aws-ssh-resolver 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f935d670a01180e51698c25ea3ca209884f43556
+  data.tar.gz: ee1f14a33bcbe6b9ead7babf3fd625d96f3de9c0
+SHA512:
+  metadata.gz: 02580ee44766981ab87b40e4f5f8bdac0cd1ab5e0e1ce3082f393272fac7b144bfa4f9b3c568834d6bb66b40b54f20c698cce7a2b162e737c516bd213fddd5fc
+  data.tar.gz: 013f95baba3d2fef334144d5995bdc373992b9e6ece6e88287ca2ee2937047c2fc70128ead909c8e50c3e2dedf34f0f2e70a819fa3e0aadad6b6c5d9c37933c9

data/README.md

@@ -0,0 +1,251 @@
+# aws-ssh-resolver - Resolve AWS EC2 HostNames for OpenSSH configuration - $Release:0.0.2$
+
+`aws-ssh-resolver` keeps AWS EC2 HostNames in OpenSSH configuration
+file in sync with Amazon cloud making it easier for a user to use
+OpenSSH, and related tools, on Amazon Platform.
+
+## The Problem
+
+Every EC2 instance on Amazon platform has a Private IP address, and a
+DNS hostname resolving to this address. Private IP cannot be reached
+directly from the Internet, and the Private DNS name can be resolved
+only on the network that the instance is in. An instance may be
+assigned a Public IP Address, and corresponding Public DNS name.  The
+Public IP is accessible from the Internet, and the Public DNS name is
+resolvable outside the network of the instance.  Public IPs come from
+Amazon's pool of public IP address, and an instance may not reuse the
+IP address, once it is released. For example, stopping, or
+terminating, an instance releases the Public IP Address. See Amazon
+[documentation](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html)
+for more details.
+
+
+Amazon EC2 Instance IP Addressing presents several challenges for SSH
+usage, or any SSH related tool e.g.
+[ansible](http://www.ansible.com/home),
+[fabric](http://www.fabfile.org/),
+[serverspec](http://serverspec.org/) etc.
+
+* Public DNS Name encodes the Public IP Address. Each time an instance
+  is assigned a new IP address, it also gets a new Public DNS name, In
+  essence this means that the task of managing DNS names becomes
+  comparable to the task of managing IP addresses.
+
+* Using an IP address to contact an instance is complicated, because
+  Public IP Address, once released, cannot be reused. Using fixed IP
+  addresses requires keeping track of reserved address, and comes with
+  extra costs.
+
+* EC2 instances, with only a Private IP Address, cannot be reached
+  directly from the Internet.
+
+* Private DNS names also encode the IP address they map to. On top of
+  that, Private DNS names cannot resolved outside the cloud network.
+
+## The Solution
+
+[aws-ssh-resolver](https://github.com/jarjuk/aws-ssh-resolver)
+addresses the challenges above 
+
+* It accepts output of
+   [Amazon Command Line Interface](https://aws.amazon.com/cli/) to
+   create
+   [OpenSSH Configuration](http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/ssh_config.5?query=ssh_config&sec=5)
+   entries mapping persistent, and human-understandable, EC2 Tag names
+   to mutable EC2 DNS names.
+   
+* Tag-name/DNS name mapping can be updated to reflect current cloud
+   configuration.
+
+* Tag-name/DNS mapping together with
+    [ProxyCommand with Netcat](https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts#ProxyCommand_with_Netcat)
+    configuration in OpenSSH allows users to create a transparent
+    multihop SSH connection to EC2 instances with Private IP Address
+    only
+	
+## Usage
+
+### Installation
+
+Add following lines to `Gemfile`
+
+    source 'https://rubygems.org'
+	gem 'aws-ssh-resolver'
+
+and run
+
+	bundle install
+
+### Configuration
+
+Create an initial
+[OpenSSH Configuration](http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/ssh_config.5?query=ssh_config&sec=5)
+file `ssh/config.aws` with any fixed configuration.  Running
+**aws-ssh-resolver** updates this file, but does not interfere with
+the content user has entered.
+
+**Notice**: If `ssh/config.aws` -file does not exist, the first
+**aws-ssh-resolver** run creates the initial version of
+`ssh/config.aws` automatically using `ssh/config.init`. This avoids
+the need to check in the mutable `ssh/config.aws` into a version
+nncontrol system.
+
+### Update OpenSSH Configuration file
+
+To update OpenSSH configuration with EC2 Tag/DNS mappings pipe the
+result of `aws ec2 describe-instances` to **aws-ssh-resolver**
+command:
+
+	aws ec2 describe-instances |  bundle exec aws-ssh-resolver.rb resolve
+
+The command extract EC2 Tag/DNS information, and writes
+`host`/`HostName` configuration entries in `ssh/config.aws` -file.  In
+this file `host` value is taken from `Name` tag on an EC2 instance,
+and `HostName` value is taken from `PublicDnsName` on an EC2
+instance. If `PublicDnsName` is not defined, the command uses
+`PrivateDnsName` instead.
+
+When the network topology changes, i.e. an instance gets a new IP
+address, an instance is terminated, or a new instance is launched,
+rerun the command again to update content in `ssh/config.aws` to
+reflect the new situation.
+
+## An Example
+
+### Example Setup
+
+The example uses two Ubuntu EC2 instances with `Name` -tags `myFront`
+and `myBack1`. Instance `myFront` has an internal IP
+`10.0.0.246`. Instances on subnet `10.0.0.0/24` can be reached over
+Internet, and `myFront` has been assigned a public IP `52.19.117.227`,
+and an externally resolvable DNS name
+`c2-52-19-117-227.eu-west-1.compute.amazonaws.com`. Instance `myBack1`
+belongs to private subnet `10.0.1.0/24`, and cannot reached directly
+from Internet. It has a private IP address `10.0.1.242` with a DNS
+name `ip-10-0-1-242.eu-west-1.compute.internal`. Both of these
+instances have been created using
+[Amazon EC2 Key Pair](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html)
+`demo_key`.
+
+
+    +----------------------------------------------------------------+
+    | Tags: [ "Name": "myFront" ], Ubuntu 14.04 LTS Trusty           |
+    | 52.19.117.227/c2-52-19-117-227.eu-west-1.compute.amazonaws.com |
+    | 10.0.0.246/ip-10-0-0-246.eu-west-1.compute.internal            |
+	! 10.0.0.0/24                                                    |
+    | .ssh/demo_key.pub                                              |
+    +----------------------------------------------------------------+
+
+    +----------------------------------------------------------------+
+    | Tags: [ "Name": "myBack1" ], Ubuntu 14.04 LTS Trusty           |
+    |                                                                |
+    |10.0.1.242//ip-10-0-1-242.eu-west-1.compute.internal            |
+    |10.0.1.0/24                                                     |
+    |.ssh/demo_key.pub                                               |
+    +----------------------------------------------------------------+
+
+
+### Initial Configuration
+
+We start by creating `ssh/config.aws` configuration file with the
+following initial content
+
+    Host *.compute.internal 
+	   ProxyCommand ssh myFront1 -F ssh/config.aws nc -q0 %h 22
+
+    Host *
+         user ubuntu
+         StrictHostKeyChecking no
+         UserKnownHostsFile=/dev/null
+         IdentityFile ~/.ssh/demo-key/demo-key
+
+This configuration instructs OpenSSH to use user name `ubuntu` and SSH
+private key in `~/.ssh/demo-key/demo-key` for all SSH connections.
+
+Amazon assigns DNS names ending with `compute.internal` to map to
+Private IP address. The configuration tells OpenSSH to use `myFront1`
+as a proxy to connect to instances with Private DNS name.
+
+
+### Read Network Topology, and Update OpenSSH Configuration
+
+Running command
+
+	aws ec2 describe-instances |  bundle exec aws-ssh-resolver.rb resolve
+
+reads EC2 information from Amazon platform, extracts `Name` tags and
+DNS names, and updates `ssh/config.aws` with `host` and `HostName`
+information as shown below:
+
+    # +++ aws-ssh-resolver-cli update start here +++
+
+    # Content generated 2015-09-06-21:57:37
+
+    host myFront1
+        HostName ec2-52-19-117-227.eu-west-1.compute.amazonaws.com
+
+
+    host myBack1
+        HostName ip-10-0-1-242.eu-west-1.compute.internal
+
+
+    # +++ aws-ssh-resolver-cli update end here +++
+    Host *.compute.internal
+         ProxyCommand ssh myFront1 -F ssh/config.aws nc -q0 %h 22
+
+    Host *
+         user ubuntu
+         StrictHostKeyChecking no
+         UserKnownHostsFile=/dev/null
+         IdentityFile ~/.ssh/demo-key/demo-key
+		 
+This configuration adds the host definition for `myFront1`, and
+instructs OpenSSH to use a Public DNS name to connect the instance.
+
+The HostName for `myBack1` ends with `compute.internal`, and the
+OpenSSH uses the proxy definition to access it.
+
+### Using OpenSSH Configuration to Access ASW Instances
+
+The configuration in `ssh/configaws` allows us to use tag name
+`myFront1` to make a SSH connection to machine with the DNS name
+`c2-52-19-117-227.eu-west-1.compute.amazonaws.com` simply with command
+
+	ssh myFront1 -F ssh/config.aws
+	Warning: Permanently added 'ec2-52-19-117-227.eu-west-1.compute.amazonaws.com,52.19.117.227' (ECDSA) to the list of known hosts.
+
+
+The instance on subnet `10.0.1.0/24` cannot reached directly, and the
+configuration instructs OpenSSH to use `myFront` as a intermediary to
+create a
+[transparent ssh connection](https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts#ProxyCommand_with_Netcat)
+to `myBack1`. This all takes place transparently, and the simple
+command
+
+	ssh myBack1 -F ssh/config.aws
+	Warning: Permanently added 'ec2-52-19-117-227.eu-west-1.compute.amazonaws.com,52.19.117.227' (ECDSA) to the list of known hosts.
+	Warning: Permanently added 'ip-10-0-1-242.eu-west-1.compute.internal' (ECDSA) to the list of known hosts.
+
+creates a SSH connection to `myBack1`.
+
+Warnings shown above, are due to parameters `UserKnownHostsFile` and
+`StrictHostKeyChecking`, which prevent ssh from updating the default
+`.ssh/known_hosts` file with the fingerprints of the (temporary)
+instances used in testing.
+
+
+### Updating OpenSSH Configuration
+
+If the network configuration changes, rerunning
+
+	aws ec2 describe-instances |  bundle exec aws-ssh-resolver.rb resolve
+
+refreshes configuration in `ssh/config.aws`.
+
+## Changes
+
+See [RELEASES](RELEASES.md)
+
+## License
+
+MIT

