Upgrade aws-sdk to v2

bin/piculet

@@ -74,23 +74,23 @@ ARGV.options do |opt|
       end
       if role_arn
         session_name = "piculet-session-#{Time.now.to_i}"
-        sts = AWS::STS.new(AWSConfig[profile_name].config_hash)
-        provider = AWS::Core::CredentialProviders::AssumeRoleProvider.new(
-          sts: sts,
+        client = Aws::STS::Client.new(AWSConfig[profile_name].config_hash)
+        provider = Aws::AssumeRoleCredentials.new(
+          client: client,
           role_arn: role_arn,
           role_session_name: session_name
         )
       else
-        provider = AWS::Core::CredentialProviders::SharedCredentialFileProvider.new(credentials_opts)
+        provider = Aws::SharedCredentials.new(credentials_opts)
       end
-      aws_opts[:credential_provider] = provider
+      aws_opts[:credentials] = provider
     elsif (access_key and !secret_key) or (!access_key and secret_key) or mode.nil?
       puts opt.help
       exit 1
     end
 
     aws_opts[:region] = region if region
-    AWS.config(aws_opts)
+    Aws.config.update(aws_opts)
 
     # Remap groups to exclude to regular expressions (if they're surrounded by '/')
     if options[:exclude_sgs]
@@ -111,7 +111,7 @@ end
 String.colorize = options[:color]
 
 if options[:debug]
-  AWS.config({
+  Aws.config.update({
     :http_wire_trace => true,
     :logger => Piculet::Logger.instance,
   })

lib/piculet.rb

@@ -9,12 +9,11 @@
 require 'hashie'
 require 'ipaddr'
 
-require 'aws-sdk-v1'
+require 'aws-sdk'
 require 'aws_config'
 
 require 'piculet/ext/ec2-owner-id-ext'
 require 'piculet/ext/security-group'
-require 'piculet/ext/ip-permission-collection-ext'
 require 'piculet/ext/string-ext'
 
 require 'piculet/logger'

lib/piculet/client.rb

@@ -5,12 +5,12 @@ class Client
     def initialize(options = {})
       @options = OpenStruct.new(options)
       @options_hash = options
-      @options.ec2 = AWS::EC2.new
+      @options.ec2 = Aws::EC2::Resource.new
     end
 
     def apply(file)
       @options.ec2.owner_id
-      AWS.memoize { walk(file) }
+      walk(file)
     end
 
     def should_skip(sg_name, sg)
@@ -38,9 +38,7 @@ def should_skip(sg_name, sg)
     end
 
     def export(options = {})
-      exported = AWS.memoize do
-        Exporter.export(@options.ec2, @options_hash.merge(options))
-      end
+      exported = Exporter.export(@options.ec2, @options_hash.merge(options))
 
       converter = proc do |src|
         if options[:without_convert]
@@ -116,8 +114,8 @@ def walk(file)
     end
 
     def walk_ec2(vpc, ec2_dsl, ec2_aws, collection_api)
-      sg_list_dsl = collect_to_hash(ec2_dsl.security_groups, :name)
-      sg_list_aws = collect_to_hash(ec2_aws, :name)
+      sg_list_dsl = collect_to_hash(ec2_dsl.security_groups, :group_name)
+      sg_list_aws = collect_to_hash(ec2_aws, :group_name)
 
       sg_list_dsl.each do |key, sg_dsl|
         name = key[0]
@@ -180,8 +178,8 @@ def walk_security_group(security_group_dsl, security_group_aws)
     end
 
     def walk_permissions(permissions_dsl, permissions_aws)
-      perm_list_dsl = collect_to_hash(permissions_dsl, :protocol, :port_range)
-      perm_list_aws = collect_to_hash(permissions_aws, :protocol, :port_range)
+      perm_list_dsl = collect_to_hash(permissions_dsl, :ip_protocol, :port_range)
+      perm_list_aws = collect_to_hash(permissions_aws, :ip_protocol, :port_range)
 
       perm_list_aws.each do |key, perm_aws|
         perm_dsl = perm_list_dsl.delete(key)

lib/piculet/dsl/converter.rb

@@ -116,8 +116,8 @@ def output_groups(groups)
           name_or_id = i[:name] || i[:id]
           owner_id = i[:owner_id]
 
-          if AWS::EC2::SecurityGroup.elb?(owner_id)
-            arg = AWS::EC2::SecurityGroup.elb_sg
+          if Aws::EC2::SecurityGroup.elb?(owner_id)
+            arg = Aws::EC2::SecurityGroup.elb_sg
           elsif @owner_id == owner_id
             arg = name_or_id
           else

lib/piculet/dsl/permission.rb

@@ -12,7 +12,7 @@ def initialize(context, security_group, direction, protocol_prot_range, &block)
               @protocol_prot_range = protocol_prot_range
 
               @context = context.merge(
-                :protocol => protocol_prot_range[0],
+                :ip_protocol => protocol_prot_range[0],
                 :port_range => protocol_prot_range[1]
               )
 

lib/piculet/dsl/permissions.rb

@@ -19,7 +19,7 @@ def result
               protocol, port_range = key
 
               OpenStruct.new({
-                :protocol   => protocol,
+                :ip_protocol => protocol,
                 :port_range => port_range,
                 :ip_ranges  => perm.ip_ranges,
                 :groups     => perm.groups,

lib/piculet/dsl/security-group.rb

@@ -10,7 +10,7 @@ def initialize(context, name, vpc, &block)
           @context = context.merge(:security_group_name => name)
 
           @result = OpenStruct.new({
-            :name    => name,
+            :group_name => name,
             :tags    => {},
             :ingress => [],
             :egress  => [],

lib/piculet/exporter.rb

@@ -16,12 +16,11 @@ def export
       ec2s = @options[:ec2s]
       sg_names = @options[:sg_names]
       sgs = @ec2.security_groups
-      sgs = sgs.filter('group-name', *sg_names) if sg_names
-      sgs = sgs.sort_by {|sg| sg.name }
+      sgs = sgs.select { |sg| sg_names.include?(sg.group_name) } if sg_names
+      sgs = sgs.sort_by {|sg| sg.group_name }
 
       sgs.each do |sg|
-        vpc = sg.vpc
-        vpc = vpc.id if vpc
+        vpc = sg.vpc_id if sg.vpc?
 
         if ec2s
           next unless ec2s.any? {|i| (i == 'classic' and vpc.nil?) or i == vpc }
@@ -37,28 +36,33 @@ def export
     private
     def export_security_group(security_group)
       {
-        :name        => security_group.name,
+        :name        => security_group.group_name,
         :description => security_group.description,
         :tags        => tags_to_hash(security_group.tags),
         :owner_id    => security_group.owner_id,
-        :ingress     => export_ip_permissions(security_group.ingress_ip_permissions),
-        :egress      => export_ip_permissions(security_group.egress_ip_permissions),
+        :ingress     => export_ip_permissions(security_group.ip_permissions),
+        :egress      => export_ip_permissions(security_group.ip_permissions_egress),
       }
     end
 
     def export_ip_permissions(ip_permissions)
-      ip_permissions = ip_permissions ? ip_permissions.aggregate : []
+      ip_permissions = ip_permissions || []
 
       ip_permissions = ip_permissions.map do |ip_perm|
+        ip_protocol = ip_perm.ip_protocol == "-1" ? :any : ip_perm.ip_protocol.to_sym
+        port_range = ip_perm.from_port..ip_perm.to_port
+        port_range = nil if port_range == (nil..nil)
+        ip_ranges = ip_perm.ip_ranges.map { |range| range.cidr_ip }.sort
         {
-          :protocol   => ip_perm.protocol,
-          :port_range => ip_perm.port_range,
-          :ip_ranges  => ip_perm.ip_ranges.sort,
-          :groups => ip_perm.groups.map {|group|
+          :protocol   => ip_protocol,
+          :port_range => port_range,
+          :ip_ranges  => ip_ranges,
+          :groups => ip_perm.user_id_group_pairs.map {|group|
+            g = @ec2.security_group(group.group_id)
             {
-              :id       => group.id,
-              :name     => group.name,
-              :owner_id => group.owner_id,
+              :id       => g.group_id,
+              :name     => g.group_name,
+              :owner_id => g.owner_id,
             }
           }.sort_by {|g| g[:name] },
         }
@@ -72,7 +76,7 @@ def export_ip_permissions(ip_permissions)
 
     def tags_to_hash(tags)
       h = {}
-      tags.map {|k, v| h[k] = v }
+      tags.each {|tag| h[tag.key] = tag.value }
       h
     end
   end # Exporter

lib/piculet/ext/ec2-owner-id-ext.rb

@@ -1,92 +1,95 @@
-module AWS
-  class EC2
-    DESC_OWNER_ID_RETRY_TIMES   = 3
-    DESC_OWNER_ID_RETRY_WAIT    = 3
-    SECURITY_GROUP_NAME_MAX_LEN = 255
-
-    def owner_id
-      return ENV['AWS_OWNER_ID'] if ENV['AWS_OWNER_ID']
-      return @owner_id if @owner_id
-
-      @owner_id = get_owner_id_from_iam || get_owner_id_from_security_group
-
-      return @owner_id
-    end
-
-    def own?(other)
-      other == owner_id
-    end
-
-    private
-    def get_owner_id_from_iam
-      credentials = self.config.credential_provider.credentials
-      iam = AWS::IAM.new(credentials)
-      user = iam.client.get_user rescue nil
-      return nil unless user
-      arn = user[:user][:arn]
-      arn.split(':')[4]
-    end
-
-    def get_owner_id_from_security_group
-      security_group = create_random_security_group
-      return nil unless security_group
-      owner_id = random_security_group_owner_id(security_group)
-      delete_random_security_group(security_group)
-      return owner_id
-    end
-
-    def create_random_security_group
-      security_group = nil
-
-      DESC_OWNER_ID_RETRY_TIMES.times do
-        name = random_security_group_name
-        security_group = self.security_groups.create(name) rescue nil
-        break if security_group
-        sleep DESC_OWNER_ID_RETRY_WAIT
+module Aws
+  module EC2
+    class Resource
+      DESC_OWNER_ID_RETRY_TIMES   = 3
+      DESC_OWNER_ID_RETRY_WAIT    = 3
+      SECURITY_GROUP_NAME_MAX_LEN = 255
+
+      def owner_id
+        return ENV['AWS_OWNER_ID'] if ENV['AWS_OWNER_ID']
+        return @owner_id if @owner_id
+
+        @owner_id = get_owner_id_from_iam || get_owner_id_from_security_group
+
+        return @owner_id
+      end
+
+      def own?(other)
+        other == owner_id
       end
 
-      return security_group
-    end
+      private
+
+      def get_owner_id_from_iam
+        credentials = Aws::EC2::Client.new.config.credentials
+        iam = Aws::IAM::Client.new(credentials: credentials)
+        user = iam.get_user rescue nil
+        return nil unless user
+        arn = user[:user][:arn]
+        arn.split(':')[4]
+      end
 
-    def random_security_group_owner_id(security_group)
-      owner_id = nil
+      def get_owner_id_from_security_group
+        security_group = create_random_security_group
+        return nil unless security_group
+        owner_id = random_security_group_owner_id(security_group)
+        delete_random_security_group(security_group)
+        return owner_id
+      end
 
-      (1..DESC_OWNER_ID_RETRY_TIMES).each do |i|
-        begin
-          owner_id = security_group.owner_id
-          break
-        rescue => e
-          raise e unless i < DESC_OWNER_ID_RETRY_TIMES
+      def create_random_security_group
+        security_group = nil
+
+        DESC_OWNER_ID_RETRY_TIMES.times do
+          name = random_security_group_name
+          security_group = self.create_security_group(group_name: name, description: name) rescue nil
+          break if security_group
+          sleep DESC_OWNER_ID_RETRY_WAIT
         end
 
-        sleep DESC_OWNER_ID_RETRY_WAIT
+        return security_group
       end
 
-      return owner_id
-    end
+      def random_security_group_owner_id(security_group)
+        owner_id = nil
+
+        (1..DESC_OWNER_ID_RETRY_TIMES).each do |i|
+          begin
+            owner_id = security_group.owner_id
+            break
+          rescue => e
+            raise e unless i < DESC_OWNER_ID_RETRY_TIMES
+          end
 
-    def delete_random_security_group(security_group)
-      (1..DESC_OWNER_ID_RETRY_TIMES).each do |i|
-        begin
-          security_group.delete
-          break
-        rescue => e
-          raise e unless i < DESC_OWNER_ID_RETRY_TIMES
+          sleep DESC_OWNER_ID_RETRY_WAIT
         end
 
-        sleep DESC_OWNER_ID_RETRY_WAIT
+        return owner_id
       end
-    end
 
-    def random_security_group_name
-      name = []
-      len = SECURITY_GROUP_NAME_MAX_LEN
+      def delete_random_security_group(security_group)
+        (1..DESC_OWNER_ID_RETRY_TIMES).each do |i|
+          begin
+            security_group.delete
+            break
+          rescue => e
+            raise e unless i < DESC_OWNER_ID_RETRY_TIMES
+          end
 
-      while name.length < len
-        name.concat(('a'..'z').to_a + ('A'..'Z').to_a + (0..9).to_a)
+          sleep DESC_OWNER_ID_RETRY_WAIT
+        end
       end
 
-      name.shuffle[0...len].join
-    end
+      def random_security_group_name
+        name = []
+        len = SECURITY_GROUP_NAME_MAX_LEN
+
+        while name.length < len
+          name.concat(('a'..'z').to_a + ('A'..'Z').to_a + (0..9).to_a)
+        end
+
+        name.shuffle[0...len].join
+      end
+    end # Resource
   end # EC2
-end # AWS
+end # Aws