cloudkeeper-aws 2.0.0

data/README.md

@@ -0,0 +1,91 @@
+<p align="center">
+  <img alt="Cloudkeeper-AWS" src="https://i.imgur.com/1L2LcZ0.png" width="400"/>
+</p>
+
+# Cloudkeeper-AWS
+AWS backend for [Cloudkeeper](https://github.com/the-cloudkeeper-project/cloudkeeper)
+
+## What does Cloudkeeper-AWS do?
+Cloudkeeper-AWS is able to manage [AWS](https://aws.amazon.com/) cloud - upload, update and remove images representing EGI AppDB appliances. Cloudkeeper-AWS runs as a server listening for [gRPC](http://www.grpc.io/) communication usually from core [cloudkeeper](https://github.com/the-cloudkeeper-project/cloudkeeper) component.
+
+## Requirements
+* Ruby >= 2.2.0
+* Rubygems
+
+## Installation
+
+### From RubyGems.org
+To install the most recent stable version
+```bash
+gem install cloudkeeper-aws
+```
+
+### From source
+**Installation from source should never be your first choice! Especially, if you are not
+familiar with RVM, Bundler, Rake and other dev tools for Ruby!**
+
+**However, if you wish to contribute to our project, this is the right way to start.**
+
+To build and install the bleeding edge version from master
+
+```bash
+git clone git://github.com/the-cloudkeeper-project/cloudkeeper-aws.git
+cd cloudkeeper-aws
+gem install bundler
+bundle install
+```
+
+## Configuration
+
+### Create a configuration file for Cloudkeeper-AWS
+Configuration file can be read by Cloudkeeper-AWS from these
+three locations:
+
+* `~/.cloudkeeper-aws/cloudkeeper-aws.yml`
+* `/etc/cloudkeeper-aws/cloudkeeper-aws.yml`
+* `PATH_TO_GEM_DIR/config/cloudkeeper-aws.yml`
+
+The default configuration file can be found at the last location
+`PATH_TO_GEM_DIR/config/cloudkeeper-aws.yml`.
+
+## Usage
+Cloudkeeper-AWS is run with executable `cloudkeeper-aws`. For further assistance run `cloudkeeper-aws help sync`:
+```bash
+Usage:
+  cloudkeeper-aws sync
+
+Options:
+  [--polling-timeout=N]                      # Polling timeout value in seconds
+                                             # Default: 3600
+  [--polling-interval=N]                     # Polling interval value in seconds
+                                             # Default: 2
+  [--bucket-name=BUCKET-NAME]                # Name of AWS bucket for storing temp image files
+                                             # Default: cloudkeeper-aws
+  [--listen-address=LISTEN-ADDRESS]          # IP address gRPC server will listen on
+                                             # Default: 127.0.0.1:50051
+  [--authentication], [--no-authentication]  # Client <-> server authentication
+  [--certificate=CERTIFICATE]                # Backend's host certificate
+                                             # Default: /etc/grid-security/hostcert.pem
+  [--key=KEY]                                # Backend's host key
+                                             # Default: /etc/grid-security/hostkey.pem
+  [--identifier=IDENTIFIER]                  # Instance identifier
+                                             # Default: cloudkeeper-aws
+  [--core-certificate=CORE-CERTIFICATE]      # Core's certificate
+                                             # Default: /etc/grid-security/corecert.pem
+  [--progress], [--no-progress]              # Print progress for each import image task
+  --logging-level=LOGGING-LEVEL              
+                                             # Default: ERROR
+                                             # Possible values: DEBUG, INFO, WARN, ERROR, FATAL, UNKNOWN
+  [--logging-file=LOGGING-FILE]              # File to write logs to
+                                             # Default: /var/log/cloudkeeper/cloudkeeper-aws.log
+  [--debug], [--no-debug]                    # Runs cloudkeeper in debug mode
+
+Runs synchronization process
+```
+
+## Contributing
+1. Fork it ( https://github.com/the-cloudkeeper-project/cloudkeeper-aws/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,17 @@
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+require 'bundler/gem_tasks'
+
+RSpec::Core::RakeTask.new(:spec)
+RuboCop::RakeTask.new
+
+task default: :spec
+
+desc 'Run acceptance tests (RSpec + Rubocop)'
+task test: 'acceptance'
+
+desc 'Run acceptance tests (RSpec + Rubocop)'
+task :acceptance do |_t|
+  Rake::Task['spec'].invoke
+  Rake::Task['rubocop'].invoke
+end

