RubyGems - knife-rds - Versions diffs - 0.0.1 - Mend

knife-rds 0.0.1

Files changed (21) hide show

data/.gitignore +1 -0
data/Gemfile +3 -0
data/Gemfile.lock +119 -0
data/LICENSE +21 -0
data/README.md +100 -0
data/bin/console +20 -0
data/knife-rds.gemspec +28 -0
data/lib/chef/knife/rds_base.rb +75 -0
data/lib/chef/knife/rds_base_data_bag.rb +145 -0
data/lib/chef/knife/rds_create.rb +23 -0
data/lib/chef/knife/rds_instance_delete.rb +29 -0
data/lib/chef/knife/rds_instance_from_data_bag.rb +145 -0
data/lib/chef/knife/rds_instance_list.rb +49 -0
data/lib/chef/knife/rds_instance_restore_from_data_bag.rb +80 -0
data/lib/chef/knife/rds_pg_from_data_bag.rb +159 -0
data/lib/chef/knife/rds_pg_list.rb +39 -0
data/lib/chef/knife/rds_sg_from_data_bag.rb +176 -0
data/lib/chef/knife/rds_sg_list.rb +37 -0
data/lib/knife-rds/version.rb +5 -0
data/spec/spec_helper.rb +1 -0
metadata +178 -0

data/lib/chef/knife/rds_pg_list.rb ADDED

@@ -0,0 +1,39 @@
+require 'chef/knife/rds_base'
+class Chef
+  class Knife
+    class RdsPgList < Knife
+      '''
+      List parameter groups.
+      '''
+      PARAMETER_GROUP_INFO = {
+        db_parameter_group_name: 'Name',
+        description: 'Description',
+        db_parameter_group_family: 'Family',
+      }
+      include Knife::RdsBase
+      banner 'knife rds pg list (args)'
+      def run
+        authenticate!
+        rds.client.describe_db_parameter_groups[:db_parameter_groups].each do |group|
+          present_parameter_group(group)
+        end
+        exit 1
+      end
+      def present_parameter_group(group)
+        ui.info '---'
+        PARAMETER_GROUP_INFO.each do |k, v|
+          ui.info("#{v} - #{group[k]}")
+        end
+        ui.info '---'
+      end
+    end
+  end
+end

data/lib/chef/knife/rds_sg_from_data_bag.rb ADDED

@@ -0,0 +1,176 @@
+require 'chef/knife/rds_base'
+class Chef
+  class Knife
+    class RdsSgFromDataBag < Knife
+      '''
+      Create or update a security group from data bag configuration.
+      The security group you are creating MUST have a data bag entry on your Chef server.
+      The security group will be updated if it exists, or created if it does not.
+      '''
+      include Knife::RdsBase
+      include Knife::RdsBaseDataBag
+      option :data_bag_name,
+        :long => '--data-bag-name DATA_BAG_NAME',
+        :description => 'Name of databag containing RDS instances',
+        :default => 'rds_security_groups'
+      require_in_data_bag :ip_addresses, :ec2_security_groups, :description
+      banner 'knife rds sg from data_bag PG_NAME (args)'
+      def run
+        assert_name_args_at_least!(1, "Security group name is required!")
+        assert_data_bag_item_valid!
+        authenticate!
+        if db_security_group.nil?
+          ui.info("The security group #{db_security_group_name} does not exist.")
+          confirm("Would you like to create it")
+          create_db_security_group!
+        else
+          ui.info "The security group #{db_security_group_name} exists. Continuing..."
+        end
+        ui.info "Revoking parameters"
+        revoke_parameters_from_db_security_group!
+        ui.info "Authorizing parameters."
+        authorize_parameters_to_db_security_group!
+        ui.info("Assigned parameters to #{db_security_group_name}")
+        exit 0
+      end
+      def aws_account_id
+        ENV['AWS_ACCOUNT_ID']
+      end
+      # Assign all parameters from data bag to security group
+      def authorize_parameters_to_db_security_group!
+        authorize_ec2_security_groups_to_db_security_group!
+        authorize_ip_addresses_to_db_security_group!
+      end
+      # Remove all parameters NOT in data bag from security group
+      def revoke_parameters_from_db_security_group!
+        revoke_ec2_security_groups_from_security_group!
+        revoke_ip_addresses_from_db_security_group!
+      end
+      # Revoke ip addresses belonging to group by NOT in data bag
+      def revoke_ip_addresses_from_db_security_group!
+        db_security_group[:db_security_groups].first[:ip_ranges].each do |ip|
+          cidr = ip[:cidrip]
+          unless data_bag_item['ip_addresses'].include?(cidr)
+            if ip[:status] == 'authorized'
+              ui.info "Revoking access for #{cidr}"
+              rds.client.revoke_db_security_group_ingress(
+                db_security_group_name: db_security_group_name,
+                cidrip: cidr
+              )
+            end
+          else
+            ui.info "Keeping #{cidr}"
+          end
+        end
+      end
+      # Revoke security groups that are not in the data bag
+      def revoke_ec2_security_groups_from_security_group!
+        db_security_group[:db_security_groups].first[:ec2_security_groups].each do |eg|
+          eg_name = eg[:ec2_security_group_name]
+          unless data_bag_item['ec2_security_groups'].include?(eg_name)
+            if eg[:status] == 'authorized'
+              ui.info "Revoking access for #{eg_name}"
+              rds.client.revoke_db_security_group_ingress(
+                db_security_group_name: db_security_group_name,
+                ec2_security_group_owner_id: aws_account_id,
+                ec2_security_group_name: eg_name
+              )
+            end
+          else
+            ui.info "Keeping #{eg_name}"
+          end
+        end
+      end
+      # assign ec2 security groups
+      # aws account id is REQUIRED. Currently, it must be exported as environment variable
+      def authorize_ec2_security_groups_to_db_security_group!
+        data_bag_item['ec2_security_groups'].each do |group|
+          begin
+            rds.client.authorize_db_security_group_ingress(
+              db_security_group_name: db_security_group_name,
+              ec2_security_group_owner_id: aws_account_id,
+              ec2_security_group_name: group
+            )
+            ui.info "#{group} applied"
+          rescue AWS::RDS::Errors::AuthorizationAlreadyExists => e
+            ui.info "#{group} already applied"
+          end
+        end
+      end
+      # Assign ip addresses to security group
+      def authorize_ip_addresses_to_db_security_group!
+        data_bag_item['ip_addresses'].each do |ip|
+          begin
+            rds.client.authorize_db_security_group_ingress(
+              db_security_group_name: db_security_group_name,
+              cidrip: ip
+            )
+          rescue AWS::RDS::Errors::InvalidParameterValue => e
+            ui.info "Error applying ip #{ip}."
+            ui.info e.message
+          rescue AWS::RDS::Errors::AuthorizationAlreadyExists => e
+            ui.info "#{ip} already applied."
+          end
+        end
+      end
+      # Create a new RDS Security group using the provideda data bag
+      def create_db_security_group!
+        rds.client.create_db_security_group(
+          db_security_group_name: db_security_group_name,
+          db_security_group_description: data_bag_item['description']
+        )
+      end
+      # The name of the database security group, extracted from name arguments
+      #
+      # Returns string
+      def db_security_group_name
+        name_args.first
+      end
+      # For use with base data bag module.
+      def data_bag_item_name
+        db_security_group_name
+      end
+      # Load the DB Parameter Group resource from AWS using the API
+      #
+      # Returns AWS::RDS::DBParameterGroup or nil
+      def db_security_group
+        unless @db_security_group
+          begin
+            @db_security_group = rds.client.describe_db_security_groups(db_security_group_name: db_security_group_name)
+          rescue AWS::RDS::Errors::DBSecurityGroupNotFound => e
+            @db_security_group = nil
+          end
+        end
+        @db_security_group
+      end
+    end
+  end
+end

