From d768a9b93c02f1dc8bbfdc8d1e32b1bbdc2b8570 Mon Sep 17 00:00:00 2001 From: Yuki Osaki Date: Tue, 8 Jun 2021 11:13:37 +0900 Subject: [PATCH] Add more rubocop --- .rubocop_todo.yml | 63 ---- bin/bootstrap | 30 +- dockerfiles/reverse-proxy/render_template.rb | 2 +- lib/barcelona/network/autoscaling_builder.rb | 30 +- lib/barcelona/network/bastion_builder.rb | 30 +- lib/barcelona/network/nat_builder.rb | 30 +- lib/barcelona/network/vpc_builder.rb | 20 +- lib/barcelona/plugins/pcidss_plugin.rb | 36 +- lib/tasks/bootstrap.rake | 12 +- .../barcelona/network/network_stack_spec.rb | 344 ++++++++++++------ spec/models/district_spec.rb | 7 +- spec/models/heritage_spec.rb | 28 +- spec/models/heritage_task_definition_spec.rb | 4 +- spec/models/release_spec.rb | 3 +- spec/rails_helper.rb | 4 +- 15 files changed, 360 insertions(+), 283 deletions(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 7673ca94..a8a41471 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -6,69 +6,6 @@ # Note that changes in the inspected code, or installation of new # versions of RuboCop, may require this file to be generated again. -# Offense count: 93 -# Cop supports --auto-correct. -# Configuration parameters: AllowMultipleStyles, EnforcedHashRocketStyle, EnforcedColonStyle, EnforcedLastArgumentHashStyle. -# SupportedHashRocketStyles: key, separator, table -# SupportedColonStyles: key, separator, table -# SupportedLastArgumentHashStyles: always_inspect, always_ignore, ignore_implicit, ignore_explicit -Layout/HashAlignment: - Exclude: - - 'dockerfiles/reverse-proxy/render_template.rb' - - 'lib/barcelona/network/autoscaling_builder.rb' - - 'lib/barcelona/network/bastion_builder.rb' - - 'lib/barcelona/network/nat_builder.rb' - - 'lib/barcelona/network/vpc_builder.rb' - - 'spec/lib/barcelona/network/network_stack_spec.rb' - - 'spec/models/heritage_task_definition_spec.rb' - - 'spec/rails_helper.rb' - -# Offense count: 7 -# Cop supports --auto-correct. -Layout/HeredocIndentation: - Exclude: - - 'bin/bootstrap' - - 'lib/barcelona/plugins/pcidss_plugin.rb' - - 'lib/tasks/bootstrap.rake' - -# Offense count: 2 -# Cop supports --auto-correct. -# Configuration parameters: Width, IgnoredPatterns. -Layout/IndentationWidth: - Exclude: - - 'spec/models/heritage_spec.rb' - -# Offense count: 7 -# Cop supports --auto-correct. -# Configuration parameters: AutoCorrect, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns. -# URISchemes: http, https -Layout/LineLength: - Max: 317 - -# Offense count: 19 -# Cop supports --auto-correct. -# Configuration parameters: EnforcedStyle. -# SupportedStyles: symmetrical, new_line, same_line -Layout/MultilineArrayBraceLayout: - Exclude: - - 'spec/lib/barcelona/network/network_stack_spec.rb' - - 'spec/models/release_spec.rb' - -# Offense count: 3 -# Cop supports --auto-correct. -Layout/MultilineBlockLayout: - Exclude: - - 'spec/models/district_spec.rb' - - 'spec/models/heritage_spec.rb' - -# Offense count: 124 -# Cop supports --auto-correct. -# Configuration parameters: EnforcedStyle. -# SupportedStyles: symmetrical, new_line, same_line -Layout/MultilineHashBraceLayout: - Exclude: - - 'spec/lib/barcelona/network/network_stack_spec.rb' - # Offense count: 12 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle. diff --git a/bin/bootstrap b/bin/bootstrap index a29b3c99..3db992b5 100755 --- a/bin/bootstrap +++ b/bin/bootstrap @@ -32,29 +32,29 @@ class CLI < Thor ActiveRecord::Migration.verbose = false ENV["AWS_REGION"] = options[:region].presence || - ask_with_description("AWS Region", <<-EOS, default: 'us-east-1') -Choose AWS region you want to deploy Barcelona to. + ask_with_description("AWS Region", <<~EOS, default: 'us-east-1') + Choose AWS region you want to deploy Barcelona to. EOS ENV["ACM_CERT_ARN"] = options[:acm_cert_arn].presence || - ask_with_description("ACM Certificate ARN", <<-EOS, required: false) -Create a new certificate on Amazon Certificate Manager in the region you chose and provide its ARN. -This is optional but we highly recommend setting up an ACM certificate. - -Without this certificate your commands will be transmitted to Barcelona using plaintext. + ask_with_description("ACM Certificate ARN", <<~EOS, required: false) + Create a new certificate on Amazon Certificate Manager in the region you chose and provide its ARN. + This is optional but we highly recommend setting up an ACM certificate. + + Without this certificate your commands will be transmitted to Barcelona using plaintext. EOS ENV["GITHUB_ORGANIZATION"] = options[:github_organization].presence || - ask_with_description("GitHub Organization", <<-EOS, required: true) -Provide your GitHub organization. Users who belong to this organization -will have access to Barcelona API. + ask_with_description("GitHub Organization", <<~EOS, required: true) + Provide your GitHub organization. Users who belong to this organization + will have access to Barcelona API. EOS - say <<-EOS, :green -Provide your AWS access key ID and secret access key. -This access key will be used to bootstrap your Barcelona environment. -The best practice is to create a new access key with admin previleges and -delete it after the bootstrap is complete. + say <<~EOS, :green + Provide your AWS access key ID and secret access key. + This access key will be used to bootstrap your Barcelona environment. + The best practice is to create a new access key with admin previleges and + delete it after the bootstrap is complete. EOS ENV["AWS_ACCESS_KEY_ID"] = ask("AWS Access Key ID:") diff --git a/dockerfiles/reverse-proxy/render_template.rb b/dockerfiles/reverse-proxy/render_template.rb index a52b8c71..6eae9691 100755 --- a/dockerfiles/reverse-proxy/render_template.rb +++ b/dockerfiles/reverse-proxy/render_template.rb @@ -108,7 +108,7 @@ def log_format hostname: host, proxy_protocol: !(ENV['DISABLE_PROXY_PROTOCOL'] == 'true'), ssl_cert_path: ssl_cert_path, - ssl_key_path: ssl_key_path, + ssl_key_path: ssl_key_path, force_ssl: ENV['FORCE_SSL'] == 'true', upstream_name: ENV['UPSTREAM_NAME'], upstream_port: ENV['UPSTREAM_PORT'] diff --git a/lib/barcelona/network/autoscaling_builder.rb b/lib/barcelona/network/autoscaling_builder.rb index 9594d03b..a8da963f 100644 --- a/lib/barcelona/network/autoscaling_builder.rb +++ b/lib/barcelona/network/autoscaling_builder.rb @@ -4,21 +4,21 @@ class AutoscalingBuilder < CloudFormation::Builder # http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html # amzn2-ami-ecs-hvm-2.0 ECS_OPTIMIZED_AMI_IDS = { - "us-east-1" => "ami-0ae3143bc8c29507d", - "us-east-2" => "ami-01a4986c9e49a5c6a", - "us-west-1" => "ami-0154d362b1af1d7fa", - "us-west-2" => "ami-09821bb7e5aa7e648", - "eu-west-1" => "ami-01ef64c116fe1364f", - "eu-west-2" => "ami-03f4b65c6b7b2e83d", - "eu-west-3" => "ami-0975a74e69d1b66c3", - "eu-central-1" => "ami-00a755f84af357e9e", - "ap-northeast-1" => "ami-0ff8df45400dc4e3d", - "ap-northeast-2" => "ami-019c34e0d65f3727c", - "ap-southeast-1" => "ami-0d242941de637dea8", - "ap-southeast-2" => "ami-03f9a9874affbb05b", - "ca-central-1" => "ami-0617d8461ebdae2b9", - "ap-south-1" => "ami-0b948665b52b6ac61", - "sa-east-1" => "ami-0170497bab30979e8", + "us-east-1" => "ami-0ae3143bc8c29507d", + "us-east-2" => "ami-01a4986c9e49a5c6a", + "us-west-1" => "ami-0154d362b1af1d7fa", + "us-west-2" => "ami-09821bb7e5aa7e648", + "eu-west-1" => "ami-01ef64c116fe1364f", + "eu-west-2" => "ami-03f4b65c6b7b2e83d", + "eu-west-3" => "ami-0975a74e69d1b66c3", + "eu-central-1" => "ami-00a755f84af357e9e", + "ap-northeast-1" => "ami-0ff8df45400dc4e3d", + "ap-northeast-2" => "ami-019c34e0d65f3727c", + "ap-southeast-1" => "ami-0d242941de637dea8", + "ap-southeast-2" => "ami-03f9a9874affbb05b", + "ca-central-1" => "ami-0617d8461ebdae2b9", + "ap-south-1" => "ami-0b948665b52b6ac61", + "sa-east-1" => "ami-0170497bab30979e8", } def ebs_optimized_by_default? diff --git a/lib/barcelona/network/bastion_builder.rb b/lib/barcelona/network/bastion_builder.rb index 3fda95ae..1d2b52ab 100644 --- a/lib/barcelona/network/bastion_builder.rb +++ b/lib/barcelona/network/bastion_builder.rb @@ -6,21 +6,21 @@ class BastionBuilder < CloudFormation::Builder # You can see the latest version stored in public SSM parameter store # https://ap-northeast-1.console.aws.amazon.com/systems-manager/parameters/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2/description?region=ap-northeast-1 AMI_IDS = { - "us-east-1" => "ami-0d5eff06f840b45e9", - "us-east-2" => "ami-077e31c4939f6a2f3", - "us-west-1" => "ami-04468e03c37242e1e", - "us-west-2" => "ami-0cf6f5c8a62fa5da6", - "eu-west-1" => "ami-063d4ab14480ac177", - "eu-west-2" => "ami-06dc09bb8854cbde3", - "eu-west-3" => "ami-0b3e57ee3b63dd76b", - "eu-central-1" => "ami-043097594a7df80ec", - "ap-northeast-1" => "ami-0ca38c7440de1749a", - "ap-northeast-2" => "ami-0f2c95e9fe3f8f80e", - "ap-southeast-1" => "ami-02f26adf094f51167", - "ap-southeast-2" => "ami-0186908e2fdeea8f3", - "ca-central-1" => "ami-0101734ab73bd9e15", - "ap-south-1" => "ami-010aff33ed5991201", - "sa-east-1" => "ami-05373777d08895384", + "us-east-1" => "ami-0d5eff06f840b45e9", + "us-east-2" => "ami-077e31c4939f6a2f3", + "us-west-1" => "ami-04468e03c37242e1e", + "us-west-2" => "ami-0cf6f5c8a62fa5da6", + "eu-west-1" => "ami-063d4ab14480ac177", + "eu-west-2" => "ami-06dc09bb8854cbde3", + "eu-west-3" => "ami-0b3e57ee3b63dd76b", + "eu-central-1" => "ami-043097594a7df80ec", + "ap-northeast-1" => "ami-0ca38c7440de1749a", + "ap-northeast-2" => "ami-0f2c95e9fe3f8f80e", + "ap-southeast-1" => "ami-02f26adf094f51167", + "ap-southeast-2" => "ami-0186908e2fdeea8f3", + "ca-central-1" => "ami-0101734ab73bd9e15", + "ap-south-1" => "ami-010aff33ed5991201", + "sa-east-1" => "ami-05373777d08895384", } def build_resources diff --git a/lib/barcelona/network/nat_builder.rb b/lib/barcelona/network/nat_builder.rb index 1a2178c0..fd0e8105 100644 --- a/lib/barcelona/network/nat_builder.rb +++ b/lib/barcelona/network/nat_builder.rb @@ -4,21 +4,21 @@ class NatBuilder < CloudFormation::Builder # https://aws.amazon.com/jp/amazon-linux-ami/ # amzn-ami-vpc-nat-hvm VPC_NAT_AMI_IDS = { - "us-east-1" => "ami-00a9d4a05375b2763", - "us-east-2" => "ami-00d1f8201864cc10c", - "us-west-1" => "ami-097ad469381034fa2", - "us-west-2" => "ami-0b840e8a1ce4cdf15", - "eu-west-1" => "ami-024107e3e3217a248", - "eu-west-2" => "ami-0ca65a55561666293", - "eu-west-3" => "ami-0641e4dfc1427f114", - "eu-central-1" => "ami-06a5303d47fbd8c60", - "ap-northeast-1" => "ami-00d29e4cb217ae06b", - "ap-northeast-2" => "ami-0d98591cbf9ef1ffd", - "ap-southeast-1" => "ami-01514bb1776d5c018", - "ap-southeast-2" => "ami-062c04ec46aecd204", - "ca-central-1" => "ami-0b32354309da5bba5", - "ap-south-1" => "ami-00b3aa8a93dd09c13", - "sa-east-1" => "ami-057f5d52ff7ae75ae", + "us-east-1" => "ami-00a9d4a05375b2763", + "us-east-2" => "ami-00d1f8201864cc10c", + "us-west-1" => "ami-097ad469381034fa2", + "us-west-2" => "ami-0b840e8a1ce4cdf15", + "eu-west-1" => "ami-024107e3e3217a248", + "eu-west-2" => "ami-0ca65a55561666293", + "eu-west-3" => "ami-0641e4dfc1427f114", + "eu-central-1" => "ami-06a5303d47fbd8c60", + "ap-northeast-1" => "ami-00d29e4cb217ae06b", + "ap-northeast-2" => "ami-0d98591cbf9ef1ffd", + "ap-southeast-1" => "ami-01514bb1776d5c018", + "ap-southeast-2" => "ami-062c04ec46aecd204", + "ca-central-1" => "ami-0b32354309da5bba5", + "ap-south-1" => "ami-00b3aa8a93dd09c13", + "sa-east-1" => "ami-057f5d52ff7ae75ae", } def build_resources diff --git a/lib/barcelona/network/vpc_builder.rb b/lib/barcelona/network/vpc_builder.rb index f5d3f431..84e695ea 100644 --- a/lib/barcelona/network/vpc_builder.rb +++ b/lib/barcelona/network/vpc_builder.rb @@ -2,20 +2,20 @@ module Barcelona module Network # https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html ELB_ACCOUNT_IDS = { - "us-east-1" => "127311923021", - "us-east-2" => "033677994240", - "us-west-1" => "027434742980", - "us-west-2" => "797873946194", - "ca-central-1" => "985666609251", - "eu-west-1" => "156460612806", - "eu-central-1" => "054676820928", - "eu-west-2" => "652711504416", + "us-east-1" => "127311923021", + "us-east-2" => "033677994240", + "us-west-1" => "027434742980", + "us-west-2" => "797873946194", + "ca-central-1" => "985666609251", + "eu-west-1" => "156460612806", + "eu-central-1" => "054676820928", + "eu-west-2" => "652711504416", "ap-northeast-1" => "582318560864", "ap-northeast-2" => "600734575887", "ap-southeast-1" => "114774131450", "ap-southeast-2" => "783225319266", - "ap-south-1" => "718504428378", - "sa-east-1" => "507241528517" + "ap-south-1" => "718504428378", + "sa-east-1" => "507241528517" } class VPCBuilder < CloudFormation::Builder diff --git a/lib/barcelona/plugins/pcidss_plugin.rb b/lib/barcelona/plugins/pcidss_plugin.rb index c03d8303..af7089b6 100644 --- a/lib/barcelona/plugins/pcidss_plugin.rb +++ b/lib/barcelona/plugins/pcidss_plugin.rb @@ -418,15 +418,15 @@ def run_commands def on_container_instance_user_data(_instance, user_data) user_data.run_commands += run_commands - user_data.add_file("/etc/yum.repos.d/wazuh.repo", "root:root", "644", < + puts <<~EOS + Barcelona Bootstrap Completed! + Endpoint: #{dns_name} + + Set your DNS record to point to the above endpoint and run the following Barcelona client command + $ bcn login https:// EOS end diff --git a/spec/lib/barcelona/network/network_stack_spec.rb b/spec/lib/barcelona/network/network_stack_spec.rb index bd387ad4..6d31ce7f 100644 --- a/spec/lib/barcelona/network/network_stack_spec.rb +++ b/spec/lib/barcelona/network/network_stack_spec.rb @@ -19,35 +19,48 @@ "EnableDnsHostnames" => true, "Tags" => [{"Key" => "Name", "Value" => {"Ref" => "AWS::StackName"}}, - {"Key" => "barcelona", "Value" => district.name}]}}, + {"Key" => "barcelona", "Value" => district.name}] + } + }, "InternetGateway" => { "Type" => "AWS::EC2::InternetGateway", "Properties" => { "Tags" => [{"Key" => "Name", "Value" => {"Ref" => "AWS::StackName"}}, {"Key" => "barcelona", "Value" => district.name}, - {"Key" => "Network", "Value" => "Public"}]}}, + {"Key" => "Network", "Value" => "Public"}] + } + }, "VPCGatewayAttachment" => { "Type" => "AWS::EC2::VPCGatewayAttachment", "Properties" => { "VpcId" => {"Ref" => "VPC"}, - "InternetGatewayId" => {"Ref" => "InternetGateway"}}}, + "InternetGatewayId" => {"Ref" => "InternetGateway"} + } + }, "VPCDHCPOptions" => { "Type" => "AWS::EC2::DHCPOptions", "Properties" => { "DomainName" => { - "Fn::Join" => [" ", ["us-east-1.compute.internal", "bcn"]]}, - "DomainNameServers" => ["AmazonProvidedDNS"]}}, + "Fn::Join" => [" ", ["us-east-1.compute.internal", "bcn"]] + }, + "DomainNameServers" => ["AmazonProvidedDNS"] + } + }, "VPCDHCPOptionsAssociation" => { "Type" => "AWS::EC2::VPCDHCPOptionsAssociation", "Properties" => { "VpcId" => {"Ref" => "VPC"}, - "DhcpOptionsId" => {"Ref" => "VPCDHCPOptions"}}}, + "DhcpOptionsId" => {"Ref" => "VPCDHCPOptions"} + } + }, "LocalHostedZone" => { "Type" => "AWS::Route53::HostedZone", "Properties" => { "Name" => "bcn", - "VPCs" => [{"VPCId" => {"Ref" => "VPC"}, "VPCRegion" => {"Ref" => "AWS::Region"}}]}}, + "VPCs" => [{"VPCId" => {"Ref" => "VPC"}, "VPCRegion" => {"Ref" => "AWS::Region"}}] + } + }, "PublicELBSecurityGroup" => { "Type" => "AWS::EC2::SecurityGroup", "Properties" => { @@ -65,7 +78,8 @@ {"IpProtocol" => "-1", "FromPort" => "-1", "ToPort" => "-1", - "CidrIp" => district.cidr_block}], + "CidrIp" => district.cidr_block} + ], "Tags" => [{"Key" => "barcelona", "Value" => district.name}], } }, @@ -87,9 +101,9 @@ {"IpProtocol" => "tcp", "FromPort" => 1, "ToPort" => 65535, - "CidrIp" => district.cidr_block}], - "Tags" => [{"Key" => "barcelona", "Value" => district.name}], - } + "CidrIp" => district.cidr_block} + ], + "Tags" => [{"Key" => "barcelona", "Value" => district.name}], } }, "PrivateELBSecurityGroupEgress" => { "Type" => "AWS::EC2::SecurityGroupEgress", @@ -110,7 +124,7 @@ } }, "ContainerInstanceAutoScalingGroup" => { - "Type"=>"AWS::AutoScaling::AutoScalingGroup", + "Type" => "AWS::AutoScaling::AutoScalingGroup", "Properties" => { "DesiredCapacity" => 1, "Cooldown" => 0, @@ -119,7 +133,7 @@ "MinSize" => 1, "HealthCheckType" => "EC2", "LaunchConfigurationName" => {"Ref" => "ContainerInstanceLaunchConfiguration"}, - "VPCZoneIdentifier"=>[ + "VPCZoneIdentifier" => [ {"Ref" => "SubnetTrusted1"}, {"Ref"=>"SubnetTrusted2"} ], @@ -142,13 +156,13 @@ "IamInstanceProfile" => {"Ref"=>"ECSInstanceProfile"}, "ImageId" => kind_of(String), "InstanceType" => "t3.small", - "MetadataOptions"=>{"HttpTokens"=>"required"}, + "MetadataOptions" => {"HttpTokens"=>"required"}, "SecurityGroups" => [{"Ref"=>"InstanceSecurityGroup"}], "UserData" => instance_of(String), "EbsOptimized" => true, "BlockDeviceMappings" => [ { - "DeviceName"=>"/dev/xvda", + "DeviceName" => "/dev/xvda", "Ebs" => {"DeleteOnTermination"=>true, "VolumeSize"=>100, "VolumeType"=>"gp2"} } ] @@ -166,13 +180,13 @@ } }, "ASGDrainingFunctionRole" => { - "Type"=>"AWS::IAM::Role", + "Type" => "AWS::IAM::Role", "Properties" => { "AssumeRolePolicyDocument" => { "Version" => "2012-10-17", "Statement" => [ { - "Effect"=>"Allow", + "Effect" => "Allow", "Principal" => { "Service" => ["lambda.amazonaws.com"] }, @@ -185,11 +199,11 @@ { "PolicyName" => "barcelona-#{district.name}-asg-draining-function-role", "PolicyDocument" => { - "Version"=>"2012-10-17", + "Version" => "2012-10-17", "Statement" => [ { - "Effect"=>"Allow", - "Action"=>[ + "Effect" => "Allow", + "Action" => [ "autoscaling:CompleteLifecycleAction", "ecs:ListContainerInstances", "ecs:DescribeContainerInstances", @@ -200,7 +214,7 @@ "logs:PutLogEvents", "sns:Publish" ], - "Resource"=>["*"] + "Resource" => ["*"] } ] } @@ -235,13 +249,13 @@ } }, "LifecycleHookRole" => { - "Type"=>"AWS::IAM::Role", + "Type" => "AWS::IAM::Role", "Properties" => { "AssumeRolePolicyDocument" => { "Version" => "2012-10-17", "Statement" => [ { - "Effect"=>"Allow", + "Effect" => "Allow", "Principal" => { "Service" => ["autoscaling.amazonaws.com"] }, @@ -289,7 +303,8 @@ "FromPort" => -1, "ToPort" => -1, "SourceSecurityGroupId" => - {"Ref" => "ContainerInstanceAccessibleSecurityGroup"}}], + {"Ref" => "ContainerInstanceAccessibleSecurityGroup"}} + ], "Tags" => [{"Key" => "barcelona", "Value" => district.name}] } }, @@ -300,7 +315,9 @@ "IpProtocol" => -1, "FromPort" => -1, "ToPort" => -1, - "SourceSecurityGroupId" => {"Ref" => "InstanceSecurityGroup"}}}, + "SourceSecurityGroupId" => {"Ref" => "InstanceSecurityGroup"} + } + }, "SecurityGroupBastion" => { "Type" => "AWS::EC2::SecurityGroup", "Properties" => { @@ -310,7 +327,8 @@ {"IpProtocol" => "tcp", "FromPort" => 22, "ToPort" => 22, - "CidrIp" => "0.0.0.0/0"}], + "CidrIp" => "0.0.0.0/0"} + ], "SecurityGroupEgress" => [ {"IpProtocol" => "tcp", "FromPort" => 22, @@ -344,19 +362,19 @@ } }, "BastionRole" => { - "Type"=>"AWS::IAM::Role", + "Type" => "AWS::IAM::Role", "Properties" => { "AssumeRolePolicyDocument" => { - "Version"=>"2012-10-17", + "Version" => "2012-10-17", "Statement" => [ { - "Effect"=>"Allow", + "Effect" => "Allow", "Principal" => {"Service"=>["ec2.amazonaws.com"]}, - "Action"=>["sts:AssumeRole"] + "Action" => ["sts:AssumeRole"] } ] }, - "Path"=>"/", + "Path" => "/", "ManagedPolicyArns" => [ "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM", "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy" @@ -367,7 +385,7 @@ "Type" => "AWS::AutoScaling::LaunchConfiguration", "Properties" => { "InstanceType" => "t3.micro", - "MetadataOptions"=>{"HttpTokens"=>"required"}, + "MetadataOptions" => {"HttpTokens"=>"required"}, "IamInstanceProfile" => {"Ref" => "BastionProfile"}, "ImageId" => kind_of(String), "UserData" => anything, @@ -415,26 +433,26 @@ } }, "ECSInstanceProfile" => { - "Type"=>"AWS::IAM::InstanceProfile", + "Type" => "AWS::IAM::InstanceProfile", "Properties" => { "Path" => "/", "Roles" => [{"Ref"=>"ECSInstanceRole"}] } }, "ECSInstanceRole" => { - "Type"=>"AWS::IAM::Role", + "Type" => "AWS::IAM::Role", "Properties" => { "AssumeRolePolicyDocument" => { - "Version"=>"2012-10-17", + "Version" => "2012-10-17", "Statement" => [ { - "Effect"=>"Allow", + "Effect" => "Allow", "Principal" => {"Service"=>["ec2.amazonaws.com"]}, - "Action"=>["sts:AssumeRole"] + "Action" => ["sts:AssumeRole"] } ] }, - "Path"=>"/", + "Path" => "/", "ManagedPolicyArns" => [ "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM", "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role", @@ -447,12 +465,12 @@ "Version" => "2012-10-17", "Statement" => [ { - "Effect"=>"Allow", + "Effect" => "Allow", "Action" => [ "s3:Get*", "s3:List*" ], - "Resource"=>["*"] + "Resource" => ["*"] } ] } @@ -461,13 +479,13 @@ } }, "ECSServiceRole" => { - "Type"=>"AWS::IAM::Role", + "Type" => "AWS::IAM::Role", "Properties" => { "AssumeRolePolicyDocument" => { "Version" => "2012-10-17", "Statement" => [ { - "Effect"=>"Allow", + "Effect" => "Allow", "Principal" => { "Service" => ["ecs.amazonaws.com"] }, @@ -480,18 +498,18 @@ { "PolicyName" => "barcelona-ecs-service-role", "PolicyDocument" => { - "Version"=>"2012-10-17", + "Version" => "2012-10-17", "Statement" => [ { - "Effect"=>"Allow", - "Action"=>[ + "Effect" => "Allow", + "Action" => [ "elasticloadbalancing:Describe*", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "ec2:Describe*", "ec2:AuthorizeSecurityGroupIngress" ], - "Resource"=>["*"] + "Resource" => ["*"] } ] } @@ -506,14 +524,19 @@ "Tags" => [ {"Key" => "Name", "Value" => {"Fn::Join" => ["-", [{"Ref" => "AWS::StackName"}, "public"]]}}, {"Key" => "barcelona", "Value" => district.name}, - {"Key" => "Network", "Value" => "Public"}]}}, + {"Key" => "Network", "Value" => "Public"} + ] + } + }, "RouteDmz1" => { "Type" => "AWS::EC2::Route", "DependsOn" => ["VPCGatewayAttachment"], "Properties" => { "RouteTableId" => {"Ref" => "RouteTableDmz1"}, "DestinationCidrBlock" => "0.0.0.0/0", - "GatewayId" => {"Ref" => "InternetGateway"}}}, + "GatewayId" => {"Ref" => "InternetGateway"} + } + }, "NetworkAclDmz1" => { "Type" => "AWS::EC2::NetworkAcl", "Properties" => { @@ -521,7 +544,10 @@ "Tags" => [ {"Key" => "Name", "Value" => {"Fn::Join" => ["-", [{"Ref" => "AWS::StackName"}, "public"]]}}, {"Key" => "barcelona", "Value" => district.name}, - {"Key" => "Network", "Value" => "Public"}]}}, + {"Key" => "Network", "Value" => "Public"} + ] + } + }, "InboundNetworkAclEntryDmz10" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -531,7 +557,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 22, "To" => 22}, - "Protocol" => 6}}, + "Protocol" => 6 + } + }, "InboundNetworkAclEntryDmz11" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -541,7 +569,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 80, "To" => 80}, - "Protocol" => 6}}, + "Protocol" => 6 + } + }, "InboundNetworkAclEntryDmz12" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -551,7 +581,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 443, "To" => 443}, - "Protocol" => 6}}, + "Protocol" => 6 + } + }, "InboundNetworkAclEntryDmz13" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -561,7 +593,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 1024, "To" => 65535}, - "Protocol" => 6}}, + "Protocol" => 6 + } + }, "InboundNetworkAclEntryDmz14" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -571,7 +605,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 1024, "To" => 65535}, - "Protocol" => 17}}, + "Protocol" => 17 + } + }, "InboundNetworkAclEntryDmz15" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -581,7 +617,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 123, "To" => 123}, - "Protocol" => 17}}, + "Protocol" => 17 + } + }, "InboundNetworkAclEntryDmz1ICMP" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -591,7 +629,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "Icmp" => {"Type" => -1, "Code" => -1}, - "Protocol" => 1}}, + "Protocol" => 1 + } + }, "OutboundNetworkAclEntryDmz1" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -601,7 +641,9 @@ "RuleAction" => "allow", "Egress" => true, "CidrBlock" => "0.0.0.0/0", - "PortRange" => {"From" => 0, "To" => 65535}}}, + "PortRange" => {"From" => 0, "To" => 65535} + } + }, "SubnetDmz1" => { "Type" => "AWS::EC2::Subnet", "Properties" => { @@ -613,16 +655,22 @@ {"Key" => "Name", "Value" => {"Fn::Join" => ["-", [{"Ref" => "AWS::StackName"}, "Dmz1"]]}}, {"Key" => "barcelona", "Value" => district.name}, - {"Key" => "Network", "Value" => "Public"}]}}, + {"Key" => "Network", "Value" => "Public"} + ] + } + }, "SubnetRouteTableAssociationDmz1" => { "Type" => "AWS::EC2::SubnetRouteTableAssociation", "Properties" => { "SubnetId" => {"Ref" => "SubnetDmz1"}, - "RouteTableId" => {"Ref" => "RouteTableDmz1"}}}, + "RouteTableId" => {"Ref" => "RouteTableDmz1"} + } + }, "SubnetNetworkAclAssociationDmz1" => { "Type" => "AWS::EC2::SubnetNetworkAclAssociation", "Properties" => {"SubnetId" => {"Ref" => "SubnetDmz1"}, - "NetworkAclId" => {"Ref" => "NetworkAclDmz1"}}}, + "NetworkAclId" => {"Ref" => "NetworkAclDmz1"}} + }, "RouteTableDmz2" => { "Type" => "AWS::EC2::RouteTable", "Properties" => { @@ -630,14 +678,19 @@ "Tags" => [ {"Key" => "Name", "Value" => {"Fn::Join" => ["-", [{"Ref" => "AWS::StackName"}, "public"]]}}, {"Key" => "barcelona", "Value" => district.name}, - {"Key" => "Network", "Value" => "Public"}]}}, + {"Key" => "Network", "Value" => "Public"} + ] + } + }, "RouteDmz2" => { "Type" => "AWS::EC2::Route", "DependsOn" => ["VPCGatewayAttachment"], "Properties" => { "RouteTableId" => {"Ref" => "RouteTableDmz2"}, "DestinationCidrBlock" => "0.0.0.0/0", - "GatewayId" => {"Ref" => "InternetGateway"}}}, + "GatewayId" => {"Ref" => "InternetGateway"} + } + }, "NetworkAclDmz2" => { "Type" => "AWS::EC2::NetworkAcl", "Properties" => { @@ -645,7 +698,10 @@ "Tags" => [ {"Key" => "Name", "Value" => {"Fn::Join" => ["-", [{"Ref" => "AWS::StackName"}, "public"]]}}, {"Key" => "barcelona", "Value" => district.name}, - {"Key" => "Network", "Value" => "Public"}]}}, + {"Key" => "Network", "Value" => "Public"} + ] + } + }, "InboundNetworkAclEntryDmz20" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -655,7 +711,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 22, "To" => 22}, - "Protocol" => 6}}, + "Protocol" => 6 + } + }, "InboundNetworkAclEntryDmz21" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -665,7 +723,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 80, "To" => 80}, - "Protocol" => 6}}, + "Protocol" => 6 + } + }, "InboundNetworkAclEntryDmz22" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -675,7 +735,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 443, "To" => 443}, - "Protocol" => 6}}, + "Protocol" => 6 + } + }, "InboundNetworkAclEntryDmz23" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -685,7 +747,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 1024, "To" => 65535}, - "Protocol" => 6}}, + "Protocol" => 6 + } + }, "InboundNetworkAclEntryDmz24" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -695,7 +759,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 1024, "To" => 65535}, - "Protocol" => 17}}, + "Protocol" => 17 + } + }, "InboundNetworkAclEntryDmz25" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -705,7 +771,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 123, "To" => 123}, - "Protocol" => 17}}, + "Protocol" => 17 + } + }, "InboundNetworkAclEntryDmz2ICMP" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -715,7 +783,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "Icmp" => {"Type" => -1, "Code" => -1}, - "Protocol" => 1}}, + "Protocol" => 1 + } + }, "OutboundNetworkAclEntryDmz2" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -725,7 +795,9 @@ "RuleAction" => "allow", "Egress" => true, "CidrBlock" => "0.0.0.0/0", - "PortRange" => {"From" => 0, "To" => 65535}}}, + "PortRange" => {"From" => 0, "To" => 65535} + } + }, "SubnetDmz2" => { "Type" => "AWS::EC2::Subnet", "Properties" => { @@ -735,17 +807,24 @@ "Tags" => [ {"Key" => "Name", "Value" => {"Fn::Join" => ["-", [{"Ref" => "AWS::StackName"}, "Dmz2"]]}}, {"Key" => "barcelona", "Value" => district.name}, - {"Key" => "Network", "Value" => "Public"}]}}, + {"Key" => "Network", "Value" => "Public"} + ] + } + }, "SubnetRouteTableAssociationDmz2" => { "Type" => "AWS::EC2::SubnetRouteTableAssociation", "Properties" => { "SubnetId" => {"Ref" => "SubnetDmz2"}, - "RouteTableId" => {"Ref" => "RouteTableDmz2"}}}, + "RouteTableId" => {"Ref" => "RouteTableDmz2"} + } + }, "SubnetNetworkAclAssociationDmz2" => { "Type" => "AWS::EC2::SubnetNetworkAclAssociation", "Properties" => { "SubnetId" => {"Ref" => "SubnetDmz2"}, - "NetworkAclId" => {"Ref" => "NetworkAclDmz2"}}}, + "NetworkAclId" => {"Ref" => "NetworkAclDmz2"} + } + }, "RouteTableTrusted1" => { "Type" => "AWS::EC2::RouteTable", "Properties" => { @@ -753,7 +832,10 @@ "Tags" => [ {"Key" => "Name", "Value" => {"Fn::Join" => ["-", [{"Ref" => "AWS::StackName"}, "private"]]}}, {"Key" => "barcelona", "Value" => district.name}, - {"Key" => "Network", "Value" => "Private"}]}}, + {"Key" => "Network", "Value" => "Private"} + ] + } + }, "NetworkAclTrusted1" => { "Type" => "AWS::EC2::NetworkAcl", "Properties" => { @@ -761,7 +843,10 @@ "Tags" => [ {"Key" => "Name", "Value" => {"Fn::Join" => ["-", [{"Ref" => "AWS::StackName"}, "private"]]}}, {"Key" => "barcelona", "Value" => district.name}, - {"Key" => "Network", "Value" => "Private"}]}}, + {"Key" => "Network", "Value" => "Private"} + ] + } + }, "InboundNetworkAclEntryTrusted10" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -771,7 +856,9 @@ "Egress" => false, "CidrBlock" => "10.0.0.0/8", "PortRange" => {"From" => 22, "To" => 22}, - "Protocol" => 6}}, + "Protocol" => 6 + } + }, "InboundNetworkAclEntryTrusted11" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -781,7 +868,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 80, "To" => 80}, - "Protocol" => 6}}, + "Protocol" => 6 + } + }, "InboundNetworkAclEntryTrusted12" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -791,7 +880,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 443, "To" => 443}, - "Protocol" => 6}}, + "Protocol" => 6 + } + }, "InboundNetworkAclEntryTrusted13" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -801,7 +892,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 1024, "To" => 65535}, - "Protocol" => 6}}, + "Protocol" => 6 + } + }, "InboundNetworkAclEntryTrusted14" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -811,7 +904,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 1024, "To" => 65535}, - "Protocol" => 17}}, + "Protocol" => 17 + } + }, "InboundNetworkAclEntryTrusted15" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -821,7 +916,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 123, "To" => 123}, - "Protocol" => 17}}, + "Protocol" => 17 + } + }, "InboundNetworkAclEntryTrusted1ICMP" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -831,7 +928,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "Icmp" => {"Type" => -1, "Code" => -1}, - "Protocol" => 1}}, + "Protocol" => 1 + } + }, "OutboundNetworkAclEntryTrusted1" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -841,7 +940,9 @@ "RuleAction" => "allow", "Egress" => true, "CidrBlock" => "0.0.0.0/0", - "PortRange" => {"From" => 0, "To" => 65535}}}, + "PortRange" => {"From" => 0, "To" => 65535} + } + }, "SubnetTrusted1" => { "Type" => "AWS::EC2::Subnet", "Properties" => { @@ -851,17 +952,24 @@ "Tags" => [ {"Key" => "Name", "Value" => {"Fn::Join" => ["-", [{"Ref" => "AWS::StackName"}, "Trusted1"]]}}, {"Key" => "barcelona", "Value" => district.name}, - {"Key" => "Network", "Value" => "Private"}]}}, + {"Key" => "Network", "Value" => "Private"} + ] + } + }, "SubnetRouteTableAssociationTrusted1" => { "Type" => "AWS::EC2::SubnetRouteTableAssociation", "Properties" => { "SubnetId" => {"Ref" => "SubnetTrusted1"}, - "RouteTableId" => {"Ref" => "RouteTableTrusted1"}}}, + "RouteTableId" => {"Ref" => "RouteTableTrusted1"} + } + }, "SubnetNetworkAclAssociationTrusted1" => { "Type" => "AWS::EC2::SubnetNetworkAclAssociation", "Properties" => { "SubnetId" => {"Ref" => "SubnetTrusted1"}, - "NetworkAclId" => {"Ref" => "NetworkAclTrusted1"}}}, + "NetworkAclId" => {"Ref" => "NetworkAclTrusted1"} + } + }, "RouteTableTrusted2" => { "Type" => "AWS::EC2::RouteTable", "Properties" => { @@ -869,7 +977,10 @@ "Tags" => [ {"Key" => "Name", "Value" => {"Fn::Join" => ["-", [{"Ref" => "AWS::StackName"}, "private"]]}}, {"Key" => "barcelona", "Value" => district.name}, - {"Key" => "Network", "Value" => "Private"}]}}, + {"Key" => "Network", "Value" => "Private"} + ] + } + }, "NetworkAclTrusted2" => { "Type" => "AWS::EC2::NetworkAcl", "Properties" => { @@ -877,7 +988,10 @@ "Tags" => [ {"Key" => "Name", "Value" => {"Fn::Join" => ["-", [{"Ref" => "AWS::StackName"}, "private"]]}}, {"Key" => "barcelona", "Value" => district.name}, - {"Key" => "Network", "Value" => "Private"}]}}, + {"Key" => "Network", "Value" => "Private"} + ] + } + }, "InboundNetworkAclEntryTrusted20" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -887,7 +1001,9 @@ "Egress" => false, "CidrBlock" => "10.0.0.0/8", "PortRange" => {"From" => 22, "To" => 22}, - "Protocol" => 6}}, + "Protocol" => 6 + } + }, "InboundNetworkAclEntryTrusted21" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -897,7 +1013,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 80, "To" => 80}, - "Protocol" => 6}}, + "Protocol" => 6 + } + }, "InboundNetworkAclEntryTrusted22" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -907,7 +1025,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 443, "To" => 443}, - "Protocol" => 6}}, + "Protocol" => 6 + } + }, "InboundNetworkAclEntryTrusted23" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -917,7 +1037,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 1024, "To" => 65535}, - "Protocol" => 6}}, + "Protocol" => 6 + } + }, "InboundNetworkAclEntryTrusted24" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -927,7 +1049,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 1024, "To" => 65535}, - "Protocol" => 17}}, + "Protocol" => 17 + } + }, "InboundNetworkAclEntryTrusted25" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -937,7 +1061,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "PortRange" => {"From" => 123, "To" => 123}, - "Protocol" => 17}}, + "Protocol" => 17 + } + }, "InboundNetworkAclEntryTrusted2ICMP" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -947,7 +1073,9 @@ "Egress" => false, "CidrBlock" => "0.0.0.0/0", "Icmp" => {"Type" => -1, "Code" => -1}, - "Protocol" => 1}}, + "Protocol" => 1 + } + }, "OutboundNetworkAclEntryTrusted2" => { "Type" => "AWS::EC2::NetworkAclEntry", "Properties" => { @@ -957,28 +1085,38 @@ "RuleAction" => "allow", "Egress" => true, "CidrBlock" => "0.0.0.0/0", - "PortRange" => {"From" => 0, "To" => 65535}}}, + "PortRange" => {"From" => 0, "To" => 65535} + } + }, "SubnetTrusted2" => { "Type" => "AWS::EC2::Subnet", "Properties" => { "VpcId" => {"Ref" => "VPC"}, "CidrBlock" => (IPAddr.new(district.cidr_block) | (2 << 8)).to_s + "/24", "AvailabilityZone" => { - "Fn::Select" => [1, {"Fn::GetAZs" => {"Ref" => "AWS::Region"}}]}, + "Fn::Select" => [1, {"Fn::GetAZs" => {"Ref" => "AWS::Region"}}] + }, "Tags" => [ {"Key" => "Name", "Value" => {"Fn::Join" => ["-", [{"Ref" => "AWS::StackName"}, "Trusted2"]]}}, {"Key" => "barcelona", "Value" => district.name}, - {"Key" => "Network", "Value" => "Private"}]}}, + {"Key" => "Network", "Value" => "Private"} + ] + } + }, "SubnetRouteTableAssociationTrusted2" => { "Type" => "AWS::EC2::SubnetRouteTableAssociation", "Properties" => { "SubnetId" => {"Ref" => "SubnetTrusted2"}, - "RouteTableId" => {"Ref" => "RouteTableTrusted2"}}}, + "RouteTableId" => {"Ref" => "RouteTableTrusted2"} + } + }, "SubnetNetworkAclAssociationTrusted2" => { "Type" => "AWS::EC2::SubnetNetworkAclAssociation", "Properties" => { "SubnetId" => {"Ref" => "SubnetTrusted2"}, - "NetworkAclId" => {"Ref" => "NetworkAclTrusted2"}}}, + "NetworkAclId" => {"Ref" => "NetworkAclTrusted2"} + } + }, "NotificationTopic" => { "Type" => "AWS::SNS::Topic", "Properties" => { @@ -999,9 +1137,7 @@ ["arn:aws:s3:::", "#{district.s3_bucket_name}/elb_logs/*/AWSLogs/", {"Ref" => "AWS::AccountId"}, - "/*" - ] - ], + "/*"]], }, "Principal" => {"AWS" => Barcelona::Network::ELB_ACCOUNT_IDS[district.region]} } diff --git a/spec/models/district_spec.rb b/spec/models/district_spec.rb index 2991c7bf..53bb3ee9 100644 --- a/spec/models/district_spec.rb +++ b/spec/models/district_spec.rb @@ -26,9 +26,10 @@ end context "when aws keys are present" do - let(:district) { build :district, - aws_access_key_id: "AWS_ACCESS_KEY_ID", - aws_secret_access_key: "AWS_SECRET_ACCESS_KEY" + let(:district) { + build :district, + aws_access_key_id: "AWS_ACCESS_KEY_ID", + aws_secret_access_key: "AWS_SECRET_ACCESS_KEY" } it { expect(district).to be_valid } end diff --git a/spec/models/heritage_spec.rb b/spec/models/heritage_spec.rb index bea972e6..231960bb 100644 --- a/spec/models/heritage_spec.rb +++ b/spec/models/heritage_spec.rb @@ -61,16 +61,17 @@ heritage.environments.create!(name: "env3", value: "value3") end - it { is_expected.to eq [{name: "env", value: "value_new"}, - {name: "env2", value: "value2"}, - {name: "env3", value: "value3"}] + it { + is_expected.to eq [{name: "env", value: "value_new"}, + {name: "env2", value: "value2"}, + {name: "env3", value: "value3"}] } end it "doesn't have env when plain env_var and secret environment exist with the same name" do - heritage.env_vars.create!(key: "env", value: "value", secret: false) - heritage.environments.create!(name: "env", value_from: "path/to/ssm") - expect(subject.map{|h| h[:name]}).to_not include "env" + heritage.env_vars.create!(key: "env", value: "value", secret: false) + heritage.environments.create!(name: "env", value_from: "path/to/ssm") + expect(subject.map{|h| h[:name]}).to_not include "env" end end @@ -99,10 +100,10 @@ end it "doesn't have env when there are legacy secret env var and plain environment with the same name" do - heritage.env_vars.create!(key: "env", value: "abc", secret: true) - heritage.environments.create!(name: "env", value: "value") - expect(subject).to_not include "env" - expect(heritage.environment_set.map{|h| h[:name]}).to include "env" + heritage.env_vars.create!(key: "env", value: "abc", secret: true) + heritage.environments.create!(name: "env", value: "value") + expect(subject).to_not include "env" + expect(heritage.environment_set.map{|h| h[:name]}).to include "env" end end end @@ -119,9 +120,10 @@ end context "when a heritage has scheduled tasks" do - let(:heritage) { build :heritage, - scheduled_tasks: [{schedule: 'rate(1 minute)', - command: 'rails runner "p :hello"'}] + let(:heritage) { + build :heritage, + scheduled_tasks: [{schedule: 'rate(1 minute)', + command: 'rails runner "p :hello"'}] } it "generates a correct stack template" do generated = JSON.load stack.target! diff --git a/spec/models/heritage_task_definition_spec.rb b/spec/models/heritage_task_definition_spec.rb index 03972edc..967b9273 100644 --- a/spec/models/heritage_task_definition_spec.rb +++ b/spec/models/heritage_task_definition_spec.rb @@ -262,7 +262,7 @@ execution_role_arn: "task-execution-role", container_definitions: [ { - name: "#{heritage.name}-oneoff", + name: "#{heritage.name}-oneoff", cpu: 128, memory: 512, essential: true, @@ -331,7 +331,7 @@ "ExecutionRoleArn" => "task-execution-role", "ContainerDefinitions" => [ { - "Name" => "#{heritage.name}-schedule", + "Name" => "#{heritage.name}-schedule", "Cpu" => 128, "Memory" => 512, "Essential" => true, diff --git a/spec/models/release_spec.rb b/spec/models/release_spec.rb index 3628e552..5b35fe29 100644 --- a/spec/models/release_spec.rb +++ b/spec/models/release_spec.rb @@ -26,7 +26,8 @@ "hosts", "service_type", "force_ssl", - "health_check")]}) + "health_check") + ]}) } end diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb index a26899d6..fd41a8e9 100644 --- a/spec/rails_helper.rb +++ b/spec/rails_helper.rb @@ -63,8 +63,8 @@ config.before :each do stub_const("Gibberish::AES::SJCL::DEFAULTS", { - v:1, iter:1, ks:256, ts:96, - mode:"gcm", adata:"", cipher:"aes", max_iter: 1 + v: 1, iter:1, ks:256, ts:96, + mode: "gcm", adata:"", cipher:"aes", max_iter: 1 }) allow_any_instance_of(Aws::CloudFormation::Client).to receive(:describe_stack_resources) { double(stack_resources: [