data/bin/cloudkeeper-aws

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+require 'cloudkeeper_grpc'
+require 'cloudkeeper/aws'
+
+Cloudkeeper::Aws::CLI.start(ARGV)

data/cloudkeeper-aws.gemspec

@@ -0,0 +1,46 @@
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'cloudkeeper/aws/version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'cloudkeeper-aws'
+  spec.version = Cloudkeeper::Aws::VERSION
+  spec.authors = ['Dušan Baran']
+  spec.email = ['work.dusanbaran@gmail.com']
+
+  spec.summary = 'AWS backend for cloudkeeper'
+  spec.description = 'AWS backend for cloudkeeper'
+  spec.homepage = 'https://github.com/the-cloudkeeper-project/cloudkeeper-aws'
+  spec.license = 'GNU General Public License v3.0'
+
+  spec.files = `git ls-files -z`.split("\x0").reject \
+    { |f| f.match(%r{^(test|spec|features)/}) }
+  gem_dir = __dir__ + '/'
+  `git submodule --quiet foreach --recursive pwd`.split($OUTPUT_RECORD_SEPARATOR).each do |submodule_path|
+    Dir.chdir(submodule_path) do
+      submodule_relative_path = submodule_path.sub gem_dir, ''
+      `git ls-files`.split($OUTPUT_RECORD_SEPARATOR).each do |filename|
+        spec.files << "#{submodule_relative_path}/#{filename}"
+      end
+    end
+  end
+  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler', '~> 1.16'
+  spec.add_development_dependency 'codecov', '~> 0.1'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'rubocop', '~> 0.54'
+  spec.add_development_dependency 'rubocop-rspec', '~> 1.27'
+  spec.add_development_dependency 'vcr', '~> 4.0'
+  spec.add_development_dependency 'webmock', '~> 3.4'
+
+  spec.add_runtime_dependency 'activesupport', '~> 5.2'
+  spec.add_runtime_dependency 'aws-sdk-ec2', '~> 1.43'
+  spec.add_runtime_dependency 'aws-sdk-s3', '~> 1.17'
+  spec.add_runtime_dependency 'grpc', '~> 1.10'
+  spec.add_runtime_dependency 'settingslogic', '~> 2.0'
+  spec.add_runtime_dependency 'thor', '~> 0.20'
+  spec.add_runtime_dependency 'yell', '~> 2.0'
+end

data/codecov.yml

@@ -0,0 +1,4 @@
+coverage:
+  status:
+    project: off
+    patch: off

data/config/cloudkeeper-aws.yml

@@ -0,0 +1,17 @@
+polling-timeout: 3600 # Timeout in seconds for AWS image import task polling
+polling-interval: 2 # Interval in seconds for AWS image import task polling
+bucket-name: cloudkeeper-aws # Bucket that is used for storing images during image import task
+listen-address: 127.0.0.1:50051 # IP address gRPC server will listen on
+authentication: false # core (client) <-> backend (server) authentication (certificate, key and core-certificate options)
+certificate: /etc/grid-security/hostcert.pem # Backend's host certificate
+key: /etc/grid-security/hostkey.pem # Backend's host key
+identifier: cloudkeeper-aws # Instance identifier
+core:
+  certificate: /etc/grid-security/corecert.pem # Core's certificate
+logging:
+  level: ERROR # Logging level
+  file: /var/log/cloudkeeper/cloudkeeper-aws.log # File to write log to. To turn off file logging leave this field empty.
+progress: false
+debug: false # Debug mode
+aws: # Any AWS config data can be set here
+    region: eu-central-1

