terrafying-components 1.4.3 → 1.4.4

data/lib/terrafying/components/endpoint.rb

@@ -0,0 +1,96 @@
+
+require 'terrafying/components/loadbalancer'
+require 'terrafying/components/usable'
+require 'terrafying/components/vpc'
+require 'terrafying/generator'
+
+module Terrafying
+
+  module Components
+
+    class Endpoint < Terrafying::Context
+
+      attr_reader :security_group
+
+      include Usable
+
+      def self.create_in(vpc, name, options={})
+        Endpoint.new.create_in(vpc, name, options)
+      end
+
+      def initialize
+        super
+      end
+
+      def create_in(vpc, name, options={})
+        options = {
+          auto_accept: true,
+          subnets: vpc.subnets.fetch(:private, []),
+          private_dns: false,
+          dns_name: name,
+          tags: {},
+        }.merge(options)
+
+        ident = "#{tf_safe(vpc.name)}-#{name}"
+        @name = name
+
+        if options[:service]
+          service_name = options[:service].service_name
+
+          @ports = options[:service].load_balancer.ports
+        elsif options[:service_name]
+          service_name = options[:service_name]
+
+          if options[:service_name].start_with?("com.amazonaws")
+            @ports = enrich_ports([443])
+          else
+            endpoint_service = aws.endpoint_service_by_name(options[:service_name])
+
+            target_groups = endpoint_service.network_load_balancer_arns.map { |arn|
+              aws.target_groups_by_lb(arn)
+            }.flatten
+
+            @ports = enrich_ports(target_groups.map(&:port))
+          end
+        elsif options[:source]
+          if options[:source].is_a?(VPC)
+            source = { vpc: options[:source], name: name }
+          else
+            source = options[:source]
+          end
+
+          lb = LoadBalancer.find_in(source[:vpc], source[:name])
+
+          @ports = lb.ports
+          service_name = aws.endpoint_service_by_lb_arn(lb.id).service_name
+        else
+          raise "You need to pass either a service_name or source option to create an endpoint"
+        end
+
+        @security_group = resource :aws_security_group, ident, {
+                                     name: "endpoint-#{ident}",
+                                     description: "Describe the ingress and egress of the endpoint #{ident}",
+                                     tags: options[:tags],
+                                     vpc_id: vpc.id,
+                                   }
+
+        resource :aws_vpc_endpoint, ident, {
+                   vpc_id: vpc.id,
+                   service_name: service_name,
+                   vpc_endpoint_type: "Interface",
+                   security_group_ids: [ @security_group ],
+                   auto_accept: options[:auto_accept],
+                   subnet_ids: options[:subnets].map(&:id),
+                   private_dns_enabled: options[:private_dns],
+                 }
+
+        vpc.zone.add_cname_in(self, options[:dns_name], output_of(:aws_vpc_endpoint, ident, "dns_entry.0.dns_name"))
+
+        self
+      end
+
+    end
+
+  end
+
+end

data/lib/terrafying/components/endpointservice.rb

@@ -0,0 +1,63 @@
+
+require 'terrafying/generator'
+
+module Terrafying
+
+  module Components
+
+    class EndpointService < Terrafying::Context
+
+      attr_reader :name, :load_balancer, :service_name
+
+      def self.create_for(load_balancer, name, options={})
+        EndpointService.new.create_for(load_balancer, name, options)
+      end
+
+      def self.find(service_name)
+        EndpointService.new.find(service_name)
+      end
+
+      def initialize
+        super
+      end
+
+      def find(service_name)
+        raise 'unimplemented'
+      end
+
+      def create_for(load_balancer, name, options={})
+        options = {
+          acceptance_required: true,
+          allowed_principals: [
+            "arn:aws:iam::#{aws.account_id}:root",
+          ],
+        }.merge(options)
+
+        if ! load_balancer or load_balancer.type != "network"
+          raise "The load balancer needs to be a network load balancer"
+        end
+
+        @name = name
+        @load_balancer = load_balancer
+
+        resource :aws_vpc_endpoint_service, name, {
+                   acceptance_required: options[:acceptance_required],
+                   allowed_principals: options[:allowed_principals],
+                   network_load_balancer_arns: [load_balancer.id],
+                 }
+
+        @service_name = output_of(:aws_vpc_endpoint_service, name, "service_name")
+
+        self
+      end
+
+      def expose_in(vpc, options={})
+        name = options.fetch(:name, @name)
+        add! Endpoint.create_in(vpc, name, options.merge({ service: self }))
+      end
+
+    end
+
+  end
+
+end

data/lib/terrafying/components/ignition.rb

@@ -0,0 +1,117 @@
+require 'erb'
+require 'ostruct'
+
+module Terrafying
+
+  module Components
+
+    class Ignition
+
+      UNIT_REQUIRED_KEYS = [:name]
+      FILE_REQUIRED_KEYS = [:path, :mode, :contents]
+
+      def self.container_unit(name, image, options={})
+        options = {
+          volumes: [],
+          environment_variables: [],
+          arguments: [],
+          require_units: [],
+          host_networking: false,
+          privileged: false,
+        }.merge(options)
+
+        if options[:require_units].count > 0
+          require_units = options[:require_units].join(" ")
+          require = <<EOF
+After=#{require_units}
+Requires=#{require_units}
+EOF
+        end
+
+        docker_options = []
+
+        if options[:environment_variables].count > 0
+          docker_options += options[:environment_variables].map { |var|
+            "-e #{var}"
+          }
+        end
+
+        if options[:volumes].count > 0
+          docker_options += options[:volumes].map { |volume|
+            "-v #{volume}"
+          }
+        end
+
+        if options[:host_networking]
+          docker_options << "--net=host"
+        end
+
+        if options[:privileged]
+          docker_options << "--privileged"
+        end
+
+        docker_options_str = " \\\n" + docker_options.join(" \\\n")
+
+        if options[:arguments].count > 0
+          arguments = " \\\n" + options[:arguments].join(" \\\n")
+        end
+
+        {
+          name: "#{name}.service",
+          contents: <<EOF
+[Install]
+WantedBy=multi-user.target
+
+[Unit]
+Description=#{name}
+#{require}
+
+[Service]
+ExecStartPre=-/usr/bin/docker rm -f #{name}
+ExecStart=/usr/bin/docker run --name #{name} #{docker_options_str} \
+#{image} #{arguments}
+Restart=always
+RestartSec=30
+
+EOF
+        }
+      end
+
+      def self.generate(options={})
+        options = {
+          keypairs: [],
+          volumes: [],
+          files: [],
+          units: [],
+          ssh_group: "cloud",
+          disable_update_engine: false,
+          region: Terrafying::Generator.aws.region,
+        }.merge(options)
+
+        if ! options[:units].all? { |u| UNIT_REQUIRED_KEYS.all? { |key| u.has_key?(key) } }
+          raise "All units require the following keys: #{UNIT_REQUIRED_KEYS}"
+        end
+
+        if ! options[:units].all? { |u| u.has_key?(:contents) || u.has_key?(:dropins) }
+          raise "All units have to have contents and/or dropins"
+        end
+
+        if ! options[:files].all? { |f| FILE_REQUIRED_KEYS.all? { |key| f.has_key?(key) } }
+          raise "All files require the following keys: #{FILE_REQUIRED_KEYS}"
+        end
+
+        options[:cas] = options[:keypairs].map { |kp| kp[:ca] }.sort.uniq
+
+        erb_path = File.join(File.dirname(__FILE__), "templates/ignition.yaml")
+        erb = ERB.new(IO.read(erb_path))
+
+        yaml = erb.result(OpenStruct.new(options).instance_eval { binding })
+
+        Terrafying::Util.to_ignition(yaml)
+      end
+
+    end
+
+  end
+
+end

data/lib/terrafying/components/instance.rb

@@ -0,0 +1,112 @@
+
+require 'terrafying/components/usable'
+
+module Terrafying
+
+  module Components
+
+    class Instance < Terrafying::Context
+
+      attr_reader :id, :name, :ip_address, :subnet
+
+      include Usable
+
+      def self.create_in(vpc, name, options={})
+        Instance.new.create_in vpc, name, options
+      end
+
+      def self.find_in(vpc, name)
+        Instance.new.find_in vpc, name
+      end
+
+      def initialize()
+        super
+      end
+
+      def find_in(vpc, name)
+        raise 'unimplemented'
+      end
+
+      def create_in(vpc, name, options={})
+        options = {
+          public: false,
+          instance_type: "t2.micro",
+          instance_profile: nil,
+          ports: [],
+          tags: {},
+          security_groups: [],
+          depends_on: [],
+        }.merge(options)
+
+        ident = "#{tf_safe(vpc.name)}-#{name}"
+
+        @name = name
+        @ports = enrich_ports(options[:ports])
+
+        @security_group = resource :aws_security_group, ident, {
+                                     name: "instance-#{ident}",
+                                     description: "Describe the ingress and egress of the instance #{ident}",
+                                     tags: options[:tags],
+                                     vpc_id: vpc.id,
+                                     egress: [
+                                       {
+                                         from_port: 0,
+                                         to_port: 0,
+                                         protocol: -1,
+                                         cidr_blocks: ["0.0.0.0/0"],
+                                       }
+                                     ],
+                                   }
+
+        path_mtu_setup!
+
+        if options.has_key? :ip_address
+          lifecycle = {
+            lifecycle: { create_before_destroy: false },
+          }
+        else
+          lifecycle = {
+            lifecycle: { create_before_destroy: true },
+          }
+        end
+
+        if options.has_key? :subnet
+          @subnet = options[:subnet]
+        else
+          subnets = options.fetch(:subnets, vpc.subnets[:private])
+          # pick something consistent but not just the first subnet
+          subnet_index = XXhash.xxh32(ident) % subnets.count
+          @subnet = subnets[subnet_index]
+        end
+
+        @id = resource :aws_instance, ident, {
+                         ami: options[:ami],
+                         instance_type: options[:instance_type],
+                         iam_instance_profile: options[:instance_profile] && options[:instance_profile].id,
+                         subnet_id: @subnet.id,
+                         associate_public_ip_address: options[:public],
+                         root_block_device: {
+                           volume_type: 'gp2',
+                           volume_size: 32,
+                         },
+                         tags: {
+                           'Name' => ident,
+                         }.merge(options[:tags]),
+                         vpc_security_group_ids: [
+                           vpc.internal_ssh_security_group,
+                         ].push(*options[:security_groups]),
+                         user_data: options[:user_data],
+                         lifecycle: {
+                           create_before_destroy: true,
+                         },
+                         depends_on: options[:depends_on],
+                       }.merge(options[:ip_address] ? { private_ip: options[:ip_address] } : {}).merge(lifecycle)
+
+        @ip_address = output_of(:aws_instance, ident, options[:public] ? :public_ip : :private_ip)
+
+        self
+      end
+
+    end
+  end
+end

data/lib/terrafying/components/instanceprofile.rb

@@ -0,0 +1,81 @@
+
+module Terrafying
+
+  module Components
+
+    class InstanceProfile < Terrafying::Context
+
+      attr_reader :id
+
+      def self.create(name, options={})
+        InstanceProfile.new.create name, options
+      end
+
+      def self.find(name)
+        InstanceProfile.new.find name
+      end
+
+      def initialize()
+        super
+      end
+
+      def find(name)
+        raise 'unimplemented'
+      end
+
+      def create(name, options={})
+        options = {
+          statements: [],
+        }.merge(options)
+
+        resource :aws_iam_role, name, {
+                   name: name,
+                   assume_role_policy: JSON.pretty_generate(
+                     {
+                       Version: "2012-10-17",
+                       Statement: [
+                         {
+                           Effect: "Allow",
+                           Principal: { "Service": "ec2.amazonaws.com"},
+                           Action: "sts:AssumeRole"
+                         }
+                       ]
+                     }
+                   )
+                 }
+
+        resource :aws_iam_role_policy, name, {
+                   name: name,
+                   policy: JSON.pretty_generate(
+                     {
+                       Version: "2012-10-17",
+                       Statement: [
+                         {
+                           Sid: "Stmt1442396947000",
+                           Effect: "Allow",
+                           Action: [
+                             "iam:GetGroup",
+                             "iam:GetSSHPublicKey",
+                             "iam:GetUser",
+                             "iam:ListSSHPublicKeys"
+                           ],
+                           Resource: [
+                             "arn:aws:iam::*"
+                           ]
+                         }
+                       ].push(*options[:statements])
+                     }
+                   ),
+                   role: output_of(:aws_iam_role, name, :name)
+                 }
+
+        @id = resource :aws_iam_instance_profile, name, {
+                         name: name,
+                         role: output_of(:aws_iam_role, name, :name),
+                       }
+
+        self
+      end
+    end
+  end
+end