- Increased Troposphere dependency.

- Implemented TargetGroup enable/disable - Added HealthCheckPort to TargetGroups - Fixed storage_encrypted implementation in RDS cftemplate
waterbear-cloud · Sep 3, 2021 · 818d93e · 818d93e
1 parent 7eff683
commit 818d93e
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 11 deletions.
diff --git a/setup.py b/setup.py
@@ -40,7 +40,7 @@
         'Setuptools',
         'tldextract',
         'pexpect',
-        'troposphere >= 2.6.3',
+        'troposphere >= 3.0.2',
         'awacs',
         'deepdiff >= 4.3.2',
         'gitpython',

diff --git a/src/paco/cftemplates/lb.py b/src/paco/cftemplates/lb.py
@@ -169,6 +169,8 @@ def init_lb(self, aws_name, template_title):
 
         # Target Groups
         for target_group_name, target_group in sorted(self.lb_config.target_groups.items()):
+            if target_group.is_enabled() == False:
+                continue
             target_group_id = self.create_cfn_logical_id(target_group_name)
             target_group_logical_id = 'TargetGroup' + target_group_id
             cfn_export_dict = {}
@@ -190,7 +192,10 @@ def init_lb(self, aws_name, template_title):
                 cfn_export_dict['HealthCheckPath'] = target_group.health_check_path
                 cfn_export_dict['Matcher'] = {'HttpCode': target_group.health_check_http_code }
 
-            cfn_export_dict['Port'] = target_group.port
+            if target_group.health_check_port != 'traffic-port':
+                cfn_export_dict['HealthCheckPort'] = target_group.health_check_port
+            if target_group.port != None:
+                cfn_export_dict['Port'] = target_group.port
             cfn_export_dict['Protocol'] = target_group.protocol
             cfn_export_dict['UnhealthyThresholdCount'] = target_group.unhealthy_threshold
             cfn_export_dict['TargetGroupAttributes'] = [

diff --git a/src/paco/cftemplates/rds.py b/src/paco/cftemplates/rds.py
@@ -697,18 +697,15 @@ def __init__(self, stack, paco_ctx,):
             # resource, in which case the DBInstanceIdentifier name CAN NOT be set
             # del db_instance_dict['DBInstanceIdentifier']
 
-        # Encryption
-        if rds_config.kms_key_id == '' or rds_config.kms_key_id == None:
-            encryption_enabled = False
-        else:
-            encryption_enabled = True
+        # Username and Passsword
         if db_snapshot_id_enabled == False:
-            db_instance_dict['StorageEncrypted'] = encryption_enabled
-            if encryption_enabled:
+            # Encryption
+            if rds_config.storage_encrypted == True:
+                db_instance_dict['StorageEncrypted'] = True
+            if rds_config.kms_key_id and rds_config.kms_key_id != '':
                 db_instance_dict['KmsKeyId'] = rds_config.kms_key_id
 
-        # Username and Passsword
-        if db_snapshot_id_enabled == False:
+            # Username & Password
             db_instance_dict['MasterUsername'] = rds_config.master_username
             if rds_config.secrets_password:
                 # Password from Secrets Manager