data/lib/chef/knife/rds_sg_list.rb ADDED

@@ -0,0 +1,37 @@
+require 'chef/knife/rds_base'
+class Chef
+  class Knife
+    class RdsSgList < Knife
+      '''
+      List security groups.
+      '''
+      SECURITY_GROUP_INFO = {
+        db_security_group_name: 'Name'
+      }
+      include Knife::RdsBase
+      banner 'knife rds sg list (args)'
+      def run
+        authenticate!
+        rds.client.describe_db_security_groups[:db_security_groups].each do |sg|
+          present_security_group(sg)
+        end
+        exit 1
+      end
+      def present_security_group(group)
+        ui.info '---'
+        SECURITY_GROUP_INFO.each do |k, v|
+          ui.info("#{v} - #{group[k]}")
+        end
+        ui.info '---'
+      end
+    end
+  end
+end

data/lib/knife-rds/version.rb ADDED

@@ -0,0 +1,5 @@
+module Knife
+  module RDS
+    VERSION = "0.0.1"
+  end
+end

data/spec/spec_helper.rb ADDED

	@@ -0,0 +1 @@
1	+ # TODO

metadata ADDED

@@ -0,0 +1,178 @@
+--- !ruby/object:Gem::Specification
+name: knife-rds
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease:
+platform: ruby
+authors:
+- Jason Byck
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2014-05-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: chef
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 11.4.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 11.4.0
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.14'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.14'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.1'
+- !ruby/object:Gem::Dependency
+  name: fakeweb
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Manage RDS
+email:
+- jbyck@quandl.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- bin/console
+- knife-rds.gemspec
+- lib/chef/knife/rds_base.rb
+- lib/chef/knife/rds_base_data_bag.rb
+- lib/chef/knife/rds_create.rb
+- lib/chef/knife/rds_instance_delete.rb
+- lib/chef/knife/rds_instance_from_data_bag.rb
+- lib/chef/knife/rds_instance_list.rb
+- lib/chef/knife/rds_instance_restore_from_data_bag.rb
+- lib/chef/knife/rds_pg_from_data_bag.rb
+- lib/chef/knife/rds_pg_list.rb
+- lib/chef/knife/rds_sg_from_data_bag.rb
+- lib/chef/knife/rds_sg_list.rb
+- lib/knife-rds/version.rb
+- spec/spec_helper.rb
+homepage: https://github.com/quandl/knife-rds
+licenses: []
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 1.8.23
+signing_key:
+specification_version: 3
+summary: Manage RDS
+test_files:
+- spec/spec_helper.rb