minimal_pipeline 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ffb984c98ca6bbe57bfe8f08801869e44c3dfc7fca52d25497726ea39ba91d68
-  data.tar.gz: 4db5f2f7ff27711223742cc5b6e6d35a85854b2bfcf285b2113139f3e5ac902c
+  metadata.gz: '0269cb3b98b76aaa94744fd7afd155f4eb539060bc44805ef93de56a09a403de'
+  data.tar.gz: 314f3eb756620b6a77e77b613e10480c697f42480d975ce8cd264e53b2cae887
 SHA512:
-  metadata.gz: 93af2bdadcdfdeec3b9b3f47ffc7694a5790710e365507c420a0f74448169d8aec1dff90cd75647d1885a8b1929e6eb834bfc36dbdbb7a9b733e2c188e8e1d87
-  data.tar.gz: b344ee7101cee0f5c99c90ecc538d7bb91582e713a525a59f688082c128cd3a1e51d75650e4c1836c19e072bfa613faf1b3987777d9708a7d9215f43be543172
+  metadata.gz: 25c1f7a9de134a874a32cc34c40c35ac8346cdd30a32c8e1c54950294eb12044d74890c9368ea63bee1d65fe88d70f934cd7100f0715253031a4c8c6090231f2
+  data.tar.gz: 941b5c26d156a84fc04063ae0225fa0554d05c3f6ec2172e7773ade4c17b066d5507e529e763467bf29cb22cacf792d3f8dc37cf19511469dfcb957cc62b6abf

data/lib/minimal_pipeline.rb

@@ -13,6 +13,7 @@ class MinimalPipeline
   autoload(:Cloudformation, 'minimal_pipeline/cloudformation')
   autoload(:Crossing, 'minimal_pipeline/crossing')
   autoload(:Docker, 'minimal_pipeline/docker')
+  autoload(:Ec2, 'minimal_pipeline/ec2')
   autoload(:Keystore, 'minimal_pipeline/keystore')
   autoload(:Lambda, 'minimal_pipeline/lambda')
   autoload(:Packer, 'minimal_pipeline/packer')

data/lib/minimal_pipeline/ec2.rb

@@ -0,0 +1,132 @@
+require 'aws-sdk'
+
+class MinimalPipeline
+  # # For Account 1:
+  # ec2 = MinimalPipeline::Ec2.new
+  # block_device_mappings = ec2.prepare_snapshots_for_account('ami-id',
+  #                                                           'account-id')
+  #
+  # # Promote AMI via SQS
+  # sqs = MinimalPipeline::Sqs.new
+  # sqs.send_message('queue-name', block_device_mappings.to_json)
+  #
+  # # For Account 2, after getting block_device_mappings
+  # ec2 = MinimalPipeline::Ec2.new
+  # new_mappings = ec2.copy_snapshots_in_new_account(block_device_mappings)
+  # ec2.register_ami(new_mappings, 'ami-name')
+  class Ec2
+    # Initializes a `Ec2` client
+    # Requires environment variables `AWS_REGION` or `region` to be set.
+    # Also requires `keystore_table` and `keystore_kms_id`
+    def initialize
+      raise 'You must set env variable AWS_REGION or region.' \
+        if ENV['AWS_REGION'].nil? && ENV['region'].nil?
+      raise 'You must set env variable keystore_kms_id.' \
+        if ENV['inventory_store_key'].nil? && ENV['keystore_kms_id'].nil?
+
+      @region = ENV['AWS_REGION'] || ENV['region']
+      @kms_key_id = ENV['keystore_kms_id'] || ENV['inventory_store_key']
+      @client = Aws::EC2::Client.new(region: 'us-east-1')
+    end
+
+    # Block processing until snapshot until new snapshot is ready
+    #
+    # @param snapshot_id [String] The ID of the new snapshot
+    def wait_for_snapshot(snapshot_id)
+      puts "waiting on new snapshot #{snapshot_id} to be ready"
+      @client.wait_until(:snapshot_completed, snapshot_ids: [snapshot_id])
+      puts "New snapshot #{snapshot_id}is ready"
+    rescue Aws::Waiters::Errors::WaiterFailed => error
+      puts "failed waiting for snapshot to be ready: #{error.message}"
+    end
+
+    # Create a copy of an existing snapshot
+    #
+    # @param snapshot_id [String] The ID of the snapshot to copy
+    # @param encrypted [Boolean] Whether or not the volume is encrypted
+    # @return [String] The ID of the newly created snapshot
+    def copy_snapshot(snapshot_id, encrypted = true)
+      new_snapshot_id = @client.copy_snapshot(
+        encrypted: encrypted,
+        kms_key_id: @kms_key_id,
+        source_region: @region,
+        source_snapshot_id: snapshot_id
+      ).snapshot_id
+
+      puts "new snapshot ID: #{new_snapshot_id}"
+      wait_for_snapshot(new_snapshot_id)
+
+      new_snapshot_id
+    end
+
+    # Update permissions to grant access to an AMI on another account
+    #
+    # @param snapshot_id [String] The ID of the snapshot to adjust
+    # @param account_id [String] The AWS account to grant access to
+    def unlock_ami_for_account(snapshot_id, account_id)
+      @client.modify_snapshot_attribute(
+        attribute: 'createVolumePermission',
+        operation_type: 'add',
+        snapshot_id: snapshot_id,
+        user_ids: [account_id]
+      )
+    end
+
+    # Prepare volume snapshots of an AMI for a new account
+    #
+    # @param ami_id [String] The ID of the AMI to prepare
+    # @param account_id [String] The ID of the AWS account to prepare
+    # @return [Array] Block device mappings discovered from the AMI
+    def prepare_snapshots_for_account(ami_id, account_id)
+      images = @client.describe_images(image_ids: [ami_id])
+      block_device_mappings = images.images[0].block_device_mappings
+      new_mappings = []
+
+      block_device_mappings.each do |mapping|
+        snapshot_id = mapping.ebs.snapshot_id
+        puts "old snapshot ID: #{snapshot_id}"
+        new_snapshot_id = copy_snapshot(snapshot_id)
+        puts 'modifying new snapshot attribute'
+        unlock_ami_for_account(new_snapshot_id, account_id)
+        puts "new snapshot has been modified for the #{account_id} account"
+        mapping.ebs.snapshot_id = new_snapshot_id
+        new_mappings << mapping.to_hash
+        puts '==========================================='
+      end
+
+      new_mappings
+    end
+
+    # Register a new AMI based on block device mappings
+    # Currently only supports x86_64 HVM
+    #
+    # @params block_device_mappings [Array] Block device mappings with snapshots
+    # @params ami_name [String] The name of the AMI to create
+    def register_ami(block_device_mappings, ami_name)
+      @client.register_image(
+        architecture: 'x86_64',
+        block_device_mappings: block_device_mappings,
+        name: ami_name,
+        root_device_name: '/dev/sda1',
+        virtualization_type: 'hvm'
+      )
+    end
+
+    # Copy the snapshots from the original account into the new one
+    #
+    # @params block_device_mappings [Array] Block device mappings with snapshots
+    # @return [Array] Block device mappings with updated snapshot ids
+    def copy_snapshots_in_new_account(block_device_mappings)
+      new_mappings = []
+
+      block_device_mappings.each do |mapping|
+        snapshot_id = mapping.ebs.snapshot_id
+        new_snapshot_id = copy_snapshot(snapshots[snapshot_id])
+        mapping.ebs.snapshot_id = new_snapshot_id
+        new_mappings << mapping
+      end
+
+      new_mappings
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: minimal_pipeline
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Mayowa Aladeojebi
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-10-31 00:00:00.000000000 Z
+date: 2018-11-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -107,6 +107,7 @@ files:
 - lib/minimal_pipeline/cloudformation.rb
 - lib/minimal_pipeline/crossing.rb
 - lib/minimal_pipeline/docker.rb
+- lib/minimal_pipeline/ec2.rb
 - lib/minimal_pipeline/keystore.rb
 - lib/minimal_pipeline/lambda.rb
 - lib/minimal_pipeline/packer.rb