data/bin/aws-ssh-resolver.rb

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require_relative "../lib/cli/aws-ssh-resolver-cli"
+
+Cli.start

data/lib/aws-ssh-resolver.rb

@@ -0,0 +1 @@
+require_relative "utils/logger"

data/lib/cli/aws-ssh-resolver-cli.rb

@@ -0,0 +1,339 @@
+require 'thor'
+require 'json'
+require_relative "../aws-ssh-resolver"
+
+class Cli < Thor
+
+  include Utils::MyLogger     # mix logger
+  PROGNAME = "main"           # logger progname
+
+  # ------------------------------------------------------------------
+  # constanst
+  DEFAULT_SSH_CONFIG_FILE     = "ssh/config.aws"
+  DEFAULT_SSH_CONFIG_INIT     = "ssh/config.init"
+  MAGIC_START                 = "# +++ aws-ssh-resolver-cli update start here +++"
+  MAGIC_END                   = "# +++ aws-ssh-resolver-cli update end here +++"
+  DEFAULT_DESCRIBE_INSTANCES  = "aws ec2 describe-instances --filters 'Name=tag-key,Values=Name'"
+  DEFAULT_HOST_TAG            = "Name"
+
+  # ------------------------------------------------------------------
+  # constructore
+
+  def initialize(*args)
+    super
+    @logger = getLogger( PROGNAME, options )
+  end
+
+  # ------------------------------------------------------------------
+  # make two thor tasks share options?
+  # http://stackoverflow.com/questions/14346285/how-to-make-two-thor-tasks-share-options
+
+  class << self
+    def add_shared_option(name, options = {})
+      @shared_options = {} if @shared_options.nil?
+      @shared_options[name] =  options
+    end
+
+    def shared_options(*option_names)
+      option_names.each do |option_name|
+        opt =  @shared_options[option_name]
+        raise "Tried to access shared option '#{option_name}' but it was not previously defined" if opt.nil?
+        option option_name, opt
+      end
+    end
+  end
+
+  # # ------------------------------------------------------------------
+
+  class_option :log, :aliases => "-l", :type =>:string, :default => nil, 
+  :enum => [ "DEBUG", "INFO", "WARN", "ERROR" ],
+  :desc => "Set debug level "
+
+  # ------------------------------------------------------------------
+
+  add_shared_option :ssh_config_file, :type => :string, :default => DEFAULT_SSH_CONFIG_FILE, :aliases => "-c",
+  :desc => "OpenSSH config file to update/create"
+
+  add_shared_option :ssh_config_init, :type => :string, :default => DEFAULT_SSH_CONFIG_INIT, :aliases => "-i",
+  :desc => "Initialize :ssh-config-file files with this file"
+
+
+  add_shared_option :describe_instances, :type => :string, :default => DEFAULT_DESCRIBE_INSTANCES, :aliases => "-d",
+  :desc => "aws command to query ec2 instances"
+
+  add_shared_option :host_tag, :type => :string, :default => DEFAULT_HOST_TAG, :aliases => "-h",
+  :desc => "Tag defining name of host"
+
+
+  # ------------------------------------------------------------------
+  # common instruction
+  long_desc_notice_on_ssh_config_init = <<-EOS
+
+     NOTICE: By default ':ssh-config-file' seeded from ':ssh-config-init',
+     if it does not exist. Create an empty ':ssh-config-init' file, or 
+     pass an empty string to ':ssh-config-init' to avoid an error. 
+
+  EOS
+
+
+  # ------------------------------------------------------------------
+  # resolver
+
+  desc "resolve <json-file>", "Create/update OpenSSH config file with AWS HostNames from a JSON document"
+
+
+  long_desc <<-LONGDESC
+
+     Updates ':ssh_config_file'  (creates the file if it does not exist) with host/hostname 
+     configuration parsed from 'json_file' (defaults to $stdin).
+
+     Entries in ':ssh_config_file' start and end with special tag-lines, which allow the tool
+     to replace host/hostanme entries with new values for each run.
+
+     #{long_desc_notice_on_ssh_config_init}
+
+  LONGDESC
+
+  shared_options :ssh_config_file
+  shared_options :ssh_config_init
+  shared_options :host_tag
+
+  def resolve( json_file="-" )
+
+    @logger.info( "#{__method__} starting, options '#{options}'" )
+
+    host_tag        = options[:host_tag]
+    ssh_config_init = options[:ssh_config_init]
+    ssh_config_file = options[:ssh_config_file]
+    # puts( "options=#{options}" )
+
+    # raw data from aws
+    ec2_instances = get_ec2_instances( json_file )
+    
+    # hash with host => hostname
+    host_hostname_mappings = create_host_hostname_mappings( ec2_instances, host_tag )
+
+    # seed  'ssh_config_file' with 'ssh_config_init'
+    init_ssh_config_file( ssh_config_file, ssh_config_init )
+
+    # output to file
+    output_to_file(  ssh_config_file, host_hostname_mappings )
+
+    
+  end
+
+  # ------------------------------------------------------------------
+  # aws-cli
+  desc "aws", "Create/update OpenSSH config file with AWS HostNames using aws Commad Line query"
+
+  long_desc <<-LONGDESC
+ 
+     Uses `aws` Command Line Interface to query ec2 information and parse host/hostname 
+     information update/create ':ssh_config_file'.
+
+     #{long_desc_notice_on_ssh_config_init}
+
+  LONGDESC
+
+  shared_options :ssh_config_file
+  shared_options :ssh_config_init
+  shared_options :describe_instances
+  shared_options :host_tag
+
+  def aws()
+
+    host_tag        = options[:host_tag]
+    ssh_config_file = options[:ssh_config_file]
+    ssh_config_init = options[:ssh_config_init]
+    describe_instances = options[:describe_instances]
