RubyGems - awsec - Versions diffs - 0.1 → 0.1.1 - Mend

awsec 0.1 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

data/bin/{awsec.sh → awsec} RENAMED Viewed

@@ -4,8 +4,7 @@ require File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib', 'aw_sec'
 require 'json'
 require 'highline/import'
 require 'optparse'
-VERSION = '0.1'
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib', 'version'))
 config_path = File.join(Dir.home, '.awsec', 'awsec.json')
@@ -82,7 +81,7 @@ optparse = OptionParser.new do |opts|
 	end
   opts.on('-v', '--version', 'AwSec version') do
-    say("AwSec v#{VERSION}")
+    say("AwSec v#{AwSec::Version.current}")
     exit
   end

data/lib/aw_sec.rb ADDED Viewed

@@ -0,0 +1,5 @@
+require File.join(File.dirname(__FILE__), 'aw_sec', 'core')
+require File.join(File.dirname(__FILE__), 'aw_sec', 'providers')
+module AwSec
+end

data/lib/aw_sec/core.rb ADDED Viewed

@@ -0,0 +1,110 @@
+require 'fog'
+module AwSec
+  class Core
+    def self.secure(group_names, public_ip, options = {})
+      client = AwSec::Core.new
+      client.secure(group_names, public_ip, options)
+    end
+    def secure(group_names, public_ip, options = {})
+      public_ip = public_ip
+      @port = options[:port] || 22
+      @region = options[:aws_region]
+      @aws_key = options[:aws_key]
+      @aws_secret = options[:aws_secret]
+      revoke_all = options.has_key?(:revoke_all) ? options[:revoke_all] : true
+      wtlist = options[:whitelist] || []
+      whitelist = []
+      public_ip = "#{public_ip}/32" unless public_ip =~  /\//
+      wtlist.each do |ip|
+        whitelist << "#{ip}/32" unless ip =~  /\//
+      end
+      puts "Connecting AWS..."
+      groups = get_groups(group_names)
+      groups.each do |group|
+        puts "Configuring #{group.name}"
+        granted_ips = list_ips(group) || []
+        puts "Existing IPs with access to port #{port}: #{granted_ips.join(',')}"
+        allowed_ips = granted_ips.select { |i| whitelist.include? i }
+        allowed_ips << public_ip
+        if revoke_all
+          granted_ips.each do |ip|
+            unless allowed_ips.include? ip
+              puts "Revoking access to #{ip}"
+              revoke_access(group, ip)
+            end
+          end
+        end
+        granted_ips.uniq!
+        allowed_ips.each do |ip|
+          puts "Granting access to port #{port} to #{ip}"
+          safe_authorize_port(group, ip)
+        end
+      end
+    end
+    def list_ips(group)
+      result = []
+    	group.ip_permissions.detect do |ip_permission|
+    		result << ip_permission['ipRanges'].collect{ |i| i["cidrIp"] } if ip_permission["toPort"] == port
+    	end
+      result.flatten!
+    end
+    def revoke_access(group, ip)
+      group.revoke_port_range(port..port, :cidr_ip => ip)
+    end
+    def get_groups(group_names)
+      groups = []
+      group_names.each do |group_name|
+        groups << conn.security_groups.get(group_name)
+      end
+      groups
+    end
+    def safe_authorize_port(group, ip)
+    	if group.ip_permissions.nil?
+    		authorized = false
+    	else
+    		authorized = is_authorized?(group, ip)
+    	end
+    	unless authorized
+        begin
+          group.authorize_port_range(port..port, :cidr_ip => ip)
+        rescue => exc
+          puts "Failed #{exc.message}"
+        end
+    	end
+    end
+    def is_authorized?(group, ip)
+    	return group.ip_permissions.detect do |ip_permission|
+    		ip_permission['ipRanges'].first && ip_permission['ipRanges'].first['cidrIp'] == ip &&
+    			ip_permission['fromPort'] == port &&
+    			ip_permission['ipProtocol'] == 'tcp' &&
+    			ip_permission['toPort'] == port
+    	end
+    end
+    def port
+      @port
+    end
+    def conn
+      @conn ||= Fog::Compute.new({
+        :provider => 'AWS',
+      	:region => @region,
+      	:aws_access_key_id => @aws_key,
+      	:aws_secret_access_key => @aws_secret
+      	})
+    end
+  end
+end

data/lib/aw_sec/providers.rb ADDED Viewed

@@ -0,0 +1,29 @@
+module AwSec
+  module Providers
+    class Register
+      def self.register(name, klass)
+        @register ||= []
+        @register << { :name => name, :class => klass }
+      end
+      def self.list
+        @register
+      end
+      def self.provider(provider_name)
+        puts "Configuring #{provider_name}"
+        klass = Kernel.const_get(provider_name)
+        klass.new
+      end
+      Dir.foreach(File.join(File.dirname(__FILE__), '..', 'providers')) do |file|
+        path = File.join(File.join(File.dirname(__FILE__), '..', 'providers', file))
+        unless File.directory? path
+          require path
+        end
+      end
+    end
+  end
+end

data/lib/providers/ip_echo.rb ADDED Viewed

@@ -0,0 +1,18 @@
+require 'net/http'
+module AwSec
+  module Providers
+    class EchoIp
+      Register.register('Echo IP', AwSec::Providers::EchoIp.new())
+      def get_public_ip(options)
+        Net::HTTP.get(URI "http://ipecho.net/plain")
+      end
+       def configure
+       end
+    end
+  end
+end

data/lib/providers/my_ip.rb ADDED Viewed

@@ -0,0 +1,24 @@
+require 'net/http'
+require 'highline/import'
+module AwSec
+  module Providers
+    class MyIp
+      Register.register('My IP', AwSec::Providers::MyIp.new())
+      def get_public_ip(options)
+      	Net::HTTP.get(URI "http://auto.whatismyip.com/ip.php?user=#{options[:my_ip_username]}&password=#{options[:my_ip_password]}")
+      end
+      def configure
+        result = {}
+        result[:my_ip_username] = ask('My IP username')
+        result[:my_ip_password] = ask('My IP password') { |q| q.echo = "*" }
+        result
+      end
+    end
+  end
+end

data/lib/version.rb ADDED Viewed

@@ -0,0 +1,52 @@
+# encoding: utf-8
+module AwSec
+	class Version
+		##
+		# Change the MAJOR, MINOR and PATCH constants below
+		# to adjust the version of the Cloud66 Agent gem
+		#
+		# MAJOR:
+		#  Defines the major version
+		# MINOR:
+		#  Defines the minor version
+		# PATCH:
+		#  Defines the patch version
+		MAJOR, MINOR, PATCH  = 0, 1, 1
+		#ie. PRERELEASE_MODIFIER = 'beta1'
+		PRERELEASE_MODIFIER = nil
+		##
+		# Returns the major version ( big release based off of multiple minor releases )
+		def self.major
+			MAJOR
+		end
+		##
+		# Returns the minor version ( small release based off of multiple patches )
+		def self.minor
+			MINOR
+		end
+		##
+		# Returns the patch version ( updates, features and (crucial) bug fixes )
+		def self.patch
+			PATCH
+		end
+		##
+		# Returns the prerelease modifier ( not quite ready for public consumption )
+		def self.prerelease_modifier
+			PRERELEASE_MODIFIER
+		end
+		##
+		# Returns the current version of the Backup gem ( qualified for the gemspec )
+		def self.current
+			prerelease_modifier.nil? ? "#{major}.#{minor}.#{patch}" : "#{major}.#{minor}.#{patch}.#{prerelease_modifier}"
+		end
+	end
+end

metadata CHANGED Viewed

@@ -1,75 +1,67 @@
 --- !ruby/object:Gem::Specification
 name: awsec
 version: !ruby/object:Gem::Version
-  version: '0.1'
+  version: 0.1.1
   prerelease:
 platform: ruby
 authors:
-- Khash Sajadi (Cloud 66)
+- Cloud 66
 autorequire:
 bindir: bin
 cert_chain: []
 date: 2013-02-25 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: rubygems
-  requirement: &70146232181040 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: *70146232181040
 - !ruby/object:Gem::Dependency
   name: json
-  requirement: &70146232180280 !ruby/object:Gem::Requirement
+  requirement: &70283797022900 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.6.3
   type: :runtime
   prerelease: false
-  version_requirements: *70146232180280
+  version_requirements: *70283797022900
 - !ruby/object:Gem::Dependency
-  name: highline
-  requirement: &70146232179620 !ruby/object:Gem::Requirement
+  name: fog
+  requirement: &70283797022280 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.4.0
   type: :runtime
   prerelease: false
-  version_requirements: *70146232179620
+  version_requirements: *70283797022280
 - !ruby/object:Gem::Dependency
-  name: optparse
-  requirement: &70146232178980 !ruby/object:Gem::Requirement
+  name: highline
+  requirement: &70283797021400 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.6.11
   type: :runtime
   prerelease: false
-  version_requirements: *70146232178980
+  version_requirements: *70283797021400
 description: Open and close AWS Security Group from the terminal for more secure operations
 email: khash@cloud66.com
 executables:
-- awsec.sh
+- awsec
 extensions: []
-extra_rdoc_files:
-- README.md
+extra_rdoc_files: []
 files:
-- README.md
-- bin/awsec.sh
+- lib/version.rb
+- lib/aw_sec.rb
+- lib/aw_sec/core.rb
+- lib/aw_sec/providers.rb
+- lib/providers/ip_echo.rb
+- lib/providers/my_ip.rb
+- bin/awsec
 homepage: https://github.com/cloud66/awsec
 licenses: []
 post_install_message:
-rdoc_options:
-- --charset=UTF-8
+rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement

data/README.md DELETED Viewed

@@ -1,4 +0,0 @@
-awsec
-=====
-AWS Security Toolbelt