private void ApplyNewPermissions(Config config, string currentIp)
{
foreach (var securityGroupConfig in config.SecurityGroups)
{
var securityGroup = GetSecurityGroupUsingConfig(securityGroupConfig);
securityGroup.CreateSecurityGroupIfNotExists();
// Add current ip address as new permissions
var newPermissions = securityGroupConfig
.IpPermissions
.Select(x => x.ToAwsPermission(currentIp));
securityGroup.AddIngressPermissions(newPermissions);
}
// Store current ip address so we know not to hit AWS next time if
// our ip doesn't change.
PublicIp.SetLast(currentIp);
// Store current config data so we can use it next time to delete
// the previous ip permissions. This is important because a user
// could delete ip permissions from their config file which would
// leave them dangling in AWS. By preserving the user's config
// in a seperate file we ensure we are able to clean up the rules
// we created.
config.Write(".last-config");
}
private void DoUpdateThunk(bool force = false)
{
var config = Config.Read("updraft-config.json");
if (config == null)
{
throw new InvalidOperationException("Can't do anything - updraft-config.json is gone.");
}
if (config.SecurityGroups.Any(x => x.AccessKey == "your-access-key"))
{
throw new InvalidOperationException("The application has not been configured. Please edit updraft-config.json");
}
var currentIp = PublicIp.GetCurrent(config);
var lastIp = PublicIp.GetLast();
// If we're offline do nothing
if (currentIp == null)
{
logger.Trace("Couldn't get IP address. We are probably offline.");
return;
}
// If our ip is the same do nothing
if (currentIp.Equals(lastIp))
{
if (force)
{
logger.Info("IP hasn't changed: " + currentIp + " but we are starting up so we'll apply this IP to AWS anyway.");
}
else
{
logger.Trace("IP hasn't changed: " + currentIp);
return;
}
}
else
{
logger.Info("IP has changed from " + (lastIp ?? "nothing") + " to " + currentIp + ". Applying changes to AWS.");
}
CleanupOldPermissions(lastIp);
ApplyNewPermissions(config, currentIp);
}