+
+    # run aws-cli query
+    ec2_instances = aws_cli_ec2_instances( describe_instances )
+
+    # hash with host => hostname
+    host_hostname_mappings = create_host_hostname_mappings( ec2_instances, host_tag )
+
+    # seed  'ssh_config_file' with 'ssh_config_init'
+    init_ssh_config_file( ssh_config_file, ssh_config_init )
+
+    # output to file
+    output_to_file(  ssh_config_file, host_hostname_mappings )
+
+  end
+
+  # ------------------------------------------------------------------
+  # reset
+
+  desc "reset", "Removes automatic entries in OpenSSH config file"
+
+
+  long_desc <<-LONGDESC
+
+     Removes automatic entries starting with with special tag-lines from ':ssh_config_file'.
+
+     Delete the file if it becomes empty
+
+  LONGDESC
+
+
+  shared_options :ssh_config_file
+
+  def reset(  )
+
+    ssh_config_file = options[:ssh_config_file]
+    # Read content of (without magic content) ssh_config_file into memory
+    ssh_config_file_content = read_ssh_config_file_content_minus_magic( ssh_config_file )
+    if ssh_config_file_content.empty? 
+      File.delete( ssh_config_file )
+    else
+      File.open( ssh_config_file, 'w') do |f2|
+        ssh_config_file_content.each do |line|
+          f2.puts line
+        end
+      end
+
+    end
+
+
+  end
+
+  # ------------------------------------------------------------------
+  # subrus
+
+  no_commands do
+
+    # return raw ec2 describe-status JSON
+    def aws_cli_ec2_instances( describe_instances ) 
+
+      @logger.info( "#{__method__} describe_instances '#{describe_instances}'" )
+
+      json_string = %x{ #{describe_instances} }
+      ec2_instances = parse_json( json_string )
+
+      @logger.debug( "#{__method__} describe_instances '#{describe_instances}' --> #{ec2_instances}" )
+
+      return ec2_instances
+
+    end
+
+
+    # return raw ec2 describe-status JSON
+    def get_ec2_instances( file ) 
+
+      @logger.info( "#{__method__} read file '#{file}'" )
+
+      json_string =  ( file == "-" ? $stdin.readlines.join :  File.read(file) )
+      ec2_instances = parse_json( json_string )
+
+      @logger.debug( "#{__method__} file '#{file}' --> #{ec2_instances}" )
+      return ec2_instances
+
+    end
+
+    def parse_json( json_string ) 
+
+      @logger.debug( "#{__method__} json_string '#{json_string}'" )
+
+      ec2_instances = JSON.parse( json_string  )
+
+      return ec2_instances
+
+    end
+
+
+    # map raw aws ec2-describe-status json to hash with Host/PublicDnsName props
+    def create_host_hostname_mappings( ec2_instances, host_tag ) 
+
+      @logger.info( "#{__method__} host_tag '#{host_tag}'" )
+
+      host_hostname_mappings = ec2_instances['Reservations']
+        .map{ |i| i['Instances'].first }
+        .select{ |i|  i['Tags'].select{ |t| t['Key'] == host_tag }.any? }
+        .map{ |i|   { 
+          :Host => i['Tags'].select{ |t| t['Key'] == host_tag }.first['Value'],
+          :HostName => i['PublicDnsName'] && !i['PublicDnsName'].empty? ? i['PublicDnsName'] : i['PrivateDnsName']
+        } }
+
+      @logger.info( "#{__method__} host_hostname_mappings '#{host_hostname_mappings}'" )
+      return host_hostname_mappings
+    end
+
+    # add 'host_hostname_mappings' to 'ssh_config_file'
+    def output_to_file( ssh_config_file, host_hostname_mappings ) 
+
+      # Read content of (without magic content) ssh_config_file into memory
+      ssh_config_file_content = read_ssh_config_file_content_minus_magic( ssh_config_file )
+
+      # write new magic with host entries
+      File.open( ssh_config_file, 'w') do |f2|
+
+        f2.puts MAGIC_START
+        f2.puts <<-EOS
+
+# Content generated #{Time.now.strftime("%Y-%m-%d-%H:%M:%S")}
+
+        EOS
+
+        host_hostname_mappings.each do |h|
+          host_entry = <<EOS
+host #{h[:Host]}
+    HostName #{h[:HostName]}
+
+
+EOS
+          f2.puts  host_entry
+        end
+
+        f2.puts MAGIC_END
+        
+        ssh_config_file_content.each do |line|
+          f2.puts line
+        end
+
+      end
+
+    end
+
+    # copy 'ssh_config_init' to 'ssh_config_file' - if it does not
+    # exist && 'ssh_config_init' define
+    def init_ssh_config_file( ssh_config_file, ssh_config_init ) 
+      File.open( ssh_config_file, 'w') { |f| f.write(File.read(ssh_config_init )) } if !File.exist?( ssh_config_file ) && 
+        ssh_config_init && !ssh_config_init.empty?
+    end
+
+    # read ssh_config from file/$stdin, remove old magic
+    def read_ssh_config_file_content_minus_magic( ssh_config_file )
+
+      ssh_config_file_content = File.exist?( ssh_config_file ) ? File.readlines( ssh_config_file ) : []
+
+      # remove old magic
+      within_magic = false
+      ssh_config_file_content = ssh_config_file_content.select do |line| 
+        ret = case within_magic 
+              when true
+                if line.chomp == MAGIC_END then
+                  within_magic = false
+                end
+                false
+              when false
+                if line.chomp == MAGIC_START  then
+                  within_magic = true
+                end
+                (line.chomp == MAGIC_START ? false : true)
+              end
+        ret
+      end
+
+      return ssh_config_file_content
+
+    end
+
+
+
+
+  end # no_task
+
+
+
+
+end # class 

data/lib/utils/logger.rb

@@ -0,0 +1,70 @@
+require 'logger'
+
+# see http://hawkins.io/2013/08/using-the-ruby-logger/
+
+module Utils
+
+  module MyLogger
+
+    # no logging done
+
+    class NullLoger < Logger
+      def initialize(*args)
+      end
+
+      def add(*args, &block)
+      end
+    end
+
+    LOGFILE="aws-ssh-resolver.log"
+
+    def getLogger( progname, options={} ) 
+
+      level = get_level( options )
+
+      if level.nil? 
+
+        return NullLoger.new 
+
+      else
+        
+        logger = Logger.new( LOGFILE )
+        logger.level=level
+        logger.progname = progname
+        return logger
+
+      end 
+
+    end # getLogger
+
+    # ------------------------------------------------------------------
+    private
+
+    def get_level( options ) 
+
+      # puts  "#{__method__}: options=#{options}" 
+
+      level_name = options && options[:log] ? options[:log] : ENV['LOG_LEVEL']
+
+      level = case  level_name
+              when 'warn', 'WARN'
+                Logger::WARN
+              when 'info', 'INFO'
+                Logger::INFO
+              when 'debug', 'DEBUG'
+                Logger::DEBUG
+              when 'error', 'ERROR'
+                Logger::ERROR
+              else
+                nil
+              end
+
+      return level
+    end
+
+
+
+  end
+  
+
+end 

data/spec/cli/aws-ssh-resolver-cli_spec.rb

@@ -0,0 +1,183 @@
+require_relative "spec_helper"
+
+
+
+describe Cli do
+
+  # ------------------------------------------------------------------
+  # constants
+  cmd = ""
+
+  # ------------------------------------------------------------------
+  # framework 
+  describe "rspec framework" do
+    it "#works" do
+      expect( 1 ).to eql( 1 )
+    end
+  end
+
+  # ------------------------------------------------------------------
+  # interface
+  describe "interface" do
+
+    before :each do
+      @sut = Cli.new
+    end
+
+    it "#defines resolve" do
+      expect( @sut ).to respond_to( :resolve )
+    end
+
+  end
+
+  # ------------------------------------------------------------------
+  # help && options
+  interfaces = [
+                {
+                  :command => "resolve",
+                  :options => [
+                               { :long=>"--log", :short => "-l"},
+                               { :long=>"--ssh-config-file", :short => "-c"},
+                               { :long=>"--ssh-config-init", :short => "-i"},
+                               { :long=>"--host-tag", :short => "-h"},
+                              ]
+                },
+                {
+                  :command => "aws",
+                  :options => [
+                               { :long=>"--log", :short => "-l"},
+                               { :long=>"--ssh-config-file", :short => "-c"},
+                               { :long=>"--describe-instances", :short => "-d"},
+                               { :long=>"--ssh-config-init", :short => "-i"},
+                               { :long=>"--host-tag", :short => "-h"},
+                              ]
+                },
+                {
+                  :command => "reset",
+                  :options => [
+                               { :long=>"--log", :short => "-l"},
+                               { :long=>"--ssh-config-file", :short => "-c"},
+                              ]
+                },
+               ]
+    
+  interfaces.each do |i|
+
+    describe "help #{i[:command]}" do
+
+      before :all do
+        @output = with_captured_stdout { Cli.start(["help", i[:command]]) }
+      end
+
+      i[:options].each do |o|
+
+        it "#option short #{o[:short]}" do
+          expect( @output ).to match( /#{o[:short]}/ )
+        end
+
+        it "#option short #{o[:long]}" do
+          expect( @output ).to match( /#{o[:long]}/ )
+        end
+
+
+      end # options
+
+    end
+
+  end # interfaces each
+
+
+  # ------------------------------------------------------------------
+  # resolve
+  command =  "resolve"
+
+  describe "command '#{command}'" do
+
+    context  "file" do
+
+      json_file = "spec/cli/fixtures/fixture1.json"
+
+      ssh_config_filename = Cli::DEFAULT_SSH_CONFIG_FILE
+
+      before :each do
+        @dbl_ssh_config_file = double( "ssh-config-file" )
+        expect( File ).to receive( :open ).with( ssh_config_filename, "w").and_yield( @dbl_ssh_config_file )
+        allow( @dbl_ssh_config_file ).to receive( :puts ).with( kind_of( String ))
+      end
+       
+
+      context "when ':ssh-config-file' does not exist" do
+
+        before :each do
+          expect( File ).to receive( :exist? ).with( ssh_config_filename).and_return( false )
+          expect( File ).no_to receive( :readlines? ).with( ssh_config_filename )
+        end
+        
+      end # context "when ':ssh-config-file' does not exist" do
+
+      context "when ':ssh-config-file' does exists" do
+
+        before :each do
+          @ssh_config_file_lines= [ "line 1", "line2" ]
+          expect( File ).to receive( :exist? ).twice.with( ssh_config_filename).and_return( true )
+        end
+
+        context "when NO previous resolves" do
+
+          before :each do
+            expect( File ).to receive( :readlines ).with( ssh_config_filename).and_return( @ssh_config_file_lines )
+          end
+
+          it "writes existing lines to ssh-config file" do
+            expect( @dbl_ssh_config_file ).to receive( :puts ).once.with( Cli::MAGIC_START ).ordered
+            expect( @dbl_ssh_config_file ).to receive( :puts ).twice.with( /^host\s+\w+\s*\n\s*HostName\s+\w?/ ).ordered
+            expect( @dbl_ssh_config_file ).to receive( :puts ).once.with( Cli::MAGIC_END ).ordered
+
+            @ssh_config_file_lines.each do |line|
+              expect( @dbl_ssh_config_file ).to receive( :puts ).with( line ).ordered
+            end
+
+            Cli.start( [command, json_file] )
+          end
+
+        end # context "when NO previous resolves" 
+
+        context "when previous resolves" do
+
+          before :each do
+            content = [ Cli::MAGIC_START, "old magic", Cli::MAGIC_END ] + @ssh_config_file_lines 
+            expect( File ).to receive( :readlines ).with( ssh_config_filename).and_return( content )
+          end
+
+          it "removes previous lines between MAGIC_START - MAGIC_END " do
+
+            expect( @dbl_ssh_config_file ).to receive( :puts ).once.with( Cli::MAGIC_START ).ordered
+            expect( @dbl_ssh_config_file ).to receive( :puts ).with( /^host\s+\w+\s*\n\s*HostName\s+\w?/ ).twice.ordered
+            expect( @dbl_ssh_config_file ).to receive( :puts ).once.with( Cli::MAGIC_END ).ordered
+
+            @ssh_config_file_lines.each do |line|
+              expect( @dbl_ssh_config_file ).to receive( :puts ).with( line ).ordered
+            end
+
+            Cli.start( [command, json_file] )
+          end
+
+
+        end  
+
+      end # context "when ':ssh-config-file' does exists" do
+
+
+      # it "#writes to file" do
+      #   
+      #   expect( File ).to receive( :read ).with( file ).and_call_original
+      #   expect( 1 ).to eql( 1 )
+      # end
+
+    end #     context  "file" do
+
+  end #   describe "resolve" do
+
+
+
+end

data/spec/cli/fixtures/fixture1.json

@@ -0,0 +1,237 @@
+{
+    "Reservations": [
+        {
+            "OwnerId": "9999999999999", 
+            "ReservationId": "r-0144b6f8", 
+            "Groups": [], 
+            "Instances": [
+                {
+                    "Monitoring": {
+                        "State": "disabled"
+                    }, 
+                    "PublicDnsName": "ec2-52-19-100-250.eu-west-1.compute.amazonaws.com", 
+                    "State": {
+                        "Code": 16, 
+                        "Name": "running"
+                    }, 
+                    "EbsOptimized": false, 
+                    "LaunchTime": "2015-09-05T23:43:42.000Z", 
+                    "PublicIpAddress": "52.19.100.250", 
+                    "PrivateIpAddress": "10.0.0.16", 
+                    "ProductCodes": [], 
+                    "VpcId": "vpc-1025be75", 
+                    "StateTransitionReason": "", 
+                    "InstanceId": "i-9d460030", 
+                    "ImageId": "ami-d74437a0", 
+                    "PrivateDnsName": "ip-10-0-0-16.eu-west-1.compute.internal", 
+                    "KeyName": "demo-key", 
+                    "SecurityGroups": [
+                        {
+                            "GroupName": "suite2-MyDefaultSecurityGroup-JQ3LNYV0UMSP", 
+                            "GroupId": "sg-2bd02f4f"
+                        }
+                    ], 
+                    "ClientToken": "suite-myFro-1PI0COCRIL0BN", 
+                    "SubnetId": "subnet-678e193e", 
+                    "InstanceType": "t2.micro", 
+                    "NetworkInterfaces": [
+                        {
+                            "Status": "in-use", 
+                            "MacAddress": "0a:cf:49:ff:1e:49", 
+                            "SourceDestCheck": true, 
+                            "VpcId": "vpc-1025be75", 
+                            "Description": "", 
+                            "Association": {
+                                "PublicIp": "52.19.100.250", 
+                                "PublicDnsName": "ec2-52-19-100-250.eu-west-1.compute.amazonaws.com", 
+                                "IpOwnerId": "amazon"
+                            }, 
+                            "NetworkInterfaceId": "eni-c0b4629b", 
+                            "PrivateIpAddresses": [
+                                {
+                                    "PrivateDnsName": "ip-10-0-0-16.eu-west-1.compute.internal", 
+                                    "Association": {
+                                        "PublicIp": "52.19.100.250", 
+                                        "PublicDnsName": "ec2-52-19-100-250.eu-west-1.compute.amazonaws.com", 
+                                        "IpOwnerId": "amazon"
+                                    }, 
+                                    "Primary": true, 
+                                    "PrivateIpAddress": "10.0.0.16"
+                                }
+                            ], 
+                            "PrivateDnsName": "ip-10-0-0-16.eu-west-1.compute.internal", 
+                            "Attachment": {
+                                "Status": "attached", 
+                                "DeviceIndex": 0, 
+                                "DeleteOnTermination": true, 
+                                "AttachmentId": "eni-attach-9364c5d6", 
+                                "AttachTime": "2015-09-05T23:43:42.000Z"
+                            }, 
+                            "Groups": [
+                                {
+                                    "GroupName": "suite2-MyDefaultSecurityGroup-JQ3LNYV0UMSP", 
+                                    "GroupId": "sg-2bd02f4f"
+                                }
+                            ], 
+                            "SubnetId": "subnet-678e193e", 
+                            "OwnerId": "9999999999999", 
+                            "PrivateIpAddress": "10.0.0.16"
+                        }
+                    ], 
+                    "SourceDestCheck": true, 
+                    "Placement": {
+                        "Tenancy": "default", 
+                        "GroupName": "", 
+                        "AvailabilityZone": "eu-west-1c"
+                    }, 
+                    "Hypervisor": "xen", 
+                    "BlockDeviceMappings": [
+                        {
+                            "DeviceName": "/dev/sda1", 
+                            "Ebs": {
+                                "Status": "attached", 
+                                "DeleteOnTermination": true, 
+                                "VolumeId": "vol-29df06e6", 
+                                "AttachTime": "2015-09-05T23:43:44.000Z"
+                            }
+                        }
+                    ], 
+                    "Architecture": "x86_64", 
+                    "RootDeviceType": "ebs", 
+                    "RootDeviceName": "/dev/sda1", 
+                    "VirtualizationType": "hvm", 
+                    "Tags": [
+                        {
+                            "Value": "myFront1", 
+                            "Key": "Name"
+                        }, 
+                        {
+                            "Value": "myFront1", 
+                            "Key": "aws:cloudformation:logical-id"
+                        }, 
+                        {
+                            "Value": "arn:aws:cloudformation:eu-west-1:9999999999999:stack/suite2/cbabcd80-5427-11e5-a493-50d500fa4218", 
+                            "Key": "aws:cloudformation:stack-id"
+                        }, 
+                        {
+                            "Value": "suite2", 
+                            "Key": "aws:cloudformation:stack-name"
+                        }
+                    ], 
+                    "AmiLaunchIndex": 0
+                }
+            ]
+        }, 
+        {
+            "OwnerId": "9999999999999", 
+            "ReservationId": "r-9145b768", 
+            "Groups": [], 
+            "Instances": [
+                {
+                    "Monitoring": {
+                        "State": "disabled"
+                    }, 
+                    "PublicDnsName": "", 
+                    "State": {
+                        "Code": 16, 
+                        "Name": "running"
+                    }, 
+                    "EbsOptimized": false, 
+                    "LaunchTime": "2015-09-05T23:43:42.000Z", 
+                    "PrivateIpAddress": "10.0.1.76", 
+                    "ProductCodes": [], 
+                    "VpcId": "vpc-1025be75", 
+                    "StateTransitionReason": "", 
+                    "InstanceId": "i-52387eff", 
+                    "ImageId": "ami-d74437a0", 
+                    "PrivateDnsName": "ip-10-0-1-76.eu-west-1.compute.internal", 
+                    "KeyName": "demo-key", 
+                    "SecurityGroups": [
+                        {
+                            "GroupName": "suite2-MyDefaultSecurityGroup-JQ3LNYV0UMSP", 
+                            "GroupId": "sg-2bd02f4f"
+                        }
+                    ], 
+                    "ClientToken": "suite-myBac-Q9KBSFHUQADW", 
+                    "SubnetId": "subnet-668e193f", 
+                    "InstanceType": "t2.micro", 
+                    "NetworkInterfaces": [
+                        {
+                            "Status": "in-use", 
+                            "MacAddress": "0a:a1:53:0b:f5:f5", 
+                            "SourceDestCheck": true, 
+                            "VpcId": "vpc-1025be75", 
+                            "Description": "", 
+                            "NetworkInterfaceId": "eni-c5b4629e", 
+                            "PrivateIpAddresses": [
+                                {
+                                    "PrivateDnsName": "ip-10-0-1-76.eu-west-1.compute.internal", 
+                                    "Primary": true, 
+                                    "PrivateIpAddress": "10.0.1.76"
+                                }
+                            ], 
+                            "PrivateDnsName": "ip-10-0-1-76.eu-west-1.compute.internal", 
+                            "Attachment": {
+                                "Status": "attached", 
+                                "DeviceIndex": 0, 
+                                "DeleteOnTermination": true, 
+                                "AttachmentId": "eni-attach-3e64c57b", 
+                                "AttachTime": "2015-09-05T23:43:42.000Z"
+                            }, 
+                            "Groups": [
+                                {
+                                    "GroupName": "suite2-MyDefaultSecurityGroup-JQ3LNYV0UMSP", 
+                                    "GroupId": "sg-2bd02f4f"
+                                }
+                            ], 
+                            "SubnetId": "subnet-668e193f", 
+                            "OwnerId": "9999999999999", 
+                            "PrivateIpAddress": "10.0.1.76"
+                        }
+                    ], 
+                    "SourceDestCheck": true, 
+                    "Placement": {
+                        "Tenancy": "default", 
+                        "GroupName": "", 
+                        "AvailabilityZone": "eu-west-1c"
+                    }, 
+                    "Hypervisor": "xen", 
+                    "BlockDeviceMappings": [
+                        {
+                            "DeviceName": "/dev/sda1", 
+                            "Ebs": {
+                                "Status": "attached", 
+                                "DeleteOnTermination": true, 
+                                "VolumeId": "vol-40de078f", 
+                                "AttachTime": "2015-09-05T23:43:45.000Z"
+                            }
+                        }
+                    ], 
+                    "Architecture": "x86_64", 
+                    "RootDeviceType": "ebs", 
+                    "RootDeviceName": "/dev/sda1", 
+                    "VirtualizationType": "hvm", 
+                    "Tags": [
+                        {
+                            "Value": "arn:aws:cloudformation:eu-west-1:9999999999999:stack/suite2/cbabcd80-5427-11e5-a493-50d500fa4218", 
+                            "Key": "aws:cloudformation:stack-id"
+                        }, 
+                        {
+                            "Value": "suite2", 
+                            "Key": "aws:cloudformation:stack-name"
+                        }, 
+                        {
+                            "Value": "myBack1", 
+                            "Key": "aws:cloudformation:logical-id"
+                        }, 
+                        {
+                            "Value": "myBack1", 
+                            "Key": "Name"
+                        }
+                    ], 
+                    "AmiLaunchIndex": 0
+                }
+            ]
+        }
+    ]
+}

