value.to_sym
50
- else
51
- key = subnet_inst.public ? :public : :private
52
- end
44
+ key = if subnet_name_tag
45
+ subnet_name_tag.value.to_sym
46
+ else
47
+ subnet_inst.public ? :public : :private
48
+ end
53
49
 
54
- if subnets.has_key?(key)
50
+ if subnets.key?(key)
55
51
  subnets[key] << subnet_inst
56
52
  else
57
- subnets[key] = [ subnet_inst ]
53
+ subnets[key] = [subnet_inst]
58
54
  end
59
- }
55
+ end
60
56
 
61
57
  # need to sort subnets so they are in az order
62
58
  @subnets.each { |_, s| s.sort! { |a, b| a.az <=> b.az } }
63
59
 
64
- tags = vpc.tags.select { |tag| tag.key == "ssh_group"}
65
- if tags.count > 0
66
- @ssh_group = tags[0].value
67
- else
68
- @ssh_group = DEFAULT_SSH_GROUP
69
- end
60
+ tags = vpc.tags.select { |tag| tag.key == 'ssh_group' }
61
+ @ssh_group = if tags.count > 0
62
+ tags[0].value
63
+ else
64
+ DEFAULT_SSH_GROUP
65
+ end
70
66
 
71
67
  @internal_ssh_security_group = aws.security_group("#{tf_safe(name)}-internal-ssh")
72
68
  self
73
69
  end
74
70
 
75
- def create(name, raw_cidr, options={})
71
+ def create(name, raw_cidr, options = {})
76
72
  options = {
77
73
  subnet_size: 24,
78
74
  internet_access: true,
79
75
  nat_eips: [],
80
76
  azs: aws.availability_zones,
81
77
  tags: {},
82
- ssh_group: DEFAULT_SSH_GROUP,
78
+ ssh_group: DEFAULT_SSH_GROUP
83
79
  }.merge(options)
84
80
 
85
81
  if options[:parent_zone].nil?
@@ -87,16 +83,16 @@ module Terrafying
87
83
  end
88
84
 
89
85
  if options[:subnets].nil?
90
- if options[:internet_access]
91
- options[:subnets] = {
92
- public: { public: true },
93
- private: { internet: true },
94
- }
95
- else
96
- options[:subnets] = {
97
- private: { },
98
- }
99
- end
86
+ options[:subnets] = if options[:internet_access]
87
+ {
88
+ public: { public: true },
89
+ private: { internet: true }
90
+ }
91
+ else
92
+ {
93
+ private: {}
94
+ }
95
+ end
100
96
  end
101
97
 
102
98
  @name = name
@@ -112,148 +108,136 @@ module Terrafying
112
108
  @subnet_size = options[:subnet_size]
113
109
  @subnets = {}
114
110
 
115
- per_az_subnet_size = options[:subnets].values.reduce(0) { |memo, s|
111
+ per_az_subnet_size = options[:subnets].values.reduce(0) do |memo, s|
116
112
  memo + (1 << (32 - s.fetch(:bit_size, @subnet_size)))
117
- }
113
+ end
118
114
  total_subnet_size = per_az_subnet_size * @azs.count
119
115
 
120
116
  if total_subnet_size > cidr.size
121
- raise "Not enough space for subnets in CIDR"
117
+ raise 'Not enough space for subnets in CIDR'
122
118
  end
123
119
 
124
- @id = resource :aws_vpc, name, {
125
- cidr_block: cidr.to_s,
126
- enable_dns_hostnames: true,
127
- tags: { Name: name, ssh_group: @ssh_group }.merge(@tags),
128
- }
129
-
130
- @zone = add! Terrafying::Components::Zone.create("#{name}.#{options[:parent_zone].fqdn}", {
131
- parent_zone: options[:parent_zone],
132
- tags: { vpc: @id }.merge(@tags),
133
- })
120
+ @id = resource :aws_vpc, name,
121
+ cidr_block: cidr.to_s,
122
+ enable_dns_hostnames: true,
123
+ tags: { Name: name, ssh_group: @ssh_group }.merge(@tags)
134
124
 
135
- dhcp = resource :aws_vpc_dhcp_options, name, {
136
- domain_name: @zone.fqdn,
137
- domain_name_servers: ["AmazonProvidedDNS"],
138
- tags: { Name: name }.merge(@tags),
139
- }
125
+ @zone = add! Terrafying::Components::Zone.create("#{name}.#{options[:parent_zone].fqdn}",
126
+ parent_zone: options[:parent_zone],
127
+ tags: { vpc: @id }.merge(@tags))
140
128
 
