terrafying-components 1.16.3 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/terrafying/components/dynamicset.rb +9 -6
- data/lib/terrafying/components/instance.rb +15 -3
- data/lib/terrafying/components/loadbalancer.rb +15 -20
- data/lib/terrafying/components/prometheus.rb +1 -1
- data/lib/terrafying/components/service.rb +6 -2
- data/lib/terrafying/components/staticset.rb +4 -4
- data/lib/terrafying/components/usable.rb +4 -4
- data/lib/terrafying/components/version.rb +1 -1
- data/lib/terrafying/components/vpc.rb +12 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 71540ce13f2a767a6cd4473c6dbac6bbac39b8e3c3c513d9b7dd70fb48150263
|
4
|
+
data.tar.gz: fe1fb4871f8b7147bdc98a0e73e7a057b4063ddfccccd0202c6791a3faf959fd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 71da83d4a07e356c104eaf6cce633e8b118c38ae4b5e5952c6c20b81a57ff738c60e35253b5ef910a7b67b143c9615c93bb05b3fde80af26e5d060ba63f9d944
|
7
|
+
data.tar.gz: 18f9aac3085b00129c5d94ff2bcbc11e501af5bbac428ba2125ec32adfdcc8d55cd675773ccca78b3da4c9edcfa7ad3f9e7cefe0f7262cce4416474abd5e6acd
|
@@ -33,7 +33,7 @@ module Terrafying
|
|
33
33
|
options = {
|
34
34
|
public: false,
|
35
35
|
eip: false,
|
36
|
-
ami: aws.ami('base-image-fc-
|
36
|
+
ami: aws.ami('base-image-fc-2860fb52', owners = ['136393635417']),
|
37
37
|
instance_type: 't3a.micro',
|
38
38
|
instances: { min: 1, max: 1, desired: 1, tags: {} },
|
39
39
|
ports: [],
|
@@ -44,9 +44,12 @@ module Terrafying
|
|
44
44
|
subnets: vpc.subnets.fetch(:private, []),
|
45
45
|
depends_on: [],
|
46
46
|
rolling_update: :simple,
|
47
|
+
metadata_options: {},
|
47
48
|
vpc_endpoints_egress: []
|
48
49
|
}.merge(options)
|
49
50
|
|
51
|
+
metadata_options = options[:metadata_options]
|
52
|
+
|
50
53
|
ident = "#{tf_safe(vpc.name)}-#{name}"
|
51
54
|
|
52
55
|
@name = ident
|
@@ -85,6 +88,7 @@ module Terrafying
|
|
85
88
|
lifecycle: {
|
86
89
|
create_before_destroy: true
|
87
90
|
},
|
91
|
+
metadata_options: options[:metadata_options],
|
88
92
|
depends_on: resource_name_from(options[:instance_profile])
|
89
93
|
|
90
94
|
if options[:instances][:track]
|
@@ -138,7 +142,7 @@ module Terrafying
|
|
138
142
|
protocol: -1,
|
139
143
|
prefix_list_ids: prefix_ids
|
140
144
|
end
|
141
|
-
|
145
|
+
|
142
146
|
def default_egress_rule(ident, security_group)
|
143
147
|
resource :aws_security_group_rule, "#{ident}-default-egress",
|
144
148
|
security_group_id: security_group,
|
@@ -159,7 +163,7 @@ module Terrafying
|
|
159
163
|
|
160
164
|
def attach_load_balancer(load_balancer)
|
161
165
|
load_balancer.targets.each.with_index do |target, i|
|
162
|
-
resource :aws_autoscaling_attachment, "#{load_balancer.name}-#{@name}-#{i}"
|
166
|
+
resource :aws_autoscaling_attachment, "#{load_balancer.name}-#{@name}-#{i}",
|
163
167
|
autoscaling_group_name: @asg,
|
164
168
|
alb_target_group_arn: target.target_group
|
165
169
|
end
|
@@ -169,14 +173,13 @@ module Terrafying
|
|
169
173
|
|
170
174
|
def autoscale_on_load_balancer(load_balancer, target_value:, disable_scale_in:)
|
171
175
|
load_balancer.targets.each.with_index do |target, i|
|
172
|
-
policy_ident = "#{load_balancer.name}-#{@name}-#{i}".gsub(%r{^(\d)}, '_\1')
|
173
176
|
policy_name = "#{load_balancer.name}-#{@name}-#{i}"
|
174
177
|
lb_arn = load_balancer.id.to_s.gsub(/id/, 'arn_suffix')
|
175
178
|
tg_arn = target.target_group.to_s.gsub(/id/, 'arn_suffix')
|
176
179
|
listener = "aws_lb_listener.#{target.listener.to_s.split('.')[1]}"
|
177
|
-
autoscaling_attachment = "aws_autoscaling_attachment.#{
|
180
|
+
autoscaling_attachment = "aws_autoscaling_attachment.#{policy_name}"
|
178
181
|
|
179
|
-
resource :aws_autoscaling_policy,
|
182
|
+
resource :aws_autoscaling_policy, policy_name,
|
180
183
|
name: policy_name,
|
181
184
|
autoscaling_group_name: @asg,
|
182
185
|
policy_type: 'TargetTrackingScaling',
|
@@ -36,8 +36,14 @@ module Terrafying
|
|
36
36
|
instance_profile: nil,
|
37
37
|
ports: [],
|
38
38
|
tags: {},
|
39
|
-
security_groups:
|
40
|
-
|
39
|
+
security_groups: nil,
|
40
|
+
metadata_options: nil,
|
41
|
+
depends_on: nil,
|
42
|
+
ipv6_cidr_blocks: nil,
|
43
|
+
prefix_list_ids: nil,
|
44
|
+
security_groups: nil,
|
45
|
+
self: nil,
|
46
|
+
description: nil,
|
41
47
|
}.merge(options)
|
42
48
|
|
43
49
|
ident = "#{tf_safe(vpc.name)}-#{name}"
|
@@ -55,7 +61,12 @@ module Terrafying
|
|
55
61
|
from_port: 0,
|
56
62
|
to_port: 0,
|
57
63
|
protocol: -1,
|
58
|
-
cidr_blocks: ['0.0.0.0/0']
|
64
|
+
cidr_blocks: ['0.0.0.0/0'],
|
65
|
+
ipv6_cidr_blocks: options[:ipv6_cidr_blocks],
|
66
|
+
prefix_list_ids: options[:prefix_list_ids],
|
67
|
+
security_groups: options[:security_groups],
|
68
|
+
self: options[:self],
|
69
|
+
description: options[:description]
|
59
70
|
}
|
60
71
|
]
|
61
72
|
|
@@ -99,6 +110,7 @@ module Terrafying
|
|
99
110
|
vpc.internal_ssh_security_group
|
100
111
|
].push(*options[:security_groups]),
|
101
112
|
user_data: options[:user_data],
|
113
|
+
metadata_options: options[:metadata_options],
|
102
114
|
lifecycle: {
|
103
115
|
create_before_destroy: true
|
104
116
|
},
|
@@ -1,8 +1,9 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require 'digest/bubblebabble'
|
3
4
|
require 'terrafying/components/usable'
|
4
5
|
require 'terrafying/generator'
|
5
|
-
|
6
|
+
|
6
7
|
require_relative './ports'
|
7
8
|
|
8
9
|
module Terrafying
|
@@ -35,15 +36,14 @@ module Terrafying
|
|
35
36
|
rescue StandardError
|
36
37
|
@type = 'application'
|
37
38
|
ident = make_identifier(@type, vpc.name, name)
|
38
|
-
name = make_name(@type, vpc.name, name)
|
39
39
|
|
40
|
-
lb = aws.lb_by_name(
|
40
|
+
lb = aws.lb_by_name(ident)
|
41
41
|
|
42
|
-
@security_group = aws.security_group_by_tags(loadbalancer_name:
|
42
|
+
@security_group = aws.security_group_by_tags(loadbalancer_name: ident)
|
43
43
|
end
|
44
44
|
|
45
45
|
@id = lb.load_balancer_arn
|
46
|
-
@name =
|
46
|
+
@name = ident
|
47
47
|
|
48
48
|
target_groups = aws.target_groups_by_lb(@id)
|
49
49
|
|
@@ -93,14 +93,14 @@ module Terrafying
|
|
93
93
|
@type = l4_ports.count == 0 ? 'application' : 'network'
|
94
94
|
|
95
95
|
ident = make_identifier(@type, vpc.name, name)
|
96
|
-
@name =
|
96
|
+
@name = ident
|
97
97
|
|
98
98
|
if application?
