terrafying-components 2.1.0 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/terrafying/components/letsencrypt.rb +55 -5
- data/lib/terrafying/components/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4c81c09c0e80313520196667c51e90d2341d085b7e1811ca355db7788d2584e3
|
|
4
|
+
data.tar.gz: baa1f3a03f45384b9563605849336af96fa0b529052fa5fbec55f31e63d27017
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 53189ee367e6cd7ebcbac7abb10228c2dc66b106ee87ace03dba1c52efa2292ea8c8db9cf63aa3b5e865af27c6044407b83cc2dec295b2b960eba8e20a1a96f6
|
|
7
|
+
data.tar.gz: 965e49137abe71f08b6d593004b7aa92b65e73551a97844be3e111af7456daf6df33da0e5b156bb8984d16c9e0f0cac433aaacd6ce669f88eaa02be53498329a
|
|
@@ -47,7 +47,16 @@ module Terrafying
|
|
|
47
47
|
curve: 'P384',
|
|
48
48
|
rsa_bits: '3072',
|
|
49
49
|
use_external_dns: false,
|
|
50
|
-
renewing: false
|
|
50
|
+
renewing: false,
|
|
51
|
+
renew_alert_options: {
|
|
52
|
+
protocol: nil,
|
|
53
|
+
endpoint: nil,
|
|
54
|
+
endpoint_auto_confirms: false,
|
|
55
|
+
confirmation_timeout_in_minutes: 1,
|
|
56
|
+
raw_message_delivery: false,
|
|
57
|
+
filter_policy: nil,
|
|
58
|
+
delivery_policy: nil
|
|
59
|
+
}
|
|
51
60
|
}.merge(options)
|
|
52
61
|
|
|
53
62
|
@name = name
|
|
@@ -56,9 +65,11 @@ module Terrafying
|
|
|
56
65
|
@acme_provider = @acme_providers[options[:provider]]
|
|
57
66
|
@use_external_dns = options[:use_external_dns]
|
|
58
67
|
@renewing = options[:renewing]
|
|
68
|
+
@renew_alert_options = options[:renew_alert_options]
|
|
59
69
|
@prefix_path = [@prefix, @name].reject(&:empty?).join("/")
|
|
60
70
|
|
|
61
71
|
renew() if @renewing
|
|
72
|
+
renew_alert() if @renew_alert_options[:endpoint] != nil
|
|
62
73
|
|
|
63
74
|
provider :tls, {}
|
|
64
75
|
|
|
@@ -324,7 +335,7 @@ module Terrafying
|
|
|
324
335
|
)
|
|
325
336
|
}
|
|
326
337
|
|
|
327
|
-
|
|
338
|
+
lambda_function = resource :aws_lambda_function, "#{@name}_lambda", {
|
|
328
339
|
function_name: "#{@name}_lambda",
|
|
329
340
|
s3_bucket: "uswitch-certbot-lambda",
|
|
330
341
|
s3_key: "certbot-lambda.zip",
|
|
@@ -355,20 +366,59 @@ module Terrafying
|
|
|
355
366
|
|
|
356
367
|
resource :aws_cloudwatch_event_target, "#{@name}_lambda_event_target", {
|
|
357
368
|
rule: event_rule["name"],
|
|
358
|
-
target_id:
|
|
359
|
-
arn:
|
|
369
|
+
target_id: lambda_function["id"],
|
|
370
|
+
arn: lambda_function["arn"]
|
|
360
371
|
}
|
|
361
372
|
|
|
362
373
|
resource :aws_lambda_permission, "allow_cloudwatch_to_invoke_#{@name}_lambda", {
|
|
363
374
|
statement_id: "AllowExecutionFromCloudWatch",
|
|
364
375
|
action: "lambda:InvokeFunction",
|
|
365
|
-
function_name:
|
|
376
|
+
function_name: lambda_function["function_name"],
|
|
366
377
|
principal: "events.amazonaws.com",
|
|
367
378
|
source_arn: event_rule["arn"]
|
|
368
379
|
}
|
|
369
380
|
self
|
|
370
381
|
end
|
|
371
382
|
|
|
383
|
+
def renew_alert
|
|
384
|
+
topic = resource :aws_sns_topic, "#{@name}_lambda_cloudwatch_topic", {
|
|
385
|
+
name: "#{@name}_lambda_cloudwatch_topic"
|
|
386
|
+
}
|
|
387
|
+
|
|
388
|
+
alarm = resource :aws_cloudwatch_metric_alarm, "#{@name}_lambda_failure_alarm", {
|
|
389
|
+
alarm_name: "#{@name}-lambda-failure-alarm",
|
|
390
|
+
comparison_operator: "GreaterThanOrEqualToThreshold",
|
|
391
|
+
evaluation_periods: "1",
|
|
392
|
+
period: "300",
|
|
393
|
+
metric_name: "Errors",
|
|
394
|
+
namespace: "AWS/Lambda",
|
|
395
|
+
threshold: 1,
|
|
396
|
+
alarm_description: "Alert generated if the #{@name} certbot lambda fails execution",
|
|
397
|
+
actions_enabled: true,
|
|
398
|
+
dimensions: {
|
|
399
|
+
FunctionName: "${aws_lambda_function.#{@name}_lambda.function_name}"
|
|
400
|
+
},
|
|
401
|
+
alarm_actions: [
|
|
402
|
+
"${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}"
|
|
403
|
+
],
|
|
404
|
+
ok_actions: [
|
|
405
|
+
"${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}"
|
|
406
|
+
]
|
|
407
|
+
}
|
|
408
|
+
|
|
409
|
+
subscription = resource :aws_sns_topic_subscription, "#{@name}_lambda_cloudwatch_subscription", {
|
|
410
|
+
topic_arn: "${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}",
|
|
411
|
+
protocol: @renew_alert_options[:protocol],
|
|
412
|
+
endpoint: @renew_alert_options[:endpoint],
|
|
413
|
+
endpoint_auto_confirms: @renew_alert_options[:endpoint_auto_confirms],
|
|
414
|
+
confirmation_timeout_in_minutes: @renew_alert_options[:confirmation_timeout_in_minutes],
|
|
415
|
+
raw_message_delivery: @renew_alert_options[:raw_message_delivery],
|
|
416
|
+
filter_policy: @renew_alert_options[:filter_policy],
|
|
417
|
+
delivery_policy: @renew_alert_options[:delivery_policy]
|
|
418
|
+
}
|
|
419
|
+
self
|
|
420
|
+
end
|
|
421
|
+
|
|
372
422
|
def generate_alpha_num()
|
|
373
423
|
result = @name.split("").each do |ch|
|
|
374
424
|
alpha_num = ch.upcase.ord - 'A'.ord
|