Class: Ironfan::Provider::Rds::SecurityGroup
- Inherits:
-
Ironfan::Provider::Resource
- Object
- Builder
- Ironfan::Provider::Resource
- Ironfan::Provider::Rds::SecurityGroup
- Defined in:
- lib/ironfan/headers.rb,
lib/ironfan/provider/rds/security_group.rb
Instance Attribute Summary
Attributes inherited from Ironfan::Provider::Resource
Class Method Summary collapse
- .expected_ids(computer) ⇒ Object
-
.load!(cluster = nil) ⇒ Object
Discovery.
- .multiple? ⇒ Boolean
-
.prepare!(computers) ⇒ Object
Manipulation.
- .resource_type ⇒ Object
- .shared? ⇒ Boolean
Instance Method Summary collapse
Methods inherited from Ironfan::Provider::Resource
aggregate!, #bogus?, create!, destroy!, forget, forget!, handle, known, #on_correlate, patiently, recall, recall?, receive, register, remember, save!, validate_computer!, validate_resources!
Methods inherited from Builder
Class Method Details
.expected_ids(computer) ⇒ Object
13 14 15 16 17 |
# File 'lib/ironfan/provider/rds/security_group.rb', line 13 def self.expected_ids(computer) return unless computer.server rds = computer.server.cloud(:rds) rds.security_groups.keys.uniq end |
.load!(cluster = nil) ⇒ Object
Discovery
26 27 28 29 30 31 32 |
# File 'lib/ironfan/provider/rds/security_group.rb', line 26 def self.load!(cluster=nil) Rds.connection.security_groups.reject { |raw| raw.blank? }.each do |raw| sg = SecurityGroup.new(:adaptee => raw) remember(sg) Chef::Log.debug("Loaded #{sg}: #{sg.inspect}") end end |
.multiple? ⇒ Boolean
11 |
# File 'lib/ironfan/provider/rds/security_group.rb', line 11 def self.multiple?() true; end |
.prepare!(computers) ⇒ Object
Manipulation
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 |
# File 'lib/ironfan/provider/rds/security_group.rb', line 47 def self.prepare!(computers) # Create any groups that don't yet exist, and ensure any authorizations # that are required for those groups cluster_name = nil groups_to_create = [ ] = [ ] = [ ] # First, deduce the list of all groups to which at least one instance belongs # We'll use this later to decide whether to create groups, or authorize access, # using a VPC security group or an EC2 security group. computers.select { |computer| Rds.applicable computer }.each do |computer| cloud = computer.server.cloud(:rds) cluster_name = computer.server.cluster_name # Iterate over all of the security group information, keeping track of # any groups that must exist and any authorizations that must be ensured cloud.security_groups.values.each do |dsl_group| groups_to_create << dsl_group.name << dsl_group..map do |ip| { :grantor => dsl_group.name, :grantee => ip, } end << dsl_group..map do |ec2| { :grantor => dsl_group.name, :grantee => ec2, } end end end groups_to_create = groups_to_create.flatten.uniq.reject { |group| recall? group.to_s }.sort = .flatten.uniq.sort { |a,b| a[:grantor] <=> b[:grantor] } = .flatten.uniq.sort { |a,b| a[:grantor] <=> b[:grantor] } Ironfan.step(cluster_name, "creating security groups", :blue) unless groups_to_create.empty? groups_to_create.each do |group| Ironfan.step(group, "creating #{group} security group", :blue) begin Rds.connection.create_db_security_group(group,"Ironfan created group #{group}") rescue Fog::Compute::AWS::Error => e # InvalidPermission.Duplicate Chef::Log.info("ignoring security group error: #{e}") end end # Re-load everything so that we have a @@known list of security groups to manipulate load! unless groups_to_create.empty? # Now make sure that all required authorizations are present Ironfan.step(cluster_name, "ensuring security group permissions", :blue) unless (.empty? or .empty?) .each do |auth| = " ensuring access from #{auth[:grantor]} to #{auth[:grantee]} " Ironfan.step(auth[:grantor], , :blue) begin Rds.connection.(auth[:grantor], { "CIDRIP" => auth[:grantee] }) rescue Fog::AWS::RDS::AuthorizationAlreadyExists => e Chef::Log.info("ignoring security group error: #{e}") end end .each do |auth| = " ensuring access from #{auth[:grantor]} to #{auth[:grantee]} " Ironfan.step(auth[:grantor], , :blue) aws_account, security_group = auth[:grantee].split('/') begin Rds.connection.(auth[:grantor], { "EC2SecurityGroupName" => security_group, "EC2SecurityGroupOwnerId" => aws_account }) rescue Fog::AWS::RDS::AuthorizationAlreadyExists => e Chef::Log.info("ignoring security group error: #{e}") end end end |
.resource_type ⇒ Object
12 |
# File 'lib/ironfan/provider/rds/security_group.rb', line 12 def self.resource_type() :security_group; end |
.shared? ⇒ Boolean
10 |
# File 'lib/ironfan/provider/rds/security_group.rb', line 10 def self.shared?() true; end |
Instance Method Details
#name ⇒ Object
19 20 21 |
# File 'lib/ironfan/provider/rds/security_group.rb', line 19 def name() adaptee.id end |
#receive_adaptee(obj) ⇒ Object
34 35 36 37 |
# File 'lib/ironfan/provider/rds/security_group.rb', line 34 def receive_adaptee(obj) obj = Rds.connection.security_groups.new(obj) if obj.is_a?(Hash) super end |
#to_s ⇒ Object
39 40 41 |
# File 'lib/ironfan/provider/rds/security_group.rb', line 39 def to_s return "<%-15s %s>" % [ self.class.handle, id ] end |