Class: Ironfan::Provider::Rds::SecurityGroup

Inherits:
Ironfan::Provider::Resource show all
Defined in:
lib/ironfan/headers.rb,
lib/ironfan/provider/rds/security_group.rb

Instance Attribute Summary

Attributes inherited from Ironfan::Provider::Resource

#owner, #users

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Ironfan::Provider::Resource

aggregate!, #bogus?, create!, destroy!, forget, forget!, handle, known, #on_correlate, patiently, recall, recall?, receive, register, remember, save!, validate_computer!, validate_resources!

Methods inherited from Builder

ui, #ui

Class Method Details

.expected_ids(computer) ⇒ Object



13
14
15
16
17
# File 'lib/ironfan/provider/rds/security_group.rb', line 13

def self.expected_ids(computer)
  return unless computer.server
  rds = computer.server.cloud(:rds)
  rds.security_groups.keys.uniq
end

.load!(cluster = nil) ⇒ Object

Discovery



26
27
28
29
30
31
32
# File 'lib/ironfan/provider/rds/security_group.rb', line 26

def self.load!(cluster=nil)
  Rds.connection.security_groups.reject { |raw| raw.blank? }.each do |raw|
    sg = SecurityGroup.new(:adaptee => raw)
    remember(sg)
    Chef::Log.debug("Loaded #{sg}: #{sg.inspect}")
  end
end

.multiple?Boolean

Returns:

  • (Boolean)


11
# File 'lib/ironfan/provider/rds/security_group.rb', line 11

def self.multiple?()    true;   end

.prepare!(computers) ⇒ Object

Manipulation



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# File 'lib/ironfan/provider/rds/security_group.rb', line 47

def self.prepare!(computers)

  # Create any groups that don't yet exist, and ensure any authorizations
  # that are required for those groups
  cluster_name             = nil
  groups_to_create         = [ ]
  ec2_authorizations       = [ ]
  ip_authorizations        = [ ]

  # First, deduce the list of all groups to which at least one instance belongs
  # We'll use this later to decide whether to create groups, or authorize access,
  # using a VPC security group or an EC2 security group.

  computers.select { |computer| Rds.applicable computer }.each do |computer|
    cloud           = computer.server.cloud(:rds)
    cluster_name    = computer.server.cluster_name

    # Iterate over all of the security group information, keeping track of
    # any groups that must exist and any authorizations that must be ensured
    cloud.security_groups.values.each do |dsl_group|
      groups_to_create << dsl_group.name
      ip_authorizations << dsl_group.ip_authorizations.map do |ip|
        { 
          :grantor => dsl_group.name, 
          :grantee => ip,
        }
      end

      ec2_authorizations << dsl_group.ec2_authorizations.map do |ec2|
        {
          :grantor => dsl_group.name, 
          :grantee => ec2,
        }
      end
    end
  end

  groups_to_create   = groups_to_create.flatten.uniq.reject { |group| recall? group.to_s }.sort
  ip_authorizations  = ip_authorizations.flatten.uniq.sort { |a,b| a[:grantor] <=> b[:grantor] }
  ec2_authorizations = ec2_authorizations.flatten.uniq.sort { |a,b| a[:grantor] <=> b[:grantor] }

  Ironfan.step(cluster_name, "creating security groups", :blue) unless groups_to_create.empty?
  groups_to_create.each do |group|
    Ironfan.step(group, "creating #{group} security group", :blue)
    begin
      Rds.connection.create_db_security_group(group,"Ironfan created group #{group}")
    rescue Fog::Compute::AWS::Error => e # InvalidPermission.Duplicate
      Chef::Log.info("ignoring security group error: #{e}")
    end
  end

  # Re-load everything so that we have a @@known list of security groups to manipulate
  load! unless groups_to_create.empty?

  # Now make sure that all required authorizations are present
  Ironfan.step(cluster_name, "ensuring security group permissions", :blue) unless (ec2_authorizations.empty? or ip_authorizations.empty?)
  ip_authorizations.each do |auth|
    message = " ensuring access from #{auth[:grantor]} to #{auth[:grantee]} "
    Ironfan.step(auth[:grantor], message, :blue)
    begin 
      Rds.connection.authorize_db_security_group_ingress(auth[:grantor], { "CIDRIP" => auth[:grantee] })
    rescue Fog::AWS::RDS::AuthorizationAlreadyExists => e
      Chef::Log.info("ignoring security group error: #{e}")
    end
  end

  ec2_authorizations.each do |auth|
    message = " ensuring access from #{auth[:grantor]} to #{auth[:grantee]} "
    Ironfan.step(auth[:grantor], message, :blue)
    , security_group = auth[:grantee].split('/')
    begin 
      Rds.connection.authorize_db_security_group_ingress(auth[:grantor], { "EC2SecurityGroupName" => security_group, "EC2SecurityGroupOwnerId" =>  })
    rescue Fog::AWS::RDS::AuthorizationAlreadyExists => e
      Chef::Log.info("ignoring security group error: #{e}")
    end
  end

end

.resource_typeObject



12
# File 'lib/ironfan/provider/rds/security_group.rb', line 12

def self.resource_type()        :security_group;   end

.shared?Boolean

Returns:

  • (Boolean)


10
# File 'lib/ironfan/provider/rds/security_group.rb', line 10

def self.shared?()      true;   end

Instance Method Details

#nameObject



19
20
21
# File 'lib/ironfan/provider/rds/security_group.rb', line 19

def name()
  adaptee.id
end

#receive_adaptee(obj) ⇒ Object



34
35
36
37
# File 'lib/ironfan/provider/rds/security_group.rb', line 34

def receive_adaptee(obj)
  obj = Rds.connection.security_groups.new(obj) if obj.is_a?(Hash)
  super
end

#to_sObject



39
40
41
# File 'lib/ironfan/provider/rds/security_group.rb', line 39

def to_s
    return "<%-15s %s>" % [ self.class.handle, id ]
end