Feature/updates

.gitignore

@@ -9,6 +9,7 @@ stackql
 stack/
 oss-activity-monitor/
 creds.json
+*.log
 
 # Byte-compiled / optimized / DLL files
 __pycache__/

aws-stack/README.md

@@ -0,0 +1,63 @@
+# `stackql-deploy` starter project for `aws`
+
+> for starter projects using other providers, try `stackql-deploy my_stack --provider=azure` or `stackql-deploy my_stack --provider=google`
+
+see the following links for more information on `stackql`, `stackql-deploy` and the `aws` provider:
+
+- [`aws` provider docs](https://stackql.io/registry/aws)
+- [`stackql`](https://github.com/stackql/stackql)
+- [`stackql-deploy` PyPI home page](https://pypi.org/project/stackql-deploy/)
+- [`stackql-deploy` GitHub repo](https://github.com/stackql/stackql-deploy)
+
+## Overview
+
+__`stackql-deploy`__ is a stateless, declarative, SQL driven Infrastructure-as-Code (IaC) framework.  There is no state file required as the current state is assessed for each resource at runtime.  __`stackql-deploy`__ is capable of provisioning, deprovisioning and testing a stack which can include resources across different providers, like a stack spanning `aws` and `azure` for example.  
+
+## Prerequisites
+
+This example requires `stackql-deploy` to be installed using __`pip install stackql-deploy`__.  The host used to run `stackql-deploy` needs the necessary environment variables set to authenticate to your specific provider, in the case of the `aws` provider, `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY` and optionally `AWS_SESSION_TOKEN` must be set, for more information on authentication to `aws` see the [`aws` provider documentation](https://aws.stackql.io/providers/aws).
+
+## Usage
+
+Adjust the values in the [__`stackql_manifest.yml`__](stackql_manifest.yml) file if desired.  The [__`stackql_manifest.yml`__](stackql_manifest.yml) file contains resource configuration variables to support multiple deployment environments, these will be used for `stackql` queries in the `stackql_queries` and `stackql_resources` folders.  
+
+The syntax for the `stackql-deploy` command is as follows:
+
+```bash
+stackql-deploy { build | test | teardown } { stack-directory } { deployment environment} [ optional flags ]
+``` 
+
+### Deploying a stack
+
+For example, to deploy the stack to an environment labeled `sit`, run the following:
+
+```bash
+stackql-deploy build aws-stack sit \
+-e AWS_REGION=ap-southeast-2
+```
+
+Use the `--dry-run` flag to view the queries to be run without actually running them, for example:
+
+```bash
+stackql-deploy build aws-stack sit \
+-e AWS_REGION=ap-southeast-2 \
+--dry-run
+```
+
+### Testing a stack
+
+To test a stack to ensure that all resources are present and in the desired state, run the following (in our `sit` deployment example):
+
+```bash
+stackql-deploy test aws-stack sit \
+-e AWS_REGION=ap-southeast-2
+```
+
+### Tearing down a stack
+
+To destroy or deprovision all resources in a stack for our `sit` deployment example, run the following:
+
+```bash
+stackql-deploy teardown aws-stack sit \
+-e AWS_REGION=ap-southeast-2
+```

aws-stack/external_scripts/README.md

@@ -0,0 +1 @@
+# external scripts for `aws` `stackql-deploy` starter project

aws-stack/stackql_docs/example_vpc.md

@@ -0,0 +1,3 @@
+# `example_vpc`
+
+document your `example_vpc` AWS VPC resource here, this is optional

aws-stack/stackql_manifest.yml

@@ -0,0 +1,145 @@
+#
+# aws starter project manifest file, add and update values as needed
+#
+version: 1
+name: "aws-stack"
+description: description for "aws-stack"
+providers:
+  - aws
+globals:
+  - name: region
+    description: aws region
+    value: "{{ AWS_REGION }}"
+  - name: global_tags
+    value:
+      - Key: Provisioner
+        Value: stackql
+      - Key: StackName
+        Value: "{{ stack_name }}"
+      - Key: StackEnv
+        Value: "{{ stack_env }}"
+resources:
+  - name: example_vpc
+    props:
+      - name: vpc_cidr_block
+        values:
+          prd:
+            value: "10.0.0.0/16"
+          sit:
+            value: "10.1.0.0/16"
+          dev:
+            value: "10.2.0.0/16"
+      - name: vpc_tags
+        value:
+          - Key: Name
+            Value: "{{ stack_name }}-{{ stack_env }}-vpc"
+    exports:
+      - vpc_id
+      - vpc_cidr_block
+  - name: example_subnet
+    props:
+      - name: vpc_id
+        value: "{{ vpc_id }}"
+      - name: subnet_cidr_block
+        values:
+          prd:
+            value: "10.0.1.0/24"
+          sit:
+            value: "10.1.1.0/24"
+          dev:
+            value: "10.2.1.0/24"
+      - name: subnet_tags
+        value:
+          - Key: Name
+            Value: "{{ stack_name }}-{{ stack_env }}-subnet"      
+    exports:
+      - subnet_id
+      - availability_zone
+  - name: example_inet_gateway
+    props:
+      - name: inet_gateway_tags
+        value:
+          - Key: Name
+            Value: "{{ stack_name }}-{{ stack_env }}-inet-gateway"
+    exports:
+      - internet_gateway_id
+  - name: example_inet_gw_attachment
+    props: []
+  - name: example_route_table
+    props:
+      - name: route_table_tags
+        value:
+          - Key: Name
+            Value: "{{ stack_name }}-{{ stack_env }}-route-table"
+    exports:
+      - route_table_id
+  - name: example_subnet_rt_assn
+    props: []
+    exports:
+      - route_table_assn_id
+  - name: example_inet_route
+    props: []
+    exports:
+      - inet_route_indentifer
+  - name: example_security_group
+    props:
+      - name: group_description
+        value: "web security group for {{ stack_name }} ({{ stack_env }} environment)"
+      - name: group_name
+        value: "{{ stack_name }}-{{ stack_env }}-web-sg"
+      - name: sg_tags
+        value:
+          - Key: Name
+            Value: "{{ stack_name }}-{{ stack_env }}-web-sg"
+      - name: security_group_ingress
+        value:
+          - CidrIp: "0.0.0.0/0"
+            Description: Allow HTTP traffic
+            FromPort: 80
+            ToPort: 80
+            IpProtocol: "tcp"
+          - CidrIp: "{{ vpc_cidr_block }}"
+            Description: Allow SSH traffic from the internal network
+            FromPort: 22
+            ToPort: 22
+            IpProtocol: "tcp"
+      - name: security_group_egress
+        value:
+          - CidrIp: "0.0.0.0/0"
+            Description: Allow all outbound traffic
+            FromPort: 0
+            ToPort: 0
+            IpProtocol: "-1"
+    exports:
+      - security_group_id            
+  - name: example_web_server
+    props:
+      - name: instance_name
+        value: "{{ stack_name }}-{{ stack_env }}-instance"
+      - name: ami_id
+        value: ami-030a5acd7c996ef60
+      - name: instance_type
+        value: t2.micro
+      - name: network_interfaces
+        value: 
+          - AssociatePublicIpAddress: True
+            DeviceIndex: "0"
+            SubnetId: "{{ subnet_id }}"
+            GroupSet:
+              - "{{ security_group_id }}"
+      - name: user_data
+        value: |
+          #!/bin/bash
+          yum update -y
+          yum install -y httpd
+          systemctl start httpd
+          systemctl enable httpd
+          echo "<html><body><h1>Hello, StackQL!</h1></body></html>" > /var/www/html/index.html
+      - name: instance_tags
+        value:
+          - Key: Name
+            Value: "{{ stack_name }}-{{ stack_env }}-instance"
+    exports:
+      - instance_id
+      - public_dns_name
+

aws-stack/stackql_queries/example_inet_gateway.iql

@@ -0,0 +1,38 @@
+/*+ preflight, retries=5, retry_delay=5 */
+SELECT COUNT(*) as count FROM
+(
+SELECT internet_gateway_id,
+json_group_object(tag_key, tag_value) as tags
+FROM aws.ec2.internet_gateway_tags
+WHERE region = '{{ region }}'
+GROUP BY internet_gateway_id
+HAVING json_extract(tags, '$.Provisioner') = 'stackql'
+AND json_extract(tags, '$.StackName') = '{{ stack_name }}'
+AND json_extract(tags, '$.StackEnv') = '{{ stack_env }}'
+) t; 
+
+/*+ postdeploy, retries=5, retry_delay=5 */
+SELECT COUNT(*) as count FROM
+(
+SELECT internet_gateway_id,
+json_group_object(tag_key, tag_value) as tags
+FROM aws.ec2.internet_gateway_tags
+WHERE region = '{{ region }}'
+GROUP BY internet_gateway_id
+HAVING json_extract(tags, '$.Provisioner') = 'stackql'
+AND json_extract(tags, '$.StackName') = '{{ stack_name }}'
+AND json_extract(tags, '$.StackEnv') = '{{ stack_env }}'
+) t;
+
+/*+ exports, retries=5, retry_delay=5 */
+SELECT internet_gateway_id FROM
+(
+SELECT internet_gateway_id,
+json_group_object(tag_key, tag_value) as tags
+FROM aws.ec2.internet_gateway_tags
+WHERE region = '{{ region }}'
+GROUP BY internet_gateway_id
+HAVING json_extract(tags, '$.Provisioner') = 'stackql'
+AND json_extract(tags, '$.StackName') = '{{ stack_name }}'
+AND json_extract(tags, '$.StackEnv') = '{{ stack_env }}'
+) t;

aws-stack/stackql_queries/example_inet_gw_attachment.iql

@@ -0,0 +1,23 @@
+/*+ preflight, retries=5, retry_delay=5 */
+SELECT COUNT(*) as count FROM
+(
+SELECT
+attachment_type,
+vpc_id
+FROM aws.ec2.vpc_gateway_attachments
+WHERE region = '{{ region }}'
+AND internet_gateway_id = '{{ internet_gateway_id }}'
+AND vpc_id = '{{ vpc_id }}'
+) t; 
+
+/*+ postdeploy, retries=5, retry_delay=5 */
+SELECT COUNT(*) as count FROM
+(
+SELECT
+attachment_type,
+vpc_id
+FROM aws.ec2.vpc_gateway_attachments
+WHERE region = '{{ region }}'
+AND internet_gateway_id = '{{ internet_gateway_id }}'
+AND vpc_id = '{{ vpc_id }}'
+) t;

aws-stack/stackql_queries/example_inet_route.iql

@@ -0,0 +1,23 @@
+/*+ preflight, retries=5, retry_delay=5 */
+SELECT COUNT(*) as count FROM
+(
+SELECT data__Identifier
+FROM aws.ec2.routes
+WHERE region = '{{ region }}'
+AND data__Identifier = '{{ route_table_id }}|0.0.0.0/0'
+) t; 
+
+/*+ postdeploy, retries=5, retry_delay=5 */
+SELECT COUNT(*) as count FROM
+(
+SELECT data__Identifier
+FROM aws.ec2.routes
+WHERE region = '{{ region }}'
+AND data__Identifier = '{{ route_table_id }}|0.0.0.0/0'
+) t;
+
+/*+ exports, retries=5, retry_delay=5 */
+SELECT data__Identifier as inet_route_indentifer
+FROM aws.ec2.routes
+WHERE region = '{{ region }}'
+AND data__Identifier = '{{ route_table_id }}|0.0.0.0/0';

aws-stack/stackql_queries/example_route_table.iql

@@ -0,0 +1,41 @@
+/*+ preflight, retries=5, retry_delay=5 */
+SELECT count(*) as count FROM
+(
+SELECT route_table_id,
+json_group_object(tag_key, tag_value) as tags
+FROM aws.ec2.route_table_tags
+WHERE region = '{{ region }}'
+AND vpc_id = '{{ vpc_id }}'
+GROUP BY route_table_id
+HAVING json_extract(tags, '$.Provisioner') = 'stackql'
+AND json_extract(tags, '$.StackName') = '{{ stack_name }}'
+AND json_extract(tags, '$.StackEnv') = '{{ stack_env }}'
+) t;
+
+/*+ postdeploy, retries=5, retry_delay=5 */
+SELECT count(*) as count FROM
+(
+SELECT route_table_id,
+json_group_object(tag_key, tag_value) as tags
+FROM aws.ec2.route_table_tags
+WHERE region = '{{ region }}'
+AND vpc_id = '{{ vpc_id }}'
+GROUP BY route_table_id
+HAVING json_extract(tags, '$.Provisioner') = 'stackql'
+AND json_extract(tags, '$.StackName') = '{{ stack_name }}'
+AND json_extract(tags, '$.StackEnv') = '{{ stack_env }}'
+) t;
+
+/*+ exports, retries=5, retry_delay=5 */
+SELECT route_table_id FROM
+(
+SELECT route_table_id,
+json_group_object(tag_key, tag_value) as tags
+FROM aws.ec2.route_table_tags
+WHERE region = '{{ region }}'
+AND vpc_id = '{{ vpc_id }}'
+GROUP BY route_table_id
+HAVING json_extract(tags, '$.Provisioner') = 'stackql'
+AND json_extract(tags, '$.StackName') = '{{ stack_name }}'
+AND json_extract(tags, '$.StackEnv') = '{{ stack_env }}'
+) t;