terrafying-components 2.0.10 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/terrafying/components/letsencrypt.rb +56 -5
  3. data/lib/terrafying/components/loadbalancer.rb +13 -1
  4. data/lib/terrafying/components/version.rb +1 -1
  5. data/lib/terrafying/components/vpn_oidc.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3d751cc6be7a7a3a29dd3e588cc120ec3fa1d8b3ea3b0155888551d4c74a0f6d
4
- data.tar.gz: a55c971cf8196a9ce42f3ae5b57d35219aa1b7d6e42a0b43107866095a1a4621
3
+ metadata.gz: 966a2db3106bd2897d8d98e26424ebb11d081e38b2108c4f7b52e29bc0fc359e
4
+ data.tar.gz: c131b8d1b401ca16e9b8f91caaac38c4fd667358c2498d1e751013ccdd5b1f4d
5
5
  SHA512:
6
- metadata.gz: c2b2a37884426731df2c879547a3df0bf314e1314f2ec52c706606082b53520c0170cfdcfbfc64e1a3faf3c6bb720f2a76c2fcc74f106436d9f28f4030b4cc63
7
- data.tar.gz: 4222b381c2056081c80c1a47f03376921e361129ff00979614ca52fbb6464934a565661778ba66ff4ff6bf7b73e71422b1221546ea3e73c5fa5cc3be4f1780a6
6
+ metadata.gz: dde0b6a2dff50531997882ce8dcda4ef5a2de1bebd9b4ca2a3f67ff70943ba326b56a6bbeade8b778b84a8e63e3bb54f5c685aa69bef2132743458050720e41c
7
+ data.tar.gz: 6364ccaab02c6192761247c4775127625f33a1bbb7363d4bd77ee22b36a2aac4952ea76922572d514c4c2adc8b57bc01533359c120feba34160b5da4da91cefb
data/lib/terrafying/components/letsencrypt.rb CHANGED
@@ -47,7 +47,16 @@ module Terrafying
47
47
  curve: 'P384',
48
48
  rsa_bits: '3072',
49
49
  use_external_dns: false,
50
- renewing: false
50
+ renewing: false,
51
+ renew_alert_options: {
52
+ protocol: nil,
53
+ endpoint: nil,
54
+ endpoint_auto_confirms: false,
55
+ confirmation_timeout_in_minutes: 1,
56
+ raw_message_delivery: false,
57
+ filter_policy: nil,
58
+ delivery_policy: nil
59
+ }
51
60
  }.merge(options)
52
61
 
53
62
  @name = name
@@ -56,9 +65,11 @@ module Terrafying
56
65
  @acme_provider = @acme_providers[options[:provider]]
57
66
  @use_external_dns = options[:use_external_dns]
58
67
  @renewing = options[:renewing]
68
+ @renew_alert_options = options[:renew_alert_options]
59
69
  @prefix_path = [@prefix, @name].reject(&:empty?).join("/")
60
70
 
61
71
  renew() if @renewing
72
+ renew_alert() if @renew_alert_options[:endpoint] != nil
62
73
 
63
74
  provider :tls, {}
64
75
 
@@ -324,7 +335,7 @@ module Terrafying
324
335
  )
325
336
  }
326
337
 
327
- lamda_function = resource :aws_lambda_function, "#{@name}_lambda", {
338
+ lambda_function = resource :aws_lambda_function, "#{@name}_lambda", {
328
339
  function_name: "#{@name}_lambda",
329
340
  s3_bucket: "uswitch-certbot-lambda",
330
341
  s3_key: "certbot-lambda.zip",
@@ -355,20 +366,60 @@ module Terrafying
355
366
 
356
367
  resource :aws_cloudwatch_event_target, "#{@name}_lambda_event_target", {
357
368
  rule: event_rule["name"],
358
- target_id: lamda_function["id"],
359
- arn: lamda_function["arn"]
369
+ target_id: lambda_function["id"],
370
+ arn: lambda_function["arn"]
360
371
  }
361
372
 
362
373
  resource :aws_lambda_permission, "allow_cloudwatch_to_invoke_#{@name}_lambda", {
363
374
  statement_id: "AllowExecutionFromCloudWatch",
364
375
  action: "lambda:InvokeFunction",
365
- function_name: lamda_function["function_name"],
376
+ function_name: lambda_function["function_name"],
366
377
  principal: "events.amazonaws.com",
367
378
  source_arn: event_rule["arn"]
368
379
  }
369
380
  self
370
381
  end
371
382
 
383
+ def renew_alert
384
+ topic = resource :aws_sns_topic, "#{@name}_lambda_cloudwatch_topic", {
385
+ name: "#{@name}_lambda_cloudwatch_topic"
386
+ }
387
+
388
+ alarm = resource :aws_cloudwatch_metric_alarm, "#{@name}_lambda_failure_alarm", {
389
+ alarm_name: "#{@name}-lambda-failure-alarm",
390
+ comparison_operator: "GreaterThanOrEqualToThreshold",
391
+ evaluation_periods: "1",
392
+ period: "300",
393
+ metric_name: "Errors",
394
+ namespace: "AWS/Lambda",
395
+ threshold: 1,
396
+ statistic: "Maximum",
397
+ alarm_description: "Alert generated if the #{@name} certbot lambda fails execution",
398
+ actions_enabled: true,
399
+ dimensions: {
400
+ FunctionName: "${aws_lambda_function.#{@name}_lambda.function_name}"
401
+ },
402
+ alarm_actions: [
403
+ "${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}"
404
+ ],
405
+ ok_actions: [
406
+ "${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}"
407
+ ]
408
+ }
409
+
410
+ subscription = resource :aws_sns_topic_subscription, "#{@name}_lambda_cloudwatch_subscription", {
411
+ topic_arn: "${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}",
412
+ protocol: @renew_alert_options[:protocol],
413
+ endpoint: @renew_alert_options[:endpoint],
414
+ endpoint_auto_confirms: @renew_alert_options[:endpoint_auto_confirms],
415
+ confirmation_timeout_in_minutes: @renew_alert_options[:confirmation_timeout_in_minutes],
416
+ raw_message_delivery: @renew_alert_options[:raw_message_delivery],
417
+ filter_policy: @renew_alert_options[:filter_policy],
418
+ delivery_policy: @renew_alert_options[:delivery_policy]
419
+ }
420
+ self
421
+ end
422
+
372
423
  def generate_alpha_num()
373
424
  result = @name.split("").each do |ch|
374
425
  alpha_num = ch.upcase.ord - 'A'.ord
data/lib/terrafying/components/loadbalancer.rb CHANGED
@@ -127,15 +127,20 @@ module Terrafying
127
127
  port_ident = "#{ident}-#{port[:downstream_port]}"
128
128
  port_name = "#{@name}-#{port[:downstream_port]}"
129
129
 
130
+ actions = []
131
+
130
132
  default_action = port.key?(:action) ? port[:action] : forward_to_tg(port, port_ident, port_name, vpc)
131
133
 
134
+ actions.append(authenticate_oidc(port[:oidc_config])) if !port[:oidc_config].nil?
135
+ actions.append(default_action)
136
+
132
137
  ssl_options = alb_certs(port, port_ident)
133
138
 
134
139
  listener = resource :aws_lb_listener, port_ident, {
135
140
  load_balancer_arn: @id,
136
141
  port: port[:upstream_port],
137
142
  protocol: port[:type].upcase,
138
- default_action: default_action
143
+ default_action: actions
139
144
  }.merge(ssl_options)
140
145
 
141
146
  register_target(default_action[:target_group_arn], listener) if default_action[:type] == 'forward'
@@ -163,6 +168,13 @@ module Terrafying
163
168
  }
164
169
  end
165
170
 
171
+ def authenticate_oidc(oidc_config)
172
+ {
173
+ type: "authenticate-oidc",
174
+ authenticate_oidc: oidc_config
175
+ }
176
+ end
177
+
166
178
  def register_target(target_group, listener)
167
179
  @targets << Struct::Target.new(
168
180
  target_group: target_group,
data/lib/terrafying/components/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Terrafying
4
4
  module Components
5
- VERSION = '2.0.10'
5
+ VERSION = '2.3.0'
6
6
  end
7
7
  end
data/lib/terrafying/components/vpn_oidc.rb CHANGED
@@ -268,7 +268,7 @@ module Terrafying
268
268
  optional_volumes << "/etc/ssl/#{ca.name}:/etc/ssl/#{ca.name}" if ca
269
269
 
270
270
  Ignition.container_unit(
271
- 'openvpn-authz', 'quay.io/uswitch/openvpn-authz:2.1',
271
+ 'openvpn-authz', 'quay.io/uswitch/openvpn-authz:2.2',
272
272
  volumes: optional_volumes + [
273
273
  '/etc/ssl/openvpn:/etc/ssl/openvpn',
274
274
  '/var/openvpn-authz:/var/openvpn-authz'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: terrafying-components
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.10
4
+ version: 2.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - uSwitch Limited
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-01-08 00:00:00.000000000 Z
11
+ date: 2021-01-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake