awshark 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d5706c9a35383e578bac90c8f432f2b4d730857556112222ff122ba7f7fba8e0
-  data.tar.gz: 6a3c0ca64b7f017aaea42c7fed255a5e5f44ec33bce1de59a00c875c1023e86e
+  metadata.gz: 8f014eaddd54562cad6064bc0b28a9fde800b7144f3be26e4af11f02a99d1f13
+  data.tar.gz: 258b5c71b20180623ca66646d4081c38d8c14e590a1b2a2773193523423dc614
 SHA512:
-  metadata.gz: a18d22c21cda523abfa5bd6369df2855b55eb479a2d43a0fa1bd66de0902e055db4e164bab332338f417fcc010094a168b4d2f92a16e4915a840fcb580608584
-  data.tar.gz: c4e5e7d9a2105ff44c58ce0f08ae742e48f780d18b4f63459d39ec6f670d372b5636e966f90e081fec071f4c56ad0923b3b1cb94549ef10cf819e064a57575ac
+  metadata.gz: 42970eec188f9fe6a4f561a2d42b01387b08c98f26ee93e0352d83f1fda165f119ae09909fbbb62c80e5380ca259a8d667bb46cf416e742db333051da4891204
+  data.tar.gz: ecf2602e7bb5cf37ebd508d3bb95d44eff004214f38bb6fa19475ee38d6b094093c6572c17acb3d48ca59d6b018a39129019d450e80aa7a6db4d84d0cc4b7c17

data/.rubocop.yml

@@ -69,7 +69,7 @@ Lint/UselessTimes:
 
 Metrics/AbcSize:
   Enabled: true
-  Max: 20
+  Max: 25
 Metrics/BlockLength:
   Exclude:
     - '*.gemspec'

data/CHANGELOG.md

@@ -1,5 +1,8 @@
 ## Changelog
 
+#### 1.3.0
+- [new] add `awshark ec2 authorize` and `unauthorize`
+
 #### 1.2.0
 - [new] add `awshark ecs list`
 - [break] remove options `--profile` and `--region`; use `AWS_PROFILE` and `AWS_REGION` instead

data/lib/awshark/class_options.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Awshark
+  module ClassOptions
+    def process_class_options
+      command = current_command_chain.last
+      cli_options = options.merge(parent_options || {}).symbolize_keys
+
+      if cli_options[:help]
+        respond_to?(command) ? help(command) : help
+        exit(0)
+      end
+
+      setup_aws_credentials(options)
+    end
+
+    private
+
+    def setup_aws_credentials(options)
+      profile_resolver = ProfileResolver.new(options)
+
+      ::Aws.config[:region] = profile_resolver.region
+      ::Aws.config[:credentials] = profile_resolver.credentials
+    end
+  end
+end

data/lib/awshark/cli.rb

@@ -1,13 +1,12 @@
 # frozen_string_literal: true
 
 require 'awshark/profile_resolver'
-
-require 'awshark/subcommands/class_options'
-require 'awshark/subcommands/cloud_formation'
-require 'awshark/subcommands/ec2'
-require 'awshark/subcommands/ecs'
-require 'awshark/subcommands/rds'
-require 'awshark/subcommands/s3'
+require 'awshark/class_options'
+require 'awshark/cloud_formation/subcommand'
+require 'awshark/ec2/subcommand'
+require 'awshark/ecs/subcommand'
+require 'awshark/rds/subcommand'
+require 'awshark/s3/subcommand'
 
 module Awshark
   class Cli < Thor
@@ -18,19 +17,19 @@ module Awshark
     class_option :help, type: :boolean, desc: 'Prints this help'
 
     desc 'cf COMMAND', 'Run CloudFormation command'
-    subcommand 'cf', Awshark::Subcommands::CloudFormation
+    subcommand 'cf', Awshark::CloudFormation::Subcommand
 
     desc 'ec2 COMMAND', 'Run EC2 command'
-    subcommand 'ec2', Awshark::Subcommands::EC2
+    subcommand 'ec2', Awshark::Ec2::Subcommand
 
     desc 'ecs COMMAND', 'Run ECS command'
-    subcommand 'ecs', Awshark::Subcommands::Ecs
+    subcommand 'ecs', Awshark::Ecs::Subcommand
 
     desc 'rds COMMAND', 'Run RDS command'
-    subcommand 'rds', Awshark::Subcommands::Rds
+    subcommand 'rds', Awshark::Rds::Subcommand
 
     desc 's3 COMMAND', 'Run CloudFormation command'
-    subcommand 's3', Awshark::Subcommands::S3
+    subcommand 's3', Awshark::S3::Subcommand
 
     desc 'version', 'Displays current version of AwsShark'
     long_desc <<-LONGDESC

data/lib/awshark/{subcommands/cloud_formation.rb → cloud_formation/subcommand.rb}

@@ -14,9 +14,9 @@ require 'awshark/cloud_formation/stack_events'
 require 'awshark/cloud_formation/template'
 
 module Awshark
-  module Subcommands
-    class CloudFormation < Thor
-      include Awshark::Subcommands::ClassOptions
+  module CloudFormation
+    class Subcommand < Thor
+      include Awshark::ClassOptions
 
       class_option :bucket, type: :string, desc: 'S3 bucket for template'
       class_option :iam, type: :boolean, desc: 'Needs IAM capabilities'

data/lib/awshark/concerns/logging.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Awshark
+  module Logging
+    def logger
+      Awshark.logger
+    end
+  end
+end

data/lib/awshark/ec2/configuration.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Awshark
+  module Ec2
+    class Configuration
+      def client
+        region = Aws.config[:region] || 'eu-central-1'
+        @client ||= Aws::EC2::Client.new(region: region)
+      end
+
+      attr_writer :client
+    end
+  end
+end

data/lib/awshark/ec2/instance.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Awshark
-  module EC2
+  module Ec2
     class Instance
       attr_reader :id
       attr_reader :type

data/lib/awshark/ec2/manager.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Awshark
-  module EC2
+  module Ec2
     class Manager
       def all_instances
         return @all_instances if defined?(@all_instances)
@@ -29,11 +29,7 @@ module Awshark
       private
 
       def client
-        @client ||= Aws::EC2::Client.new(region: region)
-      end
-
-      def region
-        Aws.config[:region] || 'eu-central-1'
+        Awshark.config.ec2.client
       end
     end
   end

data/lib/awshark/ec2/security_group.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+module Awshark
+  module Ec2
+    class SecurityGroup
+      include Logging
+
+      attr_reader :security_group_id, :username
+
+      def initialize(id:, username:)
+        validate!(:id, id)
+        validate!(:username, username)
+
+        @security_group_id = id
+        @username = username
+      end
+
+      def authorize(ip:, ports:)
+        ports.each do |port|
+          ip_rule = SecurityRule.new(
+            ip: ip,
+            from_port: port,
+            to_port: port,
+            description: username
+          )
+          client.authorize_security_group_ingress(
+            group_id: security_group_id,
+            ip_permissions: [ip_rule.to_hash]
+          )
+          logger.info "Created ingress rule in for #{ip_rule.cidr_ip}, port #{port}."
+        rescue Aws::EC2::Errors::InvalidPermissionDuplicate
+          logger.warn "An ingress rule for #{ip} and port #{port} exists."
+        end
+      end
+
+      def unauthorize
+        return if my_ingress_rules.empty?
+
+        client.revoke_security_group_ingress(
+          group_id: security_group_id,
+          ip_permissions: my_ingress_rules
+        )
+        logger.info "Removed all ingress rules for #{username}."
+      end
+
+      def my_ingress_rules
+        return @my_ingress_rules if defined?(@my_ingress_rules)
+
+        response = client.describe_security_groups(group_ids: [security_group_id])
+        return [] if response.security_groups.empty?
+
+        security_group = response.security_groups.first
+        security_rules = security_group.ip_permissions.map do |ip_permission|
+          SecurityRule.new(ip_permission)
+        end
+
+        @my_ingress_rules = security_rules.map do |rule|
+          rule.ip_ranges.keep_if { |ip_range| ip_range.description == username }
+          rule.ip_ranges.any? ? rule.to_hash : nil
+        end
+
+        @my_ingress_rules.compact!
+      end
+
+      private
+
+      def client
+        Awshark.config.ec2.client
+      end
+
+      def validate!(name, value)
+        raise ArgumentError, "Argument #{name} cannot be empty" if value.blank?
+      end
+    end
+  end
+end

data/lib/awshark/ec2/security_rule.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Awshark
+  module Ec2
+    class SecurityRule
+      attr_reader :ip_protocol, :ip_ranges, :from_port, :to_port
+
+      def initialize(args)
+        if args.is_a?(Aws::EC2::Types::IpPermission)
+          @ip_protocol = args.ip_protocol
+          @ip_ranges = args.ip_ranges
+          @from_port = args.from_port
+          @to_port = args.to_port
+        else
+          ip = args.fetch(:ip)
+          description = args.fetch(:description)
+          @ip_protocol = args.fetch(:ip_protocol, 'tcp')
+          @ip_ranges = [OpenStruct.new({ cidr_ip: "#{ip}/32", description: description })]
+          @from_port = args.fetch(:from_port)
+          @to_port = args.fetch(:to_port)
+        end
+      end
+
+      def cidr_ip
+        ip_ranges[0].cidr_ip
+      end
+
+      def description
+        ip_ranges[0].description
+      end
+
+      def to_hash
+        {
+          ip_protocol: ip_protocol,
+          from_port: from_port,
+          to_port: to_port,
+          ip_ranges: ip_ranges.map(&:to_h)
+        }
+      end
+    end
+  end
+end

data/lib/awshark/ec2/subcommand.rb

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+
+require 'aws-sdk-ec2'
+
+require 'awshark/ec2/instance'
+require 'awshark/ec2/manager'
+require 'awshark/ec2/security_group'
+require 'awshark/ec2/security_rule'
+
+module Awshark
+  module Ec2
+    class Subcommand < Thor
+      include Awshark::ClassOptions
+
+      desc 'list', 'List all EC2 instances'
+      long_desc <<-LONGDESC
+        List all EC2 instances in a region
+
+        Example:
+          awshark ec2 list STATE
+
+      LONGDESC
+      def list(state = 'running')
+        process_class_options
+
+        instances = manager.public_send("#{state}_instances")
+        instances = instances.sort_by(&:name)
+
+        instances.each do |i|
+          args = { name: i.name, type: i.type, public_dns: i.public_dns_name, state: i.state }
+          printf "%-40<name>s %-12<type>s %-60<public_dns>s %<state>s\n", args
+        end
+      end
+
+      desc 'authorize', 'Authorises your IP to access AWS'
+      long_desc <<-LONGDESC
+        Adds your IP address to the security group to allow direct access to the VPCs.
+
+        Example:
+          awshark ec2 authorize
+
+      LONGDESC
+      option :ports,
+             type: :string,
+             desc: 'Ports to register. Only uses ports from 1 to 65535.',
+             default: '443'
+      option :security_group,
+             type: :string,
+             required: true,
+             desc: 'Security group to allow access to.'
+      option :username,
+             type: :string,
+             desc: 'Ports to register. Only uses ports from 1 to 65535.'
+      def authorize
+        process_class_options
+
+        group = Ec2::SecurityGroup.new(id: security_group_id, username: username)
+        group.authorize(ip: my_ip, ports: ports)
+      end
+
+      desc 'unauthorize', 'Removes your IP from access to AWS'
+      long_desc <<-LONGDESC
+        Removes all your ingress rules from the home office security group in the VPCs.
+
+        Example:
+          awshark ec2 unauthorize
+
+      LONGDESC
+      option :security_group,
+             type: :string,
+             required: true,
+             desc: 'Security group to remove access from.'
+      option :username,
+             type: :string,
+             desc: 'Ports to register. Only uses ports from 1 to 65535.'
+      def unauthorize
+        process_class_options
+
+        group = Ec2::SecurityGroup.new(id: security_group_id, username: username)
+        group.unauthorize
+      end
+
+      private
+
+      def manager
+        @manager ||= Ec2::Manager.new
+      end
+
+      def my_ip
+        @my_ip ||= `curl -s https://api.ipify.org`.strip
+      end
+
+      def ports
+        result = options[:ports].split(',').map(&:to_i)
+        result.select { |port| (1..65_535).cover?(port) }
+      end
+
+      def security_group_id
+        options[:security_group].strip
+      end
+
+      def username
+        options[:username].presence || `whoami`.strip
+      end
+    end
+  end
+end

data/lib/awshark/{subcommands/ecs.rb → ecs/subcommand.rb}

@@ -7,9 +7,9 @@ require 'awshark/ecs/cluster'
 require 'awshark/ecs/manager'
 
 module Awshark
-  module Subcommands
-    class Ecs < Thor
-      include Awshark::Subcommands::ClassOptions
+  module Ecs
+    class Subcommand < Thor
+      include Awshark::ClassOptions
 
       desc 'list', 'list ECS tasks'
       long_desc <<-LONGDESC

data/lib/awshark/{subcommands/rds.rb → rds/subcommand.rb}

@@ -6,9 +6,9 @@ require 'awshark/rds/check_reservations'
 require 'awshark/rds/manager'
 
 module Awshark
-  module Subcommands
-    class Rds < Thor
-      include Awshark::Subcommands::ClassOptions
+  module Rds
+    class Subcommand < Thor
+      include Awshark::ClassOptions
 
       desc 'check', 'Check RDS reservations'
       long_desc <<-LONGDESC

data/lib/awshark/{subcommands/s3.rb → s3/subcommand.rb}

@@ -9,9 +9,9 @@ require 'awshark/s3/bucket'
 require 'awshark/s3/manager'
 
 module Awshark
-  module Subcommands
-    class S3 < Thor
-      include Awshark::Subcommands::ClassOptions
+  module S3
+    class Subcommand < Thor
+      include Awshark::ClassOptions
       include ActiveSupport::NumberHelper
 
       desc 'list', 'List S3 bucket statistics'

data/lib/awshark/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Awshark
-  VERSION = '1.2.0'
+  VERSION = '1.3.0'
 end

data/lib/awshark.rb

@@ -6,7 +6,9 @@ require 'thor'
 require 'yaml'
 
 require 'awshark/version'
+require 'awshark/concerns/logging'
 require 'awshark/cloud_formation/configuration'
+require 'awshark/ec2/configuration'
 require 'awshark/ecs/configuration'
 require 'awshark/s3/configuration'
 require 'awshark/sts/configuration'
@@ -17,12 +19,14 @@ module Awshark
   def self.config
     @config ||= begin
                   cf = CloudFormation::Configuration.new
+                  ec2 = Ec2::Configuration.new
                   ecs = Ecs::Configuration.new
                   s3 = S3::Configuration.new
                   sts = Sts::Configuration.new
 
                   OpenStruct.new(
                     cloud_formation: cf,
+                    ec2: ec2,
                     ecs: ecs,
                     s3: s3,
                     sts: sts

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awshark
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Joergen Dahlke
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-12-16 00:00:00.000000000 Z
+date: 2022-01-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -252,6 +252,7 @@ files:
 - exe/awshark
 - gems.rb
 - lib/awshark.rb
+- lib/awshark/class_options.rb
 - lib/awshark/cli.rb
 - lib/awshark/cloud_formation/configuration.rb
 - lib/awshark/cloud_formation/file_loading.rb
@@ -260,26 +261,29 @@ files:
 - lib/awshark/cloud_formation/parameters.rb
 - lib/awshark/cloud_formation/stack.rb
 - lib/awshark/cloud_formation/stack_events.rb
+- lib/awshark/cloud_formation/subcommand.rb
 - lib/awshark/cloud_formation/template.rb
+- lib/awshark/concerns/logging.rb
+- lib/awshark/ec2/configuration.rb
 - lib/awshark/ec2/instance.rb
 - lib/awshark/ec2/manager.rb
+- lib/awshark/ec2/security_group.rb
+- lib/awshark/ec2/security_rule.rb
+- lib/awshark/ec2/subcommand.rb
 - lib/awshark/ecs/cluster.rb
 - lib/awshark/ecs/configuration.rb
 - lib/awshark/ecs/manager.rb
+- lib/awshark/ecs/subcommand.rb
 - lib/awshark/profile_resolver.rb
 - lib/awshark/rds/check_reservations.rb
 - lib/awshark/rds/manager.rb
+- lib/awshark/rds/subcommand.rb
 - lib/awshark/s3/artifact.rb
 - lib/awshark/s3/bucket.rb
 - lib/awshark/s3/configuration.rb
 - lib/awshark/s3/manager.rb
+- lib/awshark/s3/subcommand.rb
 - lib/awshark/sts/configuration.rb
-- lib/awshark/subcommands/class_options.rb
-- lib/awshark/subcommands/cloud_formation.rb
-- lib/awshark/subcommands/ec2.rb
-- lib/awshark/subcommands/ecs.rb
-- lib/awshark/subcommands/rds.rb
-- lib/awshark/subcommands/s3.rb
 - lib/awshark/version.rb
 homepage: https://github.com/jdahlke/awshark
 licenses:

data/lib/awshark/subcommands/class_options.rb

@@ -1,28 +0,0 @@
-# frozen_string_literal: true
-
-module Awshark
-  module Subcommands
-    module ClassOptions
-      def process_class_options
-        command = current_command_chain.last
-        cli_options = options.merge(parent_options || {}).symbolize_keys
-
-        if cli_options[:help]
-          respond_to?(command) ? help(command) : help
-          exit(0)
-        end
-
-        setup_aws_credentials(options)
-      end
-
-      private
-
-      def setup_aws_credentials(options)
-        profile_resolver = ProfileResolver.new(options)
-
-        ::Aws.config[:region] = profile_resolver.region
-        ::Aws.config[:credentials] = profile_resolver.credentials
-      end
-    end
-  end
-end

data/lib/awshark/subcommands/ec2.rb

@@ -1,38 +0,0 @@
-# frozen_string_literal: true
-
-require 'aws-sdk-ec2'
-
-require 'awshark/ec2/instance'
-require 'awshark/ec2/manager'
-
-module Awshark
-  module Subcommands
-    class EC2 < Thor
-      include Awshark::Subcommands::ClassOptions
-
-      desc 'list', 'List all EC2 instances'
-      long_desc <<-LONGDESC
-        List all EC2 instances in a region
-
-        Example: `awshark ec2 list STATE`
-      LONGDESC
-      def list(state = 'running')
-        process_class_options
-
-        instances = manager.public_send("#{state}_instances")
-        instances = instances.sort_by(&:name)
-
-        instances.each do |i|
-          args = { name: i.name, type: i.type, public_dns: i.public_dns_name, state: i.state }
-          printf "%-40<name>s %-12<type>s %-60<public_dns>s %<state>s\n", args
-        end
-      end
-
-      private
-
-      def manager
-        @manager ||= Awshark::EC2::Manager.new
-      end
-    end
-  end
-end