awspec 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c7cdec523d2ed0c3f17c1fe819f9ec63907135d7
+  data.tar.gz: 8a56f108f5fd80304b1c7f2d12cd14992cf0ebd7
+SHA512:
+  metadata.gz: 5f22da57b3c932b9e98ab55e6a07db11346c45ba90e126e72a411a81d0d315eb424b49502e453b8a77b2d19cf639bac380b7eef610a91b7c095ff2beca1d2cc5
+  data.tar.gz: 74de2a12f8a98ab7fc1f4409d86972e36611e781be22db161caddc0cf99becd3f3c195b1f7cc594b22167dc5302bd5e8e129521440f134c40fb6a63c87e92500

data/.editorconfig

@@ -0,0 +1,13 @@
+root = ture
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+
+[*.rb]
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace = true
+insert_final_newline = false
+trim_traling_whitespace = true

data/.gitignore

@@ -0,0 +1,10 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/spec/secrets.yml

data/.rubocop.yml

@@ -0,0 +1,50 @@
+Lint/Eval:
+  Enabled: false
+
+Lint/HandleExceptions:
+  Enabled: false
+
+Lint/UselessAssignment:
+  Enabled: false
+
+Metrics/AbcSize:
+  Max: 50
+
+Metrics/ClassLength:
+  Max: 120
+
+Metrics/CyclomaticComplexity:
+  Max: 15
+
+Metrics/LineLength:
+  Max: 120
+
+Metrics/MethodLength:
+  Max: 30
+
+Metrics/PerceivedComplexity:
+  Max: 15
+
+Style/BarePercentLiterals:
+  Enabled: false
+
+Style/ClassAndModuleChildren:
+  Enabled: false
+
+Style/Documentation:
+  Enabled: false
+
+Style/PercentLiteralDelimiters:
+  Enabled: false
+
+Style/PredicateName:
+  Enabled: false
+
+Style/RedundantSelf:
+  Enabled: false
+
+Style/SymbolProc:
+  Enabled: false
+
+Style/BracesAroundHashParameters:
+  Enabled: false

data/.travis.yml

@@ -0,0 +1,11 @@
+language: ruby
+rvm:
+  - 2.1.6
+  - 2.2.1
+
+before_install:
+  - gem update bundler
+  
+script:
+  - bundle exec rake spec
+  - bundle exec rubocop

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in awspec.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Ken'ichiro Oyama
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,68 @@
+# awspec [![Build Status](https://travis-ci.org/k1LoW/awspec.svg?branch=master)](https://travis-ci.org/k1LoW/awspec)
+
+RSpec tests for your AWS resources.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'awspec'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install awspec
+
+## Usage
+
+### 1. Generate awspec template
+
+    $ awspec init
+
+### 2. Write *_spec.rb
+
+```ruby
+describe ec2('i-ec12345a') do
+  it { should be_running }
+  its(:instance_id) { should eq 'i-ec12345a' }
+  its(:image_id) { should eq 'ami-abc12def' }
+  its(:public_ip_address) { should eq '123.0.456.789' }
+  it { should have_security_group('my-security-group-name') }
+  it { should belong_to_vpc('my-vpc') }
+  it { should belong_to_subnet('subnet-1234a567') }
+  it { should have_eip('123.0.456.789') }
+end
+```
+
+## Support AWS Resources
+
+- [X] EC2
+- [X] RDS
+    - [ ] RDS DB Parameter
+- [X] Security Group
+- [X] VPC
+
+### Next..
+
+- [ ] S3
+- [ ] Route53
+- ...
+
+## Contributing
+
+1. Fork it ( https://github.com/k1LoW/awspec/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request
+
+## References
+
+- Original idea (code / architecture) -> [Serverspec](https://github.com/serverspec/serverspec)
+- awspec original concept -> https://github.com/marcy-terui/awspec
+- [Serverspec book](http://www.oreilly.co.jp/books/9784873117096/)

data/Rakefile

@@ -0,0 +1,16 @@
+require 'bundler/gem_tasks'
+begin
+  require 'rspec/core/rake_task'
+rescue LoadError
+end
+
+if defined?(RSpec)
+  task spec: 'spec:all'
+  namespace :spec do
+    task all: ['spec:type']
+
+    RSpec::Core::RakeTask.new(:type) do |t|
+      t.pattern = 'spec/type/*_spec.rb'
+    end
+  end
+end

data/awspec.gemspec

@@ -0,0 +1,29 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'awspec/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'awspec'
+  spec.version       = Awspec::VERSION
+  spec.authors       = ['k1LoW']
+  spec.email         = ['k1lowxb@gmail.com']
+
+  spec.summary       = 'RSpec tests for your AWS resources.'
+  spec.description   = 'RSpec tests for your AWS resources.'
+  spec.homepage      = 'https://github.com/k1LoW/awspec'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_runtime_dependency 'rspec', '~> 3.0'
+  spec.add_runtime_dependency 'rspec-its'
+  spec.add_runtime_dependency 'aws-sdk', '~> 2'
+  spec.add_runtime_dependency 'thor'
+  spec.add_development_dependency 'bundler', '~> 1.9'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rubocop'
+end

data/bin/awspec

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require 'awspec'
+
+Awspec::CLI.start

data/lib/awspec.rb

@@ -0,0 +1,11 @@
+require 'rubygems'
+require 'rspec'
+require 'rspec/its'
+require 'awspec/version'
+require 'awspec/cli'
+require 'awspec/matcher'
+require 'awspec/helper'
+require 'awspec/ext/string'
+
+module Awspec
+end

data/lib/awspec/cli.rb

@@ -0,0 +1,11 @@
+require 'thor'
+require 'awspec/setup'
+
+module Awspec
+  class CLI < Thor
+    desc 'awspec init', 'Generate awspec spec_helper.rb'
+    def init
+      Awspec::Setup.run
+    end
+  end
+end

data/lib/awspec/ext/string.rb

@@ -0,0 +1,14 @@
+class String
+  def to_snake_case
+    self.gsub(/::/, '/')
+      .gsub(/([A-Z]+)([A-Z][a-z])/, '\1_\2')
+      .gsub(/([a-z\d])([A-Z])/, '\1_\2')
+      .tr('-', '_')
+      .downcase
+  end
+
+  def to_camel_case
+    return self if self !~ /_/ && self =~ /[A-Z]+.*/
+    split('_').map { |e| e.capitalize }.join
+  end
+end

data/lib/awspec/helper.rb

@@ -0,0 +1,6 @@
+require 'awspec/helper/type'
+extend Awspec::Helper::Type
+class RSpec::Core::ExampleGroup
+  extend Awspec::Helper::Type
+  include Awspec::Helper::Type
+end

data/lib/awspec/helper/type.rb

@@ -0,0 +1,18 @@
+module Awspec
+  module Helper
+    module Type
+      types = %w(
+        base ec2 rds security_group vpc
+      )
+
+      types.each { |type| require "awspec/type/#{type}" }
+
+      types.each do |type|
+        define_method type do |*args|
+          name = args.first
+          eval "Awspec::Type::#{type.to_camel_case}.new(name)"
+        end
+      end
+    end
+  end
+end

data/lib/awspec/matcher.rb

@@ -0,0 +1,9 @@
+# EC2
+require 'awspec/matcher/belong_to_vpc'
+require 'awspec/matcher/belong_to_subnet'
+
+# RDS
+require 'awspec/matcher/belong_to_db_subnet_group'
+
+# SecurityGroup
+require 'awspec/matcher/be_opened'

data/lib/awspec/matcher/be_opened.rb

@@ -0,0 +1,17 @@
+RSpec::Matchers.define :be_opened do |port|
+  match do |sg|
+    sg.opened?(port, @protocol, @cidr)
+  end
+
+  chain :protocol do |protocol|
+    @protocol = protocol
+  end
+
+  chain :for do |cidr|
+    @cidr = cidr
+  end
+
+  chain :target do |cidr|
+    @cidr = cidr
+  end
+end

data/lib/awspec/matcher/belong_to_db_subnet_group.rb

@@ -0,0 +1,5 @@
+RSpec::Matchers.define :belong_to_db_subnet_group do |db_subnet_group_name|
+  match do |resource|
+    return true if resource.instance[:db_subnet_group][:db_subnet_group_name] == db_subnet_group_name
+  end
+end

data/lib/awspec/matcher/belong_to_subnet.rb

@@ -0,0 +1,33 @@
+RSpec::Matchers.define :belong_to_subnet do |subnet_id|
+  match do |resource|
+    # EC2
+    if resource.instance_of?(Awspec::Type::Ec2)
+      return true if resource.subnet_id == subnet_id
+      ret = resource.client.describe_subnets({
+                                               filters: [{ name: 'tag:Name', values: [subnet_id] }]
+                                             })
+      return false unless ret
+      return ret[:subnets][0][:subnet_id] == resource.subnet_id
+    end
+
+    # RDS
+    if resource.instance_of?(Awspec::Type::Rds)
+      subnets = resource.instance[:db_subnet_group][:subnets]
+      ret = subnets.find do |subnet|
+        subnet[:subnet_identifier] == subnet_id
+      end
+
+      return ret[:subnet_availability_zone][:name] == resource.availability_zone if ret
+
+      res = resource.ec2_client.describe_subnets({
+                                                   filters: [{ name: 'tag:Name', values: [subnet_id] }]
+                                                 })
+      return false unless res
+      ret = subnets.find do |subnet|
+        subnet[:subnet_identifier] == res[:subnets][0][:subnet_id]
+      end
+
+      return ret[:subnet_availability_zone][:name] == resource.availability_zone if ret
+    end
+  end
+end

data/lib/awspec/matcher/belong_to_vpc.rb

@@ -0,0 +1,8 @@
+RSpec::Matchers.define :belong_to_vpc do |vpc_id|
+  match do |resource|
+    return true if resource.vpc_id == vpc_id
+    ret = resource.find_vpc(vpc_id)
+    return false unless ret
+    ret[:vpc_id] == resource.vpc_id
+  end
+end

data/lib/awspec/setup.rb

@@ -0,0 +1,75 @@
+require 'fileutils'
+
+module Awspec
+  class Setup
+    def self.run
+      generate_spec_helper
+      generate_rakefile
+      generate_dotgitignore
+    end
+
+    def self.generate_spec_helper
+      content = <<-'EOF'
+require 'awspec'
+if File.exist?('secrets.yml')
+  creds = YAML.load_file('secrets.yml')
+  Aws.config.update({
+                      region: creds['region'],
+                      credentials: Aws::Credentials.new(
+                        creds['aws_access_key_id'],
+                        creds['aws_secret_access_key'])
+                    })
+end
+EOF
+      dir = 'spec'
+      if File.exist? dir
+        unless File.directory? dir
+          $stderr.puts '!! #{dir} already exists and is not a directory'
+        end
+      else
+        FileUtils.mkdir dir
+        puts ' + #{dir}/'
+      end
+
+      if File.exist? 'spec/spec_helper.rb'
+        $stderr.puts '!! spec/spec_helper.rb already exists'
+      else
+        File.open('spec/spec_helper.rb', 'w') do |f|
+          f.puts content
+        end
+        puts ' + spec/spec_helper.rb'
+      end
+    end
+
+    def self.generate_rakefile
+      content = <<-'EOF'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new('spec')
+task :default => :spec
+EOF
+
+      if File.exist? 'Rakefile'
+        $stderr.puts '!! Rakefile already exists'
+      else
+        File.open('Rakefile', 'w') do |f|
+          f.puts content
+        end
+        puts ' + Rakefile'
+      end
+    end
+
+    def self.generate_dotgitignore
+      content = <<-'EOF'
+secrets.yml
+EOF
+      if File.exist? 'spec/.gitignore'
+        $stderr.puts '!! spec/.gitignore already exists'
+      else
+        File.open('spec/.gitignore', 'w') do |f|
+          f.puts content
+        end
+        puts ' + spec/.gitignore'
+      end
+    end
+  end
+end

data/lib/awspec/type/base.rb

@@ -0,0 +1,63 @@
+require 'aws-sdk'
+
+module Awspec::Type
+  class Base
+    attr_reader :id, :ec2_client
+
+    def initialize(id = nil)
+      @tmp = id
+      @ec2_client = Aws::EC2::Client.new
+    end
+
+    def find_vpc(id)
+      res = @ec2_client.describe_vpcs({
+                                        filters: [{ name: 'vpc-id', values: [id] }]
+                                      })
+      return res[:vpcs][0] if res[:vpcs].count == 1
+      res = @ec2_client.describe_vpcs({
+                                        filters: [{ name: 'tag:Name', values: [id] }]
+                                      })
+      return res[:vpcs][0] if res[:vpcs].count == 1
+    end
+
+    def find_route_table(id)
+      res = @ec2_client.describe_route_tables({
+                                                filters: [{ name: 'route-table-id', values: [id] }]
+                                              })
+      return res[:route_tables][0] if res[:route_tables].count == 1
+      res = @ec2_client.describe_route_tables({
+                                                filters: [{ name: 'tag:Name', values: [id] }]
+                                              })
+      return res[:route_tables][0] if res[:route_tables].count == 1
+    end
+
+    def find_network_acl(id)
+      res = @ec2_client.describe_network_acls({
+                                                filters: [{ name: 'network-acl-id', values: [id] }]
+                                              })
+      return res[:network_acls][0] if res[:network_acls].count == 1
+      res = @ec2_client.describe_network_acls({
+                                                filters: [{ name: 'tag:Name', values: [id] }]
+                                              })
+      return res[:network_acls][0] if res[:network_acls].count == 1
+    end
+
+    def find_security_group(id)
+      res = @ec2_client.describe_security_groups({
+                                                   filters: [{ name: 'group-id', values: [id] }]
+                                                 })
+
+      return res[:security_groups][0] if res[:security_groups].count == 1
+      res = @ec2_client.describe_security_groups({
+                                                   filters: [{ name: 'group-name', values: [id] }]
+                                                 })
+
+      return res[:security_groups][0] if res[:security_groups].count == 1
+      res = @ec2_client.describe_security_groups({
+                                                   filters: [{ name: 'tag:Name', values: [id] }]
+                                                 })
+
+      return res[:security_groups][0] if res[:security_groups].count == 1
+    end
+  end
+end

data/lib/awspec/type/ec2.rb

@@ -0,0 +1,90 @@
+module Awspec::Type
+  class Ec2 < Base
+    attr_reader :client, :instance
+
+    def initialize(id)
+      super
+      @client = @ec2_client
+      if id.is_a?(Array)
+        # Aws::EC2::Client.describe_instances native filters format
+        res = @client.describe_instances({
+                                           filters: id
+                                         })
+      elsif id.is_a?(Hash)
+        # syntax sugar
+        filters = []
+        id.each do |k, v|
+          filters.push({ name: k, values: Array(v) })
+        end
+        res = @client.describe_instances({
+                                           filters: filters
+                                         })
+      else
+        # instance_id or tag:Name
+        begin
+          res = @client.describe_instances({
+                                             instance_ids: [id]
+                                           })
+        rescue
+          # Aws::EC2::Errors::InvalidInstanceIDMalformed
+          # Aws::EC2::Errors::InvalidInstanceIDNotFound
+          res = @client.describe_instances({
+                                             filters: [{ name: 'tag:Name', values: [id] }]
+                                           })
+        end
+      end
+      @id = res[:reservations][0][:instances][0][:instance_id]
+      @instance = res[:reservations][0][:instances][0]
+    end
+
+    states = %w(
+      pending running shutting-down
+      terminated stopping stopped
+    )
+
+    states.each do |state|
+      define_method state + '?' do
+        @instance[:state][:name] == state
+      end
+    end
+
+    describes = %w(
+      instance_id image_id state private_dns_name public_dns_name
+      state_transition_reason key_name ami_launch_index product_codes
+      instance_type launch_time placement kernel_id ramdisk_id platform
+      monitoring subnet_id vpc_id private_ip_address public_ip_address
+      state_reason architecture root_device_type root_device_name
+      block_device_mappings virtualization_type instance_lifecycle
+      spot_instance_request_id client_token tags security_groups
+      source_dest_check hypervisor network_interfaces
+      iam_instance_profile ebs_optimized sriov_net_support
+    )
+
+    describes.each do |describe|
+      define_method describe do
+        @instance[describe]
+      end
+    end
+
+    def has_eip?(ip_address = nil)
+      option = {
+        filters: [{ name: 'instance-id', values: [@id] }]
+      }
+      option[:public_ips] = [ip_address] if ip_address
+      ret = @client.describe_addresses(option)
+      ret[:addresses].count == 1
+    end
+
+    def has_security_group?(sg_id)
+      sgs = @instance[:security_groups]
+      ret = sgs.find do |sg|
+        sg[:group_id] == sg_id || sg[:group_name] == sg_id
+      end
+      return true if ret
+      sg2 = find_security_group(sg_id)
+      sg2[:tags].find do |tag|
+        tag[:key] == 'Name' && tag[:value] == sg_id
+      end
+    end
+  end
+end

data/lib/awspec/type/rds.rb

@@ -0,0 +1,115 @@
+module Awspec::Type
+  class Rds < Base
+    attr_reader :client, :instance
+
+    def initialize(id)
+      super
+      @client = Aws::RDS::Client.new
+      # db_instance_identifier
+      res = @client.describe_db_instances({
+                                            db_instance_identifier: id
+                                          })
+      @id = res[:db_instances][0][:db_instance_identifier]
+      @instance = res[:db_instances][0]
+    end
+
+    states = %w(
+      available backing-up creating deleting
+      failed inaccessible-encryption-credentials
+      incompatible-credentials incompatible-network
+      incompatible-option-group incompatible-parameters
+      incompatible-restore maintenance
+      modifying rebooting renaming resetting-master-credentials
+      restore-error storage-full upgrading
+    )
+
+    states.each do |state|
+      define_method state + '?' do
+        @instance[:db_instance_status] == state
+      end
+    end
+
+    describes = %w(
+      db_instance_identifier db_instance_class engine db_instance_status
+      master_username db_name endpoint allocated_storage instance_create_time
+      preferred_backup_window backup_retention_period db_security_groups
+      vpc_security_groups db_parameter_groups availability_zone
+      db_subnet_group preferred_maintenance_window pending_modified_values
+      latest_restorable_time multi_az engine_version auto_minor_version_upgrade
+      read_replica_source_db_instance_identifier
+      read_replica_db_instance_identifiers license_model iops
+      option_group_memberships character_set_name secondary_availability_zone
+      publicly_accessible status_infos storage_type tde_credential_arn
+      storage_encrypted kms_key_id dbi_resource_id ca_certificate_identifier
+    )
+
+    describes.each do |describe|
+      define_method describe do
+        @instance[describe]
+      end
+    end
+
+    def vpc_id
+      @instance[:db_subnet_group][:vpc_id]
+    end
+
+    def has_security_group?(sg_id)
+      return true if has_vpc_security_group_id?(sg_id)
+      return true if has_vpc_security_group_name?(sg_id)
+      return true if has_vpc_security_group_tag_name?(sg_id)
+      return true if has_db_security_group_name?(sg_id)
+    end
+
+    def has_db_parameter_group?(name)
+      pgs = @instance[:db_parameter_groups]
+      pgs.find do |pg|
+        pg[:db_parameter_group_name] == name
+      end
+    end
+
+    def has_option_group?(name)
+      ogs = @instance[:option_group_memberships]
+      ogs.find do |og|
+        og[:option_group_name] == name
+      end
+    end
+
+    private
+
+    def has_vpc_security_group_id?(sg_id)
+      sgs = @instance[:vpc_security_groups]
+      sgs.find do |sg|
+        sg[:vpc_security_group_id] == sg_id
+      end
+    end
+
+    def has_vpc_security_group_name?(sg_id)
+      sgs = @instance[:vpc_security_groups]
+      res = @ec2_client.describe_security_groups({
+                                                   filters: [{ name: 'group-name', values: [sg_id] }]
+                                                 })
+      return false unless res[:security_groups].count == 1
+      sgs.find do |sg|
+        sg[:vpc_security_group_id] == res[:security_groups][0][:group_id]
+      end
+    end
+
+    def has_vpc_security_group_tag_name?(sg_id)
+      sgs = @instance[:vpc_security_groups]
+      res = @ec2_client.describe_security_groups({
+                                                   filters: [{ name: 'tag:Name', values: [sg_id] }]
+                                                 })
+      return false unless res[:security_groups].count == 1
+      sgs.find do |sg|
+        sg[:vpc_security_group_id] == res[:security_groups][0][:group_id]
+      end
+    end
+
+    def has_db_security_group_name?(sg_id)
+      sgs = @instance[:db_security_groups]
+      sgs.find do |sg|
+        sg[:db_security_group_name] == sg_id
+      end
+    end
+  end
+end

data/lib/awspec/type/security_group.rb

@@ -0,0 +1,90 @@
+module Awspec::Type
+  class SecurityGroup < Base
+    attr_reader :client, :sg, :inbound
+
+    def initialize(id)
+      super
+      @client = @ec2_client
+      @inbound = true
+      @sg = find_security_group(id)
+      @id = @sg[:group_id]
+    end
+
+    describes = %w(
+      owner_id group_name group_id description
+      ip_permissions ip_permissions_egress vpc_id tags
+    )
+
+    describes.each do |describe|
+      define_method describe do
+        @sg[describe]
+      end
+    end
+
+    def opened?(port = nil, protocol = nil, cidr = nil)
+      if @inbound
+        return inbound_opened?(port, protocol, cidr)
+      else
+        return outbound_opened?(port, protocol, cidr)
+      end
+    end
+
+    def inbound_opened?(port = nil, protocol = nil, cidr = nil)
+      @sg[:ip_permissions].find do |permission|
+        next true unless port
+        next true unless permission[:from_port]
+        next true unless permission[:to_port]
+        next false unless port.between?(permission[:from_port], permission[:to_port])
+        next false if protocol && permission[:ip_protocol] != protocol
+        next true unless cidr
+        ret = permission[:ip_ranges].select do |ip_range|
+          ip_range[:cidr_ip] == cidr
+        end
+        next true if ret.count > 0
+        ret = permission[:user_id_group_pairs].select do |sg|
+          next true if sg[:group_id] == cidr
+          sg2 = find_security_group(sg[:group_id])
+          next true if sg2[:group_name] == cidr
+          sg2[:tags].find do |tag|
+            tag[:key] == 'Name' && tag[:value] == cidr
+          end
+        end
+        next true if ret.count > 0
+      end
+    end
+
+    def outbound_opened?(port = nil, protocol = nil, cidr = nil)
+      @sg[:ip_permissions_egress].find do |permission|
+        next true unless port
+        next true unless permission[:from_port]
+        next true unless permission[:to_port]
+        next false unless port.between?(permission[:from_port], permission[:to_port])
+        next false if protocol && permission[:ip_protocol] != protocol
+        next true unless cidr
+        ret = permission[:ip_ranges].select do |ip_range|
+          ip_range[:cidr_ip] == cidr
+        end
+        next true if ret.count > 0
+        ret = permission[:user_id_group_pairs].select do |sg|
+          next true if sg[:group_id] == cidr
+          sg2 = find_security_group(sg[:group_id])
+          next true if sg2[:group_name] == cidr
+          sg2[:tags].find do |tag|
+            tag[:key] == 'Name' && tag[:value] == cidr
+          end
+        end
+        next true if ret.count > 0
+      end
+    end
+
+    def inbound
+      @inbound = true
+      self
+    end
+
+    def outbound
+      @inbound = false
+      self
+    end
+  end
+end

data/lib/awspec/type/vpc.rb

@@ -0,0 +1,45 @@
+module Awspec::Type
+  class Vpc < Base
+    attr_reader :client, :vpc
+
+    def initialize(id)
+      super
+      @client = @ec2_client
+      @vpc = find_vpc(id)
+      @id = @vpc[:vpc_id]
+    end
+
+    states = %w(
+      available pending
+    )
+
+    states.each do |state|
+      define_method state + '?' do
+        @vpc[:state] == state
+      end
+    end
+
+    describes = %w(
+      vpc_id state cidr_block dhcp_options_id
+      tags instance_tenancy is_default
+    )
+
+    describes.each do |describe|
+      define_method describe do
+        @vpc[describe]
+      end
+    end
+
+    def has_route_table?(id)
+      route_table = find_route_table(id)
+      return false unless route_table
+      route_table[:vpc_id] == @id
+    end
+
+    def has_network_acl?(id)
+      n = find_network_acl(id)
+      return false unless n
+      n[:vpc_id] == @id
+    end
+  end
+end

data/lib/awspec/version.rb

@@ -0,0 +1,3 @@
+module Awspec
+  VERSION = '0.0.1'
+end

metadata

@@ -0,0 +1,169 @@
+--- !ruby/object:Gem::Specification
+name: awspec
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- k1LoW
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-07-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: RSpec tests for your AWS resources.
+email:
+- k1lowxb@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".editorconfig"
+- ".gitignore"
+- ".rubocop.yml"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- awspec.gemspec
+- bin/awspec
+- lib/awspec.rb
+- lib/awspec/cli.rb
+- lib/awspec/ext/string.rb
+- lib/awspec/helper.rb
+- lib/awspec/helper/type.rb
+- lib/awspec/matcher.rb
+- lib/awspec/matcher/be_opened.rb
+- lib/awspec/matcher/belong_to_db_subnet_group.rb
+- lib/awspec/matcher/belong_to_subnet.rb
+- lib/awspec/matcher/belong_to_vpc.rb
+- lib/awspec/setup.rb
+- lib/awspec/type/base.rb
+- lib/awspec/type/ec2.rb
+- lib/awspec/type/rds.rb
+- lib/awspec/type/security_group.rb
+- lib/awspec/type/vpc.rb
+- lib/awspec/version.rb
+homepage: https://github.com/k1LoW/awspec
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: RSpec tests for your AWS resources.
+test_files: []