Merge pull request #522 from AndyMoore/add-type-vpc_endpoints

create vpc_endpoints resource
k1LoW · Aug 25, 2020 · be009b9 · be009b9
2 parents 640070c + 6300ee5
commit be009b9
Show file tree

Hide file tree

Showing 9 changed files with 312 additions and 2 deletions.
diff --git a/doc/_resource_types/vpc_endpoints.md b/doc/_resource_types/vpc_endpoints.md
@@ -0,0 +1,70 @@
+### exist
+
+```ruby
+describe vpc_endpoints('my-vpc-endpoint') do
+  it { should exist }
+end
+```
+
+describe vpc_endpoints('vpce-05907f23265b25f20'), region: $tfvars["region"]["value"] do
+  it { should exist }
+  it { should be_available }
+  it { should have_subnet('subnet-040e19eabf3226f99') }
+  it { should belong_to_vpc('vpc-00af9dcc0134b48e0') }
+  its(:private_dns_enabled) { should eq true }
+  its(:vpc_endpoint_type) { should eq 'Interface' }
+  its(:service_name) { should eq 'com.amazonaws.eu-west-1.codebuild' }
+end
+
+### be_pendingacceptance, be_pending, be_available, be_deleting, be_deleted, be_rejected, be_failed, be_expired
+
+```ruby
+describe ami('my-ami') do
+  it { should be_available }
+end
+```
+
+### belong_to_vpc
+
+```ruby
+describe vpc_endpoints('my-vpc-endpoint') do
+  it { should belong_to_vpc('my-vpc') }
+end
+```
+
+### have_route_table
+
+```ruby
+describe vpc_endpoints('my-vpc-endpoint') do
+  it { should have_route_table('rtb-abc123') }
+end
+```
+
+### have_subnet
+
+```ruby
+describe vpc_endpoints('my-vpc-endpoint') do
+  it { should have_subnet('subnet-abc123') }
+end
+```
+
+### have_tag
+
+```ruby
+describe vpc_endpoints('my-vpc-endpoint') do
+  it { should have_tag('env').value('dev') }
+end
+```
+
+### advanced
+
+`vpc_endpoints` can use `Aws::EC2::Types::VpcEndpoint` resource (see https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/EC2/Types/VpcEndpoint.html).
+
+```ruby
+describe vpc_endpoints('my-vpc-endpoint') do
+  its(:private_dns_enabled) { should eq true }
+  its(:vpc_endpoint_type) { should eq 'Interface' }
+  its(:service_name) { should eq 'com.amazonaws.eu-west-1.codebuild' }
+end
+```
+
diff --git a/doc/resource_types.md b/doc/resource_types.md
@@ -76,6 +76,7 @@
 | [subnet](#subnet)
 | [transit_gateway](#transit_gateway)
 | [vpc](#vpc)
+| [vpc_endpoints](#vpc_endpoints)
 | [vpn_connection](#vpn_connection)
 | [vpn_gateway](#vpn_gateway)
 | [waf_web_acl](#waf_web_acl)
@@ -2784,7 +2785,7 @@ end
 ```
 
 
-### its(:vpc_id), its(:db_instance_identifier), its(:db_instance_class), its(:engine), its(:db_instance_status), its(:master_username), its(:db_name), its(:endpoint), its(:allocated_storage), its(:instance_create_time), its(:preferred_backup_window), its(:backup_retention_period), its(:db_security_groups), its(:availability_zone), its(:preferred_maintenance_window), its(:pending_modified_values), its(:latest_restorable_time), its(:multi_az), its(:engine_version), its(:auto_minor_version_upgrade), its(:read_replica_source_db_instance_identifier), its(:read_replica_db_instance_identifiers), its(:read_replica_db_cluster_identifiers), its(:license_model), its(:iops), its(:character_set_name), its(:secondary_availability_zone), its(:publicly_accessible), its(:status_infos), its(:storage_type), its(:tde_credential_arn), its(:db_instance_port), its(:db_cluster_identifier), its(:storage_encrypted), its(:kms_key_id), its(:dbi_resource_id), its(:ca_certificate_identifier), its(:domain_memberships), its(:copy_tags_to_snapshot), its(:monitoring_interval), its(:enhanced_monitoring_resource_arn), its(:monitoring_role_arn), its(:promotion_tier), its(:db_instance_arn), its(:timezone), its(:iam_database_authentication_enabled), its(:performance_insights_enabled), its(:performance_insights_kms_key_id), its(:performance_insights_retention_period), its(:enabled_cloudwatch_logs_exports), its(:processor_features), its(:deletion_protection), its(:associated_roles), its(:listener_endpoint), its(:max_allocated_storage)
+### its(:vpc_id), its(:db_instance_identifier), its(:db_instance_class), its(:engine), its(:db_instance_status), its(:master_username), its(:db_name), its(:endpoint), its(:allocated_storage), its(:instance_create_time), its(:preferred_backup_window), its(:backup_retention_period), its(:db_security_groups), its(:availability_zone), its(:preferred_maintenance_window), its(:pending_modified_values), its(:latest_restorable_time), its(:multi_az), its(:engine_version), its(:auto_minor_version_upgrade), its(:read_replica_source_db_instance_identifier), its(:read_replica_db_instance_identifiers), its(:read_replica_db_cluster_identifiers), its(:replica_mode), its(:license_model), its(:iops), its(:character_set_name), its(:secondary_availability_zone), its(:publicly_accessible), its(:status_infos), its(:storage_type), its(:tde_credential_arn), its(:db_instance_port), its(:db_cluster_identifier), its(:storage_encrypted), its(:kms_key_id), its(:dbi_resource_id), its(:ca_certificate_identifier), its(:domain_memberships), its(:copy_tags_to_snapshot), its(:monitoring_interval), its(:enhanced_monitoring_resource_arn), its(:monitoring_role_arn), its(:promotion_tier), its(:db_instance_arn), its(:timezone), its(:iam_database_authentication_enabled), its(:performance_insights_enabled), its(:performance_insights_kms_key_id), its(:performance_insights_retention_period), its(:enabled_cloudwatch_logs_exports), its(:processor_features), its(:deletion_protection), its(:associated_roles), its(:listener_endpoint), its(:max_allocated_storage)
 ### :unlock: Advanced use
 
 `rds` can use `Aws::RDS::DBInstance` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/RDS/DBInstance.html).
@@ -3644,6 +3645,86 @@ describe vpc('my-vpc') do
 end
 ```
 
+## <a name="vpc_endpoints">vpc_endpoints</a>
+
+VpcEndpoints resource type.
+
+### exist
+
+```ruby
+describe vpc_endpoints('my-vpc-endpoint') do
+  it { should exist }
+end
+```
+
+describe vpc_endpoints('vpce-05907f23265b25f20'), region: $tfvars["region"]["value"] do
+  it { should exist }
+  it { should be_available }
+  it { should have_subnet('subnet-040e19eabf3226f99') }
+  it { should belong_to_vpc('vpc-00af9dcc0134b48e0') }
+  its(:private_dns_enabled) { should eq true }
+  its(:vpc_endpoint_type) { should eq 'Interface' }
+  its(:service_name) { should eq 'com.amazonaws.eu-west-1.codebuild' }
+end
+
+
+### be_available
+
+### be_deleted
+
+### be_deleting
+
+### be_expired
+
+### be_failed
+
+### be_pending
+
+### be_pendingacceptance
+
+### be_rejected
+
+### have_route_table
+
+```ruby
+describe vpc_endpoints('my-vpc-endpoint') do
+  it { should have_route_table('rtb-abc123') }
+end
+```
+
+
+### have_subnet
+
+```ruby
+describe vpc_endpoints('my-vpc-endpoint') do
+  it { should have_subnet('subnet-abc123') }
+end
+```
+
+
+### have_tag
+
+```ruby
+describe vpc_endpoints('my-vpc-endpoint') do
+  it { should have_tag('env').value('dev') }
+end
+```
+
+
+
+### :unlock: Advanced use
+
+`vpc_endpoints` can use `Aws::EC2::Types::VpcEndpoint` resource (see https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/EC2/Types/VpcEndpoint.html).
+
+```ruby
+describe vpc_endpoints('my-vpc-endpoint') do
+  its(:private_dns_enabled) { should eq true }
+  its(:vpc_endpoint_type) { should eq 'Interface' }
+  its(:service_name) { should eq 'com.amazonaws.eu-west-1.codebuild' }
+end
+```
+
+
 ## <a name="vpn_connection">vpn_connection</a>
 
 VpnConnection resource type.

diff --git a/lib/awspec/generator/doc/type/vpc_endpoints.rb b/lib/awspec/generator/doc/type/vpc_endpoints.rb
@@ -0,0 +1,17 @@
+module Awspec::Generator
+  module Doc
+    module Type
+      class VpcEndpoints < Base
+        def initialize
+          super
+          @type_name = 'VpcEndpoints'
+          @type = Awspec::Type::VpcEndpoints.new('my-vpc-endpoint')
+          @ret = @type.resource_via_client
+          @matchers = []
+          @ignore_matchers = []
+          @describes = []
+        end
+      end
+    end
+  end
+end
diff --git a/lib/awspec/helper/finder.rb b/lib/awspec/helper/finder.rb
@@ -2,6 +2,7 @@
 require 'awspec/helper/finder/nlb'
 require 'awspec/helper/finder/alb'
 require 'awspec/helper/finder/vpc'
+require 'awspec/helper/finder/vpc_endpoints'
 require 'awspec/helper/finder/subnet'
 require 'awspec/helper/finder/ec2'
 require 'awspec/helper/finder/ecr'
@@ -60,6 +61,7 @@ module Finder
     include Awspec::Helper::Finder::Nlb
     include Awspec::Helper::Finder::Alb
     include Awspec::Helper::Finder::Vpc
+    include Awspec::Helper::Finder::VpcEndpoints
     include Awspec::Helper::Finder::Subnet
     include Awspec::Helper::Finder::Ec2
     include Awspec::Helper::Finder::Ecr

diff --git a/lib/awspec/helper/finder/vpc_endpoints.rb b/lib/awspec/helper/finder/vpc_endpoints.rb
@@ -0,0 +1,15 @@
+module Awspec::Helper
+  module Finder
+    module VpcEndpoints
+      def find_vpc_endpoint(id)
+        res = ec2_client.describe_vpc_endpoints({ vpc_endpoint_ids: [id] })
+
+        ret = res.vpc_endpoints.select do |vpce|
+          vpce.vpc_endpoint_id == id
+        end
+
+        ret.single_resource(id)
+      end
+    end
+  end
+end
diff --git a/lib/awspec/helper/type.rb b/lib/awspec/helper/type.rb
@@ -20,7 +20,7 @@ module Type
         elastictranscoder_pipeline waf_web_acl wafregional_web_acl customer_gateway vpn_gateway vpn_connection
         internet_gateway acm cloudwatch_logs dynamodb_table eip sqs ssm_parameter cloudformation_stack
         codebuild sns_topic redshift redshift_cluster_parameter_group codedeploy codedeploy_deployment_group
-        secretsmanager msk transit_gateway cognito_identity_pool cognito_user_pool
+        secretsmanager msk transit_gateway cognito_identity_pool cognito_user_pool vpc_endpoints
       )
 
       ACCOUNT_ATTRIBUTES = %w(

diff --git a/lib/awspec/stub/vpc_endpoints.rb b/lib/awspec/stub/vpc_endpoints.rb
@@ -0,0 +1,64 @@
+Aws.config[:ec2] = {
+  stub_responses: {
+    describe_vpc_endpoints: {
+      vpc_endpoints: [
+        {
+          vpc_endpoint_id: 'vpce-abc123',
+          vpc_endpoint_type: 'Gateway',
+          vpc_id: 'vpc-12345678',
+          service_name: 'com.amazonaws.us-east-1.s3',
+          state: 'available',
+          policy_document: '{"Version": "2008-10-17", "Statement": [{' \
+                           '"Effect": "Allow", "Principal": "*", "Action": "*",' \
+                           '"Resource": "*"}]}',
+          route_table_ids: ['rtb-0123456789abcdefg'],
+          subnet_ids: [],
+          groups: [],
+          private_dns_enabled: false,
+          requester_managed: false,
+          network_interface_ids: [],
+          dns_entries: [],
+          creation_timestamp: Time.new(2020, 8, 13, 9, 00, 00, '+00:00'),
+          tags: [
+            {
+              key: 'Name',
+              value: 'my_vpc_endpoint'
+            }
+          ],
+          owner_id: '112233445566'
+        },
+        {
+          vpc_endpoint_id: 'vpce-abc124',
+          vpc_endpoint_type: 'Interface',
+          vpc_id: 'vpc-12345678',
+          service_name: 'com.amazonaws.eu-west-1.codebuild',
+          state: 'available',
+          policy_document: '{"Version": "2008-10-17", "Statement": [{' \
+                           '"Effect": "Allow", "Principal": "*", "Action": "*",' \
+                           '"Resource": "*"}]}',
+          route_table_ids: [],
+          subnet_ids: ['subnet-abc123'],
+          groups: [{ group_id: 'sg-abc123', group_name: 'default' }],
+          private_dns_enabled: true,
+          requester_managed: false,
+          network_interface_ids: ['eni-06f28a949cb88b84c'],
+          dns_entries: [
+            {
+              dns_name: 'vpce-05907f23265b25f20-wwafshom.codebuild.eu-west-1.vpce.amazonaws.com',
+              hosted_zone_id: 'Z38GZ743OKFT7T'
+            }
+          ],
+          creation_timestamp: Time.new(2020, 8, 13, 9, 00, 00, '+00:00'),
+          tags: [
+            {
+              key: 'Name',
+              value: 'my_vpc_endpoint'
+            }
+          ],
+          owner_id: '112233445566'
+        }
+      ],
+      next_token: nil
+    }
+  }
+}
diff --git a/lib/awspec/type/vpc_endpoints.rb b/lib/awspec/type/vpc_endpoints.rb
@@ -0,0 +1,43 @@
+module Awspec::Type
+  class VpcEndpoints < ResourceBase
+    aws_resource Aws::EC2::Types::VpcEndpoint
+    tags_allowed
+
+    def resource_via_client
+      @resource_via_client ||= find_vpc_endpoint(@display_name)
+    end
+
+    def id
+      @id ||= resource_via_client.vpc_endpoint_id if resource_via_client
+    end
+
+    STATES = %w(
+      pendingacceptance pending available deleting
+      deleted rejected failed expired
+    )
+
+    STATES.each do |state|
+      define_method state + '?' do
+        resource_via_client.state == state
+      end
+    end
+
+    def has_route_table?(route_table_id)
+      rts = resource_via_client.route_table_ids
+
+      ret = rts.find do |rt|
+        rt == route_table_id
+      end
+      return true if ret
+    end
+
+    def has_subnet?(subnet_id)
+      subnets = resource_via_client.subnet_ids
+
+      ret = subnets.find do |subnet|
+        subnet == subnet_id
+      end
+      return true if ret
+    end
+  end
+end
diff --git a/spec/type/vpc_endpoints_spec.rb b/spec/type/vpc_endpoints_spec.rb
@@ -0,0 +1,18 @@
+require 'spec_helper'
+Awspec::Stub.load 'vpc_endpoints'
+
+describe vpc_endpoints('vpce-abc123') do
+  it { should exist }
+  it { should be_available }
+  it { should belong_to_vpc('vpc-12345678') }
+  it { should have_route_table('rtb-0123456789abcdefg') }
+  its(:vpc_endpoint_type) { should eq 'Gateway' }
+end
+
+describe vpc_endpoints('vpce-abc124') do
+  it { should exist }
+  it { should be_available }
+  it { should belong_to_vpc('vpc-12345678') }
+  it { should have_subnet('subnet-abc123') }
+  its(:vpc_endpoint_type) { should eq 'Interface' }
+end