route propagation and promotion

.gitignore

@@ -3,3 +3,6 @@ pkg
 spec/fixtures
 .rspec_system
 Gemfile.lock
+.bundle
+.ruby-version
+.ruby-gemset

Gemfile

@@ -1,7 +1,7 @@
 source "http://rubygems.org"
 
 gem 'nokogiri', '~> 1.5.11'
-gem 'aws-sdk'
+gem 'aws-sdk', '1.55.0'
 
 group :test do
   gem "rake"

lib/puppet/provider/aws_cgw/api.rb

@@ -3,8 +3,9 @@
 Puppet::Type.type(:aws_cgw).provide(:api, :parent => Puppet_X::Bobtfish::Ec2_api) do
   mk_resource_methods
   remove_method :tags= # We want the method inherited from the parent
-  def self.new_from_aws(region_name, item)
-    tags = item.tags.to_h
+
+  def self.new_from_aws(region_name, item, tags=nil)
+    tags ||= item.tags.to_h
     name = tags.delete('Name') || item.id
     new(
       :aws_item   => item,
@@ -18,28 +19,24 @@ def self.new_from_aws(region_name, item)
       :tags       => tags
     )
   end
-  def self.instances()
-    regions.collect do |region_name|
-      ec2.regions[region_name].customer_gateways.reject { |item| item.state == :deleting or item.state == :deleted }.collect { |item| new_from_aws(region_name,item) }
-    end.flatten
-  end
+
+  def self.instances_class; AWS::EC2::CustomerGateway; end
 
   read_only(:ip_address, :bgp_asn, :region, :type)
 
   def create
-    begin
-      fail "Cannot create aws_cgw #{resource[:title]} without a region" unless resource[:region]
-      region = ec2.regions[resource[:region]]
-      fail "Cannot find region '#{resource[:region]} for resource #{resource[:title]}" unless region
-      cgw = region.customer_gateways.create(resource[:bgp_asn].to_i, resource[:ip_address])
-      tag_with_name cgw, resource[:name]
-      tags = resource[:tags] || {}
-      tags.each { |k,v| cgw.add_tag(k, :value => v) }
-      cgw
-    rescue Exception => e
-      fail e
-    end
+    fail "Cannot create aws_cgw #{resource[:title]} without a region" unless resource[:region]
+    region = ec2.regions[resource[:region]]
+    fail "Cannot find region '#{resource[:region]} for resource #{resource[:title]}" unless region
+    cgw = region.customer_gateways.create(resource[:bgp_asn].to_i, resource[:ip_address])
+    tag_with_name cgw, resource[:name]
+    tags = resource[:tags] || {}
+    tags.each { |k,v| cgw.add_tag(k, :value => v) }
+    cgw
+  rescue Exception => e
+    fail e
   end
+
   def destroy
     @property_hash[:aws_item].delete
     @property_hash[:ensure] = :absent

lib/puppet/provider/aws_dopts/api.rb

@@ -3,8 +3,9 @@
 Puppet::Type.type(:aws_dopts).provide(:api, :parent => Puppet_X::Bobtfish::Ec2_api) do
   mk_resource_methods
   remove_method :tags= # We want the method inherited from the parent
-  def self.new_from_aws(region_name, item)
-    tags = item.tags.to_h
+
+  def self.new_from_aws(region_name, item, tags=nil)
+    tags ||= item.tags.to_h
     name = tags.delete('Name') || item.id
     c = item.configuration
     new(
@@ -21,11 +22,8 @@ def self.new_from_aws(region_name, item)
       :netbios_node_type    => c[:netbios_node_type].to_s
     )
   end
-  def self.instances
-    regions.collect do |region_name|
-      ec2.regions[region_name].dhcp_options.collect { |item| new_from_aws(region_name,item) }
-    end.flatten
-  end
+
+  def self.instances_class; AWS::EC2::DHCPOptions; end
 
   read_only(:domain_name, :ntp_servers, :netbios_name_servers, :netbios_node_type)
 

lib/puppet/provider/aws_iam_role/api.rb

@@ -24,12 +24,12 @@ def service_principal
   end
 
   def service_principal=(service)
-    assume_role_policy_document ||= service_template(service)
+    assume_role_policy_document ||= service_tempalte(service)
     assume_role_policy_document['Statement']['Principal']['Service'] = service
   end
 
   def create
-    resource[:assume_role_policy_document] ||= service_template(resource[:service_principal])
+    resource[:assume_role_policy_document] ||= service_tempalte(resource[:service_principal])
     iam.client.create_role(
       :role_name => resource[:name],
       :assume_role_policy_document => JSON.dump(resource[:assume_role_policy_document]),
@@ -58,7 +58,7 @@ def destroy
 
   private
 
-  def service_template(service)
+  def service_tempalte(service)
     return {'Statement' => [
       {
         'Action' => 'sts:AssumeRole',

lib/puppet/provider/aws_igw/api.rb

@@ -4,13 +4,13 @@
   mk_resource_methods
   remove_method :tags= # We want the method inherited from the parent
 
-  def self.new_from_aws(item)
-    tags = item.tags.to_h
+  def self.new_from_aws(region_name, item, tags=nil)
+    tags ||= item.tags.to_h
     name = tags.delete('Name') || item.id
-    vpc_name = nil
-    if item.vpc
-      vpc_name = name_or_id item.vpc
-    end
+
+    vpc_id   = item.pre_attachment_set.map{|as| as[:vpc_id]}.first
+    vpc_name = name_or_id(find_vpc_item_by_name(name)) if vpc_id
+
     new(
       :aws_item         => item,
       :name             => name,
@@ -20,11 +20,8 @@ def self.new_from_aws(item)
       :tags             => tags
     )
   end
-  def self.instances
-    regions.collect do |region_name|
-      ec2.regions[region_name].internet_gateways.collect { |item| new_from_aws(item) }
-    end.flatten
-  end
+
+  def self.instances_class; AWS::EC2::InternetGateway; end
 
   read_only(:vpc)
 

lib/puppet/provider/aws_routetable/api.rb

@@ -3,68 +3,121 @@
 Puppet::Type.type(:aws_routetable).provide(:api, :parent => Puppet_X::Bobtfish::Ec2_api) do
   mk_resource_methods
   remove_method :tags= # We want the method inherited from the parent
+  read_only :vpc, :subnets, :routes
 
-  def self.new_from_aws(region_name, item)
-    tags = item.tags.to_h
+  def main=(value)
+    if value.to_s != 'true'
+      debug "Setting :main to false is a noop"
+    elsif @property_hash[:aws_item].main?
+      @property_hash[:main] = 'true'
+    else
+      set_as_main!(find_vpc_item_by_name(@property_hash[:vpc]), @property_hash[:aws_item])
+    end
+  end
+
+  def propagate_from=(value)
+    propagate_from!([value].flatten, @property_hash[:aws_item])
+  end
+
+  def self.new_from_aws(region_name, item, tags=nil)
+    tags ||= item.tags.to_h
     name = tags.delete('Name') || item.id
+
+    cached_assocs = item.pre_association_set.map do |assoc|
+      AWS::EC2::RouteTable::Association.new(item,
+        assoc[:route_table_association_id],
+        assoc[:subnet_id])
+    end
+    item.define_singleton_method(:associations) { cached_assocs }
+
+    gw_ids   = item.pre_propagating_vgw_set.map{|pvs| pvs[:gateway_id]}
+    gw_names = Puppet::Type.type(:aws_vgw).provider(:api).instances.
+      select{|vgw| gw_ids.include? vgw.aws_item.id }.map{|vgw| vgw.name}
+
     new(
       :aws_item         => item,
       :name             => name,
       :id               => item.id,
       :ensure           => :present,
       :tags             => tags,
-      :main             => item.main? ? 'true' : 'false',
-      :vpc              => name_or_id(item.vpc),
+      :main             => item.pre_association_set.find{|a| a[:main] } ? 'true' : 'false',
+      :vpc              => name_or_id(find_vpc_item_by_name(item.pre_vpc_id)),
       :subnets          => item.subnets.map { |subnet| subnet.tags.to_h['Name'] || subnet.id },
-      :routes           => item.routes.map { |route|
-        {
-          :destination_cidr_block => route.destination_cidr_block,
+      :routes           => item.pre_route_set.map do |route_details|
+        route = AWS::EC2::RouteTable::Route.new(item, route_details)
+        igw   = Puppet::Type.type(:aws_igw).provider(:api).instances.
+          find {|igw| igw.aws_item.id == route.internet_gateway.id} if route.internet_gateway
+        igw   = igw.aws_item if igw
+
+        { :destination_cidr_block => route.destination_cidr_block,
           :state => route.state,
-          :target => name_or_id(route.target),
+          :target => route.target.id == 'local' ? 'local' : name_or_id(route.target),
           :origin => route.origin,
           :network_interface => name_or_id(route.network_interface),
-          :internet_gateway => name_or_id(route.internet_gateway)
-        }.reject { |k, v| v.nil? } },
-      :propagate_routes_from => []
-    )
-  end
-  read_only(:vpc, :subnets, :routes, :main)
-  def self.instances
-    regions.collect do |region_name|
-      ec2.regions[region_name].route_tables.collect { |item| new_from_aws(region_name,item) }
-    end.flatten
+          :internet_gateway => name_or_id(igw) }.
+            reject { |k,v| v.nil? }
+      end,
+      :propagate_from => gw_names)
   end
+
+  def self.instances_class; AWS::EC2::RouteTable; end
+
   def exists?
     @property_hash[:ensure] == :present
   end
+
   def create
     vpc = find_vpc_item_by_name resource[:vpc]
-    if !vpc
-      fail("Could not find vpc #{resource[:vpc]}")
-    end
-    my_region = find_region_name_for_vpc_name resource[:vpc]
-    begin
-      route_table = ec2.regions[my_region].route_tables.create({:vpc => vpc.id})
-      tag_with_name route_table, resource[:name]
-      tags = resource[:tags] || {}
-      tags.each { |k,v| route.add_tag(k, :value => v) }
-      route_table
-    rescue Exception => e
-      fail e
-    end
+    fail("Could not find vpc #{resource[:vpc]}") unless vpc
+
+    route_table = current_region.route_tables.create(:vpc => vpc.id)
+    tags = (resource[:tags] || {}).merge('Name' => resource[:name])
+    route_table.tags.set(tags)
+
+    set_as_main!(vpc, route_table) if resource[:main].to_s == 'true'
+    propagate_from!([resource[:propagate_from]].flatten, route_table) if resource[:propagate_from]
+
+    self.class.instance_variable_set('@instances', nil)
+
+    route_table
+  rescue Exception => e
+    fail e
   end
+
   def destroy
     @property_hash[:aws_item].delete
     @property_hash[:ensure] = :absent
   end
 
-  def propagate_routes_from=(vgws)
-    Array(vgws).each do |vgw|
-      ec2.regions[my_region].enable_vgw_route_propagation(
-        :route_table_id => id,
-        :gateway_id     => vgw
-      )
+  private
+
+  def set_as_main!(vpc, route_table, region=current_region)
+    current_main = vpc.route_tables.map do |rt|
+      rt.associations.find{ |as| as.main }
+    end.compact.first
+
+    if current_main && current_main.route_table.id != route_table.id
+      region.client.replace_route_table_association(
+        :association_id => current_main.id,
+        :route_table_id => route_table.id)
     end
+
+    @property_hash[:main] = 'true'
   end
-end
 
+  def propagate_from!(vgws, route_table, region=current_region)
+    gw_coll = region.vpn_gateways.map{|vgw| vgw} # force fetch
+    vgws.each do |vgw|
+      gateway = gw_coll.find{|gw| gw.tags['Name'] == vgw}
+      next unless gateway # should we fail here?
+
+      region.client.enable_vgw_route_propagation(
+        :route_table_id => route_table.id,
+        :gateway_id     => gateway.id)
+    end
+  end
+
+  def current_region
+    @current_region ||= ec2.regions[find_region_name_for_vpc_name(resource[:vpc])]
+  end
+end

lib/puppet/provider/aws_security_group/api.rb

@@ -5,14 +5,8 @@
   mk_resource_methods
   remove_method :tags= # We want the method inherited from the parent
 
-  def self.instances_for_region(region)
-    ec2.regions[region].security_groups
-  end
-  def instances_for_region(region)
-    self.class.instances_for_region region
-  end
-  def self.new_from_aws(region_name, item)
-    tags = item.tags.to_h
+  def self.new_from_aws(region_name, item, tags=nil)
+    tags ||= item.tags.to_h
     name = tags.delete('Name') || item.id
     if item.vpc_id
       vpc = ec2.regions[region_name].vpcs[item.vpc_id].tags['Name']
@@ -48,11 +42,8 @@ def self.new_from_aws(region_name, item)
       :authorize_egress  => egress
     )
   end
-  def self.instances
-    regions.collect do |region_name|
-      instances_for_region(region_name).collect { |item| new_from_aws(region_name, item) }
-    end.flatten
-  end
+
+  def self.instances_class; AWS::EC2::SecurityGroup; end
 
   read_only(:description, :vpc, :authorize_ingress, :authorize_egress)