RubyGems - knife-rds - Versions diffs - 0.0.1 - Mend

knife-rds 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

data/.gitignore +1 -0
data/Gemfile +3 -0
data/Gemfile.lock +119 -0
data/LICENSE +21 -0
data/README.md +100 -0
data/bin/console +20 -0
data/knife-rds.gemspec +28 -0
data/lib/chef/knife/rds_base.rb +75 -0
data/lib/chef/knife/rds_base_data_bag.rb +145 -0
data/lib/chef/knife/rds_create.rb +23 -0
data/lib/chef/knife/rds_instance_delete.rb +29 -0
data/lib/chef/knife/rds_instance_from_data_bag.rb +145 -0
data/lib/chef/knife/rds_instance_list.rb +49 -0
data/lib/chef/knife/rds_instance_restore_from_data_bag.rb +80 -0
data/lib/chef/knife/rds_pg_from_data_bag.rb +159 -0
data/lib/chef/knife/rds_pg_list.rb +39 -0
data/lib/chef/knife/rds_sg_from_data_bag.rb +176 -0
data/lib/chef/knife/rds_sg_list.rb +37 -0
data/lib/knife-rds/version.rb +5 -0
data/spec/spec_helper.rb +1 -0
metadata +178 -0

data/lib/chef/knife/rds_pg_list.rb ADDED

@@ -0,0 +1,39 @@
+require 'chef/knife/rds_base'
+class Chef
+  class Knife
+    class RdsPgList < Knife
+      '''
+      List parameter groups.
+      '''
+      PARAMETER_GROUP_INFO = {
+        db_parameter_group_name: 'Name',
+        description: 'Description',
+        db_parameter_group_family: 'Family',
+      }
+      include Knife::RdsBase
+      banner 'knife rds pg list (args)'
+      def run
+        authenticate!
+        rds.client.describe_db_parameter_groups[:db_parameter_groups].each do |group|
+          present_parameter_group(group)
+        end
+        exit 1
+      end
+      def present_parameter_group(group)
+        ui.info '---'
+        PARAMETER_GROUP_INFO.each do |k, v|
+          ui.info("#{v} - #{group[k]}")
+        end
+        ui.info '---'
+      end
+    end
+  end
+end

data/lib/chef/knife/rds_sg_from_data_bag.rb ADDED

@@ -0,0 +1,176 @@
+require 'chef/knife/rds_base'
+class Chef
+  class Knife
+    class RdsSgFromDataBag < Knife
+      '''
+      Create or update a security group from data bag configuration.
+      The security group you are creating MUST have a data bag entry on your Chef server.
+      The security group will be updated if it exists, or created if it does not.
+      '''
+      include Knife::RdsBase
+      include Knife::RdsBaseDataBag
+      option :data_bag_name,
+        :long => '--data-bag-name DATA_BAG_NAME',
+        :description => 'Name of databag containing RDS instances',
+        :default => 'rds_security_groups'
+      require_in_data_bag :ip_addresses, :ec2_security_groups, :description
+      banner 'knife rds sg from data_bag PG_NAME (args)'
+      def run
+        assert_name_args_at_least!(1, "Security group name is required!")
+        assert_data_bag_item_valid!
+        authenticate!
+        if db_security_group.nil?
+          ui.info("The security group #{db_security_group_name} does not exist.")
+          confirm("Would you like to create it")
+          create_db_security_group!
+        else
+          ui.info "The security group #{db_security_group_name} exists. Continuing..."
+        end
+        ui.info "Revoking parameters"
+        revoke_parameters_from_db_security_group!
+        ui.info "Authorizing parameters."
+        authorize_parameters_to_db_security_group!
+        ui.info("Assigned parameters to #{db_security_group_name}")
+        exit 0
+      end
+      def aws_account_id
+        ENV['AWS_ACCOUNT_ID']
+      end
+      # Assign all parameters from data bag to security group
+      def authorize_parameters_to_db_security_group!
+        authorize_ec2_security_groups_to_db_security_group!
+        authorize_ip_addresses_to_db_security_group!
+      end
+      # Remove all parameters NOT in data bag from security group
+      def revoke_parameters_from_db_security_group!
+        revoke_ec2_security_groups_from_security_group!
+        revoke_ip_addresses_from_db_security_group!
+      end
+      # Revoke ip addresses belonging to group by NOT in data bag
+      def revoke_ip_addresses_from_db_security_group!
+        db_security_group[:db_security_groups].first[:ip_ranges].each do |ip|
+          cidr = ip[:cidrip]
+          unless data_bag_item['ip_addresses'].include?(cidr)
+            if ip[:status] == 'authorized'
+              ui.info "Revoking access for #{cidr}"
+              rds.client.revoke_db_security_group_ingress(
+                db_security_group_name: db_security_group_name,
+                cidrip: cidr
+              )
+            end
+          else
+            ui.info "Keeping #{cidr}"
+          end
+        end
+      end
+      # Revoke security groups that are not in the data bag
+      def revoke_ec2_security_groups_from_security_group!
+        db_security_group[:db_security_groups].first[:ec2_security_groups].each do |eg|
+          eg_name = eg[:ec2_security_group_name]
+          unless data_bag_item['ec2_security_groups'].include?(eg_name)
+            if eg[:status] == 'authorized'
+              ui.info "Revoking access for #{eg_name}"
+              rds.client.revoke_db_security_group_ingress(
+                db_security_group_name: db_security_group_name,
+                ec2_security_group_owner_id: aws_account_id,
+                ec2_security_group_name: eg_name
+              )
+            end
+          else
+            ui.info "Keeping #{eg_name}"
+          end
+        end
+      end
+      # assign ec2 security groups
+      # aws account id is REQUIRED. Currently, it must be exported as environment variable
+      def authorize_ec2_security_groups_to_db_security_group!
+        data_bag_item['ec2_security_groups'].each do |group|
+          begin
+            rds.client.authorize_db_security_group_ingress(
+              db_security_group_name: db_security_group_name,
+              ec2_security_group_owner_id: aws_account_id,
+              ec2_security_group_name: group
+            )
+            ui.info "#{group} applied"
+          rescue AWS::RDS::Errors::AuthorizationAlreadyExists => e
+            ui.info "#{group} already applied"
+          end
+        end
+      end
+      # Assign ip addresses to security group
+      def authorize_ip_addresses_to_db_security_group!
+        data_bag_item['ip_addresses'].each do |ip|
+          begin
+            rds.client.authorize_db_security_group_ingress(
+              db_security_group_name: db_security_group_name,
+              cidrip: ip
+            )
+          rescue AWS::RDS::Errors::InvalidParameterValue => e
+            ui.info "Error applying ip #{ip}."
+            ui.info e.message
+          rescue AWS::RDS::Errors::AuthorizationAlreadyExists => e
+            ui.info "#{ip} already applied."
+          end
+        end
+      end
+      # Create a new RDS Security group using the provideda data bag
+      def create_db_security_group!
+        rds.client.create_db_security_group(
+          db_security_group_name: db_security_group_name,
+          db_security_group_description: data_bag_item['description']
+        )
+      end
+      # The name of the database security group, extracted from name arguments
+      #
+      # Returns string
+      def db_security_group_name
+        name_args.first
+      end
+      # For use with base data bag module.
+      def data_bag_item_name
+        db_security_group_name
+      end
+      # Load the DB Parameter Group resource from AWS using the API
+      #
+      # Returns AWS::RDS::DBParameterGroup or nil
+      def db_security_group
+        unless @db_security_group
+          begin
+            @db_security_group = rds.client.describe_db_security_groups(db_security_group_name: db_security_group_name)
+          rescue AWS::RDS::Errors::DBSecurityGroupNotFound => e
+            @db_security_group = nil
+          end
+        end
+        @db_security_group
+      end
+    end
+  end
+end

data/lib/chef/knife/rds_sg_list.rb ADDED

@@ -0,0 +1,37 @@
+require 'chef/knife/rds_base'
+class Chef
+  class Knife
+    class RdsSgList < Knife
+      '''
+      List security groups.
+      '''
+      SECURITY_GROUP_INFO = {
+        db_security_group_name: 'Name'
+      }
+      include Knife::RdsBase
+      banner 'knife rds sg list (args)'
+      def run
+        authenticate!
+        rds.client.describe_db_security_groups[:db_security_groups].each do |sg|
+          present_security_group(sg)
+        end
+        exit 1
+      end
+      def present_security_group(group)
+        ui.info '---'
+        SECURITY_GROUP_INFO.each do |k, v|
+          ui.info("#{v} - #{group[k]}")
+        end
+        ui.info '---'
+      end
+    end
+  end
+end

data/lib/knife-rds/version.rb ADDED

@@ -0,0 +1,5 @@
+module Knife
+  module RDS
+    VERSION = "0.0.1"
+  end
+end

data/spec/spec_helper.rb ADDED

	@@ -0,0 +1 @@
1	+ # TODO

metadata ADDED

@@ -0,0 +1,178 @@
+--- !ruby/object:Gem::Specification
+name: knife-rds
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease:
+platform: ruby
+authors:
+- Jason Byck
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2014-05-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: chef
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 11.4.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 11.4.0
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.14'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.14'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.1'
+- !ruby/object:Gem::Dependency
+  name: fakeweb
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Manage RDS
+email:
+- jbyck@quandl.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- bin/console
+- knife-rds.gemspec
+- lib/chef/knife/rds_base.rb
+- lib/chef/knife/rds_base_data_bag.rb
+- lib/chef/knife/rds_create.rb
+- lib/chef/knife/rds_instance_delete.rb
+- lib/chef/knife/rds_instance_from_data_bag.rb
+- lib/chef/knife/rds_instance_list.rb
+- lib/chef/knife/rds_instance_restore_from_data_bag.rb
+- lib/chef/knife/rds_pg_from_data_bag.rb
+- lib/chef/knife/rds_pg_list.rb
+- lib/chef/knife/rds_sg_from_data_bag.rb
+- lib/chef/knife/rds_sg_list.rb
+- lib/knife-rds/version.rb
+- spec/spec_helper.rb
+homepage: https://github.com/quandl/knife-rds
+licenses: []
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 1.8.23
+signing_key:
+specification_version: 3
+summary: Manage RDS
+test_files:
+- spec/spec_helper.rb