Class: Ironfan::Provider::Ec2::IamServerCertificate

Inherits:
Resource show all
Defined in:
lib/ironfan/provider/ec2/iam_server_certificate.rb,
lib/ironfan/headers.rb

Overview

Fog::AWS doesn’t seem to have native models for IAM ServerCertificate

using Hash semantics instead

Constant Summary collapse

ARN_PREFIX =
"iamss_arn"

Instance Attribute Summary

Attributes inherited from Resource

#owner, #users

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Resource

#bogus?, create!, destroy!, forget, forget!, handle, known, #on_correlate, patiently, prepare!, recall, recall?, receive, register, remember, save!, validate_computer!, validate_resources!

Methods inherited from Builder

ui, #ui

Class Method Details

.aggregate!(computers) ⇒ Object

Create any certificates that are needed by any clouds in which there are running computers



46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 46

def self.aggregate!(computers)
  ec2_computers = computers.select { |c| Ec2.applicable c }
  return if ec2_computers.empty?

  load! # Find out which certificates already exist in EC2
  certs_for_running_servers = ec2_computers.select { |c| c.running? }.map { |c| self.expected_ids(c) }.flatten.uniq
  certs_for_stopped_servers = ec2_computers.select { |c| not c.running? }.map { |c| self.expected_ids(c) }.flatten.uniq
  certs_to_start = [ certs_for_running_servers ].flatten.compact.reject { |cert_name| recall? cert_name }
  certs_to_stop  = [ certs_for_stopped_servers - certs_for_running_servers ].flatten.compact.select { |cert_name| recall? cert_name }

  certs_to_start.each do |cert_name|
    if cert_name =~ /^#{ARN_PREFIX}:(.+)$/
      error = "Cannot create an IAM server certificate with an explicit ARN #{$1}. Explicit ARNs can only be used to capture existing IAM server certificates created outside of Ironfan."
      puts error and raise error
    else
      Ironfan.step(cert_name, "creating server certificate", :blue)
      computer  = ec2_computers.select { |c| self.expected_ids(c).include?(cert_name) }.values.first
      use_name  = cert_name.sub("ironfan-#{computer.server.cluster_name}-", '')
      cert_prov = computer.server.cloud(:ec2).iam_server_certificates[use_name]
      options   = cert_prov.certificate_chain.nil? ? { } : { 'CertificateChain' => cert_prov.certificate_chain }
      Ec2.iam.upload_server_certificate(cert_prov.certificate, cert_prov.private_key, cert_name, options)
    end
  end

  certs_to_stop.each do |cert_name|
    if cert_name !~ /^#{ARN_PREFIX}:(.+)$/
      Ironfan.step(cert_name, "appears to be unused; you may want to remove it manually", :red)
    end
  end

  load! # Get new list of native certificates via reload
end

.expected_id(computer, cert) ⇒ Object



83
84
85
86
87
88
89
90
91
92
93
94
95
# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 83

def self.expected_id(computer, cert)
  n = self.full_name(computer, cert)
  if cert.arn
    Chef::Log.info("Using explicit IAMServerCertificate ARN #{cert.arn} instead of inferred name #{n}")
    "#{ARN_PREFIX}:#{cert.arn}"
  else
    if n.length > 32
      error = "Excessively long certificate name #{n}, must be <= 32 characters"
      puts error and raise error
    end
    n
  end
end

.expected_ids(computer) ⇒ Object



15
16
17
18
19
20
# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 15

def self.expected_ids(computer)
  ec2 = computer.server.cloud(:ec2)
  ec2.iam_server_certificates.values.map do |cert|
    self.expected_id(computer, cert)
  end
end

.full_name(computer, cert) ⇒ Object



79
80
81
# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 79

def self.full_name(computer, cert)
  "ironfan-%s-%s" % [ computer.server.cluster_name, cert.name ]
end

.load!(cluster = nil) ⇒ Object

Discovery



29
30
31
32
33
34
35
# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 29

def self.load!(cluster=nil)
  Ec2.iam.list_server_certificates.body['Certificates'].each do |cert|
    iss = new(:adaptee => cert)
    remember(iss, { :id => cert['ServerCertificateName'] })
    remember(iss, { :id => "#{ARN_PREFIX}:#{cert['Arn']}" })
  end
end

.multiple?Boolean

Returns:

  • (Boolean)


13
# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 13

def self.multiple?()     true;   end

.resource_typeObject



14
# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 14

def self.resource_type() :iam_server_certificate;   end

.shared?Boolean

Returns:

  • (Boolean)


12
# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 12

def self.shared?()       true;   end

Instance Method Details

#nameObject



22
23
24
# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 22

def name()
  self['ServerCertificateName']
end

#to_sObject



37
38
39
# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 37

def to_s
  "<%-20s %-32s>" % [ self['ServerCertificateName'], self['Arn']]
end