terrafying-components 2.0.7 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/terrafying/components/dynamicset.rb +4 -3
  3. data/lib/terrafying/components/letsencrypt.rb +55 -5
  4. data/lib/terrafying/components/loadbalancer.rb +33 -21
  5. data/lib/terrafying/components/prometheus.rb +1 -1
  6. data/lib/terrafying/components/security/trail.rb +3 -3
  7. data/lib/terrafying/components/service.rb +1 -1
  8. data/lib/terrafying/components/staticset.rb +1 -1
  9. data/lib/terrafying/components/usable.rb +4 -4
  10. data/lib/terrafying/components/version.rb +1 -1
  11. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d27dba45000471cefaca8b0bb650380123f1ccdbdf52adc240689e4b260533d3
4
- data.tar.gz: 9bc0cfa749d0060ff0f9213a12baa661e4c6383bc2d256fb4daea225a4c7cfc8
3
+ metadata.gz: 4c81c09c0e80313520196667c51e90d2341d085b7e1811ca355db7788d2584e3
4
+ data.tar.gz: baa1f3a03f45384b9563605849336af96fa0b529052fa5fbec55f31e63d27017
5
5
  SHA512:
6
- metadata.gz: 17044b38860633249fd30a06ceff2c7db97cd8570900fa53c813cc2efd8fbd99463b3650f60180b0d181156ca11331394da1db89d8afaaea7321605c4e80b201
7
- data.tar.gz: 0b5f7e9f9c23c4478d2255686de6e8412713b8ef36b5295b2955187be2978064e338c6f910c6220bf3611b3b1e4aa3a34da66ceaeb9b271373f18d2231f963dc
6
+ metadata.gz: 53189ee367e6cd7ebcbac7abb10228c2dc66b106ee87ace03dba1c52efa2292ea8c8db9cf63aa3b5e865af27c6044407b83cc2dec295b2b960eba8e20a1a96f6
7
+ data.tar.gz: 965e49137abe71f08b6d593004b7aa92b65e73551a97844be3e111af7456daf6df33da0e5b156bb8984d16c9e0f0cac433aaacd6ce669f88eaa02be53498329a
data/lib/terrafying/components/dynamicset.rb CHANGED
@@ -163,7 +163,7 @@ module Terrafying
163
163
 
164
164
  def attach_load_balancer(load_balancer)
165
165
  load_balancer.targets.each.with_index do |target, i|
166
- resource :aws_autoscaling_attachment, "#{load_balancer.name}-#{@name}-#{i}",
166
+ resource :aws_autoscaling_attachment, "#{load_balancer.name}-#{@name}-#{i}".gsub(%r{^(\d)}, '_\1'),
167
167
  autoscaling_group_name: @asg,
168
168
  alb_target_group_arn: target.target_group
169
169
  end
@@ -173,13 +173,14 @@ module Terrafying
173
173
 
174
174
  def autoscale_on_load_balancer(load_balancer, target_value:, disable_scale_in:)
175
175
  load_balancer.targets.each.with_index do |target, i|
176
+ policy_ident = "#{load_balancer.name}-#{@name}-#{i}".gsub(%r{^(\d)}, '_\1')
176
177
  policy_name = "#{load_balancer.name}-#{@name}-#{i}"
177
178
  lb_arn = load_balancer.id.to_s.gsub(/id/, 'arn_suffix')
178
179
  tg_arn = target.target_group.to_s.gsub(/id/, 'arn_suffix')
179
180
  listener = "aws_lb_listener.#{target.listener.to_s.split('.')[1]}"
180
- autoscaling_attachment = "aws_autoscaling_attachment.#{policy_name}"
181
+ autoscaling_attachment = "aws_autoscaling_attachment.#{policy_ident}"
181
182
 
