RubyGems - ufo - Versions diffs - 4.0.1 → 4.0.2 - Mend

ufo 4.0.1 → 4.0.2

Files changed (8) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/docs/_docs/ssl-support.md +3 -3
data/lib/cfn/stack.yml +4 -0
data/lib/template/.ufo/settings/cfn/default.yml.tt +15 -15
data/lib/ufo/stack/context.rb +7 -1
data/lib/ufo/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a06ce94ad72a7dd44f9e6a5d9fae01812e4891ee989a9d3fe23cb5c91e7c5886
-  data.tar.gz: 37f7541753447ba7e117cb15cb000291b43e9c5f7020dff9236e0b767123ac78
+  metadata.gz: 90a5d05cdf6d22404d21a414946933e467f5ab1f85c153f4154512824ebfb58d
+  data.tar.gz: fd67d3241ea05d7508480ebaad399602f5bcd3ea51dbba4a65c63ffeab0edfc0
 SHA512:
-  metadata.gz: bc1237132c6697f392edb681259981591735a6b425e8b66a873662af909cebb67a1c76e61ca62f76c1d8199e9c61e5248c40115c1430fd58b7e91eb2b9d70e93
-  data.tar.gz: d29cdf5810ee4ff7f80157401b890e4c46ba1cbade864fa5b0d23095f6caeaa6c44351c0a2b739ac5bbf6c37835b7beb2eaffb71c9b5557cdab437eb85f507d9
+  metadata.gz: 456582ec11bd18087728e5318b61709c9c468887cd2e8ff1b03834ab52f1af324a3407af90bb39cd69f140f092f1cac0d39eb7e8d0c2ac5c062692a2d670a496
+  data.tar.gz: 5f05000fd4e83a257aac2e13ec075b58f1c470dc26838f96b16ebbaadccfaf9d814349e063fd74e8b1bc3d381a07e040c67dac71aa7fdb2f58b409b5d4bfd1a2

data/CHANGELOG.md CHANGED

@@ -3,6 +3,11 @@
 All notable changes to this project will be documented in this file.
 This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
+## [4.0.2]
+- Merge pull request #45 from tongueroo/ssl2
+- default deregistration_delay 10
+- improve ssl support, only create ssl listener when configured
 ## [4.0.1]
 - Merge pull request #44 from tongueroo/ssl
 - add listener_ssl resource for better ssl support

data/docs/_docs/ssl-support.md CHANGED

@@ -4,7 +4,7 @@ title: SSL Support
 ## Application Load Balancers
-If you are using an Application Load Balancer you can configure SSL support by adjusting the `listener_ssl` in `.ufo/settings/cfn/default.yml`.  Here's an example:
+If you are using an Application Load Balancer you can configure SSL support by uncomment the `listener_ssl` option in `.ufo/settings/cfn/default.yml`.  Here's an example:
 ```
 listener_ssl:
@@ -22,7 +22,7 @@ Once this is configured, you deploy the app again:
 ## Network Load Balancers
-Network Load Balancers work at layer 4, so they do not support SSL termination because SSL happens higher up in the OSI model layers. With Network Load Balancers you handle SSL termination within your app with the server you are using.  For example, it could be apache, nginx or tomcat.
+Network Load Balancers work at layer 4, so they do not support SSL termination because SSL happens higher up in the OSI model. With Network Load Balancers you must handle SSL termination within your app with the server you are using.  For example, apache, nginx or tomcat.
 You also will need to also configure the target group to check the port that your app server is listening to and configure the health_check_protocol to HTTPS.  Here's an example:
@@ -34,7 +34,7 @@ target_group:
   health_check_protocol: HTTPS
 ```
-The protocol in the case of the network load balancer is TCP and is configured to TCP by default by ufo for Network Load Balancers, so you don't have to configure it.
+The protocol in the case of the network load balancer is TCP and is configured to TCP by default by ufo for Network Load Balancers, so you don't have to configure the protocol.
 <a id="prev" class="btn btn-basic" href="{% link _docs/security-groups.md %}">Back</a>
 <a id="next" class="btn btn-primary" href="{% link _docs/route53-support.md %}">Next Step</a>

data/lib/cfn/stack.yml CHANGED

@@ -125,6 +125,7 @@ Resources:
       Protocol: <%= @default_listener_protocol %>
 <%= custom_properties(:Listener) %>
+<% if @create_listener_ssl -%>
   ListenerSsl:
     Type: AWS::ElasticLoadBalancingV2::Listener
     Condition: CreateElbIsTrue
@@ -136,6 +137,7 @@ Resources:
       LoadBalancerArn: !Ref Elb
       Protocol: <%= @default_listener_ssl_protocol %>
 <%= custom_properties(:ListenerSsl) %>
+<% end -%>
 <% if @elb_type == "application" -%>
   ElbSecurityGroup:
@@ -149,10 +151,12 @@ Resources:
         FromPort: '<%= cfn[:listener][:port] %>'
         ToPort: '<%= cfn[:listener][:port] %>'
         CidrIp: 0.0.0.0/0
+<% if @create_listener_ssl -%>
       - IpProtocol: tcp
         FromPort: '<%= cfn[:listener_ssl][:port] %>'
         ToPort: '<%= cfn[:listener_ssl][:port] %>'
         CidrIp: 0.0.0.0/0
+<% end -%>
       SecurityGroupEgress:
       - IpProtocol: tcp
         FromPort: '0'

data/lib/template/.ufo/settings/cfn/default.yml.tt CHANGED

@@ -25,7 +25,7 @@ target_group:
   # unhealthy_threshold_count: 10
   target_group_attributes:
   - key: deregistration_delay.timeout_seconds
-    value: 1
+    value: 10
 # https://docs.aws.amazon.com/fr_fr/elasticloadbalancing/latest/APIReference/API_CreateListener.html
 #
@@ -43,21 +43,21 @@ listener:
 # If HTTPS and SSL is required then the listener_ssl config is what you need.
 #   Application ELBs support SSL termination.
-#   Network load balancers do not.
+#   Network load balancers do not and must pass the request through to the app
+#   to handle SSL termination.
 #
-# ufo current creates both a normal listener and an ssl listener, even if you
-# are not using it. Both listeners point to the same target group.
-listener_ssl:
-  port: 443
-  # protocol: TCP # valid values - application elb: HTTP HTTPS, network elb: TCP
-                  # ufo handles setting the defaults:
-                  #   application elb: HTTP  # unless port is 443
-                  #   application elb: HTTPS # if port is 443
-                  #   network elb: TCP
-  # Certificates are supported by application load balancers only.
-  # Network load balancers do not support SSL termination.
-  # certificates:
-  # - certificate_arn: arn:aws:acm:us-east-1:111111111111:certificate/11111111-2222-3333-4444-555555555555
+# ufo creates an ssl listener when listener_ssl is set.
+# listener_ssl:
+#   port: 443
+#   # protocol: TCP # valid values - application elb: HTTP HTTPS, network elb: TCP
+#                   # ufo handles setting the defaults:
+#                   #   application elb: HTTPS
+#                   #   network elb: TCP
+#   # Certificates are supported by application load balancers only.
+#   # Network load balancers do not support SSL termination so do not support
+#   # certificates.
+#   # certificates:
+#   # - certificate_arn: arn:aws:acm:us-east-1:111111111111:certificate/11111111-2222-3333-4444-555555555555
 # Configure dns to automatically be associated with the ELB dns name.

data/lib/ufo/stack/context.rb CHANGED

@@ -32,6 +32,7 @@ class Ufo::Stack
         default_target_group_protocol: default_target_group_protocol,
         default_listener_protocol: default_listener_protocol,
         default_listener_ssl_protocol: default_listener_ssl_protocol,
+        create_listener_ssl: create_listener_ssl?,
       }
       # puts "vars:".colorize(:cyan)
       # pp vars
@@ -52,7 +53,12 @@ class Ufo::Stack
     def default_listener_ssl_protocol
       return 'TCP' if elb_type == 'network'
-      cfn[:listener_ssl][:port] == 443 ? 'HTTPS' : 'HTTP'
+      'HTTPS'
+    end
+    # if the configuration is set to anything then enable it
+    def create_listener_ssl?
+      cfn[:listener_ssl] && cfn[:listener_ssl][:port]
     end
     def container

data/lib/ufo/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Ufo
-  VERSION = "4.0.1"
+  VERSION = "4.0.2"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ufo
 version: !ruby/object:Gem::Version
-  version: 4.0.1
+  version: 4.0.2
 platform: ruby
 authors:
 - Tung Nguyen