aws-eni 0.2.2 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 31f890a936163bc23d0c7bec943936be043fda58
-  data.tar.gz: 4e5d5ac127109e761af68f26ce33caff51a00121
+  metadata.gz: f19e4e251a90092251316683eb8f3562300422e5
+  data.tar.gz: eb37b04707d8d8817fd247a3d440bc44d310dae2
 SHA512:
-  metadata.gz: f71962db0b6c220aef90fbc6cf3c4c57d2100b90177e7a34f2a33fd78f5c67bd262c2b373269f70299c325d0a5aef1891f5a79cf0a222580ca720290957f69ea
-  data.tar.gz: 62990ff085b4609f33745d40571ec86ba3ef1b00cc568a84ba8eea2c0b5f3534d90a7960a96d673f6b77b73c0ab38a22aff9fbeb9e56cb1d58467833d0f46d2f
+  metadata.gz: 56f2fca8525b755a14d3a78d654bdb5e148e593e53ba74bf193ad57e18ba25955ef5a8697ab2fc83184c6e5c43a3e3c67e80bedeb268884f2fe1c6af7e255497
+  data.tar.gz: ae0239c63b23e14433074b71afad75f0ceda79954d5aa5adacbae4f9fcc559d577fe1280029aedf8da181777e4d11e113153cc413598926db8dedb9d3108e5ac

data/bin/aws-eni

@@ -11,7 +11,7 @@ program_desc 'Manage and sync local network config with AWS Elastic Network Inte
 @version = Aws::ENI::VERSION
 
 autocomplete_commands true
-subcommand_option_handling :normal
+subcommand_option_handling :legacy
 arguments :loose
 sort_help :manually
 
@@ -65,13 +65,13 @@ def parse_args(args, *accept)
           help_now! "You may only specify one private IP address." if params[:private_ip]
           params[:private_ip] = arg
         else
-          help_now! "Invalid IP address: #{arg}"
+          help_now! "Invalid argument: #{arg}"
         end
       elsif accept.include?(:public_ip)
         help_now! "You may only specify one public IP address." if params[:public_ip]
         params[:public_ip] = arg
       else
-        help_now! "Invalid IP address: #{arg}"
+        help_now! "Invalid argument: #{arg}"
       end
     else
       help_now! "Invalid argument: #{arg}"
@@ -82,6 +82,8 @@ end
 
 # commands
 
+default_command :list
+
 desc 'List current interface configuration'
 long_desc %{
   List information about a set of interfaces including interface ID, interface
@@ -230,14 +232,15 @@ arg 'subnet-id', :optional
 arg 'security-groups', :optional
 arg 'ip-address', :optional
 command [:attach] do |c|
-  c.desc 'Do not configure or enable the device after attachment (implies block)'
-  c.switch [:n,:noconfig], negatable: false
+  c.desc 'Do not configure and enable the device after attachment'
+  c.switch [:noconfig], negatable: false
 
-  c.desc 'Do not return until attachment is complete'
-  c.switch [:b,:block], negatable: false
+  c.desc 'Do not wait for attachment to complete (implies noconfig)'
+  c.switch [:n,:noblock], negatable: false
 
   c.action do |global,opts,args|
-    config = !opts[:noconfig]
+    block = !opts[:noblock]
+    config = block && !opts[:noconfig]
     if args.first =~ /^eni-/
       help_now! 'Too many arguments' if args.count > 1
       id = args.first
@@ -251,7 +254,7 @@ command [:attach] do |c|
       new_interface = true
     end
     begin
-      device = Aws::ENI.attach_interface(id, enable: config, configure: config, block: opts[:block])
+      device = Aws::ENI.attach_interface(id, enable: config, configure: config, block: block)
     rescue Aws::ENI::Errors::ClientOperationError => e
       warn e.message
       if new_interface && Aws::ENI.clean_interfaces(id, safe_mode: false)
@@ -276,20 +279,25 @@ long_desc %{
 }
 arg 'interface-id OR device-name'
 command [:detach] do |c|
-  c.desc 'Delete (or preserve) the unused ENI resource after dataching (implies block)'
-  c.switch [:d,:delete], default_value: :not_provided # GLI behavior workaround
+  c.desc 'Delete the unused ENI resource after dataching (implies block)'
+  c.switch [:d,:delete], negatable: false
+
+  c.desc 'Do not delete the unused ENI resource after dataching'
+  c.switch [:p,:preserve], negatable: false
 
   c.desc 'Release any associated public IP addresses'
   c.switch [:r,:release], negatable: false
 
