terrafying-components 2.0.6 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/terrafying/components/dynamicset.rb +4 -3
- data/lib/terrafying/components/loadbalancer.rb +33 -21
- data/lib/terrafying/components/prometheus.rb +1 -1
- data/lib/terrafying/components/security/trail.rb +3 -3
- data/lib/terrafying/components/service.rb +1 -1
- data/lib/terrafying/components/staticset.rb +1 -1
- data/lib/terrafying/components/usable.rb +4 -4
- data/lib/terrafying/components/version.rb +1 -1
- data/lib/terrafying/components/vpn.rb +12 -2
- data/lib/terrafying/components/vpn_oidc.rb +12 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0f7daf4d56be1749a0505aa8b99cf01170a2dc98d4460ce1a071e4956798ae00
|
|
4
|
+
data.tar.gz: 98309d3622147a3cd4b9f89e9d548cd09fc88003d79faa5c1c37f5a20d5c5672
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b91ab228e8faa8d2166516faf4e0c263c0aef5ba5476d62572352ce1733cb95e3369724039ccc540e7183c947cef1d1266418948095ad3522d7147e79f132e98
|
|
7
|
+
data.tar.gz: d0e852429b7ec2bef6ab2fe7a5670d17fe00c2a51b9f8a87cda2b01a01103048c1175046c9646a8cafb0cf4e6c2548e2703791ce5a943e8325f2c5f8a8e5d86f
|
|
@@ -163,7 +163,7 @@ module Terrafying
|
|
|
163
163
|
|
|
164
164
|
def attach_load_balancer(load_balancer)
|
|
165
165
|
load_balancer.targets.each.with_index do |target, i|
|
|
166
|
-
resource :aws_autoscaling_attachment, "#{load_balancer.name}-#{@name}-#{i}",
|
|
166
|
+
resource :aws_autoscaling_attachment, "#{load_balancer.name}-#{@name}-#{i}".gsub(%r{^(\d)}, '_\1'),
|
|
167
167
|
autoscaling_group_name: @asg,
|
|
168
168
|
alb_target_group_arn: target.target_group
|
|
169
169
|
end
|
|
@@ -173,13 +173,14 @@ module Terrafying
|
|
|
173
173
|
|
|
174
174
|
def autoscale_on_load_balancer(load_balancer, target_value:, disable_scale_in:)
|
|
175
175
|
load_balancer.targets.each.with_index do |target, i|
|
|
176
|
+
policy_ident = "#{load_balancer.name}-#{@name}-#{i}".gsub(%r{^(\d)}, '_\1')
|
|
176
177
|
policy_name = "#{load_balancer.name}-#{@name}-#{i}"
|
|
177
178
|
lb_arn = load_balancer.id.to_s.gsub(/id/, 'arn_suffix')
|
|
178
179
|
tg_arn = target.target_group.to_s.gsub(/id/, 'arn_suffix')
|
|
179
180
|
listener = "aws_lb_listener.#{target.listener.to_s.split('.')[1]}"
|
|
180
|
-
autoscaling_attachment = "aws_autoscaling_attachment.#{
|
|
181
|
+
autoscaling_attachment = "aws_autoscaling_attachment.#{policy_ident}"
|
|
181
182
|
|
|
182
|
-
resource :aws_autoscaling_policy,
|
|
183
|
+
resource :aws_autoscaling_policy, policy_ident,
|
|
183
184
|
name: policy_name,
|
|
184
185
|
autoscaling_group_name: @asg,
|
|
185
186
|
policy_type: 'TargetTrackingScaling',
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require 'digest/bubblebabble'
|
|
4
3
|
require 'terrafying/components/usable'
|
|
5
4
|
require 'terrafying/generator'
|
|
6
5
|
require 'digest'
|
|
@@ -36,14 +35,15 @@ module Terrafying
|
|
|
36
35
|
rescue StandardError
|
|
37
36
|
@type = 'application'
|
|
38
37
|
ident = make_identifier(@type, vpc.name, name)
|
|
38
|
+
name = make_name(@type, vpc.name, name)
|
|
39
39
|
|
|
40
|
-
lb = aws.lb_by_name(
|
|
40
|
+
lb = aws.lb_by_name(name)
|
|
41
41
|
|
|
42
|
-
@security_group = aws.security_group_by_tags(loadbalancer_name:
|
|
42
|
+
@security_group = aws.security_group_by_tags(loadbalancer_name: name)
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
@id = lb.load_balancer_arn
|
|
46
|
-
@name =
|
|
46
|
+
@name = name
|
|
47
47
|
|
|
48
48
|
target_groups = aws.target_groups_by_lb(@id)
|
|
49
49
|
|
|
@@ -93,14 +93,14 @@ module Terrafying
|
|
|
93
93
|
@type = l4_ports.count == 0 ? 'application' : 'network'
|
|
94
94
|
|
|
95
95
|
ident = make_identifier(@type, vpc.name, name)
|
|
96
|
-
@name =
|
|
96
|
+
@name = make_name(@type, vpc.name, name)
|
|
97
97
|
|
|
98
98
|
if application?
|
|
99
99
|
@security_group = resource :aws_security_group, ident,
|
|
100
|
-
name: "loadbalancer-#{
|
|
101
|
-
description: "Describe the ingress and egress of the load balancer #{
|
|
100
|
+
name: "loadbalancer-#{@name}",
|
|
101
|
+
description: "Describe the ingress and egress of the load balancer #{@name}",
|
|
102
102
|
tags: @tags.merge(
|
|
103
|
-
loadbalancer_name:
|
|
103
|
+
loadbalancer_name: @name
|
|
104
104
|
),
|
|
105
105
|
vpc_id: vpc.id
|
|
106
106
|
|
|
@@ -112,7 +112,7 @@ module Terrafying
|
|
|
112
112
|
end
|
|
113
113
|
|
|
114
114
|
@id = resource :aws_lb, ident, {
|
|
115
|
-
name:
|
|
115
|
+
name: @name,
|
|
116
116
|
load_balancer_type: type,
|
|
117
117
|
internal: !options[:public],
|
|
118
118
|
tags: @tags
|
|
@@ -125,8 +125,14 @@ module Terrafying
|
|
|
125
125
|
|
|
126
126
|
@ports.each do |port|
|
|
127
127
|
port_ident = "#{ident}-#{port[:downstream_port]}"
|
|
128
|
+
port_name = "#{@name}-#{port[:downstream_port]}"
|
|
129
|
+
|
|
130
|
+
actions = []
|
|
131
|
+
|
|
132
|
+
default_action = port.key?(:action) ? port[:action] : forward_to_tg(port, port_ident, port_name, vpc)
|
|
128
133
|
|
|
129
|
-
|
|
134
|
+
actions.append(default_action)
|
|
135
|
+
actions.append(authenticate_oidc(port[:oidc_config])) if !port[:oidc_config].nil?
|
|
130
136
|
|
|
131
137
|
ssl_options = alb_certs(port, port_ident)
|
|
132
138
|
|
|
@@ -134,7 +140,7 @@ module Terrafying
|
|
|
134
140
|
load_balancer_arn: @id,
|
|
135
141
|
port: port[:upstream_port],
|
|
136
142
|
protocol: port[:type].upcase,
|
|
137
|
-
default_action:
|
|
143
|
+
default_action: actions
|
|
138
144
|
}.merge(ssl_options)
|
|
139
145
|
|
|
140
146
|
register_target(default_action[:target_group_arn], listener) if default_action[:type] == 'forward'
|
|
@@ -148,9 +154,9 @@ module Terrafying
|
|
|
148
154
|
self
|
|
149
155
|
end
|
|
150
156
|
|
|
151
|
-
def forward_to_tg(port, port_ident, vpc)
|
|
157
|
+
def forward_to_tg(port, port_ident, port_name, vpc)
|
|
152
158
|
target_group = resource :aws_lb_target_group, port_ident, {
|
|
153
|
-
name:
|
|
159
|
+
name: port_name,
|
|
154
160
|
port: port[:downstream_port],
|
|
155
161
|
protocol: port[:type].upcase,
|
|
156
162
|
vpc_id: vpc.id
|
|
@@ -162,6 +168,13 @@ module Terrafying
|
|
|
162
168
|
}
|
|
163
169
|
end
|
|
164
170
|
|
|
171
|
+
def authenticate_oidc(oidc_config)
|
|
172
|
+
{
|
|
173
|
+
type: "authenticate-oidc",
|
|
174
|
+
authenticate_oidc: oidc_config
|
|
175
|
+
}
|
|
176
|
+
end
|
|
177
|
+
|
|
165
178
|
def register_target(target_group, listener)
|
|
166
179
|
@targets << Struct::Target.new(
|
|
167
180
|
target_group: target_group,
|
|
@@ -215,17 +228,16 @@ module Terrafying
|
|
|
215
228
|
set.autoscale_on_load_balancer(self, target_value: target_value, disable_scale_in: disable_scale_in)
|
|
216
229
|
end
|
|
217
230
|
|
|
218
|
-
def
|
|
231
|
+
def make_name(type, vpc_name, name)
|
|
232
|
+
gen_id = "#{type}-#{tf_safe(vpc_name)}-#{name}"
|
|
233
|
+
return Digest::SHA2.hexdigest(gen_id)[0..24] if @hex_ident || gen_id.size > 26
|
|
219
234
|
|
|
220
|
-
gen_id = "#{type}-#{vpc_name}-#{name}"
|
|
221
|
-
hex = Digest::SHA2.hexdigest(gen_id)[0..24]
|
|
222
|
-
if hex[0..0] =~ /[a-z]/
|
|
223
|
-
return hex if @hex_ident || gen_id.size > 26
|
|
224
|
-
else return Digest::SHA256.bubblebabble(gen_id)[0..15]
|
|
225
|
-
end
|
|
226
|
-
|
|
227
235
|
gen_id[0..31]
|
|
228
236
|
end
|
|
237
|
+
|
|
238
|
+
def make_identifier(type, vpc_name, name)
|
|
239
|
+
make_name(type, vpc_name, name).gsub(%r{^(\d)}, '_\1')
|
|
240
|
+
end
|
|
229
241
|
end
|
|
230
242
|
end
|
|
231
243
|
end
|
|
@@ -120,7 +120,7 @@ module Terrafying
|
|
|
120
120
|
"logs:CreateLogStream"
|
|
121
121
|
],
|
|
122
122
|
Resource: [
|
|
123
|
-
@log_group["arn"],
|
|
123
|
+
"#{@log_group["arn"]}:*",
|
|
124
124
|
]
|
|
125
125
|
},
|
|
126
126
|
{
|
|
@@ -130,7 +130,7 @@ module Terrafying
|
|
|
130
130
|
"logs:PutLogEvents"
|
|
131
131
|
],
|
|
132
132
|
Resource: [
|
|
133
|
-
@log_group["arn"],
|
|
133
|
+
"#{@log_group["arn"]}:*",
|
|
134
134
|
]
|
|
135
135
|
}
|
|
136
136
|
]
|
|
@@ -152,7 +152,7 @@ module Terrafying
|
|
|
152
152
|
enable_log_file_validation: true,
|
|
153
153
|
kms_key_id: store.key_arn,
|
|
154
154
|
|
|
155
|
-
cloud_watch_logs_group_arn: @log_group["arn"],
|
|
155
|
+
cloud_watch_logs_group_arn: "#{@log_group["arn"]}:*",
|
|
156
156
|
cloud_watch_logs_role_arn: log_role["arn"],
|
|
157
157
|
|
|
158
158
|
event_selector: [
|
|
@@ -170,7 +170,7 @@ module Terrafying
|
|
|
170
170
|
prom = Prometheus.find_in(vpc: vpc)
|
|
171
171
|
ports.each do |port|
|
|
172
172
|
sg_rule_ident = Digest::SHA256.hexdigest("#{vpc.name}-#{port}-#{security_group}-#{prom.security_group}")
|
|
173
|
-
resource :aws_security_group_rule, sg_rule_ident,
|
|
173
|
+
resource :aws_security_group_rule, sg_rule_ident.gsub(%r{^(\d)}, '_\1'),
|
|
174
174
|
security_group_id: security_group,
|
|
175
175
|
type: 'ingress',
|
|
176
176
|
from_port: port,
|
|
@@ -161,7 +161,7 @@ module Terrafying
|
|
|
161
161
|
|
|
162
162
|
def attach_load_balancer(load_balancer)
|
|
163
163
|
@instances.product(load_balancer.targets).each.with_index do |(instance, target), i|
|
|
164
|
-
resource :aws_lb_target_group_attachment, "#{load_balancer.name}-#{@name}-#{i}",
|
|
164
|
+
resource :aws_lb_target_group_attachment, "#{load_balancer.name}-#{@name}-#{i}".gsub(%r{^(\d)}, '_\1'),
|
|
165
165
|
target_group_arn: target.target_group,
|
|
166
166
|
target_id: instance.id
|
|
167
167
|
end
|
|
@@ -16,7 +16,7 @@ module Terrafying
|
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
def path_mtu_setup!