|
99
99
|
@security_group = resource :aws_security_group, ident,
|
100
|
-
name: "loadbalancer-#{
|
101
|
-
description: "Describe the ingress and egress of the load balancer #{
|
100
|
+
name: "loadbalancer-#{ident}",
|
101
|
+
description: "Describe the ingress and egress of the load balancer #{ident}",
|
102
102
|
tags: @tags.merge(
|
103
|
-
loadbalancer_name:
|
103
|
+
loadbalancer_name: ident
|
104
104
|
),
|
105
105
|
vpc_id: vpc.id
|
106
106
|
|
@@ -112,7 +112,7 @@ module Terrafying
|
|
112
112
|
end
|
113
113
|
|
114
114
|
@id = resource :aws_lb, ident, {
|
115
|
-
name:
|
115
|
+
name: ident,
|
116
116
|
load_balancer_type: type,
|
117
117
|
internal: !options[:public],
|
118
118
|
tags: @tags
|
@@ -125,9 +125,8 @@ module Terrafying
|
|
125
125
|
|
126
126
|
@ports.each do |port|
|
127
127
|
port_ident = "#{ident}-#{port[:downstream_port]}"
|
128
|
-
port_name = "#{@name}-#{port[:downstream_port]}"
|
129
128
|
|
130
|
-
default_action = port.key?(:action) ? port[:action] : forward_to_tg(port, port_ident,
|
129
|
+
default_action = port.key?(:action) ? port[:action] : forward_to_tg(port, port_ident, vpc)
|
131
130
|
|
132
131
|
ssl_options = alb_certs(port, port_ident)
|
133
132
|
|
@@ -149,9 +148,9 @@ module Terrafying
|
|
149
148
|
self
|
150
149
|
end
|
151
150
|
|
152
|
-
def forward_to_tg(port, port_ident,
|
151
|
+
def forward_to_tg(port, port_ident, vpc)
|
153
152
|
target_group = resource :aws_lb_target_group, port_ident, {
|
154
|
-
name:
|
153
|
+
name: port_ident,
|
155
154
|
port: port[:downstream_port],
|
156
155
|
protocol: port[:type].upcase,
|
157
156
|
vpc_id: vpc.id
|
@@ -216,16 +215,12 @@ module Terrafying
|
|
216
215
|
set.autoscale_on_load_balancer(self, target_value: target_value, disable_scale_in: disable_scale_in)
|
217
216
|
end
|
218
217
|
|
219
|
-
def
|
218
|
+
def make_identifier(type, vpc_name, name)
|
220
219
|
gen_id = "#{type}-#{tf_safe(vpc_name)}-#{name}"
|
221
|
-
return Digest::
|
220
|
+
return Digest::SHA256.bubblebabble(gen_id)[0..15] if @hex_ident || gen_id.size > 26
|
222
221
|
|
223
222
|
gen_id[0..31]
|
224
223
|
end
|
225
|
-
|
226
|
-
def make_identifier(type, vpc_name, name)
|
227
|
-
make_name(type, vpc_name, name).gsub(%r{^(\d)}, '_\1')
|
228
|
-
end
|
229
224
|
end
|
230
225
|
end
|
231
226
|
end
|
@@ -41,7 +41,7 @@ module Terrafying
|
|
41
41
|
|
42
42
|
def create_in(vpc, name, options = {})
|
43
43
|
options = {
|
44
|
-
ami: aws.ami('base-image-fc-
|
44
|
+
ami: aws.ami('base-image-fc-2860fb52', owners = ['136393635417']),
|
45
45
|
instance_type: 't3a.micro',
|
46
46
|
ports: [],
|
47
47
|
instances: [{}],
|
@@ -59,6 +59,7 @@ module Terrafying
|
|
59
59
|
subnets: vpc.subnets.fetch(:private, []),
|
60
60
|
startup_grace_period: 300,
|
61
61
|
depends_on: [],
|
62
|
+
metadata_options: {},
