sf-hiera-aws 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +9 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +21 -0
- data/README.md +83 -0
- data/Rakefile +2 -0
- data/lib/hiera/backend/sf_hiera_aws_backend.rb +167 -0
- data/sf-hiera-aws.gemspec +23 -0
- metadata +93 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 443deac718f30bc09618c7d35f400447cee08790
|
4
|
+
data.tar.gz: 8b68ef269097ba57cfb8cc8e2ba2aed0dfa45174
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 3dc41f57aea0f60f7ad7f9c8f9e7c77efa993c4296df1660e8be1eff46633685ca68020f34ecedfb80874599a877af54d340ac07099c5abd9a03943a546fe678
|
7
|
+
data.tar.gz: e6610c0c32a4e7dcb2c8421a38fb9b748d4a9651215c0d324f644460a174f83e8ed925c924cd8229cc08763c530a20264b3b39189a26dc12656a7ddc4081bbc4
|
data/.gitignore
ADDED
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2015 Jon Topper
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,83 @@
|
|
1
|
+
# sf-hiera-aws
|
2
|
+
|
3
|
+
## About
|
4
|
+
|
5
|
+
This is a Hiera backend to provide access to the EC2 API for a small number of resource types. Its purpose is to prevent it from ever being necessary to copy and paste EC2, RDS and ElastiCache addresses from the AWS console into Puppet configs anywhere.
|
6
|
+
|
7
|
+
## Usage and Setup
|
8
|
+
|
9
|
+
To add this backend to hiera, edit `/etc/puppet/hiera.yaml`:
|
10
|
+
|
11
|
+
```
|
12
|
+
:backends:
|
13
|
+
- yaml
|
14
|
+
- sf_hiera_aws
|
15
|
+
```
|
16
|
+
|
17
|
+
This plugin will attempt to use a machine's IAM role to perform AWS lookups - this is the recommended method of operation.
|
18
|
+
|
19
|
+
Absent an IAM role, the plugin will fall back to looking up credentials in the environment. Use `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY` and `AWS_REGION` variables.
|
20
|
+
|
21
|
+
The IAM role will need the following permissions:
|
22
|
+
|
23
|
+
```
|
24
|
+
{
|
25
|
+
"Version": "2012-10-17",
|
26
|
+
"Statement": [
|
27
|
+
{
|
28
|
+
"Action": [
|
29
|
+
"ec2:DescribeInstances",
|
30
|
+
"rds:DescribeDBInstances",
|
31
|
+
"elasticache:DescribeCacheClusters"
|
32
|
+
],
|
33
|
+
"Effect": "Allow",
|
34
|
+
"Resource": [
|
35
|
+
"*"
|
36
|
+
]
|
37
|
+
}
|
38
|
+
]
|
39
|
+
}
|
40
|
+
```
|
41
|
+
|
42
|
+
## Configuration
|
43
|
+
|
44
|
+
The plugin expects to find a configuration file under `/etc/puppet/sf_hiera_aws.yaml`, defining how we look up named keys. The keys at the top level of this file determine the names of the hiera keys the plugin will provide; the configuration determines how these are looked up.
|
45
|
+
|
46
|
+
### Example - EC2 nodes by tag
|
47
|
+
|
48
|
+
```
|
49
|
+
aws_am_search_nodes:
|
50
|
+
type: :ec2_instance
|
51
|
+
filters:
|
52
|
+
- name: tag:aws:autoscaling:groupName
|
53
|
+
values: [ "%{::sf_location}-%{::sf_environment}-search" ]
|
54
|
+
return:
|
55
|
+
- :instance_id
|
56
|
+
- :private_ip_address
|
57
|
+
- :private_dns_name
|
58
|
+
```
|
59
|
+
|
60
|
+
The value of `return` here is also the default, and so can be omitted. You can use any of the methods listed at http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Instance.html to obtain other details from the Instance object.
|
61
|
+
|
62
|
+
|
63
|
+
### Example - RDS instance by name
|
64
|
+
|
65
|
+
```
|
66
|
+
aws_am_bullseye_rds:
|
67
|
+
type: :rds_db_instance
|
68
|
+
db_instance_identifier: "%{::sf_location}-%{::sf_environment}-db"
|
69
|
+
```
|
70
|
+
|
71
|
+
Calls to `:rds_db_instance` type keys return the instance identifier, endpoint address and endpoint port.
|
72
|
+
|
73
|
+
### Example - ElastiCache cluster by name
|
74
|
+
|
75
|
+
```
|
76
|
+
aws_am_bullseye_redis:
|
77
|
+
type: :elasticache_cache_cluster
|
78
|
+
cache_cluster_id: "%{::sf_location}-%{::sf_environment}-redis"
|
79
|
+
```
|
80
|
+
|
81
|
+
Calls to `:elasticache_cache_cluster` type keys return a list of cache nodes, their IDs and endpoint address/ports.
|
82
|
+
|
83
|
+
|
data/Rakefile
ADDED
@@ -0,0 +1,167 @@
|
|
1
|
+
class Hiera
|
2
|
+
|
3
|
+
module Backend
|
4
|
+
|
5
|
+
class Sf_hiera_aws_backend
|
6
|
+
|
7
|
+
public
|
8
|
+
|
9
|
+
def initialize
|
10
|
+
require 'aws-sdk-resources'
|
11
|
+
Hiera.debug('Hiera AWS SDK backend started')
|
12
|
+
end
|
13
|
+
|
14
|
+
def lookup (key, scope, order_override, resolution_type)
|
15
|
+
|
16
|
+
config = recursive_interpolate_config(aws_config, scope)
|
17
|
+
|
18
|
+
Hiera.debug("Looking up '#{key} in AWS SDK backend")
|
19
|
+
|
20
|
+
if ! config.key? key
|
21
|
+
return nil
|
22
|
+
end
|
23
|
+
|
24
|
+
Hiera.debug("Config: #{config[key].inspect}")
|
25
|
+
type = config[key]['type']
|
26
|
+
|
27
|
+
if self.methods.include? "type_#{type}".to_sym
|
28
|
+
|
29
|
+
begin
|
30
|
+
answer = self.send("type_#{type}".to_sym, config[key])
|
31
|
+
Hiera.debug( answer )
|
32
|
+
return answer
|
33
|
+
rescue Aws::Errors::MissingRegionError, Aws::Errors::MissingCredentialsError
|
34
|
+
Hiera.warn("No IAM role or ENV based AWS config - skipping")
|
35
|
+
return nil
|
36
|
+
end
|
37
|
+
|
38
|
+
end
|
39
|
+
|
40
|
+
Hiera.debug("Type of AWS SDK lookup '#{type}' invalid")
|
41
|
+
return nil
|
42
|
+
|
43
|
+
end
|
44
|
+
|
45
|
+
def aws_config
|
46
|
+
|
47
|
+
require 'yaml'
|
48
|
+
|
49
|
+
default_config_path = "/etc/puppet/sf_hiera_aws.yaml"
|
50
|
+
|
51
|
+
if ! Config[:aws_sdk].nil?
|
52
|
+
config_file = Config[:aws_sdk][:config_file] || default_config_path
|
53
|
+
else
|
54
|
+
config_file = default_config_path
|
55
|
+
end
|
56
|
+
|
57
|
+
if File.exist?(config_file)
|
58
|
+
config = YAML::load_file(config_file)
|
59
|
+
else
|
60
|
+
Hiera.warn("No config file #{config_file} found")
|
61
|
+
config = {}
|
62
|
+
end
|
63
|
+
|
64
|
+
config
|
65
|
+
|
66
|
+
end
|
67
|
+
|
68
|
+
def recursive_interpolate_config(h,scope)
|
69
|
+
case h
|
70
|
+
when Hash
|
71
|
+
Hash[
|
72
|
+
h.map do |k, v|
|
73
|
+
[ Backend.parse_answer(k, scope), recursive_interpolate_config(v,scope) ]
|
74
|
+
end
|
75
|
+
]
|
76
|
+
when Enumerable
|
77
|
+
h.map { |v| recursive_interpolate_config(v,scope) }
|
78
|
+
when String
|
79
|
+
Backend.parse_answer(h,scope)
|
80
|
+
else
|
81
|
+
h
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
85
|
+
def type_ec2_instance(options)
|
86
|
+
|
87
|
+
options = {
|
88
|
+
'return' => [
|
89
|
+
:instance_id,
|
90
|
+
:private_ip_address,
|
91
|
+
:private_dns_name,
|
92
|
+
]
|
93
|
+
}.merge(options)
|
94
|
+
|
95
|
+
ec2 = Aws::EC2::Resource.new()
|
96
|
+
|
97
|
+
if options.key? 'filters'
|
98
|
+
instances = ec2.instances( filters: options['filters'] ) || []
|
99
|
+
else
|
100
|
+
instances = ec2.instances() || []
|
101
|
+
end
|
102
|
+
|
103
|
+
instances.collect do |i|
|
104
|
+
Hash[ options['return'].map { |f|
|
105
|
+
[f.to_s, i.methods.include?(f) ? i.send(f) : nil ]
|
106
|
+
} ]
|
107
|
+
end
|
108
|
+
|
109
|
+
end
|
110
|
+
|
111
|
+
def type_rds_db_instance(options)
|
112
|
+
|
113
|
+
rds = Aws::RDS::Client.new()
|
114
|
+
|
115
|
+
if options.key? 'db_instance_identifier'
|
116
|
+
instances = rds.describe_db_instances(
|
117
|
+
db_instance_identifier: options['db_instance_identifier']
|
118
|
+
).db_instances
|
119
|
+
else
|
120
|
+
instances = rds.describe_db_instances.db_instances
|
121
|
+
end
|
122
|
+
|
123
|
+
instances.collect do |i|
|
124
|
+
{
|
125
|
+
'db_instance_identifier' => i.db_instance_identifier,
|
126
|
+
'endpoint_address' => i.endpoint.address,
|
127
|
+
'endpoint_port' => i.endpoint.port,
|
128
|
+
}
|
129
|
+
end
|
130
|
+
|
131
|
+
end
|
132
|
+
|
133
|
+
def type_elasticache_cache_cluster(options)
|
134
|
+
|
135
|
+
elasticache = Aws::ElastiCache::Client.new()
|
136
|
+
|
137
|
+
if options.key? 'cache_cluster_id'
|
138
|
+
clusters = elasticache.describe_cache_clusters(
|
139
|
+
cache_cluster_id: options['cache_cluster_id'],
|
140
|
+
show_cache_node_info: true,
|
141
|
+
).cache_clusters
|
142
|
+
else
|
143
|
+
clusters = elasticache.describe_cache_clusters(
|
144
|
+
show_cache_node_info: true
|
145
|
+
).cache_clusters
|
146
|
+
end
|
147
|
+
|
148
|
+
clusters.collect do |i|
|
149
|
+
{
|
150
|
+
'cache_cluster_id' => i.cache_cluster_id,
|
151
|
+
'cache_nodes' => i.cache_nodes.collect do |n|
|
152
|
+
{
|
153
|
+
'cache_node_id' => n.cache_node_id,
|
154
|
+
'endpoint_address' => n.endpoint.address,
|
155
|
+
'endpoint_port' => n.endpoint.port,
|
156
|
+
}
|
157
|
+
end
|
158
|
+
}
|
159
|
+
end
|
160
|
+
end
|
161
|
+
|
162
|
+
end
|
163
|
+
|
164
|
+
end
|
165
|
+
|
166
|
+
end
|
167
|
+
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
|
5
|
+
Gem::Specification.new do |spec|
|
6
|
+
spec.name = "sf-hiera-aws"
|
7
|
+
spec.version = "0.0.1"
|
8
|
+
spec.authors = ["Jon Topper"]
|
9
|
+
spec.email = ["jon@scalefactory.com"]
|
10
|
+
|
11
|
+
spec.summary = %q{Hiera backend for querying AWS resources}
|
12
|
+
spec.homepage = "https://github.com/scalefactory/sf-hiera-aws"
|
13
|
+
spec.license = "MIT"
|
14
|
+
|
15
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
16
|
+
spec.bindir = "exe"
|
17
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
18
|
+
spec.require_paths = ["lib"]
|
19
|
+
|
20
|
+
spec.add_development_dependency "bundler", "~> 1.8"
|
21
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
22
|
+
spec.add_dependency "aws-sdk-resources", ">=2.1.18"
|
23
|
+
end
|
metadata
ADDED
@@ -0,0 +1,93 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: sf-hiera-aws
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Jon Topper
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2015-09-02 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.8'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.8'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rake
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '10.0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '10.0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: aws-sdk-resources
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: 2.1.18
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 2.1.18
|
55
|
+
description:
|
56
|
+
email:
|
57
|
+
- jon@scalefactory.com
|
58
|
+
executables: []
|
59
|
+
extensions: []
|
60
|
+
extra_rdoc_files: []
|
61
|
+
files:
|
62
|
+
- ".gitignore"
|
63
|
+
- Gemfile
|
64
|
+
- LICENSE.txt
|
65
|
+
- README.md
|
66
|
+
- Rakefile
|
67
|
+
- lib/hiera/backend/sf_hiera_aws_backend.rb
|
68
|
+
- sf-hiera-aws.gemspec
|
69
|
+
homepage: https://github.com/scalefactory/sf-hiera-aws
|
70
|
+
licenses:
|
71
|
+
- MIT
|
72
|
+
metadata: {}
|
73
|
+
post_install_message:
|
74
|
+
rdoc_options: []
|
75
|
+
require_paths:
|
76
|
+
- lib
|
77
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
78
|
+
requirements:
|
79
|
+
- - ">="
|
80
|
+
- !ruby/object:Gem::Version
|
81
|
+
version: '0'
|
82
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
83
|
+
requirements:
|
84
|
+
- - ">="
|
85
|
+
- !ruby/object:Gem::Version
|
86
|
+
version: '0'
|
87
|
+
requirements: []
|
88
|
+
rubyforge_project:
|
89
|
+
rubygems_version: 2.2.2
|
90
|
+
signing_key:
|
91
|
+
specification_version: 4
|
92
|
+
summary: Hiera backend for querying AWS resources
|
93
|
+
test_files: []
|