diff --git a/lib/terraforming/resource/kms_key.rb b/lib/terraforming/resource/kms_key.rb index 391db85f..2dbc2cb7 100644 --- a/lib/terraforming/resource/kms_key.rb +++ b/lib/terraforming/resource/kms_key.rb @@ -48,11 +48,34 @@ def aliases end def keys - @client - .list_keys - .keys + allKeys = Array.new + flag = true + m = nil + + while flag do + res = @client + .list_keys({ + limit: 1000, + marker: m, + }) + + flag = res.truncated + m = res.next_marker + #res.keys.each {|key| puts module_name_of(key)} + + + allKeys = allKeys.concat(res.keys) + sleep(0.3) + end + + + + allKeys .reject { |key| managed_master_key?(key) } - .map { |key| @client.describe_key(key_id: key.key_id) } + .map { |key| + sleep(0.2) + @client.describe_key(key_id: key.key_id) + } .map(&:key_metadata) .reject { |metadata| metadata.origin == "EXTERNAL" } # external origin key is not supoprted by Terraform end diff --git a/lib/terraforming/resource/security_group.rb b/lib/terraforming/resource/security_group.rb index dfadd4b9..ec8806a3 100644 --- a/lib/terraforming/resource/security_group.rb +++ b/lib/terraforming/resource/security_group.rb @@ -113,6 +113,53 @@ def permission_attributes_of(security_group, permission, type) end def dedup_permissions(permissions, group_id) + + more = [] + + permissions.each { |a| + + if a.user_id_group_pairs.any? + + pairs = [] + h = Hash.new + + a.user_id_group_pairs.each { |r, i| + if r.description.nil? + r.description = "" + end + if !h.has_key? r.description.to_s + h[r.description] = [r] + else + h[r.description].push r + end + } + h.each_pair { |k, v| + if k.to_s.empty? + next + end + a1 = a.dup + a1.ipv_6_ranges = [] + a1.prefix_list_ids = [] + a1.ip_ranges = [] + a1.user_id_group_pairs = v + more.push a1 + } + + if h.has_key? "" + a.user_id_group_pairs = h[""] + more.push a + end + + + else + + more.push a + + end + + } + permissions = more + group_permissions(permissions).inject([]) do |result, (_, perms)| group_ids = perms.map(&:user_id_group_pairs).flatten.map(&:group_id) @@ -127,6 +174,7 @@ def dedup_permissions(permissions, group_id) end def group_permissions(permissions) + permissions.group_by { |permission| [permission.ip_protocol, permission.to_port, permission.from_port] } end diff --git a/lib/terraforming/template/tf/auto_scaling_group.erb b/lib/terraforming/template/tf/auto_scaling_group.erb index 70c58527..bb5c6aa1 100644 --- a/lib/terraforming/template/tf/auto_scaling_group.erb +++ b/lib/terraforming/template/tf/auto_scaling_group.erb @@ -11,6 +11,7 @@ resource "aws_autoscaling_group" "<%= module_name_of(group) %>" { max_size = <%= group.max_size %> min_size = <%= group.min_size %> name = "<%= group.auto_scaling_group_name %>" + enabled_metrics = <%= group.enabled_metrics.map(&:metric) %> <%- if vpc_zone_specified -%> vpc_zone_identifier = <%= vpc_zone_identifier_of(group).inspect %> <%- end -%> diff --git a/lib/terraforming/template/tf/db_parameter_group.erb b/lib/terraforming/template/tf/db_parameter_group.erb index e2e07181..e95ca224 100644 --- a/lib/terraforming/template/tf/db_parameter_group.erb +++ b/lib/terraforming/template/tf/db_parameter_group.erb @@ -2,7 +2,7 @@ resource "aws_db_parameter_group" "<%= module_name_of(parameter_group) %>" { name = "<%= parameter_group.db_parameter_group_name %>" family = "<%= parameter_group.db_parameter_group_family %>" - description = "<%= parameter_group.description %>" + description = <%= parameter_group.description.inspect %> <% db_parameters_in(parameter_group).each do |parameter| -%> parameter { diff --git a/lib/terraforming/template/tf/db_security_group.erb b/lib/terraforming/template/tf/db_security_group.erb index b4bbb6de..7b1cd3d0 100644 --- a/lib/terraforming/template/tf/db_security_group.erb +++ b/lib/terraforming/template/tf/db_security_group.erb @@ -1,7 +1,7 @@ <% db_security_groups.each do |security_group| -%> resource "aws_db_security_group" "<%= module_name_of(security_group) %>" { name = "<%= security_group.db_security_group_name %>" - description = "<%= security_group.db_security_group_description %>" + description = <%= security_group.db_security_group_description.inspect %> <% security_group.ip_ranges.each do |cidr| -%> ingress { diff --git a/lib/terraforming/template/tf/ec2.erb b/lib/terraforming/template/tf/ec2.erb index a4e17b93..e6fb9024 100644 --- a/lib/terraforming/template/tf/ec2.erb +++ b/lib/terraforming/template/tf/ec2.erb @@ -1,4 +1,5 @@ <% instances.each do |instance| -%> +<%- sleep(0.2) -%> resource "aws_instance" "<%= module_name_of(instance) %>" { ami = "<%= instance.image_id %>" availability_zone = "<%= instance.placement.availability_zone %>" diff --git a/lib/terraforming/template/tf/elasti_cache_subnet_group.erb b/lib/terraforming/template/tf/elasti_cache_subnet_group.erb index 89427e17..c1702fc9 100644 --- a/lib/terraforming/template/tf/elasti_cache_subnet_group.erb +++ b/lib/terraforming/template/tf/elasti_cache_subnet_group.erb @@ -1,7 +1,7 @@ <% cache_subnet_groups.each do |cache_subnet_group| -%> resource "aws_elasticache_subnet_group" "<%= module_name_of(cache_subnet_group) %>" { name = "<%= cache_subnet_group.cache_subnet_group_name %>" - description = "<%= cache_subnet_group.cache_subnet_group_description %>" + description = <%= cache_subnet_group.cache_subnet_group_description.inspect %> subnet_ids = <%= subnet_ids_of(cache_subnet_group).inspect %> } diff --git a/lib/terraforming/template/tf/elb.erb b/lib/terraforming/template/tf/elb.erb index fcb9c164..f482faa0 100644 --- a/lib/terraforming/template/tf/elb.erb +++ b/lib/terraforming/template/tf/elb.erb @@ -1,4 +1,5 @@ <% load_balancers.each do |load_balancer| -%> + <%- sleep(0.2) -%> <%- load_balancer_attributes = load_balancer_attributes_of(load_balancer) -%> resource "aws_elb" "<%= module_name_of(load_balancer) %>" { name = "<%= load_balancer.load_balancer_name %>" diff --git a/lib/terraforming/template/tf/iam_instance_profile.erb b/lib/terraforming/template/tf/iam_instance_profile.erb index 079463a6..705373f7 100644 --- a/lib/terraforming/template/tf/iam_instance_profile.erb +++ b/lib/terraforming/template/tf/iam_instance_profile.erb @@ -2,7 +2,9 @@ resource "aws_iam_instance_profile" "<%= module_name_of(profile) %>" { name = "<%= profile.instance_profile_name %>" path = "<%= profile.path %>" + <%- if profile.roles[0] != nil -%> role = "<%= profile.roles[0].role_name %>" + <%- end -%> } <% end -%> diff --git a/lib/terraforming/template/tf/iam_policy.erb b/lib/terraforming/template/tf/iam_policy.erb index 7eea94b6..b3abb5aa 100644 --- a/lib/terraforming/template/tf/iam_policy.erb +++ b/lib/terraforming/template/tf/iam_policy.erb @@ -3,7 +3,7 @@ resource "aws_iam_policy" "<%= module_name_of(policy) %>" { name = "<%= policy.policy_name %>" path = "<%= policy.path %>" - description = "<%= iam_policy_description(policy) %>" + description = <%= iam_policy_description(policy).inspect %> policy = < POLICY diff --git a/lib/terraforming/template/tf/launch_configuration.erb b/lib/terraforming/template/tf/launch_configuration.erb index f8d4af85..62a7c6f2 100644 --- a/lib/terraforming/template/tf/launch_configuration.erb +++ b/lib/terraforming/template/tf/launch_configuration.erb @@ -63,6 +63,9 @@ resource "aws_launch_configuration" "<%= module_name_of(launch_configuration) %> <%- end -%> <%- end -%> + lifecycle { + ignore_changes = ["name_prefix"] + } } <%- end -%> diff --git a/lib/terraforming/template/tf/security_group.erb b/lib/terraforming/template/tf/security_group.erb index f30760b8..66d4cd13 100644 --- a/lib/terraforming/template/tf/security_group.erb +++ b/lib/terraforming/template/tf/security_group.erb @@ -1,7 +1,7 @@ <% security_groups.each do |security_group| -%> resource "aws_security_group" "<%= module_name_of(security_group) %>" { name = "<%= security_group.group_name %>" - description = "<%= security_group.description %>" + description = <%= security_group.description.inspect %> vpc_id = "<%= security_group.vpc_id || '' %>" <% dedup_permissions(security_group.ip_permissions, security_group.group_id).each do |permission| -%> @@ -16,10 +16,16 @@ resource "aws_security_group" "<%= module_name_of(security_group) %>" { <%- if permission.ip_ranges.length > 0 -%> cidr_blocks = <%= permission.ip_ranges.map { |range| range.cidr_ip }.inspect %> <%- end -%> +<%- if permission.ipv_6_ranges.length > 0 -%> + ipv6_cidr_blocks = <%= permission.ipv_6_ranges.map { |range| range.cidr_ipv_6 }.inspect %> +<%- end -%> <%- if permission.user_id_group_pairs.length > 0 -%> <%- self_referenced = self_referenced_permission?(security_group, permission) -%> security_groups = <%= security_groups.inspect %> self = <%= self_referenced %> + <%- if !permission.user_id_group_pairs[0].description.to_s.empty? -%> + description = "<%= permission.user_id_group_pairs[0].description.to_s %>" + <%- end -%> <%- end -%> }