RubyGems - rubber - Versions diffs - 3.1.0 → 3.2.0 - Mend

rubber 3.1.0 → 3.2.0

Files changed (30) hide show

checksums.yaml +7 -0
data/CHANGELOG +10 -1
data/Gemfile +2 -3
data/lib/ext/fog/compute/digital_ocean_v2.rb +82 -0
data/lib/rubber/cloud.rb +11 -2
data/lib/rubber/cloud/aws.rb +9 -536
data/lib/rubber/cloud/aws/base.rb +318 -0
data/lib/rubber/cloud/aws/classic.rb +245 -0
data/lib/rubber/cloud/{aws_table_store.rb → aws/table_store.rb} +2 -1
data/lib/rubber/cloud/aws/vpc.rb +612 -0
data/lib/rubber/cloud/base.rb +10 -2
data/lib/rubber/cloud/digital_ocean.rb +62 -21
data/lib/rubber/cloud/vagrant.rb +3 -3
data/lib/rubber/instance.rb +13 -5
data/lib/rubber/recipes/rubber/instances.rb +68 -16
data/lib/rubber/recipes/rubber/setup.rb +12 -2
data/lib/rubber/recipes/rubber/vpcs.rb +92 -0
data/lib/rubber/tag.rb +1 -1
data/lib/rubber/util.rb +8 -0
data/lib/rubber/version.rb +1 -1
data/rubber.gemspec +1 -1
data/templates/base/config/rubber/rubber.yml +32 -1
data/templates/nat_gateway/config/rubber/role/nat_gateway/nat.sh +45 -0
data/templates/nat_gateway/templates.yml +2 -0
data/test/cloud/aws/classic_test.rb +54 -0
data/test/cloud/{aws_table_store_test.rb → aws/table_store_test.rb} +8 -8
data/test/cloud/{aws_test.rb → aws/vpc_test.rb} +5 -5
data/test/cloud/digital_ocean_test.rb +37 -19
data/test/instance_test.rb +1 -1
metadata +74 -93

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 4949f1406f5da62d1236bf1757dcf5a70e262094
+  data.tar.gz: 1b8dc7e8d6a18880408f5b1017d845f5ea4ef272
+SHA512:
+  metadata.gz: b3aadb75637b09101862f6f118a37ee0c9349944416aca49fad689eacf6e6b493d98fbb2abec1a15abc593ada43239284afa7cd544f844165269c3681be08651
+  data.tar.gz: f61a46a4d8923082c1c4610bf6f45bba4b0ec0734657d6f8b1764b2d31b2529e8774499937bedf45b6d150035da7675f4052c5823f6b3b43e250e313a7fddd81

data/CHANGELOG CHANGED

@@ -1,9 +1,18 @@
+3.2.0 (01/09/2016)
+New Features:
+============
+[core] Added support for AWS VPCs.
+[core] Added support for DigitalOcean v2 API.
 3.1.0 (05/31/2015)
 Improvements:
 ============
-[core]  	Removed explicit dependency on 'json' gem. <61db9cc>
+[core] Removed explicit dependency on 'json' gem. <61db9cc>
 [core] Introduced env.enable_root_login_timeout parameter to configure timeout in enabling root login. <f8d1b65>
 [passenger] Updated to Passenger 5.0.8. <c4a8261>
 [passenger_nginx] Updated to Passenger 5.0.8. <c4a8261>

data/Gemfile CHANGED

@@ -4,9 +4,8 @@ gem 'jruby-openssl', :platform => :jruby
 gem 'unlimited-strength-crypto', :platform => :jruby
 group :development do
-  # Need to run off master for tests until updated Digital Ocean mocking
-  # makes it into a release
-  gem 'fog', :git => 'https://github.com/fog/fog.git', :branch => 'master'
+  gem 'fog', '~> 1.36'
+  gem 'mime-types', '2.99'
 end
 # Specify your gem's dependencies in rubber.gemspec

data/lib/ext/fog/compute/digital_ocean_v2.rb ADDED

@@ -0,0 +1,82 @@
+require 'fog'
+require 'fog/digitalocean/compute_v2'
+require 'fog/digitalocean/requests/compute_v2/create_ssh_key'
+require 'fog/digitalocean/requests/compute_v2/list_ssh_keys'
+require 'fog/digitalocean/requests/compute_v2/delete_ssh_key'
+module ::Fog
+  module Compute
+    class DigitalOceanV2
+      # Fixes an ssh key creation issue currently in fog 1.35.0
+      # This change currently in fog master:
+      #   https://github.com/fog/fog/pull/3743
+      # However, unless it gets backported into 1.x, we'll need this patch until
+      # we update fog to 2.x
+      class Real
+        def create_ssh_key(name, public_key)
+          create_options = {
+            :name       => name,
+            :public_key => public_key,
+          }
+          encoded_body = Fog::JSON.encode(create_options)
+          request(
+            :expects => [201],
+            :headers => {
+              'Content-Type' => "application/json; charset=UTF-8",
+            },
+            :method  => 'POST',
+            :path    => '/v2/account/keys',
+            :body    => encoded_body,
+          )
+        end
+      end
+      # These mocking improvements are not yet in fog master:
+      # https://github.com/fog/fog/pull/3748
+      class Mock
+        def create_ssh_key(name, public_key)
+          response        = Excon::Response.new
+          response.status = 201
+          data[:ssh_keys] << {
+            "id" => Fog::Mock.random_numbers(6).to_i,
+            "fingerprint" => (["00"] * 16).join(':'),
+            "public_key" => public_key,
+            "name" => name
+          }
+          response.body ={
+            'ssh_key' => data[:ssh_keys].last
+          }
+          response
+        end
+        def list_ssh_keys
+          response = Excon::Response.new
+          response.status = 200
+          response.body = {
+            "ssh_keys" => data[:ssh_keys],
+            "links" => {},
+            "meta" => {
+              "total" => data[:ssh_keys].count
+            }
+          }
+          response
+        end
+        def delete_ssh_key(id)
+          self.data[:ssh_keys].select! do |key|
+            key["id"] != id
+          end
+          response        = Excon::Response.new
+          response.status = 204
+          response
+        end
+      end
+    end
+  end
+end

data/lib/rubber/cloud.rb CHANGED

@@ -5,10 +5,19 @@ module Rubber
     def self.get_provider(provider, env, capistrano)
       require "rubber/cloud/#{provider}"
-      clazz = Rubber::Cloud.const_get(Rubber::Util.camelcase(provider))
       provider_env = env.cloud_providers[provider]
-      return clazz.new(provider_env, capistrano)
+      # Check to see if we have a Rubber::Cloud::Provider::Factory class.  If
+      # not, fall back to Rubber::Cloud::Provider
+      begin
+        factory = Rubber::Cloud.const_get(Rubber::Util.camelcase(provider))::Factory
+        return factory.get_provider(provider_env, capistrano)
+      rescue NameError
+        clazz = Rubber::Cloud.const_get(Rubber::Util.camelcase(provider))
+        return clazz.new(provider_env, capistrano)
+      end
     end
   end
 end

data/lib/rubber/cloud/aws.rb CHANGED

@@ -1,545 +1,18 @@
-require 'rubber/cloud/fog'
-require 'rubber/cloud/aws_table_store'
 module Rubber
-  module Cloud
-    class Aws < Fog
-      def initialize(env, capistrano)
-        compute_credentials = {
-          :aws_access_key_id => env.access_key,
-          :aws_secret_access_key => env.secret_access_key
-        }
-        storage_credentials = {
-          :provider => 'AWS',
-          :aws_access_key_id => env.access_key,
-          :aws_secret_access_key => env.secret_access_key,
-          :path_style => true
-        }
-        @table_store = ::Fog::AWS::SimpleDB.new(compute_credentials)
-        compute_credentials[:region] = env.region
-        @elb = ::Fog::AWS::ELB.new(compute_credentials)
-        compute_credentials[:provider] = 'AWS' # We need to set the provider after the SimpleDB init because it fails if the provider value is specified.
-        storage_credentials[:region] = env.region
-        env['compute_credentials'] = compute_credentials
-        env['storage_credentials'] = storage_credentials
-        super(env, capistrano)
-      end
-      def table_store(table_key)
-        return Rubber::Cloud::AwsTableStore.new(@table_store, table_key)
-      end
-      def describe_instances(instance_id=nil)
-        instances = []
-        opts = {}
-        opts["instance-id"] = instance_id if instance_id
-        response = compute_provider.servers.all(opts)
-        response.each do |item|
-          instance = {}
-          instance[:id] = item.id
-          instance[:type] = item.flavor_id
-          instance[:external_host] = item.dns_name
-          instance[:external_ip] = item.public_ip_address
-          instance[:internal_host] = item.private_dns_name
-          instance[:internal_ip] = item.private_ip_address
-          instance[:state] = item.state
-          instance[:zone] = item.availability_zone
-          instance[:provider] = 'aws'
-          instance[:platform] = item.platform || Rubber::Platforms::LINUX
-          instance[:root_device_type] = item.root_device_type
-          instances << instance
-        end
-        return instances
-      end
-      def active_state
-        'running'
-      end
-      def stopped_state
-        'stopped'
-      end
-      def before_create_instance(instance_alias, role_names)
-        setup_security_groups(instance_alias, role_names)
-      end
-      def after_create_instance(instance)
-        # Sometimes tag creation will fail, indicating that the instance doesn't exist yet even though it does.  It seems to
-        # be a propagation delay on Amazon's end, so the best we can do is wait and try again.
-        Rubber::Util.retry_on_failure(StandardError, :retry_sleep => 1, :retry_count => 120) do
-          Rubber::Tag::update_instance_tags(instance.name)
-        end
-      end
-      def after_refresh_instance(instance)
-        # Sometimes tag creation will fail, indicating that the instance doesn't exist yet even though it does.  It seems to
-        # be a propagation delay on Amazon's end, so the best we can do is wait and try again.
-        Rubber::Util.retry_on_failure(StandardError, :retry_sleep => 1, :retry_count => 120) do
-          Rubber::Tag::update_instance_tags(instance.name)
-        end
-      end
-      def before_stop_instance(instance)
-        capistrano.fatal "Cannot stop spot instances!" if ! instance.spot_instance_request_id.nil?
-        capistrano.fatal "Cannot stop instances with instance-store root device!" if (instance.root_device_type != 'ebs')
-      end
-      def before_start_instance(instance)
-        capistrano.fatal "Cannot start spot instances!" if ! instance.spot_instance_request_id.nil?
-        capistrano.fatal "Cannot start instances with instance-store root device!" if (instance.root_device_type != 'ebs')
-      end
-      def after_start_instance(instance)
-        # Re-starting an instance will almost certainly give it a new set of IPs and DNS entries, so refresh the values.
-        capistrano.rubber.refresh_instance(instance.name)
-        # Static IPs, DNS, etc. need to be set up for the started instance.
-        capistrano.rubber.post_refresh
-      end
+  module Cloud
+    module Aws
-      def create_image(image_name)
+      class Factory
+        def self.get_provider(provider_env, capistrano)
+          require 'rubber/cloud/aws/vpc'
+          require 'rubber/cloud/aws/classic'
-        # validate all needed config set
-        ["key_file", "pk_file", "cert_file", "account", "secret_access_key", "image_bucket"].each do |k|
-          raise "Set #{k} in rubber.yml" unless "#{env[k]}".strip.size > 0
+          klazz = provider_env.vpc_alias ? Rubber::Cloud::Aws::Vpc : Rubber::Cloud::Aws::Classic
+          klazz.new provider_env, capistrano
         end
-        raise "create_image can only be called from a capistrano scope" unless capistrano
-        ec2_key = env.key_file
-        ec2_pk = env.pk_file
-        ec2_cert = env.cert_file
-        ec2_key_dest = "/mnt/#{File.basename(ec2_key)}"
-        ec2_pk_dest = "/mnt/#{File.basename(ec2_pk)}"
-        ec2_cert_dest = "/mnt/#{File.basename(ec2_cert)}"
-        storage(env.image_bucket).ensure_bucket
-        capistrano.put(File.read(ec2_key), ec2_key_dest)
-        capistrano.put(File.read(ec2_pk), ec2_pk_dest)
-        capistrano.put(File.read(ec2_cert), ec2_cert_dest)
-        arch = capistrano.capture("uname -m").strip
-        arch = case arch when /i\d86/ then "i386" else arch end
-        capistrano.sudo_script "create_bundle", <<-CMD
-          export RUBYLIB=/usr/lib/site_ruby/
-          unset RUBYOPT
-          nohup ec2-bundle-vol --batch -d /mnt -k #{ec2_pk_dest} -c #{ec2_cert_dest} -u #{env.account} -p #{image_name} -r #{arch} &> /tmp/ec2-bundle-vol.log &
-          bg_pid=$!
-          sleep 1
-          echo "Creating image from instance volume..."
-          while kill -0 $bg_pid &> /dev/null; do
-            echo -n .
-            sleep 5
-          done
-          # this returns exit code even if pid has already died, and thus triggers fail fast shell error
-          wait $bg_pid
-        CMD
-        capistrano.sudo_script "register_bundle", <<-CMD
-          export RUBYLIB=/usr/lib/site_ruby/
-          unset RUBYOPT
-          echo "Uploading image to S3..."
-          ec2-upload-bundle --batch -b #{env.image_bucket} -m /mnt/#{image_name}.manifest.xml -a #{env.access_key} -s #{env.secret_access_key}
-        CMD
-        image_location = "#{env.image_bucket}/#{image_name}.manifest.xml"
-        response = compute_provider.register_image(image_name,
-                                                    "rubber bundled image",
-                                                    image_location)
-        return response.body["imageId"]
-      end
-      def destroy_image(image_id)
-        image = compute_provider.images.get(image_id)
-        raise "Could not find image: #{image_id}, aborting destroy_image" if image.nil?
-        location_parts = image.location.split('/')
-        bucket = location_parts.first
-        image_name = location_parts.last.gsub(/\.manifest\.xml$/, '')
-        image.deregister
-        storage(bucket).walk_tree(image_name) do |f|
-          f.destroy
-        end
-      end
-      def describe_load_balancers(name=nil)
-        lbs = []
-        response = name.nil? ? @elb.load_balancers.all() : [@elb.load_balancers.get(name)].compact
-        response.each do |item|
-          lb = {}
-          lb[:name] = item.id
-          lb[:dns_name] = item.dns_name
-          lb[:zones] = item.availability_zones
-          item.listeners.each do |litem|
-            listener = {}
-            listener[:protocol] = litem.protocol
-            listener[:port] = litem.lb_portPort
-            listener[:instance_port] = litem.instance_port
-            lb[:listeners] ||= []
-            lb[:listeners] << listener
-          end
-          lbs << lb
-        end
-        return lbs
-      end
-      def describe_availability_zones
-        zones = []
-        response = compute_provider.describe_availability_zones()
-        items = response.body["availabilityZoneInfo"]
-        items.each do |item|
-          zone = {}
-          zone[:name] = item["zoneName"]
-          zone[:state] =item["zoneState"]
-          zones << zone
-        end
-        return zones
-      end
-      def create_spot_instance_request(spot_price, ami, ami_type, security_groups, availability_zone, fog_options={})
-        response = compute_provider.spot_requests.create({:price => spot_price,
-                                                          :image_id => ami,
-                                                          :flavor_id => ami_type,
-                                                          :groups => security_groups,
-                                                          :availability_zone => availability_zone,
-                                                          :key_name => env.key_name}.merge(Rubber::Util.symbolize_keys(fog_options)))
-        request_id = response.id
-        return request_id
-      end
-      def describe_spot_instance_requests(request_id=nil)
-        requests = []
-        opts = {}
-        opts["spot-instance-request-id"] = request_id if request_id
-        response = compute_provider.spot_requests.all(opts)
-        response.each do |item|
-          request = {}
-          request[:id] = item.id
-          request[:spot_price] = item.price
-          request[:state] = item.state
-          request[:created_at] = item.created_at
-          request[:type] = item.flavor_id
-          request[:image_id] = item.image_id
-          request[:instance_id] = item.instance_id
-          requests << request
-        end
-        return requests
-      end
-      def setup_security_groups(host=nil, roles=[])
-        rubber_cfg = Rubber::Configuration.get_configuration(Rubber.env)
-        scoped_env = rubber_cfg.environment.bind(roles, host)
-        security_group_defns = Hash[scoped_env.security_groups.to_a]
-        if scoped_env.auto_security_groups
-          sghosts = (scoped_env.rubber_instances.collect{|ic| ic.name } + [host]).uniq.compact
-          sgroles = (scoped_env.rubber_instances.all_roles + roles).uniq.compact
-          security_group_defns = inject_auto_security_groups(security_group_defns, sghosts, sgroles)
-        end
-        sync_security_groups(security_group_defns)
       end
-      def describe_security_groups(group_name=nil)
-        groups = []
-        opts = {}
-        opts["group-name"] = group_name if group_name
-        response = compute_provider.security_groups.all(opts)
-        response.each do |item|
-          group = {}
-          group[:name] = item.name
-          group[:description] = item.description
-          item.ip_permissions.each do |ip_item|
-            group[:permissions] ||= []
-            rule = {}
-            rule[:protocol] = ip_item["ipProtocol"]
-            rule[:from_port] = ip_item["fromPort"]
-            rule[:to_port] = ip_item["toPort"]
-            ip_item["groups"].each do |rule_group|
-              rule[:source_groups] ||= []
-              source_group = {}
-              source_group[:account] = rule_group["userId"]
-              # Amazon doesn't appear to be returning the groupName value when running in a default VPC.  It's possible
-              # it's only returned for EC2 Classic.  This is distinctly in conflict with the API documents and thus
-              # appears to be a bug on Amazon's end.  Nonetheless, we need to handle it because otherwise our security
-              # group rule matching logic will fail and it messes up our users.
-              #
-              # Since every top-level item has both an ID and a name, if we're lacking the groupName we can search
-              # through the items for the one matching the groupId we have and then use its name value.  This should
-              # represent precisely the same data.
-              source_group[:name] = if rule_group["groupName"]
-                                      rule_group["groupName"]
-                                    elsif rule_group["groupId"]
-                                      matching_security_group = response.find { |item| item.group_id == rule_group["groupId"] }
-                                      matching_security_group ? matching_security_group.name : nil
-                                    else
-                                      nil
-                                    end
-              rule[:source_groups] << source_group
-            end if ip_item["groups"]
-            ip_item["ipRanges"].each do |ip_range|
-              rule[:source_ips] ||= []
-              rule[:source_ips] << ip_range["cidrIp"]
-            end if ip_item["ipRanges"]
-            group[:permissions] << rule
-          end
-          groups << group
-        end
-        groups
-      end
-      def create_volume(instance, volume_spec)
-        fog_options = Rubber::Util.symbolize_keys(volume_spec['fog_options'] || {})
-        volume_data = {
-            :size => volume_spec['size'], :availability_zone => volume_spec['zone']
-        }.merge(fog_options)
-        volume = compute_provider.volumes.create(volume_data)
-        volume.id
-      end
-      def after_create_volume(instance, volume_id, volume_spec)
-        # After we create an EBS volume, we need to attach it to the instance.
-        volume = compute_provider.volumes.get(volume_id)
-        server = compute_provider.servers.get(instance.instance_id)
-        volume.device = volume_spec['device']
-        volume.server = server
-      end
-      def before_destroy_volume(volume_id)
-        # Before we can destroy an EBS volume, we must detach it from any running instances.
-        volume = compute_provider.volumes.get(volume_id)
-        volume.force_detach
-      end
-      def destroy_volume(volume_id)
-        compute_provider.volumes.get(volume_id).destroy
-      end
-      def describe_volumes(volume_id=nil)
-        volumes = []
-        opts = {}
-        opts[:'volume-id'] = volume_id if volume_id
-        response = compute_provider.volumes.all(opts)
-        response.each do |item|
-          volume = {}
-          volume[:id] = item.id
-          volume[:status] = item.state
-          if item.server_id
-            volume[:attachment_instance_id] = item.server_id
-            volume[:attachment_status] = item.attached_at ? "attached" : "waiting"
-          end
-          volumes << volume
-        end
-        volumes
-      end
-      # resource_id is any Amazon resource ID (e.g., instance ID or volume ID)
-      # tags is a hash of tag_name => tag_value pairs
-      def create_tags(resource_id, tags)
-        # Tags need to be created individually in fog
-        tags.each do |k, v|
-          compute_provider.tags.create(:resource_id => resource_id,
-                                        :key => k.to_s, :value => v.to_s)
-        end
-      end
-      private
-      def create_security_group(group_name, group_description)
-        compute_provider.security_groups.create(:name => group_name, :description => group_description)
-      end
-      def destroy_security_group(group_name)
-        compute_provider.security_groups.get(group_name).destroy
-      end
-      def add_security_group_rule(group_name, protocol, from_port, to_port, source)
-        group = compute_provider.security_groups.get(group_name)
-        opts = {:ip_protocol => protocol || 'tcp'}
-        if source.instance_of? Hash
-          opts[:group] = {source[:account] => source[:name]}
-        else
-          opts[:cidr_ip] = source
-        end
-        group.authorize_port_range(from_port.to_i..to_port.to_i, opts)
-      end
-      def remove_security_group_rule(group_name, protocol, from_port, to_port, source)
-        group = compute_provider.security_groups.get(group_name)
-        opts = {:ip_protocol => protocol || 'tcp'}
-        if source.instance_of? Hash
-          opts[:group] = {source[:account] => source[:name]}
-        else
-          opts[:cidr_ip] = source
-        end
-        group.revoke_port_range(from_port.to_i..to_port.to_i, opts)
-      end
-      def sync_security_groups(groups)
-        return unless groups
-        groups = Rubber::Util::stringify(groups)
-        groups = isolate_groups(groups)
-        group_keys = groups.keys.clone()
-        # For each group that does already exist in cloud
-        cloud_groups = describe_security_groups()
-        cloud_groups.each do |cloud_group|
-          group_name = cloud_group[:name]
-          # skip those groups that don't belong to this project/env
-          next if env.isolate_security_groups && group_name !~ /^#{isolate_prefix}/
-          if group_keys.delete(group_name)
-            # sync rules
-            capistrano.logger.debug "Security Group already in cloud, syncing rules: #{group_name}"
-            group = groups[group_name]
-            # convert the special case default rule into what it actually looks like when
-            # we query ec2 so that we can match things up when syncing
-            rules = group['rules'].clone
-            group['rules'].each do |rule|
-              if [2, 3].include?(rule.size) && rule['source_group_name'] && rule['source_group_account']
-                rules << rule.merge({'protocol' => 'tcp', 'from_port' => '1', 'to_port' => '65535' })
-                rules << rule.merge({'protocol' => 'udp', 'from_port' => '1', 'to_port' => '65535' })
-                rules << rule.merge({'protocol' => 'icmp', 'from_port' => '-1', 'to_port' => '-1' })
-                rules.delete(rule)
-              end
-            end
-            rule_maps = []
-            # first collect the rule maps from the request (group/user pairs are duplicated for tcp/udp/icmp,
-            # so we need to do this up frnot and remove duplicates before checking against the local rubber rules)
-            cloud_group[:permissions].each do |rule|
-              source_groups = rule.delete(:source_groups)
-              if source_groups
-                source_groups.each do |source_group|
-                  rule_map = rule.clone
-                  rule_map.delete(:source_ips)
-                  rule_map[:source_group_name] = source_group[:name]
-                  rule_map[:source_group_account] = source_group[:account]
-                  rule_map = Rubber::Util::stringify(rule_map)
-                  rule_maps << rule_map unless rule_maps.include?(rule_map)
-                end
-              else
-                rule_map = Rubber::Util::stringify(rule)
-                rule_maps << rule_map unless rule_maps.include?(rule_map)
-              end
-            end if cloud_group[:permissions]
-            # For each rule, if it exists, do nothing, otherwise remove it as its no longer defined locally
-            rule_maps.each do |rule_map|
-              if rules.delete(rule_map)
-                # rules match, don't need to do anything
-                # logger.debug "Rule in sync: #{rule_map.inspect}"
-              else
-                # rules don't match, remove them from cloud and re-add below
-                answer = nil
-                msg = "Rule '#{rule_map.inspect}' exists in cloud, but not locally"
-                if env.prompt_for_security_group_sync
-                  answer = Capistrano::CLI.ui.ask("#{msg}, remove from cloud? [y/N]: ")
-                else
-                  capistrano.logger.info(msg)
-                end
-                if answer =~ /^y/
-                  rule_map = Rubber::Util::symbolize_keys(rule_map)
-                  if rule_map[:source_group_name]
-                    remove_security_group_rule(group_name, rule_map[:protocol], rule_map[:from_port], rule_map[:to_port], {:name => rule_map[:source_group_name], :account => rule_map[:source_group_account]})
-                  else
-                    rule_map[:source_ips].each do |source_ip|
-                      remove_security_group_rule(group_name, rule_map[:protocol], rule_map[:from_port], rule_map[:to_port], source_ip)
-                    end if rule_map[:source_ips]
-                  end
-                end
-              end
-            end
-            rules.each do |rule_map|
-              # create non-existing rules
-              capistrano.logger.debug "Missing rule, creating: #{rule_map.inspect}"
-              rule_map = Rubber::Util::symbolize_keys(rule_map)
-              if rule_map[:source_group_name]
-                add_security_group_rule(group_name, rule_map[:protocol], rule_map[:from_port], rule_map[:to_port], {:name => rule_map[:source_group_name], :account => rule_map[:source_group_account]})
-              else
-                rule_map[:source_ips].each do |source_ip|
-                  add_security_group_rule(group_name, rule_map[:protocol], rule_map[:from_port], rule_map[:to_port], source_ip)
-                end if rule_map[:source_ips]
-              end
-            end
-          else
-            # delete group
-            answer = nil
-            msg = "Security group '#{group_name}' exists in cloud but not locally"
-            if env.prompt_for_security_group_sync
-              answer = Capistrano::CLI.ui.ask("#{msg}, remove from cloud? [y/N]: ")
-            else
-              capistrano.logger.debug(msg)
-            end
-            destroy_security_group(group_name) if answer =~ /^y/
-          end
-        end
-        # For each group that didnt already exist in cloud
-        group_keys.each do |group_name|
-          group = groups[group_name]
-          capistrano.logger.debug "Creating new security group: #{group_name}"
-          # create each group
-          create_security_group(group_name, group['description'])
-          # create rules for group
-          group['rules'].each do |rule_map|
-            capistrano.logger.debug "Creating new rule: #{rule_map.inspect}"
-            rule_map = Rubber::Util::symbolize_keys(rule_map)
-            if rule_map[:source_group_name]
-              add_security_group_rule(group_name, rule_map[:protocol], rule_map[:from_port], rule_map[:to_port], {:name => rule_map[:source_group_name], :account => rule_map[:source_group_account]})
-            else
-              rule_map[:source_ips].each do |source_ip|
-                add_security_group_rule(group_name, rule_map[:protocol], rule_map[:from_port], rule_map[:to_port], source_ip)
-              end if rule_map[:source_ips]
-            end
-          end
-        end
-      end
     end
   end
 end