From b02c54e6f8f03d17bb133f5f9d043a34f3bf2384 Mon Sep 17 00:00:00 2001 From: Tatsuya Hoshino Date: Thu, 19 Oct 2017 22:09:33 +0900 Subject: [PATCH 1/4] Upgrade aws-sdk to v2 --- bin/piculet | 14 +- lib/piculet.rb | 3 +- lib/piculet/client.rb | 16 +- lib/piculet/dsl/converter.rb | 4 +- lib/piculet/dsl/permission.rb | 2 +- lib/piculet/dsl/permissions.rb | 2 +- lib/piculet/dsl/security-group.rb | 2 +- lib/piculet/exporter.rb | 34 ++-- lib/piculet/ext/ec2-owner-id-ext.rb | 153 +++++++++--------- .../ext/ip-permission-collection-ext.rb | 41 ----- lib/piculet/ext/security-group.rb | 18 ++- lib/piculet/wrapper/permission-collection.rb | 57 +++++-- lib/piculet/wrapper/permission.rb | 37 +++-- .../wrapper/security-group-collection.rb | 5 +- lib/piculet/wrapper/security-group.rb | 33 ++-- piculet.gemspec | 2 +- 16 files changed, 217 insertions(+), 206 deletions(-) delete mode 100644 lib/piculet/ext/ip-permission-collection-ext.rb diff --git a/bin/piculet b/bin/piculet index 510c3f3..13f3e1c 100755 --- a/bin/piculet +++ b/bin/piculet @@ -74,23 +74,23 @@ ARGV.options do |opt| end if role_arn session_name = "piculet-session-#{Time.now.to_i}" - sts = AWS::STS.new(AWSConfig[profile_name].config_hash) - provider = AWS::Core::CredentialProviders::AssumeRoleProvider.new( - sts: sts, + client = Aws::STS::Client.new(AWSConfig[profile_name].config_hash) + provider = Aws::AssumeRoleCredentials.new( + client: client, role_arn: role_arn, role_session_name: session_name ) else - provider = AWS::Core::CredentialProviders::SharedCredentialFileProvider.new(credentials_opts) + provider = Aws::SharedCredentials.new(credentials_opts) end - aws_opts[:credential_provider] = provider + aws_opts[:credentials] = provider elsif (access_key and !secret_key) or (!access_key and secret_key) or mode.nil? puts opt.help exit 1 end aws_opts[:region] = region if region - AWS.config(aws_opts) + Aws.config.update(aws_opts) # Remap groups to exclude to regular expressions (if they're surrounded by '/') if options[:exclude_sgs] @@ -111,7 +111,7 @@ end String.colorize = options[:color] if options[:debug] - AWS.config({ + Aws.config.update({ :http_wire_trace => true, :logger => Piculet::Logger.instance, }) diff --git a/lib/piculet.rb b/lib/piculet.rb index eef70c5..993872d 100644 --- a/lib/piculet.rb +++ b/lib/piculet.rb @@ -9,12 +9,11 @@ require 'hashie' require 'ipaddr' -require 'aws-sdk-v1' +require 'aws-sdk' require 'aws_config' require 'piculet/ext/ec2-owner-id-ext' require 'piculet/ext/security-group' -require 'piculet/ext/ip-permission-collection-ext' require 'piculet/ext/string-ext' require 'piculet/logger' diff --git a/lib/piculet/client.rb b/lib/piculet/client.rb index 0baf709..35e764b 100644 --- a/lib/piculet/client.rb +++ b/lib/piculet/client.rb @@ -5,12 +5,12 @@ class Client def initialize(options = {}) @options = OpenStruct.new(options) @options_hash = options - @options.ec2 = AWS::EC2.new + @options.ec2 = Aws::EC2::Resource.new end def apply(file) @options.ec2.owner_id - AWS.memoize { walk(file) } + walk(file) end def should_skip(sg_name, sg) @@ -38,9 +38,7 @@ def should_skip(sg_name, sg) end def export(options = {}) - exported = AWS.memoize do - Exporter.export(@options.ec2, @options_hash.merge(options)) - end + exported = Exporter.export(@options.ec2, @options_hash.merge(options)) converter = proc do |src| if options[:without_convert] @@ -116,8 +114,8 @@ def walk(file) end def walk_ec2(vpc, ec2_dsl, ec2_aws, collection_api) - sg_list_dsl = collect_to_hash(ec2_dsl.security_groups, :name) - sg_list_aws = collect_to_hash(ec2_aws, :name) + sg_list_dsl = collect_to_hash(ec2_dsl.security_groups, :group_name) + sg_list_aws = collect_to_hash(ec2_aws, :group_name) sg_list_dsl.each do |key, sg_dsl| name = key[0] @@ -180,8 +178,8 @@ def walk_security_group(security_group_dsl, security_group_aws) end def walk_permissions(permissions_dsl, permissions_aws) - perm_list_dsl = collect_to_hash(permissions_dsl, :protocol, :port_range) - perm_list_aws = collect_to_hash(permissions_aws, :protocol, :port_range) + perm_list_dsl = collect_to_hash(permissions_dsl, :ip_protocol, :port_range) + perm_list_aws = collect_to_hash(permissions_aws, :ip_protocol, :port_range) perm_list_aws.each do |key, perm_aws| perm_dsl = perm_list_dsl.delete(key) diff --git a/lib/piculet/dsl/converter.rb b/lib/piculet/dsl/converter.rb index 05f1a88..b71456c 100644 --- a/lib/piculet/dsl/converter.rb +++ b/lib/piculet/dsl/converter.rb @@ -116,8 +116,8 @@ def output_groups(groups) name_or_id = i[:name] || i[:id] owner_id = i[:owner_id] - if AWS::EC2::SecurityGroup.elb?(owner_id) - arg = AWS::EC2::SecurityGroup.elb_sg + if Aws::EC2::SecurityGroup.elb?(owner_id) + arg = Aws::EC2::SecurityGroup.elb_sg elsif @owner_id == owner_id arg = name_or_id else diff --git a/lib/piculet/dsl/permission.rb b/lib/piculet/dsl/permission.rb index 146d267..8f4bcae 100644 --- a/lib/piculet/dsl/permission.rb +++ b/lib/piculet/dsl/permission.rb @@ -12,7 +12,7 @@ def initialize(context, security_group, direction, protocol_prot_range, &block) @protocol_prot_range = protocol_prot_range @context = context.merge( - :protocol => protocol_prot_range[0], + :ip_protocol => protocol_prot_range[0], :port_range => protocol_prot_range[1] ) diff --git a/lib/piculet/dsl/permissions.rb b/lib/piculet/dsl/permissions.rb index 01568a9..6dbe5f0 100644 --- a/lib/piculet/dsl/permissions.rb +++ b/lib/piculet/dsl/permissions.rb @@ -19,7 +19,7 @@ def result protocol, port_range = key OpenStruct.new({ - :protocol => protocol, + :ip_protocol => protocol, :port_range => port_range, :ip_ranges => perm.ip_ranges, :groups => perm.groups, diff --git a/lib/piculet/dsl/security-group.rb b/lib/piculet/dsl/security-group.rb index 4eeb6ef..38bb78d 100644 --- a/lib/piculet/dsl/security-group.rb +++ b/lib/piculet/dsl/security-group.rb @@ -10,7 +10,7 @@ def initialize(context, name, vpc, &block) @context = context.merge(:security_group_name => name) @result = OpenStruct.new({ - :name => name, + :group_name => name, :tags => {}, :ingress => [], :egress => [], diff --git a/lib/piculet/exporter.rb b/lib/piculet/exporter.rb index a0b8abf..02e49b3 100644 --- a/lib/piculet/exporter.rb +++ b/lib/piculet/exporter.rb @@ -16,12 +16,11 @@ def export ec2s = @options[:ec2s] sg_names = @options[:sg_names] sgs = @ec2.security_groups - sgs = sgs.filter('group-name', *sg_names) if sg_names - sgs = sgs.sort_by {|sg| sg.name } + sgs = sgs.select { |sg| sg_names.include?(sg.group_name) } if sg_names + sgs = sgs.sort_by {|sg| sg.group_name } sgs.each do |sg| - vpc = sg.vpc - vpc = vpc.id if vpc + vpc = sg.vpc_id if sg.vpc? if ec2s next unless ec2s.any? {|i| (i == 'classic' and vpc.nil?) or i == vpc } @@ -37,27 +36,32 @@ def export private def export_security_group(security_group) { - :name => security_group.name, + :name => security_group.group_name, :description => security_group.description, :tags => tags_to_hash(security_group.tags), :owner_id => security_group.owner_id, - :ingress => export_ip_permissions(security_group.ingress_ip_permissions), - :egress => export_ip_permissions(security_group.egress_ip_permissions), + :ingress => export_ip_permissions(security_group.ip_permissions), + :egress => export_ip_permissions(security_group.ip_permissions_egress), } end def export_ip_permissions(ip_permissions) - ip_permissions = ip_permissions ? ip_permissions.aggregate : [] + ip_permissions = ip_permissions || [] ip_permissions = ip_permissions.map do |ip_perm| + ip_protocol = ip_perm.ip_protocol == "-1" ? :any : ip_perm.ip_protocol.to_sym + port_range = ip_perm.from_port..ip_perm.to_port + port_range = nil if port_range == (nil..nil) + ip_ranges = ip_perm.ip_ranges.map { |range| range.cidr_ip }.sort { - :protocol => ip_perm.protocol, - :port_range => ip_perm.port_range, - :ip_ranges => ip_perm.ip_ranges.sort, - :groups => ip_perm.groups.map {|group| + :protocol => ip_protocol, + :port_range => port_range, + :ip_ranges => ip_ranges, + :groups => ip_perm.user_id_group_pairs.map {|group| + group = @ec2.security_groups.find { |g| g.id == group.group_id } { - :id => group.id, - :name => group.name, + :id => group.group_id, + :name => group.group_name, :owner_id => group.owner_id, } }.sort_by {|g| g[:name] }, @@ -72,7 +76,7 @@ def export_ip_permissions(ip_permissions) def tags_to_hash(tags) h = {} - tags.map {|k, v| h[k] = v } + tags.each {|tag| h[tag.key] = tag.value } h end end # Exporter diff --git a/lib/piculet/ext/ec2-owner-id-ext.rb b/lib/piculet/ext/ec2-owner-id-ext.rb index ad58a23..59a3b9d 100644 --- a/lib/piculet/ext/ec2-owner-id-ext.rb +++ b/lib/piculet/ext/ec2-owner-id-ext.rb @@ -1,92 +1,95 @@ -module AWS - class EC2 - DESC_OWNER_ID_RETRY_TIMES = 3 - DESC_OWNER_ID_RETRY_WAIT = 3 - SECURITY_GROUP_NAME_MAX_LEN = 255 - - def owner_id - return ENV['AWS_OWNER_ID'] if ENV['AWS_OWNER_ID'] - return @owner_id if @owner_id - - @owner_id = get_owner_id_from_iam || get_owner_id_from_security_group - - return @owner_id - end - - def own?(other) - other == owner_id - end - - private - def get_owner_id_from_iam - credentials = self.config.credential_provider.credentials - iam = AWS::IAM.new(credentials) - user = iam.client.get_user rescue nil - return nil unless user - arn = user[:user][:arn] - arn.split(':')[4] - end - - def get_owner_id_from_security_group - security_group = create_random_security_group - return nil unless security_group - owner_id = random_security_group_owner_id(security_group) - delete_random_security_group(security_group) - return owner_id - end - - def create_random_security_group - security_group = nil - - DESC_OWNER_ID_RETRY_TIMES.times do - name = random_security_group_name - security_group = self.security_groups.create(name) rescue nil - break if security_group - sleep DESC_OWNER_ID_RETRY_WAIT +module Aws + module EC2 + class Resource + DESC_OWNER_ID_RETRY_TIMES = 3 + DESC_OWNER_ID_RETRY_WAIT = 3 + SECURITY_GROUP_NAME_MAX_LEN = 255 + + def owner_id + return ENV['AWS_OWNER_ID'] if ENV['AWS_OWNER_ID'] + return @owner_id if @owner_id + + @owner_id = get_owner_id_from_iam || get_owner_id_from_security_group + + return @owner_id + end + + def own?(other) + other == owner_id end - return security_group - end + private + + def get_owner_id_from_iam + credentials = Aws::EC2::Client.new.config.credentials + iam = Aws::IAM::Client.new(credentials: credentials) + user = iam.get_user rescue nil + return nil unless user + arn = user[:user][:arn] + arn.split(':')[4] + end - def random_security_group_owner_id(security_group) - owner_id = nil + def get_owner_id_from_security_group + security_group = create_random_security_group + return nil unless security_group + owner_id = random_security_group_owner_id(security_group) + delete_random_security_group(security_group) + return owner_id + end - (1..DESC_OWNER_ID_RETRY_TIMES).each do |i| - begin - owner_id = security_group.owner_id - break - rescue => e - raise e unless i < DESC_OWNER_ID_RETRY_TIMES + def create_random_security_group + security_group = nil + + DESC_OWNER_ID_RETRY_TIMES.times do + name = random_security_group_name + security_group = self.security_groups.create(name) rescue nil + break if security_group + sleep DESC_OWNER_ID_RETRY_WAIT end - sleep DESC_OWNER_ID_RETRY_WAIT + return security_group end - return owner_id - end + def random_security_group_owner_id(security_group) + owner_id = nil + + (1..DESC_OWNER_ID_RETRY_TIMES).each do |i| + begin + owner_id = security_group.owner_id + break + rescue => e + raise e unless i < DESC_OWNER_ID_RETRY_TIMES + end - def delete_random_security_group(security_group) - (1..DESC_OWNER_ID_RETRY_TIMES).each do |i| - begin - security_group.delete - break - rescue => e - raise e unless i < DESC_OWNER_ID_RETRY_TIMES + sleep DESC_OWNER_ID_RETRY_WAIT end - sleep DESC_OWNER_ID_RETRY_WAIT + return owner_id end - end - def random_security_group_name - name = [] - len = SECURITY_GROUP_NAME_MAX_LEN + def delete_random_security_group(security_group) + (1..DESC_OWNER_ID_RETRY_TIMES).each do |i| + begin + security_group.delete + break + rescue => e + raise e unless i < DESC_OWNER_ID_RETRY_TIMES + end - while name.length < len - name.concat(('a'..'z').to_a + ('A'..'Z').to_a + (0..9).to_a) + sleep DESC_OWNER_ID_RETRY_WAIT + end end - name.shuffle[0...len].join - end + def random_security_group_name + name = [] + len = SECURITY_GROUP_NAME_MAX_LEN + + while name.length < len + name.concat(('a'..'z').to_a + ('A'..'Z').to_a + (0..9).to_a) + end + + name.shuffle[0...len].join + end + end # Resource end # EC2 -end # AWS +end # Aws diff --git a/lib/piculet/ext/ip-permission-collection-ext.rb b/lib/piculet/ext/ip-permission-collection-ext.rb deleted file mode 100644 index b4892bf..0000000 --- a/lib/piculet/ext/ip-permission-collection-ext.rb +++ /dev/null @@ -1,41 +0,0 @@ -module AWS - class EC2 - class SecurityGroup - DESC_SECURITY_GROUP_RETRY_TIMES = 3 - DESC_SECURITY_GROUP_RETRY_WAIT = 3 - - class IpPermissionCollection - def aggregate - aggregated = nil - - (1..DESC_SECURITY_GROUP_RETRY_TIMES).each do |i| - begin - aggregated = {} - - self.each do |perm| - key = [perm.protocol, perm.port_range] - aggregated[key] ||= {:ip_ranges => [], :groups => []} - aggregated[key][:ip_ranges].concat(perm.ip_ranges || []) - aggregated[key][:groups].concat(perm.groups || []) - end - - break - rescue AWS::EC2::Errors::InvalidGroup::NotFound => e - raise e unless i < DESC_SECURITY_GROUP_RETRY_TIMES - sleep DESC_SECURITY_GROUP_RETRY_WAIT - end - end - - aggregated.map do |key, attrs| - protocol, port_range = key - - OpenStruct.new({ - :protocol => protocol, - :port_range => port_range, - }.merge(attrs)) - end - end - end # IpPermissionCollection - end # SecurityGroup - end # EC2 -end # AWS diff --git a/lib/piculet/ext/security-group.rb b/lib/piculet/ext/security-group.rb index 4eca050..ccd4612 100644 --- a/lib/piculet/ext/security-group.rb +++ b/lib/piculet/ext/security-group.rb @@ -1,5 +1,5 @@ -module AWS - class EC2 +module Aws + module EC2 class SecurityGroup ELB_OWNER = 'amazon-elb' ELB_NAME = 'amazon-elb-sg' @@ -8,11 +8,15 @@ def elb? self.class.elb?(self.owner_id) end - alias name_orig name + def vpc? + vpc_id ? true : false + end + + alias group_name_orig group_name - def name - self.elb? ? ELB_NAME : name_orig - rescue AWS::EC2::Errors::InvalidGroup::NotFound + def group_name + self.elb? ? ELB_NAME : group_name_orig + rescue Aws::EC2::Errors::InvalidGroupNotFound self.id end @@ -27,4 +31,4 @@ def elb?(owner_or_name) end # of class methods end # SecurityGroup end # EC2 -end # AWS +end # Aws diff --git a/lib/piculet/wrapper/permission-collection.rb b/lib/piculet/wrapper/permission-collection.rb index 14a9855..cbadb7a 100644 --- a/lib/piculet/wrapper/permission-collection.rb +++ b/lib/piculet/wrapper/permission-collection.rb @@ -7,13 +7,18 @@ class PermissionCollection def initialize(security_group, direction, options) @security_group = security_group - @permissions = security_group.send("#{direction}_ip_permissions") + case direction + when :ingress + @permissions = security_group.ip_permissions + when :egress + @permissions = security_group.ip_permissions_egress + end @direction = direction @options = options end def each - perm_list = @permissions ? @permissions.aggregate : [] + perm_list = @permissions || [] perm_list.each do |perm| yield(Permission.new(perm, self, @options)) @@ -28,11 +33,13 @@ def authorize(protocol, ports, sources, opts = {}) case @direction when :ingress - @security_group.authorize_ingress(protocol, ports, *sources) + params = permission_params(protocol, ports, sources) + @security_group.authorize_ingress(params) @options.updated = true when :egress sources.push(:protocol => protocol, :ports => ports) - @security_group.authorize_egress(*sources) + params = permission_params(protocol, ports, sources) + @security_group.authorize_egress(params) @options.updated = true end end @@ -46,11 +53,13 @@ def revoke(protocol, ports, sources, opts = {}) case @direction when :ingress - @security_group.revoke_ingress(protocol, ports, *sources) + params = permission_params(protocol, ports, sources) + @security_group.revoke_ingress(params) @options.updated = true when :egress sources.push(:protocol => protocol, :ports => ports) - @security_group.revoke_egress(*sources) + params = permission_params(protocol, ports, sources) + @security_group.revoke_egress(params) @options.updated = true end end @@ -72,7 +81,7 @@ def create(protocol, port_range, dsl) def log_id vpc = @security_group.vpc_id || :classic - name = @security_group.name + name = @security_group.group_name if @security_group.owner_id and not @options.ec2.own?(@security_group.owner_id) name = "#{@security_group.owner_id}/#{name}" @@ -92,19 +101,19 @@ def normalize_sources(sources) when Array owner_id, group = src - if src.any? {|i| AWS::EC2::SecurityGroup.elb?(i) } + if src.any? {|i| Aws::EC2::SecurityGroup.elb?(i) } normalized << { - :user_id => AWS::EC2::SecurityGroup::ELB_OWNER, - :group_name => AWS::EC2::SecurityGroup::ELB_NAME + :user_id => Aws::EC2::SecurityGroup::ELB_OWNER, + :group_name => Aws::EC2::SecurityGroup::ELB_NAME } else unless group =~ /\Asg-[0-9a-f]+\Z/ - sg_coll = @options.ec2.security_groups.filter('group-name', group) + sg_coll = @options.ec2.security_groups.select { |sg| sg.group_name == group } if @options.ec2.own?(owner_id) - sg_coll = sg_coll.filter('vpc-id', @security_group.vpc_id) if @security_group.vpc? + sg_coll = sg_coll.select { |sg| sg.vpc_id == @security_group.vpc_id } if @security_group.vpc? else - sg_coll = sg_coll.filter('owner-id', owner_id) + sg_coll = sg_coll.select { |sg| sg.owner_id == @security_group.owner_id } end unless (sg = sg_coll.first) @@ -134,6 +143,28 @@ def format_sources(sources) end }.join(', ') end + + def permission_params(protocol, ports, sources) + ip_protocol = protocol == :any ? "-1" : protocol.to_sym + ports = ports || (-1..-1) + + ip_permissions = [] + sources.each do |source| + permission = { ip_protocol: ip_protocol, from_port: ports.begin, to_port: ports.end } + if valid_ip?(source) + permission.merge!({ ip_ranges: [ { cidr_ip: source } ] }) + else + permission.merge!({ user_id_group_pairs: [ { group_id: source[:group_id] } ] }) + end + ip_permissions << Aws::EC2::Types::IpPermission.new(permission) + end + + { ip_permissions: ip_permissions } + end + + def valid_ip?(str) + !!IPAddr.new(str) rescue false + end end # PermissionCollection end # SecurityGroup end # SecurityGroupCollection diff --git a/lib/piculet/wrapper/permission.rb b/lib/piculet/wrapper/permission.rb index 531ee16..d186593 100644 --- a/lib/piculet/wrapper/permission.rb +++ b/lib/piculet/wrapper/permission.rb @@ -9,7 +9,7 @@ class Permission def_delegators( :@permission, - :protocol, :port_range, :ip_ranges, :groups) + :from_port, :to_port, :ip_ranges, :groups) def initialize(permission, collection, options) @permission = permission @@ -17,6 +17,10 @@ def initialize(permission, collection, options) @options = options end + def ip_protocol + @permission.ip_protocol == "-1" ? :any : @permission.ip_protocol.to_sym + end + def eql?(dsl) dsl_ip_ranges, dsl_groups, self_ip_ranges, self_groups = normalize_attrs(dsl) (self_ip_ranges == dsl_ip_ranges) and (self_groups == dsl_groups) @@ -28,11 +32,11 @@ def update(dsl) plus_ip_ranges, minus_ip_ranges, plus_groups, minus_groups = diff(dsl) unless (plus_ip_ranges + plus_groups).empty? - @collection.authorize(protocol, port_range, (plus_ip_ranges + plus_groups), :log_color => :green) + @collection.authorize(ip_protocol, port_range, (plus_ip_ranges + plus_groups), :log_color => :green) end unless (minus_ip_ranges + minus_groups).empty? - @collection.revoke(protocol, port_range, (minus_ip_ranges + minus_groups), :log_color => :green) + @collection.revoke(ip_protocol, port_range, (minus_ip_ranges + minus_groups), :log_color => :green) end end @@ -42,13 +46,21 @@ def delete self_ip_ranges, self_groups = normalize_self_attrs([]) unless (self_ip_ranges + self_groups).empty? - @collection.revoke(protocol, port_range, (self_ip_ranges + self_groups), :log_color => :red) + @collection.revoke(ip_protocol, port_range, (self_ip_ranges + self_groups), :log_color => :red) + end + end + + def port_range + range = from_port..to_port + if range == (nil..nil) + range = nil end + range end private def log_id - "#{@collection.log_id} > #{protocol} #{port_range}" + "#{@collection.log_id} > #{ip_protocol} #{port_range}" end def diff(dsl) @@ -67,8 +79,8 @@ def normalize_attrs(dsl) dsl_groups = (dsl.groups || []).map {|i| if i.kind_of?(Array) i - elsif AWS::EC2::SecurityGroup.elb?(i) - [AWS::EC2::SecurityGroup::ELB_OWNER, AWS::EC2::SecurityGroup::ELB_NAME] + elsif Aws::EC2::SecurityGroup.elb?(i) + [Aws::EC2::SecurityGroup::ELB_OWNER, Aws::EC2::SecurityGroup::ELB_NAME] else [@options.ec2.owner_id, i] end @@ -80,12 +92,13 @@ def normalize_attrs(dsl) end def normalize_self_attrs(dsl_group_names) - self_ip_ranges = (@permission.ip_ranges || []).sort - self_groups = (@permission.groups || []).map {|i| - if dsl_group_names.include?(i.security_group_id) - [i.owner_id, i.security_group_id] + self_ip_ranges = @permission.ip_ranges.map { |range| range.cidr_ip }.sort + self_groups = (@permission.user_id_group_pairs || []).map {|i| + if dsl_group_names.include?(i.group_id) + [i.user_id, i.group_id] else - [i.owner_id, i.name] + group = @options.ec2.security_groups.find { |g| g.id == i.group_id } + [i.user_id, group.group_name] end }.sort diff --git a/lib/piculet/wrapper/security-group-collection.rb b/lib/piculet/wrapper/security-group-collection.rb index 32763d4..d9cfd9f 100644 --- a/lib/piculet/wrapper/security-group-collection.rb +++ b/lib/piculet/wrapper/security-group-collection.rb @@ -18,9 +18,10 @@ def create(name, opts = {}) log(:info, 'Create SecurityGroup', :cyan, "#{opts[:vpc] || :classic} > #{name}") if @options.dry_run - sg = OpenStruct.new({:id => '', :name => name, :vpc_id => opts[:vpc], :tags => {}}.merge(opts)) + sg = OpenStruct.new({:id => '', :group_name => name, :vpc_id => opts[:vpc], :tags => {}}.merge(opts)) else - sg = @security_groups.create(name, opts) + args = { :group_name => name, :vpc_id => opts[:vpc], :description => opts[:description] } + sg = @options.ec2.create_security_group(args) @options.updated = true end diff --git a/lib/piculet/wrapper/security-group.rb b/lib/piculet/wrapper/security-group.rb index d8b7e47..bda1409 100644 --- a/lib/piculet/wrapper/security-group.rb +++ b/lib/piculet/wrapper/security-group.rb @@ -7,7 +7,11 @@ class SecurityGroup def_delegators( :@security_group, - :vpc_id, :name) +# <<<<<<< HEAD +# :vpc_id, :name) +# ======= + :vpc_id, :group_name) +#>>>>>>> Upgrade aws-sdk to v2 def initialize(security_group, options) @security_group = security_group @@ -20,19 +24,19 @@ def eql?(dsl) def update(dsl) unless description_eql?(dsl) - log(:warn, '`description` cannot be updated', :yellow, "#{vpc_id || :classic} > #{name}") + log(:warn, '`description` cannot be updated', :yellow, "#{vpc_id || :classic} > #{group_name}") end unless tags_eql?(dsl) - log(:info, 'Update SecurityGroup', :green, "#{vpc_id || :classic} > #{name}") + log(:info, 'Update SecurityGroup', :green, "#{vpc_id || :classic} > #{group_name}") update_tags(dsl) end end def delete - log(:info, 'Delete SecurityGroup', :red, "#{vpc_id || :classic} > #{name}") + log(:info, 'Delete SecurityGroup', :red, "#{vpc_id || :classic} > #{group_name}") - if name == 'default' + if group_name == 'default' log(:warn, 'SecurityGroup `default` is reserved', :yellow) else unless @options.dry_run @@ -48,7 +52,7 @@ def vpc? def tags h = {} - @security_group.tags.map {|k, v| h[k] = v } + @security_group.tags.map {|tag| h[tag.key] = tag.value } h end @@ -78,23 +82,18 @@ def update_tags(dsl) log(:info, " tags:\n".green + Piculet::Utils.diff(self_tags, dsl_tags, :color => @options.color, :indent => ' '), false) unless @options.dry_run - if dsl_tags.empty? - @security_group.tags.clear - else - delete_keys = self_tags.keys - dsl_tags.keys - # XXX: `delete` method does not remove the tag. It's seems a bug in the API - #@security_group.tags.delete(delete_keys) unless delete_keys.empty? - @security_group.tags.clear unless delete_keys.empty? - @security_group.tags.set(dsl_tags) - end + client = @security_group.client + id = @security_group.id + client.delete_tags(resources: [ id ], tags: []) + client.create_tags(resources: [ id ], tags: dsl_tags) @options.updated = true end end def normalize_tags(src) - normalized = {} - src.map {|k, v| normalized[k.to_s] = v.to_s } + normalized = [] + src.map {|k, v| normalized << { key: k.to_s, value: v.to_s } } normalized end end # SecurityGroup diff --git a/piculet.gemspec b/piculet.gemspec index 48a2c53..5bcda93 100644 --- a/piculet.gemspec +++ b/piculet.gemspec @@ -14,7 +14,7 @@ Gem::Specification.new do |spec| spec.license = "MIT" spec.files = %w(README.md) + Dir.glob('bin/**/*') + Dir.glob('lib/**/*') - spec.add_dependency "aws-sdk-v1", ">= 1.48.0" + spec.add_dependency "aws-sdk", "~> 2.10" spec.add_dependency "term-ansicolor", ">= 1.2.2" spec.add_dependency "diffy" spec.add_dependency "hashie" From d8a53a6b86e32224cc1f7f33b30800d8b309f76f Mon Sep 17 00:00:00 2001 From: Tatsuya Hoshino Date: Thu, 19 Oct 2017 22:10:00 +0900 Subject: [PATCH 2/4] Fix specs for aws-sdk v2 --- spec/piculet_create_permission_spec.rb | 2 +- spec/piculet_delete_permission_spec.rb | 2 +- spec/piculet_merge_spec.rb | 2 +- spec/piculet_spec.rb | 2 +- spec/piculet_update_permission_spec.rb | 2 +- spec/piculet_update_tags_spec.rb | 2 +- spec/spec_helper.rb | 10 +++++----- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/spec/piculet_create_permission_spec.rb b/spec/piculet_create_permission_spec.rb index f63042d..614515d 100644 --- a/spec/piculet_create_permission_spec.rb +++ b/spec/piculet_create_permission_spec.rb @@ -9,7 +9,7 @@ EOS } - @ec2 = AWS::EC2.new + @ec2 = Aws::EC2::Resource.new } after(:all) do diff --git a/spec/piculet_delete_permission_spec.rb b/spec/piculet_delete_permission_spec.rb index 7ae5802..9c43478 100644 --- a/spec/piculet_delete_permission_spec.rb +++ b/spec/piculet_delete_permission_spec.rb @@ -9,7 +9,7 @@ EOS } - @ec2 = AWS::EC2.new + @ec2 = Aws::EC2::Resource.new } after(:all) do diff --git a/spec/piculet_merge_spec.rb b/spec/piculet_merge_spec.rb index 93f6d74..29fb3b6 100644 --- a/spec/piculet_merge_spec.rb +++ b/spec/piculet_merge_spec.rb @@ -9,7 +9,7 @@ RUBY } - @ec2 = AWS::EC2.new + @ec2 = Aws::EC2::Resource.new } after(:all) do diff --git a/spec/piculet_spec.rb b/spec/piculet_spec.rb index 1536d56..3a58b8b 100644 --- a/spec/piculet_spec.rb +++ b/spec/piculet_spec.rb @@ -9,7 +9,7 @@ EOS } - @ec2 = AWS::EC2.new + @ec2 = Aws::EC2::Resource.new } after(:all) do diff --git a/spec/piculet_update_permission_spec.rb b/spec/piculet_update_permission_spec.rb index dd13c59..38010df 100644 --- a/spec/piculet_update_permission_spec.rb +++ b/spec/piculet_update_permission_spec.rb @@ -9,7 +9,7 @@ EOS } - @ec2 = AWS::EC2.new + @ec2 = Aws::EC2::Resource.new } after(:all) do diff --git a/spec/piculet_update_tags_spec.rb b/spec/piculet_update_tags_spec.rb index 890352f..657df4c 100644 --- a/spec/piculet_update_tags_spec.rb +++ b/spec/piculet_update_tags_spec.rb @@ -9,7 +9,7 @@ EOS } - @ec2 = AWS::EC2.new + @ec2 = Aws::EC2::Resource.new } after(:all) do diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index def316b..38c0d65 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,5 +1,5 @@ require 'rubygems' -require 'aws-sdk-v1' +require 'aws-sdk' require 'piculet' TEST_VPC_ID = ENV['TEST_VPC_ID'] @@ -7,7 +7,7 @@ RETRY_TIMES = 10 EMPTY_ARRAY = [] -AWS.config({ +Aws.config.update({ :access_key_id => (ENV['TEST_AWS_ACCESS_KEY_ID'] || 'scott'), :secret_access_key => (ENV['TEST_AWS_SECRET_ACCESS_KEY'] || 'tiger'), :region => ENV['TEST_AWS_REGION'], @@ -25,7 +25,7 @@ def groupfile(options = {}) }.merge(options) if options[:debug] - AWS.config({ + Aws.config.update({ :http_wire_trace => true, :logger => (options[:logger] || Piculet::Logger.instance), }) @@ -37,7 +37,7 @@ def groupfile(options = {}) begin updated = client.apply(tempfile) break - rescue AWS::EC2::Errors::InvalidGroup::NotFound => e + rescue Aws::EC2::Errors::InvalidGroupNotFound => e raise e unless i < RETRY_TIMES end end @@ -55,7 +55,7 @@ def export_security_groups(options = {}) }.merge(options) if options[:debug] - AWS.config({ + Aws.config.update({ :http_wire_trace => true, :logger => (options[:logger] || Piculet::Logger.instance), }) From dc5e320e7772be5bfca75f728a7fdd1101bb9022 Mon Sep 17 00:00:00 2001 From: Tatsuya Hoshino Date: Tue, 28 Nov 2017 21:23:29 +0900 Subject: [PATCH 3/4] To fix NoMethodError, replace an old method with a new one --- lib/piculet/ext/ec2-owner-id-ext.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/piculet/ext/ec2-owner-id-ext.rb b/lib/piculet/ext/ec2-owner-id-ext.rb index 59a3b9d..e8251d5 100644 --- a/lib/piculet/ext/ec2-owner-id-ext.rb +++ b/lib/piculet/ext/ec2-owner-id-ext.rb @@ -42,7 +42,7 @@ def create_random_security_group DESC_OWNER_ID_RETRY_TIMES.times do name = random_security_group_name - security_group = self.security_groups.create(name) rescue nil + security_group = self.create_security_group(group_name: name, description: name) rescue nil break if security_group sleep DESC_OWNER_ID_RETRY_WAIT end From b065a7ffd0addafef94e2d6c438c2676c868423a Mon Sep 17 00:00:00 2001 From: Tatsuya Hoshino Date: Mon, 26 Mar 2018 23:55:45 +0900 Subject: [PATCH 4/4] Refactor variable names to make it clearer --- lib/piculet/exporter.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/piculet/exporter.rb b/lib/piculet/exporter.rb index 02e49b3..c9bb6c1 100644 --- a/lib/piculet/exporter.rb +++ b/lib/piculet/exporter.rb @@ -58,11 +58,11 @@ def export_ip_permissions(ip_permissions) :port_range => port_range, :ip_ranges => ip_ranges, :groups => ip_perm.user_id_group_pairs.map {|group| - group = @ec2.security_groups.find { |g| g.id == group.group_id } + g = @ec2.security_group(group.group_id) { - :id => group.group_id, - :name => group.group_name, - :owner_id => group.owner_id, + :id => g.group_id, + :name => g.group_name, + :owner_id => g.owner_id, } }.sort_by {|g| g[:name] }, }