def authorize_unit(self, rds): relation_id = self.get_db_identifier() group = rds.get_all_dbsecurity_groups(relation_id) group = group.pop() unit_instance = self.unit.get_instance() unit_group = [g.name for g in unit_instance.groups if g.name[-1].isdigit()].pop() relation_db = self._state.get(relation_id) relation_db['service_units'] = {} relation_db['service_units'][os.environ['JUJU_REMOTE_UNIT']] = { 'instance-id': unit_instance.id, 'security-group': unit_group} self._state.set(relation_id, relation_db) group.authorize(ec2_group=unit_group)
def deauthorize_unit(self, rds): relation_id = self.get_db_identifier() group = rds.get_all_dbsecurity_groups([relation_id]) group = group.pop() unit_instance = self.unit.get_instance() unit_group = [g.name for g in unit_instance.groups if g.name[-1].isdigit()].pop() relation_db = self._state.get(relation_id) remote_unit = os.environ['JUJU_REMOTE_UNIT'] if remote_unit in relation_db.get('service_units', ()): del relation_db['service_units'] group.revoke(ec2_group=unit_group) self._state.set(relation_id, relation_db)
def check_rds(region, groups, names): rds = boto.rds.connect_to_region(region) # Check EC2 classic rds_groups = rds.get_all_dbsecurity_groups() for rds_group in rds_groups: for ec2_group in rds_group.ec2_groups: if ec2_group.EC2SecurityGroupId in groups: raise ValueError('Security group [%s] is used in RDS security group [%s] and cannot be deleted' % (ec2_group.EC2SecurityGroupId, rds_group.name)) # Check VPC instances = rds.get_all_dbinstances() for instance in instances: for rds_group in instance.vpc_security_groups: if rds_group.vpc_group in groups: raise ValueError('Security group [%s] is used by RDS database [%s] and cannot be deleted' % (rds_group.vpc_group, instance.DBName))