stemcell 0.11.6 → 0.11.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 98616ae32c94b573ff3fc0d8b3e3ee8609249aba
-  data.tar.gz: 30f0e404801f617927783cd7bbe97bad2faf0112
+  metadata.gz: bbe504f40413724bf87e2b12fac6d6e82da0f47c
+  data.tar.gz: 3ee37995a832825a2479fd784d7d02d8ef070875
 SHA512:
-  metadata.gz: 54802c4b403fd732bc340aa12b9c33ffc2dddad093a7a2b011399cb3ec88f0fb6fb4e6c676c83527149b29b266c2e828275c47bb6e6c2f2eb3559c86d730f4e9
-  data.tar.gz: c981c1205c1c10df841b1b5929f525482b1b80053ac3b2dcd41f11bcf8859334778a57c6f9179ea9d6dc83994930ed81ad706ffdda0d1253b1da188989f2de6c
+  metadata.gz: acd48d19f76a18638048eae5ce84f4537bcb60a8d036510a60d2aa87d220840973e19fb094216e2a192d5f1f6b5e6b43914e9cf44e302dcb9c89a0b8f9785d01
+  data.tar.gz: b929a418da0773876d21785fb7d67fc8ea19e95e989111dae3a8ee13649602299a65caef33eb500750fc5544c19c7a717ef0685c3d5013a2e6e8f97c9d6f3081

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+# 0.11.7
+- Convert security group names to ids when launching VPC instances
+- Allow classic link to associate VPC security groups by name
+
 # 0.11.6
 - Result of role expansion needs to be a mutable object
 

data/lib/stemcell/launcher.rb

@@ -106,14 +106,21 @@ module Stemcell
         :count => opts['count'],
       }
 
-      if opts['security_groups'] && !opts['security_groups'].empty?
-        launch_options[:security_groups] = opts['security_groups']
-      end
-
       if opts['security_group_ids'] && !opts['security_group_ids'].empty?
         launch_options[:security_group_ids] = opts['security_group_ids']
       end
 
+      if opts['security_groups'] && !opts['security_groups'].empty?
+        if @vpc_id
+          # convert sg names to sg ids as VPC only accepts ids
+          security_group_ids = get_vpc_security_group_ids(@vpc_id, opts['security_groups'])
+          launch_options[:security_group_ids] ||= []
+          launch_options[:security_group_ids].concat(security_group_ids)
+        else
+          launch_options[:security_groups] = opts['security_groups']
+        end
+      end
+
       # specify availability zone (optional)
       if opts['availability_zone']
         launch_options[:availability_zone] = opts['availability_zone']
@@ -299,10 +306,35 @@ module Stemcell
       check_errors(:set_tags, instances.map(&:id), errors)
     end
 
+    # Resolve security group names to their ids in the given VPC
+    def get_vpc_security_group_ids(vpc_id, group_names)
+      group_map = {}
+      @log.info "resolving security groups #{group_names} in #{vpc_id}"
+      vpc = AWS::EC2::VPC.new(vpc_id, :ec2_endpoint => "ec2.#{@region}.amazonaws.com")
+      vpc.security_groups.each do |sg|
+        next if sg.vpc_id != vpc_id
+        group_map[sg.name] = sg.group_id
+      end
+      group_ids = []
+      group_names.each do |sg_name|
+        raise "Couldn't find security group #{sg_name} in #{vpc_id}" unless group_map.has_key?(sg_name)
+        group_ids << group_map[sg_name]
+      end
+      group_ids
+    end
+
     def set_classic_link(left_to_process, classic_link)
       return unless classic_link
       return unless classic_link['vpc_id']
-      return unless classic_link['security_group_ids'] && !classic_link['security_group_ids'].empty?
+
+      security_group_ids = classic_link['security_group_ids'] || []
+      security_group_names = classic_link['security_groups'] || []
+      return if security_group_ids.empty? && security_group_names.empty?
+
+      if !security_group_names.empty?
+        extra_group_ids = get_vpc_security_group_ids(classic_link['vpc_id'], security_group_names)
+        security_group_ids = security_group_ids + extra_group_ids
+      end
 
       @log.info "applying classic link settings on #{left_to_process.count} instance(s)"
 
@@ -323,7 +355,7 @@ module Stemcell
             result = ec2.client.attach_classic_link_vpc({
                 :instance_id => instance.id,
                 :vpc_id => classic_link['vpc_id'],
-                :groups => classic_link['security_group_ids'],
+                :groups => security_group_ids,
               })
             result.error
           rescue StandardError => e

data/lib/stemcell/option_parser.rb

@@ -102,6 +102,12 @@ module Stemcell
         :type  => String,
         :env   => 'CLASSIC_LINK_SECURITY_GROUP_IDS',
       },
+      {
+        :name  => 'classic_link_security_groups',
+        :desc  => 'comma-separated list of security groups to link into ClassicLink; not used unless classic_link_vpc_id is set',
+        :type  => String,
+        :env   => 'CLASSIC_LINK_SECURITY_GROUPS',
+      },
       {
         :name  => 'subnet',
         :desc  => "VPC subnet for which to launch this instance",
@@ -415,7 +421,10 @@ module Stemcell
         options['classic_link']['vpc_id'] = options['classic_link_vpc_id']
       end
       if options['classic_link_security_group_ids']
-        options['classic_link']['security_group_ids'] = options['classic_link_security_group_ids']
+        options['classic_link']['security_group_ids'] = options['classic_link_security_group_ids'].split(',')
+      end
+      if options['classic_link_security_groups']
+        options['classic_link']['security_groups'] = options['classic_link_security_groups'].split(',')
       end
 
       options

data/lib/stemcell/version.rb

@@ -1,3 +1,3 @@
 module Stemcell
-  VERSION = "0.11.6"
+  VERSION = "0.11.7"
 end

data/spec/lib/stemcell/launcher_spec.rb

@@ -14,6 +14,15 @@ class MockInstance
   end
 end
 
+class MockSecurityGroup
+  attr_reader :group_id, :name, :vpc_id
+  def initialize(id, name, vpc_id)
+    @group_id = id
+    @name = name
+    @vpc_id = vpc_id
+  end
+end
+
 class MockException < StandardError
 end
 
@@ -27,6 +36,61 @@ describe Stemcell::Launcher do
   let(:instances) { (1..4).map { |id| MockInstance.new(id) } }
   let(:instance_ids) { instances.map(&:id) }
 
+  describe '#launch' do
+    let(:ec2) { instance_double(AWS::EC2) }
+    let(:client) { double(AWS::EC2::Client) }
+    let(:response) { instance_double(AWS::Core::Response) }
+    let(:launcher) {
+      opts = {'region' => 'region', 'vpc_id' => 'vpc-1'}
+      launcher = Stemcell::Launcher.new(opts)
+      launcher
+    }
+    let(:launch_options) {
+      {
+        'chef_role'               => 'role',
+        'chef_environment'        => 'environment',
+        'chef_data_bag_secret'    => 'data_bag_secret',
+        'git_branch'              => 'branch',
+        'git_key'                 => 'key',
+        'git_origin'              => 'origin',
+        'key_name'                => 'key',
+        'instance_type'           => 'c1.xlarge',
+        'image_id'                => 'ami-d9d6a6b0',
+        'availability_zone'       => 'us-east-1a',
+        'count'                   => 2,
+        'security_groups'         => ['sg_name1', 'sg_name2'],
+        'wait'                    => false
+      }
+    }
+
+    before do
+      allow(launcher).to receive(:try_file).and_return('secret')
+      allow(launcher).to receive(:render_template).and_return('template')
+      allow(launcher).to receive(:ec2).and_return(ec2)
+      allow(ec2).to receive(:client).and_return(client)
+      allow(response).to receive(:error).and_return(nil)
+    end
+
+    it 'launches all of the instances' do
+      expect(launcher).to receive(:get_vpc_security_group_ids).
+        with('vpc-1', ['sg_name1', 'sg_name2']).and_call_original
+      expect_any_instance_of(AWS::EC2::VPC).to receive(:security_groups).
+        and_return([1,2].map { |i| MockSecurityGroup.new("sg-#{i}", "sg_name#{i}", 'vpc-1')})
+      expect(launcher).to receive(:do_launch).with(a_hash_including(
+          :image_id           => 'ami-d9d6a6b0',
+          :instance_type      => 'c1.xlarge',
+          :key_name           => 'key',
+          :count              => 2,
+          :security_group_ids => ['sg-1', 'sg-2'],
+          :availability_zone  => 'us-east-1a',
+          :user_data          => 'template'
+        )).and_return(instances)
+      expect(launcher).to receive(:set_tags).with(kind_of(Array), kind_of(Hash)).and_return(nil)
+
+      launcher.send(:launch, launch_options)
+    end
+  end
+
   describe '#set_classic_link' do
     let(:ec2) { instance_double(AWS::EC2) }
     let(:client) { double(AWS::EC2::Client) }
@@ -37,14 +101,24 @@ describe Stemcell::Launcher do
       allow(response).to receive(:error).and_return(nil)
     end
 
-    let(:classic_link) { {'vpc_id' => 'vpc_id', 'security_group_ids' => ['sg1', 'sg2']} }
+    let(:classic_link) {
+      {
+        'vpc_id' => 'vpc-1',
+        'security_group_ids' => ['sg-1', 'sg-2'],
+        'security_groups' => ['sg_name']
+      }
+    }
 
     it 'invokes classic link on all of the instances' do
+      expect(launcher).to receive(:get_vpc_security_group_ids).with('vpc-1', ['sg_name']).
+        and_call_original
+      expect_any_instance_of(AWS::EC2::VPC).to receive(:security_groups).
+        and_return([MockSecurityGroup.new('sg-3', 'sg_name', 'vpc-1')])
       instances.each do |instance|
         expect(client).to receive(:attach_classic_link_vpc).ordered.with(a_hash_including(
             :instance_id => instance.id,
             :vpc_id => classic_link['vpc_id'],
-            :groups => classic_link['security_group_ids'],
+            :groups => ['sg-1', 'sg-2', 'sg-3'],
           )).and_return(response)
       end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: stemcell
 version: !ruby/object:Gem::Version
-  version: 0.11.6
+  version: 0.11.7
 platform: ruby
 authors:
 - Martin Rhoads
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-10-18 00:00:00.000000000 Z
+date: 2017-11-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-v1
@@ -239,7 +239,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.13
+rubygems_version: 2.5.2
 signing_key: 
 specification_version: 4
 summary: no summary