|
62
63
|
audit_role: "arn:aws:iam::#{aws.account_id}:role/auditd_logging",
|
63
64
|
metrics_ports: [],
|
64
65
|
vpc_endpoints_egress: []
|
@@ -96,6 +97,8 @@ module Terrafying
|
|
96
97
|
@instance_profile = add! InstanceProfile.create(ident, statements: iam_statements)
|
97
98
|
end
|
98
99
|
|
100
|
+
metadata_options = options[:metadata_options]
|
101
|
+
|
99
102
|
tags = options[:tags].merge(service_name: name)
|
100
103
|
|
101
104
|
set = options[:instances].is_a?(Hash) ? DynamicSet : StaticSet
|
@@ -112,6 +115,7 @@ module Terrafying
|
|
112
115
|
instance_set_options = {
|
113
116
|
instance_profile: @instance_profile,
|
114
117
|
depends_on: depends_on,
|
118
|
+
metadata_options: metadata_options,
|
115
119
|
tags: tags
|
116
120
|
}
|
117
121
|
|
@@ -166,7 +170,7 @@ module Terrafying
|
|
166
170
|
prom = Prometheus.find_in(vpc: vpc)
|
167
171
|
ports.each do |port|
|
168
172
|
sg_rule_ident = Digest::SHA256.hexdigest("#{vpc.name}-#{port}-#{security_group}-#{prom.security_group}")
|
169
|
-
resource :aws_security_group_rule, sg_rule_ident
|
173
|
+
resource :aws_security_group_rule, sg_rule_ident,
|
170
174
|
security_group_id: security_group,
|
171
175
|
type: 'ingress',
|
172
176
|
from_port: port,
|
@@ -38,7 +38,7 @@ module Terrafying
|
|
38
38
|
options = {
|
39
39
|
public: false,
|
40
40
|
eip: false,
|
41
|
-
ami: aws.ami('base-image-fc-
|
41
|
+
ami: aws.ami('base-image-fc-2860fb52', owners = ['136393635417']),
|
42
42
|
instance_type: 't3a.micro',
|
43
43
|
subnets: vpc.subnets.fetch(:private, []),
|
44
44
|
ports: [],
|
@@ -63,7 +63,7 @@ module Terrafying
|
|
63
63
|
description: "Describe the ingress and egress of the static set #{ident}",
|
64
64
|
tags: options[:tags],
|
65
65
|
vpc_id: vpc.id
|
66
|
-
|
66
|
+
|
67
67
|
vpc_endpoints_egress = options[:vpc_endpoints_egress]
|
68
68
|
if vpc_endpoints_egress.empty?
|
69
69
|
default_egress_rule(ident, @security_group)
|
@@ -102,7 +102,7 @@ module Terrafying
|
|
102
102
|
type: 'ingress',
|
103
103
|
from_port: from_port(port[:upstream_port]),
|
104
104
|
to_port: to_port(port[:upstream_port]),
|
105
|
-
protocol: port[:type]
|
105
|
+
protocol: port[:type],
|
106
106
|
self: true
|
107
107
|
end
|
108
108
|
|
@@ -161,7 +161,7 @@ module Terrafying
|
|
161
161
|
|
162
162
|
def attach_load_balancer(load_balancer)
|
163
163
|
@instances.product(load_balancer.targets).each.with_index do |(instance, target), i|
|
164
|
-
resource :aws_lb_target_group_attachment, "#{load_balancer.name}-#{@name}-#{i}"
|
164
|
+
resource :aws_lb_target_group_attachment, "#{load_balancer.name}-#{@name}-#{i}",
|
165
165
|
target_group_arn: target.target_group,
|
166
166
|
target_id: instance.id
|
167
167
|
end
|
@@ -16,7 +16,7 @@ module Terrafying
|
|
16
16
|
end
|
17
17
|
|
18
18
|
def path_mtu_setup!
|
19
|
-
resource :aws_security_group_rule, "#{@name}-path-mtu"
|
19
|
+
resource :aws_security_group_rule, "#{@name}-path-mtu",
|
20
20
|
security_group_id: egress_security_group,
|
21
21
|
type: 'ingress',
|
22
22
|
protocol: 1, # icmp
|
@@ -42,7 +42,7 @@ module Terrafying
|
|
42
42
|
cidr_ident = cidr.tr('./', '-')
|
43
43
|
|
44
44
|
@ports.select(&block).map do |port|
|
45
|
-
resource :aws_security_group_rule, "#{@name}-to-#{cidr_ident}-#{port[:name]}"
|
45
|
+
resource :aws_security_group_rule, "#{@name}-to-#{cidr_ident}-#{port[:name]}",
|
46
46
|
security_group_id: ingress_security_group,
|
47
47
|
type: 'ingress',
|
48
48
|
from_port: from_port(port[:upstream_port]),
|
@@ -92,7 +92,7 @@ module Terrafying
|
|
92
92
|
def used_by(*other_resources, &block)
|
93
93
|
other_resources.map do |other_resource|
|
94
94
|
@ports.select(&block).map.map do |port|
|
95
|
-
resource :aws_security_group_rule, "#{@name}-to-#{other_resource.name}-#{port[:name]}"
|
95
|
+
resource :aws_security_group_rule, "#{@name}-to-#{other_resource.name}-#{port[:name]}",
|
96
96
|
security_group_id: ingress_security_group,
|
97
97
|
type: 'ingress',
|
98
98
|
from_port: from_port(port[:upstream_port]),
|
@@ -100,7 +100,7 @@ module Terrafying
|
|
100
100
|
protocol: port[:type] == 'udp' ? 'udp' : 'tcp',
|
101
101
|
source_security_group_id: other_resource.egress_security_group
|
102
102
|
|
103
|
-
resource :aws_security_group_rule, "#{other_resource.name}-to-#{@name}-#{port[:name]}"
|
103
|
+
resource :aws_security_group_rule, "#{other_resource.name}-to-#{@name}-#{port[:name]}",
|
104
104
|
security_group_id: other_resource.egress_security_group,
|
105
105
|
type: 'egress',
|
106
106
|
from_port: from_port(port[:downstream_port]),
|
@@ -184,7 +184,12 @@ module Terrafying
|
|
184
184
|
from_port: 22,
|
185
185
|
to_port: 22,
|
186
186
|
protocol: 'tcp',
|
187
|
-
cidr_blocks: [@cidr]
|
187
|
+
cidr_blocks: [@cidr],
|
188
|
+
description: nil,
|
189
|
+
ipv6_cidr_blocks: nil,
|
190
|
+
prefix_list_ids: nil,
|
191
|
+
security_groups: nil,
|
192
|
+
self: nil
|
188
193
|
}
|
189
194
|
],
|
190
195
|
egress: [
|
@@ -192,7 +197,12 @@ module Terrafying
|
|
192
197
|
from_port: 22,
|
193
198
|
to_port: 22,
|
194
199
|
protocol: 'tcp',
|
195
|
-
cidr_blocks: [@cidr]
|
200
|
+
cidr_blocks: [@cidr],
|
201
|
+
description: nil,
|
202
|
+
ipv6_cidr_blocks: nil,
|
203
|
+
prefix_list_ids: nil,
|
204
|
+
security_groups: nil,
|
205
|
+
self: nil
|
196
206
|
}
|
197
207
|
]
|
198
208
|
self
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: terrafying-components
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- uSwitch Limited
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-08-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|