knife-rds 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +1 -0
- data/Gemfile +3 -0
- data/Gemfile.lock +119 -0
- data/LICENSE +21 -0
- data/README.md +100 -0
- data/bin/console +20 -0
- data/knife-rds.gemspec +28 -0
- data/lib/chef/knife/rds_base.rb +75 -0
- data/lib/chef/knife/rds_base_data_bag.rb +145 -0
- data/lib/chef/knife/rds_create.rb +23 -0
- data/lib/chef/knife/rds_instance_delete.rb +29 -0
- data/lib/chef/knife/rds_instance_from_data_bag.rb +145 -0
- data/lib/chef/knife/rds_instance_list.rb +49 -0
- data/lib/chef/knife/rds_instance_restore_from_data_bag.rb +80 -0
- data/lib/chef/knife/rds_pg_from_data_bag.rb +159 -0
- data/lib/chef/knife/rds_pg_list.rb +39 -0
- data/lib/chef/knife/rds_sg_from_data_bag.rb +176 -0
- data/lib/chef/knife/rds_sg_list.rb +37 -0
- data/lib/knife-rds/version.rb +5 -0
- data/spec/spec_helper.rb +1 -0
- metadata +178 -0
@@ -0,0 +1,39 @@
|
|
1
|
+
require 'chef/knife/rds_base'
|
2
|
+
|
3
|
+
class Chef
|
4
|
+
class Knife
|
5
|
+
class RdsPgList < Knife
|
6
|
+
|
7
|
+
'''
|
8
|
+
List parameter groups.
|
9
|
+
'''
|
10
|
+
|
11
|
+
PARAMETER_GROUP_INFO = {
|
12
|
+
db_parameter_group_name: 'Name',
|
13
|
+
description: 'Description',
|
14
|
+
db_parameter_group_family: 'Family',
|
15
|
+
}
|
16
|
+
|
17
|
+
include Knife::RdsBase
|
18
|
+
|
19
|
+
banner 'knife rds pg list (args)'
|
20
|
+
|
21
|
+
def run
|
22
|
+
authenticate!
|
23
|
+
rds.client.describe_db_parameter_groups[:db_parameter_groups].each do |group|
|
24
|
+
present_parameter_group(group)
|
25
|
+
end
|
26
|
+
exit 1
|
27
|
+
end
|
28
|
+
|
29
|
+
def present_parameter_group(group)
|
30
|
+
ui.info '---'
|
31
|
+
PARAMETER_GROUP_INFO.each do |k, v|
|
32
|
+
ui.info("#{v} - #{group[k]}")
|
33
|
+
end
|
34
|
+
ui.info '---'
|
35
|
+
end
|
36
|
+
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,176 @@
|
|
1
|
+
require 'chef/knife/rds_base'
|
2
|
+
|
3
|
+
class Chef
|
4
|
+
class Knife
|
5
|
+
class RdsSgFromDataBag < Knife
|
6
|
+
|
7
|
+
'''
|
8
|
+
Create or update a security group from data bag configuration.
|
9
|
+
The security group you are creating MUST have a data bag entry on your Chef server.
|
10
|
+
The security group will be updated if it exists, or created if it does not.
|
11
|
+
'''
|
12
|
+
|
13
|
+
include Knife::RdsBase
|
14
|
+
include Knife::RdsBaseDataBag
|
15
|
+
|
16
|
+
option :data_bag_name,
|
17
|
+
:long => '--data-bag-name DATA_BAG_NAME',
|
18
|
+
:description => 'Name of databag containing RDS instances',
|
19
|
+
:default => 'rds_security_groups'
|
20
|
+
|
21
|
+
require_in_data_bag :ip_addresses, :ec2_security_groups, :description
|
22
|
+
|
23
|
+
banner 'knife rds sg from data_bag PG_NAME (args)'
|
24
|
+
|
25
|
+
def run
|
26
|
+
|
27
|
+
assert_name_args_at_least!(1, "Security group name is required!")
|
28
|
+
|
29
|
+
assert_data_bag_item_valid!
|
30
|
+
|
31
|
+
authenticate!
|
32
|
+
|
33
|
+
if db_security_group.nil?
|
34
|
+
ui.info("The security group #{db_security_group_name} does not exist.")
|
35
|
+
confirm("Would you like to create it")
|
36
|
+
create_db_security_group!
|
37
|
+
else
|
38
|
+
ui.info "The security group #{db_security_group_name} exists. Continuing..."
