awspec 0.20.0 → 0.20.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 909bee83f8e0ef005d5b759f4bcdb09f511fa538
-  data.tar.gz: e2f7486711f097f392d15ea5a3c5e8e76e9ac0fe
+  metadata.gz: 61c1f9349ff77a468315fe6f7666e45e4009467a
+  data.tar.gz: b4df26ffef56668555305cbc9b5eae41a92a0738
 SHA512:
-  metadata.gz: c5ee3970663f1fd780510981e655bdf03d5cccc8b1012075d44a3d6028586f4e8a912dbaa996090875e67bb6edf047ea7c64c71d1da41cb905805ab8c5e49a4a
-  data.tar.gz: fc09064d0a1efb4fff46c50e2e8c01342ab49fce8b9799783a372792a4dcad45617920ce0c7d4c4ad5056119d22ea62903be0fd95a07c791a1150357df9ed772
+  metadata.gz: 599b28d68053b6c8fc5432bacc5f11a65b205343874e2433c824f615ad43c1bfd9c71729c3dfad98ad4c3568498e242b5df5c42798aed9f61452a932ad3eb3a2
+  data.tar.gz: 6df2de8ba7d4d83652737b29b512a9e984fee23fbd8af0b93f6084b1307a9fef6daf4b592344ca292d3a9d3c6bf76e1f02845079a8024aee203c1c099d427e14

data/README.md

@@ -95,7 +95,7 @@ $ export AWS_PROFILE=mycreds; bundle exec rake spec
 - Route53
     - [x] Route53 Hosted Zone (`route53_hosted_zone`)
 - AutoScaling
-    - [x] Auto Scaling Group (`auto_scaling_group`)
+    - [x] AutoScaling Group (`autoscaling_group`)
 - [x] Subnet (`subnet`)
 - [x] RouteTable (`route_table`)
 - [x] EBS Volume (`ebs`)
@@ -112,13 +112,10 @@ $ export AWS_PROFILE=mycreds; bundle exec rake spec
     - [x] CloudWatch Alarm (`cloudwatch_alarm`)
 - SES
     - [x] SES Identity (`ses_identity`)
+- [x] NetworkAcl (`network_acl`)
 
 [Resource Types more infomation here](doc/resource_types.md)
 
-### Next..?
-
-- ...
-
 ## References
 
 awspec is inspired by Serverspec.

data/lib/awspec/command/generate.rb

@@ -7,7 +7,7 @@ module Awspec
     class_option :profile
 
     types = %w(
-      vpc ec2 rds security_group elb
+      vpc ec2 rds security_group elb network_acl
     )
 
     types.each do |type|
@@ -19,10 +19,6 @@ module Awspec
       end
     end
 
-    types_for_generate_all = %w(
-      iam_policy cloudwatch_alarm
-    )
-
     desc 'route53_hosted_zone [example.com.]', 'Generate route53_hosted_zone spec from Domain name'
     def route53_hosted_zone(hosted_zone)
       Awspec::Helper::CredentialsLoader.load(options[:profile])

data/lib/awspec/generator.rb

@@ -9,6 +9,7 @@ require 'awspec/generator/spec/route53_hosted_zone'
 require 'awspec/generator/spec/elb'
 require 'awspec/generator/spec/iam_policy'
 require 'awspec/generator/spec/cloudwatch_alarm'
+require 'awspec/generator/spec/network_acl'
 
 # Doc
 require 'awspec/generator/doc/type'

data/lib/awspec/generator/spec/network_acl.rb

@@ -0,0 +1,96 @@
+module Awspec::Generator
+  module Spec
+    class NetworkAcl
+      include Awspec::Helper::Finder
+      def generate_by_vpc_id(vpc_id)
+        describes = %w(
+        )
+        vpc = find_vpc(vpc_id)
+        fail 'Not Found VPC' unless vpc
+        @vpc_id = vpc[:vpc_id]
+        @vpc_tag_name = vpc.tag_name
+        network_acls = select_network_acl_by_vpc_id(@vpc_id)
+        specs = network_acls.map do |acl|
+          linespecs = generate_linespecs(acl)
+          subnet_specs = generate_subnet_specs(acl)
+          network_acl_id = acl[:network_acl_id]
+          network_acl_tag_name = acl.tag_name
+          inbound_entries_count = acl.entries.count do |entry|
+            entry.egress == false
+          end
+          outbound_entries_count = acl.entries.count do |entry|
+            entry.egress == true
+          end
+          content = ERB.new(network_acl_spec_template, nil, '-').result(binding).gsub(/^\n/, '')
+        end
+        specs.join("\n")
+      end
+
+      def generate_subnet_specs(acl)
+        specs = []
+        acl.associations.each do |a|
+          subnet = find_subnet(a.subnet_id)
+          if subnet.tag_name
+            spec = "it { should have_subnet('" + subnet.tag_name + "') }"
+          else
+            spec = "it { should have_subnet('" + subnet.subnet_id + "') }"
+          end
+          specs.push(spec)
+        end
+        specs
+      end
+
+      def generate_linespecs(acl)
+        linespecs = []
+        protocols = Awspec::Type::NetworkAcl::PROTOCOLS.invert
+        acl.entries.each do |entry|
+          line = ''
+          inout = 'inbound'
+          inout = 'outbound' if entry.egress
+          line += 'its(:' + inout + ') { should'
+          actions = { allow: 'be_allowed', deny: 'be_denied' }
+          line += ' ' + actions[entry.rule_action.to_sym]
+          port_range = entry.port_range
+          unless port_range.nil?
+            if port_range.from == port_range.to
+              port = port_range.from.to_s
+            else
+              port = "'" + port_range.from.to_s + '-' + port_range.to.to_s + "'"
+            end
+            line += '(' + port + ')'
+          end
+          line += ".protocol('" + protocols[entry.protocol.to_i] + "')"
+          line += ".source('" + entry.cidr_block + "')"
+          rule_number = entry.rule_number.to_i
+          rule_number = "'*'" if rule_number == 32_767
+          line += '.rule_number(' + rule_number.to_s + ')'
+          line += ' }'
+          linespecs.push(line)
+        end
+        linespecs
+      end
+
+      def network_acl_spec_template
+        template = <<-'EOF'
+<%- if network_acl_tag_name -%>
+describe network_acl('<%= network_acl_tag_name %>') do
+<%- else -%>
+describe network_acl('<%= network_acl_id %>') do
+<%- end -%>
+  it { should exist }
+  it { should belong_to_vpc('<%= @vpc_tag_name %>') }
+<% subnet_specs.each do |spec| %>
+  <%= spec %>
+<% end %>
+<% linespecs.each do |line| %>
+  <%= line %>
+<% end %>
+  its(:inbound_entries_count) { should eq <%= inbound_entries_count %> }
+  its(:outbound_entries_count) { should eq <%= inbound_entries_count %> }
+end
+EOF
+        template
+      end
+    end
+  end
+end

