awful 0.0.173 → 0.0.174
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/awful/security_group.rb +75 -23
- data/lib/awful/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6f7761e2b6a9222e092a65157fc986f451228822
|
4
|
+
data.tar.gz: b04a5adbbabc50bbe3d84b0b78148585d28d5255
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e7dd7b3696bd83ae497ca9b4c960ab49da92d7fc7a889be76caaa6d06c4d44534fa74c976d3c86ace5b4186aa3fb96a3b312edab833f1acd0f19cafe39ea5911
|
7
|
+
data.tar.gz: 2efeddbe73e96d82d2a83fa878aa6c2d75eada26d20385704ce67c013dc18a28316c01b81436ae6a8f970c3ce05207b968abd68ef685b21af334990dbfe1aec7
|
data/lib/awful/security_group.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
require 'open-uri'
|
2
|
+
|
1
3
|
module Awful
|
2
4
|
module Short
|
3
5
|
def sg(*args)
|
@@ -54,6 +56,20 @@ module Awful
|
|
54
56
|
end
|
55
57
|
end
|
56
58
|
|
59
|
+
## get security group by name or id
|
60
|
+
def get_id(name)
|
61
|
+
if name.match(/^sg-[\d[a-f]]{8}$/)
|
62
|
+
name
|
63
|
+
else
|
64
|
+
ec2.describe_security_groups(filters: [{name: 'group-name', values: [name]}]).security_groups.first.group_id
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
## lookup my IP as a CIDR
|
69
|
+
def get_my_ip
|
70
|
+
open('http://v4.ident.me/').read + '/32'
|
71
|
+
end
|
72
|
+
|
57
73
|
end
|
58
74
|
|
59
75
|
desc 'dump NAME', 'dump security group with NAME [or ID] as yaml'
|
@@ -80,32 +96,68 @@ module Awful
|
|
80
96
|
end
|
81
97
|
end
|
82
98
|
|
83
|
-
desc '
|
84
|
-
method_option :
|
85
|
-
method_option :
|
86
|
-
method_option :
|
87
|
-
method_option :
|
88
|
-
method_option :
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
+
desc 'authorize NAME|ID', 'authorize ingress for a security group'
|
100
|
+
method_option :port, aliases: '-p', type: :numeric, default: 22, desc: 'port to allow'
|
101
|
+
method_option :from_port, type: :numeric, default: nil, desc: 'start of port range'
|
102
|
+
method_option :to_port, type: :numeric, default: nil, desc: 'end of port range'
|
103
|
+
method_option :protocol, aliases: '-P', type: :string, default: 'tcp', desc: 'protocol to auth'
|
104
|
+
method_option :cidr, aliases: '-c', type: :string, default: nil, desc: 'CIDR range to allow'
|
105
|
+
def authorize(name)
|
106
|
+
ec2.authorize_security_group_ingress(
|
107
|
+
group_id: get_id(name),
|
108
|
+
ip_protocol: options[:protocol],
|
109
|
+
from_port: options[:from_port] || options[:port],
|
110
|
+
to_port: options[:to_port] || options[:port],
|
111
|
+
cidr_ip: options[:cidr] || get_my_ip,
|
112
|
+
)
|
113
|
+
rescue Aws::EC2::Errors::InvalidPermissionDuplicate => e
|
114
|
+
warn(e.message)
|
115
|
+
end
|
99
116
|
|
100
|
-
|
117
|
+
desc 'revoke NAME|ID', 'revoke ingress for a security group'
|
118
|
+
method_option :port, aliases: '-p', type: :numeric, default: 22, desc: 'port to allow'
|
119
|
+
method_option :from_port, type: :numeric, default: nil, desc: 'start of port range'
|
120
|
+
method_option :to_port, type: :numeric, default: nil, desc: 'end of port range'
|
121
|
+
method_option :protocol, aliases: '-P', type: :string, default: 'tcp', desc: 'protocol to revoke'
|
122
|
+
method_option :cidr, aliases: '-c', type: :string, default: nil, desc: 'CIDR range to revoke'
|
123
|
+
def revoke(name)
|
124
|
+
ec2.revoke_security_group_ingress(
|
125
|
+
group_id: get_id(name),
|
126
|
+
ip_protocol: options[:protocol],
|
127
|
+
from_port: options[:from_port] || options[:port],
|
128
|
+
to_port: options[:to_port] || options[:port],
|
129
|
+
cidr_ip: options[:cidr] || get_my_ip,
|
130
|
+
)
|
131
|
+
rescue Aws::EC2::Errors::InvalidPermissionNotFound => e
|
132
|
+
warn(e.message)
|
133
|
+
end
|
101
134
|
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
135
|
+
# desc 'revoke ID [IP_PERMISSIONS]', 'revoke rules from security group'
|
136
|
+
# method_option :source_security_group_name, type: :string, default: nil, desc: 'ip permission'
|
137
|
+
# method_option :source_security_group_owner_id, type: :string, default: nil, desc: 'ip permission'
|
138
|
+
# method_option :ip_protocol, type: :string, default: nil, desc: 'ip permission'
|
139
|
+
# method_option :from_port, type: :string, default: nil, desc: 'ip permission'
|
140
|
+
# method_option :to_port, type: :string, default: nil, desc: 'ip permission'
|
141
|
+
# method_option :cidr_ip, type: :string, default: nil, desc: 'ip permission'
|
142
|
+
# def revoke(id, *ip_permissions)
|
143
|
+
# ## invoked from code, process ip_permissions objects as args
|
144
|
+
# perms = ip_permissions.map do |p|
|
145
|
+
# p.to_hash.tap do |h|
|
146
|
+
# h.each do |k,v|
|
147
|
+
# h[k] = nil if (v.respond_to?(:empty?) && v.empty?) # no empty arrays, e.g. user_group_id_pairs, prefix_list_ids
|
148
|
+
# end
|
149
|
+
# end
|
150
|
+
# end
|
106
151
|
|
107
|
-
|
108
|
-
|
152
|
+
# perms = nil if perms.empty?
|
153
|
+
|
154
|
+
# ## can set these on command-line
|
155
|
+
# params = %i[source_security_group_name source_security_group_owner_id ip_protocol from_port to_port cidr_ip].each_with_object({}) do |k,h|
|
156
|
+
# h[k] = options[k]
|
157
|
+
# end
|
158
|
+
|
159
|
+
# ec2.revoke_security_group_ingress(params.merge(group_id: id, ip_permissions: perms))
|
160
|
+
# end
|
109
161
|
|
110
162
|
end
|
111
163
|
end
|
data/lib/awful/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: awful
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.174
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ric Lister
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-05-
|
11
|
+
date: 2017-05-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|