141
- resource :aws_vpc_dhcp_options_association, name, {
142
- vpc_id: @id,
143
- dhcp_options_id: dhcp,
144
- }
129
+ dhcp = resource :aws_vpc_dhcp_options, name,
130
+ domain_name: @zone.fqdn,
131
+ domain_name_servers: ['AmazonProvidedDNS'],
132
+ tags: { Name: name }.merge(@tags)
145
133
 
134
+ resource :aws_vpc_dhcp_options_association, name,
135
+ vpc_id: @id,
136
+ dhcp_options_id: dhcp
146
137
 
147
138
  if options[:internet_access]
148
139
 
149
- if options[:nat_eips].size == 0
150
- options[:nat_eips] = @azs.map{ |az| resource :aws_eip, "#{name}-nat-gateway-#{az}", { vpc: true } }
140
+ if options[:nat_eips].empty?
141
+ options[:nat_eips] = @azs.map { |az| resource :aws_eip, "#{name}-nat-gateway-#{az}", vpc: true }
151
142
  elsif options[:nat_eips].size != @azs.count
152
- raise "The nubmer of nat eips has to match the number of AZs"
143
+ raise 'The nubmer of nat eips has to match the number of AZs'
153
144
  end
154
145
 
155
- @internet_gateway = resource :aws_internet_gateway, name, {
156
- vpc_id: @id,
157
- tags: {
158
- Name: name,
159
- }.merge(@tags)
160
- }
161
- allocate_subnets!(:nat_gateway, { bit_size: 28, public: true })
162
-
163
- @nat_gateways = @azs.zip(@subnets[:nat_gateway], options[:nat_eips]).map { |az, subnet, eip|
164
- resource :aws_nat_gateway, "#{name}-#{az}", {
165
- allocation_id: eip,
166
- subnet_id: subnet.id,
167
- }
168
- }
146
+ @internet_gateway = resource :aws_internet_gateway, name,
147
+ vpc_id: @id,
148
+ tags: {
149
+ Name: name
150
+ }.merge(@tags)
151
+ allocate_subnets!(:nat_gateway, bit_size: 28, public: true)
152
+
153
+ @nat_gateways = @azs.zip(@subnets[:nat_gateway], options[:nat_eips]).map do |az, subnet, eip|
154
+ resource :aws_nat_gateway, "#{name}-#{az}",
155
+ allocation_id: eip,
156
+ subnet_id: subnet.id
157
+ end
169
158
 
170
159
  end
171
160
 
172
161
  options[:subnets].each { |key, config| allocate_subnets! key, config }
173
162
 
174
- @internal_ssh_security_group = resource :aws_security_group, "#{name}-internal-ssh", {
175
- name: "#{name}-internal-ssh",
176
- description: "Allows SSH between machines inside the VPC CIDR",
177
- tags: @tags,
178
- vpc_id: @id,
179
- ingress: [
180
- {
181
- from_port: 22,
182
- to_port: 22,
183
- protocol: "tcp",
184
- cidr_blocks: [@cidr],
185
- },
186
- ],
187
- egress: [
188
- {
189
- from_port: 22,
190
- to_port: 22,
191
- protocol: "tcp",
192
- cidr_blocks: [@cidr],
193
- },
194
- ],
195
- }
163
+ @internal_ssh_security_group = resource :aws_security_group, "#{name}-internal-ssh",
164
+ name: "#{name}-internal-ssh",
165
+ description: 'Allows SSH between machines inside the VPC CIDR',
166
+ tags: @tags,
167
+ vpc_id: @id,
168
+ ingress: [
169
+ {
170
+ from_port: 22,
171
+ to_port: 22,
172
+ protocol: 'tcp',
173
+ cidr_blocks: [@cidr]
174
+ }
175
+ ],
176
+ egress: [
177
+ {
178
+ from_port: 22,
179
+ to_port: 22,
180
+ protocol: 'tcp',
181
+ cidr_blocks: [@cidr]
182
+ }
183
+ ]
196
184
  self
197
185
  end
198
186
 
199
- def peer_with_external(account_id, vpc_id, cidrs, options={})
187
+ def peer_with_external(account_id, vpc_id, cidrs, options = {})
200
188
  options = {
201
- region: "eu-west-1",
202
- subnets: @subnets.values.flatten,
189
+ region: 'eu-west-1',
190
+ subnets: @subnets.values.flatten
203
191
  }.merge(options)
204
192
 
205
- peering_connection = resource :aws_vpc_peering_connection, "#{@name}-to-#{account_id}-#{vpc_id}", {
206
- peer_owner_id: account_id,
207
- peer_vpc_id: vpc_id,
208
- peer_region: options[:region],
209
- vpc_id: @id,
210
- auto_accept: false,
211
- tags: { Name: "#{@name} to #{account_id}.#{vpc_id}" }.merge(@tags),
212
- }
193
+ peering_connection = resource :aws_vpc_peering_connection, "#{@name}-to-#{account_id}-#{vpc_id}",
194
+ peer_owner_id: account_id,
195
+ peer_vpc_id: vpc_id,
196
+ peer_region: options[:region],
197
+ vpc_id: @id,
198
+ auto_accept: false,
199
+ tags: { Name: "#{@name} to #{account_id}.#{vpc_id}" }.merge(@tags)
213
200
 
214
201
  our_route_tables = options[:subnets].map(&:route_table).sort.uniq
215
202
 
216
- our_route_tables.product(cidrs).each { |route_table, cidr|
203
+ our_route_tables.product(cidrs).each do |route_table, cidr|
217
204
  hash = Digest::SHA2.hexdigest "#{route_table}-#{tf_safe(cidr)}"
218
205
 
219
- resource :aws_route, "#{@name}-to-#{account_id}-#{vpc_id}-peer-#{hash}", {
220
- route_table_id: route_table,
221
- destination_cidr_block: cidr,
222
- vpc_peering_connection_id: peering_connection,
223
- }
224
- }
206
+ resource :aws_route, "#{@name}-to-#{account_id}-#{vpc_id}-peer-#{hash}",
207
+ route_table_id: route_table,
208
+ destination_cidr_block: cidr,
209
+ vpc_peering_connection_id: peering_connection
210
+ end
225
211
  end
226
212
 
227
- def peer_with_vpn(ip_address, cidrs, options={})
213
+ def peer_with_vpn(ip_address, cidrs, options = {})
228
214
  options = {
229
- bgp_asn: 65000,
230
- type: "ipsec.1",
215
+ bgp_asn: 65_000,
216
+ type: 'ipsec.1',
231
217
  tunnels: [],
232
218
  static_routes_only: true,
233
- subnets: @subnets.values.flatten,
219
+ subnets: @subnets.values.flatten
234
220
  }.merge(options)
235
221
 
236
222
  ident = tf_safe(ip_address)
237
223
 
238
224
  if options[:tunnels].count > 2
239
- raise "You can only define a max of two tunnels"
225
+ raise 'You can only define a max of two tunnels'
240
226
  end
241
227
 
242
- customer_gateway = resource :aws_customer_gateway, ident, {
243
- bgp_asn: options[:bgp_asn],
244
- ip_address: ip_address,
245
- type: options[:type],
246
- tags: {
247
- Name: "Connection to #{ip_address}"
248
- }.merge(@tags),
249
- }
250
-
251
- vpn_gateway = resource :aws_vpn_gateway, ident, {
252
- vpc_id: @id,
253
- tags: {
254
- Name: "Connection to #{ip_address}"
255
- }.merge(@tags),
256
- }
228
+ customer_gateway = resource :aws_customer_gateway, ident,
229
+ bgp_asn: options[:bgp_asn],
230
+ ip_address: ip_address,
231
+ type: options[:type],
232
+ tags: {
233
+ Name: "Connection to #{ip_address}"
234
+ }.merge(@tags)
235
+
236
+ vpn_gateway = resource :aws_vpn_gateway, ident,
237
+ vpc_id: @id,
238
+ tags: {
239
+ Name: "Connection to #{ip_address}"
240
+ }.merge(@tags)
257
241
 
258
242
  connection_config = {
259
243
  vpn_gateway_id: vpn_gateway,
@@ -262,101 +246,92 @@ module Terrafying
262
246
  static_routes_only: options[:static_routes_only],
263
247
  tags: {
264
248
  Name: "Connection to #{ip_address}"
265
- }.merge(@tags),
249
+ }.merge(@tags)
266
250
  }
267
251
 
268
- options[:tunnels].each.with_index { |tunnel, i|
269
- connection_config["tunnel#{i+1}_inside_cidr"] = tunnel[:cidr]
252
+ options[:tunnels].each.with_index do |tunnel, i|
253
+ connection_config["tunnel#{i + 1}_inside_cidr"] = tunnel[:cidr]
270
254
 
271
- if tunnel.has_key?(:key)
272
- connection_config["tunnel#{i+1}_preshared_key"] = tunnel[:key]
255
+ if tunnel.key?(:key)
256
+ connection_config["tunnel#{i + 1}_preshared_key"] = tunnel[:key]
273
257
  end
274
- }
258
+ end
275
259
 
276
260
  connection = resource :aws_vpn_connection, ident, connection_config
277
261
 
278
- cidrs.each { |cidr|
279
- resource :aws_vpn_connection_route, "#{ident}-#{tf_safe(cidr)}", {
280
- destination_cidr_block: cidr,
281
- vpn_connection_id: connection,
282
- }
283
- }
262
+ cidrs.each do |cidr|
263
+ resource :aws_vpn_connection_route, "#{ident}-#{tf_safe(cidr)}",
264
+ destination_cidr_block: cidr,
265
+ vpn_connection_id: connection
266
+ end
284
267
 
285
268
  route_tables = options[:subnets].map(&:route_table).sort.uniq
286
- route_tables.product(cidrs).each { |route_table, cidr|
269
+ route_tables.product(cidrs).each do |route_table, cidr|
287
270
  hash = Digest::SHA2.hexdigest "#{route_table}-#{tf_safe(cidr)}"
288
271
 
289
- resource :aws_route, "#{@name}-to-#{ident}-peer-#{hash}", {
290
- route_table_id: route_table,
291
- destination_cidr_block: cidr,
292
- gateway_id: vpn_gateway,
293
- }
294
- }
295
-
272
+ resource :aws_route, "#{@name}-to-#{ident}-peer-#{hash}",
273
+ route_table_id: route_table,
274
+ destination_cidr_block: cidr,
275
+ gateway_id: vpn_gateway
276
+ end
296
277
  end
297
278
 
298
- def peer_with(other_vpc, options={})
279
+ def peer_with(other_vpc, options = {})
299
280
  options = {
300
281
  complete: false,
301
282
  peerings: [
302
283
  { from: @subnets.values.flatten, to: other_vpc.subnets.values.flatten },
303
- { from: other_vpc.subnets.values.flatten, to: @subnets.values.flatten },
304
- ],
284
+ { from: other_vpc.subnets.values.flatten, to: @subnets.values.flatten }
285
+ ]
305
286
  }.merge(options)
306
287
 
307
288
  other_vpc_ident = tf_safe(other_vpc.name)
308
289
 
309
290
  our_cidr = NetAddr::CIDR.create(@cidr)
310
291
  other_cidr = NetAddr::CIDR.create(other_vpc.cidr)
311
- if our_cidr.contains? other_cidr[0] or our_cidr.contains? other_cidr.last
312
- raise "VPCs to be peered have overlapping CIDRs"
292
+ if our_cidr.contains?(other_cidr[0]) || our_cidr.contains?(other_cidr.last)
293
+ raise 'VPCs to be peered have overlapping CIDRs'
313
294
  end
314
295
 
315
- peering_connection = resource :aws_vpc_peering_connection, "#{@name}-to-#{other_vpc_ident}", {
316
- peer_vpc_id: other_vpc.id,
317
- vpc_id: @id,
318
- auto_accept: true,
319
- tags: { Name: "#{@name} to #{other_vpc.name}" }.merge(@tags),
320
- }
296
+ peering_connection = resource :aws_vpc_peering_connection, "#{@name}-to-#{other_vpc_ident}",
297
+ peer_vpc_id: other_vpc.id,
298
+ vpc_id: @id,
299
+ auto_accept: true,
300
+ tags: { Name: "#{@name} to #{other_vpc.name}" }.merge(@tags)
321
301
 
322
302
  if options[:complete]
323
303
  our_route_tables = @subnets.values.flatten.map(&:route_table).sort.uniq
324
304
  their_route_tables = other_vpc.subnets.values.flatten.map(&:route_table).sort.uniq
325
305
 
326
- (our_route_tables.product([other_vpc.cidr]) + their_route_tables.product([@cidr])).each { |route_table, cidr|
306
+ (our_route_tables.product([other_vpc.cidr]) + their_route_tables.product([@cidr])).each do |route_table, cidr|
327
307
  hash = Digest::SHA2.hexdigest "#{route_table}-#{tf_safe(cidr)}"
328
308
 
329
- resource :aws_route, "#{@name}-#{other_vpc_ident}-peer-#{hash}", {
330
- route_table_id: route_table,
331
- destination_cidr_block: cidr,
332
- vpc_peering_connection_id: peering_connection,
333
- }
334
- }
309
+ resource :aws_route, "#{@name}-#{other_vpc_ident}-peer-#{hash}",
310
+ route_table_id: route_table,
311
+ destination_cidr_block: cidr,
312
+ vpc_peering_connection_id: peering_connection
313
+ end
335
314
  else
336
- options[:peerings].each.with_index { |peering, i|
315
+ options[:peerings].each.with_index do |peering, _i|
337
316
  route_tables = peering[:from].map(&:route_table).sort.uniq
338
317
  cidrs = peering[:to].map(&:cidr).sort.uniq
339
318
 
340
- route_tables.product(cidrs).each { |route_table, cidr|
341
-
319
+ route_tables.product(cidrs).each do |route_table, cidr|
342
320
  hash = Digest::SHA2.hexdigest "#{route_table}-#{tf_safe(cidr)}"
343
321
 
344
- resource :aws_route, "#{@name}-#{other_vpc_ident}-peer-#{hash}", {
345
- route_table_id: route_table,
346
- destination_cidr_block: cidr,
347
- vpc_peering_connection_id: peering_connection,
348
- }
349
- }
350
- }
322
+ resource :aws_route, "#{@name}-#{other_vpc_ident}-peer-#{hash}",
323
+ route_table_id: route_table,
324
+ destination_cidr_block: cidr,
325
+ vpc_peering_connection_id: peering_connection
326
+ end
327
+ end
351
328
  end
352
329
  end
353
330
 
354
331
  def extract_subnet!(bit_size)
355
- if bit_size > 28 # aws can't have smaller
356
- bit_size = 28
357
- end
332
+ bit_size = 28 if bit_size > 28 # aws can't have smaller
358
333
 
359
- targets = @remaining_ip_space.find_space({ Subnet: bit_size })
334
+ targets = @remaining_ip_space.find_space(Subnet: bit_size)
360
335
 
361
336
  if targets.count == 0
362
337
  raise "Run out of ip space to allocate a /#{bit_size}"
@@ -369,14 +344,14 @@ module Terrafying
369
344
  if target.bits == bit_size
370
345
  new_subnet = target
371
346
  else
372
- new_subnet = target.subnet({ Bits: bit_size, Objectify: true })[0]
347
+ new_subnet = target.subnet(Bits: bit_size, Objectify: true)[0]
373
348
 
374
- target.remainder(new_subnet).each { |rem|
349
+ target.remainder(new_subnet).each do |rem|
375
350
  @remaining_ip_space.add!(rem)
376
- }
351
+ end
377
352
  end
378
353
 
379
- return new_subnet.to_s
354
+ new_subnet.to_s
380
355
  end
381
356
 
382
357
  def allocate_subnets!(name, options = {})
@@ -384,20 +359,20 @@ module Terrafying
384
359
  public: false,
385
360
  bit_size: @subnet_size,
386
361
  internet: true,
387
- tags: {},
362
+ tags: {}
388
363
  }.merge(options)
389
364
 
390
- if options[:public]
391
- gateways = [@internet_gateway] * @azs.count
392
- elsif options[:internet] && @nat_gateways != nil
393
- gateways = @nat_gateways
394
- else
395
- gateways = [nil] * @azs.count
396
- end
365
+ gateways = if options[:public]
366
+ [@internet_gateway] * @azs.count
367
+ elsif options[:internet] && !@nat_gateways.nil?
368
+ @nat_gateways
369
+ else
370
+ [nil] * @azs.count
371
+ end
397
372
 
398
- @subnets[name] = @azs.zip(gateways).map { |az, gateway|
373
+ @subnets[name] = @azs.zip(gateways).map do |az, gateway|
399
374
  subnet_options = { tags: { subnet_name: name }.merge(options[:tags]).merge(@tags) }
400
- if gateway != nil
375
+ unless gateway.nil?
401
376
  if options[:public]
402
377
  subnet_options[:gateway] = gateway
403
378
  elsif options[:internet]
@@ -406,13 +381,10 @@ module Terrafying
406
381
  end
407
382
 
408
383
  add! Terrafying::Components::Subnet.create_in(
409
- self, name, az, extract_subnet!(options[:bit_size]), subnet_options
410
- )
411
- }
384
+ self, name, az, extract_subnet!(options[:bit_size]), subnet_options
385
+ )
386
+ end
412
387
  end
413
-
414
388
  end
415
-
416
389
  end
417
-
418
390
  end