libraries/provider_security_group.rb from galoshes/galoshes

libraries/provider_security_group.rb
Summary

Maintainability

3 hrs
Test Coverage

Issues
require_relative 'provider_base'
require_relative 'service_compute'

class Chef::Provider::GaloshesSecurityGroup < Chef::Provider::GaloshesBase
  include Galoshes::DeleteMixin
  include Galoshes::ComputeService

  def load_current_resource
    require 'fog'
    require 'fog/aws/models/compute/security_groups'

    @collection = Fog::Compute::AWS::SecurityGroups.new(:service => service)
    @current_resource = @collection.get(new_resource.name)

    @exists = !(@current_resource.nil?)
    @current_resource.reload if @exists
    Chef::Log.debug("#{resource_str} current_resource: #{@current_resource} exists: #{@exists}")
    if @exists
      new_resource.group_id(@current_resource.group_id)
    end

    @current_resource
  end

  def action_create
    converge_unless(@exists, "create #{resource_str}") do
      @current_resource = @collection.new
      create_attributes = [:name, :description, :group_id, :ip_permissions, :ip_permissions_egress, :vpc_id]
      copy_attributes(create_attributes)
      Chef::Log.debug("current_resource before save: #{@current_resource}")

      result = @current_resource.save
      Chef::Log.debug("create as result: #{result}")
      Chef::Log.debug("current_resource after save: #{@current_resource}")
      @exists = true

      @current_resource.reload
      Chef::Log.debug("current_resource after reload: #{@current_resource}")

      authorize_ip_permissions

      new_resource.group_id(@current_resource.group_id)
      new_resource.updated_by_last_action(true)
    end
  end

  def authorize_ip_permissions
    Chef::Log.info("new_resource.ip_permissions: #{new_resource.ip_permissions}")
    Chef::Log.info("current_reso.ip_permissions: #{@current_resource.ip_permissions}")
    new_ip_permissions = new_resource.ip_permissions.map do |p|
      perm = {}
      perm[:range] = p[:range].is_a?(Fixnum) ? (p[:range]..p[:range]) : p[:range]
      perm[:ip_protocol] = p.include?(:ip_protocol) ? p[:ip_protocol] : 'tcp'
      if p.include?(:group)
        perm[:group] = (p[:group] == :self) ? @current_resource.group_id : p[:group]
      end
      perm[:cidr_ip] = p[:cidr_ip] if p.include?(:cidr_ip)
      perm
    end

    cur_ip_permissions = @current_resource.ip_permissions.map do |p|
      perm = {}
      perm[:range] = (p['fromPort']..p['toPort'])
      perm[:ip_protocol] =  p['ipProtocol']
      perm[:cidr_ip] = p['ipRanges'][0]['cidrIp'] if p['ipRanges'].size > 0
      perm[:group] = p['groups'][0]['groupId'] if p['groups'].size > 0
      perm
    end

    Chef::Log.info("new_ip: #{new_ip_permissions}")
    Chef::Log.info("cur_ip: #{cur_ip_permissions}")

    remove_permissions = cur_ip_permissions - new_ip_permissions
    authorize_permissions = new_ip_permissions - cur_ip_permissions

    remove_permissions.each do |permission|
      converge_by("remove #{permission}") do
        @current_resource.revoke_port_range(permission[:range], permission)
        new_resource.updated_by_last_action(true)
      end
    end

    authorize_permissions.each do |permission|
      converge_by("add #{permission}") do
        @current_resource.authorize_port_range(permission[:range], permission)
        new_resource.updated_by_last_action(true)
      end
    end
  end

  def action_update
    if @exists
      authorize_ip_permissions
    end
  end
end