terrafying-components 1.6.10 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/terrafying/components/dynamicset.rb +1 -1
  3. data/lib/terrafying/components/endpoint.rb +1 -1
  4. data/lib/terrafying/components/loadbalancer.rb +3 -0
  5. data/lib/terrafying/components/version.rb +1 -1
  6. data/lib/terrafying/components/vpn.rb +16 -24
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 581f88f142821b376ca14bfbda682eccb11f2b4d738ec4a7731e6c85af0288b1
4
- data.tar.gz: b77f1f2b37cd5a5d36f7d0007fdd62b328d572b3b14a6da01f5e73005acd641c
3
+ metadata.gz: 2c61c3324a1f21c6b8747ce9610f42329edc3d992cca7da6ef9c14fe60027f1a
4
+ data.tar.gz: 539cd3fd22567b21450819c07818addfb21b6c57f195968483e41fee02849104
5
5
  SHA512:
6
- metadata.gz: caebbf6aafe2ecb1ce1d2a8213df7fa78cac83e417c001f78a83c96975ebf859a2379a8d1acacaf015e6d8c365bdc3b06315ae6d6c896ee82957c51e0ce3682e
7
- data.tar.gz: 653db5fe7907ac055cae87366fd5f90e17ce2b1d3b418b46f7d957546956e15e92c4a9195908deea78a682a94a2e95ec1ec3ec498128fbef38213a1dccad8609
6
+ metadata.gz: 49d20c389161e93932126d1734d3c3083aba4bb0ad064c7575b7ac1f76cd52038442bc8affead4b9cd9c754787c83975316cd0cdc02594b0b253d840fd0c8c5f
7
+ data.tar.gz: ac91c4cf37d03e80345aeac4c11eaaa452a1d2529b81b65f2e00ff9215d0595944149f7c3159c82f2a5a626fbf909239bd859dc07227c65bc07f79b4c8b43d89
data/lib/terrafying/components/dynamicset.rb CHANGED
@@ -107,7 +107,7 @@ module Terrafying
107
107
  },
108
108
  }.merge(options)
109
109
  end
110
- tags = { Name: ident, service_name: name,}.merge(options[:tags]).merge(options[:instances][:tags]).map { |k,v| { Key: k, Value: v, PropagateAtLaunch: true }}
110
+ tags = { Name: ident, service_name: name,}.merge(options[:tags]).merge(options[:instances].fetch(:tags, {})).map { |k,v| { Key: k, Value: v, PropagateAtLaunch: true }}
111
111
 
112
112
  asg = resource :aws_cloudformation_stack, ident, {
113
113
  name: ident,
data/lib/terrafying/components/endpoint.rb CHANGED
@@ -32,7 +32,7 @@ module Terrafying
32
32
  }.merge(options)
33
33
 
34
34
  ident = "#{tf_safe(vpc.name)}-#{name}"
35
- @name = name
35
+ @name = ident
36
36
 
37
37
  if options[:service]
38
38
  service_name = options[:service].service_name
data/lib/terrafying/components/loadbalancer.rb CHANGED
@@ -99,6 +99,9 @@ module Terrafying
99
99
  load_balancer_type: type,
100
100
  internal: !options[:public],
101
101
  subnets: options[:subnets].map(&:id),
102
+ subnet_mapping: options[:subnets].map{ |subnet|
103
+ {subnet_id: subnet.id}
104
+ },
102
105
  tags: options[:tags],
103
106
  }.merge(@type == "application" ? { security_groups: [@security_group] } : {})
104
107
 
data/lib/terrafying/components/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Terrafying
2
2
  module Components
3
- VERSION = "1.6.10"
3
+ VERSION = "1.7.0"
4
4
  end
5
5
  end
data/lib/terrafying/components/vpn.rb CHANGED
@@ -80,10 +80,11 @@ module Terrafying
80
80
  keypairs = []
81
81
 
82
82
  if has_provider
83
- vpn_hash = Digest::SHA2.digest(vpc.name + name + oauth2_provider[:client_secret] + oauth2_provider[:client_id])
84
- cookie_secret = Base64.strict_encode64(vpn_hash.byteslice(0,16))
83
+ vpn_hash = Digest::SHA512.hexdigest(vpc.name + name + oauth2_provider[:client_secret] + oauth2_provider[:client_id])
84
+ oauth2_provider[:cookie_hash_key] ||= Base64.strict_encode64(vpn_hash.byteslice(0,64))
85
+ oauth2_provider[:cookie_block_key] ||= Base64.strict_encode64(vpn_hash.byteslice(64,96))
85
86
 
86
- units.push(oauth2_proxy_service(oauth2_provider, cookie_secret))
87
+ units.push(oauth2_proxy_service(oauth2_provider))
87
88
  end
88
89
 
89
90
  if options.has_key?(:ca)
@@ -192,31 +193,22 @@ module Terrafying
192
193
  )
193
194
  end
194
195
 
195
- def oauth2_proxy_service(oauth2_provider, cookie_secret)
196
- optional_arguments = []
197
-
198
- if oauth2_provider.has_key?(:permit_groups)
199
- optional_arguments << "-permit-groups '#{oauth2_provider[:permit_groups].join(",")}'"
200
- end
201
-
196
+ def oauth2_proxy_service(oauth2_provider)
202
197
  Ignition.container_unit(
203
- "oauth2_proxy", "quay.io/uswitch/oauth2_proxy:stable",
198
+ 'authnz', 'registry.usw.co/cloud/authnz-http-proxy:0.1',
204
199
  {
205
200
  host_networking: true,
206
201
  arguments: [
207
- "-client-id='#{oauth2_provider[:client_id]}'",
208
- "-client-secret='#{oauth2_provider[:client_secret]}'",
209
- "-email-domain='*'",
210
- "-cookie-secret='#{cookie_secret}'",
211
- "-provider=#{oauth2_provider[:type]}",
212
- "-http-address='0.0.0.0:4180'",
213
- "-redirect-url='https://#{@fqdn}/oauth2/callback'",
214
- "-upstream='http://localhost:8080'",
215
- "-approval-prompt=''",
216
- "-cookie-secure",
217
- "-pass-access-token=true",
218
- "-pass-groups",
219
- ] + optional_arguments
202
+ '--addr=0.0.0.0:4180',
203
+ '--backend-url=http://localhost:8080',
204
+ "--oauth-client-id='#{oauth2_provider[:client_id]}'",
205
+ "--oauth-client-secret='#{oauth2_provider[:client_secret]}'",
206
+ "--cookie-hash-key='#{oauth2_provider[:cookie_hash_key]}'",
207
+ "--cookie-block-key=''#{oauth2_provider[:cookie_block_key]}'"
208
+ ],
209
+ volumes: [
210
+ '/usr/share/ca-certificates:/etc/ssl/certs:ro'
211
+ ]
220
212
  }
221
213
  )
222
214
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: terrafying-components
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.10
4
+ version: 1.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - uSwitch Limited
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-07-02 00:00:00.000000000 Z
11
+ date: 2018-07-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler