terrafying-components 2.1.0 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/terrafying/components/letsencrypt.rb +55 -5
- data/lib/terrafying/components/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4c81c09c0e80313520196667c51e90d2341d085b7e1811ca355db7788d2584e3
|
4
|
+
data.tar.gz: baa1f3a03f45384b9563605849336af96fa0b529052fa5fbec55f31e63d27017
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 53189ee367e6cd7ebcbac7abb10228c2dc66b106ee87ace03dba1c52efa2292ea8c8db9cf63aa3b5e865af27c6044407b83cc2dec295b2b960eba8e20a1a96f6
|
7
|
+
data.tar.gz: 965e49137abe71f08b6d593004b7aa92b65e73551a97844be3e111af7456daf6df33da0e5b156bb8984d16c9e0f0cac433aaacd6ce669f88eaa02be53498329a
|
@@ -47,7 +47,16 @@ module Terrafying
|
|
47
47
|
curve: 'P384',
|
48
48
|
rsa_bits: '3072',
|
49
49
|
use_external_dns: false,
|
50
|
-
renewing: false
|
50
|
+
renewing: false,
|
51
|
+
renew_alert_options: {
|
52
|
+
protocol: nil,
|
53
|
+
endpoint: nil,
|
54
|
+
endpoint_auto_confirms: false,
|
55
|
+
confirmation_timeout_in_minutes: 1,
|
56
|
+
raw_message_delivery: false,
|
57
|
+
filter_policy: nil,
|
58
|
+
delivery_policy: nil
|
59
|
+
}
|
51
60
|
}.merge(options)
|
52
61
|
|
53
62
|
@name = name
|
@@ -56,9 +65,11 @@ module Terrafying
|
|
56
65
|
@acme_provider = @acme_providers[options[:provider]]
|
57
66
|
@use_external_dns = options[:use_external_dns]
|
58
67
|
@renewing = options[:renewing]
|
68
|
+
@renew_alert_options = options[:renew_alert_options]
|
59
69
|
@prefix_path = [@prefix, @name].reject(&:empty?).join("/")
|
60
70
|
|
61
71
|
renew() if @renewing
|
72
|
+
renew_alert() if @renew_alert_options[:endpoint] != nil
|
62
73
|
|
63
74
|
provider :tls, {}
|
64
75
|
|
@@ -324,7 +335,7 @@ module Terrafying
|
|
324
335
|
)
|
325
336
|
}
|
326
337
|
|
327
|
-
|
338
|
+
lambda_function = resource :aws_lambda_function, "#{@name}_lambda", {
|
328
339
|
function_name: "#{@name}_lambda",
|
329
340
|
s3_bucket: "uswitch-certbot-lambda",
|
330
341
|
s3_key: "certbot-lambda.zip",
|
@@ -355,20 +366,59 @@ module Terrafying
|
|
355
366
|
|
356
367
|
resource :aws_cloudwatch_event_target, "#{@name}_lambda_event_target", {
|
357
368
|
rule: event_rule["name"],
|
358
|
-
target_id:
|
359
|
-
arn:
|
369
|
+
target_id: lambda_function["id"],
|
370
|
+
arn: lambda_function["arn"]
|
360
371
|
}
|
361
372
|
|
362
373
|
resource :aws_lambda_permission, "allow_cloudwatch_to_invoke_#{@name}_lambda", {
|
363
374
|
statement_id: "AllowExecutionFromCloudWatch",
|
364
375
|
action: "lambda:InvokeFunction",
|
365
|
-
function_name:
|
376
|
+
function_name: lambda_function["function_name"],
|
366
377
|
principal: "events.amazonaws.com",
|
367
378
|
source_arn: event_rule["arn"]
|
368
379
|
}
|
369
380
|
self
|
370
381
|
end
|
371
382
|
|
383
|
+
def renew_alert
|
384
|
+
topic = resource :aws_sns_topic, "#{@name}_lambda_cloudwatch_topic", {
|
385
|
+
name: "#{@name}_lambda_cloudwatch_topic"
|
386
|
+
}
|
387
|
+
|
388
|
+
alarm = resource :aws_cloudwatch_metric_alarm, "#{@name}_lambda_failure_alarm", {
|
389
|
+
alarm_name: "#{@name}-lambda-failure-alarm",
|
390
|
+
comparison_operator: "GreaterThanOrEqualToThreshold",
|
391
|
+
evaluation_periods: "1",
|
392
|
+
period: "300",
|
393
|
+
metric_name: "Errors",
|
394
|
+
namespace: "AWS/Lambda",
|
395
|
+
threshold: 1,
|
396
|
+
alarm_description: "Alert generated if the #{@name} certbot lambda fails execution",
|
397
|
+
actions_enabled: true,
|
398
|
+
dimensions: {
|
399
|
+
FunctionName: "${aws_lambda_function.#{@name}_lambda.function_name}"
|
400
|
+
},
|
401
|
+
alarm_actions: [
|
402
|
+
"${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}"
|
403
|
+
],
|
404
|
+
ok_actions: [
|
405
|
+
"${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}"
|
406
|
+
]
|
407
|
+
}
|
408
|
+
|
409
|
+
subscription = resource :aws_sns_topic_subscription, "#{@name}_lambda_cloudwatch_subscription", {
|
410
|
+
topic_arn: "${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}",
|
411
|
+
protocol: @renew_alert_options[:protocol],
|
412
|
+
endpoint: @renew_alert_options[:endpoint],
|
413
|
+
endpoint_auto_confirms: @renew_alert_options[:endpoint_auto_confirms],
|
414
|
+
confirmation_timeout_in_minutes: @renew_alert_options[:confirmation_timeout_in_minutes],
|
415
|
+
raw_message_delivery: @renew_alert_options[:raw_message_delivery],
|
416
|
+
filter_policy: @renew_alert_options[:filter_policy],
|
417
|
+
delivery_policy: @renew_alert_options[:delivery_policy]
|
418
|
+
}
|
419
|
+
self
|
420
|
+
end
|
421
|
+
|
372
422
|
def generate_alpha_num()
|
373
423
|
result = @name.split("").each do |ch|
|
374
424
|
alpha_num = ch.upcase.ord - 'A'.ord
|