terrafying-components 2.0.8 → 2.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bbaa667823250a0ea8cbf2a14e2aade8c9a1662486b6348cc77b96117a803fd4
-  data.tar.gz: 76469e319d9769d9fababcdaac1a3e765b799709d27673ae3bd30fb759fbd3ad
+  metadata.gz: f7902e7044571042057afc58eea33ab7fca3487e2eb8e8ee448787365e39c9ed
+  data.tar.gz: 967baf4fea085a5e60eddd66c04c6468d841e469aa76ce28e7df737560324e2d
 SHA512:
-  metadata.gz: e91162e62ce4b562d850e0a770985bb7712d415657b4bd04f0f32c35a209ddefadf1f8f621b08360597d399e943bfcbd47016a9e8335b5e5c3ed10a78bd0195b
-  data.tar.gz: acc04e0cf409950d9760fe2918ce3c2fa98a03ade81682f9445a19bec0f3e863bf4d5ef8a79f85bc6e691bd63ccbc53c07a677bf1a3755ffc92b75546d5c3ca3
+  metadata.gz: 39dc9b962c81d371190faa2160610915b0ce038a2af989edeb060aa5f9efc4794a9e2988b111d06a38d9f7a8e8c8ab45389e48898031fe6a2c51e006fe349fc5
+  data.tar.gz: af961597af0205b3b4eb3dd97e32234ce13dd7936003c2f69286ca40d554cf6d5b61756d753e73ec4419a4aa52170416afe386063f35661157e87d3ef76241d9

data/lib/terrafying/components/dynamicset.rb

@@ -173,13 +173,14 @@ module Terrafying
 
       def autoscale_on_load_balancer(load_balancer, target_value:, disable_scale_in:)
         load_balancer.targets.each.with_index do |target, i|
+          policy_ident = "#{load_balancer.name}-#{@name}-#{i}".gsub(%r{^(\d)}, '_\1')
           policy_name = "#{load_balancer.name}-#{@name}-#{i}"
           lb_arn = load_balancer.id.to_s.gsub(/id/, 'arn_suffix')
           tg_arn = target.target_group.to_s.gsub(/id/, 'arn_suffix')
           listener = "aws_lb_listener.#{target.listener.to_s.split('.')[1]}"
-          autoscaling_attachment = "aws_autoscaling_attachment.#{policy_name}"
+          autoscaling_attachment = "aws_autoscaling_attachment.#{policy_ident}"
 
-          resource :aws_autoscaling_policy, policy_name,
+          resource :aws_autoscaling_policy, policy_ident,
                    name: policy_name,
                    autoscaling_group_name: @asg,
                    policy_type: 'TargetTrackingScaling',

data/lib/terrafying/components/letsencrypt.rb

@@ -47,7 +47,16 @@ module Terrafying
           curve: 'P384',
           rsa_bits: '3072',
           use_external_dns: false,
-          renewing: false
+          renewing: false,
+          renew_alert_options: {
+            protocol: nil,
+            endpoint: nil,
+            endpoint_auto_confirms: false,
+            confirmation_timeout_in_minutes: 1,
+            raw_message_delivery: false,
+            filter_policy: nil,
+            delivery_policy: nil
+          }
         }.merge(options)
 
         @name = name
@@ -56,9 +65,11 @@ module Terrafying
         @acme_provider = @acme_providers[options[:provider]]
         @use_external_dns = options[:use_external_dns]
         @renewing = options[:renewing]
+        @renew_alert_options = options[:renew_alert_options]
         @prefix_path = [@prefix, @name].reject(&:empty?).join("/")
 
         renew() if @renewing
+        renew_alert() if @renew_alert_options[:endpoint] != nil
 
         provider :tls, {}
 
@@ -324,7 +335,7 @@ module Terrafying
               )
             }
 
-        lamda_function = resource :aws_lambda_function, "#{@name}_lambda", {
+        lambda_function = resource :aws_lambda_function, "#{@name}_lambda", {
           function_name: "#{@name}_lambda",
           s3_bucket: "uswitch-certbot-lambda",
           s3_key: "certbot-lambda.zip",
@@ -355,20 +366,60 @@ module Terrafying
 
         resource :aws_cloudwatch_event_target, "#{@name}_lambda_event_target", {
           rule: event_rule["name"],
-          target_id: lamda_function["id"],
-          arn: lamda_function["arn"]
+          target_id: lambda_function["id"],
+          arn: lambda_function["arn"]
         }
 
         resource :aws_lambda_permission, "allow_cloudwatch_to_invoke_#{@name}_lambda", {
           statement_id: "AllowExecutionFromCloudWatch",
           action: "lambda:InvokeFunction",
-          function_name: lamda_function["function_name"],
+          function_name: lambda_function["function_name"],
           principal: "events.amazonaws.com",
           source_arn: event_rule["arn"]
         }
         self
       end
 
+      def renew_alert
+        topic = resource :aws_sns_topic, "#{@name}_lambda_cloudwatch_topic", {
+                 name: "#{@name}_lambda_cloudwatch_topic"
+        }
+
+        alarm = resource :aws_cloudwatch_metric_alarm, "#{@name}_lambda_failure_alarm", {
+                 alarm_name: "#{@name}-lambda-failure-alarm",
+                 comparison_operator: "GreaterThanOrEqualToThreshold",
+                 evaluation_periods: "1",
+                 period: "300",
+                 metric_name: "Errors",
+                 namespace: "AWS/Lambda",
+                 threshold: 1,
+                 statistic: "Maximum",
+                 alarm_description: "Alert generated if the #{@name} certbot lambda fails execution",
+                 actions_enabled: true,
+                 dimensions: {
+                           FunctionName: "${aws_lambda_function.#{@name}_lambda.function_name}"
+                         },
+                 alarm_actions: [
+                           "${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}"
+                         ],
+                 ok_actions: [
+                          "${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}"
+                        ]
+        }
+
+        subscription = resource :aws_sns_topic_subscription, "#{@name}_lambda_cloudwatch_subscription", {
+                 topic_arn: "${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}",
+                 protocol: @renew_alert_options[:protocol],
+                 endpoint: @renew_alert_options[:endpoint],
+                 endpoint_auto_confirms: @renew_alert_options[:endpoint_auto_confirms],
+                 confirmation_timeout_in_minutes: @renew_alert_options[:confirmation_timeout_in_minutes],
+                 raw_message_delivery: @renew_alert_options[:raw_message_delivery],
+                 filter_policy: @renew_alert_options[:filter_policy],
+                 delivery_policy: @renew_alert_options[:delivery_policy]
+        }
+        self
+      end
+
       def generate_alpha_num()
         result = @name.split("").each do |ch|
           alpha_num = ch.upcase.ord - 'A'.ord

data/lib/terrafying/components/loadbalancer.rb

@@ -127,15 +127,20 @@ module Terrafying
           port_ident = "#{ident}-#{port[:downstream_port]}"
           port_name = "#{@name}-#{port[:downstream_port]}"
 
+          actions = []
+
           default_action = port.key?(:action) ? port[:action] : forward_to_tg(port, port_ident, port_name, vpc)
 
+          actions.append(default_action)
+          actions.append(authenticate_oidc(port[:oidc_config])) if !port[:oidc_config].nil?
+
           ssl_options = alb_certs(port, port_ident)
 
           listener = resource :aws_lb_listener, port_ident, {
             load_balancer_arn: @id,
             port: port[:upstream_port],
             protocol: port[:type].upcase,
-            default_action: default_action
+            default_action: actions
           }.merge(ssl_options)
 
           register_target(default_action[:target_group_arn], listener) if default_action[:type] == 'forward'
@@ -163,6 +168,13 @@ module Terrafying
         }
       end
 
+      def authenticate_oidc(oidc_config)
+        {
+          type: "authenticate-oidc",
+          authenticate_oidc: oidc_config
+        }
+      end
+
       def register_target(target_group, listener)
         @targets << Struct::Target.new(
           target_group: target_group,

data/lib/terrafying/components/prometheus.rb

@@ -20,7 +20,7 @@ module Terrafying
       def initialize(
         vpc:,
         thanos_name: 'thanos',
-        thanos_version: 'v0.10.1',
+        thanos_version: 'v0.17.2',
         prom_name: 'prometheus',
         prom_version: 'v2.23.0',
         instances: 2,

data/lib/terrafying/components/service.rb

@@ -170,7 +170,7 @@ module Terrafying
         prom = Prometheus.find_in(vpc: vpc)
         ports.each do |port|
           sg_rule_ident = Digest::SHA256.hexdigest("#{vpc.name}-#{port}-#{security_group}-#{prom.security_group}")
-          resource :aws_security_group_rule, sg_rule_ident,
+          resource :aws_security_group_rule, sg_rule_ident.gsub(%r{^(\d)}, '_\1'),
                    security_group_id: security_group,
                    type: 'ingress',
                    from_port: port,

data/lib/terrafying/components/version.rb

@@ -2,6 +2,6 @@
 
 module Terrafying
   module Components
-    VERSION = '2.0.8'
+    VERSION = '2.2.1'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: terrafying-components
 version: !ruby/object:Gem::Version
-  version: 2.0.8
+  version: 2.2.1
 platform: ruby
 authors:
 - uSwitch Limited
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-12-10 00:00:00.000000000 Z
+date: 2021-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake