view release on metacpan or  search on metacpan

lib/App/FargateStack/Builder/HTTPService.pm  view on Meta::CPAN

      log_die( $self, 'ERROR: health checks must be enabled' );
    }

    $task->{health_check} = $health_check;

    $self->log_debug( sub { return Dumper( [ health_check => $health_check ] ); } );

    if ( !$dryrun ) {

      $task->{target_group_arn} = $elb->create_target_group(
        name         => $target_group_name,
        health_check => $health_check,
      );

      $elb->check_result( message => 'ERROR: could not create target group:[%s]', params => [$target_group_name] );

      $self->log_info( "\tarn: %s", $task->{target_group_arn} );
    }
  }

  return;
}

########################################################################
sub is_https { goto &has_https_service; }
########################################################################
sub has_https_service {
########################################################################
  my ($self) = @_;

  my $services = $self->get_config->{tasks};

  my $http_service = $self->get_http;

  return
    if !$http_service;

  return $services->{$http_service}->{type} eq 'https';
}

########################################################################
sub create_alb {
########################################################################
  my ($self) = @_;

  my ( $config, $dryrun, $alb, $security_groups ) = $self->common_args(qw(config dryrun alb security_groups));

  if ( !$alb ) {
    $alb = $config->{alb} = {};
    $config->{alb} = $alb;
  }

  if ( !$security_groups ) {
    $security_groups = $config->{security_groups} = {};
    $config->{security_groups} = $security_groups;
  }

  my $elb = $self->fetch_elbv2();
  my $ec2 = $self->fetch_ec2;

  # if we have defined one in the config, verify
  if ( my $alb_arn = $alb->{arn} ) {

    my $alb_info = $elb->describe_load_balancer( $alb_arn, 'LoadBalancers[0]' );
    $elb->check_result( message => 'ERROR: could not describe load balancer: [%s]', $alb_arn );

    $self->set_alb($alb_info);

    my ( $alb_name, $alb_security_groups ) = @{$alb_info}{qw(LoadBalancerName SecurityGroups)};

    $self->log_trace( sub { return Dumper( [ alb => $alb_info ] ); } );

    $self->log_info( 'http-service: load balancer [%s] defined in config and verified...skipping', $alb_name );

    $self->inc_existing_resources( alb => $alb_arn );

    my $alb_sg = $security_groups->{alb}->{group_id};

    if ( !$alb_sg ) {
      $self->log_info('http-service: no ALB security group in configuration...looking...');

      # find the security group that allows 443 ingress

      my $query = 'SecurityGroupRules[?IsEgress == `false` && ToPort == `443`]';

      foreach my $group_id ( @{$alb_security_groups} ) {
        my $sg = $ec2->describe_security_group_rules( group_id => $group_id, $query );

        next if !@{$sg};

        $alb_sg = $sg->[0]->{GroupId};  # or $group_id
        last;
      }

      if ($alb_sg) {
        $self->log_warn( 'http-service: found a security group for ALB [%s] with 443 ingress, using [%s]',
          $alb_info->{LoadBalancerName}, $alb_sg );
      }
    }

    if ( !$alb_sg ) {
      $alb_sg = $alb_security_groups->[0];

      $self->log_warn( 'http-service: could not find a security group for ALB [%s] with 443 ingress, using [%s]',
        $alb_name, $alb_sg );
    }

    $security_groups->{alb}->{group_id}   = $alb_sg;
    $security_groups->{alb}->{group_name} = $ec2->find_security_group_name($alb_sg);

    $self->inc_existing_resources( security_groups => [$alb_sg] );

    return;
  }

  # --create-alb forces creation of a new ALB
  if ( !$self->get_create_alb && !$alb->{create} ) {
    my $alb_type = $alb->{type};

    $self->log_error( 'http-service: WARNING - no ALB ARN defined in configuration...looking for %s ALB', $alb_type );