piculet 0.0.1

data/lib/piculet/dsl/ec2.rb

@@ -0,0 +1,30 @@
+require 'set'
+require 'piculet/dsl/security-group'
+
+module Piculet
+  class DSL
+    class EC2
+      attr_reader :result
+
+      def initialize(vpc, &block)
+        @names = Set.new
+        @result = OpenStruct.new({
+          :vpc             => vpc,
+          :security_groups => [],
+        })
+
+        instance_eval(&block)
+      end
+
+      private
+      def security_group(name, &block)
+        if @names.include?(name)
+          raise "EC2 `#{@result.vpc || :classic}`: `#{name}` is already defined"
+        end
+
+        @result.security_groups << SecurityGroup.new(name, @result.vpc, &block).result
+        @names << name
+      end
+    end # EC2
+  end # DSL
+end # Piculet

data/lib/piculet/dsl/permission.rb

@@ -0,0 +1,64 @@
+require 'ostruct'
+
+module Piculet
+  class DSL
+    class EC2
+      class SecurityGroup
+        class Permissions
+          class Permission
+            def initialize(security_group, direction, protocol_prot_range, &block)
+              @security_group = security_group
+              @direction = direction
+              @protocol_prot_range = protocol_prot_range
+              @result = OpenStruct.new
+              instance_eval(&block)
+            end
+
+            def result
+              unless @result.ip_ranges or @result.groups
+                raise "SecurityGroup `#{@security_group}`: #{@direction}: #{@protocol_prot_range}: `ip_ranges` or `groups` is required"
+              end
+
+              @result
+            end
+
+            private
+            def ip_ranges(*values)
+              if values.empty?
+                raise ArgumentError, "SecurityGroup `#{@security_group}`: #{@direction}: #{@protocol_prot_range}: `ip_ranges`: wrong number of arguments (0 for 1..)"
+              end
+
+              values.each do |ip_range|
+                unless ip_range =~ %r|\d{1,3}\.\d{1,3}\.\d{1,3}/\d{1,2}|
+                  raise "SecurityGroup `#{@security_group}`: #{@direction}: #{@protocol_prot_range}: `ip_ranges`: invalid ip range: #{ip_range}"
+                end
+
+                ip, range = ip_range.split('/', 2)
+
+                unless ip.split('.').all? {|i| (0..255).include?(i.to_i) } and (0..32).include?(range.to_i)
+                  raise "SecurityGroup `#{@security_group}`: #{@direction}: #{@protocol_prot_range}: `ip_ranges`: invalid ip range: #{ip_range}"
+                end
+              end
+
+              @result.ip_ranges = values
+            end
+ 
+            def groups(*values)
+              if values.empty?
+                raise ArgumentError, "SecurityGroup `#{@security_group}`: #{@direction}: #{@protocol_prot_range}: `groups`: wrong number of arguments (0 for 1..)"
+              end
+
+              values.each do |group|
+                unless [String, Array].any? {|i| group.kind_of?(i) }
+                  raise "SecurityGroup `#{@security_group}`: #{@direction}: #{@protocol_prot_range}: `groups`: invalid type: #{group}"
+                end
+              end
+
+              @result.groups = values
+            end
+          end # Permission
+        end # Permissions
+      end # SecurityGroup
+    end # EC2
+  end # DSL
+end # Piculet

data/lib/piculet/dsl/permissions.rb

@@ -0,0 +1,47 @@
+require 'ostruct'
+require 'piculet/dsl/permission'
+
+module Piculet
+  class DSL
+    class EC2
+      class SecurityGroup
+        class Permissions
+          def initialize(security_group, direction, &block)
+            @security_group = security_group
+            @direction = direction
+            @result = {}
+            instance_eval(&block)
+          end
+
+          def result
+            @result.map do |key, perm|
+              protocol, port_range = key
+
+              OpenStruct.new({
+                :protocol   => protocol,
+                :port_range => port_range,
+                :ip_ranges  => perm.ip_ranges,
+                :groups     => perm.groups,
+              })
+            end
+          end
+
+          private
+          def permission(protocol, port_range = nil, &block)
+            if port_range and not port_range.kind_of?(Range)
+              raise TypeError, "SecurityGroup `#{@security_group}`: #{@direction}: can't convert #{port_range} into Range"
+            end
+
+            key = [protocol, port_range]
+
+            if @result.has_key?(key)
+              raise "SecurityGroup `#{@security_group}`: #{@direction}: #{key} is already defined"
+            end
+
+            @result[key] = Permission.new(@security_group, @direction, key, &block).result
+          end
+        end # Permissions
+      end # SecurityGroup
+    end # EC2
+  end # DSL
+end # Piculet

data/lib/piculet/dsl/security-group.rb

@@ -0,0 +1,48 @@
+require 'ostruct'
+require 'piculet/dsl/permissions'
+
+module Piculet
+  class DSL
+    class EC2
+      class SecurityGroup
+        def initialize(name, vpc, &block)
+          @name = name
+          @vpc = vpc
+
+          @result = OpenStruct.new({
+            :name    => name,
+            :ingress => [],
+            :egress  => [],
+          })
+
+          instance_eval(&block)
+        end
+
+        def result
+          unless @result.description
+            raise "SecurityGroup `#{@name}`: `description` is required"
+          end
+
+          @result
+        end
+
+        private
+        def description(value)
+          @result.description = value
+        end
+
+        def ingress(&block)
+          @result.ingress = Permissions.new(@name, :ingress, &block).result
+        end
+
+        def egress(&block)
+          unless @vpc
+            raise "SecurityGroup `#{@name}`: Cannot define `egress` in classic"
+          end
+
+          @result.egress = Permissions.new(@name, :egress, &block).result
+        end
+      end # SecurityGroup
+    end # EC2
+  end # DSL
+end # Piculet

data/lib/piculet/exporter.rb

@@ -0,0 +1,58 @@
+require 'piculet/ext/ip-permission-collection-ext'
+
+module Piculet
+  class Exporter
+    class << self
+      def export(ec2)
+        self.new(ec2).export
+      end
+    end # of class methods
+
+    def initialize(ec2)
+      @ec2 = ec2
+    end
+
+    def export
+      result = {}
+
+      @ec2.security_groups.each do |sg|
+        vpc = sg.vpc
+        vpc = vpc.id if vpc
+        result[vpc] ||= {}
+        result[vpc][sg.id] = export_security_group(sg)
+      end
+
+      return result
+    end
+
+    private
+    def export_security_group(security_group)
+      {
+        :name        => security_group.name,
+        :description => security_group.description,
+        :owner_id    => security_group.owner_id,
+        :ingress     => export_ip_permissions(security_group.ingress_ip_permissions),
+        :egress      => export_ip_permissions(security_group.egress_ip_permissions),
+      }
+    end
+
+    def export_ip_permissions(ip_permissions)
+      ip_permissions = ip_permissions ? ip_permissions.aggregate : []
+
+      ip_permissions.map do |ip_perm|
+        {
+          :protocol   => ip_perm.protocol,
+          :port_range => ip_perm.port_range,
+          :ip_ranges  => ip_perm.ip_ranges,
+          :groups => ip_perm.groups.map {|group|
+            {
+              :id       => group.id,
+              :name     => group.name,
+              :owner_id => group.owner_id,
+            }
+          },
+        }
+      end
+    end
+  end # Exporter
+end # Piculet

data/lib/piculet/ext/ec2-owner-id-ext.rb

@@ -0,0 +1,88 @@
+require 'aws-sdk'
+
+module AWS
+  class EC2
+    DESC_OWNER_ID_RETRY_TIMES   = 3
+    DESC_OWNER_ID_RETRY_WAIT    = 3
+    SECURITY_GROUP_NAME_MAX_LEN = 255
+
+    def owner_id
+      return ENV['AWS_OWNER_ID'] if ENV['AWS_OWNER_ID']
+
+      unless @owner_id
+        security_group = create_random_security_group
+        return nil unless security_group
+        @owner_id = random_security_group_owner_id(security_group)
+        delete_random_security_group(security_group)
+      end
+
+      return @owner_id
+    end
+
+    def own?(other)
+      other == owner_id
+    end
+
+    private
+    def create_random_security_group
+      security_group = nil
+
+      DESC_OWNER_ID_RETRY_TIMES.times do
+        name = random_security_group_name
+        security_group = self.security_groups.create(name) rescue nil
+        break if security_group
+        sleep DESC_OWNER_ID_RETRY_WAIT
+      end
+
+      return security_group
+    end
+
+    def random_security_group_owner_id(security_group)
+      owner_id = nil
+      exception = nil
+
+      DESC_OWNER_ID_RETRY_TIMES.times do
+        begin
+          owner_id = security_group.owner_id
+          break
+        rescue => e
+          exception = e
+        end
+
+        sleep DESC_OWNER_ID_RETRY_WAIT
+      end
+
+      raise exception if exception
+
+      return owner_id
+    end
+
+    def delete_random_security_group(security_group)
+      exception = nil
+
+      DESC_OWNER_ID_RETRY_TIMES.times do
+        begin
+          security_group.delete
+          break
+        rescue => e
+          exception = e
+        end
+
+        sleep DESC_OWNER_ID_RETRY_WAIT
+      end
+
+      raise exception if exception
+    end
+
+    def random_security_group_name
+      name = []
+      len = SECURITY_GROUP_NAME_MAX_LEN
+
+      while name.length < len
+        name.concat(('a'..'z').to_a + ('A'..'Z').to_a + (0..9).to_a)
+      end
+
+      name.shuffle[0...len].join
+    end
+  end # EC2
+end # AWS

data/lib/piculet/ext/ip-permission-collection-ext.rb

@@ -0,0 +1,45 @@
+require 'aws-sdk'
+require 'ostruct'
+
+module AWS
+  class EC2
+    class SecurityGroup
+      DESC_SECURITY_GROUP_RETRY_TIMES = 3
+      DESC_SECURITY_GROUP_RETRY_WAIT  = 3
+
+      class IpPermissionCollection
+        def aggregate
+          aggregated = nil
+
+          (1..DESC_SECURITY_GROUP_RETRY_TIMES).each do |i|
+            begin
+              aggregated = {}
+
+              self.each do |perm|
+                key = [perm.protocol, perm.port_range]
+                aggregated[key] ||= {:ip_ranges => [], :groups => []}
+                aggregated[key][:ip_ranges].concat(perm.ip_ranges || [])
+                aggregated[key][:groups].concat(perm.groups || [])
+              end
+
+              break
+            rescue AWS::EC2::Errors::InvalidGroup::NotFound => e
+              raise e unless i < DESC_SECURITY_GROUP_RETRY_TIMES
+              sleep DESC_SECURITY_GROUP_RETRY_WAIT
+            end
+          end
+          
+
+          aggregated.map do |key, attrs|
+            protocol, port_range = key
+
+            OpenStruct.new({
+              :protocol   => protocol,
+              :port_range => port_range,
+            }.merge(attrs))
+          end
+        end
+      end # IpPermissionCollection
+    end # SecurityGroup
+  end # EC2
+end # AWS

data/lib/piculet/ext/string-ext.rb

@@ -0,0 +1,27 @@
+require 'term/ansicolor'
+
+class String
+  @@colorize = false
+
+  class << self
+    def colorize=(value)
+      @@colorize = value
+    end
+
+    def colorize
+      @@colorize
+    end
+  end # of class methods
+
+  Term::ANSIColor::Attribute.named_attributes.map do |attr|
+    class_eval(<<-EOS, __FILE__, __LINE__ + 1)
+      def #{attr.name}
+        if @@colorize
+          Term::ANSIColor.send(#{attr.name.inspect}, self)
+        else
+          self
+        end
+      end
+    EOS
+  end
+end # String

data/lib/piculet/logger.rb

@@ -0,0 +1,33 @@
+require 'logger'
+require 'singleton'
+require 'piculet/ext/string-ext'
+
+module Piculet
+  class Logger < ::Logger
+    include Singleton
+
+    def initialize
+      super($stdout)
+
+      self.formatter = proc do |severity, datetime, progname, msg|
+        "#{msg}\n"
+      end
+
+      self.level = Logger::INFO
+    end
+
+    def set_debug(value)
+      self.level = value ? Logger::DEBUG : Logger::INFO
+    end
+
+    module ClientHelper
+      def log(level, message, color, log_id = nil)
+        message = "[#{level.to_s.upcase}] #{message}" unless level == :info
+        message << ": #{log_id}" if log_id
+        message << ' (dry-run)' if @options && @options.dry_run
+        logger = Piculet::Logger.instance
+        logger.send(level, message.send(color))
+      end
+    end # ClientHelper
+  end # Logger
+end # Piculet