aws_security_viz 0.1.5.pre.alpha.pre.112 → 0.1.5.pre.alpha.pre.130
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +1 -1
- data/CHANGELOG.md +4 -0
- data/aws_security_viz.gemspec +2 -4
- data/lib/provider/ec2.rb +19 -19
- data/spec/spec_helper.rb +13 -8
- data/spec/visualize_aws_spec.rb +24 -29
- metadata +19 -59
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 38a094e251fdddd0b80c4df4f8471cc5c186b45fd3ddd838034701def6d2b7f1
|
|
4
|
+
data.tar.gz: 3208a726e793e810e7ce581b1a677a03395a1e15579f6a0e210282ecf035cf1f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9639a24f8a202d66e6d793a9da86639d7fcc2ba843028c3ec2f4adebbe037a03ea877a9df987cd5b9fadaca1d4368e74b999298c3942d1b4cdcfa17873d3c1fa
|
|
7
|
+
data.tar.gz: 94591ee3242ef23e573f097d0671d568e5c9773ff21400e3c561fe78776a1298d26027d4bca23383063ff4e14d8fac35e21036b8a0c9578445e1a5a20f046f93
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file.
|
|
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
|
4
4
|
|
|
5
5
|
## [Unreleased]
|
|
6
|
+
### Changed
|
|
7
|
+
- Replaced fog gem with aws-sdk-ec2
|
|
8
|
+
- Upgrade bundler to 2.x
|
|
9
|
+
- Removed unused dependencies
|
|
6
10
|
|
|
7
11
|
## [0.1.5] - 2018-10-10
|
|
8
12
|
### Added
|
data/aws_security_viz.gemspec
CHANGED
|
@@ -21,17 +21,15 @@ Gem::Specification.new do |s|
|
|
|
21
21
|
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
|
22
22
|
s.require_paths = ['lib']
|
|
23
23
|
|
|
24
|
-
s.add_development_dependency 'bundler', '~> 1
|
|
24
|
+
s.add_development_dependency 'bundler', '~> 2.0.1'
|
|
25
25
|
s.add_development_dependency 'rake', '~> 12.0', '>= 12.0.0'
|
|
26
26
|
s.add_development_dependency 'rspec', '~> 3.5', '>= 3.5.0'
|
|
27
27
|
|
|
28
28
|
s.add_runtime_dependency 'graphviz', '~> 1.1', '>= 1.1.0'
|
|
29
|
-
s.add_runtime_dependency 'fog-aws', '~> 2.0', '>= 2.0.1'
|
|
30
|
-
s.add_runtime_dependency 'unf', '~> 0.1.4'
|
|
31
|
-
s.add_runtime_dependency 'json', '~> 2.1', '>= 2.1.0'
|
|
32
29
|
s.add_runtime_dependency 'optimist', '~> 3.0.0'
|
|
33
30
|
s.add_runtime_dependency 'organic_hash', '~> 1.0', '>= 1.0.2'
|
|
34
31
|
s.add_runtime_dependency 'rgl', '~> 0.5.3'
|
|
32
|
+
s.add_runtime_dependency 'aws-sdk-ec2', '~> 1.65.0'
|
|
35
33
|
|
|
36
34
|
s.required_ruby_version = '>= 2.0.0'
|
|
37
35
|
end
|
data/lib/provider/ec2.rb
CHANGED
|
@@ -1,25 +1,21 @@
|
|
|
1
|
-
require '
|
|
1
|
+
require 'aws-sdk-ec2'
|
|
2
2
|
|
|
3
3
|
class Ec2Provider
|
|
4
4
|
|
|
5
5
|
def initialize(options)
|
|
6
6
|
@options = options
|
|
7
7
|
conn_opts = {
|
|
8
|
-
region: options[:region]
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
if options[:session_token]
|
|
15
|
-
conn_opts[:aws_session_token] = options[:session_token]
|
|
16
|
-
end
|
|
8
|
+
region: options[:region],
|
|
9
|
+
access_key_id: options[:access_key],
|
|
10
|
+
secret_access_key: options[:secret_key],
|
|
11
|
+
session_token: options[:session_token]
|
|
12
|
+
}.delete_if {|k,v| v.nil?}
|
|
17
13
|
|
|
18
|
-
@
|
|
14
|
+
@client = Aws::EC2::Client.new(conn_opts)
|
|
19
15
|
end
|
|
20
16
|
|
|
21
17
|
def security_groups
|
|
22
|
-
@
|
|
18
|
+
@client.describe_security_groups.security_groups.reject { |sg|
|
|
23
19
|
@options[:vpc_id] && sg.vpc_id != @options[:vpc_id]
|
|
24
20
|
}.collect { |sg|
|
|
25
21
|
Ec2::SecurityGroup.new(sg)
|
|
@@ -35,6 +31,10 @@ module Ec2
|
|
|
35
31
|
@sg = sg
|
|
36
32
|
end
|
|
37
33
|
|
|
34
|
+
def name
|
|
35
|
+
@sg.group_name
|
|
36
|
+
end
|
|
37
|
+
|
|
38
38
|
def ip_permissions
|
|
39
39
|
@sg.ip_permissions.collect { |ip|
|
|
40
40
|
Ec2::IpPermission.new(ip)
|
|
@@ -54,25 +54,25 @@ module Ec2
|
|
|
54
54
|
end
|
|
55
55
|
|
|
56
56
|
def protocol
|
|
57
|
-
@ip['
|
|
57
|
+
@ip['ip_protocol']
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
def from
|
|
61
|
-
@ip['
|
|
61
|
+
@ip['from_port']
|
|
62
62
|
end
|
|
63
63
|
|
|
64
64
|
def to
|
|
65
|
-
@ip['
|
|
65
|
+
@ip['to_port']
|
|
66
66
|
end
|
|
67
67
|
|
|
68
68
|
def ip_ranges
|
|
69
|
-
@ip['
|
|
69
|
+
@ip['ip_ranges'].collect {|gp|
|
|
70
70
|
Ec2::IpPermissionRange.new(gp)
|
|
71
71
|
}
|
|
72
72
|
end
|
|
73
73
|
|
|
74
74
|
def groups
|
|
75
|
-
@ip['
|
|
75
|
+
@ip['user_id_group_pairs'].collect {|gp|
|
|
76
76
|
Ec2::IpPermissionGroup.new(gp)
|
|
77
77
|
}
|
|
78
78
|
end
|
|
@@ -84,7 +84,7 @@ module Ec2
|
|
|
84
84
|
end
|
|
85
85
|
|
|
86
86
|
def cidr_ip
|
|
87
|
-
@range['
|
|
87
|
+
@range['cidr_ip']
|
|
88
88
|
end
|
|
89
89
|
|
|
90
90
|
def to_str
|
|
@@ -98,7 +98,7 @@ module Ec2
|
|
|
98
98
|
end
|
|
99
99
|
|
|
100
100
|
def name
|
|
101
|
-
@gp['
|
|
101
|
+
@gp['group_name'] || @gp['group_id']
|
|
102
102
|
end
|
|
103
103
|
end
|
|
104
104
|
|
data/spec/spec_helper.rb
CHANGED
|
@@ -7,18 +7,23 @@ require File.expand_path(File.dirname(__FILE__) + "/../config/boot")
|
|
|
7
7
|
Dir[File.dirname(__FILE__) + "/support/**/*.rb"].each {|f| require f}
|
|
8
8
|
|
|
9
9
|
def group name, *ingress
|
|
10
|
-
group
|
|
11
|
-
allow(group).to receive(:ip_permissions).and_return(ingress)
|
|
12
|
-
allow(group).to receive(:ip_permissions_egress).and_return([])
|
|
13
|
-
allow(group).to receive(:name).and_return(name)
|
|
14
|
-
allow(group).to receive(:group_id).and_return('some group')
|
|
15
|
-
group
|
|
10
|
+
{group_name: name, group_id: 'some group', ip_permissions: ingress, ip_permissions_egress: []}
|
|
16
11
|
end
|
|
17
12
|
|
|
18
13
|
def group_ingress port, name
|
|
19
|
-
{
|
|
14
|
+
{user_id_group_pairs:[{user_id: "userId", group_id: "sg-groupId", group_name: name}], ip_ranges:[], ip_protocol: "tcp", from_port: port, to_port: port}
