terrafying-components 1.10.9 → 1.11.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/terrafying/components/ca.rb +11 -9
- data/lib/terrafying/components/dynamicset.rb +10 -8
- data/lib/terrafying/components/letsencrypt.rb +6 -4
- data/lib/terrafying/components/loadbalancer.rb +1 -1
- data/lib/terrafying/components/selfsignedca.rb +17 -15
- data/lib/terrafying/components/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 73d7a37c078d36a198f7fa4c962b0efc1866c2372e178d4aa4011ffaff9e83f5
|
|
4
|
+
data.tar.gz: f14456cf4ae27f2f04a3b1a1263911a01ba05d3e8e329130c6b19eb0a50a330e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e7866109fc417b67150e1c607564039e78a6bc87b6901ed6cb430c5e9d09b086c56768eafdba7c40bb9f25e16285206449d9a15bb929e85f4e02e08dc5551cdc
|
|
7
|
+
data.tar.gz: e824409c34d34389993c87f89ff68880172f15e1e86f60b7660cde2e7a019f20da453a3580a1b922ce499897578e80519ad473376b7258893f241b4a99f3eba8
|
|
@@ -9,9 +9,11 @@ module Terrafying
|
|
|
9
9
|
create_keypair_in(self, name, options)
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
-
def
|
|
13
|
-
|
|
12
|
+
def path(object)
|
|
13
|
+
output_of(:aws_s3_bucket_object, object, :bucket).to_s + output_of(:aws_s3_bucket_object, object, :key).to_s
|
|
14
|
+
end
|
|
14
15
|
|
|
16
|
+
def reference_keypair(ctx, name, key, cert)
|
|
15
17
|
ref = {
|
|
16
18
|
name: name,
|
|
17
19
|
ca: self,
|
|
@@ -20,12 +22,12 @@ module Terrafying
|
|
|
20
22
|
key: File.join("/etc/ssl", @name, name, "key"),
|
|
21
23
|
},
|
|
22
24
|
source: {
|
|
23
|
-
cert: File.join("s3://",
|
|
24
|
-
key: File.join("s3://",
|
|
25
|
+
cert: File.join("s3://", path(cert)),
|
|
26
|
+
key: File.join("s3://", path(key)),
|
|
25
27
|
},
|
|
26
28
|
resources: [
|
|
27
|
-
"aws_s3_bucket_object.#{
|
|
28
|
-
"aws_s3_bucket_object.#{
|
|
29
|
+
"aws_s3_bucket_object.#{key}",
|
|
30
|
+
"aws_s3_bucket_object.#{cert}"
|
|
29
31
|
],
|
|
30
32
|
iam_statement: {
|
|
31
33
|
Effect: "Allow",
|
|
@@ -34,9 +36,9 @@ module Terrafying
|
|
|
34
36
|
"s3:GetObject",
|
|
35
37
|
],
|
|
36
38
|
Resource: [
|
|
37
|
-
"arn:aws:s3:::#{
|
|
38
|
-
"arn:aws:s3:::#{
|
|
39
|
-
"arn:aws:s3:::#{
|
|
39
|
+
"arn:aws:s3:::#{path(@name + '-cert')}",
|
|
40
|
+
"arn:aws:s3:::#{path(cert)}",
|
|
41
|
+
"arn:aws:s3:::#{path(key)}",
|
|
40
42
|
]
|
|
41
43
|
}
|
|
42
44
|
}
|
|
@@ -103,14 +103,16 @@ module Terrafying
|
|
|
103
103
|
end
|
|
104
104
|
tags = { Name: ident, service_name: name,}.merge(options[:tags]).merge(options[:instances].fetch(:tags, {})).map { |k,v| { Key: k, Value: v, PropagateAtLaunch: true }}
|
|
105
105
|
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
106
|
+
resource :aws_cloudformation_stack, ident, {
|
|
107
|
+
name: ident,
|
|
108
|
+
disable_rollback: true,
|
|
109
|
+
template_body: generate_template(
|
|
110
|
+
options[:health_check], options[:instances], launch_config,
|
|
111
|
+
options[:subnets].map(&:id), tags, options[:rolling_update]
|
|
112
|
+
),
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
@stack = "arn:aws:cloudformation:#{aws.region}:#{aws.account_id}:stack/#{ident}/*"
|
|
114
116
