aws-eni 0.2.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fe0e076295a17d9cc4c63a7227f83be289fcb4b3
-  data.tar.gz: 51dfdb49ec4bba211e5105f3eafed74fc210cdcc
+  metadata.gz: 31f890a936163bc23d0c7bec943936be043fda58
+  data.tar.gz: 4e5d5ac127109e761af68f26ce33caff51a00121
 SHA512:
-  metadata.gz: aa9fd08058dfda15e1c473108105d37e6aaf1c64a322fe249a1c5f469b494399895395f2df2c18d12df7a1d5cbac8811393693e48d032d5824c0b70fc6880b72
-  data.tar.gz: 7da3b4bd53b7944f744e02c76bc9dc7a691cde2b76ecb708dba83006045e21a3dd30e4c8f35cc0f149762079e4d94f4a9c732e38c2bfb4e54a0fe7c886ccdfae
+  metadata.gz: f71962db0b6c220aef90fbc6cf3c4c57d2100b90177e7a34f2a33fd78f5c67bd262c2b373269f70299c325d0a5aef1891f5a79cf0a222580ca720290957f69ea
+  data.tar.gz: 62990ff085b4609f33745d40571ec86ba3ef1b00cc568a84ba8eea2c0b5f3534d90a7960a96d673f6b77b73c0ab38a22aff9fbeb9e56cb1d58467833d0f46d2f

data/bin/aws-eni

@@ -25,7 +25,7 @@ switch [:V,:verbose], negatable: false
 
 pre do |opt|
   Aws::ENI.timeout 90
-  Aws::ENI::IFconfig.verbose = opt[:verbose]
+  Aws::ENI.verbose opt[:verbose]
   true
 end
 
@@ -164,8 +164,8 @@ command [:enable,:up] do |c|
   c.action do |global,opts,args|
     help_now! "Incorrect number of arguments" unless args.count.between?(0,1)
     args.delete('all')
-    Aws::ENI::IFconfig.filter(args.first).each(&:enable)
-    puts "interfaces enabled"
+    enabled = Aws::ENI::enable(args.first)
+    puts "#{enabled} interfaces enabled"
   end
 end
 
@@ -183,14 +183,8 @@ command [:disable,:down] do |c|
   c.action do |global,opts,args|
     help_now! "Incorrect number of arguments" unless args.count.between?(0,1)
     args.delete('all')
-    Aws::ENI::IFconfig.filter(args.first).each do |dev|
-      if dev.name == 'eth0'
-        warn 'skipping eth0'
-      else
-        dev.disable
-        puts "interface #{dev.name} disabled"
-      end
-    end
+    disabled = Aws::ENI::disable(args.first)
+    puts "#{disabled} interfaces disabled"
   end
 end
 
@@ -250,12 +244,21 @@ command [:attach] do |c|
     else
       args.delete('new')
       params = parse_args args, :subnet_id, :security_groups, :primary_ip
-      Aws::ENI.assert_ifconfig_access if config
+      Aws::ENI.assert_interface_access if config
       interface = Aws::ENI.create_interface(params)
       puts "interface #{interface[:interface_id]} created on #{interface[:subnet_id]}"
       id = interface[:interface_id]
+      new_interface = true
+    end
+    begin
+      device = Aws::ENI.attach_interface(id, enable: config, configure: config, block: opts[:block])
+    rescue Aws::ENI::Errors::ClientOperationError => e
+      warn e.message
+      if new_interface && Aws::ENI.clean_interfaces(id, safe_mode: false)
+        puts "interface #{id} deleted"
+      end
+      exit_now! "attachment failed"
     end
-    device = Aws::ENI.attach_interface(id, enable: config, configure: config, block: opts[:block])
     puts "interface #{device[:interface_id]} attached to #{device[:device_name]}"
     puts "device #{device[:device_name]} enabled and configured" if config
   end
@@ -295,7 +298,7 @@ command [:detach] do |c|
     device[:public_ips].each do |address|
       if device[:released]
         puts "EIP #{address[:public_ip]} (#{address[:allocation_id]}) dissociated and released"
-      else
+      elsif device[:deleted]
         puts "EIP #{address[:public_ip]} (#{address[:allocation_id]}) dissociated"
       end
     end
@@ -366,7 +369,7 @@ command [:assign] do |c|
     help_now! "Missing argument" if device.nil?
 
     params.merge! configure: !opts[:noconfig], block: opts[:block]
-    Aws::ENI.assert_ifconfig_access if params[:configure]
+    Aws::ENI.assert_interface_access if params[:configure]
 
     assignment = Aws::ENI.assign_secondary_ip(device, params)
     puts "IP #{assignment[:private_ip]} assigned to #{assignment[:device_name]} (#{assignment[:interface_id]})"
@@ -498,8 +501,8 @@ command [:test] do |c|
   c.action do |global,opts,args|
     help_now! "Too many arguments" if args.count > 1
 
-    print 'IFconfig permissions test... '
-    if Aws::ENI.can_modify_ifconfig?
+    print 'Interface permissions test... '
+    if Aws::ENI.has_interface_access?
       puts 'success!'
     else
       puts 'failed'
@@ -507,7 +510,7 @@ command [:test] do |c|
     end
 
     print 'AWS EC2 permissions test... '
-    if Aws::ENI.can_access_ec2?
+    if Aws::ENI.has_client_access?
       puts 'success!'
     else
       puts 'failed'
@@ -519,10 +522,14 @@ end
 
