Class: RailsTemplate18f::Generators::PublicEgressGenerator

Inherits:
Rails::Generators::Base
  • Object
show all
Includes:
Base, CloudGovParsing
Defined in:
lib/generators/rails_template18f/public_egress/public_egress_generator.rb

Instance Method Summary collapse

Instance Method Details

#check_terraform_existsObject 



18
19
20
21
22
 
# File 'lib/generators/rails_template18f/public_egress/public_egress_generator.rb', line 18

def check_terraform_exists
  unless terraform_dir_exists?
    fail "Run `rails g rails_template18f:terraform` before running this generator"
  end
end

#setup_proxy_varsObject 



44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/generators/rails_template18f/public_egress/public_egress_generator.rb', line 44

def setup_proxy_vars
  create_file ".profile", "    ##\n    # Cloud Foundry app initialization script\n    # https://docs.cloudfoundry.org/devguide/deploy-apps/deploy-app.html#profile\n    ##\n\n  EOP\n  insert_into_file \".profile\", <<~EOP\n    proxy_creds=$(echo \"$VCAP_SERVICES\" | jq --arg service_name \"egress-proxy-$RAILS_ENV-credentials\" '.[][] | select(.name == $service_name) | .credentials')\n    export http_proxy=$(echo \"$proxy_creds\" | jq --raw-output \".http_uri\")\n    export https_proxy=$(echo \"$proxy_creds\" | jq --raw-output \".https_uri\")\n  EOP\nend\n" unless file_exists?(".profile")

#update_boundary_diagramObject 



63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
 
# File 'lib/generators/rails_template18f/public_egress/public_egress_generator.rb', line 63

def update_boundary_diagram
  boundary_filename = "doc/compliance/apps/application.boundary.md"
  insert_into_file boundary_filename, "          Boundary(restricted_space, \"Restricted egress space\") {\n          }\n          Boundary(egress_space, \"Public egress space\") {\n              Container(proxy, \"<&layers> Egress Proxy\", \"Caddy, cg-egress-proxy\", \"Proxy with allow-list of external connections\")\n          }\n", after: "System_Boundary(inventory, \"Application\") {\n"
  insert_into_file boundary_filename, "    Rel(app, proxy, \"Proxy outbound connections\", \"https (443)\")\n  EOB\n  puts \"\\n ================ TODO ================ \\n\".yellow\n  puts \"Update your application boundary to:\"\n  puts \"1. Place application and services within the Restricted egress space\"\n  puts \"2. Connect outbound connections through the egress proxy\"\nend\n", before: "@enduml"

#update_oscal_docObject 



81
82
83
 
# File 'lib/generators/rails_template18f/public_egress/public_egress_generator.rb', line 81

def update_oscal_doc
  copy_remote_oscal_component "cg-egress-proxy", "https://raw.githubusercontent.com/GSA-TTS/cg-egress-proxy/refs/heads/main/docs/compliance/component-definitions/cg-egress-proxy/component-definition.json"
end

#update_readmeObject 



59
60
61
 
# File 'lib/generators/rails_template18f/public_egress/public_egress_generator.rb', line 59

def update_readme
  insert_into_file "README.md", readme_content, before: "## Documentation"
end

#use_terraform_moduleObject 



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/generators/rails_template18f/public_egress/public_egress_generator.rb', line 24

def use_terraform_module
  append_to_file file_path("terraform/main.tf"), terraform_module
  append_to_file file_path("terraform/variables.tf"), "  variable \"egress_allowlist\" {\n    type        = set(string)\n    default     = []\n    description = \"The set of hostnames that the application is allowed to connect to\"\n  }\nEOT\ninsert_into_file file_path(\"terraform/app.tf\"), <<EOT, after: \"environment = {\\n\"\n  no_proxy                 = \"apps.internal,s3-fips.us-gov-west-1.amazonaws.com\"\n"
  insert_into_file file_path("terraform/app.tf"), "    { service_instance = \"egress-proxy-${var.env}-credentials\" },\n", after: "service_bindings = [\n"
  insert_into_file file_path("terraform/app.tf"), "    cloudfoundry_service_instance.egress_proxy_credentials,\n", after: "depends_on = [\n"
end