Class: CloudProviders::SecurityGroup

Inherits:

Ec2Helper

• Object
• CloudProvider
• Ec2Helper
• CloudProviders::SecurityGroup

Defined in:

lib/cloud_providers/ec2/helpers/security_group.rb

Instance Attribute Summary

Attributes inherited from CloudProvider

#init_opts, #name

Instance Method Summary

• #all_security_groups ⇒ Object
• #authorize(o = {}, &block) ⇒ Object
• #authorizes ⇒ Object
• #create_security_group! ⇒ Object
• #revoke(o = {}, &block) ⇒ Object
• #revokes ⇒ Object
• #run ⇒ Object
• #security_groups ⇒ Object
• #should_create_security_group? ⇒ Boolean
• #to_s ⇒ Object

Methods inherited from Ec2Helper

#as, #ec2, #elb, #initialize, #pool, property, #rds

Methods inherited from CloudProvider

#after_initialized, #bootstrap_nodes!, #default_keypair_path, default_keypair_path, #initialize, #method_missing

Constructor Details

This class inherits a constructor from CloudProviders::Ec2Helper

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class CloudProviders::CloudProvider

Instance Method Details

#all_security_groups ⇒ Object

# File 'lib/cloud_providers/ec2/helpers/security_group.rb', line 68

def all_security_groups
  @all_security_groups ||= ec2.describe_security_groups.securityGroupInfo.item.map do |sg|
    perms = sg["ipPermissions"] || {"item" => []} rescue [{"item" => []}]
    {
      :name => sg["groupName"],
      :description => sg["groupDescription"],
      :ip_permissions => perms["item"].map do |i|
        ip_ranges = i["ipRanges"] || {"item" => []} rescue {"item" => []}
        {
          :protocol => i["ipProtocol"],
          :from_port => i["fromPort"],
          :to_port => i["toPort"],
          :ip_ranges => ip_ranges["item"].map do |ip|
            {
              :cidr_ip => ip["cidrIp"]
            }
          end
        }
      end
    }
  end
end

#authorize(o = {}, &block) ⇒ Object

# File 'lib/cloud_providers/ec2/helpers/security_group.rb', line 53

def authorize(o={}, &block)
  authorizes << Authorize.new("#{name}", o.merge(:parent => parent, :cloud => cloud), &block)
end

#authorizes ⇒ Object

# File 'lib/cloud_providers/ec2/helpers/security_group.rb', line 93

def authorizes
  @authorizes ||= []
end

#create_security_group! ⇒ Object

# File 'lib/cloud_providers/ec2/helpers/security_group.rb', line 59

def create_security_group!
  ec2.create_security_group(:group_name => name, :group_description => "PoolParty generated security group: #{name}")
end

#revoke(o = {}, &block) ⇒ Object

# File 'lib/cloud_providers/ec2/helpers/security_group.rb', line 56

def revoke(o={}, &block)
  revokes << Revoke.new("#{name}", o.merge(:parent => parent, :cloud => cloud), &block)
end

#revokes ⇒ Object

# File 'lib/cloud_providers/ec2/helpers/security_group.rb', line 96

def revokes
  @revokes ||= []
end

#run ⇒ Object

# File 'lib/cloud_providers/ec2/helpers/security_group.rb', line 4

def run
  if should_create_security_group?
    create_security_group!
  end
  current_security_groups = security_groups.map {|a|
    # Example:
    #    [{ :ip_permissions=>[
    #       {:ip_ranges=>[{:cidr_ip=>"0.0.0.0/0"}], :from_port=>"22", :protocol=>"tcp", :to_port=>"22"},
    #       {:ip_ranges=>[{:cidr_ip=>"0.0.0.0/0"}], :from_port=>"80", :protocol=>"tcp", :to_port=>"80"} ],
    #     :description=>"PoolParty generated security group: clyde-chefclient", :name=>"clyde-chefclient"}]
    #
    a[:ip_permissions].map do |perm|
      if perm[:group_name]
        {
          :group_name => perm[:group_name]
        }
      else
        (perm[:ip_ranges] || ["0.0.0.0/0"]).map do |range|
          range = range[:cidr_ip] if range.is_a?(Hash)
          {
            :group_name  => a[:name],
            :from_port   => perm[:from_port].to_i,
            :to_port     => perm[:to_port].to_i,
            :cidr_ip     => range,
            :ip_protocol => perm[:protocol]
          }
        end.flatten
      end
    end.flatten
  }.flatten

  authorizes_requested        = authorizes.select{|a| a.name == name }
  authorizes_requested_hashes = authorizes_requested.map{|a| a.to_hash}
  authorizes_needed = []

  # take each requested authorization. If it doesn't exist in the current_security_groups, we need to add it.
  authorizes_requested.each do |a|
    authorizes_needed << a unless current_security_groups.include?(a.to_hash)
  end
  # conversely, every current_security_groups authorization that isn't in the authorizes_requested list must be revoked
  current_security_groups.each do |hsh|
    unless authorizes_requested_hashes.include?(hsh)
      revoke(hsh.merge(:protocol => hsh[:ip_protocol]))
    end
  end

  revokes.each {|r| r.run }
  authorizes_needed.each {|a| a.run}
end

#security_groups ⇒ Object

# File 'lib/cloud_providers/ec2/helpers/security_group.rb', line 65

def security_groups
  @security_groups ||= all_security_groups.select {|sg| sg[:name] == name }
end

#should_create_security_group? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/cloud_providers/ec2/helpers/security_group.rb', line 62

def should_create_security_group?
  security_groups.empty?
end

#to_s ⇒ Object

# File 'lib/cloud_providers/ec2/helpers/security_group.rb', line 90

def to_s
  name
end