data/lib/cloudkeeper/aws.rb

@@ -0,0 +1,16 @@
+module Cloudkeeper
+  # Module for aws related cloudkeeper functionality
+  module Aws
+    autoload :BackendExecutor, 'cloudkeeper/aws/backend_executor'
+    autoload :CLI, 'cloudkeeper/aws/cli'
+    autoload :Cloud, 'cloudkeeper/aws/cloud'
+    autoload :Settings, 'cloudkeeper/aws/settings'
+    autoload :Errors, 'cloudkeeper/aws/errors'
+    autoload :ImageDownloader, 'cloudkeeper/aws/image_downloader'
+    autoload :CoreConnector, 'cloudkeeper/aws/core_connector'
+    autoload :FilterHelper, 'cloudkeeper/aws/filter_helper'
+    autoload :ProtoHelper, 'cloudkeeper/aws/proto_helper'
+  end
+end
+
+require 'cloudkeeper/aws/version'

data/lib/cloudkeeper/aws/backend_executor.rb

@@ -0,0 +1,76 @@
+module Cloudkeeper
+  module Aws
+    # Module handling complex operations on cloud backend
+    module BackendExecutor
+      def upload_local_appliance(appliance)
+        cloud.upload_file(appliance.identifier, appliance.image.location)
+      end
+
+      def upload_remote_appliance(appliance)
+        cloud.upload_data(appliance.identifier) do |write_stream|
+          ImageDownloader.download(appliance.image.location,
+                                   appliance.image.username,
+                                   appliance.image.password) do |image_segment|
+                                     write_stream << image_segment
+                                   end
+        end
+      end
+
+      def upload_appliance(appliance)
+        upload_remote_appliance(appliance) if appliance.image.mode == :REMOTE
+        upload_local_appliance(appliance) if appliance.image.mode == :LOCAL
+      end
+
+      def register_appliance(appliance)
+        upload_appliance(appliance)
+        image_id = cloud.poll_import_task(cloud.start_import_image(appliance))
+        cloud.set_tags(ProtoHelper.appliance_to_tags(appliance), image_id)
+      ensure
+        cloud.delete_data(appliance.identifier)
+      end
+
+      def deregister_image(appliance)
+        logger.debug { "Deregistering appliance #{appliance.identifier}" }
+        image = cloud.find_appliance(appliance.identifier)
+        cloud.deregister_image(image.image_id)
+      end
+
+      def modify_appliance(appliance)
+        deregister_image(appliance)
+        register_appliance(appliance)
+      end
+
+      def change_tags(appliance)
+        image = cloud.find_appliance(appliance.identifier)
+        cloud.set_tags(ProtoHelper.appliance_to_tags(appliance), image.image_id)
+      end
+
+      def deregister_image_list(image_list_identifier)
+        images = cloud.search_images(FilterHelper.image_list(image_list_identifier.image_list_identifier))
+        images.each { |image| cloud.deregister_image(image.image_id) }
+      end
+
+      def list_image_lists
+        images = cloud.search_images(FilterHelper.all_image_lists)
+        image_list_identifiers = images.map do |image|
+          image.tags.find { |tag| tag['key'] == FilterHelper::TAG_APPLIANCE_IMAGE_LIST_IDENTIFIER }['value']
+        end
+        image_list_identifiers.uniq.map { |ili| CloudkeeperGrpc::ImageListIdentifier.new(image_list_identifier: ili) }
+      end
+
+      def fetch_appliances(image_list_identifier)
+        images = cloud.search_images(FilterHelper.image_list(image_list_identifier.image_list_identifier))
+        images.map { |image| ProtoHelper.appliance_from_tags(image.tags) }
+      end
+
+      def deregister_expired_appliances
+        images = cloud.search_images(FilterHelper.cloudkeeper_instance)
+        appliances = images.map { |image| ProtoHelper.appliance_from_tags(image.tags) }
+        appliances.keep_if { |appliance| appliance.expiration_date <= Time.now.to_i }
+
+        logger.debug { "Expired appliances #{appliances.map(&:identifier).inspect}" }
+        appliances.each { |expired| deregister_image(expired) }
+      end
+    end
+  end
+end

data/lib/cloudkeeper/aws/cli.rb

@@ -0,0 +1,159 @@
+require 'thor'
+require 'yell'
+
+module Cloudkeeper
+  module Aws
+    # Class defining CLI of cloudkeeper-aws
+    class CLI < Thor
+      SIGINT = 2
+      SIGTERM = 15
+      SIGNALS = [SIGTERM, SIGINT].freeze
+
+      class_option :'logging-level',
+                   required: true,
+                   default: Cloudkeeper::Aws::Settings['logging']['level'],
+                   type: :string,
+                   enum: Yell::Severities
+      class_option :'logging-file',
+                   default: Cloudkeeper::Aws::Settings['logging']['file'],
+                   type: :string,
+                   desc: 'File to write logs to'
+      class_option :debug,
+                   default: Cloudkeeper::Aws::Settings['debug'],
+                   type: :boolean,
+                   desc: 'Runs cloudkeeper in debug mode'
+
+      method_option :'polling-timeout',
+                    default: Cloudkeeper::Aws::Settings['polling-timeout'],
+                    type: :numeric,
+                    desc: 'Polling timeout value in seconds'
+      method_option :'polling-interval',
+                    default: Cloudkeeper::Aws::Settings['polling-interval'],
+                    type: :numeric,
+                    desc: 'Polling interval value in seconds'
+      method_option :'bucket-name',
+                    default: Cloudkeeper::Aws::Settings['bucket-name'],
+                    type: :string,
+                    desc: 'Name of AWS bucket for storing temp image files'
+      method_option :'listen-address',
+                    default: Cloudkeeper::Aws::Settings['listen-address'],
+                    type: :string,
+                    desc: 'IP address gRPC server will listen on'
+      method_option :authentication,
+                    default: Cloudkeeper::Aws::Settings['authentication'],
+                    type: :boolean,
+                    desc: 'Client <-> server authentication'
+      method_option :certificate,
+                    required: false,
+                    default: Cloudkeeper::Aws::Settings['certificate'],
+                    type: :string,
+                    desc: "Backend's host certificate"
+      method_option :key,
+                    required: false,
+                    default: Cloudkeeper::Aws::Settings['key'],
+                    type: :string,
+                    desc: "Backend's host key"
+      method_option :identifier,
+                    default: Cloudkeeper::Aws::Settings['identifier'],
+                    type: :string,
+                    desc: 'Instance identifier'
+      method_option :'core-certificate',
+                    required: false,
+                    default: Cloudkeeper::Aws::Settings['core']['certificate'],
+                    type: :string,
+                    desc: "Core's certificate"
+      method_option :progress,
+                    default: Cloudkeeper::Aws::Settings['progress'],
+                    type: :boolean,
+                    desc: 'Print progress for each import image task'
+
+      desc 'sync', 'Runs synchronization process'
+      def sync
+        initialize_config
+        initialize_logger
+        logger.debug { "Running with config: #{Cloudkeeper::Aws::Settings.to_hash.inspect}" }
+        initialize_grpc
+      rescue Cloudkeeper::Aws::Errors::InvalidConfigurationError => ex
+        abort ex.message
+      rescue StandardError => ex
+        logger.error "Unexpected error: #{ex.message}"
+        raise ex
+      end
+
+      desc 'version', 'Prints Cloudkeeper-AWS version'
+      def version
+        $stdout.puts Cloudkeeper::Aws::VERSION
+      end
+
+      default_task :sync
+
+      private
+
+      def initialize_grpc
+        grpc_server = GRPC::RpcServer.new
+        grpc_server.add_http2_port Cloudkeeper::Aws::Settings[:'listen-address'], credentials
+        grpc_server.handle Cloudkeeper::Aws::CoreConnector.new(Cloudkeeper::Aws::Cloud.new)
+        grpc_server.run_till_terminated
+      rescue SignalException => ex
+        raise ex unless SIGNALS.include? ex.signo
+
+        grpc_server.stop
+      end
+
+      def initialize_config
+        aws_config = Cloudkeeper::Aws::Settings[:aws]
+        Cloudkeeper::Aws::Settings.clear
+        Cloudkeeper::Aws::Settings.merge! options.to_hash
+        Cloudkeeper::Aws::Settings[:aws] = aws_config
+      end
+
+      def credentials
+        return :this_port_is_insecure unless Cloudkeeper::Aws::Settings[:authentication]
+
+        GRPC::Core::ServerCredentials.new(
+          File.read(Cloudkeeper::Aws::Settings[:'core-certificate']),
+          [private_key: File.read(Cloudkeeper::Aws::Settings[:key]),
+           cert_chain: File.read(Cloudkeeper::Aws::Settings[:certificate])],
+          true
+        )
+      end
+
+      def validate_configuration!
+        validate_configuration_group! :authentication,
+                                      %i[certificate key core-certificate],
+                                      'Authentication configuration missing'
+      end
+
+      def validate_configuration_group!(flag, required_options, error_message)
+        return unless Cloudkeeper::Aws::Settings[flag]
+
+        raise Cloudkeeper::Aws::Errors::InvalidConfigurationError, error_message unless all_options_available(required_options)
+      end
+
+      def all_options_available(required_options)
+        required_options.reduce(true) { |acc, elem| Cloudkeeper::Aws::Settings[elem] && acc }
+      end
+
+      def initialize_logger
+        logging_level = options['logging-level']
+        logging_level = 'debug' if options['debug']
+
+        Yell.new :stdout, name: Object, level: logging_level.downcase, format: Yell::DefaultFormat
+        Object.send :include, Yell::Loggable
+
+        setup_file_logger if options['logging-file']
+
+        logger.debug { 'Running in debug mode...' }
+      end
+
+      def setup_file_logger
+        logging_file = options['logging-file']
+        unless (File.exist?(logging_file) && File.writable?(logging_file)) || File.writable?(File.dirname(logging_file))
+          logger.error "File #{logging_file} isn't writable"
+          return
+        end
+        logger.adapter :file, logging_file
+      end
+    end
+  end
+end

data/lib/cloudkeeper/aws/cloud.rb

@@ -0,0 +1,173 @@
+require 'aws-sdk-s3'
+require 'aws-sdk-ec2'
+require 'timeout'
+
+module Cloudkeeper
+  module Aws
+    # Class for AWS Cloud related operations
+    class Cloud
+      attr_reader :s3, :bucket, :ec2
+
+      SUCCESSFUL_STATUS = %w[completed].freeze
+      UNSUCCESSFUL_STATUS = %w[deleted].freeze
+
+      # Constructs Cloud object that can communicate with AWS cloud.
+      #
+      # @note This method can be billed by AWS
+      def initialize(s3service: nil, ec2service: nil)
+        ::Aws.config.update(Cloudkeeper::Aws::Settings['aws'].deep_symbolize_keys)
+        @s3 = s3service || ::Aws::S3::Resource.new
+        @ec2 = ec2service || ::Aws::EC2::Client.new
+        @bucket = s3.bucket(Cloudkeeper::Aws::Settings['bucket-name'])
+        bucket.create unless bucket.exists?
+      end
+
+      # Uploads data in block AWS file with given name
+      #
+      # @note This method can be billed by AWS
+      # @param file_name [String] key of object in bucket
+      # @yield [write_stream] output stream
+      # @raise [Cloudkeeper::Aws::Errors::BackendError] if file already exists
+      def upload_data(file_name, &block)
+        logger.debug { "Block uploading to entry (#{file_name}) in bucket(#{Cloudkeeper::Aws::Settings['bucket-name']})" }
+        obj = bucket.object(file_name)
+        if obj.exists?
+          raise Cloudkeeper::Aws::Errors::Backend::BackendError,
+                "File #{file_name} in AWS bucket already exists"
+        end
+        obj.upload_stream(&block)
+      end
+
+      # Uploads file to AWS bucket
+      #
+      # @note This method can be billed by AWS
+      # @param file_name [String] name of file in AWS bucket
+      # @param file_path [String] name of file on local machine
+      # @raise [Cloudkeeper::Aws::Errors::BackendError] if file already exists
+      def upload_file(file_name, file_path)
+        logger.debug { "Local file uploading to entry (#{file_name}) in bucket(#{Cloudkeeper::Aws::Settings['bucket-name']})" }
+        obj = bucket.object(file_name)
+        if obj.exists?
+          raise Cloudkeeper::Aws::Errors::Backend::BackendError,
+                "File #{file_name} in AWS bucket already exists"
+        end
+        obj.upload_file(file_path)
+      end
+
+      def delete_data(file_name)
+        logger.debug { "Deleting file: #{file_name} from bucket: #{Cloudkeeper::Aws::Settings['bucket-name']}" }
+        obj = bucket.object(file_name)
+        obj.exists? ? obj.delete : logger.info("File does not exist: #{file_name}")
+      end
+
+      # Creates import image task on AWS cloud. This task needs to be
+      # polled for. See {#poll_import_task}.
+      #
+      # @note This method can be billed by AWS
+      # @param appliance [Appliance] data about image
+      # @return [Number] import task id
+      def start_import_image(appliance)
+        logger.debug { "Starting import image task for #{appliance.identifier}" }
+        ec2.import_image(
+          description: appliance.description,
+          disk_containers: [disk_container(appliance)]
+        ).import_task_id
+      end
+
+      # Method used for generating disk container for import image task
+      #
+      # @param appliance [Appliance] data about image
+      # @return [Hash] disk container hash
+      def disk_container(appliance)
+        {
+          description: appliance.description,
+          format: appliance.image.format,
+          user_bucket: {
+            s3_bucket: @bucket.name,
+            s3_key: appliance.identifier
+          }
+        }
+      end
+
+      # Polls for import image task result. This method is blocking, so
+      # after image import task is completed, successfully or not, it will
+      # return true or false.
+      #
+      # @note This method can be billed by AWS
+      # @param import_id [String] id of import image task
+      # @raise [Cloudkeeper::Aws::Errors::BackendError] if polling timed out
+      def poll_import_task(import_id)
+        logger.debug { "Polling for import task #{import_id}" }
+        timeout do
+          sleep_loop do
+            import_task = ec2.describe_import_image_tasks(import_task_ids: [import_id]).import_image_tasks.first
+            print_progress(import_task)
+            if UNSUCCESSFUL_STATUS.include?(import_task.status)
+              raise Cloudkeeper::Aws::Errors::Backend::ImageImportError,
+                    "Import failed with status #{import_task.status} and message: #{import_task.status_message}"
+            end
+            return import_task.image_id if SUCCESSFUL_STATUS.include?(import_task.status)
+          end
+        end
+      end
+
+      def print_progress(import_task)
+        logger.info "Import ##{import_task.import_task_id} [#{import_task.status}] with progress #{import_task.progress}%" \
+          if Cloudkeeper::Aws::Settings['progress']
+      end
+
+      # Simple method used for calling block in intervals
+      def sleep_loop
+        loop do
+          sleep Cloudkeeper::Aws::Settings['polling-interval']
+          yield
+        end
+      end
+
+      # Simple method used for handling timeout
+      def timeout
+        Timeout.timeout(Cloudkeeper::Aws::Settings['polling-timeout'],
+                        Cloudkeeper::Aws::Errors::Backend::TimeoutError) do
+          yield
+        end
+      end
+
+      # Deregisters specific image.
+      #
+      # @note This method can be billed by AWS
+      # @param image_id [String] id of specific AMI
+      def deregister_image(image_id)
+        logger.debug { "Deregistering AMI #{image_id}" }
+        ec2.deregister_image(image_id: image_id)
+      end
+
+      # Sets tags to specific AMI.
+      #
+      # @note This method can be billed by AWS
+      # @param tags [Array<Hash{Symbol => String}>] array of tags to set
+      #   to specific AMI. Tag consists of key and value symbols
+      # @param image_id [String] id of specific AMI
+      def set_tags(tags, image_id)
+        logger.debug { "Setting tags for AMI #{image_id}: #{tags}" }
+        ec2.create_tags(resources: [image_id], tags: tags)
+      end
+
+      def search_images(filters)
+        logger.debug { "Searching for AMI with filters: #{filters}" }
+        ec2.describe_images(filters: filters).images
+      end
+
+      def find_appliance(identifier)
+        logger.debug { "Fetching appliance with identifier: #{identifier}" }
+        images = ec2.describe_images(filters: FilterHelper.appliance(identifier)).images
+        raise Cloudkeeper::Aws::Errors::Backend::ApplianceNotFoundError, 'Appliance not found' if images.empty?
+
+        if images.size > 1
+          raise Cloudkeeper::Aws::Errors::Backend::MultipleAppliancesFoundError,
+                'Multiple appliances with same identifier exist in AWS'
+        end
+        images.first
+      end
+    end
+  end
+end