182
- resource :aws_autoscaling_policy, policy_name,
183
+ resource :aws_autoscaling_policy, policy_ident,
183
184
  name: policy_name,
184
185
  autoscaling_group_name: @asg,
185
186
  policy_type: 'TargetTrackingScaling',
data/lib/terrafying/components/letsencrypt.rb CHANGED
@@ -47,7 +47,16 @@ module Terrafying
47
47
  curve: 'P384',
48
48
  rsa_bits: '3072',
49
49
  use_external_dns: false,
50
- renewing: false
50
+ renewing: false,
51
+ renew_alert_options: {
52
+ protocol: nil,
53
+ endpoint: nil,
54
+ endpoint_auto_confirms: false,
55
+ confirmation_timeout_in_minutes: 1,
56
+ raw_message_delivery: false,
57
+ filter_policy: nil,
58
+ delivery_policy: nil
59
+ }
51
60
  }.merge(options)
52
61
 
53
62
  @name = name
@@ -56,9 +65,11 @@ module Terrafying
56
65
  @acme_provider = @acme_providers[options[:provider]]
57
66
  @use_external_dns = options[:use_external_dns]
58
67
  @renewing = options[:renewing]
68
+ @renew_alert_options = options[:renew_alert_options]
59
69
  @prefix_path = [@prefix, @name].reject(&:empty?).join("/")
60
70
 
61
71
  renew() if @renewing
72
+ renew_alert() if @renew_alert_options[:endpoint] != nil
62
73
 
63
74
  provider :tls, {}
64
75
 
@@ -324,7 +335,7 @@ module Terrafying
324
335
  )
325
336
  }
326
337
 
327
- lamda_function = resource :aws_lambda_function, "#{@name}_lambda", {
338
+ lambda_function = resource :aws_lambda_function, "#{@name}_lambda", {
328
339
  function_name: "#{@name}_lambda",
329
340
  s3_bucket: "uswitch-certbot-lambda",
330
341
  s3_key: "certbot-lambda.zip",
@@ -355,20 +366,59 @@ module Terrafying
355
366
 
356
367
  resource :aws_cloudwatch_event_target, "#{@name}_lambda_event_target", {
357
368
  rule: event_rule["name"],
358
- target_id: lamda_function["id"],
359
- arn: lamda_function["arn"]
369
+ target_id: lambda_function["id"],
370
+ arn: lambda_function["arn"]
360
371
  }
361
372
 
362
373
  resource :aws_lambda_permission, "allow_cloudwatch_to_invoke_#{@name}_lambda", {
363
374
  statement_id: "AllowExecutionFromCloudWatch",
364
375
  action: "lambda:InvokeFunction",
365
- function_name: lamda_function["function_name"],
376
+ function_name: lambda_function["function_name"],
366
377
  principal: "events.amazonaws.com",
367
378
  source_arn: event_rule["arn"]
368
379
  }
369
380
  self
370
381
  end
371
382
 
383
+ def renew_alert
384
+ topic = resource :aws_sns_topic, "#{@name}_lambda_cloudwatch_topic", {
385
+ name: "#{@name}_lambda_cloudwatch_topic"
386
+ }
387
+
388
+ alarm = resource :aws_cloudwatch_metric_alarm, "#{@name}_lambda_failure_alarm", {
389
+ alarm_name: "#{@name}-lambda-failure-alarm",
390
+ comparison_operator: "GreaterThanOrEqualToThreshold",
391
+ evaluation_periods: "1",
392
+ period: "300",
393
+ metric_name: "Errors",
394
+ namespace: "AWS/Lambda",
395
+ threshold: 1,
396
+ alarm_description: "Alert generated if the #{@name} certbot lambda fails execution",
397
+ actions_enabled: true,
398
+ dimensions: {
399
+ FunctionName: "${aws_lambda_function.#{@name}_lambda.function_name}"
400
+ },
401
+ alarm_actions: [
402
+ "${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}"
403
+ ],
404
+ ok_actions: [
405
+ "${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}"
406
+ ]
407
+ }
408
+
409
+ subscription = resource :aws_sns_topic_subscription, "#{@name}_lambda_cloudwatch_subscription", {
410
+ topic_arn: "${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}",
411
+ protocol: @renew_alert_options[:protocol],
412
+ endpoint: @renew_alert_options[:endpoint],
413
+ endpoint_auto_confirms: @renew_alert_options[:endpoint_auto_confirms],
414
+ confirmation_timeout_in_minutes: @renew_alert_options[:confirmation_timeout_in_minutes],
415
+ raw_message_delivery: @renew_alert_options[:raw_message_delivery],
416
+ filter_policy: @renew_alert_options[:filter_policy],
417
+ delivery_policy: @renew_alert_options[:delivery_policy]
418
+ }
419
+ self
420
+ end
421
+
372
422
  def generate_alpha_num()
373
423
  result = @name.split("").each do |ch|
374
424
  alpha_num = ch.upcase.ord - 'A'.ord
data/lib/terrafying/components/loadbalancer.rb CHANGED
@@ -1,6 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require 'digest/bubblebabble'
4
3
  require 'terrafying/components/usable'
5
4
  require 'terrafying/generator'
6
5
  require 'digest'
@@ -36,14 +35,15 @@ module Terrafying
36
35
  rescue StandardError
37
36
  @type = 'application'
38
37
  ident = make_identifier(@type, vpc.name, name)
38
+ name = make_name(@type, vpc.name, name)
39
39
 
40
- lb = aws.lb_by_name(ident)
40
+ lb = aws.lb_by_name(name)
41
41
 
42
- @security_group = aws.security_group_by_tags(loadbalancer_name: ident)
42
+ @security_group = aws.security_group_by_tags(loadbalancer_name: name)
43
43
  end
44
44
 
45
45
  @id = lb.load_balancer_arn
46
- @name = ident
46
+ @name = name
47
47
 
48
48
  target_groups = aws.target_groups_by_lb(@id)
49
49
 
@@ -93,14 +93,14 @@ module Terrafying
93
93
  @type = l4_ports.count == 0 ? 'application' : 'network'
94
94
 
95
95
  ident = make_identifier(@type, vpc.name, name)
96
- @name = ident
96
+ @name = make_name(@type, vpc.name, name)
97
97
 
98
98
  if application?
99
99
  @security_group = resource :aws_security_group, ident,
100
- name: "loadbalancer-#{ident}",
101
- description: "Describe the ingress and egress of the load balancer #{ident}",
100
+ name: "loadbalancer-#{@name}",
101
+ description: "Describe the ingress and egress of the load balancer #{@name}",
102
102
  tags: @tags.merge(
103
- loadbalancer_name: ident
103
+ loadbalancer_name: @name
104
104
  ),
105
105
  vpc_id: vpc.id
106
106
 
@@ -112,7 +112,7 @@ module Terrafying
112
112
  end
113
113
 
114
114
  @id = resource :aws_lb, ident, {
115
- name: ident,
115
+ name: @name,
116
116
  load_balancer_type: type,
117
117
  internal: !options[:public],
118
118
  tags: @tags
@@ -125,8 +125,14 @@ module Terrafying
125
125
 
126
126
  @ports.each do |port|
127
127
  port_ident = "#{ident}-#{port[:downstream_port]}"
128
+ port_name = "#{@name}-#{port[:downstream_port]}"
129
+
130
+ actions = []
131
+
132
+ default_action = port.key?(:action) ? port[:action] : forward_to_tg(port, port_ident, port_name, vpc)
128
133
 
129
- default_action = port.key?(:action) ? port[:action] : forward_to_tg(port, port_ident, vpc)
134
+ actions.append(default_action)
135
+ actions.append(authenticate_oidc(port[:oidc_config])) if !port[:oidc_config].nil?
130
136
 
131
137
  ssl_options = alb_certs(port, port_ident)
132
138
 
@@ -134,7 +140,7 @@ module Terrafying
134
140
  load_balancer_arn: @id,
135
141
  port: port[:upstream_port],
136
142
  protocol: port[:type].upcase,
137
- default_action: default_action
143
+ default_action: actions
138
144
  }.merge(ssl_options)
139
145
 
140
146
  register_target(default_action[:target_group_arn], listener) if default_action[:type] == 'forward'
@@ -148,9 +154,9 @@ module Terrafying
148
154
  self
149
155
  end
150
156
 
151
- def forward_to_tg(port, port_ident, vpc)
157
+ def forward_to_tg(port, port_ident, port_name, vpc)
152
158
  target_group = resource :aws_lb_target_group, port_ident, {
153
- name: port_ident,
159
+ name: port_name,
154
160
  port: port[:downstream_port],
155
161
  protocol: port[:type].upcase,
156
162
  vpc_id: vpc.id
@@ -162,6 +168,13 @@ module Terrafying
162
168
  }
163
169
  end
164
170
 
171
+ def authenticate_oidc(oidc_config)
172
+ {
173
+ type: "authenticate-oidc",
174
+ authenticate_oidc: oidc_config
175
+ }
176
+ end
177
+
165
178
  def register_target(target_group, listener)
166
179
  @targets << Struct::Target.new(
167
180
  target_group: target_group,
@@ -215,17 +228,16 @@ module Terrafying
215
228
  set.autoscale_on_load_balancer(self, target_value: target_value, disable_scale_in: disable_scale_in)
216
229
  end
217
230
 
218
- def make_identifier(type, vpc_name, name)
231
+ def make_name(type, vpc_name, name)
232
+ gen_id = "#{type}-#{tf_safe(vpc_name)}-#{name}"
233
+ return Digest::SHA2.hexdigest(gen_id)[0..24] if @hex_ident || gen_id.size > 26
219
234
 
220
- gen_id = "#{type}-#{vpc_name}-#{name}"
221
- hex = Digest::SHA2.hexdigest(gen_id)[0..24]
222
- if hex[0..0] =~ /[a-z]/
223
- return hex if @hex_ident || gen_id.size > 26
224
- else return Digest::SHA256.bubblebabble(gen_id)[0..15]
225
- end
226
-
227
235
  gen_id[0..31]
228
236
  end
237
+
238
+ def make_identifier(type, vpc_name, name)
239
+ make_name(type, vpc_name, name).gsub(%r{^(\d)}, '_\1')
240
+ end
229
241
  end
230
242
  end
231
243
  end
data/lib/terrafying/components/prometheus.rb CHANGED
@@ -20,7 +20,7 @@ module Terrafying
20
20
  def initialize(
21
21
  vpc:,
22
22
  thanos_name: 'thanos',
23
- thanos_version: 'v0.10.1',
23
+ thanos_version: 'v0.17.2',
24
24
  prom_name: 'prometheus',
25
25
  prom_version: 'v2.23.0',
26
26
  instances: 2,
data/lib/terrafying/components/security/trail.rb CHANGED
@@ -120,7 +120,7 @@ module Terrafying
120
120
  "logs:CreateLogStream"
121
121
  ],
122
122
  Resource: [
123
- @log_group["arn"],
123
+ "#{@log_group["arn"]}:*",
124
124
  ]
125
125
  },
126
126
  {
@@ -130,7 +130,7 @@ module Terrafying
130
130
  "logs:PutLogEvents"
131
131
  ],
132
132
  Resource: [
133
- @log_group["arn"],
133
+ "#{@log_group["arn"]}:*",
134
134
  ]
135
135
  }
136
136
  ]
@@ -152,7 +152,7 @@ module Terrafying
152
152
  enable_log_file_validation: true,
153
153
  kms_key_id: store.key_arn,
154
154
 
155
- cloud_watch_logs_group_arn: @log_group["arn"],
155
+ cloud_watch_logs_group_arn: "#{@log_group["arn"]}:*",
156
156
  cloud_watch_logs_role_arn: log_role["arn"],
157
157
 
158
158
  event_selector: [
data/lib/terrafying/components/service.rb CHANGED
@@ -170,7 +170,7 @@ module Terrafying
170
170
  prom = Prometheus.find_in(vpc: vpc)
171
171
  ports.each do |port|
172
172
  sg_rule_ident = Digest::SHA256.hexdigest("#{vpc.name}-#{port}-#{security_group}-#{prom.security_group}")
173
- resource :aws_security_group_rule, sg_rule_ident,
173
+ resource :aws_security_group_rule, sg_rule_ident.gsub(%r{^(\d)}, '_\1'),
174
174
  security_group_id: security_group,
175
175
  type: 'ingress',
176
176
  from_port: port,
data/lib/terrafying/components/staticset.rb CHANGED
@@ -161,7 +161,7 @@ module Terrafying
161
161
 
162
162
  def attach_load_balancer(load_balancer)
163
163
  @instances.product(load_balancer.targets).each.with_index do |(instance, target), i|
164
- resource :aws_lb_target_group_attachment, "#{load_balancer.name}-#{@name}-#{i}",
164
+ resource :aws_lb_target_group_attachment, "#{load_balancer.name}-#{@name}-#{i}".gsub(%r{^(\d)}, '_\1'),
165
165
  target_group_arn: target.target_group,
166
166
  target_id: instance.id
167
167
  end
data/lib/terrafying/components/usable.rb CHANGED
@@ -16,7 +16,7 @@ module Terrafying
16
16
  end
17
17
 
18
18
  def path_mtu_setup!
19
- resource :aws_security_group_rule, "#{@name}-path-mtu",
19
+ resource :aws_security_group_rule, "#{@name}-path-mtu".gsub(%r{^(\d)}, '_\1'),
20
20
  security_group_id: egress_security_group,
21
21
  type: 'ingress',
22
22
  protocol: 1, # icmp
@@ -42,7 +42,7 @@ module Terrafying
42
42
  cidr_ident = cidr.tr('./', '-')
43
43
 
44
44
  @ports.select(&block).map do |port|
45
- resource :aws_security_group_rule, "#{@name}-to-#{cidr_ident}-#{port[:name]}",
45
+ resource :aws_security_group_rule, "#{@name}-to-#{cidr_ident}-#{port[:name]}".gsub(%r{^(\d)}, '_\1'),
46
46
  security_group_id: ingress_security_group,
47
47
  type: 'ingress',
48
48
  from_port: from_port(port[:upstream_port]),
@@ -92,7 +92,7 @@ module Terrafying
92
92
  def used_by(*other_resources, &block)
93
93
  other_resources.map do |other_resource|
94
94
  @ports.select(&block).map.map do |port|
95
- resource :aws_security_group_rule, "#{@name}-to-#{other_resource.name}-#{port[:name]}",
95
+ resource :aws_security_group_rule, "#{@name}-to-#{other_resource.name}-#{port[:name]}".gsub(%r{^(\d)}, '_\1'),
96
96
  security_group_id: ingress_security_group,
97
97
  type: 'ingress',
98
98
  from_port: from_port(port[:upstream_port]),
@@ -100,7 +100,7 @@ module Terrafying
100
100
  protocol: port[:type] == 'udp' ? 'udp' : 'tcp',
101
101
  source_security_group_id: other_resource.egress_security_group
102
102
 
103
- resource :aws_security_group_rule, "#{other_resource.name}-to-#{@name}-#{port[:name]}",
103
+ resource :aws_security_group_rule, "#{other_resource.name}-to-#{@name}-#{port[:name]}".gsub(%r{^(\d)}, '_\1'),
104
104
  security_group_id: other_resource.egress_security_group,
105
105
  type: 'egress',
106
106
  from_port: from_port(port[:downstream_port]),
data/lib/terrafying/components/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Terrafying
4
4
  module Components
5
- VERSION = '2.0.7'
5
+ VERSION = '2.2.0'
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: terrafying-components
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.7
4
+ version: 2.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - uSwitch Limited
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-12-08 00:00:00.000000000 Z
11
+ date: 2021-01-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake