terrafying 1.2.0 → 1.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 733dfeec775f0dce838a28ec489e7f13e755b6c5
-  data.tar.gz: 680c60f25757d7e23006664d441bd51526c56f1d
+  metadata.gz: 66fd929754eb383fcdae77c9a87e6ab11d2acfc5
+  data.tar.gz: 1f41bf191b22a90e98a5992f944174dee4407741
 SHA512:
-  metadata.gz: a7a7ee78be1097f55a6982ccc48d466d742ac9aceccaf6f178b06c323737976452a6cbecef645af6cebddc30dd3d26e4344e5ddf3d19ee1a3372631c2ab4ece3
-  data.tar.gz: cae1bb034cc772f1d338c34a0cff92663ee5f51abe6b83dbec0190b7e9c9d80d167ca0b79d4f58742a1ddf826655c5e115e0e75983afa7525f225d3a62691a9d
+  metadata.gz: f754d59bbd7f2eeb210b3737346ddf939ad36d3e3b543a2682f49604bcc73907b744489a69645d092435a6bfbba4ee3af8afa9c33a935212fbad4a8f9eed17ec
+  data.tar.gz: 4bb3d2a1458f81d5eedf02bec8927261ba47e8d1404c0c56f9704c84f71c460f083dc5737374e2a4ff3f9b55c139a44da706145ed87120ebce957cf44b31cc31

data/lib/hash/deep_merge.rb

@@ -0,0 +1,6 @@
+class ::Hash
+  def deep_merge(second)
+    merger = proc { |key, v1, v2| Hash === v1 && Hash === v2 ? v1.merge(v2, &merger) : v2 }
+    self.merge(second, &merger)
+  end
+end

data/lib/terrafying.rb

@@ -0,0 +1,257 @@
+require 'fileutils'
+require 'logger'
+require 'pathname'
+require 'securerandom'
+require 'tempfile'
+
+require 'hash/deep_merge'
+
+require 'terrafying/aws'
+require 'terrafying/cli'
+require 'terrafying/generator'
+require 'terrafying/lock'
+require 'terrafying/version'
+require 'terrafying/state'
+
+module Terrafying
+
+  class Config
+
+    attr_reader :path, :scope
+
+    def initialize(path, options)
+      @path = File.expand_path(path)
+      @options = options
+      @scope = options[:scope] || scope_for_path(@path)
+
+      $stderr.puts "Scope: #{@scope}"
+
+      load(path)
+    end
+
+    def list
+      Terrafying::Generator.resource_names
+    end
+
+    def json
+      Terrafying::Generator.pretty_generate
+    end
+
+    def plan
+      exit_code = 1
+      with_config do
+        with_state(mode: :read) do
+          exit_code = exec_with_optional_target 'plan'
+        end
+      end
+      exit_code
+    end
+
+    def graph
+      exit_code = 1
+      with_config do
+        with_state(mode: :read) do
+          exit_code = exec_with_optional_target 'graph'
+        end
+      end
+      exit_code
+    end
+
+    def apply
+      exit_code = 1
+      with_config do
+        with_lock do
+          with_state(mode: :update) do
+            exit_code = exec_with_optional_target "apply -auto-approve -backup=- #{@dir}"
+          end
+        end
+      end
+      exit_code
+    end
+
+    def destroy
+      exit_code = 1
+      with_config do
+        with_lock do
+          with_state(mode: :update) do
+            exit_code = stream_command("terraform destroy -backup=- #{@dir}")
+          end
+        end
+      end
+      exit_code
+    end
+
+    def show_state
+      puts(State.store(self).get)
+    end
+
+    def use_remote_state
+      with_lock do
+        local = State.local(self)
+        state = local.get
+        if state
+          State.remote(self).put(state)
+        end
+        local.delete
+      end
+    end
+
+    def use_local_state
+      with_lock do
+        remote = State.remote(self)
+        state = remote.get
+        if state
+          State.local(self).put(state)
+        end
+      end
+    end
+
+    def import(addr, id)
+      exit_code = 1
+      with_config do
+        with_lock do
+          with_state(mode: :update) do
+            exit_code = exec_with_optional_target "import  -backup=- #{@dir} #{addr} #{id}"
+          end
+        end
+      end
+      exit_code
+    end
+
+    private
+    def targets(options)
+      @options[:target].split(",").map {|target| "-target=#{target}"}.join(" ")
+    end
+
+    def exec_with_optional_target(command)
+      cmd = if @options[:target]
+        "terraform #{command} #{targets(@options)}"
+      else
+        "terraform #{command}"
+      end
+      stream_command(cmd)
+    end
+
+    def with_config(&block)
+      abort("***** ERROR: You must have terraform installed to run this gem *****") unless terraform_installed?
+      check_version
+      name = File.basename(@path, ".*")
+      dir = File.join(git_toplevel, 'tmp', SecureRandom.uuid)
+      terraform_files = File.join(git_toplevel, ".terraform/")
+      unless Dir.exists?(terraform_files)
+        abort("***** ERROR: No .terraform directory found. Please run 'terraform init' to install plugins *****")
+      end
+      FileUtils.mkdir_p(dir)
+      output_path = File.join(dir, name + ".tf.json")
+      FileUtils.cp_r(terraform_files, dir)
+      Dir.chdir(dir) do
+        begin
+          File.write(output_path, Terrafying::Generator.pretty_generate)
+          yield block
+        ensure
+          FileUtils.rm_rf(dir) unless @options[:keep]
+        end
+      end
+    end
+
+    def with_lock(&block)
+      lock_id = nil
+      begin
+        lock = if @options[:no_lock]
+                 Locks.noop
+               else
+                 Locks.dynamodb(scope)
+               end
+
+        lock_id = if @options[:force]
+                    lock.steal
+                  else
+                    lock.acquire
+                  end
+        yield block
+
+        # If block raises any exception we will still hold on to lock
+        # after process exits. This is actually what we want as
+        # terraform may have succeeded in updating some resources, but
+        # not others so we need to manually get into a consistent
+        # state and then re-run.
+        lock.release(lock_id)
+      end
+    end
+
+    def with_state(opts, &block)
+      if !@options[:dynamodb]
+        return yield(block)
+      end
+
+      store = State.store(self)
+
+      begin
+        state = store.get
+        File.write(State::STATE_FILENAME, state) if state
+      rescue => e
+        raise "Error retrieving state for config #{self}: #{e}"
+      end
+
+      yield block
+
+      begin
+        if opts[:mode] == :update
+          store.put(IO.read(State::STATE_FILENAME))
+        end
+      rescue => e
+        raise "Error updating state for config #{self}: #{e}"
+      end
+    end
+
+    def scope_for_path(path)
+      top_level_path = Pathname.new(git_toplevel)
+      Pathname.new(@path).relative_path_from(top_level_path).to_s
+    end
+
+    def git_toplevel
+      @top_level ||= begin
+                       top_level = `git rev-parse --show-toplevel`
+                       raise "Unable to find .git directory top level for '#{@path}'" if top_level.empty?
+                       File.expand_path(top_level.chomp)
+                     end
+    end
+
+    def check_version
+      if terraform_version != Terrafying::CLI_VERSION
+        abort("***** ERROR: You must have v#{Terrafying::CLI_VERSION} of terraform installed to run any command (you are running v#{terraform_version}) *****")
+      end
+    end
+
+    def terraform_installed?
+      which('terraform')
+    end
+
+    def terraform_version
+      `terraform -v`.split("\n").first.split("v").last
+    end
+
+    def stream_command(cmd)
+      IO.popen(cmd) do |io|
+        while (line = io.gets) do
+          puts line.gsub('\n', "\n").gsub('\\"', "\"")
+        end
+      end
+      return $?.exitstatus
+    end
+
+    # Cross-platform way of finding an executable in the $PATH.
+    #
+    #   which('ruby') #=> /usr/bin/ruby
+    def which(cmd)
+      exts = ENV['PATHEXT'] ? ENV['PATHEXT'].split(';') : ['']
+      ENV['PATH'].split(File::PATH_SEPARATOR).each do |path|
+        exts.each { |ext|
+          exe = File.join(path, "#{cmd}#{ext}")
+          return exe if File.executable?(exe) && !File.directory?(exe)
+        }
+      end
+      return nil
+    end
+  end
+end

data/lib/terrafying/aws.rb

@@ -0,0 +1,471 @@
+require 'aws-sdk'
+
+Aws.use_bundled_cert!
+
+module Terrafying
+  module Aws
+    class Ops
+
+      attr_reader :region
+
+      def initialize(region)
+        ::Aws.config.update({
+          region: region
+        })
+        @ec2_resource = ::Aws::EC2::Resource.new
+        @ec2_client = ::Aws::EC2::Client.new
+        @elb_client = ::Aws::ElasticLoadBalancingV2::Client.new
+        @route53_client = ::Aws::Route53::Client.new
+        @s3_client = ::Aws::S3::Client.new
+        @sts_client = ::Aws::STS::Client.new
+
+        @region = region
+      end
+
+      def account_id
+        @account_id_cache ||= @sts_client.get_caller_identity.account
+      end
+
+      def security_group(name)
+        @security_groups ||= {}
+        @security_groups[name] ||=
+          begin
+            STDERR.puts "Looking up id of security group '#{name}'"
+            groups = @ec2_resource.security_groups(
+              {
+                filters: [
+                  {
+                    name: "group-name",
+                    values: [name],
+                  },
+                ],
+              }).limit(2)
+            case
+            when groups.count == 1
+              groups.first.id
+            when groups.count < 1
+              raise "No security group with name '#{name}' was found."
+            when groups.count > 1
+              raise "More than one security group with name '#{name}' found: " + groups.join(', ')
+            end
+          end
+      end
+
+      def security_group_by_tags(tags)
+        @security_groups_by_tags ||= {}
+        @security_groups_by_tags[tags] ||=
+          begin
+            groups = @ec2_client.describe_security_groups(
+              {
+                filters: [
+                  {
+                    name: "tag-key",
+                    values: tags.keys,
+                  },
+                  {
+                    name: "tag-value",
+                    values: tags.values
+                  }
+                ]
+              },
+            ).security_groups
+            case
+            when groups.count == 1
+              groups.first.id
+            when groups.count < 1
+              raise "No security group with tags '#{tags}' was found."
+            when groups.count > 1
+              raise "More than one security group with tags '#{tags}' found: " + groups.join(', ')
+            end
+          end
+      end
+
+      def instance_profile(name)
+        @instance_profiles ||= {}
+        @instance_profiles[name] ||=
+          begin
+            resource = ::Aws::IAM::Resource.new
+            STDERR.puts "Looking up id of instance profile '#{name}'"
+            # unfortunately amazon don't let us filter for profiles using
+            # a name filter, for now we have enumerate and filter manually
+            coll = resource.instance_profiles
+            profiles = []
+            profiles = coll.select {|p| p.instance_profile_name =~ /#{name}/}
+
+            case
+            when profiles.count == 1
+              profiles.first.instance_profile_id
+            when profiles.count < 1
+              raise "No instance profile with name '#{name}' was found."
+            when profiles.count > 1
+              raise "More than one instance profile with name '#{name}' found: " + profiles.join(', ')
+            end
+          end
+      end
+
+      def route_table_for_subnet(subnet_id)
+        @route_table_for_subnet ||= {}
+        @route_table_for_subnet[subnet_id] ||=
+          begin
+            resp = @ec2_client.describe_route_tables(
+              {
+                filters: [
+                  { name: "association.subnet-id", values: [ subnet_id ] },
+                ],
+              })
+
+            route_tables = resp.route_tables
+
+            case
+            when route_tables.count == 1
+              route_tables.first
+            when route_tables.count < 1
+              raise "No route table for subnet '#{subnet_id}' was found."
+            when profiles.count > 1
+              raise "More than route table for subnet '#{subnet_id}' found: " + route_tables.join(', ')
+            end
+          end
+      end
+
+      def route_table_for_vpc(vpc_id)
+        @route_table_for_vpc ||= {}
+        @route_table_for_vpc[vpc_id] ||=
+          begin
+            resp = @ec2_client.describe_route_tables(
+              {
+                filters: [
+                  { name: "association.main", values: [ "true" ] },
+                  { name: "vpc-id", values: [ vpc_id ] },
+                ],
+              })
+
+            route_tables = resp.route_tables
+
+            case
+            when route_tables.count == 1
+              route_tables.first
+            when route_tables.count < 1
+              raise "No route table for vpc '#{vpc_id}' was found."
+            when profiles.count > 1
+              raise "More than route table for vpc '#{vpc_id}' found: " + route_tables.join(', ')
+            end
+          end
+      end
+
+      def security_groups(*names)
+        names.map{|n| security_group(n)}
+      end
+
+      def subnet(name)
+        @subnets ||= {}
+        @subnets[name] ||=
+          begin
+            STDERR.puts "Looking up id of subnet '#{name}'"
+            subnets = @ec2_resource.subnets(
+              {
+                filters: [
+                  {
+                    name: "tag:Name",
+                    values: [name],
+                  },
+                ],
+              }).limit(2)
+            case
+            when subnets.count == 1
+              subnets.first.id
+            when subnets.count < 1
+              raise "No subnet with name '#{name}' was found."
+            when subnets.count > 1
+              raise "More than one subnet with this name '#{name}' found : " + subnets.join(', ')
+            end
+          end
+      end
+
+      def subnet_by_id(id)
+        @subnets_by_id ||= {}
+        @subnets_by_id[id] ||=
+          begin
+            resp = @ec2_client.describe_subnets(
+              {
+                subnet_ids: [id],
+              })
+            subnets = resp.subnets
+            case
+            when subnets.count == 1
+              subnets.first
+            when subnets.count < 1
+              raise "No subnet with id '#{id}' was found."
+            when subnets.count > 1
+              raise "More than one subnet with this id '#{id}' found : " + subnets.join(', ')
+            end
+          end
+      end
+
+      def subnets(*names)
+        names.map{|n| subnet(n)}
+      end
+
+      def subnets_for_vpc(vpc_id)
+        @subnets_for_vpc ||= {}
+        @subnets_for_vpc[vpc_id] ||=
+          begin
+            resp = @ec2_client.describe_subnets(
+              {
+                filters: [
+                  { name: "vpc-id", values: [ vpc_id ] },
+                ],
+              })
+
+            subnets = resp.subnets
+
+            case
+            when subnets.count >= 1
+              subnets
+            when subnets.count < 1
+              raise "No subnets found for '#{vpc_id}'."
+            end
+          end
+      end
+
+      def ami(name, owners=["self"])
+        @ami ||= {}
+        @ami[name] ||=
+          begin
+            STDERR.puts "looking for an image with prefix '#{name}'"
+            resp = @ec2_client.describe_images({owners: owners})
+            if resp.images.count < 1
+              raise "no images were found"
+            end
+            m = resp.images.select { |a| /^#{name}/.match(a.name) }
+            if m.count == 0
+              raise "no image with name '#{name}' was found"
+            end
+            m.sort { |x,y| y.creation_date <=> x.creation_date }.shift.image_id
+          end
+      end
+
+      def availability_zones
+        @availability_zones ||=
+          begin
+            STDERR.puts "looking for AZs in the current region"
+            resp = @ec2_client.describe_availability_zones({})
+            resp.availability_zones.map { |zone|
+              zone.zone_name
+            }
+          end
+      end
+
+      def vpc(name)
+        @vpcs ||= {}
+        @vpcs[name] ||=
+          begin
+            STDERR.puts "looking for a VPC with name '#{name}'"
+            resp = @ec2_client.describe_vpcs({})
+            matching_vpcs = resp.vpcs.select { |vpc|
+              name_tag = vpc.tags.select { |tag| tag.key == "Name" }.first
+              name_tag && name_tag.value == name
+            }
+            case
+            when matching_vpcs.count == 1
+              matching_vpcs.first
+            when matching_vpcs.count < 1
+              raise "No VPC with name '#{name}' was found."
+            when matching_vpcs.count > 1
+              raise "More than one VPC with name '#{name}' was found: " + matching_vpcs.join(', ')
+            end
+          end
+      end
+
+      def route_table(name)
+        @route_tables ||= {}
+        @route_tables[name] ||=
+          begin
+            STDERR.puts "looking for a route table with name '#{name}'"
+            route_tables = @ec2_client.describe_route_tables(
+              {
+                filters: [
+                  {
+                    name: "tag:Name",
+                    values: [name],
+                  },
+                ],
+              }
+            ).route_tables
+            case
+            when route_tables.count == 1
+              route_tables.first.route_table_id
+            when route_tables.count < 1
+              raise "No route table with name '#{name}' was found."
+            when route_tables.count > 1
+              raise "More than one route table with name '#{name}' was found: " + route_tables.join(', ')
+            end
+          end
+      end
+
+      def elastic_ip(alloc_id)
+        @ips ||= {}
+        @ips[alloc_id] ||=
+          begin
+            STDERR.puts "looking for an elastic ip with allocation_id '#{alloc_id}'"
+            ips = @ec2_client.describe_addresses(
+              {
+                filters: [
+                  {
+                    name: "allocation-id",
+                    values: [alloc_id],
+                  },
+                ],
+              }
+            ).addresses
+            case
+            when ips.count == 1
+              ips.first
+            when ips.count < 1
+              raise "No elastic ip with allocation_id '#{alloc_id}' was found."
+            when ips.count > 1
+              raise "More than one elastic ip with allocation_id '#{alloc_id}' was found: " + ips.join(', ')
+            end
+          end
+      end
+
+      def hosted_zone(fqdn)
+        @hosted_zones ||= {}
+        @hosted_zones[fqdn] ||=
+          begin
+            STDERR.puts "looking for a hosted zone with fqdn '#{fqdn}'"
+            hosted_zones = @route53_client.list_hosted_zones_by_name({ dns_name: fqdn }).hosted_zones.select { |zone|
+              zone.name == "#{fqdn}."
+            }
+            case
+            when hosted_zones.count == 1
+              hosted_zones.first
+            when hosted_zones.count < 1
+              raise "No hosted zone with fqdn '#{fqdn}' was found."
+            when hosted_zones.count > 1
+              raise "More than one hosted zone with name '#{fqdn}' was found: " + hosted_zones.join(', ')
+            end
+          end
+      end
+
+      def hosted_zone_by_tag(tag)
+        @hosted_zones ||= {}
+        @hosted_zones[tag] ||=
+          begin
+            STDERR.puts "looking for a hosted zone with tag '#{tag}'"
+            hosted_zones = @route53_client.list_hosted_zones().hosted_zones.select { |zone|
+              tags = @route53_client.list_tags_for_resource({resource_type: "hostedzone", resource_id: zone.id.split('/')[2]}).resource_tag_set.tags.select { |aws_tag|
+                tag.keys.any? { |key| String(key) == aws_tag.key && tag[key] == aws_tag.value }
+              }
+              tags.any?
+            }
+            case
+            when hosted_zones.count == 1
+              hosted_zones.first
+            when hosted_zones.count < 1
+              raise "No hosted zone with tag '#{tag}' was found."
+            when hosted_zones.count > 1
+              raise "More than one hosted zone with tag '#{tag}' was found: " + hosted_zones.join(', ')
+            end
+          end
+      end
+
+      def s3_object(bucket, key)
+        @s3_objects ||= {}
+        @s3_objects["#{bucket}-#{key}"] ||=
+          begin
+            resp = @s3_client.get_object({ bucket: bucket, key: key })
+            resp.body.read
+          end
+      end
+
+      def list_objects(bucket)
+        @list_objects ||= {}
+        @list_objects[bucket] ||=
+          begin
+            resp = @s3_client.list_objects_v2({ bucket: bucket })
+            resp.contents
+          end
+      end
+
+      def endpoint_service_by_name(service_name)
+        @endpoint_service ||= {}
+        @endpoint_service[service_name] ||=
+          begin
+            resp = @ec2_client.describe_vpc_endpoint_service_configurations(
+              {
+                filters: [
+                  {
+                    name: "service-name",
+                    values: [service_name],
+                  },
+                ],
+              }
+            )
+
+            endpoint_services = resp.service_configurations
+            case
+            when endpoint_services.count == 1
+              endpoint_services.first
+            when endpoint_services.count < 1
+              raise "No endpoint service with name '#{service_name}' was found."
+            when endpoint_services.count > 1
+              raise "More than one endpoint service with name '#{service_name}' was found: " + endpoint_services.join(', ')
+            end
+          end
+      end
+
+      def endpoint_service_by_lb_arn(arn)
+        @endpoint_services_by_lb_arn ||= {}
+        @endpoint_services_by_lb_arn[arn] ||=
+          begin
+            resp = @ec2_client.describe_vpc_endpoint_service_configurations
+
+            services = resp.service_configurations.select { |service|
+              service.network_load_balancer_arns.include?(arn)
+            }
+
+            case
+            when services.count == 1
+              services.first
+            when services.count < 1
+              raise "No endpoint service with lb arn '#{arn}' was found."
+            when services.count > 1
+              raise "More than one endpoint service with lb arn '#{arn}' was found: " + services.join(', ')
+            end
+          end
+      end
+
+      def lb_by_name(name)
+        @lbs ||= {}
+        @lbs[name] ||=
+          begin
+            load_balancers = @elb_client.describe_load_balancers({ names: [name] }).load_balancers
+
+            case
+            when load_balancers.count == 1
+              load_balancers.first
+            when load_balancers.count < 1
+              raise "No load balancer with name '#{name}' was found."
+            when load_balancers.count > 1
+              raise "More than one load balancer with name '#{name}' was found: " + load_balancers.join(', ')
+            end
+          end
+      end
+
+      def target_groups_by_lb(arn)
+        @target_groups ||= {}
+        @target_groups[arn] ||=
+          begin
+            resp = @elb_client.describe_target_groups(
+              {
+                load_balancer_arn: arn,
+              }
+            )
+
+            resp.target_groups
+          end
+      end
+    end
+
+  end
+end

data/lib/terrafying/cli.rb

@@ -0,0 +1,67 @@
+require 'thor'
+
+module Terrafying
+  class Cli < Thor
+    class_option :no_lock, :type => :boolean, :default => false
+    class_option :keep, :type => :boolean, :default => false
+    class_option :target, :type => :string, :default => nil
+    class_option :scope, :type => :string, :default => nil
+    class_option :dynamodb, :type => :boolean, :default => true
+
+    desc "list PATH", "List resources defined"
+    def list(path)
+      puts "Defined resources:\n\n"
+      Config.new(path, options).list.each do |name|
+        puts "#{name}"
+      end
+    end
+
+    desc "plan PATH", "Show execution plan"
+    def plan(path)
+      exit Config.new(path, options).plan
+    end
+
+    desc "graph PATH", "Show execution graph"
+    def graph(path)
+      exit Config.new(path, options).graph
+    end
+
+    desc "apply PATH", "Apply changes to resources"
+    option :force, :aliases => ['f'], :type => :boolean, :desc => "Forcefully remove any pending locks"
+    def apply(path)
+      exit Config.new(path, options).apply
+    end
+
+    desc "destroy PATH", "Destroy resources"
+    option :force, :aliases => ['f'], :type => :boolean, :desc => "Forcefully remove any pending locks"
+    def destroy(path)
+      exit Config.new(path, options).destroy
+    end
+
+    desc "json PATH", "Show terraform JSON"
+    def json(path)
+      puts(Config.new(path, options).json)
+    end
+
+    desc "show-state PATH", "Show state"
+    def show_state(path)
+      puts(Config.new(path, options).show_state)
+    end
+
+    desc "use-remote-state PATH", "Migrate to using remote state storage"
+    def use_remote_state(path)
+      puts(Config.new(path, options).use_remote_state)
+    end
+
+    desc "use-local-state PATH", "Migrate to using local state storage"
+    def use_local_state(path)
+      puts(Config.new(path, options).use_local_state)
+    end
+
+    desc "import PATH ADDR ID", "Import existing infrastructure into your Terraform state"
+    def import(path, addr, id)
+      exit Config.new(path, options).import(addr, id)
+    end
+
+  end
+end

data/lib/terrafying/dynamodb.rb

@@ -0,0 +1,31 @@
+require 'aws-sdk'
+require 'json'
+require 'securerandom'
+
+# oh rubby
+class ::Aws::DynamoDB::Client
+  def ensure_table(table_spec, &block)
+    retried = false
+    begin
+      yield block
+    rescue ::Aws::DynamoDB::Errors::ResourceNotFoundException => e
+      if not retried
+        create_table(table_spec)
+        retry
+      else
+        raise e
+      end
+    end
+  end
+end
+
+module Terrafying
+  module DynamoDb
+    def self.client
+      @@client ||= ::Aws::DynamoDB::Client.new({
+        region: Terrafying::Context::REGION,
+        #endpoint: 'http://localhost:8000',
+      })
+    end
+  end
+end

data/lib/terrafying/dynamodb/config.rb

@@ -0,0 +1,17 @@
+module Terrafying
+  module DynamoDb
+    class Config
+      attr_accessor :state_table, :lock_table
+      
+      def initialize
+        @state_table = "terrafying-state"
+        @lock_table = "terrafying-state-lock"
+      end
+    end
+    
+    def config
+      @config ||= Config.new
+    end
+    module_function :config
+  end
+end

data/lib/terrafying/dynamodb/named_lock.rb

@@ -0,0 +1,126 @@
+require 'terrafying/dynamodb'
+require 'terrafying/dynamodb/config'
+
+module Terrafying
+  module DynamoDb
+    class NamedLock
+      def initialize(table_name, name)
+        @table_name = table_name
+        @name = name
+        @client = Terrafying::DynamoDb.client
+      end
+
+      def status
+        @client.ensure_table(table) do
+          resp = @client.get_item({
+            table_name: @table_name,
+            key: {
+              "name" => @name,
+            },
+            consistent_read: true,
+          })
+          if resp.item
+            return {
+              status: :locked,
+              locked_at: resp.item["locked_at"],
+              metadata: resp.item["metadata"]
+            }
+          else
+            return {
+              status: :unlocked
+            }
+          end
+        end
+      end
+      
+      def acquire
+        @client.ensure_table(table) do
+          begin
+            lock_id = SecureRandom.uuid
+            @client.update_item(acquire_request(lock_id))
+            return lock_id
+          rescue ::Aws::DynamoDB::Errors::ConditionalCheckFailedException
+            raise "Unable to acquire lock: #{status.inspect}" # TODO
+          end
+        end
+      end
+
+      def steal
+        @client.ensure_table(table) do
+          begin
+            lock_id = SecureRandom.uuid
+            req = acquire_request(lock_id)
+            req.delete(:condition_expression)
+            @client.update_item(req)
+            return lock_id
+          rescue ::Aws::DynamoDB::Errors::ConditionalCheckFailedException
+            raise "Unable to steal lock: #{status.inspect}" # TODO
+          end
+        end
+      end
+      
+      def release(lock_id)
+        @client.ensure_table(table) do
+          begin
+            @client.delete_item({
+              table_name: @table_name,
+              key: {
+                "name" => @name,
+              },
+              return_values: "NONE",
+              condition_expression: "lock_id = :lock_id",
+              expression_attribute_values: {
+                ":lock_id" => lock_id,
+              },
+            })
+            nil
+          rescue ::Aws::DynamoDB::Errors::ConditionalCheckFailedException
+            raise "Unable to release lock: #{status.inspect}" # TODO
+          end
+        end
+      end
+
+      private
+      def acquire_request(lock_id)
+        {
+          table_name: @table_name,
+          key: {
+            "name" => @name,
+          },
+          return_values: "NONE",
+          update_expression: "SET lock_id = :lock_id, locked_at = :locked_at, metadata = :metadata",
+          condition_expression: "attribute_not_exists(lock_id)",
+          expression_attribute_values: {
+            ":lock_id" => lock_id,
+            ":locked_at" => Time.now.to_s,
+            ":metadata" => {
+              "owner" => "#{`git config user.name`.chomp} (#{`git config user.email`.chomp})",
+            },
+          },
+        }
+      end
+      
+      def table
+        {
+          table_name: @table_name,
+          attribute_definitions: [
+            {
+              attribute_name: "name",
+              attribute_type: "S",
+            },
+          ],
+          key_schema: [
+            {
+              attribute_name: "name",
+              key_type: "HASH",
+            },
+          ],
+          provisioned_throughput: {
+            read_capacity_units: 1,
+            write_capacity_units: 1,
+          }
+        }
+      end
+    end
+  end
+end

data/lib/terrafying/dynamodb/state.rb

@@ -0,0 +1,92 @@
+require 'digest'
+require 'terrafying/dynamodb/config'
+
+module Terrafying
+  module DynamoDb
+    class StateStore
+      def initialize(scope, opts = {})
+        @scope = scope
+        @client = Terrafying::DynamoDb.client
+        @table_name = Terrafying::DynamoDb.config.state_table
+      end
+      
+      def get
+        @client.ensure_table(table) do
+          resp = @client.query({
+            table_name: @table_name,
+            limit: 1,
+            key_conditions: {
+              "scope" => {
+                attribute_value_list: [@scope],
+                comparison_operator: "EQ",
+              }
+            },
+            scan_index_forward: false,
+          })
+          case resp.items.count
+          when 0 then return nil
+          when 1 then return resp.items.first["state"]
+          else raise 'More than one item found when retrieving state. This is a bug and should never happen.' if resp.items.count != 1
+          end
+        end
+      end
+
+      def put(state)
+        @client.ensure_table(table) do
+          sha256 = Digest::SHA256.hexdigest(state)
+          json = JSON.parse(state)
+          @client.update_item({
+            table_name: @table_name,
+            key: {
+              "scope" => @scope,
+              "serial" => json["serial"].to_i,
+            },
+            return_values: "NONE",
+            update_expression: "SET sha256 = :sha256, #state = :state",
+            condition_expression: "attribute_not_exists(serial) OR sha256 = :sha256",
+            expression_attribute_names: {
+              "#state" => "state",
+            },
+            expression_attribute_values: {
+              ":sha256" => sha256,
+              ":state" => state,
+            }
+          })
+        end
+      end
+      
+      def table
+        {
+          table_name: @table_name,
+          attribute_definitions: [
+            {
+              attribute_name: "scope",
+              attribute_type: "S",
+            },
+            {
+              attribute_name: "serial",
+              attribute_type: "N",
+            }
+          ],
+          key_schema: [
+            {
+              attribute_name: "scope",
+              key_type: "HASH",
+            },
+            {
+              attribute_name: "serial",
+              key_type: "RANGE",
+            },
+            
+          ],
+          provisioned_throughput: {
+            read_capacity_units: 1,
+            write_capacity_units: 1,
+          }
+        }
+      end
+    end
+  end
+end
+
+

data/lib/terrafying/generator.rb

@@ -0,0 +1,134 @@
+require 'json'
+require 'base64'
+require 'erb'
+require 'ostruct'
+require 'deep_merge'
+require 'terrafying/aws'
+
+module Terrafying
+
+  class Context
+
+    REGION = ENV.fetch("AWS_REGION", "eu-west-1")
+
+    PROVIDER_DEFAULTS = {
+      aws: { region: REGION }
+    }
+
+    attr_reader :output
+
+    def initialize
+      @output = {
+        "resource" => {}
+      }
+      @children = []
+    end
+
+    def aws
+      @@aws ||= Terrafying::Aws::Ops.new REGION
+    end
+
+    def provider(name, spec)
+      @output["provider"] ||= {}
+      @output["provider"][name] = spec
+    end
+
+    def data(type, name, spec)
+      @output["data"] ||= {}
+      @output["data"][type.to_s] ||= {}
+      @output["data"][type.to_s][name.to_s] = spec
+      id_of(type, name)
+    end
+
+    def resource(type, name, attributes)
+      @output["resource"][type.to_s] ||= {}
+      @output["resource"][type.to_s][name.to_s] = attributes
+      id_of(type, name)
+    end
+
+    def template(relative_path, params = {})
+      dir = caller_locations[0].path
+      filename = File.join(File.dirname(dir), relative_path)
+      erb = ERB.new(IO.read(filename))
+      erb.filename = filename
+      erb.result(OpenStruct.new(params).instance_eval { binding })
+    end
+
+    def output_with_children
+      @children.inject(@output) { |out, c| out.deep_merge(c.output_with_children) }
+    end
+
+    def id_of(type,name)
+      "${#{type}.#{name}.id}"
+    end
+
+    def output_of(type, name, value)
+      "${#{type}.#{name}.#{value}}"
+    end
+
+    def pretty_generate
+      JSON.pretty_generate(output_with_children)
+    end
+
+    def resource_names
+      out = output_with_children
+      ret = []
+      for type in out["resource"].keys
+        for id in out["resource"][type].keys
+          ret << "#{type}.#{id}"
+        end
+      end
+      ret
+    end
+
+    def resources
+      out = output_with_children
+      ret = []
+      for type in out["resource"].keys
+        for id in out["resource"][type].keys
+          ret << "${#{type}.#{id}.id}"
+        end
+      end
+      ret
+    end
+
+    def add!(*c)
+      @children.push(*c)
+      c[0]
+    end
+
+    def tf_safe(str)
+      str.gsub(/[\.\s\/\?]/, "-")
+    end
+
+  end
+
+  class RootContext < Context
+
+    def initialize
+      super
+
+      output["provider"] = PROVIDER_DEFAULTS
+    end
+
+    def backend(name, spec)
+      @output["terraform"] = {
+        backend: {
+          name => spec,
+        },
+      }
+    end
+
+    def generate(&block)
+      instance_eval(&block)
+    end
+
+    def method_missing(fn, *args)
+      resource(fn, args.shift.to_s, args.first)
+    end
+
+  end
+
+  Generator = RootContext.new
+
+end

data/lib/terrafying/lock.rb

@@ -0,0 +1,25 @@
+require 'terrafying/dynamodb/named_lock'
+
+module Terrafying
+  module Locks
+    class NoOpLock
+      def acquire
+        ""
+      end
+      def steal
+        ""
+      end
+      def release(lock_id)
+      end
+    end
+
+    def self.noop
+      NoOpLock.new
+    end
+
+    def self.dynamodb(scope)
+      Terrafying::DynamoDb::NamedLock.new(Terrafying::DynamoDb.config.lock_table, scope)
+    end
+
+  end
+end

data/lib/terrafying/state.rb

@@ -0,0 +1,51 @@
+require 'terrafying/dynamodb/state'
+
+module Terrafying
+  module State
+
+    STATE_FILENAME = "terraform.tfstate"
+
+    def self.store(config)
+      if LocalStateStore.has_local_state?(config)
+        local(config)
+      else
+        remote(config)
+      end
+    end
+
+    def self.local(config)
+      LocalStateStore.new(config.path)
+    end
+
+    def self.remote(config)
+      Terrafying::DynamoDb::StateStore.new(config.scope)
+    end
+    
+    class LocalStateStore
+      def initialize(path)
+        @path = LocalStateStore.state_path(path)
+      end
+
+      def get
+        IO.read(@path)
+      end
+
+      def put(state)
+        IO.write(@path, state)
+      end
+
+      def delete
+        File.delete(@path)
+      end
+
+      def self.has_local_state?(config)
+        File.exists?(state_path(config.path))
+      end
+      
+      private
+      def self.state_path(path)
+        File.join(File.dirname(path), STATE_FILENAME)
+      end
+    end
+  end
+end

data/lib/terrafying/util.rb

@@ -0,0 +1,32 @@
+
+require 'yaml'
+
+def data_url_from_string(str)
+  b64_contents = Base64.strict_encode64(str)
+  return "data:;base64,#{b64_contents}"
+end
+
+module Terrafying
+
+  module Util
+
+    def self.to_ignition(yaml)
+      config = YAML.load(yaml)
+
+      if config.has_key? "storage" and config["storage"].has_key? "files"
+        files = config["storage"]["files"]
+        config["storage"]["files"] = files.each { |file|
+          if file["contents"].is_a? String
+            file["contents"] = {
+              source: data_url_from_string(file["contents"]),
+            }
+          end
+        }
+      end
+
+      JSON.pretty_generate(config)
+    end
+
+  end
+
+end

data/lib/terrafying/version.rb

@@ -0,0 +1,4 @@
+module Terrafying
+  VERSION = "1.2.1"
+  CLI_VERSION = "0.11.2"
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: terrafying
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.2.1
 platform: ruby
 authors:
 - uSwitch Limited
@@ -145,6 +145,19 @@ extensions: []
 extra_rdoc_files: []
 files:
 - bin/terrafying
+- lib/hash/deep_merge.rb
+- lib/terrafying.rb
+- lib/terrafying/aws.rb
+- lib/terrafying/cli.rb
+- lib/terrafying/dynamodb.rb
+- lib/terrafying/dynamodb/config.rb
+- lib/terrafying/dynamodb/named_lock.rb
+- lib/terrafying/dynamodb/state.rb
+- lib/terrafying/generator.rb
+- lib/terrafying/lock.rb
+- lib/terrafying/state.rb
+- lib/terrafying/util.rb
+- lib/terrafying/version.rb
 homepage: https://github.com/uswitch/terrafying
 licenses:
 - Apache-2.0