data/spec/cli/spec_helper.rb

@@ -0,0 +1,21 @@
+require_relative "../../lib/cli/aws-ssh-resolver-cli"
+
+RSpec.configure do |config|
+
+
+  # http://stackoverflow.com/questions/14987362/how-can-i-capture-stdout-to-a-string
+  def with_captured_stdout
+    begin
+      old_stdout = $stdout
+      $stdout = StringIO.new('','w')
+      $stdout.sync = true
+      yield
+      $stdout.string
+    ensure
+      $stdout = old_stdout
+      $stdout.sync = true
+    end
+  end
+
+
+end # RSpec.configure do |config|

metadata

@@ -0,0 +1,83 @@
+--- !ruby/object:Gem::Specification
+name: aws-ssh-resolver
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- jarjuk
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-09-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.18'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.18'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: |2
+    Update OpenSSH config file to map EC2 instance name in CloudFormation
+    to DNS-name on Amazon platform.
+email: 
+executables:
+- aws-ssh-resolver.rb
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- bin/aws-ssh-resolver.rb
+- lib/aws-ssh-resolver.rb
+- lib/cli/aws-ssh-resolver-cli.rb
+- lib/utils/logger.rb
+- spec/cli/aws-ssh-resolver-cli_spec.rb
+- spec/cli/fixtures/fixture1.json
+- spec/cli/spec_helper.rb
+homepage: https://github.com/jarjuk/aws-ssh-resolver
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Update OpenSSH config with CloudFormation EC2 instance DNS names'
+test_files: []
+has_rdoc: