awful 0.0.131 → 0.0.132

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/awful/security_group.rb +68 -18
  3. data/lib/awful/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9df02b3f1ece5cedce9a2932ee0f8904a1d0685c
4
- data.tar.gz: ad7374123396d7155ec84d6cae57c07d09f98dab
3
+ metadata.gz: 14133429fbba1f41a835d8d45c39f5373a970934
4
+ data.tar.gz: c78d296568121425e737eb1101ab6227b4145f1f
5
5
  SHA512:
6
- metadata.gz: 2cd8a580e571a794911aca602cde857f4d22e6efef782fb973930aa12da8c3c79e1ad4001e4cf2b331095b855ae798b7b1693b9e523dbbec7a082f73960a9dde
7
- data.tar.gz: 17d36acb2c6df8fd77cfaf42112358f05a982c3112befd700ce1ee74ebe08934d2a65eb96b816c537668e24c5879c570fdfb2a01cb5b33262f934d3344ab050f
6
+ metadata.gz: 5d8e26ea411a4c35a932113c54a8123110c5e8bb3910f8514779a3c84b1a6aae59951cfa94cde2b9d3f30606d32db5e7ffb2057a6198ab5ace642a20b2aa8157
7
+ data.tar.gz: 5535193a7a7fa50171676f61ec315b1ef228a1d041241e4bd29569aff95316abc8ebee71e58b31580b6e85a243c22bfdad676e081fb22687617953bdd0ab694b
data/lib/awful/security_group.rb CHANGED
@@ -1,20 +1,46 @@
1
1
  module Awful
2
+ module Short
3
+ def sg(*args)
4
+ Awful::SecurityGroup.new.invoke(*args)
5
+ end
6
+ end
2
7
 
3
8
  class SecurityGroup < Cli
4
9
 
5
- desc 'ls [NAME]', 'list security groups [matching NAME]'
6
- method_option :long, aliases: '-l', default: false, desc: 'Long listing'
7
- def ls(name = /./)
8
- fields = options[:long] ?
9
- ->(s) { [tag_name(s), s.group_id, s.group_name[0..50], s.vpc_id, s.description] } :
10
- ->(s) { [s.group_name] }
11
-
12
- ec2.describe_security_groups.map(&:security_groups).flatten.select do |sg|
13
- sg.group_name.match(name) or sg.group_id.match(name)
14
- end.map do |sg|
15
- fields.call(sg)
16
- end.tap do |list|
17
- print_table list
10
+ desc 'ls [IDs]', 'list security groups'
11
+ method_option :long, aliases: '-l', type: :boolean, default: false, desc: 'long listing'
12
+ method_option :ingress, aliases: '-i', type: :boolean, default: false, desc: 'list ingress permissions'
13
+ method_option :egress, aliases: '-o', type: :boolean, default: false, desc: 'list egress permissions'
14
+ method_option :tags, aliases: '-t', type: :array, default: [], desc: 'List of tags to filter, as key=value'
15
+ method_option :stack, aliases: '-s', type: :string, default: nil, desc: 'Filter by given stack'
16
+ method_option :resource, aliases: '-r', type: :string, default: nil, desc: 'Filter by given stack resource logical id'
17
+ def ls(*ids)
18
+ ## filter by tags
19
+ filters = []
20
+ options[:tags].each do |tag|
21
+ key, value = tag.split('=')
22
+ filters << {name: "tag:#{key}", values: [value]}
23
+ end
24
+ filters << {name: 'tag:aws:cloudformation:stack-name', values: [options[:stack]]} if options[:stack]
25
+ filters << {name: 'tag:aws:cloudformation:logical-id', values: [options[:resource]]} if options[:resource]
26
+ filters = nil if filters.empty? # sdk does not like empty arrays as args
27
+
28
+ ec2.describe_security_groups(group_ids: ids, filters: filters).security_groups.output do |groups|
29
+ if options[:long]
30
+ print_table groups.map { |g|
31
+ [ g.group_name, g.group_id, g.vpc_id, g.description ]
32
+ }.sort
33
+ elsif options[:ingress]
34
+ print_table groups.map { |g|
35
+ [ g.group_name, g.group_id, g.ip_permissions.map { |p| "#{p.ip_protocol}:#{p.from_port}-#{p.to_port}" }.join(',') ]
36
+ }.sort
37
+ elsif options[:egress]
38
+ print_table groups.map { |g|
39
+ [ g.group_name, g.group_id, g.ip_permissions_egress.map { |p| "#{p.ip_protocol}:#{p.from_port}-#{p.to_port}" }.join(',') ]
40
+ }.sort
41
+ else
42
+ puts groups.map(&:group_name).sort
43
+ end
18
44
  end
19
45
  end
20
46
 
@@ -32,7 +58,7 @@ module Awful
32
58
 
33
59
  desc 'dump NAME', 'dump security group with NAME [or ID] as yaml'
34
60
  def dump(name)
35
- first_matching_sg(name).tap do |sg|
61
+ first_matching_sg(name).output do |sg|
36
62
  puts YAML.dump(stringify_keys(sg.to_hash))
37
63
  end
38
64
  end
@@ -40,20 +66,44 @@ module Awful
40
66
  desc 'inbound NAME', 'show inbound rules for named security group'
41
67
  method_option :long, aliases: '-l', default: false, desc: 'Long listing'
42
68
  def inbound(name)
43
- first_matching_sg(name).ip_permissions.tap do |perms|
69
+ first_matching_sg(name).ip_permissions.output do |perms|
44
70
  sources = ->(perm) { perm.ip_ranges.map(&:cidr_ip) + perm.user_id_group_pairs.map(&:group_id) }
45
71
  if options[:long]
46
72
  perms.map do |p|
47
73
  sources.call(p).map do |s|
48
74
  [p.ip_protocol, p.from_port, p.to_port, s]
49
75
  end
50
- end.flatten(1).tap { |list| print_table list }
76
+ end.flatten(1).output { |list| print_table list }
51
77
  else
52
78
  puts perms.map { |p| sources.call(p) }.flatten
53
79
  end
54
80
  end
55
81
  end
56
82
 
57
- end
83
+ desc 'revoke ID [IP_PERMISSIONS]', 'revoke rules from security group'
84
+ method_option :source_security_group_name, type: :string, default: nil, desc: 'ip permission'
85
+ method_option :source_security_group_owner_id, type: :string, default: nil, desc: 'ip permission'
86
+ method_option :ip_protocol, type: :string, default: nil, desc: 'ip permission'
87
+ method_option :from_port, type: :string, default: nil, desc: 'ip permission'
88
+ method_option :to_port, type: :string, default: nil, desc: 'ip permission'
89
+ method_option :cidr_ip, type: :string, default: nil, desc: 'ip permission'
90
+ def revoke(id, *ip_permissions)
91
+ ## invoked from code, process ip_permissions objects as args
92
+ perms = ip_permissions.map do |p|
93
+ p.to_hash.tap do |h|
94
+ h[:user_id_group_pairs] = nil if h[:user_id_group_pairs].empty? # sdk will complain if this is empty
95
+ end
96
+ end
97
+
98
+ perms = nil if perms.empty?
99
+
100
+ ## can set these on command-line
101
+ params = %i[source_security_group_name source_security_group_owner_id ip_protocol from_port to_port cidr_ip].each_with_object({}) do |k,h|
102
+ h[k] = options[k]
103
+ end
104
+
105
+ ec2.revoke_security_group_ingress(params.merge(group_id: id, ip_permissions: perms))
106
+ end
58
107
 
59
- end
108
+ end
109
+ end
data/lib/awful/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Awful
2
- VERSION = '0.0.131'
2
+ VERSION = '0.0.132'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: awful
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.131
4
+ version: 0.0.132
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ric Lister
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-07-18 00:00:00.000000000 Z
11
+ date: 2016-07-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler