awsec 0.0.2 → 0.0.3

data/lib/aw_sec/core.rb

@@ -0,0 +1,110 @@
+require 'fog'
+
+module AwSec
+  class Core
+    
+    def self.secure(group_names, public_ip, options = {})
+      client = AwSec::Core.new
+      client.secure(group_names, public_ip, options)
+    end
+    
+    def secure(group_names, public_ip, options = {})
+      public_ip = public_ip
+      @port = options[:port] || 22
+      @region = options[:aws_region] 
+      @aws_key = options[:aws_key] 
+      @aws_secret = options[:aws_secret] 
+      revoke_all = options.has_key?(:revoke_all) ? options[:revoke_all] : true
+      wtlist = options[:whitelist] || []
+      
+      whitelist = []
+      public_ip = "#{public_ip}/32" unless public_ip =~  /\//
+      wtlist.each do |ip|
+        whitelist << "#{ip}/32" unless ip =~  /\//
+      end
+      
+      puts "Connecting AWS..."
+      groups = get_groups(group_names)
+      groups.each do |group|
+        puts "Configuring #{group.name}"
+        granted_ips = list_ips(group) || []
+        puts "Existing IPs with access to port #{port}: #{granted_ips.join(',')}"
+        allowed_ips = granted_ips.select { |i| whitelist.include? i }
+        allowed_ips << public_ip
+        if revoke_all
+          granted_ips.each do |ip|
+            unless allowed_ips.include? ip
+              puts "Revoking access to #{ip}"
+              revoke_access(group, ip)
+            end
+          end
+        end
+        granted_ips.uniq!
+        allowed_ips.each do |ip|
+          puts "Granting access to port #{port} to #{ip}"
+          safe_authorize_port(group, ip)
+        end
+      end
+    end
+    
+    def list_ips(group)
+      result = []
+    	group.ip_permissions.detect do |ip_permission|
+    		result << ip_permission['ipRanges'].collect{ |i| i["cidrIp"] } if ip_permission["toPort"] == port
+    	end
+
+      result.flatten!
+    end
+
+    def revoke_access(group, ip)
+      group.revoke_port_range(port..port, :cidr_ip => ip)
+    end
+    
+    def get_groups(group_names)
+      groups = []
+      group_names.each do |group_name|
+        groups << conn.security_groups.get(group_name)
+      end
+      
+      groups
+    end
+    
+    def safe_authorize_port(group, ip)
+    	if group.ip_permissions.nil?
+    		authorized = false
+    	else
+    		authorized = is_authorized?(group, ip)
+    	end
+    	unless authorized
+        begin
+          group.authorize_port_range(port..port, :cidr_ip => ip)
+        rescue => exc
+          puts "Failed #{exc.message}"
+        end
+    	end
+    end
+    
+    def is_authorized?(group, ip)
+    	return group.ip_permissions.detect do |ip_permission|
+    		ip_permission['ipRanges'].first && ip_permission['ipRanges'].first['cidrIp'] == ip &&
+    			ip_permission['fromPort'] == port &&
+    			ip_permission['ipProtocol'] == 'tcp' &&
+    			ip_permission['toPort'] == port
+    	end
+    end
+    
+    def port
+      @port
+    end
+    
+    def conn
+      @conn ||= Fog::Compute.new({
+        :provider => 'AWS',
+      	:region => @region,
+      	:aws_access_key_id => @aws_key,
+      	:aws_secret_access_key => @aws_secret
+      	})
+    end
+    
+  end
+end

data/lib/aw_sec/providers.rb

@@ -0,0 +1,29 @@
+module AwSec
+  module Providers
+    class Register
+
+      def self.register(name, klass)
+        @register ||= []
+        @register << { :name => name, :class => klass }
+      end
+      
+      def self.list
+        @register
+      end
+      
+      def self.provider(provider_name)
+        puts "Configuring #{provider_name}"
+        klass = Kernel.const_get(provider_name)
+        klass.new
+      end
+
+      Dir.foreach(File.join(File.dirname(__FILE__), '..', 'providers')) do |file|
+        path = File.join(File.join(File.dirname(__FILE__), '..', 'providers', file))
+        unless File.directory? path
+          require path
+        end
+      end
+      
+    end
+  end
+end

data/lib/version.rb

@@ -13,7 +13,7 @@ module AwSec
 		#  Defines the minor version
 		# PATCH:
 		#  Defines the patch version
-		MAJOR, MINOR, PATCH  = 0, 0, 2
+		MAJOR, MINOR, PATCH  = 0, 0, 3
 
 		#ie. PRERELEASE_MODIFIER = 'beta1'
 		PRERELEASE_MODIFIER = nil

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: awsec
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
   prerelease: 
 platform: ruby
 authors:
@@ -13,7 +13,7 @@ date: 2013-02-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
-  requirement: &70188930628180 !ruby/object:Gem::Requirement
+  requirement: &70344224561740 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: 1.6.3
   type: :runtime
   prerelease: false
-  version_requirements: *70188930628180
+  version_requirements: *70344224561740
 - !ruby/object:Gem::Dependency
   name: fog
-  requirement: &70188930626580 !ruby/object:Gem::Requirement
+  requirement: &70344224560400 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -32,10 +32,10 @@ dependencies:
         version: 1.4.0
   type: :runtime
   prerelease: false
-  version_requirements: *70188930626580
+  version_requirements: *70344224560400
 - !ruby/object:Gem::Dependency
   name: highline
-  requirement: &70188930624960 !ruby/object:Gem::Requirement
+  requirement: &70344224557720 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -43,7 +43,7 @@ dependencies:
         version: 1.6.11
   type: :runtime
   prerelease: false
-  version_requirements: *70188930624960
+  version_requirements: *70344224557720
 description: Open and close AWS Security Group from the terminal for more secure operations
 email: khash@cloud66.com
 executables:
@@ -53,6 +53,8 @@ extra_rdoc_files: []
 files:
 - lib/version.rb
 - lib/aw_sec.rb
+- lib/aw_sec/core.rb
+- lib/aw_sec/providers.rb
 - lib/providers/ip_echo.rb
 - lib/providers/my_ip.rb
 - bin/awsec