Class: AwsEbsVolume

Inherits:
Object
  • Object
show all
Defined in:
lib/resources/aws/aws_ebs_volume.rb

Instance Method Summary collapse

Constructor Details

#initialize(opts, conn = nil) ⇒ AwsEbsVolume

TODO: rewrite to avoid direct injection, match other resources, use AwsSingularResourceMixin



23
24
25
26
27
28
 
# File 'lib/resources/aws/aws_ebs_volume.rb', line 23

def initialize(opts, conn = nil)
  @opts = opts
  @display_name = opts.is_a?(Hash) ? @opts[:name] : opts
  @ec2_client = conn ? conn.ec2_client : inspec_runner.backend.aws_client(Aws::EC2::Client)
  @ec2_resource = conn ? conn.ec2_resource : inspec_runner.backend.aws_resource(Aws::EC2::Resource, {})
end

Instance Method Details

#catch_aws_errorsObject

TODO: DRY up, see github.com/chef/inspec/issues/2633 Copied from resource_support/aws/aws_resource_mixin.rb



32
33
34
35
36
37
38
39
40
41
 
# File 'lib/resources/aws/aws_ebs_volume.rb', line 32

def catch_aws_errors
  yield
rescue Aws::Errors::MissingCredentialsError
  # The AWS error here is unhelpful:
  # "unable to sign request without credentials set"
  Inspec::Log.error "It appears that you have not set your AWS credentials. You may set them using environment variables, or using the 'aws://region/aws_credentials_profile' target. See https://www.inspec.io/docs/reference/platforms for details."
  fail_resource("No AWS credentials available")
rescue Aws::Errors::ServiceError => e
  fail_resource(e.message)
end

#encrypted?Boolean

Returns:

  • (Boolean) 


81
82
83
 
# File 'lib/resources/aws/aws_ebs_volume.rb', line 81

def encrypted?
  volume.encrypted
end

#exists?Boolean

Returns:

  • (Boolean) 


77
78
79
 
# File 'lib/resources/aws/aws_ebs_volume.rb', line 77

def exists?
  !volume.nil?
end

#idObject Also known as: volume_id 



55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/resources/aws/aws_ebs_volume.rb', line 55

def id
  return @volume_id if defined?(@volume_id)

  catch_aws_errors do
    if @opts.is_a?(Hash)
      first = @ec2_resource.volumes(
        {
          filters: [{
            name: "tag:Name",
            values: [@opts[:name]],
          }],
        }
      ).first
      # catch case where the volume is not known
      @volume_id = first.id unless first.nil?
    else
      @volume_id = @opts
    end
  end
end

#inspec_runnerObject

TODO: DRY up, see github.com/chef/inspec/issues/2633 Copied from resource_support/aws/aws_singular_resource_mixin.rb



45
46
47
48
49
50
51
52
53
 
# File 'lib/resources/aws/aws_ebs_volume.rb', line 45

def inspec_runner
  # When running under inspec-cli, we have an 'inspec' method that
  # returns the runner. When running under unit tests, we don't
  # have that, but we still have to call this to pass something
  # (nil is OK) to the backend.
  # TODO: remove with https://github.com/chef/inspec-aws/issues/216
  # TODO: remove after rewrite to include AwsSingularResource
  inspec if respond_to?(:inspec)
end

#security_group_idsObject 



106
107
108
109
110
 
# File 'lib/resources/aws/aws_ebs_volume.rb', line 106

def security_group_ids
  catch_aws_errors do
    @security_group_ids ||= volume.security_groups.map(&:group_id)
  end
end

#security_groupsObject

Don’t document this - it’s a bit hard to use. Our current doctrine is to use dumb things, like arrays of strings - use security_group_ids instead.



98
99
100
101
102
103
104
 
# File 'lib/resources/aws/aws_ebs_volume.rb', line 98

def security_groups
  catch_aws_errors do
    @security_groups ||= volume.security_groups.map do |sg|
      { id: sg.group_id, name: sg.group_name }
    end
  end
end

#tagsObject 



112
113
114
115
116
 
# File 'lib/resources/aws/aws_ebs_volume.rb', line 112

def tags
  catch_aws_errors do
    @tags ||= volume.tags.map { |tag| { key: tag.key, value: tag.value } }
  end
end

#to_sObject 



118
119
120
 
# File 'lib/resources/aws/aws_ebs_volume.rb', line 118

def to_s
  "EBS Volume #{@display_name}"
end