Skip to content
This repository has been archived by the owner on Jun 5, 2020. It is now read-only.

ELBv2 (ALB) partially working code for Issue #429 #439

Open
wants to merge 75 commits into
base: master
Choose a base branch
from

Conversation

MWilkinson
Copy link
Contributor

@zleswomp I've rebased what I currently have against the master branch.
Here's what I have managed so far.
Target group - listing/creation/modification/deletion
ALB - listing/partial creation/partial modification/deletion

From what I remember, my next steps where to work on the listner rules for the ALB

@MWilkinson MWilkinson mentioned this pull request Mar 22, 2017
Copy link
Contributor

@prozach prozach left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a good start to me. I was able to enumerate the ALBs in our environment and their target groups. I've not tried modification, but it looks like most of that is in place.

I'd say at a minimum we should get the tests passing, and if you see any obvious style issues that you want to clean up before hand. That and a squash here, and I'd think this would be good to go in, given that its all new code.

Is this still something that you are actively working on?

desc 'Protocol to use for routing traffic to targets (HTTP/HTTPS)'
newvalues(:HTTP, :HTTPS)
validate do |value|
file 'protocol must be specified' unless value
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think fail was intended here.

Copy link
Contributor Author

@MWilkinson MWilkinson Mar 23, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@zleswomp Yes, you are correct.
Unfortuately this is NOT something that I'm actively working on at present.

newproperty(:port) do
desc 'Port on which the targets receive traffic'
validate do |value|
file 'Target port must be specified' unless value
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think fail was intended here.

DavidS and others added 13 commits March 23, 2017 08:50
This should make gem installation across all supported ruby versions work
again, and reduce the delta, once we can roll that up into modulesync.

This also includes version restrictions for gems droppint 1.9.3 support.
Without this change, we call '.keys' on a nil object.  The 'initialize'
method should have set the 'property_flush' to an empty hash, so I'm a
little confused about why this is required.
Without this change, webmock fails to install correctly due to a version
mismatch on ruby.  Here we address this by pinning the version of
webmock based on the ruby version.
This work updates the SDK to be newer.  This will be required for
several items going in currently, as well as work that is planned to be
submitted around CloudFront soon.
adds Ubuntu 16.04 to supported ubuntu platforms on metadata.json
Without this change, the listeners on elb_loadbalancer resources are
marked as read-only in the type and are thus not modifiable.  This work
adds support for modifying listeners and setting the 'policy' for HTTPS
listeners to control which cipher suites are available.
…w ec2_vpc_dhcp_options to be associated with ec2_vpc.
removing test for enforcing old value

adding tests

fixing tests

fixing test

more elegant way of handling the validation using symbol which is more efficient performance wise
dharmabruce and others added 26 commits March 23, 2017 08:54
Without this change, there is no functionality in this module to manage
the lifecycle and policy of a KMS key in amazon.  Here we add a simple
type and provider with just enough to create, destroy, and manage the
policy.  There are testing updates for the normalization code here,
since the KMS policy exercises data structures that are not exercised
elsewhere, so we extend the use case a bit of the normalize method
calls.
Without this change, the autorequire for iam_role is not enabled for the
iam_policy_attachment.  This was originally commented because the
iam_role code had not been merged.  Now that the code has been merged,
we can enable this here to allow the automatic and correct ordering for
IAM resources.
Without this change, the ECS tasks are unable to assume a role when
under puppet management.  This work adds a new 'role' property that
allows tasks to assume a given IAM role.
This mistakenly made it through and should be removed.  We should not be
printing data here.
Without this change, the module does not have the facility to manage the
ELB policies, which include a policy type for managing the cipher suite
accepted on HTTPS listeners.  This work adds the initial functionality
to set the listener polices.
Without this change, it is not possible for security groups to use other
security groups in a circular fashion due to creating a dependency loop
in Puppet.  As of the following commit, we no longer fail when a
security group reference to another security group is not found, and
instead simply throw a warning and drop the rule's inclusion in the
rule set.

    bd0ac4b

This now means that two security groups that have not yet been created,
can be set to reference eachother, but will take two runs to be
accurate.  The first run to create the security groups, which will skip
the rules that reference the currently nonexistent security group peers,
and the second run to set the reference rules correctly.

This now opens up the potential for circular dependencies.

    Ec2_securitygroup {
      ensure => present,
      region => 'us-west-2',
      vpc    => 'Z',
    }

    ec2_securitygroup { 'first':
      description => 'first',
      ingress     => [{'port' => '666', 'protocol' => 'tcp', 'security_group' => 'second'}],
    }
    ec2_securitygroup { 'second':
      description => 'second',
      ingress     => [{'port' => '666', 'protocol' => 'tcp', 'security_group' => 'third'}],
    }
    ec2_securitygroup { 'third':
      description => 'thrid',
      ingress     => [{'port' => '666', 'protocol' => 'tcp', 'security_group' => 'first'}],
    }

This is a valid use case for security groups, but not in Puppet.  This is now
only possible to function in this way because we skip security group references
that don't exist.  However, this now means that the autorequire rules will
create a circular dependency and fail to deploy.

Here we remove the autorequire from the securitygroup type for other security
group references  to allow the above scenario to complete the catalog compile
and manage the groups as needed completely.  This solves both the case of
creation of groups that don't exist, but are referenced in other security
groups, as well as circular group references, without causing puppet to loop.
Without this change, the volumes property is not property respected,
either on modification, or on creation.  Here we add the necessary logic
to to set the volumes for a task upon creation of an ECS task, as well
as modification after the initial creation.
Without this change, iam_role is a bit noisy by using Puppet.info.  To
quiet up the log messages, here we change those log entries to be debug
in place of info.  This is more in line with the rest of the providers.
Without this change, an ELB with no listeners causes a stacktrace due to
an incorrect detection of existing listner.  Here we adjust the logic to
account for an empty array, by checking that we have at least 1 listener
before we proceed inspecting the delta between the desired listeners and
the actual listeners.
This adds functionality to the *route53_zone* resource type to manage private
Route53 zones. Previously, only public zones could be created and destroyed,
and there were no properties to manage. This also adds properties to discovery
and management, including which VPCs to associate with private zones.

Without these changes, only 100 zones could be managed. This updates the
discovery API call to handle pagination to remove this limitation.

The shared code to discover a VPC name by ID is changed to also allow discovery
of a VPC ID by name. Internal structure is changed, but method parameters and
returns retain previous functionality.

Existing Route53 Zone tests are updated for these changes.
defined standard properties and auto requires. Working on creating logic to enforce subnets from seperate AZ's

last revision on type. Need to cleanup ensure settings, and make required properties enforced.

beginning to write out provider

Working on create and destroy options for resource. Should be able to report on values at this point.

fix issue with missing PuppetX class

removing fluff

typo should have been using the method to hash

working on subnet enumeration

adding tags to resource hash

fixing issues

fixing more issues

working version of resource. Need to achieve vpc name translation, and Subnet name resolution

fixed vpc translation

enumeration of first position subnet, need to fix to enumerate ALL

subnets refined to return a hash record

subnets resolving as hash

Base resource generation achieved. Subnet name translation successful

working out the config for the create action

fixing missuse of param

fixing issue with typo on method

working version, resource created.

Modifying v2 to allow for the update of the subnets value. Testing for description change now

ability to destroy enabled. Doest not attempt to update when purged, does attempt to update at first build. fixing.

cleanup. working version create,update,destroy. bug in create where update is attempted
This updates the readme to match the code.
Without this change, if the task family count is larger than the results AWS
is willing to hand back in a single request, we don't correctly discover all of
the resources.  Here we add the logic we use elsewhere to ensure that all
resources are collected.
Without this change, tests are failing due to a Puppet Forge change.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.