terrafying-components 2.0.9 → 2.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/terrafying/components/dynamicset.rb +3 -2
  3. data/lib/terrafying/components/letsencrypt.rb +56 -5
  4. data/lib/terrafying/components/loadbalancer.rb +13 -1
  5. data/lib/terrafying/components/service.rb +1 -1
  6. data/lib/terrafying/components/version.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7506eff536bce92c4ca3e10bf028413c798f303dbd4172908c4cd97da3a674e5
4
- data.tar.gz: 07555eb3500d7da89014011bf8d4f135b9fa8e6352dda601033114368fa48400
3
+ metadata.gz: c3e6feffa909d508b0eaee8e92802263376835a825d9118af10eb7e8ed6fec32
4
+ data.tar.gz: '083222dd7991c4ba7e944f30eca7d4743d0996e507c0171e8dfa4ed93153bdb5'
5
5
  SHA512:
6
- metadata.gz: 2aeaf4a8fba2fb5216ed75fd6f086f590f99b87ef9521d9977337507ca80e7b0bad39cc938387d8edac28816c91bf6843847a2b4ed515aab6b9e38b9976525dc
7
- data.tar.gz: 187cae79f1c97ce7d14e8082a78ad148c9b0d52f5c5eff376837b128e906324b4e1440dc0b00308092c28b69d9ad109e198c8cac260d3a639238d9e47b0a850a
6
+ metadata.gz: 9f8e0d71a8365a97062087ebdccc6b05ed985eb7377e0bf850f6c617418bfaaa07d378fbc66b9d2a4eeee43178d048018f84a1753178ec00bcb0b373c97ce892
7
+ data.tar.gz: 8f0d7d9456fae4fd1ac98372084567dbf2bf3532add46dfd70683d2a3296bae33a624fdd5fa9957911fca8e27b9294b0041d6423a4c6eb15832a2004b85b6429
data/lib/terrafying/components/dynamicset.rb CHANGED
@@ -173,13 +173,14 @@ module Terrafying
173
173
 
174
174
  def autoscale_on_load_balancer(load_balancer, target_value:, disable_scale_in:)
175
175
  load_balancer.targets.each.with_index do |target, i|
176
+ policy_ident = "#{load_balancer.name}-#{@name}-#{i}".gsub(%r{^(\d)}, '_\1')
176
177
  policy_name = "#{load_balancer.name}-#{@name}-#{i}"
177
178
  lb_arn = load_balancer.id.to_s.gsub(/id/, 'arn_suffix')
178
179
  tg_arn = target.target_group.to_s.gsub(/id/, 'arn_suffix')
179
180
  listener = "aws_lb_listener.#{target.listener.to_s.split('.')[1]}"
180
- autoscaling_attachment = "aws_autoscaling_attachment.#{policy_name}"
181
+ autoscaling_attachment = "aws_autoscaling_attachment.#{policy_ident}"
181
182
 
182
- resource :aws_autoscaling_policy, policy_name,
183
+ resource :aws_autoscaling_policy, policy_ident,
183
184
  name: policy_name,
184
185
  autoscaling_group_name: @asg,
185
186
  policy_type: 'TargetTrackingScaling',
data/lib/terrafying/components/letsencrypt.rb CHANGED
@@ -47,7 +47,16 @@ module Terrafying
47
47
  curve: 'P384',
48
48
  rsa_bits: '3072',
49
49
  use_external_dns: false,
50
- renewing: false
50
+ renewing: false,
51
+ renew_alert_options: {
52
+ protocol: nil,
53
+ endpoint: nil,
54
+ endpoint_auto_confirms: false,
55
+ confirmation_timeout_in_minutes: 1,
56
+ raw_message_delivery: false,
57
+ filter_policy: nil,
58
+ delivery_policy: nil
59
+ }
51
60
  }.merge(options)
52
61
 
53
62
  @name = name
@@ -56,9 +65,11 @@ module Terrafying
56
65
  @acme_provider = @acme_providers[options[:provider]]
57
66
  @use_external_dns = options[:use_external_dns]
58
67
  @renewing = options[:renewing]
68
+ @renew_alert_options = options[:renew_alert_options]
59
69
  @prefix_path = [@prefix, @name].reject(&:empty?).join("/")
60
70
 
61
71
  renew() if @renewing
72
+ renew_alert() if @renew_alert_options[:endpoint] != nil
62
73
 
63
74
  provider :tls, {}
64
75
 
@@ -324,7 +335,7 @@ module Terrafying
324
335
  )
325
336
  }
326
337
 
327
- lamda_function = resource :aws_lambda_function, "#{@name}_lambda", {
338
+ lambda_function = resource :aws_lambda_function, "#{@name}_lambda", {
328
339
  function_name: "#{@name}_lambda",
329
340
  s3_bucket: "uswitch-certbot-lambda",
330
341
  s3_key: "certbot-lambda.zip",
@@ -355,20 +366,60 @@ module Terrafying
355
366
 
356
367
  resource :aws_cloudwatch_event_target, "#{@name}_lambda_event_target", {
357
368
  rule: event_rule["name"],
358
- target_id: lamda_function["id"],
359
- arn: lamda_function["arn"]
369
+ target_id: lambda_function["id"],
370
+ arn: lambda_function["arn"]
360
371
  }
361
372
 
362
373
  resource :aws_lambda_permission, "allow_cloudwatch_to_invoke_#{@name}_lambda", {
363
374
  statement_id: "AllowExecutionFromCloudWatch",
364
375
  action: "lambda:InvokeFunction",
365
- function_name: lamda_function["function_name"],
376
+ function_name: lambda_function["function_name"],
366
377
  principal: "events.amazonaws.com",
367
378
  source_arn: event_rule["arn"]
368
379
  }
369
380
  self
370
381
  end
371
382
 
383
+ def renew_alert
384
+ topic = resource :aws_sns_topic, "#{@name}_lambda_cloudwatch_topic", {
385
+ name: "#{@name}_lambda_cloudwatch_topic"
386
+ }
387
+
388
+ alarm = resource :aws_cloudwatch_metric_alarm, "#{@name}_lambda_failure_alarm", {
389
+ alarm_name: "#{@name}-lambda-failure-alarm",
390
+ comparison_operator: "GreaterThanOrEqualToThreshold",
391
+ evaluation_periods: "1",
392
+ period: "300",
393
+ metric_name: "Errors",
394
+ namespace: "AWS/Lambda",
395
+ threshold: 1,
396
+ statistic: "Maximum",
397
+ alarm_description: "Alert generated if the #{@name} certbot lambda fails execution",
398
+ actions_enabled: true,
399
+ dimensions: {
400
+ FunctionName: "${aws_lambda_function.#{@name}_lambda.function_name}"
401
+ },
402
+ alarm_actions: [
403
+ "${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}"
404
+ ],
405
+ ok_actions: [
406
+ "${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}"
407
+ ]
408
+ }
409
+
410
+ subscription = resource :aws_sns_topic_subscription, "#{@name}_lambda_cloudwatch_subscription", {
411
+ topic_arn: "${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}",
412
+ protocol: @renew_alert_options[:protocol],
413
+ endpoint: @renew_alert_options[:endpoint],
414
+ endpoint_auto_confirms: @renew_alert_options[:endpoint_auto_confirms],
415
+ confirmation_timeout_in_minutes: @renew_alert_options[:confirmation_timeout_in_minutes],
416
+ raw_message_delivery: @renew_alert_options[:raw_message_delivery],
417
+ filter_policy: @renew_alert_options[:filter_policy],
418
+ delivery_policy: @renew_alert_options[:delivery_policy]
419
+ }
420
+ self
421
+ end
422
+
372
423
  def generate_alpha_num()
373
424
  result = @name.split("").each do |ch|
374
425
  alpha_num = ch.upcase.ord - 'A'.ord
data/lib/terrafying/components/loadbalancer.rb CHANGED
@@ -127,15 +127,20 @@ module Terrafying
127
127
  port_ident = "#{ident}-#{port[:downstream_port]}"
128
128
  port_name = "#{@name}-#{port[:downstream_port]}"
129
129
 
130
+ actions = []
131
+
130
132
  default_action = port.key?(:action) ? port[:action] : forward_to_tg(port, port_ident, port_name, vpc)
131
133
 
134
+ actions.append(authenticate_oidc(port[:oidc_config])) if !port[:oidc_config].nil?
135
+ actions.append(default_action)
136
+
132
137
  ssl_options = alb_certs(port, port_ident)
133
138
 
134
139
  listener = resource :aws_lb_listener, port_ident, {
135
140
  load_balancer_arn: @id,
136
141
  port: port[:upstream_port],
137
142
  protocol: port[:type].upcase,
138
- default_action: default_action
143
+ default_action: actions
139
144
  }.merge(ssl_options)
140
145
 
141
146
  register_target(default_action[:target_group_arn], listener) if default_action[:type] == 'forward'
@@ -163,6 +168,13 @@ module Terrafying
163
168
  }
164
169
  end
165
170
 
171
+ def authenticate_oidc(oidc_config)
172
+ {
173
+ type: "authenticate-oidc",
174
+ authenticate_oidc: oidc_config
175
+ }
176
+ end
177
+
166
178
  def register_target(target_group, listener)
167
179
  @targets << Struct::Target.new(
168
180
  target_group: target_group,
data/lib/terrafying/components/service.rb CHANGED
@@ -170,7 +170,7 @@ module Terrafying
170
170
  prom = Prometheus.find_in(vpc: vpc)
171
171
  ports.each do |port|
172
172
  sg_rule_ident = Digest::SHA256.hexdigest("#{vpc.name}-#{port}-#{security_group}-#{prom.security_group}")
173
- resource :aws_security_group_rule, sg_rule_ident,
173
+ resource :aws_security_group_rule, sg_rule_ident.gsub(%r{^(\d)}, '_\1'),
174
174
  security_group_id: security_group,
175
175
  type: 'ingress',
176
176
  from_port: port,
data/lib/terrafying/components/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Terrafying
4
4
  module Components
5
- VERSION = '2.0.9'
5
+ VERSION = '2.2.2'
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: terrafying-components
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.9
4
+ version: 2.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - uSwitch Limited
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-12-15 00:00:00.000000000 Z
11
+ date: 2021-01-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake