Skip to content
This repository has been archived by the owner on Jun 5, 2020. It is now read-only.

(WIP)(CLOUD-184, CLOUD-205) Make the region param and ENV var interchangable #117

Closed
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 6 additions & 7 deletions lib/puppet/provider/ec2_securitygroup/v2.rb
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ def self.instances
def self.prefetch(resources)
instances.each do |prov|
if resource = resources[prov.name] # rubocop:disable Lint/AssignmentInCondition
resource.provider = prov if resource[:region] == prov.region
resource.provider = prov if (resource[:region] || ENV['AWS_REGION']) == prov.region
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is actually fairly tricky, and I'm not sure that this is the right approach.

Assume that:

  • AWS has 2 security groups named foo in us-east-1 and us-west-1.
  • In a manifest, you've defined the foo sg resource with :region => 'us-west-1'
  • You've set AWS_REGION=us-east-1

It's now possible that even though the manifest wants to modify the resource in us-west-1, that Puppet will attach to and modify the resource in us-east-1 based on the order in which the regions were queried.

This may seem like an unlikely / synthesized problem, but it makes me really wary of doing something like this. I'm not sure there's a reasonable way around this problem.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't like the idea of having two mechanisms that perform the same action. Seems like it would get dirty very fast. Which one would take president?

Here is a real world example of modifying multiple resources with the same name in different regions. @mrzarquon mentioned that he wants to create identical VPCs in three different regions.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Regarding the two methods of passing region, this mirrors most of the AWS tools which will use the explicitly passed region OR fall back to the value of the Environment variable. It allows for some interesting reuse and in practice is less confusing that in theory in my experience. We should decide on whether we want to follow that convention, and if so agree we should better specify this behaviour and provide examples.

The linked example will only work if you have one puppet run per region, due to the requirement for unique resources in the graph. In the future we should definitely investigate other approaches here, including composite namevars ala #124. A current pattern is to use the region var to make unique composite names. ie. {region}-{name}.

end
end
end
Expand Down Expand Up @@ -96,14 +96,13 @@ def self.security_group_to_hash(region, group)
end

def exists?
dest_region = resource[:region] if resource
Puppet.info("Checking if security group #{name} exists in region #{dest_region || region}")
Puppet.info("Checking if security group #{name} exists in region #{target_region}")
@property_hash[:ensure] == :present
end

def create
Puppet.info("Creating security group #{name} in region #{resource[:region]}")
ec2 = ec2_client(resource[:region])
Puppet.info("Creating security group #{name} in region #{target_region}")
ec2 = ec2_client(target_region)
config = {
group_name: name,
description: resource[:description]
Expand Down Expand Up @@ -207,8 +206,8 @@ def ingress=(value)
end

def destroy
Puppet.info("Deleting security group #{name} in region #{resource[:region]}")
ec2_client(resource[:region]).delete_security_group(
Puppet.info("Deleting security group #{name} in region #{target_region}")
ec2_client(target_region).delete_security_group(
group_id: @property_hash[:id]
)
@property_hash[:ensure] = :absent
Expand Down
6 changes: 2 additions & 4 deletions lib/puppet/type/ec2_securitygroup.rb
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
require_relative '../../puppet_x/puppetlabs/property/tag.rb'
require_relative '../../puppet_x/puppetlabs/property/region'
require_relative '../../puppet_x/puppetlabs/aws_ingress_rules_parser'

Puppet::Type.newtype(:ec2_securitygroup) do
Expand All @@ -13,11 +14,8 @@
end
end

newproperty(:region) do
newproperty(:region, :parent => PuppetX::Property::AwsRegion) do
desc 'the region in which to launch the security group'
validate do |value|
fail 'region should not contains spaces' if value =~ /\s/
end
end

newproperty(:ingress, :array_matching => :all) do
Expand Down
6 changes: 6 additions & 0 deletions lib/puppet_x/puppetlabs/aws.rb
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,12 @@ def self.tags_for(item)
tags
end

def target_region
target = resource ? resource[:region] || region : region
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where does region come from? Should this method have a parameter list (region = default_region)?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

region in this context is the value of the region property. This basically says:

  • If you specify a region (ie. on the command line like puppet resource ec2_securitygroup bob region=blah or in the DSL, use that
  • If that isn't present, fall back to the value of region for the resource

target = nil if target == :absent
target || ENV['AWS_REGION']
end

def tags=(value)
Puppet.info("Updating tags for #{name} in region #{region}")
ec2 = ec2_client(resource[:region])
Expand Down
13 changes: 13 additions & 0 deletions lib/puppet_x/puppetlabs/property/region.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
module PuppetX
module Property
class AwsRegion < Puppet::Property
validate do |value|
name = resource[:name]
fail "region for #{name} should not contains spaces" if value =~ /\s/
if !ENV['AWS_REGION'].nil? && ENV['AWS_REGION'] != value
fail "if using AWS_REGION environment variable it must match the specified region value for #{name}"
end
end
end
end
end