awsec 0.0.2 → 0.0.3

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,110 @@
1
+ require 'fog'
2
+
3
+ module AwSec
4
+ class Core
5
+
6
+ def self.secure(group_names, public_ip, options = {})
7
+ client = AwSec::Core.new
8
+ client.secure(group_names, public_ip, options)
9
+ end
10
+
11
+ def secure(group_names, public_ip, options = {})
12
+ public_ip = public_ip
13
+ @port = options[:port] || 22
14
+ @region = options[:aws_region]
15
+ @aws_key = options[:aws_key]
16
+ @aws_secret = options[:aws_secret]
17
+ revoke_all = options.has_key?(:revoke_all) ? options[:revoke_all] : true
18
+ wtlist = options[:whitelist] || []
19
+
20
+ whitelist = []
21
+ public_ip = "#{public_ip}/32" unless public_ip =~ /\//
22
+ wtlist.each do |ip|
23
+ whitelist << "#{ip}/32" unless ip =~ /\//
24
+ end
25
+
26
+ puts "Connecting AWS..."
27
+ groups = get_groups(group_names)
28
+ groups.each do |group|
29
+ puts "Configuring #{group.name}"
30
+ granted_ips = list_ips(group) || []
31
+ puts "Existing IPs with access to port #{port}: #{granted_ips.join(',')}"
32
+ allowed_ips = granted_ips.select { |i| whitelist.include? i }
33
+ allowed_ips << public_ip
34
+ if revoke_all
35
+ granted_ips.each do |ip|
36
+ unless allowed_ips.include? ip
37
+ puts "Revoking access to #{ip}"
38
+ revoke_access(group, ip)
39
+ end
40
+ end
41
+ end
42
+ granted_ips.uniq!
43
+ allowed_ips.each do |ip|
44
+ puts "Granting access to port #{port} to #{ip}"
45
+ safe_authorize_port(group, ip)
46
+ end
47
+ end
48
+ end
49
+
50
+ def list_ips(group)
51
+ result = []
52
+ group.ip_permissions.detect do |ip_permission|
53
+ result << ip_permission['ipRanges'].collect{ |i| i["cidrIp"] } if ip_permission["toPort"] == port
54
+ end
55
+
56
+ result.flatten!
57
+ end
58
+
59
+ def revoke_access(group, ip)
60
+ group.revoke_port_range(port..port, :cidr_ip => ip)
61
+ end
62
+
63
+ def get_groups(group_names)
64
+ groups = []
65
+ group_names.each do |group_name|
66
+ groups << conn.security_groups.get(group_name)
67
+ end
68
+
69
+ groups
70
+ end
71
+
72
+ def safe_authorize_port(group, ip)
73
+ if group.ip_permissions.nil?
74
+ authorized = false
75
+ else
76
+ authorized = is_authorized?(group, ip)
77
+ end
78
+ unless authorized
79
+ begin
80
+ group.authorize_port_range(port..port, :cidr_ip => ip)
81
+ rescue => exc
82
+ puts "Failed #{exc.message}"
83
+ end
84
+ end
85
+ end
86
+
87
+ def is_authorized?(group, ip)
88
+ return group.ip_permissions.detect do |ip_permission|
89
+ ip_permission['ipRanges'].first && ip_permission['ipRanges'].first['cidrIp'] == ip &&
90
+ ip_permission['fromPort'] == port &&
91
+ ip_permission['ipProtocol'] == 'tcp' &&
92
+ ip_permission['toPort'] == port
93
+ end
94
+ end
95
+
96
+ def port
97
+ @port
98
+ end
99
+
100
+ def conn
101
+ @conn ||= Fog::Compute.new({
102
+ :provider => 'AWS',
103
+ :region => @region,
104
+ :aws_access_key_id => @aws_key,
105
+ :aws_secret_access_key => @aws_secret
106
+ })
107
+ end
108
+
109
+ end
110
+ end
@@ -0,0 +1,29 @@
1
+ module AwSec
2
+ module Providers
3
+ class Register
4
+
5
+ def self.register(name, klass)
6
+ @register ||= []
7
+ @register << { :name => name, :class => klass }
8
+ end
9
+
10
+ def self.list
11
+ @register
12
+ end
13
+
14
+ def self.provider(provider_name)
15
+ puts "Configuring #{provider_name}"
16
+ klass = Kernel.const_get(provider_name)
17
+ klass.new
18
+ end
19
+
20
+ Dir.foreach(File.join(File.dirname(__FILE__), '..', 'providers')) do |file|
21
+ path = File.join(File.join(File.dirname(__FILE__), '..', 'providers', file))
22
+ unless File.directory? path
23
+ require path
24
+ end
25
+ end
26
+
27
+ end
28
+ end
29
+ end
data/lib/version.rb CHANGED
@@ -13,7 +13,7 @@ module AwSec
13
13
  # Defines the minor version
14
14
  # PATCH:
15
15
  # Defines the patch version
16
- MAJOR, MINOR, PATCH = 0, 0, 2
16
+ MAJOR, MINOR, PATCH = 0, 0, 3
17
17
 
18
18
  #ie. PRERELEASE_MODIFIER = 'beta1'
19
19
  PRERELEASE_MODIFIER = nil
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: awsec
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.2
4
+ version: 0.0.3
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -13,7 +13,7 @@ date: 2013-02-25 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: json
16
- requirement: &70188930628180 !ruby/object:Gem::Requirement
16
+ requirement: &70344224561740 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: 1.6.3
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *70188930628180
24
+ version_requirements: *70344224561740
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: fog
27
- requirement: &70188930626580 !ruby/object:Gem::Requirement
27
+ requirement: &70344224560400 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ~>
@@ -32,10 +32,10 @@ dependencies:
32
32
  version: 1.4.0
33
33
  type: :runtime
34
34
  prerelease: false
35
- version_requirements: *70188930626580
35
+ version_requirements: *70344224560400
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: highline
38
- requirement: &70188930624960 !ruby/object:Gem::Requirement
38
+ requirement: &70344224557720 !ruby/object:Gem::Requirement
39
39
  none: false
40
40
  requirements:
41
41
  - - ~>
@@ -43,7 +43,7 @@ dependencies:
43
43
  version: 1.6.11
44
44
  type: :runtime
45
45
  prerelease: false
46
- version_requirements: *70188930624960
46
+ version_requirements: *70344224557720
47
47
  description: Open and close AWS Security Group from the terminal for more secure operations
48
48
  email: khash@cloud66.com
49
49
  executables:
@@ -53,6 +53,8 @@ extra_rdoc_files: []
53
53
  files:
54
54
  - lib/version.rb
55
55
  - lib/aw_sec.rb
56
+ - lib/aw_sec/core.rb
57
+ - lib/aw_sec/providers.rb
56
58
  - lib/providers/ip_echo.rb
57
59
  - lib/providers/my_ip.rb
58
60
  - bin/awsec