|
|
20
15
|
end
|
|
21
16
|
|
|
22
17
|
def cidr_ingress port, cidr_ip
|
|
23
|
-
{
|
|
18
|
+
{ip_ranges:[{cidr_ip: cidr_ip}], ip_protocol: "tcp", from_port: port, to_port: port}
|
|
24
19
|
end
|
|
20
|
+
|
|
21
|
+
def stub_security_groups groups
|
|
22
|
+
Aws.config[:ec2] = {
|
|
23
|
+
stub_responses: {
|
|
24
|
+
describe_security_groups: {
|
|
25
|
+
security_groups: groups
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
end
|
data/spec/visualize_aws_spec.rb
CHANGED
|
@@ -17,16 +17,11 @@ class DummyRenderer
|
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
describe VisualizeAws do
|
|
20
|
-
before do
|
|
21
|
-
@ec2 = double(Fog::Compute)
|
|
22
|
-
allow(Fog::Compute::AWS).to receive(:new).and_return(@ec2)
|
|
23
|
-
end
|
|
24
|
-
|
|
25
20
|
let(:visualize_aws) { VisualizeAws.new(AwsConfig.new) }
|
|
26
21
|
let(:renderer) { DummyRenderer.new }
|
|
27
22
|
|
|
28
|
-
it 'should add nodes, edges for each security group' do
|
|
29
|
-
|
|
23
|
+
it 'should add nodes, edges for each security group' do
|
|
24
|
+
stub_security_groups([group('Remote ssh', group_ingress(22, 'My machine')), group('My machine')])
|
|
30
25
|
graph = visualize_aws.build
|
|
31
26
|
|
|
32
27
|
expect(graph.output(renderer)).to contain_exactly(
|
|
@@ -38,7 +33,7 @@ describe VisualizeAws do
|
|
|
38
33
|
|
|
39
34
|
context 'groups' do
|
|
40
35
|
it 'should add nodes for external security groups defined through ingress' do
|
|
41
|
-
|
|
36
|
+
stub_security_groups([group('Web', group_ingress(80, 'ELB'))])
|
|
42
37
|
graph = visualize_aws.build
|
|
43
38
|
|
|
44
39
|
expect(graph.output(renderer)).to contain_exactly(
|
|
@@ -49,11 +44,11 @@ describe VisualizeAws do
|
|
|
49
44
|
end
|
|
50
45
|
|
|
51
46
|
it 'should add an edge for each security ingress' do
|
|
52
|
-
|
|
47
|
+
stub_security_groups(
|
|
53
48
|
[
|
|
54
|
-
group('App', group_ingress(
|
|
55
|
-
group('Web', group_ingress(
|
|
56
|
-
group('Db', group_ingress(
|
|
49
|
+
group('App', group_ingress(80, 'Web'), group_ingress(8983, 'Internal')),
|
|
50
|
+
group('Web', group_ingress(80, 'External')),
|
|
51
|
+
group('Db', group_ingress(7474, 'App'))
|
|
57
52
|
])
|
|
58
53
|
graph = visualize_aws.build
|
|
59
54
|
|
|
@@ -75,10 +70,10 @@ describe VisualizeAws do
|
|
|
75
70
|
context 'cidr' do
|
|
76
71
|
|
|
77
72
|
it 'should add an edge for each cidr ingress' do
|
|
78
|
-
|
|
73
|
+
stub_security_groups(
|
|
79
74
|
[
|
|
80
|
-
group('Web', group_ingress(
|
|
81
|
-
group('Db', group_ingress(
|
|
75
|
+
group('Web', group_ingress(80, 'External')),
|
|
76
|
+
group('Db', group_ingress(7474, 'App'), cidr_ingress(22, '127.0.0.1/32'))
|
|
82
77
|
])
|
|
83
78
|
graph = visualize_aws.build
|
|
84
79
|
|
|
@@ -96,10 +91,10 @@ describe VisualizeAws do
|
|
|
96
91
|
end
|
|
97
92
|
|
|
98
93
|
it 'should add map edges for cidr ingress' do
|
|
99
|
-
|
|
94
|
+
stub_security_groups(
|
|
100
95
|
[
|
|
101
|
-
group('Web', group_ingress(
|
|
102
|
-
group('Db', group_ingress(
|
|
96
|
+
group('Web', group_ingress(80, 'External')),
|
|
97
|
+
group('Db', group_ingress(7474, 'App'), cidr_ingress(22, '127.0.0.1/32'))
|
|
103
98
|
])
|
|
104
99
|
mapping = {'127.0.0.1/32' => 'Work'}
|
|
105
100
|
mapping = CidrGroupMapping.new([], mapping)
|
|
@@ -121,9 +116,9 @@ describe VisualizeAws do
|
|
|
121
116
|
end
|
|
122
117
|
|
|
123
118
|
it 'should group mapped duplicate edges for cidr ingress' do
|
|
124
|
-
|
|
119
|
+
stub_security_groups(
|
|
125
120
|
[
|
|
126
|
-
group('ssh', cidr_ingress(
|
|
121
|
+
group('ssh', cidr_ingress(22, '192.168.0.1/32'), cidr_ingress(22, '127.0.0.1/32'))
|
|
127
122
|
])
|
|
128
123
|
mapping = {'127.0.0.1/32' => 'Work', '192.168.0.1/32' => 'Work'}
|
|
129
124
|
mapping = CidrGroupMapping.new([], mapping)
|
|
@@ -141,10 +136,10 @@ describe VisualizeAws do
|
|
|
141
136
|
|
|
142
137
|
context "filter" do
|
|
143
138
|
it 'include cidr which do not match the pattern' do
|
|
144
|
-
|
|
139
|
+
stub_security_groups(
|
|
145
140
|
[
|
|
146
|
-
group('Web', cidr_ingress(
|
|
147
|
-
group('Db', cidr_ingress(
|
|
141
|
+
group('Web', cidr_ingress(22, '127.0.0.1/32')),
|
|
142
|
+
group('Db', cidr_ingress(22, '192.0.1.1/32'))
|
|
148
143
|
])
|
|
149
144
|
|
|
150
145
|
opts = {:exclude => ['127.*']}
|
|
@@ -159,10 +154,10 @@ describe VisualizeAws do
|
|
|
159
154
|
end
|
|
160
155
|
|
|
161
156
|
it 'include groups which do not match the pattern' do
|
|
162
|
-
|
|
157
|
+
stub_security_groups(
|
|
163
158
|
[
|
|
164
|
-
group('Web', group_ingress(
|
|
165
|
-
group('Db', group_ingress(
|
|
159
|
+
group('Web', group_ingress(80, 'External')),
|
|
160
|
+
group('Db', group_ingress(7474, 'App'), cidr_ingress(22, '127.0.0.1/32'))
|
|
166
161
|
])
|
|
167
162
|
|
|
168
163
|
opts = {:exclude => ['D.*b', 'App']}
|
|
@@ -176,10 +171,10 @@ describe VisualizeAws do
|
|
|
176
171
|
end
|
|
177
172
|
|
|
178
173
|
it 'include derived groups which do not match the pattern' do
|
|
179
|
-
|
|
174
|
+
stub_security_groups(
|
|
180
175
|
[
|
|
181
|
-
group('Web', group_ingress(
|
|
182
|
-
group('Db', group_ingress(
|
|
176
|
+
group('Web', group_ingress(80, 'External')),
|
|
177
|
+
group('Db', group_ingress(7474, 'App'), cidr_ingress(22, '127.0.0.1/32'))
|
|
183
178
|
])
|
|
184
179
|
|
|
185
180
|
opts = {:exclude => ['App']}
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws_security_viz
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.5.pre.alpha.pre.
|
|
4
|
+
version: 0.1.5.pre.alpha.pre.130
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Anay Nayak
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-01-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: 2.0.1
|
|
20
20
|
type: :development
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: 2.0.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: rake
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -84,60 +84,6 @@ dependencies:
|
|
|
84
84
|
- - "~>"
|
|
85
85
|
- !ruby/object:Gem::Version
|
|
86
86
|
version: '1.1'
|
|
87
|
-
- !ruby/object:Gem::Dependency
|
|
88
|
-
name: fog-aws
|
|
89
|
-
requirement: !ruby/object:Gem::Requirement
|
|
90
|
-
requirements:
|
|
91
|
-
- - "~>"
|
|
92
|
-
- !ruby/object:Gem::Version
|
|
93
|
-
version: '2.0'
|
|
94
|
-
- - ">="
|
|
95
|
-
- !ruby/object:Gem::Version
|
|
96
|
-
version: 2.0.1
|
|
97
|
-
type: :runtime
|
|
98
|
-
prerelease: false
|
|
99
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
100
|
-
requirements:
|
|
101
|
-
- - "~>"
|
|
102
|
-
- !ruby/object:Gem::Version
|
|
103
|
-
version: '2.0'
|
|
104
|
-
- - ">="
|
|
105
|
-
- !ruby/object:Gem::Version
|
|
106
|
-
version: 2.0.1
|
|
107
|
-
- !ruby/object:Gem::Dependency
|
|
108
|
-
name: unf
|
|
109
|
-
requirement: !ruby/object:Gem::Requirement
|
|
110
|
-
requirements:
|
|
111
|
-
- - "~>"
|
|
112
|
-
- !ruby/object:Gem::Version
|
|
113
|
-
version: 0.1.4
|
|
114
|
-
type: :runtime
|
|
115
|
-
prerelease: false
|
|
116
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
117
|
-
requirements:
|
|
118
|
-
- - "~>"
|
|
119
|
-
- !ruby/object:Gem::Version
|
|
120
|
-
version: 0.1.4
|
|
121
|
-
- !ruby/object:Gem::Dependency
|
|
122
|
-
name: json
|
|
123
|
-
requirement: !ruby/object:Gem::Requirement
|
|
124
|
-
requirements:
|
|
125
|
-
- - ">="
|
|
126
|
-
- !ruby/object:Gem::Version
|
|
127
|
-
version: 2.1.0
|
|
128
|
-
- - "~>"
|
|
129
|
-
- !ruby/object:Gem::Version
|
|
130
|
-
version: '2.1'
|
|
131
|
-
type: :runtime
|
|
132
|
-
prerelease: false
|
|
133
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
134
|
-
requirements:
|
|
135
|
-
- - ">="
|
|
136
|
-
- !ruby/object:Gem::Version
|
|
137
|
-
version: 2.1.0
|
|
138
|
-
- - "~>"
|
|
139
|
-
- !ruby/object:Gem::Version
|
|
140
|
-
version: '2.1'
|
|
141
87
|
- !ruby/object:Gem::Dependency
|
|
142
88
|
name: optimist
|
|
143
89
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -186,6 +132,20 @@ dependencies:
|
|
|
186
132
|
- - "~>"
|
|
187
133
|
- !ruby/object:Gem::Version
|
|
188
134
|
version: 0.5.3
|
|
135
|
+
- !ruby/object:Gem::Dependency
|
|
136
|
+
name: aws-sdk-ec2
|
|
137
|
+
requirement: !ruby/object:Gem::Requirement
|
|
138
|
+
requirements:
|
|
139
|
+
- - "~>"
|
|
140
|
+
- !ruby/object:Gem::Version
|
|
141
|
+
version: 1.65.0
|
|
142
|
+
type: :runtime
|
|
143
|
+
prerelease: false
|
|
144
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
145
|
+
requirements:
|
|
146
|
+
- - "~>"
|
|
147
|
+
- !ruby/object:Gem::Version
|
|
148
|
+
version: 1.65.0
|
|
189
149
|
description: Provides a quick mechanism to visualize your EC2 security groups in multiple
|
|
190
150
|
formats
|
|
191
151
|
email: anayak007+rubygems@gmail.com
|
|
@@ -252,7 +212,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
252
212
|
- !ruby/object:Gem::Version
|
|
253
213
|
version: 1.3.1
|
|
254
214
|
requirements: []
|
|
255
|
-
rubygems_version: 3.0.
|
|
215
|
+
rubygems_version: 3.0.2
|
|
256
216
|
signing_key:
|
|
257
217
|
specification_version: 4
|
|
258
218
|
summary: Visualize your aws security groups
|