asbestos 0.0.1

data/spec/asbestos/host_spec.rb

@@ -0,0 +1,173 @@
+require 'spec_helper'
+
+describe Asbestos::Host do
+  before(:each) do
+    Asbestos.reset!
+  end
+
+  context "the 'host' DSL call" do
+
+    context "when a block is provided" do
+      it "should create a new host" do
+        Host.all.tap do |hosts|
+          hosts.should be_empty
+          host 'hostname' do
+          end
+
+          hosts.should_not be_empty
+        end
+      end
+
+      it "should evaluate the block in the context of the new host" do
+        context = nil
+
+        host 'hostname' do
+          context = self
+        end
+
+        Host['hostname'].call.should be context
+      end
+    end
+
+    context "when a block is not provided" do
+      it "should create a new host" do
+        Host.all.tap do |hosts|
+          hosts.should be_empty
+          host 'hostname'
+          hosts.should_not be_empty
+        end
+      end
+    end
+  end
+
+  context "context DSL" do
+    it "should properly add services via 'runs'" do
+      service :ssh do
+        port :ssh
+      end
+
+      host 'hostname' do
+        runs :ssh
+      end
+
+      Host['hostname'].call.rulesets.first.name.should be :ssh
+    end
+
+    it "should properly add be added to groups via 'group'" do
+      host 'hostname' do
+        group :some_group
+      end
+
+      Host.groups.should have_key(:some_group)
+      Host.groups[:some_group].should == [Host['hostname'].call]
+    end
+
+    context "the 'interface' call" do
+      it "should tag singular interfaces" do
+        host 'hostname' do
+          interface :some_tag, :eth0
+        end
+
+        Host['hostname'].call.interfaces[:some_tag].should == [:eth0]
+      end
+
+      it "should tag multiple interfaces" do
+        host 'hostname' do
+          interface :some_tag, [:eth0, :eth1]
+        end
+
+        Host['hostname'].call.interfaces[:some_tag].should == [:eth0, :eth1]
+      end
+
+      context "generating addresses" do
+        context "defaults" do
+          it "should generate defaults for singular interfaces" do
+            host 'hostname' do
+              interface :some_tag, :eth0
+            end
+
+            Host['hostname'].call.addresses[:eth0].should == 'hostname_some_tag'
+          end
+
+          it "should generate defaults for multiple interfaces" do
+            host 'hostname' do
+              interface :some_tag, [:eth0, :eth1]
+            end
+
+            Host['hostname'].call.addresses[:eth0].should == 'hostname_some_tag_eth0'
+            Host['hostname'].call.addresses[:eth1].should == 'hostname_some_tag_eth1'
+          end
+        end
+
+        context "overriding" do
+          context "singular interface" do
+            it "should allow overriding with a static address" do
+              host 'hostname' do
+                interface :some_tag, :eth0, "1.2.3.4"
+              end
+
+              Host['hostname'].call.addresses[:eth0].should == '1.2.3.4'
+            end
+
+            it "should allow overriding with a block" do
+              host 'hostname' do
+                interface :some_tag, :eth0 do |host|
+                  "#{host.name}_blah"
+                end
+              end
+
+              Host['hostname'].call.addresses[:eth0].should == 'hostname_blah'
+            end
+          end
+
+          context "multiple interfaces" do
+            it "should not allow overriding with a static address" do
+              expect do
+                host 'hostname' do
+                  interface :some_tag, [:eth0, :eth1], '1.2.3.4'
+                end
+              end.to raise_error
+            end
+
+            it "should allow overriding with a block" do
+              host 'hostname' do
+                interface :some_tag, [:eth0, :eth1] do |host, if_name|
+                  "#{host.name}_blah_#{if_name}"
+                end
+              end
+
+              Host['hostname'].call.addresses[:eth0].should == 'hostname_blah_eth0'
+              Host['hostname'].call.addresses[:eth1].should == 'hostname_blah_eth1'
+            end
+          end
+        end
+      end
+    end
+
+    it "should turn on denial logging with 'log_denials'" do
+      host 'hostname' do
+        log_denials
+      end
+
+      Host['hostname'].call.log_denials?.should be_true
+    end
+
+    it "should add iptables chains with the 'chain' call" do
+      host 'hostname' do
+        chain :some_chain, :drop
+      end
+
+      Host['hostname'].call.chains[:some_chain].should be :drop
+    end
+
+    it "should raise an error for unknown DSL calls" do
+      expect {
+        host 'hostname' do
+          this_isnt_a_dsl_call
+        end
+      }.to raise_error
+    end
+
+  end # context DSL
+
+end

data/spec/asbestos/host_template_spec.rb

@@ -0,0 +1,32 @@
+
+require 'spec_helper'
+
+describe Asbestos::HostTemplate do
+  before(:each) do
+    Asbestos.reset!
+  end
+
+  context "the 'host_template' DSL call" do
+    it "should store the block as a template" do
+
+      block = proc do;
+      end
+
+      host_template 'hosttemplatename', &block
+
+      Asbestos::HostTemplate[:hosttemplatename].template.should be block
+    end
+
+    it "should execute the template block in the context of the host" do
+      context = nil
+      host_template 'hosttemplatename' do
+        context = self
+      end
+
+      hosttemplatename 'hostname' do
+      end
+
+      Host['hostname'].call.should be context
+    end
+  end
+end

data/spec/asbestos/rule_set_spec.rb

@@ -0,0 +1,55 @@
+
+require 'spec_helper'
+
+describe Asbestos::RuleSet do
+  before(:each) do
+    Asbestos.reset!
+  end
+
+  context "the 'rule_set' DSL call" do
+    it "should store the block as a template" do
+
+      block = proc do;
+      end
+
+      rule_set 'rulesetname', &block
+
+      Asbestos::RuleSet[:rulesetname].should be block
+    end
+  end
+
+  context "context DSL" do
+    [:rule, :accept, :reject, :drop, :log].each do |action|
+      it "should send '#{action}' to the firewall module" do
+
+        Asbestos.firewall.should_receive action
+
+        rule_set 'rulesetname' do
+          eval "#{action} :chain => 'input', :remote_address => '224.0.0.0/4'"
+        end
+
+        host 'hostname' do
+          rulesetname
+        end
+
+        Host['hostname'].call.ruleset_rules
+      end
+    end
+
+    it "should add raw commands with 'command'" do
+      rule_set 'rulesetname' do
+        command "some raw firewall command"
+      end
+
+      host 'hostname' do
+        rulesetname
+      end
+
+      Host['hostname'].call.rules.join("\n").should match(/some raw firewall command/)
+    end
+
+    it "should generate firewall rules properly"
+    it "should handle the :from argument to from_each properly"
+    it "should handle the :from argument to from_each_address properly"
+  end
+end

data/spec/asbestos/service_spec.rb

@@ -0,0 +1,60 @@
+require 'spec_helper'
+
+describe Asbestos::Service do
+  before(:each) do
+    Asbestos.reset!
+  end
+
+  context "the 'service' DSL call" do
+    it "should store the block as a template" do
+
+      block = proc do;
+      end
+
+      service 'servicename', &block
+
+      Asbestos::Service[:servicename].should be block
+    end
+  end
+
+  context "context DSL" do
+    it "should store arbitrary calls as attributes" do
+      service 'servicename' do
+        some_attribute :some_value
+      end
+
+      host 'hostname' do
+        runs :servicename
+      end
+
+      Host['hostname'].call.rulesets.first.name.should be :servicename
+      Host['hostname'].call.rulesets.first.some_attribute.should be :some_value
+    end
+
+    it "should store certain attributes under their plural name" do
+      service 'servicename' do
+        port 9000
+        protocol :icmp
+        group :service_group
+      end
+
+      host 'hostname' do
+        runs :servicename
+      end
+
+      Host['hostname'].call.rulesets.first.name.should be :servicename
+
+      Host['hostname'].call.rulesets.first.port.should == [9000]
+      Host['hostname'].call.rulesets.first.ports.should == [9000]
+
+      Host['hostname'].call.rulesets.first.protocol.should == [:icmp]
+      Host['hostname'].call.rulesets.first.protocols.should == [:icmp]
+
+      Host['hostname'].call.rulesets.first.group.should == [:service_group]
+      Host['hostname'].call.rulesets.first.groups.should == [:service_group]
+    end
+  end
+
+  it "should generate firewall rules properly"
+  it "should handle the :from argument to open_port properly"
+end

data/spec/spec_helper.rb

@@ -0,0 +1,20 @@
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# Require this file using `require "spec_helper"` to ensure that it is only
+# loaded once.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+
+require 'asbestos'
+
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = 'random'
+end

metadata

@@ -0,0 +1,159 @@
+--- !ruby/object:Gem::Specification
+name: asbestos
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Michael Shapiro
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-06-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: system-getifaddrs
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.1.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.1.5
+description: Asbestos is a declarative DSL for building firewall rules (iptables,
+  at this point)
+email:
+- koudelka@ryoukai.org
+executables:
+- asbestos
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- Gemfile
+- Guardfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- asbestos.gemspec
+- bin/asbestos
+- examples/0_simple.rb
+- examples/10_kitchen_sink.rb
+- examples/1_two_hosts.rb
+- examples/2_accept_from_many.rb
+- examples/3_groups.rb
+- examples/4_host_templates.rb
+- examples/5_static_addresses.rb
+- examples/6_interface_addresses.rb
+- examples/7_services.rb
+- examples/8_rule_sets.rb
+- examples/9_literal_commands.rb
+- lib/asbestos.rb
+- lib/asbestos/address.rb
+- lib/asbestos/dsl.rb
+- lib/asbestos/firewalls/iptables.rb
+- lib/asbestos/host.rb
+- lib/asbestos/host_template.rb
+- lib/asbestos/metadata.rb
+- lib/asbestos/rule_set.rb
+- lib/asbestos/rule_sets/accept_from_self.rb
+- lib/asbestos/rule_sets/allow_related_established.rb
+- lib/asbestos/rule_sets/icmp_protection.rb
+- lib/asbestos/rule_sets/sanity_check.rb
+- lib/asbestos/service.rb
+- lib/asbestos/services/chef.rb
+- lib/asbestos/services/cube.rb
+- lib/asbestos/services/http.rb
+- lib/asbestos/services/memcached.rb
+- lib/asbestos/services/mongodb.rb
+- lib/asbestos/services/monit.rb
+- lib/asbestos/services/mysql.rb
+- lib/asbestos/services/nfs.rb
+- lib/asbestos/services/redis.rb
+- lib/asbestos/services/ssh.rb
+- spec/asbestos/address_spec.rb
+- spec/asbestos/firewalls/iptables_spec.rb
+- spec/asbestos/host_spec.rb
+- spec/asbestos/host_template_spec.rb
+- spec/asbestos/rule_set_spec.rb
+- spec/asbestos/service_spec.rb
+- spec/spec_helper.rb
+homepage: http://www.github.com/koudelka/asbestos
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: Declarative firewall(iptables) DSL.
+test_files:
+- spec/asbestos/address_spec.rb
+- spec/asbestos/firewalls/iptables_spec.rb
+- spec/asbestos/host_spec.rb
+- spec/asbestos/host_template_spec.rb
+- spec/asbestos/rule_set_spec.rb
+- spec/asbestos/service_spec.rb
+- spec/spec_helper.rb