|
39
|
+
end
|
40
|
+
|
41
|
+
ui.info "Revoking parameters"
|
42
|
+
revoke_parameters_from_db_security_group!
|
43
|
+
ui.info "Authorizing parameters."
|
44
|
+
authorize_parameters_to_db_security_group!
|
45
|
+
|
46
|
+
ui.info("Assigned parameters to #{db_security_group_name}")
|
47
|
+
exit 0
|
48
|
+
|
49
|
+
end
|
50
|
+
|
51
|
+
def aws_account_id
|
52
|
+
ENV['AWS_ACCOUNT_ID']
|
53
|
+
end
|
54
|
+
|
55
|
+
# Assign all parameters from data bag to security group
|
56
|
+
def authorize_parameters_to_db_security_group!
|
57
|
+
authorize_ec2_security_groups_to_db_security_group!
|
58
|
+
authorize_ip_addresses_to_db_security_group!
|
59
|
+
end
|
60
|
+
|
61
|
+
# Remove all parameters NOT in data bag from security group
|
62
|
+
def revoke_parameters_from_db_security_group!
|
63
|
+
revoke_ec2_security_groups_from_security_group!
|
64
|
+
revoke_ip_addresses_from_db_security_group!
|
65
|
+
end
|
66
|
+
|
67
|
+
# Revoke ip addresses belonging to group by NOT in data bag
|
68
|
+
def revoke_ip_addresses_from_db_security_group!
|
69
|
+
db_security_group[:db_security_groups].first[:ip_ranges].each do |ip|
|
70
|
+
cidr = ip[:cidrip]
|
71
|
+
unless data_bag_item['ip_addresses'].include?(cidr)
|
72
|
+
if ip[:status] == 'authorized'
|
73
|
+
ui.info "Revoking access for #{cidr}"
|
74
|
+
rds.client.revoke_db_security_group_ingress(
|
75
|
+
db_security_group_name: db_security_group_name,
|
76
|
+
cidrip: cidr
|
77
|
+
)
|
78
|
+
end
|
79
|
+
else
|
80
|
+
ui.info "Keeping #{cidr}"
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
85
|
+
# Revoke security groups that are not in the data bag
|
86
|
+
def revoke_ec2_security_groups_from_security_group!
|
87
|
+
db_security_group[:db_security_groups].first[:ec2_security_groups].each do |eg|
|
88
|
+
eg_name = eg[:ec2_security_group_name]
|
89
|
+
unless data_bag_item['ec2_security_groups'].include?(eg_name)
|
90
|
+
if eg[:status] == 'authorized'
|
91
|
+
ui.info "Revoking access for #{eg_name}"
|
92
|
+
rds.client.revoke_db_security_group_ingress(
|
93
|
+
db_security_group_name: db_security_group_name,
|
94
|
+
ec2_security_group_owner_id: aws_account_id,
|
95
|
+
ec2_security_group_name: eg_name
|
96
|
+
)
|
97
|
+
end
|
98
|
+
else
|
99
|
+
ui.info "Keeping #{eg_name}"
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
104
|
+
|
105
|
+
# assign ec2 security groups
|
106
|
+
# aws account id is REQUIRED. Currently, it must be exported as environment variable
|
107
|
+
def authorize_ec2_security_groups_to_db_security_group!
|
108
|
+
data_bag_item['ec2_security_groups'].each do |group|
|
109
|
+
begin
|
110
|
+
rds.client.authorize_db_security_group_ingress(
|
111
|
+
db_security_group_name: db_security_group_name,
|
112
|
+
ec2_security_group_owner_id: aws_account_id,
|
113
|
+
ec2_security_group_name: group
|
114
|
+
)
|
115
|
+
ui.info "#{group} applied"
|
116
|
+
rescue AWS::RDS::Errors::AuthorizationAlreadyExists => e
|
117
|
+
ui.info "#{group} already applied"
|
118
|
+
end
|
119
|
+
end
|
120
|
+
end
|
121
|
+
|
122
|
+
# Assign ip addresses to security group
|
123
|
+
def authorize_ip_addresses_to_db_security_group!
|
124
|
+
data_bag_item['ip_addresses'].each do |ip|
|
125
|
+
begin
|
126
|
+
rds.client.authorize_db_security_group_ingress(
|
127
|
+
db_security_group_name: db_security_group_name,
|
128
|
+
cidrip: ip
|
129
|
+
)
|
130
|
+
rescue AWS::RDS::Errors::InvalidParameterValue => e
|
131
|
+
ui.info "Error applying ip #{ip}."
|
132
|
+
ui.info e.message
|
133
|
+
rescue AWS::RDS::Errors::AuthorizationAlreadyExists => e
|
134
|
+
ui.info "#{ip} already applied."
|
135
|
+
end
|
136
|
+
|
137
|
+
end
|
138
|
+
end
|
139
|
+
|
140
|
+
# Create a new RDS Security group using the provideda data bag
|
141
|
+
def create_db_security_group!
|
142
|
+
rds.client.create_db_security_group(
|
143
|
+
db_security_group_name: db_security_group_name,
|
144
|
+
db_security_group_description: data_bag_item['description']
|
145
|
+
)
|
146
|
+
end
|
147
|
+
|
148
|
+
# The name of the database security group, extracted from name arguments
|
149
|
+
#
|
150
|
+
# Returns string
|
151
|
+
def db_security_group_name
|
152
|
+
name_args.first
|
153
|
+
end
|
154
|
+
|
155
|
+
# For use with base data bag module.
|
156
|
+
def data_bag_item_name
|
157
|
+
db_security_group_name
|
158
|
+
end
|
159
|
+
|
160
|
+
# Load the DB Parameter Group resource from AWS using the API
|
161
|
+
#
|
162
|
+
# Returns AWS::RDS::DBParameterGroup or nil
|
163
|
+
def db_security_group
|
164
|
+
unless @db_security_group
|
165
|
+
begin
|
166
|
+
@db_security_group = rds.client.describe_db_security_groups(db_security_group_name: db_security_group_name)
|
167
|
+
rescue AWS::RDS::Errors::DBSecurityGroupNotFound => e
|
168
|
+
@db_security_group = nil
|
169
|
+
end
|
170
|
+
end
|
171
|
+
@db_security_group
|
172
|
+
end
|
173
|
+
|
174
|
+
end
|
175
|
+
end
|
176
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
require 'chef/knife/rds_base'
|
2
|
+
|
3
|
+
class Chef
|
4
|
+
class Knife
|
5
|
+
class RdsSgList < Knife
|
6
|
+
|
7
|
+
'''
|
8
|
+
List security groups.
|
9
|
+
'''
|
10
|
+
|
11
|
+
SECURITY_GROUP_INFO = {
|
12
|
+
db_security_group_name: 'Name'
|
13
|
+
}
|
14
|
+
|
15
|
+
include Knife::RdsBase
|
16
|
+
|
17
|
+
banner 'knife rds sg list (args)'
|
18
|
+
|
19
|
+
def run
|
20
|
+
authenticate!
|
21
|
+
rds.client.describe_db_security_groups[:db_security_groups].each do |sg|
|
22
|
+
present_security_group(sg)
|
23
|
+
end
|
24
|
+
exit 1
|
25
|
+
end
|
26
|
+
|
27
|
+
def present_security_group(group)
|
28
|
+
ui.info '---'
|
29
|
+
SECURITY_GROUP_INFO.each do |k, v|
|
30
|
+
ui.info("#{v} - #{group[k]}")
|
31
|
+
end
|
32
|
+
ui.info '---'
|
33
|
+
end
|
34
|
+
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
# TODO
|
metadata
ADDED
@@ -0,0 +1,178 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: knife-rds
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Jason Byck
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2014-05-15 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: chef
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ! '>='
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: 11.4.0
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ! '>='
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: 11.4.0
|
30
|
+
- !ruby/object:Gem::Dependency
|
31
|
+
name: aws-sdk
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
33
|
+
none: false
|
34
|
+
requirements:
|
35
|
+
- - ! '>='
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: '0'
|
38
|
+
type: :runtime
|
39
|
+
prerelease: false
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
42
|
+
requirements:
|
43
|
+
- - ! '>='
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
version: '0'
|
46
|
+
- !ruby/object:Gem::Dependency
|
47
|
+
name: rspec
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
49
|
+
none: false
|
50
|
+
requirements:
|
51
|
+
- - ~>
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '2.14'
|
54
|
+
type: :development
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
none: false
|
58
|
+
requirements:
|
59
|
+
- - ~>
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '2.14'
|
62
|
+
- !ruby/object:Gem::Dependency
|
63
|
+
name: rake
|
64
|
+
requirement: !ruby/object:Gem::Requirement
|
65
|
+
none: false
|
66
|
+
requirements:
|
67
|
+
- - ~>
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '10.1'
|
70
|
+
type: :development
|
71
|
+
prerelease: false
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
73
|
+
none: false
|
74
|
+
requirements:
|
75
|
+
- - ~>
|
76
|
+
- !ruby/object:Gem::Version
|
77
|
+
version: '10.1'
|
78
|
+
- !ruby/object:Gem::Dependency
|
79
|
+
name: fakeweb
|
80
|
+
requirement: !ruby/object:Gem::Requirement
|
81
|
+
none: false
|
82
|
+
requirements:
|
83
|
+
- - ! '>='
|
84
|
+
- !ruby/object:Gem::Version
|
85
|
+
version: '0'
|
86
|
+
type: :development
|
87
|
+
prerelease: false
|
88
|
+
version_requirements: !ruby/object:Gem::Requirement
|
89
|
+
none: false
|
90
|
+
requirements:
|
91
|
+
- - ! '>='
|
92
|
+
- !ruby/object:Gem::Version
|
93
|
+
version: '0'
|
94
|
+
- !ruby/object:Gem::Dependency
|
95
|
+
name: pry
|
96
|
+
requirement: !ruby/object:Gem::Requirement
|
97
|
+
none: false
|
98
|
+
requirements:
|
99
|
+
- - ! '>='
|
100
|
+
- !ruby/object:Gem::Version
|
101
|
+
version: '0'
|
102
|
+
type: :development
|
103
|
+
prerelease: false
|
104
|
+
version_requirements: !ruby/object:Gem::Requirement
|
105
|
+
none: false
|
106
|
+
requirements:
|
107
|
+
- - ! '>='
|
108
|
+
- !ruby/object:Gem::Version
|
109
|
+
version: '0'
|
110
|
+
- !ruby/object:Gem::Dependency
|
111
|
+
name: rubocop
|
112
|
+
requirement: !ruby/object:Gem::Requirement
|
113
|
+
none: false
|
114
|
+
requirements:
|
115
|
+
- - ! '>='
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
none: false
|
122
|
+
requirements:
|
123
|
+
- - ! '>='
|
124
|
+
- !ruby/object:Gem::Version
|
125
|
+
version: '0'
|
126
|
+
description: Manage RDS
|
127
|
+
email:
|
128
|
+
- jbyck@quandl.com
|
129
|
+
executables: []
|
130
|
+
extensions: []
|
131
|
+
extra_rdoc_files: []
|
132
|
+
files:
|
133
|
+
- .gitignore
|
134
|
+
- Gemfile
|
135
|
+
- Gemfile.lock
|
136
|
+
- LICENSE
|
137
|
+
- README.md
|
138
|
+
- bin/console
|
139
|
+
- knife-rds.gemspec
|
140
|
+
- lib/chef/knife/rds_base.rb
|
141
|
+
- lib/chef/knife/rds_base_data_bag.rb
|
142
|
+
- lib/chef/knife/rds_create.rb
|
143
|
+
- lib/chef/knife/rds_instance_delete.rb
|
144
|
+
- lib/chef/knife/rds_instance_from_data_bag.rb
|
145
|
+
- lib/chef/knife/rds_instance_list.rb
|
146
|
+
- lib/chef/knife/rds_instance_restore_from_data_bag.rb
|
147
|
+
- lib/chef/knife/rds_pg_from_data_bag.rb
|
148
|
+
- lib/chef/knife/rds_pg_list.rb
|
149
|
+
- lib/chef/knife/rds_sg_from_data_bag.rb
|
150
|
+
- lib/chef/knife/rds_sg_list.rb
|
151
|
+
- lib/knife-rds/version.rb
|
152
|
+
- spec/spec_helper.rb
|
153
|
+
homepage: https://github.com/quandl/knife-rds
|
154
|
+
licenses: []
|
155
|
+
post_install_message:
|
156
|
+
rdoc_options: []
|
157
|
+
require_paths:
|
158
|
+
- lib
|
159
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
160
|
+
none: false
|
161
|
+
requirements:
|
162
|
+
- - ! '>='
|
163
|
+
- !ruby/object:Gem::Version
|
164
|
+
version: '0'
|
165
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
166
|
+
none: false
|
167
|
+
requirements:
|
168
|
+
- - ! '>='
|
169
|
+
- !ruby/object:Gem::Version
|
170
|
+
version: '0'
|
171
|
+
requirements: []
|
172
|
+
rubyforge_project:
|
173
|
+
rubygems_version: 1.8.23
|
174
|
+
signing_key:
|
175
|
+
specification_version: 3
|
176
|
+
summary: Manage RDS
|
177
|
+
test_files:
|
178
|
+
- spec/spec_helper.rb
|