Class: AwsEc2Instance

Inherits:

Object

• Object
• AwsEc2Instance

Defined in:

lib/resources/aws/aws_ec2_instance.rb

Instance Method Summary

• #catch_aws_errors ⇒ Object

  TODO: DRY up, see github.com/chef/inspec/issues/2633 Copied from resource_support/aws/aws_resource_mixin.rb.

• #exists? ⇒ Boolean
• #has_roles? ⇒ Boolean
• #id ⇒ Object (also: #instance_id)
• #initialize(opts, conn = nil) ⇒ AwsEc2Instance constructor

  TODO: rewrite to avoid direct injection, match other resources, use AwsSingularResourceMixin.

• #inspec_runner ⇒ Object

  TODO: DRY up, see github.com/chef/inspec/issues/2633 Copied from resource_support/aws/aws_singular_resource_mixin.rb.

• #security_group_ids ⇒ Object
• #security_groups ⇒ Object

  Don’t document this - it’s a bit hard to use.

• #state ⇒ Object

  returns the instance state.

• #tags ⇒ Object
• #to_s ⇒ Object

Constructor Details

#initialize(opts, conn = nil) ⇒ AwsEc2Instance

TODO: rewrite to avoid direct injection, match other resources, use AwsSingularResourceMixin

# File 'lib/resources/aws/aws_ec2_instance.rb', line 23

def initialize(opts, conn = nil)
  @opts = opts
  @opts.is_a?(Hash) ? @display_name = @opts[:name] : @display_name = opts
  @ec2_client = conn ? conn.ec2_client : inspec_runner.backend.aws_client(Aws::EC2::Client)
  @ec2_resource = conn ? conn.ec2_resource : inspec_runner.backend.aws_resource(Aws::EC2::Resource, {})
  @iam_resource = conn ? conn.iam_resource : inspec_runner.backend.aws_resource(Aws::IAM::Resource, {})
end

Instance Method Details

#catch_aws_errors ⇒ Object

TODO: DRY up, see github.com/chef/inspec/issues/2633 Copied from resource_support/aws/aws_resource_mixin.rb

# File 'lib/resources/aws/aws_ec2_instance.rb', line 33

def catch_aws_errors
  yield
rescue Aws::Errors::MissingCredentialsError
  # The AWS error here is unhelpful:
  # "unable to sign request without credentials set"
  Inspec::Log.error "It appears that you have not set your AWS credentials.  You may set them using environment variables, or using the 'aws://region/aws_credentials_profile' target.  See https://docs.chef.io/inspec/platforms/ for details."
  fail_resource("No AWS credentials available")
rescue Aws::Errors::ServiceError => e
  fail_resource e.message
end

#exists? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/resources/aws/aws_ec2_instance.rb', line 78

def exists?
  return false if instance.nil?

  instance.exists?
end

#has_roles? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/resources/aws/aws_ec2_instance.rb', line 141

def has_roles?
  catch_aws_errors do
    instance_profile = instance.iam_instance_profile

    if instance_profile
      roles = @iam_resource.instance_profile(
        instance_profile.arn.gsub(%r{^.*\/}, "")
      ).roles
    else
      roles = nil
    end

    roles && !roles.empty?
  end
end

#id ⇒ Object Also known as: instance_id

# File 'lib/resources/aws/aws_ec2_instance.rb', line 56

def id
  return @instance_id if defined?(@instance_id)

  catch_aws_errors do
    if @opts.is_a?(Hash)
      first = @ec2_resource.instances(
        {
          filters: [{
            name: "tag:Name",
            values: [@opts[:name]],
          }],
        }
      ).first
      # catch case where the instance is not known
      @instance_id = first.id unless first.nil?
    else
      @instance_id = @opts
    end
  end
end

#inspec_runner ⇒ Object

TODO: DRY up, see github.com/chef/inspec/issues/2633 Copied from resource_support/aws/aws_singular_resource_mixin.rb

# File 'lib/resources/aws/aws_ec2_instance.rb', line 46

def inspec_runner
  # When running under inspec-cli, we have an 'inspec' method that
  # returns the runner. When running under unit tests, we don't
  # have that, but we still have to call this to pass something
  # (nil is OK) to the backend.
  # TODO: remove with https://github.com/chef/inspec-aws/issues/216
  # TODO: remove after rewrite to include AwsSingularResource
  inspec if respond_to?(:inspec)
end

#security_group_ids ⇒ Object

# File 'lib/resources/aws/aws_ec2_instance.rb', line 125

def security_group_ids
  catch_aws_errors do
    @security_group_ids ||= instance.security_groups.map(&:group_id)
  end
end

#security_groups ⇒ Object

Don’t document this - it’s a bit hard to use. Our current doctrine is to use dumb things, like arrays of strings - use security_group_ids instead.

# File 'lib/resources/aws/aws_ec2_instance.rb', line 117

def security_groups
  catch_aws_errors do
    @security_groups ||= instance.security_groups.map do |sg|
      { id: sg.group_id, name: sg.group_name }
    end
  end
end

#state ⇒ Object

returns the instance state

# File 'lib/resources/aws/aws_ec2_instance.rb', line 85

def state
  catch_aws_errors do
    instance&.state&.name
  end
end

#tags ⇒ Object

# File 'lib/resources/aws/aws_ec2_instance.rb', line 131

def tags
  catch_aws_errors do
    @tags ||= instance.tags.map { |tag| { key: tag.key, value: tag.value } }
  end
end

#to_s ⇒ Object

# File 'lib/resources/aws/aws_ec2_instance.rb', line 137

def to_s
  "EC2 Instance #{@display_name}"
end