awful 0.0.173 → 0.0.174

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/awful/security_group.rb +75 -23
  3. data/lib/awful/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: c0e7ce04e338786aaff27a8aff634b4b2359d6b0
4
- data.tar.gz: 227b9e77e562cd83ba2e42da2a6fcb4fe2968785
3
+ metadata.gz: 6f7761e2b6a9222e092a65157fc986f451228822
4
+ data.tar.gz: b04a5adbbabc50bbe3d84b0b78148585d28d5255
5
5
  SHA512:
6
- metadata.gz: 23e28b5ed32c58399acc4d8039c5d5db9386fd309e010f99d6710f0a9ac42962bd617f1c1954106f7df7ea00d9656847fb73b86a04199f0d838c9ce3bf02559a
7
- data.tar.gz: e7b2df9a0151c931b3a066fae151dd9e6b603249279d03e5861d8d89adc5d39a667f73387e0a323693af9f3569641411e7904bd83347a54eb8952f58d11ec615
6
+ metadata.gz: e7dd7b3696bd83ae497ca9b4c960ab49da92d7fc7a889be76caaa6d06c4d44534fa74c976d3c86ace5b4186aa3fb96a3b312edab833f1acd0f19cafe39ea5911
7
+ data.tar.gz: 2efeddbe73e96d82d2a83fa878aa6c2d75eada26d20385704ce67c013dc18a28316c01b81436ae6a8f970c3ce05207b968abd68ef685b21af334990dbfe1aec7
data/lib/awful/security_group.rb CHANGED
@@ -1,3 +1,5 @@
1
+ require 'open-uri'
2
+
1
3
  module Awful
2
4
  module Short
3
5
  def sg(*args)
@@ -54,6 +56,20 @@ module Awful
54
56
  end
55
57
  end
56
58
 
59
+ ## get security group by name or id
60
+ def get_id(name)
61
+ if name.match(/^sg-[\d[a-f]]{8}$/)
62
+ name
63
+ else
64
+ ec2.describe_security_groups(filters: [{name: 'group-name', values: [name]}]).security_groups.first.group_id
65
+ end
66
+ end
67
+
68
+ ## lookup my IP as a CIDR
69
+ def get_my_ip
70
+ open('http://v4.ident.me/').read + '/32'
71
+ end
72
+
57
73
  end
58
74
 
59
75
  desc 'dump NAME', 'dump security group with NAME [or ID] as yaml'
@@ -80,32 +96,68 @@ module Awful
80
96
  end
81
97
  end
82
98
 
83
- desc 'revoke ID [IP_PERMISSIONS]', 'revoke rules from security group'
84
- method_option :source_security_group_name, type: :string, default: nil, desc: 'ip permission'
85
- method_option :source_security_group_owner_id, type: :string, default: nil, desc: 'ip permission'
86
- method_option :ip_protocol, type: :string, default: nil, desc: 'ip permission'
87
- method_option :from_port, type: :string, default: nil, desc: 'ip permission'
88
- method_option :to_port, type: :string, default: nil, desc: 'ip permission'
89
- method_option :cidr_ip, type: :string, default: nil, desc: 'ip permission'
90
- def revoke(id, *ip_permissions)
91
- ## invoked from code, process ip_permissions objects as args
92
- perms = ip_permissions.map do |p|
93
- p.to_hash.tap do |h|
94
- h.each do |k,v|
95
- h[k] = nil if (v.respond_to?(:empty?) && v.empty?) # no empty arrays, e.g. user_group_id_pairs, prefix_list_ids
96
- end
97
- end
98
- end
99
+ desc 'authorize NAME|ID', 'authorize ingress for a security group'
100
+ method_option :port, aliases: '-p', type: :numeric, default: 22, desc: 'port to allow'
101
+ method_option :from_port, type: :numeric, default: nil, desc: 'start of port range'
102
+ method_option :to_port, type: :numeric, default: nil, desc: 'end of port range'
103
+ method_option :protocol, aliases: '-P', type: :string, default: 'tcp', desc: 'protocol to auth'
104
+ method_option :cidr, aliases: '-c', type: :string, default: nil, desc: 'CIDR range to allow'
105
+ def authorize(name)
106
+ ec2.authorize_security_group_ingress(
107
+ group_id: get_id(name),
108
+ ip_protocol: options[:protocol],
109
+ from_port: options[:from_port] || options[:port],
110
+ to_port: options[:to_port] || options[:port],
111
+ cidr_ip: options[:cidr] || get_my_ip,
112
+ )
113
+ rescue Aws::EC2::Errors::InvalidPermissionDuplicate => e
114
+ warn(e.message)
115
+ end
99
116
 
100
- perms = nil if perms.empty?
117
+ desc 'revoke NAME|ID', 'revoke ingress for a security group'
118
+ method_option :port, aliases: '-p', type: :numeric, default: 22, desc: 'port to allow'
119
+ method_option :from_port, type: :numeric, default: nil, desc: 'start of port range'
120
+ method_option :to_port, type: :numeric, default: nil, desc: 'end of port range'
121
+ method_option :protocol, aliases: '-P', type: :string, default: 'tcp', desc: 'protocol to revoke'
122
+ method_option :cidr, aliases: '-c', type: :string, default: nil, desc: 'CIDR range to revoke'
123
+ def revoke(name)
124
+ ec2.revoke_security_group_ingress(
125
+ group_id: get_id(name),
126
+ ip_protocol: options[:protocol],
127
+ from_port: options[:from_port] || options[:port],
128
+ to_port: options[:to_port] || options[:port],
129
+ cidr_ip: options[:cidr] || get_my_ip,
130
+ )
131
+ rescue Aws::EC2::Errors::InvalidPermissionNotFound => e
132
+ warn(e.message)
133
+ end
101
134
 
102
- ## can set these on command-line
103
- params = %i[source_security_group_name source_security_group_owner_id ip_protocol from_port to_port cidr_ip].each_with_object({}) do |k,h|
104
- h[k] = options[k]
105
- end
135
+ # desc 'revoke ID [IP_PERMISSIONS]', 'revoke rules from security group'
136
+ # method_option :source_security_group_name, type: :string, default: nil, desc: 'ip permission'
137
+ # method_option :source_security_group_owner_id, type: :string, default: nil, desc: 'ip permission'
138
+ # method_option :ip_protocol, type: :string, default: nil, desc: 'ip permission'
139
+ # method_option :from_port, type: :string, default: nil, desc: 'ip permission'
140
+ # method_option :to_port, type: :string, default: nil, desc: 'ip permission'
141
+ # method_option :cidr_ip, type: :string, default: nil, desc: 'ip permission'
142
+ # def revoke(id, *ip_permissions)
143
+ # ## invoked from code, process ip_permissions objects as args
144
+ # perms = ip_permissions.map do |p|
145
+ # p.to_hash.tap do |h|
146
+ # h.each do |k,v|
147
+ # h[k] = nil if (v.respond_to?(:empty?) && v.empty?) # no empty arrays, e.g. user_group_id_pairs, prefix_list_ids
148
+ # end
149
+ # end
150
+ # end
106
151
 
107
- ec2.revoke_security_group_ingress(params.merge(group_id: id, ip_permissions: perms))
108
- end
152
+ # perms = nil if perms.empty?
153
+
154
+ # ## can set these on command-line
155
+ # params = %i[source_security_group_name source_security_group_owner_id ip_protocol from_port to_port cidr_ip].each_with_object({}) do |k,h|
156
+ # h[k] = options[k]
157
+ # end
158
+
159
+ # ec2.revoke_security_group_ingress(params.merge(group_id: id, ip_permissions: perms))
160
+ # end
109
161
 
110
162
  end
111
163
  end
data/lib/awful/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Awful
2
- VERSION = '0.0.173'
2
+ VERSION = '0.0.174'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: awful
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.173
4
+ version: 0.0.174
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ric Lister
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-05-01 00:00:00.000000000 Z
11
+ date: 2017-05-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler