terraspace_plugin_aws 0.0.0 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dca5820d4f39269a02702a0c322cb249121f3676997b6e1f5a63e042cbc15e15
-  data.tar.gz: edb37d92d5e398c5c4ce98858db544fe7d4a23226da816eb6687b0809a173734
+  metadata.gz: dfca334913ce20496d5ed7dff1191c741880b1f7453beb43302641874a645052
+  data.tar.gz: 667087253840e4822c26e2ca73af799a14e63d8cca5a1b4b4d23557938a1e03f
 SHA512:
-  metadata.gz: ff289ee0cd67e65701c5d23916fc237723aca27f8f14a863f273e065056bef8b805dbd7bb962ac71590c1f66118472c6894d4649c262f2b7aa2daab7705527ed
-  data.tar.gz: 52357c39e20e2877b52c7ab803a9704764c1c917746defc53a62228227533ec845dac2981e5025c3f064e6e402068830e908c0da86c33808b9b8fd7e308e6b8b
+  metadata.gz: 6640c1548bdc8d0e9c6b7a61a9916eee88d8d1f7cb7a2527aba4c0dfba039c8216c9f1f2ba4aac684911344dbe6af73976c61b4d0ce49233ba4c879caa93e71b
+  data.tar.gz: a25e90407bee9259200a31b83aa61d9e285cc0b61fc93f1b5a77a7cacc7323e6fb909a551269f8d35bd22cfee242c0a19b5ab0ab164d539f841eec9eeed6cb59

data/CHANGELOG.md

@@ -1,8 +1,7 @@
-# Change Log
+# Changelog
 
 All notable changes to this project will be documented in this file.
 This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/).
 
-## [0.0.1]
-- terraspace dep for dev only
-
+## [0.1.0]
+- Initial release

data/Gemfile

@@ -7,10 +7,5 @@ gem "rake", "~> 12.0"
 gem "rspec", "~> 3.0"
 
 group :development, :test do
-  if ENV['TS_EDGE']
-    base = ENV['TS_EDGE_ROOT'] || "#{ENV['HOME']}/environment/terraspace-edge"
-    gem "terraspace", path: "#{base}/terraspace"
-  else
-    gem "terraspace"
-  end
+  gem "terraspace"
 end

data/README.md

@@ -18,23 +18,25 @@ config/plugins/aws.rb
 
 ```ruby
 TerraspacePluginAws.configure do |config|
-  # config.s3.encryption = true
-  # config.s3.enforce_ssl = true
-  # config.s3.versioning = true
-  # config.s3.lifecycle = true
-  # config.s3.access_logging = true
-  # config.s3.secure_existing = false # run the security controls on existing buckets. by default, only run on newly created bucket the first time
-  #
-  # config.dynamodb.encryption = true
-  # config.dynamodb.kms_master_key_id = nil
-  # config.dynamodb.sse_type = "KMS"
+  config.auto_create = true # set to false to completely disable auto creation
+
+  config.s3.encryption = true
+  config.s3.enforce_ssl = true
+  config.s3.versioning = true
+  config.s3.lifecycle = true
+  config.s3.access_logging = true
+  config.s3.secure_existing = false # run the security controls on existing buckets. by default, only run on newly created bucket the first time
+
+  config.dynamodb.encryption = true
+  config.dynamodb.kms_master_key_id = nil
+  config.dynamodb.sse_type = "KMS"
 end
 ```
 
 By default:
 
-* S3 Buckets are secured with encryption, have an enforce ssl bucket policy, have versioning enabled, has a lifecycle policy, and have bucket access logging enabled.
-* DynamoDB tables have encryption enabled using the AWS Managed KMS Key for DynamoDB.
+* S3 Buckets are secured with [encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html), have an [enforce ssl bucket policy](https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/), have [versioning enabled](https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html), has a [lifecycle policy](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/create-lifecycle.html), and have [bucket server access logging enabled](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html).
+* DynamoDB tables have [encryption enabled](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html) using the AWS Managed KMS Key for DynamoDB.
 
 The settings generally only apply if the s3 bucket or dynamodb table do not yet exist yet and is created for the first time.
 

data/lib/templates/hcl/project/config/terraform/backend.tf.tt

@@ -0,0 +1,9 @@
+terraform {
+  backend "s3" {
+    bucket         = "<%%= backend_expand('s3', 'terraform-state-:ACCOUNT-:REGION-:ENV') %>"     # expanded by terraspace IE: terraform-state-112233445566-us-west-2-dev
+    key            = "<%%= backend_expand('s3', ':REGION/:ENV/:BUILD_DIR/terraform.tfstate') %>" # expanded by terraspace IE: us-west-2/dev/modules/vm/terraform.tfstate
+    region         = "<%%= backend_expand('s3', ':REGION') %>"
+    encrypt        = true
+    dynamodb_table = "terraform_locks"
+  }
+}

data/lib/templates/hcl/stack/main.tf

@@ -1,9 +1,9 @@
-resource "random_pet" "bucket" {
+resource "random_pet" "this" {
   length = 2
 }
 
 module "bucket" {
   source     = "../../modules/example"
-  bucket     = "bucket-${random_pet.bucket.id}"
+  bucket     = "bucket-${random_pet.this.id}"
   acl        = var.acl
 }

data/lib/templates/hcl/stack/variables.tf

@@ -1,9 +1,3 @@
-variable "bucket" {
-  description = "The name of the bucket. If omitted, Terraform will assign a random, unique name." # IE: terraform-2020052606510241590000000
-  type        = string
-  default     = null
-}
-
 variable "acl" {
   description = "The canned ACL to apply. Defaults to 'private'."
   type        = string

data/lib/templates/ruby/stack/main.rb

@@ -1,9 +1,9 @@
-resource("random_pet", "bucket",
+resource("random_pet", "this",
   length: 2
 )
 
 module!("bucket",
   source: "../../modules/example",
-  bucket: "bucket-${random_pet.bucket.id}",
+  bucket: "bucket-${random_pet.this.id}",
   acl:    var.acl,
 )

data/lib/templates/ruby/stack/variables.rb

@@ -1,9 +1,3 @@
-variable("bucket",
-  description: "The name of the bucket. If omitted, Terraform will assign a random, unique name.", # IE: terraform-2020052606510241590000000
-  type:        "string",
-  default:     nil,
-)
-
 variable("acl",
   description: "The canned ACL to apply. Defaults to 'private'.",
   type:         "string",

data/lib/templates/test/rspec/module/test/spec/fixtures/stack/main.tf

@@ -0,0 +1,9 @@
+resource "random_pet" "this" {
+  length = 2
+}
+
+module "bucket" {
+  source     = "../../modules/example"
+  bucket     = "bucket-${random_pet.this.id}"
+  acl        = var.acl
+}

data/lib/templates/test/rspec/module/test/spec/fixtures/stack/outputs.tf

@@ -0,0 +1,4 @@
+output "bucket_name" {
+  description = "Bucket name"
+  value       = module.bucket.name
+}

data/lib/templates/test/rspec/module/test/spec/fixtures/stack/variables.tf

@@ -0,0 +1,11 @@
+variable "bucket" {
+  description = "The name of the bucket. If omitted, Terraform will assign a random, unique name." # IE: terraform-2020052606510241590000000
+  type        = string
+  default     = null
+}
+
+variable "acl" {
+  description = "The canned ACL to apply. Defaults to 'private'."
+  type        = string
+  default     = "private"
+}

data/lib/templates/test/rspec/module/test/spec/main_spec.rb.tt

@@ -1,7 +1,7 @@
 # This starter example of a spec that creates a test harness and provisions a real s3 bucket.
 # The test harness will be created at:
 #
-#    /tmp/terraspace-test-harnesses/<%= @name %>
+#    /tmp/terraspace-test-harnesses/<%= @name %>-harness
 #
 # It's recommended to run this on a test AWS account.
 #
@@ -9,7 +9,7 @@ describe "main" do
   before(:all) do
     mod_path = File.expand_path("../..", __dir__)
     terraspace.build_test_harness(
-      name: "<%= @name %>",
+      name: "<%= @name %>-harness",
       modules: {example: mod_path},
       stacks:  {example: "#{mod_path}/test/spec/fixtures/stack"},
     )

data/lib/templates/test/rspec/project/spec/fixtures/tfvars/demo.tfvars

@@ -0,0 +1 @@
+# var = "value"

data/lib/templates/test/rspec/project/spec/spec_helper.rb

@@ -0,0 +1,13 @@
+ENV["TS_ENV"] = "test"
+
+require "terraspace"
+require "rspec/terraspace"
+
+module Helper
+  # Add your helpers here
+end
+
+RSpec.configure do |c|
+  c.include RSpec::Terraspace::Helpers
+  c.include Helper
+end

data/lib/templates/test/rspec/project/spec/stacks/demo/main_spec.rb

@@ -0,0 +1,26 @@
+describe "main" do
+  before(:all) do
+    # Build terraspace project to use as a test harness
+    # Will be located at: /tmp/terraspace/test-harnesses/demo-harness
+    terraspace.build_test_harness(
+      name:    "demo-harness",
+      modules: "app/modules",          # include all modules in this folder
+      stacks:  "app/stacks",           # include all stacks in this folder
+      # override demo stack tfvars for testing
+      # copied over to test harness' app/stacks/demo/tfvars/test.tfvars
+      tfvars:  {demo: "spec/fixtures/tfvars/demo.tfvars"},
+      # create config if needed. The folder will be copied over
+      # config:  "spec/fixtures/config",
+    )
+    terraspace.up("demo") # provision real resources
+  end
+  after(:all) do
+    terraspace.down("demo") # destroy real resources
+  end
+
+  it "successful deploy" do
+    # Replace with your actual test
+    bucket_name = terraspace.output("example", "bucket_name")
+    expect(bucket_name).to include("bucket-") # IE: bucket-pet-name
+  end
+end

data/lib/terraspace_plugin_aws.rb

@@ -1,6 +1,3 @@
-lib = File.expand_path("../../../", __FILE__)
-$:.unshift(lib)
-
 require "memoist"
 require "terraspace" # for interface
 
@@ -20,12 +17,17 @@ module TerraspacePluginAws
   def configure(&block)
     Interfaces::Config.instance.configure(&block)
   end
+
+  def config
+    Interfaces::Config.instance.config
+  end
+
   extend self
 end
 
 Terraspace::Plugin.register("aws",
   backend: "s3",
-  config_instance: TerraspacePluginAws::Interfaces::Config.instance,
+  config_class: TerraspacePluginAws::Interfaces::Config,
   layer_class: TerraspacePluginAws::Interfaces::Layer, # used for layering
   root: File.dirname(__dir__),
 )

data/lib/terraspace_plugin_aws/interfaces/backend.rb

@@ -4,6 +4,8 @@ module TerraspacePluginAws::Interfaces
 
     # interface method
     def call
+      return unless TerraspacePluginAws.config.auto_create
+
       Bucket.new(@info).create
       Table.new(@info).create
     end

data/lib/terraspace_plugin_aws/interfaces/backend/base.rb

@@ -7,5 +7,9 @@ class TerraspacePluginAws::Interfaces::Backend
     def initialize(info)
       @info = info
     end
+
+    def logger
+      Terraspace.logger
+    end
   end
 end

data/lib/terraspace_plugin_aws/interfaces/backend/bucket.rb

@@ -5,15 +5,15 @@ class TerraspacePluginAws::Interfaces::Backend
     def create
       bucket = @info["bucket"]
       unless bucket # not bucket provided
-        puts "ERROR: no bucket value provided in your terraform backend config".color(:red)
+        logger.error "ERROR: no bucket value provided in your terraform backend config".color(:red)
         exit 1
       end
       if exist?(bucket)
-        # puts "Bucket already exist: #{bucket}"
+        logger.debug "Bucket already exist: #{bucket}"
         c = TerraspacePluginAws::Interfaces::Config.instance.config.s3
         secure(bucket) if c.secure_existing
       else
-        puts "Creating bucket: #{bucket}"
+        logger.info "Creating bucket: #{bucket}"
         s3.create_bucket(bucket: bucket)
         secure(bucket)
       end
@@ -25,9 +25,9 @@ class TerraspacePluginAws::Interfaces::Backend
     rescue Aws::S3::Errors::NotFound
       false # Bucket does not exist
     rescue Aws::S3::Errors::Forbidden => e
-      puts "#{e.class}: #{e.message}"
-      puts "ERROR: Bucket is not available: #{name}".color(:red)
-      puts "Bucket might be owned by someone else or is on another one of your AWS accounts."
+      logger.error "#{e.class}: #{e.message}"
+      logger.error "ERROR: Bucket is not available: #{name}".color(:red)
+      logger.error "Bucket might be owned by someone else or is on another one of your AWS accounts."
       exit 1
     end
   end

data/lib/terraspace_plugin_aws/interfaces/backend/table.rb

@@ -5,16 +5,16 @@ class TerraspacePluginAws::Interfaces::Backend
       return unless table # not table provided
 
       if exist?(table)
-        # puts "Table already exist: #{table}"
+        logger.debug "Table already exist: #{table}"
       else
-        puts "Creating dynamodb table: #{table}"
+        logger.info "Creating dynamodb table: #{table}"
         create_table(table)
       end
     end
 
     def create_table(name)
       dynamodb.create_table(table_definition(name))
-      puts "Waiting for dynamodb table to finish creating..."
+      logger.info "Waiting for dynamodb table to finish creating..."
       dynamodb.wait_until(:table_exists, table_name: name)
     end
 

data/lib/terraspace_plugin_aws/interfaces/config.rb

@@ -3,15 +3,19 @@ module TerraspacePluginAws::Interfaces
     include Terraspace::Plugin::Config::Interface
     include Singleton
 
+    # interface method
+    # load_project_config: config/plugins/aws.rb
     def provider
       "aws"
     end
 
+    # interface method
     def defaults
       c = ActiveSupport::OrderedOptions.new
-      c.s3 = ActiveSupport::OrderedOptions.new
-      c.dynamodb = ActiveSupport::OrderedOptions.new
 
+      c.auto_create = true
+
+      c.s3 = ActiveSupport::OrderedOptions.new
       c.s3.encryption = true
       c.s3.enforce_ssl = true
       c.s3.versioning = true
@@ -19,6 +23,7 @@ module TerraspacePluginAws::Interfaces
       c.s3.access_logging = true
       c.s3.secure_existing = false # run the security controls on existing buckets. by default, only run on newly created bucket the first time
 
+      c.dynamodb = ActiveSupport::OrderedOptions.new
       c.dynamodb.encryption = true
       c.dynamodb.kms_master_key_id = nil
       c.dynamodb.sse_type = "KMS"

data/lib/terraspace_plugin_aws/interfaces/expander.rb

@@ -4,6 +4,8 @@ module TerraspacePluginAws::Interfaces
   class Expander
     include Terraspace::Plugin::Expander::Interface
     delegate :account, :region, to: :aws_data
+    alias_method :namespace, :account
+    alias_method :location, :region
 
     def aws_data
       $__aws_data ||= AwsData.new

data/lib/terraspace_plugin_aws/interfaces/layer.rb

@@ -5,13 +5,13 @@ module TerraspacePluginAws::Interfaces
     extend Memoist
 
     # interface method
-    def region
-      aws_data.region
+    def namespace
+      aws_data.account
     end
 
     # interface method
-    def account
-      aws_data.account
+    def region
+      aws_data.region
     end
 
     # interface method

data/lib/terraspace_plugin_aws/interfaces/summary.rb

@@ -0,0 +1,60 @@
+module TerraspacePluginAws::Interfaces
+  class Summary
+    include Terraspace::Plugin::Summary::Interface
+    include TerraspacePluginAws::Clients
+
+    # interface method
+    def download
+      resp = s3.list_objects(bucket: @bucket)
+      resp.contents.each do |content|
+        local_path = "#{@dest}/#{content.key}"
+        FileUtils.mkdir_p(File.dirname(local_path))
+        s3.get_object(
+          response_target: local_path,
+          bucket: @bucket,
+          key: content.key,
+        )
+      end
+    end
+
+    # interface method
+    def delete_empty_statefile(key)
+      delete_lock_id(key)
+      delete_s3_file(key)
+    end
+
+  private
+    def delete_s3_file(key)
+      s3.delete_object(
+        bucket: @bucket,
+        key: key,
+      )
+      # resp is:
+      #
+      #   <struct Aws::S3::Types::DeleteObjectOutput
+      #    delete_marker=nil,
+      #    version_id=nil,
+      #    request_charged=nil>
+    end
+
+    def delete_lock_id(key)
+      lock_id = "#{@bucket}/#{key}-md5"
+      table_name = @info['dynamodb_table']
+      dynamodb.delete_item(
+        key: {LockID: lock_id},
+        table_name: table_name,
+      )
+      # resp is:
+      #
+      #   #<struct Aws::DynamoDB::Types::DeleteItemOutput
+      #    attributes=nil,
+      #    consumed_capacity=nil,
+      #    item_collection_metrics=nil>
+    rescue Aws::DynamoDB::Errors::ResourceNotFoundException => e
+      # Exception happens when dynamodb table doesnt exist
+      # If the lock item is missing, it successfully sends the api call to delete, even though there's nothing to delete
+      logger.error "ERROR: #{e.class}: #{e.message}"
+      logger.error "Table may not exist"
+    end
+  end
+end

data/lib/terraspace_plugin_aws/version.rb

@@ -1,3 +1,3 @@
 module TerraspacePluginAws
-  VERSION = "0.0.0"
+  VERSION = "0.1.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: terraspace_plugin_aws
 version: !ruby/object:Gem::Version
-  version: 0.0.0
+  version: 0.1.0
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-05-31 00:00:00.000000000 Z
+date: 2020-07-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-dynamodb
@@ -113,23 +113,29 @@ files:
 - lib/templates/hcl/module/main.tf
 - lib/templates/hcl/module/outputs.tf
 - lib/templates/hcl/module/variables.tf
-- lib/templates/hcl/project/config/templates/backend.tf.tt
-- lib/templates/hcl/project/config/templates/provider.tf
+- lib/templates/hcl/project/config/terraform/backend.tf.tt
+- lib/templates/hcl/project/config/terraform/provider.tf
 - lib/templates/hcl/stack/main.tf
 - lib/templates/hcl/stack/outputs.tf
 - lib/templates/hcl/stack/variables.tf
 - lib/templates/ruby/module/main.rb
 - lib/templates/ruby/module/outputs.rb
 - lib/templates/ruby/module/variables.rb
-- lib/templates/ruby/project/config/templates/backend.rb.tt
-- lib/templates/ruby/project/config/templates/provider.rb
+- lib/templates/ruby/project/config/terraform/backend.rb.tt
+- lib/templates/ruby/project/config/terraform/provider.rb
 - lib/templates/ruby/stack/main.rb
 - lib/templates/ruby/stack/outputs.rb
 - lib/templates/ruby/stack/variables.rb
 - lib/templates/test/rspec/module/test/.rspec
 - lib/templates/test/rspec/module/test/Gemfile.tt
+- lib/templates/test/rspec/module/test/spec/fixtures/stack/main.tf
+- lib/templates/test/rspec/module/test/spec/fixtures/stack/outputs.tf
+- lib/templates/test/rspec/module/test/spec/fixtures/stack/variables.tf
 - lib/templates/test/rspec/module/test/spec/main_spec.rb.tt
 - lib/templates/test/rspec/module/test/spec/spec_helper.rb
+- lib/templates/test/rspec/project/spec/fixtures/tfvars/demo.tfvars
+- lib/templates/test/rspec/project/spec/spec_helper.rb
+- lib/templates/test/rspec/project/spec/stacks/demo/main_spec.rb
 - lib/terraspace_plugin_aws.rb
 - lib/terraspace_plugin_aws/autoloader.rb
 - lib/terraspace_plugin_aws/clients.rb
@@ -144,6 +150,7 @@ files:
 - lib/terraspace_plugin_aws/interfaces/decorator/base.rb
 - lib/terraspace_plugin_aws/interfaces/expander.rb
 - lib/terraspace_plugin_aws/interfaces/layer.rb
+- lib/terraspace_plugin_aws/interfaces/summary.rb
 - lib/terraspace_plugin_aws/version.rb
 - terraspace_plugin_aws.gemspec
 homepage: https://github.com/boltops-tools/terraspace_plugin_aws

data/lib/templates/hcl/project/config/templates/backend.tf.tt

@@ -1,9 +0,0 @@
-terraform {
-  backend "s3" {
-    bucket         = "<%%= backend_expand("s3", "terraform-state-:ACCOUNT-:REGION-:ENV") %>"     # expanded by terraspace IE: terraform-state-112233445566-us-west-2-dev
-    key            = "<%%= backend_expand("s3", ":REGION/:ENV/:BUILD_DIR/terraform.tfstate") %>" # expanded by terraspace IE: us-west-2/dev/modules/vm/terraform.tfstate
-    region         = "<%%= backend_expand("s3", ":REGION") %>"
-    encrypt        = true
-    dynamodb_table = "terraform_locks"
-  }
-}