knife-rds 0.0.1

data/.gitignore

@@ -0,0 +1 @@
+*.gem

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,119 @@
+PATH
+  remote: .
+  specs:
+    knife-rds (0.0.1)
+      aws-sdk
+      chef (>= 11.4.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (1.1.0)
+    aws-sdk (1.36.0)
+      json (~> 1.4)
+      nokogiri (>= 1.4.4)
+      uuidtools (~> 2.1)
+    chef (11.10.4)
+      chef-zero (~> 1.7, >= 1.7.2)
+      diff-lcs (~> 1.2, >= 1.2.4)
+      erubis (~> 2.7)
+      highline (~> 1.6, >= 1.6.9)
+      json (>= 1.4.4, <= 1.8.1)
+      mime-types (~> 1.16)
+      mixlib-authentication (~> 1.3)
+      mixlib-cli (~> 1.4)
+      mixlib-config (~> 2.0)
+      mixlib-log (~> 1.3)
+      mixlib-shellout (~> 1.3)
+      net-ssh (~> 2.6)
+      net-ssh-multi (~> 1.1)
+      ohai (~> 6.0)
+      pry (~> 0.9)
+      puma (~> 1.6)
+      rest-client (>= 1.0.4, < 1.7.0)
+      yajl-ruby (~> 1.1)
+    chef-zero (1.7.3)
+      hashie (~> 2.0)
+      json
+      mixlib-log (~> 1.3)
+      moneta (< 0.7.0)
+      rack
+    coderay (1.1.0)
+    diff-lcs (1.2.5)
+    erubis (2.7.0)
+    fakeweb (1.3.0)
+    hashie (2.0.5)
+    highline (1.6.21)
+    ipaddress (0.8.0)
+    json (1.8.1)
+    method_source (0.8.2)
+    mime-types (1.25.1)
+    mini_portile (0.5.2)
+    mixlib-authentication (1.3.0)
+      mixlib-log
+    mixlib-cli (1.4.0)
+    mixlib-config (2.1.0)
+    mixlib-log (1.6.0)
+    mixlib-shellout (1.3.0)
+    moneta (0.6.0)
+    net-ssh (2.8.0)
+    net-ssh-gateway (1.2.0)
+      net-ssh (>= 2.6.5)
+    net-ssh-multi (1.2.0)
+      net-ssh (>= 2.6.5)
+      net-ssh-gateway (>= 1.2.0)
+    nokogiri (1.6.1)
+      mini_portile (~> 0.5.0)
+    ohai (6.20.0)
+      ipaddress
+      mixlib-cli
+      mixlib-config
+      mixlib-log
+      mixlib-shellout
+      systemu (~> 2.5.2)
+      yajl-ruby
+    parser (2.1.7)
+      ast (~> 1.1)
+      slop (~> 3.4, >= 3.4.5)
+    powerpack (0.0.9)
+    pry (0.9.12.6)
+      coderay (~> 1.0)
+      method_source (~> 0.8)
+      slop (~> 3.4)
+    puma (1.6.3)
+      rack (~> 1.2)
+    rack (1.5.2)
+    rainbow (2.0.0)
+    rake (10.1.1)
+    rest-client (1.6.7)
+      mime-types (>= 1.16)
+    rspec (2.14.1)
+      rspec-core (~> 2.14.0)
+      rspec-expectations (~> 2.14.0)
+      rspec-mocks (~> 2.14.0)
+    rspec-core (2.14.8)
+    rspec-expectations (2.14.5)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.14.6)
+    rubocop (0.19.1)
+      json (>= 1.7.7, < 2)
+      parser (~> 2.1.7)
+      powerpack (~> 0.0.6)
+      rainbow (>= 1.99.1, < 3.0)
+      ruby-progressbar (~> 1.4)
+    ruby-progressbar (1.4.2)
+    slop (3.4.7)
+    systemu (2.5.2)
+    uuidtools (2.1.4)
+    yajl-ruby (1.2.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  fakeweb
+  knife-rds!
+  pry
+  rake (~> 10.1)
+  rspec (~> 2.14)
+  rubocop

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Quandl
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,100 @@
+# knife-rds
+
+## Overview
+
+A knife plugin for managing AWS RDS instances.  
+
+** WORK IN PROGRESS. **
+
+This project is very early, and should be taken as a proof of concept.
+
+## Motivation
+
+* Integration of AWS resources with Chef intrastructure.  
+
+* Store configuration for security and parameter groups in Chef.  
+
+## Commands (pending)
+
+All commands use *your* EC2 keys, as configured in your Knife configuration.  Your ability to interact with RDS resources is limited by your account access.
+
+
+### Instances
+
+#### List
+
+```bash
+knife rds list
+```
+
+List available RDS Instances.
+
+#### Modify
+
+```bash
+knife rds instance from data bag (ITEM)
+```
+Create or update an RDS instance using attributes stored in a data bag.
+
+### Security Groups
+
+#### List
+
+```bash
+knife sg list
+```
+
+List created RDS security groups. Show name and description.
+
+#### Modify
+
+```bash
+knife rds sg from data bag SECURITY_GROUP_NAME
+```
+Creates and/or updates an RDS security group and syncs the authorization levels with those specified in the data bag.  
+
+The command expects the following keys:
+
+* description: (String) The description of the data bag. (Only required when security group is *created*).
+* ec2_security_groups: (Array) A list of string EC2 security group names to whitelist for this RDS security group.
+* ip_addressses: (Array) A list of IP addresses that should have access to this security group.
+
+All EC2 security groups and IP addresses that exist in the data bag will be granted access to this security group. 
+
+Any EC2 securiy groups or IP addresses that previously had authorization, but no longer appear in the data bag, will have their authorization revoked.
+
+The expected data bag name is 'rds_parameter_groups', but this can be overriden.
+
+### Parameter Groups
+
+####List
+
+```bash
+knife pg list
+```
+
+List created RDS parameter groups.
+
+
+#### Modify
+
+```bash
+knife pg from data bag PARAMETER_GROUP_NAME
+```
+
+Creates and/or updates an RDS parameter group. Syncs user defined settings from data bag to AWS.
+
+The command expects the following keys:
+
+* description: (String) Parameter group descriptive text. (Only required when parameter group is *created*).
+* db_parameter_group_family: (String) The parameter group family you group should inherit from. (Only required when parameter group is *created*).
+* parameters: (Hash) Key,value combinations of parameters to be overriden.
+
+All *valid parameters* in the data bag will be applied (via the 'apply method') to the data bag.
+
+All *user supplied parameters* that exist in the parameter group, but are not present in the data bag, will be revoked (via the 'apply method').
+
+
+
+
+

data/bin/console

@@ -0,0 +1,20 @@
+#!/usr/bin/env ruby
+require 'chef'
+require 'pry'
+
+$LOAD_PATH.unshift(File.expand_path(File.dirname(__FILE__) + "/../lib")) 
+
+Chef::Config.from_file File.expand_path(ENV.fetch('KNIFE_CONFIG', '~/.chef/knife.rb'))
+
+Dir.glob(File.dirname(__FILE__) + "/../lib/chef/knife/*.rb").each do |task|
+  p = Pathname.new(task)
+  require "chef/knife/#{p.basename}"
+end
+
+begin
+  AWS.config(aws_access_key_id: Chef::Config[:knife][:aws_access_key_id], aws_secret_access_key: Chef::Config[:knife][:aws_secret_access_key])
+rescue => e
+  puts e.message
+end
+
+binding.pry

data/knife-rds.gemspec

@@ -0,0 +1,28 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path('../lib', __FILE__)
+require 'knife-rds/version'
+
+Gem::Specification.new do |s|
+  s.name         = 'knife-rds'
+  s.version      = Knife::RDS::VERSION
+  s.authors      = ['Jason Byck']
+  s.email        = ['jbyck@quandl.com']
+  s.homepage     = 'https://github.com/quandl/knife-rds'
+  s.summary      = %q{Manage RDS}
+  s.description  = s.summary
+
+  s.files        = `git ls-files`.split("\n")
+  s.test_files   = `git ls-files -- {test,spec,features}/*`.split("\n")
+
+  s.add_dependency 'chef', '>= 11.4.0'
+  s.add_dependency 'aws-sdk'
+
+  s.add_development_dependency 'rspec', '~> 2.14'
+  s.add_development_dependency 'rake',  '~> 10.1'
+  s.add_development_dependency 'fakeweb'
+  s.add_development_dependency 'pry'
+  s.add_development_dependency 'rubocop'
+
+  s.require_paths = ['lib']
+
+end

data/lib/chef/knife/rds_base.rb

@@ -0,0 +1,75 @@
+require 'chef/knife'
+require 'aws'
+
+class Chef
+  class Knife
+    module RdsBase
+
+      '''
+      Base module to be used by All Knife::RDS commands
+      '''
+
+      def self.included(base)
+        base.class_eval do
+
+          option :aws_access_key_id,
+             :short => "-A ID",
+             :long => "--aws-access-key-id ID",
+             :description => "Your AWS Access Key ID",
+             :proc => Proc.new { |key| Chef::Config[:knife][:aws_access_key_id] = key }
+
+           option :aws_secret_access_key,
+             :short => "-K SECRET",
+             :long => "--aws-secret-access-key SECRET",
+             :description => "Your AWS API Secret Access Key",
+             :proc => Proc.new { |key| Chef::Config[:knife][:aws_secret_access_key] = key }
+
+        end
+      end
+
+      APPLY_METHODS = ['immediate', 'pending-reboot'] unless defined?(APPLY_METHODS)
+
+      def assert_name_args_at_least!(num, error = 'Incorrect number of name args.')
+        unless name_args.size >= num
+          ui.fatal(error)
+          show_usage
+          exit 1
+        end
+      end
+
+      # Ensure user is authenticated before proceededing
+      #
+      # Raises ArgumentError
+      def authenticate!(required = [:aws_access_key_id, :aws_secret_access_key])
+        errors = []
+        required.each do |k|
+          if Chef::Config[:knife][k].nil?
+            errors << "A valid #{k} is required."
+          end
+        end
+        unless errors.empty?
+          errors.each { |e| ui.error(e) }
+          exit 1
+        end
+        connect!
+      end
+
+      # Assert user supplied apply method is valid
+      def assert_valid_apply_method!
+        unless APPLY_METHODS.include?(config[:apply_method])
+          ui.fatal("Unknown type of apply method #{config[:apply_method]}")
+          exit 1
+        end
+      end
+
+      def rds
+        AWS::RDS.new
+      end
+
+      def connect!
+        AWS.config(aws_access_key_id: config[:aws_access_key_id], aws_secret_access_key: config[:aws_secret_access_key])
+      end
+
+    end
+  end
+end

data/lib/chef/knife/rds_base_data_bag.rb

@@ -0,0 +1,145 @@
+require 'chef/knife'
+class Chef
+  class Knife
+    # Base module for interfacing with Data Bags
+    module RdsBaseDataBag
+      def self.included(base)
+        base.extend(ClassMethods)
+      end
+      # ClassMethods
+      module ClassMethods
+        @@required_data_bag_options ||= {}
+        @@data_bag_params ||= {}
+
+        # Safe string name for the task
+        def task_name
+          name.to_s.downcase.gsub(/:/, '')
+        end
+
+        def define_params(*params)
+          include_params_for(params, @@data_bag_params)
+        end
+
+        def require_in_data_bag(*params)
+          include_params_for(params, @@required_data_bag_options)
+        end
+
+        # Helper method for building attribute list for the task
+        #
+        # params - Array of parameter names
+        # attribute - Class variable
+        def include_params_for(params, attribute)
+          attribute[task_name] ||= []
+          Array(params).flatten.each do |param|
+            attribute[task_name] << param.to_s
+          end
+        end
+
+        # Return array of options that must exist in data bag
+        def required_data_bag_options
+          if @@required_data_bag_options[task_name].nil?
+            []
+          else
+            @@required_data_bag_options[task_name].uniq
+          end
+        end
+
+        # Helper method for returning the parameters defined for type
+        #
+        # type - String type of parameter (ex. :string or :integer)
+        #
+        # Returns array
+        def defined_params
+          if @@data_bag_params[task_name].nil?
+            []
+          else
+            @@data_bag_params[task_name].uniq
+          end
+        end
+
+      end
+
+      # Call the class method for the vale
+      def required_data_bag_options
+        self.class.required_data_bag_options
+      end
+
+      # Build a hash containing only the type (integer, string) parameters that exist in
+      # the data bag, coerced to their expected type
+      #
+      # type - Sym, name of type (:integer, :string)
+      #
+      # Returns hash
+      def defined_params
+        values = {}
+        self.class.defined_params.each do |k|
+          v = data_bag_item[k]
+          next if v.nil?
+          values[k.to_sym] = v
+        end
+        values
+      end
+
+      # Data bag assertion. Calls all boilerplate data bag assertions
+      def assert_data_bag_item_valid!
+        assert_data_bag_exists!
+        assert_data_bag_item_exists!
+        assert_required_data_bag_options_present!
+      end
+
+      # Report error and quit unless defined required parameters exits in data bag item
+      def assert_required_data_bag_options_present!
+        required_data_bag_options.each do |opt|
+          unless data_bag_item[opt]
+            ui.fatal("Missing option #{opt} for #{data_bag_item_name}")
+            exit 1
+          end
+        end
+      end
+
+      # Report error and quit unless data bag item exists
+      def assert_data_bag_item_exists!
+        if data_bag_item.nil?
+          db_item_name = "#{config[:data_bag_name]}/#{data_bag_item_name}"
+          ui.fatal("Cannot load data bag item #{db_item_name}")
+          exit 1
+        end
+      end
+
+      # Report error and quit unless data bag exists
+      def assert_data_bag_exists!
+        unless data_bag_exists?
+          ui.fatal("Data bag #{config[:data_bag_name]} must exist.")
+          exit 1
+        end
+      end
+
+      # Check if the configured RDS data bag exists on the Chef Server
+      #
+      # Returns boolean
+      def data_bag_exists?
+        begin
+          Chef::DataBag.load(config[:data_bag_name])
+        rescue Net::HTTPServerException
+          return false
+        end
+        true
+      end
+
+      # The data bag item. Uses the option name data_bag_item, and the parameter group name argument
+      # to load the data bag item from the server
+      #
+      # Returns Chef::DataBagItem or nil
+      def data_bag_item
+        unless @data_bag_item
+          begin
+            @data_bag_item = Chef::DataBagItem.load(config[:data_bag_name], data_bag_item_name)
+          rescue Net::HTTPServerException
+            @data_bag_item = nil
+          end
+        end
+        @data_bag_item
+      end
+    end
+  end
+end