def authorize_unit(self, rds):
relation_id = self.get_db_identifier()
group = rds.get_all_dbsecurity_groups(relation_id)
group = group.pop()
unit_instance = self.unit.get_instance()
unit_group = [g.name for g in unit_instance.groups
if g.name[-1].isdigit()].pop()
relation_db = self._state.get(relation_id)
relation_db['service_units'] = {}
relation_db['service_units'][os.environ['JUJU_REMOTE_UNIT']] = {
'instance-id': unit_instance.id,
'security-group': unit_group}
self._state.set(relation_id, relation_db)
group.authorize(ec2_group=unit_group)
def deauthorize_unit(self, rds):
relation_id = self.get_db_identifier()
group = rds.get_all_dbsecurity_groups([relation_id])
group = group.pop()
unit_instance = self.unit.get_instance()
unit_group = [g.name for g in unit_instance.groups
if g.name[-1].isdigit()].pop()
relation_db = self._state.get(relation_id)
remote_unit = os.environ['JUJU_REMOTE_UNIT']
if remote_unit in relation_db.get('service_units', ()):
del relation_db['service_units']
group.revoke(ec2_group=unit_group)
self._state.set(relation_id, relation_db)
def check_rds(region, groups, names):
rds = boto.rds.connect_to_region(region)
# Check EC2 classic
rds_groups = rds.get_all_dbsecurity_groups()
for rds_group in rds_groups:
for ec2_group in rds_group.ec2_groups:
if ec2_group.EC2SecurityGroupId in groups:
raise ValueError('Security group [%s] is used in RDS security group [%s] and cannot be deleted' %
(ec2_group.EC2SecurityGroupId, rds_group.name))
# Check VPC
instances = rds.get_all_dbinstances()
for instance in instances:
for rds_group in instance.vpc_security_groups:
if rds_group.vpc_group in groups:
raise ValueError('Security group [%s] is used by RDS database [%s] and cannot be deleted' %
(rds_group.vpc_group, instance.DBName))
