Class: Ironfan::Provider::Ec2::IamServerCertificate

Inherits:

Resource

• Object
• Builder
• Resource
• Ironfan::Provider::Ec2::IamServerCertificate

Defined in:

lib/ironfan/provider/ec2/iam_server_certificate.rb,
lib/ironfan/headers.rb

Overview

Fog::AWS doesn’t seem to have native models for IAM ServerCertificate

using Hash semantics instead

Constant Summary

ARN_PREFIX =

"iamss_arn"

Instance Attribute Summary

Attributes inherited from Resource

#owner, #users

Class Method Summary

• .aggregate!(computers) ⇒ Object

  Create any certificates that are needed by any clouds in which there are running computers.

• .expected_id(computer, cert) ⇒ Object
• .expected_ids(computer) ⇒ Object
• .full_name(computer, cert) ⇒ Object
• .load!(cluster = nil) ⇒ Object

  Discovery.

• .multiple? ⇒ Boolean
• .resource_type ⇒ Object
• .shared? ⇒ Boolean

Instance Method Summary

• #name ⇒ Object
• #to_s ⇒ Object

Methods inherited from Resource

#bogus?, create!, destroy!, forget, forget!, handle, known, #on_correlate, patiently, prepare!, recall, recall?, receive, register, remember, save!, validate_computer!, validate_resources!

Methods inherited from Builder

ui, #ui

Class Method Details

.aggregate!(computers) ⇒ Object

Create any certificates that are needed by any clouds in which there are running computers

# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 46

def self.aggregate!(computers)
  ec2_computers = computers.select { |c| Ec2.applicable c }
  return if ec2_computers.empty?

  load! # Find out which certificates already exist in EC2
  certs_for_running_servers = ec2_computers.select { |c| c.running? }.map { |c| self.expected_ids(c) }.flatten.uniq
  certs_for_stopped_servers = ec2_computers.select { |c| not c.running? }.map { |c| self.expected_ids(c) }.flatten.uniq
  certs_to_start = [ certs_for_running_servers ].flatten.compact.reject { |cert_name| recall? cert_name }
  certs_to_stop  = [ certs_for_stopped_servers - certs_for_running_servers ].flatten.compact.select { |cert_name| recall? cert_name }

  certs_to_start.each do |cert_name|
    if cert_name =~ /^#{ARN_PREFIX}:(.+)$/
      error = "Cannot create an IAM server certificate with an explicit ARN #{$1}. Explicit ARNs can only be used to capture existing IAM server certificates created outside of Ironfan."
      puts error and raise error
    else
      Ironfan.step(cert_name, "creating server certificate", :blue)
      computer  = ec2_computers.select { |c| self.expected_ids(c).include?(cert_name) }.values.first
      use_name  = cert_name.sub("ironfan-#{computer.server.cluster_name}-", '')
      cert_prov = computer.server.cloud(:ec2).iam_server_certificates[use_name]
      options   = cert_prov.certificate_chain.nil? ? { } : { 'CertificateChain' => cert_prov.certificate_chain }
      Ec2.iam.upload_server_certificate(cert_prov.certificate, cert_prov.private_key, cert_name, options)
    end
  end

  certs_to_stop.each do |cert_name|
    if cert_name !~ /^#{ARN_PREFIX}:(.+)$/
      Ironfan.step(cert_name, "appears to be unused; you may want to remove it manually", :red)
    end
  end

  load! # Get new list of native certificates via reload
end

.expected_id(computer, cert) ⇒ Object

# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 83

def self.expected_id(computer, cert)
  n = self.full_name(computer, cert)
  if cert.arn
    Chef::Log.info("Using explicit IAMServerCertificate ARN #{cert.arn} instead of inferred name #{n}")
    "#{ARN_PREFIX}:#{cert.arn}"
  else
    if n.length > 32
      error = "Excessively long certificate name #{n}, must be <= 32 characters"
      puts error and raise error
    end
    n
  end
end

.expected_ids(computer) ⇒ Object

# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 15

def self.expected_ids(computer)
  ec2 = computer.server.cloud(:ec2)
  ec2.iam_server_certificates.values.map do |cert|
    self.expected_id(computer, cert)
  end
end

.full_name(computer, cert) ⇒ Object

# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 79

def self.full_name(computer, cert)
  "ironfan-%s-%s" % [ computer.server.cluster_name, cert.name ]
end

.load!(cluster = nil) ⇒ Object

Discovery

# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 29

def self.load!(cluster=nil)
  Ec2.iam.list_server_certificates.body['Certificates'].each do |cert|
    iss = new(:adaptee => cert)
    remember(iss, { :id => cert['ServerCertificateName'] })
    remember(iss, { :id => "#{ARN_PREFIX}:#{cert['Arn']}" })
  end
end

.multiple? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 13

def self.multiple?()     true;   end

.resource_type ⇒ Object

# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 14

def self.resource_type() :iam_server_certificate;   end

.shared? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 12

def self.shared?()       true;   end

Instance Method Details

#name ⇒ Object

# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 22

def name()
  self['ServerCertificateName']
end

#to_s ⇒ Object

# File 'lib/ironfan/provider/ec2/iam_server_certificate.rb', line 37

def to_s
  "<%-20s %-32s>" % [ self['ServerCertificateName'], self['Arn']]
end