|
|
|
115
117
|
@asg = output_of(:aws_cloudformation_stack, ident, 'outputs["AsgName"]')
|
|
116
118
|
|
|
@@ -39,6 +39,7 @@ module Terrafying
|
|
|
39
39
|
provider: :staging,
|
|
40
40
|
email_address: "cloud@uswitch.com",
|
|
41
41
|
public_certificate: false,
|
|
42
|
+
curve: "P384",
|
|
42
43
|
}.merge(options)
|
|
43
44
|
|
|
44
45
|
@name = name
|
|
@@ -50,7 +51,7 @@ module Terrafying
|
|
|
50
51
|
|
|
51
52
|
resource :tls_private_key, "#{@name}-account", {
|
|
52
53
|
algorithm: "ECDSA",
|
|
53
|
-
ecdsa_curve:
|
|
54
|
+
ecdsa_curve: options[:curve],
|
|
54
55
|
}
|
|
55
56
|
|
|
56
57
|
resource :acme_registration, "#{@name}-reg", {
|
|
@@ -80,7 +81,7 @@ module Terrafying
|
|
|
80
81
|
acl: @ca_cert_acl
|
|
81
82
|
}
|
|
82
83
|
|
|
83
|
-
@source = File.join("s3://", @
|
|
84
|
+
@source = File.join("s3://", path("#{@name}-cert"))
|
|
84
85
|
|
|
85
86
|
self
|
|
86
87
|
end
|
|
@@ -98,13 +99,14 @@ module Terrafying
|
|
|
98
99
|
dns_names: [],
|
|
99
100
|
ip_addresses: [],
|
|
100
101
|
min_days_remaining: 21,
|
|
102
|
+
curve: "P384",
|
|
101
103
|
}.merge(options)
|
|
102
104
|
|
|
103
105
|
key_ident = "#{@name}-#{tf_safe(name)}"
|
|
104
106
|
|
|
105
107
|
ctx.resource :tls_private_key, key_ident, {
|
|
106
108
|
algorithm: "ECDSA",
|
|
107
|
-
ecdsa_curve:
|
|
109
|
+
ecdsa_curve: options[:curve],
|
|
108
110
|
}
|
|
109
111
|
|
|
110
112
|
ctx.resource :tls_cert_request, key_ident, {
|
|
@@ -140,7 +142,7 @@ module Terrafying
|
|
|
140
142
|
content: output_of(:acme_certificate, key_ident, :certificate_pem).to_s + @ca_cert,
|
|
141
143
|
}
|
|
142
144
|
|
|
143
|
-
reference_keypair(ctx, name)
|
|
145
|
+
reference_keypair(ctx, name, "#{key_ident}-key", "#{key_ident}-cert")
|
|
144
146
|
end
|
|
145
147
|
|
|
146
148
|
end
|
|
@@ -113,7 +113,7 @@ module Terrafying
|
|
|
113
113
|
internal: !options[:public],
|
|
114
114
|
tags: @tags,
|
|
115
115
|
}.merge(subnets_for(options[:subnets]))
|
|
116
|
-
.merge(application? ? { security_groups: [@security_group], idle_timeout: options[:idle_timeout] } : {})
|
|
116
|
+
.merge(application? ? { security_groups: [@security_group], idle_timeout: options[:idle_timeout], access_logs: options[:access_logs] } : {})
|
|
117
117
|
.compact
|
|
118
118
|
|
|
119
119
|
@targets = []
|
|
@@ -25,6 +25,7 @@ module Terrafying
|
|
|
25
25
|
common_name: name,
|
|
26
26
|
organization: "uSwitch Limited",
|
|
27
27
|
public_certificate: false,
|
|
28
|
+
curve: "P384",
|
|
28
29
|
}.merge(options)
|
|
29
30
|
|
|
30
31
|
@name = name
|
|
@@ -40,7 +41,7 @@ module Terrafying
|
|
|
40
41
|
cert_acl = "private"
|
|
41
42
|
end
|
|
42
43
|
|
|
43
|
-
@source = File.join("s3://", @
|
|
44
|
+
@source = File.join("s3://", path("#{@name}-cert"))
|
|
44
45
|
|
|
45
46
|
if options[:ca_key] && options[:ca_cert]
|
|
46
47
|
@ca_key = options[:ca_key]
|
|
@@ -58,7 +59,7 @@ module Terrafying
|
|
|
58
59
|
|
|
59
60
|
resource :tls_private_key, @ident, {
|
|
60
61
|
algorithm: @algorithm,
|
|
61
|
-
ecdsa_curve:
|
|
62
|
+
ecdsa_curve: options[:curve],
|
|
62
63
|
}
|
|
63
64
|
|
|
64
65
|
resource :tls_self_signed_cert, @ident, {
|
|
@@ -90,11 +91,11 @@ module Terrafying
|
|
|
90
91
|
end
|
|
91
92
|
|
|
92
93
|
def keypair
|
|
93
|
-
resource :aws_s3_bucket_object, "#{@name}-key", {
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
94
|
+
@ca_key_ref ||= resource :aws_s3_bucket_object, "#{@name}-key", {
|
|
95
|
+
bucket: @bucket,
|
|
96
|
+
key: File.join(@prefix, @name, "ca.key"),
|
|
97
|
+
content: @ca_key,
|
|
98
|
+
}
|
|
98
99
|
|
|
99
100
|
{
|
|
100
101
|
ca: self,
|
|
@@ -103,8 +104,8 @@ module Terrafying
|
|
|
103
104
|
key: File.join("/etc/ssl", @name, "ca.key"),
|
|
104
105
|
},
|
|
105
106
|
source: {
|
|
106
|
-
cert: File.join("s3://", @
|
|
107
|
-
key: File.join("s3://", @
|
|
107
|
+
cert: File.join("s3://", path("#{@name}-cert")),
|
|
108
|
+
key: File.join("s3://", path("#{@name}-key")),
|
|
108
109
|
},
|
|
109
110
|
resources: [
|
|
110
111
|
"aws_s3_bucket_object.#{@name}-key",
|
|
@@ -117,8 +118,8 @@ module Terrafying
|
|
|
117
118
|
"s3:GetObject",
|
|
118
119
|
],
|
|
119
120
|
Resource: [
|
|
120
|
-
"arn:aws:s3:::#{
|
|
121
|
-
"arn:aws:s3:::#{
|
|
121
|
+
"arn:aws:s3:::#{path(@name + '-cert')}",
|
|
122
|
+
"arn:aws:s3:::#{path(@name + '-key')}",
|
|
122
123
|
]
|
|
123
124
|
}
|
|
124
125
|
}
|
|
@@ -136,13 +137,14 @@ module Terrafying
|
|
|
136
137
|
],
|
|
137
138
|
dns_names: [],
|
|
138
139
|
ip_addresses: [],
|
|
140
|
+
curve: "P384",
|
|
139
141
|
}.merge(options)
|
|
140
142
|
|
|
141
143
|
key_ident = "#{@name}-#{tf_safe(name)}"
|
|
142
144
|
|
|
143
145
|
ctx.resource :tls_private_key, key_ident, {
|
|
144
146
|
algorithm: @algorithm,
|
|
145
|
-
ecdsa_curve:
|
|
147
|
+
ecdsa_curve: options[:curve],
|
|
146
148
|
}
|
|
147
149
|
|
|
148
150
|
ctx.resource :tls_cert_request, key_ident, {
|
|
@@ -167,17 +169,17 @@ module Terrafying
|
|
|
167
169
|
|
|
168
170
|
ctx.resource :aws_s3_bucket_object, "#{key_ident}-key", {
|
|
169
171
|
bucket: @bucket,
|
|
170
|
-
key: File.join(@prefix, @name, name, "key"),
|
|
172
|
+
key: File.join(@prefix, @name, name, "${sha256(tls_private_key.#{key_ident}.private_key_pem)}", "key"),
|
|
171
173
|
content: output_of(:tls_private_key, key_ident, :private_key_pem),
|
|
172
174
|
}
|
|
173
175
|
|
|
174
176
|
ctx.resource :aws_s3_bucket_object, "#{key_ident}-cert", {
|
|
175
177
|
bucket: @bucket,
|
|
176
|
-
key: File.join(@prefix, @name, name, "cert"),
|
|
178
|
+
key: File.join(@prefix, @name, name, "${sha256(tls_locally_signed_cert.#{key_ident}.cert_pem)}", "cert"),
|
|
177
179
|
content: output_of(:tls_locally_signed_cert, key_ident, :cert_pem),
|
|
178
180
|
}
|
|
179
181
|
|
|
180
|
-
reference_keypair(ctx, name)
|
|
182
|
+
reference_keypair(ctx, name, "#{key_ident}-key", "#{key_ident}-cert")
|
|
181
183
|
end
|
|
182
184
|
|
|
183
185
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: terrafying-components
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.11.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- uSwitch Limited
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-01-
|
|
11
|
+
date: 2019-01-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|