 # error handling
 
-on_error do |exception|
-  if Aws::ENI::PermissionError === exception
-    warn 'error: This action requires super-user privileges (try sudo)'
-    false
+on_error do |error|
+  case error
+  when Aws::ENI::Errors::InterfacePermissionError
+    warn 'Error: This action requires super-user privileges (try sudo)'
+  when Aws::ENI::Errors::ClientPermissionError
+    warn 'Error: Insufficient EC2 operation privileges (check AWS IAM policy)'
+  when Aws::ENI::Errors::ServiceError
+    warn "Error: #{error.message}"
   else
     true
   end

data/lib/aws-eni.rb

@@ -1,30 +1,29 @@
 require 'time'
-require 'aws-sdk'
 require 'aws-eni/version'
 require 'aws-eni/errors'
 require 'aws-eni/meta'
-require 'aws-eni/ifconfig'
+require 'aws-eni/client'
+require 'aws-eni/interface'
 
 module Aws
   module ENI
     extend self
 
     def environment
-      @environment ||= {}.tap do |e|
-        hwaddr = IFconfig['eth0'].hwaddr
-        Meta.open_connection do |conn|
-          e[:instance_id] = Meta.http_get(conn, 'instance-id')
-          e[:availability_zone] = Meta.http_get(conn, 'placement/availability-zone')
-          e[:region] = e[:availability_zone].sub(/(.*)[a-z]/,'\1')
-          e[:vpc_id] = Meta.http_get(conn, "network/interfaces/macs/#{hwaddr}/vpc-id")
-          e[:vpc_cidr] = Meta.http_get(conn, "network/interfaces/macs/#{hwaddr}/vpc-ipv4-cidr-block")
-        end
-        unless e[:vpc_id]
-          raise EnvironmentError, "Unable to detect VPC settings, library incompatible with EC2-Classic"
-        end
-      end.freeze
-    rescue ConnectionFailed
-      raise EnvironmentError, "Unable to load EC2 meta-data"
+      @environment ||= Meta.connection do
+        hwaddr = Meta.instance('network/interfaces/macs/').lines.first.strip.chomp('/')
+        {
+          instance_id:       Meta.instance('instance-id'),
+          availability_zone: Meta.instance('placement/availability-zone'),
+          region:            Meta.instance('placement/availability-zone').sub(/^(.*)[a-z]$/,'\1'),
+          vpc_id:            Meta.interface(hwaddr, 'vpc-id'),
+          vpc_cidr:          Meta.interface(hwaddr, 'vpc-ipv4-cidr-block')
+        }.freeze
+      end
+    rescue Errors::MetaNotFound
+      raise Errors::EnvironmentError, 'Unable to detect VPC, library incompatible with EC2-Classic'
+    rescue Errors::MetaConnectionFailed
+      raise Errors::EnvironmentError, 'Unable to load EC2 meta-data'
     end
 
     def owner_tag(new_owner = nil)
@@ -37,40 +36,54 @@ module Aws
       @timeout ||= 30
     end
 
-    def client
-      @client ||= Aws::EC2::Client.new(region: environment[:region])
+    def verbose(set_verbose = nil)
+      unless set_verbose.nil?
+        @verbose = !!set_verbose
+        Interface.verbose = @verbose
+      end
+      @verbose
     end
 
     # return our internal model of this instance's network configuration on AWS
     def list(filter = nil)
-      IFconfig.filter(filter).map(&:to_h) if environment
+      Interface.filter(filter).map(&:to_h) if environment
     end
 
     # sync local machine's network interface config with the EC2 meta-data
     # pass dry_run option to check whether configuration is out of sync without
     # modifying it
     def configure(filter = nil, options = {})
-      IFconfig.configure(filter, options) if environment
+      Interface.configure(filter, options) if environment
     end
 
     # clear local machine's network interface config
     def deconfigure(filter = nil)
-      IFconfig.deconfigure(filter) if environment
+      Interface.deconfigure(filter) if environment
+    end
+
+    # enable one or more network interfaces
+    def enable(filter = nil)
+      Interface.filter(filter).select{ |dev| !dev.enabled? }.each(&:enable).count
+    end
+
+    # disable one or more network interfaces
+    def disable(filter = nil)
+      Interface.filter(filter).select{ |dev| dev.enabled? && dev.name != 'eth0' }.each(&:disable).count
     end
 
     # create network interface
     def create_interface(options = {})
       timestamp = Time.now.xmlschema
       params = {}
-      params[:subnet_id] = options[:subnet_id] || IFconfig.first.subnet_id
+      params[:subnet_id] = options[:subnet_id] || Interface.first.subnet_id
       params[:private_ip_address] = options[:primary_ip] if options[:primary_ip]
       params[:groups] = [*options[:security_groups]] if options[:security_groups]
       params[:description] = "generated by #{owner_tag} from #{environment[:instance_id]} on #{timestamp}"
 
-      response = client.create_network_interface(params)
-      wait_for 'the interface to be created', rescue: Aws::EC2::Errors::ServiceError do
-        if interface_status(response[:network_interface][:network_interface_id]) == 'available'
-          client.create_tags(resources: [response[:network_interface][:network_interface_id]], tags: [
+      interface = Client.create_network_interface(params)[:network_interface]
+      wait_for 'the interface to be created', rescue: Errors::UnknownInterface do
+        if Client.describe_interface(interface[:network_interface_id])
+          Client.create_tags(resources: [interface[:network_interface_id]], tags: [
             { key: 'created by',   value: owner_tag },
             { key: 'created on',   value: timestamp },
             { key: 'created from', value: environment[:instance_id] }
@@ -78,9 +91,9 @@ module Aws
         end
       end
       {
-        interface_id: response[:network_interface][:network_interface_id],
-        subnet_id:    response[:network_interface][:subnet_id],
-        api_response: response[:network_interface]
+        interface_id: interface[:network_interface_id],
+        subnet_id:    interface[:subnet_id],
+        api_response: interface
       }
     end
 
@@ -88,19 +101,23 @@ module Aws
     def attach_interface(id, options = {})
       do_enable = true unless options[:enable] == false
       do_config = true unless options[:configure] == false
-      assert_ifconfig_access if do_config || do_enable
+      assert_interface_access if do_config || do_enable
 
-      device = IFconfig[options[:device_number] || options[:name]].assert(exists: false)
+      device = Interface[options[:device_number] || options[:name]].assert(exists: false)
 
-      response = client.attach_network_interface(
-        network_interface_id: id,
-        instance_id: environment[:instance_id],
-        device_index: device.device_number
-      )
+      begin
+        response = Client.attach_network_interface(
+          network_interface_id: id,
+          instance_id: environment[:instance_id],
+          device_index: device.device_number
+        )
+      rescue EC2::Errors::AttachmentLimitExceeded
+        raise Errors::ClientOperationError, "Unable to attach #{id} to #{device.name} (attachment limit exceeded)"
+      end
 
       if options[:block] || do_config || do_enable
-        wait_for 'the interface to attach', rescue: ConnectionFailed do
-          device.exists? && interface_status(device.interface_id) == 'in-use'
+        wait_for 'the interface to attach', rescue: Errors::MetaNotFound do
+          device.exists? && Client.interface_attached(device.interface_id)
         end
       end
       device.configure if do_config
@@ -117,30 +134,25 @@ module Aws
 
     # detach network interface
     def detach_interface(id, options = {})
-      device = IFconfig[id].assert(
+      device = Interface[id].assert(
         exists: true,
         device_name:   options[:device_name],
         interface_id:  options[:interface_id],
         device_number: options[:device_number]
       )
+      interface = Client.describe_interface(device.interface_id)
+
       if device.name == 'eth0'
-        raise InvalidParameterError, "For safety, interface eth0 cannot be detached."
+        raise Errors::InvalidInterface, 'For safety, interface eth0 cannot be detached.'
       end
-      interface_id = device.interface_id
 
-      response = client.describe_network_interfaces(filters: [{
-        name: 'attachment.instance-id',
-        values: [environment[:instance_id]]
-      },{
-        name: 'network-interface-id',
-        values: [interface_id]
-      }])
-      interface = response[:network_interfaces].first
-      raise UnknownInterfaceError, "Interface attachment could not be located" unless interface
+      unless interface[:attachment] && interface[:attachment][:instance_id] == environment[:instance_id]
+        raise Errors::UnknownInterface, "Interface #{interface_id} is not attached to this machine"
+      end
 
       device.disable
       device.deconfigure
-      client.detach_network_interface(
+      Client.detach_network_interface(
         attachment_id: interface[:attachment][:attachment_id],
         force: true
       )
@@ -161,12 +173,12 @@ module Aws
 
       if options[:block] || do_delete
         wait_for 'the interface to detach', interval: 0.3 do
-          !device.exists? && interface_status(interface[:network_interface_id]) == 'available'
+          !device.exists? && !Client.interface_attached(interface[:network_interface_id])
         end
       end
-      client.delete_network_interface(network_interface_id: interface[:network_interface_id]) if do_delete
+      Client.delete_network_interface(network_interface_id: interface[:network_interface_id]) if do_delete
       {
-        interface_id:  interface_id,
+        interface_id:  interface[:network_interface_id],
         device_name:   device.name,
         device_number: device.device_number,
         created_by_us: created_by_us,
@@ -196,14 +208,14 @@ module Aws
         when /^#{environment[:region]}[a-z]$/
           filters << { name: 'availability-zone', values: [filter] }
         else
-          raise InvalidParameterError, "Unknown resource filter: #{filter}"
+          raise Errors::InvalidInput, "Unknown interface attribute: #{filter}"
         end
       end
       if safe_mode
         filters << { name: 'tag:created by', values: [owner_tag] }
       end
 
-      descriptions = client.describe_network_interfaces(filters: filters)
+      descriptions = Client.describe_network_interfaces(filters: filters)
       interfaces = descriptions[:network_interfaces].select do |interface|
         created_recently = interface.tag_set.any? do |tag|
           begin
@@ -221,7 +233,7 @@ module Aws
               dissociate_elastic_ip(assoc[:allocation_id], release: true) if do_release
             end
           end
-          client.delete_network_interface(network_interface_id: interface[:network_interface_id])
+          Client.delete_network_interface(network_interface_id: interface[:network_interface_id])
           true
         end
       end
@@ -235,37 +247,37 @@ module Aws
 
     # add new private ip using the AWS api and add it to our local ip config
     def assign_secondary_ip(id, options = {})
-      device = IFconfig[id].assert(
+      device = Interface[id].assert(
         exists: true,
         device_name:   options[:device_name],
         interface_id:  options[:interface_id],
         device_number: options[:device_number]
       )
       interface_id = device.interface_id
-      current_ips = interface_ips(interface_id)
+      current_ips = Client.interface_private_ips(interface_id)
       new_ip = options[:private_ip]
 
       if new_ip
         if current_ips.include?(new_ip)
-          raise InvalidParameterError, "IP #{new_ip} already assigned to #{device.name}"
+          raise Errors::ClientOperationError, "IP #{new_ip} already assigned to #{device.name}"
         end
-        client.assign_private_ip_addresses(
+        Client.assign_private_ip_addresses(
           network_interface_id: interface_id,
           private_ip_addresses: [new_ip],
           allow_reassignment: false
         )
         wait_for 'private ip address to be assigned' do
-          interface_ips(interface_id).include?(new_ip) ||
+          Client.interface_private_ips(interface_id).include?(new_ip) ||
           device.local_ips.include?(new_ip)
         end
       else
-        client.assign_private_ip_addresses(
+        Client.assign_private_ip_addresses(
           network_interface_id: interface_id,
           secondary_private_ip_address_count: 1,
           allow_reassignment: false
         )
         wait_for 'new private ip address to be assigned' do
-          new_ips = interface_ips(interface_id) - current_ips
+          new_ips = Client.interface_private_ips(interface_id) - current_ips
           new_ips = device.local_ips - current_ips if new_ips.empty?
           new_ip = new_ips.first if new_ips
         end
@@ -273,8 +285,8 @@ module Aws
 
       unless options[:configure] == false
         device.add_alias(new_ip)
-        if options[:block] && !IFconfig.test(new_ip, target: device.gateway)
-          raise TimeoutError, "Timed out waiting for ip address to become active"
+        if options[:block] && !Interface.test(new_ip, target: device.gateway)
+          raise Errors::TimeoutError, 'Timed out waiting for IP address to become active'
         end
       end
       {
@@ -291,22 +303,20 @@ module Aws
       do_release = !!options[:release]
 
       find = options[:device_name] || options[:device_number] || options[:interface_id] || private_ip
-      device = IFconfig[find].assert(
+      device = Interface[find].assert(
         exists: true,
         device_name:   options[:device_name],
         interface_id:  options[:interface_id],
         device_number: options[:device_number]
       )
 
-      resp = client.describe_network_interfaces(network_interface_ids: [device.interface_id])
-      interface = resp[:network_interfaces].first
-      raise UnknownInterfaceError, "Interface attachment could not be located" unless interface
+      interface = Client.describe_interface(device.interface_id)
 
       unless addr_info = interface[:private_ip_addresses].find { |addr| addr[:private_ip_address] == private_ip }
-        raise InvalidParameterError, "IP #{private_ip} not found on #{device.name}"
+        raise Errors::ClientOperationError, "IP #{private_ip} not found on #{device.name}"
       end
       if addr_info[:primary]
-        raise InvalidParameterError, "The primary IP address of an interface cannot be unassigned"
+        raise Errors::ClientOperationError, 'The primary IP address of an interface cannot be unassigned'
       end
 
       if assoc = addr_info[:association]
@@ -314,7 +324,7 @@ module Aws
       end
 
       device.remove_alias(private_ip)
-      client.unassign_private_ip_addresses(
+      Client.unassign_private_ip_addresses(
         network_interface_id: interface[:network_interface_id],
         private_ip_addresses: [private_ip]
       )
@@ -331,10 +341,10 @@ module Aws
 
     # associate a private ip with an elastic ip through the AWS api
     def associate_elastic_ip(private_ip, options = {})
-      raise MissingParameterError, "You must specify a private ip address" unless private_ip
+      raise Errors::MissingInput, 'You must specify a private IP address' unless private_ip
 
       find = options[:device_name] || options[:device_number] || options[:interface_id] || private_ip
-      device = IFconfig[find].assert(
+      device = Interface[find].assert(
         exists: true,
         private_ip:    private_ip,
         device_name:   options[:device_name],
@@ -344,27 +354,27 @@ module Aws
       options[:public_ip] ||= options[:allocation_id]
 
       if public_ip = device.public_ips[private_ip]
-        raise InvalidParameterError, "IP #{private_ip} already has an associated EIP (#{public_ip})"
+        raise Errors::ClientOperationError, "IP #{private_ip} already has an associated EIP (#{public_ip})"
       end
 
       if options[:public_ip]
-        eip = describe_address(options[:public_ip])
+        eip = Client.describe_address(options[:public_ip])
         if options[:allocation_id] && eip[:allocation_id] != options[:allocation_id]
-          raise InvalidParameterError, "EIP #{eip[:public_ip]} (#{eip[:allocation_id]}) does not match #{options[:allocation_id]}"
+          raise Errors::InvalidAddress, "EIP #{eip[:public_ip]} (#{eip[:allocation_id]}) does not match #{options[:allocation_id]}"
         end
       else
         eip = allocate_elastic_ip
       end
 
-      resp = client.associate_address(
+      resp = Client.associate_address(
         network_interface_id: device.interface_id,
         allocation_id:        eip[:allocation_id],
         private_ip_address:   private_ip,
         allow_reassociation:  false
       )
 
-      if options[:block] && !IFconfig.test(private_ip)
-        raise TimeoutError, "Timed out waiting for ip address to become active"
+      if options[:block] && !Interface.test(private_ip)
+        raise Errors::TimeoutError, 'Timed out waiting for ip address to become active'
       end
       {
         private_ip:     private_ip,
@@ -383,7 +393,7 @@ module Aws
 
       # assert device attributes if we've specified a device
       if find = options[:device_name] || options[:device_number]
-        device = IFconfig[find].assert(
+        device = Interface[find].assert(
           device_name:   options[:device_name],
           device_number: options[:device_number],
           interface_id:  options[:interface_id],
@@ -393,36 +403,36 @@ module Aws
       end
 
       # get our address info
-      eip = describe_address(address)
-      device ||= IFconfig.find { |dev| dev.interface_id == eip[:network_interface_id] }
+      eip = Client.describe_address(address)
+      device ||= Interface.find { |dev| dev.interface_id == eip[:network_interface_id] }
 
       # assert eip attributes if options provided
       if options[:private_ip] && eip[:private_ip_address] != options[:private_ip]
-        raise InvalidParameterError, "#{address} is not associated with IP #{options[:private_ip]}"
+        raise Errors::InvalidAddress, "#{address} is not associated with IP #{options[:private_ip]}"
       end
       if options[:public_ip] && eip[:public_ip] != options[:public_ip]
-        raise InvalidParameterError, "#{address} is not associated with public IP #{options[:public_ip]}"
+        raise Errors::InvalidAddress, "#{address} is not associated with public IP #{options[:public_ip]}"
       end
       if options[:allocation_id] && eip[:allocation_id] != options[:allocation_id]
-        raise InvalidParameterError, "#{address} is not associated with allocation ID #{options[:allocation_id]}"
+        raise Errors::InvalidAddress, "#{address} is not associated with allocation ID #{options[:allocation_id]}"
       end
       if options[:association_id] && eip[:association_id] != options[:association_id]
-        raise InvalidParameterError, "#{address} is not associated with association ID #{options[:association_id]}"
+        raise Errors::InvalidAddress, "#{address} is not associated with association ID #{options[:association_id]}"
       end
       if options[:interface_id] && eip[:network_interface_id] != options[:interface_id]
-        raise InvalidParameterError, "#{address} is not associated with interface ID #{options[:interface_id]}"
+        raise Errors::InvalidAddress, "#{address} is not associated with interface ID #{options[:interface_id]}"
       end
 
       if device
         if device.name == 'eth0' && device.local_ips.first == eip[:private_ip_address]
-          raise InvalidParameterError, "For safety, a public address cannot be dissociated from the primary IP on eth0"
+          raise Errors::ClientOperationError, 'For safety, a public address cannot be dissociated from the primary IP on eth0'
         end
-      elsif interface_status(eip[:network_interface_id]) != 'available'
-        raise InvalidParameterError, "#{address} is associated with an interface attached to another machine"
+      elsif Client.interface_attached(eip[:network_interface_id])
+        raise Errors::ClientOperationError, "#{address} is associated with an interface attached to another machine"
       end
 
-      client.disassociate_address(association_id: eip[:association_id])
-      client.release_address(allocation_id: eip[:allocation_id]) if do_release
+      Client.disassociate_address(association_id: eip[:association_id])
+      Client.release_address(allocation_id: eip[:allocation_id]) if do_release
       {
         private_ip:     eip[:private_ip_address],
         device_name:    device && device.name,
@@ -436,7 +446,7 @@ module Aws
 
     # allocate a new elastic ip address
     def allocate_elastic_ip
-      eip = client.allocate_address(domain: 'vpc')
+      eip = Client.allocate_address(domain: 'vpc')
       {
         public_ip:     eip[:public_ip],
         allocation_id: eip[:allocation_id]
@@ -445,127 +455,41 @@ module Aws
 
     # release the specified elastic ip address
     def release_elastic_ip(ip)
-      eip = describe_address(ip)
+      eip = Client.describe_address(ip)
       if eip[:association_id]
-        raise AWSPermissionError, "Elastic IP #{eip[:public_ip]} (#{eip[:allocation_id]}) is currently in use"
+        raise Errors::ClientOperationError, "Elastic IP #{eip[:public_ip]} (#{eip[:allocation_id]}) is currently in use"
       end
-      client.release_address(allocation_id: eip[:allocation_id])
+      Client.release_address(allocation_id: eip[:allocation_id])
       {
         public_ip:     eip[:public_ip],
         allocation_id: eip[:allocation_id]
       }
     end
 
-    # test whether we have permission to modify our local configuration
-    def can_modify_ifconfig?
-      IFconfig.mutable?
+    # test whether we have permission to modify our machine's interface configuration
+    def has_interface_access?
+      Interface.mutable?
     end
 
-    def assert_ifconfig_access
-      raise PermissionError, 'Insufficient user priveleges (try sudo)' unless can_modify_ifconfig?
+    # throw exception if we cannot modify our machine's interface configuration
+    def assert_interface_access
+      raise Errors::InterfacePermissionError, 'Insufficient user priveleges to configure network interfaces' unless has_interface_access?
     end
 
-    # test whether we have the appropriate permissions within our AWS access
-    # credentials to perform all possible API calls
-    def can_access_ec2?
-      client = self.client
-      test_methods = {
-        describe_network_interfaces: nil,
-        create_network_interface: {
-          subnet_id: 'subnet-abcd1234'
-        },
-        attach_network_interface: {
-          network_interface_id: 'eni-abcd1234',
-          instance_id: 'i-abcd1234',
-          device_index: 0
-        },
-        detach_network_interface: {
-          attachment_id: 'eni-attach-abcd1234'
-        },
-        delete_network_interface: {
-          network_interface_id: 'eni-abcd1234'
-        },
-        create_tags: {
-          resources: ['eni-abcd1234'],
-          tags: []
-        },
-        describe_addresses: nil,
-        allocate_address: nil,
-        release_address: {
-          dry_run: true,
-          allocation_id: 'eipalloc-no_exist'
-        },
-        associate_address: {
-          allocation_id: 'eipalloc-no_exist',
-          network_interface_id: 'eni-abcd1234'
-        }
-        # has no dry_run method
-        # assign_private_ip_addresses: {
-        #   network_interface_id: 'eni-abcd1234'
-        # }
-      }
-      test_methods.each do |method, params|
-        begin
-          params ||= {}
-          params[:dry_run] = true
-          client.public_send(method, params)
-          raise Error, "Unexpected behavior while testing AWS API access"
-        rescue Aws::EC2::Errors::DryRunOperation
-          # success
-        rescue Aws::EC2::Errors::InvalidAllocationIDNotFound
-          # release_address does not properly support dry_run
-        rescue Aws::EC2::Errors::UnauthorizedOperation
-          return false
-        end
-      end
-      true
+    # test whether we have permission to perform all necessary EC2 operations
+    # within our given AWS access credentials
+    def has_client_access?
+      Client.has_access?
     end
 
-    def assert_ec2_access
-      raise AWSPermissionError, 'Insufficient AWS API access' unless can_access_ec2?
+    # throw exception if we do not have permissions to perform all needed EC2
+    # operations with our given AWS credentials
+    def assert_client_access
+      raise Errors::ClientPermissionError, 'Insufficient access to EC2 operations for network interface modification' unless has_client_access?
     end
 
     private
 
-    # use either an ip address or allocation id
-    def describe_address(address)
-      filter_by = case address
-        when /^eipalloc-/
-          'allocation-id'
-        when /^eipassoc-/
-          'association-id'
-        else
-          if IPAddr.new(environment[:vpc_cidr]) === IPAddr.new(address)
-            'private-ip-address'
-          else
-            'public-ip'
-          end
-        end
-      resp = client.describe_addresses(filters: [
-        { name: 'domain', values: ['vpc'] },
-        { name: filter_by, values: [address] }
-      ])
-      raise InvalidParameterError, "IP #{address} could not be located" if resp[:addresses].empty?
-      resp[:addresses].first
-    end
-
-    def interface_ips(id)
-      resp = client.describe_network_interfaces(network_interface_ids: [id])
-      interface = resp[:network_interfaces].first
-      if interface && interface[:private_ip_addresses]
-        primary = interface[:private_ip_addresses].find { |ip| ip[:primary] }
-        interface[:private_ip_addresses].map { |ip| ip[:private_ip_address] }.tap do |ips|
-          # ensure primary ip is first in the list
-          ips.unshift(*ips.delete(primary[:private_ip_address])) if primary
-        end
-      end
-    end
-
-    def interface_status(id)
-      resp = client.describe_network_interfaces(network_interface_ids: [id])
-      resp[:network_interfaces].first[:status] unless resp[:network_interfaces].empty?
-    end
-
     def wait_for(task, options = {}, &block)
       errors = [*options[:rescue]]
       timeout = options[:timeout] || self.timeout
@@ -574,13 +498,12 @@ module Aws
       until timeout < 0
         begin
           break if block.call
-        rescue Exception => e
-          raise unless errors.any? { |error| error === e }
+        rescue *errors => e
         end
         sleep interval
         timeout -= interval
       end
-      raise TimeoutError, "Timed out waiting for #{task}" unless timeout > 0
+      raise Errors::TimeoutError, "Timed out waiting for #{task}" unless timeout > 0
     end
   end
 end

data/lib/aws-eni/client.rb

@@ -0,0 +1,152 @@
+require 'aws-sdk'
+require 'aws-eni/errors'
+require 'aws-eni/meta'
+
+module Aws
+  module ENI
+    module Client
+      extend self
+
+      # determine the region from instance metadata
+      def region
+        Meta.instance('placement/availability-zone').sub(/^(.*)[a-z]$/,'\1')
+      rescue Errors::MetaConnectionFailed
+        raise Errors::EnvironmentError, 'Unable to load EC2 meta-data'
+      end
+
+      # determine the vpc cidr block from instance metadata
+      def vpc_cidr
+        hwaddr = Meta.instance('network/interfaces/macs/').lines.first.strip.chomp('/')
+        Meta.interface(hwaddr, 'vpc-ipv4-cidr-block')
+      rescue Errors::MetaConnectionFailed, Errors::MetaNotFound
+        raise Errors::EnvironmentError, 'Unable to load EC2 meta-data'
+      end
+
+      # lazy-load our ec2 client
+      def client
+        @client ||= EC2::Client.new(region: region)
+      rescue StandardError => e
+        raise Errors::EnvironmentError, 'Unable to initialize EC2 client'
+      end
+
+      # pass along method calls to our lazy-loaded api client
+      def method_missing(method, *args)
+        client.public_send(method, *args)
+      rescue EC2::Errors::UnauthorizedOperation => e
+        raise Errors::ClientPermissionError, "Operation not permitted: #{e.message}"
+      rescue EC2::Errors::ServiceError => e
+        error = e.class.to_s.gsub(/^.*::/, '')
+        raise Errors::ClientOperationError, "EC2 service error (#{error}: #{e.message})"
+      end
+
+      # retrieve a single interface resource
+      def describe_interface(id)
+        resp = describe_network_interfaces(network_interface_ids: [id])
+        raise Errors::UnknownInterface, "Interface #{id} could not be located" if resp[:network_interfaces].empty?
+        resp[:network_interfaces].first
+      end
+
+      # retrieve a single address resource by public ip, associated private ip,
+      # allocation id, or association id
+      def describe_address(address)
+        filter_by = case address
+          when /^eipalloc-/
+            'allocation-id'
+          when /^eipassoc-/
+            'association-id'
+          else
+            if IPAddr.new(vpc_cidr) === IPAddr.new(address)
+              'private-ip-address'
+            else
+              'public-ip'
+            end
+          end
+        resp = describe_addresses(filters: [
+          { name: 'domain', values: ['vpc'] },
+          { name: filter_by, values: [address] }
+        ])
+        raise Errors::UnknownAddress, "IP #{address} could not be located" if resp[:addresses].empty?
+        resp[:addresses].first
+      end
+
+      # retrieve an array of private ips associated with the given interface
+      def interface_private_ips(id)
+        interface = describe_interface(id)
+        if interface[:private_ip_addresses]
+          primary = interface[:private_ip_addresses].find { |ip| ip[:primary] }
+          interface[:private_ip_addresses].map { |ip| ip[:private_ip_address] }.tap do |ips|
+            # ensure primary ip is first in the list
+            ips.unshift(*ips.delete(primary[:private_ip_address])) if primary
+          end
+        end
+      end
+
+      # determine whether a given interface is attached or free
+      def interface_attached(id)
+        describe_interface(id)[:status] == 'in-use'
+      end
+
+      # test whether we have the appropriate permissions within our AWS access
+      # credentials to perform all possible API calls
+      def has_access?
+        test_methods = {
+          describe_network_interfaces: {},
+          create_network_interface: {
+            subnet_id: 'subnet-abcd1234'
+          },
+          attach_network_interface: {
+            network_interface_id: 'eni-abcd1234',
+            instance_id: 'i-abcd1234',
+            device_index: 0
+          },
+          detach_network_interface: {
+            attachment_id: 'eni-attach-abcd1234'
+          },
+          delete_network_interface: {
+            network_interface_id: 'eni-abcd1234'
+          },
+          create_tags: {
+            resources: ['eni-abcd1234'],
+            tags: []
+          },
+          describe_addresses: {},
+          allocate_address: {},
+          release_address: {
+            allocation_id: 'eipalloc-abcd1234'
+          },
+          associate_address: {
+            allocation_id: 'eipalloc-abcd1234',
+            network_interface_id: 'eni-abcd1234'
+          },
+          disassociate_address: {
+            association_id: 'eipassoc-abcd1234'
+          }
+          # these have no dry_run method
+          # assign_private_ip_addresses: {
+          #   network_interface_id: 'eni-abcd1234'
+          # }
+          # unassign_private_ip_addresses: {
+          #   network_interface_id: 'eni-abcd1234',
+          #   private_ip_addresses: ['0.0.0.0']
+          # }
+        }
+        test_methods.all? do |method, params|
+          begin
+            client.public_send(method, params.merge(dry_run: true))
+          rescue EC2::Errors::DryRunOperation
+            true
+          rescue EC2::Errors::InvalidAllocationIDNotFound
+            # release_address does not properly support dry_run
+            true
+          rescue EC2::Errors::UnauthorizedOperation
+            false
+          rescue
+            raise Errors::ClientOperationError, 'Unexpected behavior while testing EC2 client permissions'
+          else
+            raise Errors::ClientOperationError, 'Unexpected behavior while testing EC2 client permissions'
+          end
+        end
+      end
+    end
+  end
+end

data/lib/aws-eni/errors.rb

@@ -1,16 +1,29 @@
-
 module Aws
   module ENI
-    class Error < RuntimeError; end
-    class TimeoutError < Error; end
-    class MissingParameterError < Error; end
-    class InvalidParameterError < Error; end
-    class UnknownInterfaceError < Error; end
-    class EnvironmentError < Error; end
-    class CommandError < Error; end
-    class PermissionError < CommandError; end
-    class AWSPermissionError < Error; end
-    class BadResponse < Error; end
-    class ConnectionFailed < Error; end
+    module Errors
+      class ServiceError < RuntimeError; end
+
+      class EnvironmentError < ServiceError; end
+
+      class MetaNotFound < ServiceError; end
+      class MetaBadResponse < ServiceError; end
+      class MetaConnectionFailed < ServiceError; end
+
+      class InterfaceOperationError < ServiceError; end
+      class InterfacePermissionError < InterfaceOperationError; end
+
+      class ClientOperationError < ServiceError; end
+      class ClientPermissionError < ClientOperationError; end
+
+      class MissingInput < ServiceError; end
+      class InvalidInput < ServiceError; end
+      class TimeoutError < ServiceError; end
+
+      class UnknownInterface < ServiceError; end
+      class InvalidInterface < ServiceError; end
+
+      class UnknownAddress < ServiceError; end
+      class InvalidAddress < ServiceError; end
+    end
   end
 end

data/lib/aws-eni/{ifconfig.rb → interface.rb}

@@ -4,7 +4,7 @@ require 'aws-eni/errors'
 
 module Aws
   module ENI
-    class IFconfig
+    class Interface
 
       class << self
         include Enumerable
@@ -28,7 +28,7 @@ module Aws
           when /^[0-9\.]+$/
             find { |dev| dev.has_ip?(index) }
           end.tap do |dev|
-            raise UnknownInterfaceError, "No interface found matching #{index}" unless dev
+            raise Errors::UnknownInterface, "No interface found matching #{index}" unless dev
           end
         end
 
@@ -76,11 +76,11 @@ module Aws
           when nil
             to_a
           when /^eni-/, /^eth[0-9]+$/, /^[0-9a-f:]+$/i, /^[0-9\.]+$/
-            self[filter].to_a
+            [*self[filter]]
           when /^subnet-/
             select { |dev| dev.subnet_id == filter }
           end.tap do |devs|
-            raise UnknownInterfaceError, "No interface found matching #{filter}" if devs.nil? || devs.empty?
+            raise Errors::UnknownInterface, "No interface found matching #{filter}" if devs.nil? || devs.empty?
           end
         end
 
@@ -88,7 +88,7 @@ module Aws
         def mutable?
           cmd('link set dev eth0') # innocuous command
           true
-        rescue PermissionError
+        rescue Errors::InterfacePermissionError
           false
         end
 
@@ -98,10 +98,10 @@ module Aws
           options[:errors] = true
           begin
             exec("/sbin/ip #{command}", options)
-          rescue CommandError => e
+          rescue Errors::InterfaceOperationError => e
             case e.message
             when /operation not permitted/i
-              raise PermissionError, "Operation not permitted"
+              raise Errors::InterfacePermissionError, "Operation not permitted"
             else
               raise if errors
             end
@@ -128,7 +128,7 @@ module Aws
             else
               error = e.read
               warn "Warning: #{error}" if verbose
-              raise CommandError, error if errors
+              raise Errors::InterfaceOperationError, error if errors
             end
           end
           output
@@ -139,7 +139,7 @@ module Aws
 
       def initialize(name, auto_config = true)
         unless name =~ /^eth([0-9]+)$/
-          raise UnknownInterfaceError, "Invalid interface: #{name}"
+          raise Errors::InvalidInterface, "Invalid interface: #{name}"
         end
         @name = name
         @device_number = $1.to_i
@@ -153,7 +153,7 @@ module Aws
           exists? && IO.read("/sys/class/net/#{name}/address").strip
         rescue Errno::ENOENT
         end.tap do |address|
-          raise UnknownInterfaceError, "Unknown interface: #{name}" unless address
+          raise Errors::UnknownInterface, "Interface #{name} not found on this machine" unless address
         end
       end
 
@@ -167,15 +167,14 @@ module Aws
       # Validate and return basic interface metadata
       def info
         hwaddr = self.hwaddr
-        unless @meta_cache && hwaddr == @meta_cache[:hwaddr]
-          dev_path = "network/interfaces/macs/#{hwaddr}"
-          Meta.open_connection do |conn|
-            raise BadResponse unless Meta.http_get(conn, "#{dev_path}/")
-            @meta_cache = {
-              hwaddr: hwaddr,
-              interface_id: Meta.http_get(conn, "#{dev_path}/interface-id"),
-              subnet_id:    Meta.http_get(conn, "#{dev_path}/subnet-id"),
-              subnet_cidr:  Meta.http_get(conn, "#{dev_path}/subnet-ipv4-cidr-block")
+        unless @meta_cache && @meta_cache[:hwaddr] == hwaddr
+          @meta_cache = Meta.connection do
+            raise MetaBadResponse unless Meta.interface(hwaddr, '')
+            {
+              hwaddr:       hwaddr,
+              interface_id: Meta.interface(hwaddr, 'interface-id'),
+              subnet_id:    Meta.interface(hwaddr, 'subnet-id'),
+              subnet_cidr:  Meta.interface(hwaddr, 'subnet-ipv4-cidr-block')
             }.freeze
           end
         end
@@ -210,17 +209,15 @@ module Aws
       end
 
       def public_ips
-        ip_assoc = {}
-        dev_path = "network/interfaces/macs/#{hwaddr}"
-        Meta.open_connection do |conn|
-          # return an array of configured ip addresses (primary + secondary)
-          Meta.http_get(conn, "#{dev_path}/ipv4-associations/").to_s.each_line do |public_ip|
-            public_ip.strip!
-            local_ip = Meta.http_get(conn, "#{dev_path}/ipv4-associations/#{public_ip}")
-            ip_assoc[local_ip] = public_ip
+        hwaddr = self.hwaddr
+        Hash[
+          Meta.connection do
+            Meta.interface(hwaddr, 'ipv4-associations/', not_found: '', cache: false).lines.map do |public_ip|
+              public_ip.strip!
+              [ Meta.interface(hwaddr, "ipv4-associations/#{public_ip}", cache: false), public_ip ]
+            end
           end
-        end
-        ip_assoc
+        ]
       end
 
       # Enable our interface and create necessary routes
@@ -245,7 +242,7 @@ module Aws
         changes = 0
         prefix = self.prefix # prevent exists? check on each use
 
-        meta_ips = Meta.get("network/interfaces/macs/#{hwaddr}/local-ipv4s").lines.map(&:strip)
+        meta_ips = Meta.interface(hwaddr, 'local-ipv4s', cache: false).lines.map(&:strip)
         local_primary, *local_aliases = local_ips
         meta_primary, *meta_aliases = meta_ips
 
@@ -364,14 +361,14 @@ module Aws
             when :ip, :has_ip
               "Interface #{name} does not have IP #{val}" unless has_ip? val
             when :public_ip
-              "Interface #{name} does not have private IP #{val}" unless public_ips.include? val
+              "Interface #{name} does not have public IP #{val}" unless public_ips.has_value? val
             when :local_ip, :private_ip
               "Interface #{name} does not have private IP #{val}" unless local_ips.include? val
             else
               "Unknown attribute: #{attr}"
             end
         end
-        raise UnknownInterfaceError, error if error
+        raise Errors::UnknownInterface, error if error
         self
       end
 

data/lib/aws-eni/meta.rb

@@ -6,42 +6,64 @@ module Aws
   module ENI
     module Meta
 
-      # EC2 instance meta-data connection settings
-      HOST = '169.254.169.254'
-      PORT = '80'
-      BASE = '/latest/meta-data/'
-
       # These are the errors we trap when attempting to talk to the instance
-      # metadata service.  Any of these imply the service is not present, no
+      # metadata service.  Any of these imply the service is not present, not
       # responding or some other non-recoverable error.
       FAILURES = [
         Errno::EHOSTUNREACH,
         Errno::ECONNREFUSED,
         Errno::EHOSTDOWN,
         Errno::ENETUNREACH,
-        SocketError,
         Timeout::Error,
-        BadResponse,
+        SocketError,
+        Errors::MetaBadResponse,
       ]
 
-      # Open connection and run a single GET request on the instance metadata
-      # endpoint. Same options as open_connection.
+      # Perform a GET request on an open HTTP connection to the EC2 instance
+      # meta-data and return the body of any 200 response.
       def self.get(path, options = {})
-        open_connection options do |conn|
-          http_get(conn, path)
+        @cache ||= {}
+        if @cache[path] && options[:cache] != false
+          @cache[path]
+        else
+          connection(options) do |http|
+            response = http.request(Net::HTTP::Get.new(path))
+            case response.code.to_i
+            when 200
+              @cache[path] = response.body
+            when 404
+              raise Errors::MetaNotFound unless options[:not_found]
+              options[:not_found]
+            else
+              raise Errors::MetaBadResponse
+            end
+          end
         end
       end
 
+      # Perform a GET request on the instance metadata and return the body of
+      # any 200 response.
+      def self.instance(path, options = {})
+        get("/latest/meta-data/#{path}", options)
+      end
+
+      # Perform a GET request on the interface metadata and return the body of
+      # any 200 response.
+      def self.interface(hwaddr, path, options = {})
+        instance("network/interfaces/macs/#{hwaddr}/#{path}", options)
+      end
+
       # Open a connection and attempt to execute the block `retries` times.
       # Can specify open and read timeouts in addition to the number of retries.
-      def self.open_connection(options = {})
+      def self.connection(options = {})
+        return yield(@open_connection) if @open_connection
         retries = options[:retries] || 5
         failed_attempts = 0
         begin
-          http = Net::HTTP.new(HOST, PORT, nil)
+          http = Net::HTTP.new('169.254.169.254', '80', nil)
           http.open_timeout = options[:open_timeout] || 5
           http.read_timeout = options[:read_timeout] || 5
-          http.start
+          @open_connection = http.start
           yield(http).tap { http.finish }
         rescue *FAILURES => e
           if failed_attempts < retries
@@ -50,22 +72,10 @@ module Aws
             failed_attempts += 1
             retry
           else
-            raise ConnectionFailed, "Connection failed after #{retries} retries."
+            raise Errors::MetaConnectionFailed, "EC2 Metadata request failed after #{retries} retries."
           end
-        end
-      end
-
-      # Perform a GET request on an open connection to the instance metadata
-      # endpoint and return the body of any 200 response.
-      def self.http_get(connection, path)
-        response = connection.request(Net::HTTP::Get.new(BASE + path))
-        case response.code.to_i
-        when 200
-          response.body
-        when 404
-          nil
-        else
-          raise BadResponse
+        ensure
+          @open_connection = nil
         end
       end
     end

data/lib/aws-eni/version.rb

@@ -1,5 +1,5 @@
 module Aws
   module ENI
-    VERSION = "0.2.1"
+    VERSION = "0.2.2"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-eni
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors:
 - Mike Greiling
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-05-02 00:00:00.000000000 Z
+date: 2015-05-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gli
@@ -83,8 +83,9 @@ files:
 - aws-eni.gemspec
 - bin/aws-eni
 - lib/aws-eni.rb
+- lib/aws-eni/client.rb
 - lib/aws-eni/errors.rb
-- lib/aws-eni/ifconfig.rb
+- lib/aws-eni/interface.rb
 - lib/aws-eni/meta.rb
 - lib/aws-eni/version.rb
 homepage: http://pixelcog.com/