Class: HolePunch::EC2

Inherits:
Object
  • Object
show all
Defined in:
lib/holepunch/ec2.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(opts = {}) ⇒ EC2

Returns a new instance of EC2.



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/holepunch/ec2.rb', line 28

def initialize(opts = {})
  opts = {
    aws_access_key_id:     ENV['AWS_ACCESS_KEY_ID'],
    aws_secret_access_key: ENV['AWS_SECRET_ACCESS_KEY'],
    aws_region:            ENV['AWS_REGION'],
  }.merge(opts)

  AWS.config({
    access_key_id:     opts[:aws_access_key_id],
    secret_access_key: opts[:aws_secret_access_key],
    region:            opts[:aws_region],
  })

  @ec2    = AWS::EC2.new
  @region = @ec2.regions[opts[:aws_region]]
  @vpc_id = opts[:aws_vpc_id]
end

Instance Attribute Details

#ec2Object (readonly)

Returns the value of attribute ec2.



25
26
27
 
# File 'lib/holepunch/ec2.rb', line 25

def ec2
  @ec2
end

#regionObject (readonly)

Returns the value of attribute region.



26
27
28
 
# File 'lib/holepunch/ec2.rb', line 26

def region
  @region
end

Instance Method Details

#apply(definition) ⇒ Object 



46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
 
# File 'lib/holepunch/ec2.rb', line 46

def apply(definition)
  # get the security group data from the AWS servers
  fetch!

  # ensure dependency groups exist
  definition.groups.select { |id, group| group.dependency }.each do |id, group|
    unless exists?(id)
      raise GroupDoesNotExistError, "Dependent security group '#{id}' does not exist"
    end
  end

  # find/create the groups
  ec2_groups = {}
  definition.groups.each do |id, group|
    ec2_group = find(id)
    if ec2_group.nil?
      Logger.log(:create, id)
      ec2_group = create(id, group.desc, @vpc_id)
    end
    ec2_groups[id] = ec2_group
  end

  definition.groups.each do |id, group|
    next if group.dependency
    ec2_group = ec2_groups[id]

    # revoke existing ingresses no longer desired
    ec2_group.ingress_ip_permissions.each do |ec2_perm|
      revoke_sources = []
      ec2_perm.groups.each do |source|
        unless group.include_ingress?(ec2_perm.protocol, ec2_perm.port_range, source.name)
          revoke_sources << source
        end
      end
      ec2_perm.ip_ranges.each do |source|
        unless group.include_ingress?(ec2_perm.protocol, ec2_perm.port_range, source)
          revoke_sources << source
        end
      end
      unless revoke_sources.empty?
        Logger.log("revoke #{ec2_perm.protocol}", "#{id} #{sources_list_to_s(revoke_sources)} #{ec2_perm.port_range}")
        ec2_group.revoke_ingress(ec2_perm.protocol, ec2_perm.port_range, *revoke_sources)
      end
    end

    # add new ingresses
    group.ingresses.each do |perm|
      new_sources = []
      perm.sources.each do |source|
        if HolePunch.cidr?(source)
          unless group_has_ingress(ec2_group, perm.type, perm.ports, source)
            new_sources << source
          end
        else
          ec2_source_group = ec2_groups[source]
          if ec2_source_group.nil?
            raise GroupDoesNotExistError, "unknown security group '#{source}"
          end
          unless group_has_ingress(ec2_group, perm.type, perm.ports, ec2_source_group)
            new_sources << ec2_source_group
          end
        end
      end
      unless new_sources.empty?
        Logger.log(perm.type, "#{id} #{sources_list_to_s(new_sources)} #{perm.ports}")
        ec2_group.authorize_ingress(perm.type, perm.ports, *new_sources)
      end
    end
  end
end