|
|
19
|
-
resource :aws_security_group_rule, "#{@name}-path-mtu",
|
|
19
|
+
resource :aws_security_group_rule, "#{@name}-path-mtu".gsub(%r{^(\d)}, '_\1'),
|
|
20
20
|
security_group_id: egress_security_group,
|
|
21
21
|
type: 'ingress',
|
|
22
22
|
protocol: 1, # icmp
|
|
@@ -42,7 +42,7 @@ module Terrafying
|
|
|
42
42
|
cidr_ident = cidr.tr('./', '-')
|
|
43
43
|
|
|
44
44
|
@ports.select(&block).map do |port|
|
|
45
|
-
resource :aws_security_group_rule, "#{@name}-to-#{cidr_ident}-#{port[:name]}",
|
|
45
|
+
resource :aws_security_group_rule, "#{@name}-to-#{cidr_ident}-#{port[:name]}".gsub(%r{^(\d)}, '_\1'),
|
|
46
46
|
security_group_id: ingress_security_group,
|
|
47
47
|
type: 'ingress',
|
|
48
48
|
from_port: from_port(port[:upstream_port]),
|
|
@@ -92,7 +92,7 @@ module Terrafying
|
|
|
92
92
|
def used_by(*other_resources, &block)
|
|
93
93
|
other_resources.map do |other_resource|
|
|
94
94
|
@ports.select(&block).map.map do |port|
|
|
95
|
-
resource :aws_security_group_rule, "#{@name}-to-#{other_resource.name}-#{port[:name]}",
|
|
95
|
+
resource :aws_security_group_rule, "#{@name}-to-#{other_resource.name}-#{port[:name]}".gsub(%r{^(\d)}, '_\1'),
|
|
96
96
|
security_group_id: ingress_security_group,
|
|
97
97
|
type: 'ingress',
|
|
98
98
|
from_port: from_port(port[:upstream_port]),
|
|
@@ -100,7 +100,7 @@ module Terrafying
|
|
|
100
100
|
protocol: port[:type] == 'udp' ? 'udp' : 'tcp',
|
|
101
101
|
source_security_group_id: other_resource.egress_security_group
|
|
102
102
|
|
|
103
|
-
resource :aws_security_group_rule, "#{other_resource.name}-to-#{@name}-#{port[:name]}",
|
|
103
|
+
resource :aws_security_group_rule, "#{other_resource.name}-to-#{@name}-#{port[:name]}".gsub(%r{^(\d)}, '_\1'),
|
|
104
104
|
security_group_id: other_resource.egress_security_group,
|
|
105
105
|
type: 'egress',
|
|
106
106
|
from_port: from_port(port[:downstream_port]),
|
|
@@ -134,7 +134,12 @@ module Terrafying
|
|
|
134
134
|
from_port: 0,
|
|
135
135
|
to_port: 0,
|
|
136
136
|
protocol: -1,
|
|
137
|
-
security_groups: [@service.egress_security_group]
|
|
137
|
+
security_groups: [@service.egress_security_group],
|
|
138
|
+
ipv6_cidr_blocks: nil,
|
|
139
|
+
prefix_list_ids: nil,
|
|
140
|
+
cidr_blocks: nil,
|
|
141
|
+
self: nil,
|
|
142
|
+
description: nil
|
|
138
143
|
}
|
|
139
144
|
]
|
|
140
145
|
|
|
@@ -143,7 +148,12 @@ module Terrafying
|
|
|
143
148
|
from_port: 0,
|
|
144
149
|
to_port: 0,
|
|
145
150
|
protocol: -1,
|
|
146
|
-
cidr_blocks: ["#{@ip_address}/32"]
|
|
151
|
+
cidr_blocks: ["#{@ip_address}/32"],
|
|
152
|
+
ipv6_cidr_blocks: nil,
|
|
153
|
+
prefix_list_ids: nil,
|
|
154
|
+
security_groups: nil,
|
|
155
|
+
self: nil,
|
|
156
|
+
description: nil
|
|
147
157
|
}
|
|
148
158
|
end
|
|
149
159
|
|
|
@@ -134,7 +134,12 @@ module Terrafying
|
|
|
134
134
|
from_port: 0,
|
|
135
135
|
to_port: 0,
|
|
136
136
|
protocol: -1,
|
|
137
|
-
security_groups: [@service.egress_security_group]
|
|
137
|
+
security_groups: [@service.egress_security_group],
|
|
138
|
+
ipv6_cidr_blocks: nil,
|
|
139
|
+
prefix_list_ids: nil,
|
|
140
|
+
cidr_blocks: nil,
|
|
141
|
+
self: nil,
|
|
142
|
+
description: nil,
|
|
138
143
|
}
|
|
139
144
|
]
|
|
140
145
|
|
|
@@ -143,7 +148,12 @@ module Terrafying
|
|
|
143
148
|
from_port: 0,
|
|
144
149
|
to_port: 0,
|
|
145
150
|
protocol: -1,
|
|
146
|
-
cidr_blocks: ["#{@ip_address}/32"]
|
|
151
|
+
cidr_blocks: ["#{@ip_address}/32"],
|
|
152
|
+
ipv6_cidr_blocks: nil,
|
|
153
|
+
prefix_list_ids: nil,
|
|
154
|
+
security_groups: nil,
|
|
155
|
+
self: nil,
|
|
156
|
+
description: nil
|
|
147
157
|
}
|
|
148
158
|
end
|
|
149
159
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: terrafying-components
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0
|
|
4
|
+
version: 2.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- uSwitch Limited
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-01-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|