-  c.desc 'Do not return until detachment is complete'
-  c.switch [:b,:block], negatable: false
+  c.desc 'Do not wait until detachment is complete'
+  c.switch [:n,:noblock], negatable: false
 
   c.action do |global,opts,args|
     help_now! "Missing argument" if args.empty?
+    help_now! "--delete and --preserve flags cannot be used together" if opts[:delete] && opts[:preserve]
     params = parse_args args, :interface_id, :device_name
-    params[:block] = opts[:block]
-    params[:delete] = opts[:delete] unless opts[:delete] == :not_provided
+    params[:block] = !opts[:noblock]
+    params[:delete] = true if opts[:delete]
+    params[:delete] = false if opts[:preserve]
     params[:release] = opts[:release]
     id = params[:device_name] || params[:interface_id]
 
@@ -357,18 +365,18 @@ long_desc %{
 arg 'ip-address', :optional
 arg 'interface-id OR device-name'
 command [:assign] do |c|
-  c.desc 'Do not configure the interface after assignment'
-  c.switch [:n,:noconfig], negatable: false
+  c.desc 'Do not configure the interface after assignment (implies noblock)'
+  c.switch [:noconfig], negatable: false
 
-  c.desc 'Do not return until connection is verified'
-  c.switch [:b,:block], negatable: false
+  c.desc 'Do not wait for the connection to be verified'
+  c.switch [:n,:noblock], negatable: false
 
   c.action do |global,opts,args|
     params = parse_args args, :interface_id, :device_name, :private_ip
     device = params[:device_name] || params[:interface_id]
     help_now! "Missing argument" if device.nil?
 
-    params.merge! configure: !opts[:noconfig], block: opts[:block]
+    params.merge! configure: !opts[:noconfig], block: !opts[:noblock] && !opts[:noconfig]
     Aws::ENI.assert_interface_access if params[:configure]
 
     assignment = Aws::ENI.assign_secondary_ip(device, params)
@@ -409,11 +417,15 @@ desc 'Associate a public IP address with a private IP address'
 long_desc %{
   Associate a private IP address with a new or existing public IP address.
 
-  If no public IP or allocation ID is provided, a new Elastic IP Address will be
-  allocated and used.
+  If no public IP or allocation ID is provided, an IP address will be selected
+  from among the unattached Elastic IP addresses available on tha account. If
+  no EIP is available, a new Elastic IP Address will be allocated and used.
 
-  If no interface ID or device name provided, it will be inferred from the ip
-  address.
+  If -n or the keyword "new" is uesd, it will always allocate a new address
+  by default rather than using one that is already available.
+
+  If no interface ID or device name provided, it will be inferred from the
+  private IP address provided.
 }
 arg 'private-ip'
 arg 'public-ip', :optional
@@ -421,16 +433,20 @@ arg 'allocation-id', :optional
 arg 'interface-id', :optional
 arg 'device-name', :optional
 command [:associate] do |c|
-  c.desc 'Do not return until connection is verified'
-  c.switch [:b,:block], negatable: false
+  c.desc 'Do not wait for the connection to be verified'
+  c.switch [:noblock], negatable: false
+
+  c.desc 'Allocate a new public IP address (can also pass "new" as a parameter)'
+  c.switch [:n,:new], negatable: false
 
   c.action do |global,opts,args|
-    args.delete('new')
+    opts[:new] = !!args.delete('new') || opts[:new]
     params = parse_args args, :private_ip, :public_ip, :allocation_id, :interface_id, :device_name
-    params[:block] = opts[:block]
+    params.merge! new: opts[:new], block: !opts[:noblock]
     help_now! "Missing argument" unless params[:private_ip]
 
     assoc = Aws::ENI.associate_elastic_ip(params[:private_ip], params)
+    puts "EIP #{assoc[:public_ip]} allocated as #{assoc[:allocation_id]}" if assoc[:allocated]
     puts "EIP #{assoc[:public_ip]} (#{assoc[:allocation_id]}) associated with #{assoc[:private_ip]} on #{assoc[:device_name]} (#{assoc[:interface_id]})"
   end
 end
@@ -491,13 +507,51 @@ command [:release] do |c|
   end
 end
 
-desc 'Test access to AWS EC2 and our machine\'s network config'
+desc 'Test a LAN or WAN connection through a specific IP'
+long_desc %{
+  Test a LAN or WAN connection with ICMP.  Provide a local IP address to test
+  its connection to the subnet gateway, or provide a public IP address to test
+  its connection to 8.8.8.8.
+}
+arg 'private-ip OR public-ip OR allocation-id'
+arg 'interface-id', :optional
+arg 'device-name', :optional
+command [:test] do |c|
+
+  c.desc 'How many seconds to wait for a response to the ICMP packets'
+  c.flag [:t,:timeout], default_value: 30, type: Integer
+
+  c.action do |global,opts,args|
+    params = parse_args args, :private_ip, :public_ip, :allocation_id, :association_id, :interface_id, :device_name
+    params[:timeout] = opts[:timeout]
+
+    if address = params[:public_ip] || params[:association_id] || params[:allocation_id]
+      if Aws::ENI.test_association(address, params)
+        puts "EIP #{address} connection successful"
+      else
+        puts "EIP #{address} failed to connect after #{opts[:timeout]} seconds"
+        exit! 1
+      end
+    elsif address = params[:private_ip]
+      if Aws::ENI.test_secondary_ip(address, params)
+        puts "IP #{address} connection successful"
+      else
+        puts "IP #{address} failed to connect after #{opts[:timeout]} seconds"
+        exit! 1
+      end
+    else
+      help_now! "Missing argument"
+    end
+  end
+end
+
+desc 'Check access to AWS EC2 and our machine\'s network config'
 long_desc %{
   Check for sufficient privileges to alter the local machine's network interface
   configuration and verify that the AWS access credentials include permissions
   necessary to perform all network related functions.
 }
-command [:test] do |c|
+command [:check] do |c|
   c.action do |global,opts,args|
     help_now! "Too many arguments" if args.count > 1
 
@@ -535,5 +589,6 @@ on_error do |error|
   end
 end
 
-ARGV << 'ls' if ARGV.empty?
+# work around GLI's odd -v option detection
+exit run %w[-v help] if (ARGV & %w[-v --version]).any?
 exit run(ARGV)

data/lib/aws-eni.rb

@@ -98,24 +98,25 @@ module Aws
     end
 
     # attach network interface
-    def attach_interface(id, options = {})
-      do_enable = true unless options[:enable] == false
-      do_config = true unless options[:configure] == false
+    def attach_interface(interface_id, options = {})
+      do_block = options[:block] != false
+      do_enable = options[:enable] != false
+      do_config = options[:configure] != false
       assert_interface_access if do_config || do_enable
 
       device = Interface[options[:device_number] || options[:name]].assert(exists: false)
 
       begin
         response = Client.attach_network_interface(
-          network_interface_id: id,
+          network_interface_id: interface_id,
           instance_id: environment[:instance_id],
           device_index: device.device_number
         )
       rescue EC2::Errors::AttachmentLimitExceeded
-        raise Errors::ClientOperationError, "Unable to attach #{id} to #{device.name} (attachment limit exceeded)"
+        raise Errors::ClientOperationError, "Unable to attach #{interface_id} to #{device.name} (attachment limit exceeded)"
       end
 
-      if options[:block] || do_config || do_enable
+      if do_block || do_config || do_enable
         wait_for 'the interface to attach', rescue: Errors::MetaNotFound do
           device.exists? && Client.interface_attached(device.interface_id)
         end
@@ -123,7 +124,7 @@ module Aws
       device.configure if do_config
       device.enable if do_enable
       {
-        interface_id:  device.interface_id,
+        interface_id:  interface_id,
         device_name:   device.name,
         device_number: device.device_number,
         enabled:       do_enable,
@@ -133,8 +134,8 @@ module Aws
     end
 
     # detach network interface
-    def detach_interface(id, options = {})
-      device = Interface[id].assert(
+    def detach_interface(selector, options = {})
+      device = Interface[selector].assert(
         exists: true,
         device_name:   options[:device_name],
         interface_id:  options[:interface_id],
@@ -142,24 +143,18 @@ module Aws
       )
       interface = Client.describe_interface(device.interface_id)
 
+      do_release = !!options[:release]
+      created_by_us = interface.tag_set.any? { |tag| tag.key == 'created by' && tag.value == owner_tag }
+      do_delete = options[:delete] != false && created_by_us
+      do_block = options[:block] != false
+
       if device.name == 'eth0'
         raise Errors::InvalidInterface, 'For safety, interface eth0 cannot be detached.'
       end
-
       unless interface[:attachment] && interface[:attachment][:instance_id] == environment[:instance_id]
-        raise Errors::UnknownInterface, "Interface #{interface_id} is not attached to this machine"
+        raise Errors::InvalidInterface, "Interface #{interface_id} is not attached to this machine"
       end
 
-      device.disable
-      device.deconfigure
-      Client.detach_network_interface(
-        attachment_id: interface[:attachment][:attachment_id],
-        force: true
-      )
-      created_by_us = interface.tag_set.any? { |tag| tag.key == 'created by' && tag.value == owner_tag }
-      do_delete = options[:delete] != false && created_by_us
-      do_release = !!options[:release]
-
       public_ips = []
       interface[:private_ip_addresses].each do |addr|
         if assoc = addr[:association]
@@ -171,7 +166,13 @@ module Aws
         end
       end
 
-      if options[:block] || do_delete
+      device.disable
+      device.deconfigure
+      Client.detach_network_interface(
+        attachment_id: interface[:attachment][:attachment_id],
+        force: true
+      )
+      if do_block || do_delete
         wait_for 'the interface to detach', interval: 0.3 do
           !device.exists? && !Client.interface_attached(interface[:network_interface_id])
         end
@@ -193,7 +194,7 @@ module Aws
     def clean_interfaces(filter = nil, options = {})
       public_ips = []
       do_release = !!options[:release]
-      safe_mode = true unless options[:safe_mode] == false
+      safe_mode = options[:safe_mode] != false
 
       filters = [
         { name: 'vpc-id', values: [environment[:vpc_id]] },
@@ -255,8 +256,14 @@ module Aws
       )
       interface_id = device.interface_id
       current_ips = Client.interface_private_ips(interface_id)
+      do_config = options[:configure] != false
+      do_block = options[:block] != false
       new_ip = options[:private_ip]
 
+      if do_block && !device.enabled?
+        raise Errors::InvalidParameter, "Interface #{device.name} is not enabled (cannot block)"
+      end
+
       if new_ip
         if current_ips.include?(new_ip)
           raise Errors::ClientOperationError, "IP #{new_ip} already assigned to #{device.name}"
@@ -283,9 +290,9 @@ module Aws
         end
       end
 
-      unless options[:configure] == false
+      if do_config
         device.add_alias(new_ip)
-        if options[:block] && !Interface.test(new_ip, target: device.gateway)
+        if do_block && !Interface.test(new_ip, target: device.gateway)
           raise Errors::TimeoutError, 'Timed out waiting for IP address to become active'
         end
       end
@@ -339,9 +346,27 @@ module Aws
       }
     end
 
+    # validate a local area connection on a secondary ip address
+    def test_secondary_ip(private_ip, options = {})
+      timeout = options[:timeout] || self.timeout
+
+      find = options[:device_name] || options[:device_number] || options[:interface_id] || private_ip
+      device = Interface[find].assert(
+        exists: true,
+        enabled: true,
+        device_name:   options[:device_name],
+        interface_id:  options[:interface_id],
+        device_number: options[:device_number],
+        private_ip:    private_ip
+      )
+      Interface.test(private_ip, target: device.gateway, timeout: timeout)
+    end
+
     # associate a private ip with an elastic ip through the AWS api
     def associate_elastic_ip(private_ip, options = {})
       raise Errors::MissingInput, 'You must specify a private IP address' unless private_ip
+      do_alloc = !!options[:new]
+      do_block = options[:block] != false
 
       find = options[:device_name] || options[:device_number] || options[:interface_id] || private_ip
       device = Interface[find].assert(
@@ -353,6 +378,9 @@ module Aws
       )
       options[:public_ip] ||= options[:allocation_id]
 
+      if do_block && !device.enabled?
+        raise Errors::InvalidParameter, "Interface #{device.name} is not enabled (cannot block)"
+      end
       if public_ip = device.public_ips[private_ip]
         raise Errors::ClientOperationError, "IP #{private_ip} already has an associated EIP (#{public_ip})"
       end
@@ -362,7 +390,8 @@ module Aws
         if options[:allocation_id] && eip[:allocation_id] != options[:allocation_id]
           raise Errors::InvalidAddress, "EIP #{eip[:public_ip]} (#{eip[:allocation_id]}) does not match #{options[:allocation_id]}"
         end
-      else
+      elsif do_alloc || !eip = Client.available_addresses.first
+        allocated = true
         eip = allocate_elastic_ip
       end
 
@@ -373,13 +402,14 @@ module Aws
         allow_reassociation:  false
       )
 
-      if options[:block] && !Interface.test(private_ip)
+      if do_block && !Interface.test(private_ip)
         raise Errors::TimeoutError, 'Timed out waiting for ip address to become active'
       end
       {
         private_ip:     private_ip,
         device_name:    device.name,
         interface_id:   device.interface_id,
+        allocated:      !!allocated,
         public_ip:      eip[:public_ip],
         allocation_id:  eip[:allocation_id],
         association_id: resp[:association_id]
@@ -444,9 +474,64 @@ module Aws
       }
     end
 
+    # validate an internet connection on a secondary ip address with an
+    # associated elastic ip
+    def test_association(address, options = {})
+      timeout = options[:timeout] || self.timeout
+
+      # assert device attributes if we've specified a device
+      if find = options[:device_name] || options[:device_number]
+        device = Interface[find].assert(
+          device_name:   options[:device_name],
+          device_number: options[:device_number],
+          interface_id:  options[:interface_id],
+          private_ip:    options[:private_ip],
+          public_ip:     options[:public_ip]
+        )
+      end
+
+      # get our address info
+      eip = Client.describe_address(address)
+      device ||= Interface.find { |dev| dev.interface_id == eip[:network_interface_id] }
+
+      # assert eip attributes if options provided
+      if options[:private_ip] && eip[:private_ip_address] != options[:private_ip]
+        raise Errors::InvalidAddress, "#{address} is not associated with IP #{options[:private_ip]}"
+      end
+      if options[:public_ip] && eip[:public_ip] != options[:public_ip]
+        raise Errors::InvalidAddress, "#{address} is not associated with public IP #{options[:public_ip]}"
+      end
+      if options[:allocation_id] && eip[:allocation_id] != options[:allocation_id]
+        raise Errors::InvalidAddress, "#{address} is not associated with allocation ID #{options[:allocation_id]}"
+      end
+      if options[:association_id] && eip[:association_id] != options[:association_id]
+        raise Errors::InvalidAddress, "#{address} is not associated with association ID #{options[:association_id]}"
+      end
+      if options[:interface_id] && eip[:network_interface_id] != options[:interface_id]
+        raise Errors::InvalidAddress, "#{address} is not associated with interface ID #{options[:interface_id]}"
+      end
+
+      # assert that this eip attached to an enabled, configured interface on this machine
+      unless device
+        raise Errors::InvalidAddress, "#{address} is not associated with an interface on this machine"
+      end
+      unless device.enabled?
+        raise Errors::InvalidAddress, "#{address} cannot be tested while #{device.name} is disabled"
+      end
+      unless device.local_ips.include?(eip[:private_ip_address])
+        raise Errors::InvalidAddress, "#{address} cannot be tested until #{device.name} is configured"
+      end
+
+      Interface.test(eip[:private_ip_address], timeout: timeout)
+    end
+
     # allocate a new elastic ip address
     def allocate_elastic_ip
       eip = Client.allocate_address(domain: 'vpc')
+      wait_for 'new elastic ip to become available', rescue: Errors::UnknownAddress do
+        # strangely this doesn't happen immediately in some cases
+        Client.describe_address(eip[:allocation_id])
+      end
       {
         public_ip:     eip[:public_ip],
         allocation_id: eip[:allocation_id]

data/lib/aws-eni/client.rb

@@ -41,7 +41,7 @@ module Aws
 
       # retrieve a single interface resource
       def describe_interface(id)
-        resp = describe_network_interfaces(network_interface_ids: [id])
+        resp = describe_network_interfaces(filters: [{ name: 'network-interface-id', values: [id] }])
         raise Errors::UnknownInterface, "Interface #{id} could not be located" if resp[:network_interfaces].empty?
         resp[:network_interfaces].first
       end
@@ -65,10 +65,16 @@ module Aws
           { name: 'domain', values: ['vpc'] },
           { name: filter_by, values: [address] }
         ])
-        raise Errors::UnknownAddress, "IP #{address} could not be located" if resp[:addresses].empty?
+        raise Errors::UnknownAddress, "No EIP with #{address} could be located" if resp[:addresses].empty?
         resp[:addresses].first
       end
 
+      # retrieve a list of available addresses
+      def available_addresses
+        filters = [{ name: 'domain', values: ['vpc'] }]
+        describe_addresses(filters: filters)[:addresses].select{ |addr| !addr.association_id }
+      end
+
       # retrieve an array of private ips associated with the given interface
       def interface_private_ips(id)
         interface = describe_interface(id)
@@ -135,8 +141,7 @@ module Aws
             client.public_send(method, params.merge(dry_run: true))
           rescue EC2::Errors::DryRunOperation
             true
-          rescue EC2::Errors::InvalidAllocationIDNotFound
-            # release_address does not properly support dry_run
+          rescue EC2::Errors::InvalidAllocationIDNotFound, EC2::Errors::InvalidAssociationIDNotFound
             true
           rescue EC2::Errors::UnauthorizedOperation
             false

data/lib/aws-eni/interface.rb

@@ -169,7 +169,7 @@ module Aws
         hwaddr = self.hwaddr
         unless @meta_cache && @meta_cache[:hwaddr] == hwaddr
           @meta_cache = Meta.connection do
-            raise MetaBadResponse unless Meta.interface(hwaddr, '')
+            raise Errors::MetaBadResponse unless Meta.interface(hwaddr, '', not_found: nil)
             {
               hwaddr:       hwaddr,
               interface_id: Meta.interface(hwaddr, 'interface-id'),
@@ -179,6 +179,8 @@ module Aws
           end
         end
         @meta_cache
+      rescue Errors::MetaConnectionFailed
+        raise Errors::InvalidInterface, "Interface #{name} could not be found in the EC2 instance meta-data"
       end
 
       def interface_id

data/lib/aws-eni/meta.rb

@@ -32,7 +32,7 @@ module Aws
             when 200
               @cache[path] = response.body
             when 404
-              raise Errors::MetaNotFound unless options[:not_found]
+              raise Errors::MetaNotFound unless options.has_key?(:not_found)
               options[:not_found]
             else
               raise Errors::MetaBadResponse

data/lib/aws-eni/version.rb

@@ -1,5 +1,5 @@
 module Aws
   module ENI
-    VERSION = "0.2.2"
+    VERSION = "0.3.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-eni
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.3.0
 platform: ruby
 authors:
 - Mike Greiling
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-05-06 00:00:00.000000000 Z
+date: 2015-05-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gli