data/lib/awspec/type/network_acl.rb

@@ -47,6 +47,24 @@ module Awspec::Type
       end
     end
 
+    # rubocop:disable Metrics/LineLength
+    PROTOCOLS = { 'ALL' => -1, 'HOPOPT' => 0, 'ICMP' => 1, 'IGMP' => 2, 'GGP' => 3, 'IPv4' => 4, 'ST' => 5, 'TCP' => 6, 'CBT' => 7, 'EGP' => 8, 'IGP' => 9, 'BBN-RCC-MON' => 10,
+                  'NVP-II' => 11, 'PUP' => 12, 'ARGUS' => 13, 'EMCON' => 14, 'XNET' => 15, 'CHAOS' => 16, 'UDP' => 17, 'MUX' => 18, 'DCN-MEAS' => 19, 'HMP' => 20,
+                  'PRM' => 21, 'XNS-IDP' => 22, 'TRUNK-1' => 23, 'TRUNK-2' => 24, 'LEAF-1' => 25, 'LEAF-2' => 26, 'RDP' => 27, 'IRTP' => 28, 'ISO-TP4' => 29, 'NETBLT' => 30,
+                  'MFE-NSP' => 31, 'MERIT-INP' => 32, 'DCCP' => 33, '3PC' => 34, 'IDPR' => 35, 'XTP' => 36, 'DDP' => 37, 'IDPR-CMTP' => 38, 'TP++' => 39, 'IL' => 40,
+                  'IPv6' => 41, 'SDRP' => 42, 'IPv6-Route' => 43, 'IPv6-Frag' => 44, 'IDRP' => 45, 'RSVP' => 46, 'GRE' => 47, 'DSR' => 48, 'BNA' => 49, 'ESP' => 50,
+                  'AH' => 51, 'I-NLSP' => 52, 'SWIPE' => 53, 'NARP' => 54, 'MOBILE' => 55, 'TLSP' => 56, 'IPv6-ICMP' => 58, 'IPv6-NoNxt' => 59, 'IPv6-Opts' => 60,
+                  '61' => 61, 'CFTP' => 62, '63' => 63, 'SAT-EXPAK' => 64, 'KRYPTOLAN' => 65, 'RVD' => 66, 'IPPC' => 67, '68' => 68, 'SAT-MON' => 69, 'VISA' => 70,
+                  'IPCV' => 71, 'CPNX' => 72, 'CPHB' => 73, 'WSN' => 74, 'PVP' => 75, 'BR-SAT-MON' => 76, 'SUN-ND' => 77, 'WB-MON' => 78, 'WB-EXPAK' => 79, 'ISO-IP' => 80,
+                  'VMTP' => 81, 'SECURE-VMTP' => 82, 'VINES' => 83, 'IPTM' => 84, 'TTP' => 84, 'NSFNET-IGP' => 85, 'DGP' => 86, 'TCF' => 87, 'EIGRP' => 88, 'OSPFIGP' => 89, 'Sprite-RPC' => 90,
+                  'LARP' => 91, 'MTP' => 92, 'AX.25' => 93, 'IPIP' => 94, 'MICP' => 95, 'SCC-SP' => 96, 'ETHERIP' => 97, 'ENCAP' => 98, '99' => 99, 'GMTP' => 100,
+                  'IFMP' => 101, 'PNNI' => 102, 'PIM' => 103, 'ARIS' => 104, 'SCPS' => 105, 'QNX' => 106, 'A/N' => 107, 'IPComp' => 108, 'SNP' => 109, 'Compaq-Peer' => 110,
+                  'IPX-in-IP' => 111, 'VRRP' => 112, 'PGM' => 113, '114' => 114, 'L2TP' => 115, 'DDX' => 116, 'IATP' => 117, 'STP' => 118, 'SRP' => 119, 'UTI' => 120,
+                  'SMP' => 121, 'SM' => 122, 'PTP' => 123, 'ISIS over IPv4' => 124, 'FIRE' => 125, 'CRTP' => 126, 'CRUDP' => 127, 'SSCOPMCE' => 128, 'IPLT' => 129, 'SPS' => 130,
+                  'PIPE' => 131, 'SCTP' => 132, 'FC' => 133, 'RSVP-E2E-IGNORE' => 134, 'Mobility Header' => 135, 'UDPLite' => 136, 'MPLS-in-IP' => 137, 'manet' => 138, 'HIP' => 139, 'Shim6' => 140,
+                  'WESP' => 141, 'ROHC' => 142, '253' => 253, '254' => 254 }
+    # rubocop:enable Metrics/LineLength
+
     private
 
     def entry?(rule_action, port = nil, protocol = nil, cidr = nil, rule_number = nil)
@@ -71,24 +89,6 @@ module Awspec::Type
       end
     end
 
-    # rubocop:disable Metrics/LineLength
-    PROTOCOLS = { 'ALL' => -1, 'HOPOPT' => 0, 'ICMP' => 1, 'IGMP' => 2, 'GGP' => 3, 'IPv4' => 4, 'ST' => 5, 'TCP' => 6, 'CBT' => 7, 'EGP' => 8, 'IGP' => 9, 'BBN-RCC-MON' => 10,
-                  'NVP-II' => 11, 'PUP' => 12, 'ARGUS' => 13, 'EMCON' => 14, 'XNET' => 15, 'CHAOS' => 16, 'UDP' => 17, 'MUX' => 18, 'DCN-MEAS' => 19, 'HMP' => 20,
-                  'PRM' => 21, 'XNS-IDP' => 22, 'TRUNK-1' => 23, 'TRUNK-2' => 24, 'LEAF-1' => 25, 'LEAF-2' => 26, 'RDP' => 27, 'IRTP' => 28, 'ISO-TP4' => 29, 'NETBLT' => 30,
-                  'MFE-NSP' => 31, 'MERIT-INP' => 32, 'DCCP' => 33, '3PC' => 34, 'IDPR' => 35, 'XTP' => 36, 'DDP' => 37, 'IDPR-CMTP' => 38, 'TP++' => 39, 'IL' => 40,
-                  'IPv6' => 41, 'SDRP' => 42, 'IPv6-Route' => 43, 'IPv6-Frag' => 44, 'IDRP' => 45, 'RSVP' => 46, 'GRE' => 47, 'DSR' => 48, 'BNA' => 49, 'ESP' => 50,
-                  'AH' => 51, 'I-NLSP' => 52, 'SWIPE' => 53, 'NARP' => 54, 'MOBILE' => 55, 'TLSP' => 56, 'IPv6-ICMP' => 58, 'IPv6-NoNxt' => 59, 'IPv6-Opts' => 60,
-                  '61' => 61, 'CFTP' => 62, '63' => 63, 'SAT-EXPAK' => 64, 'KRYPTOLAN' => 65, 'RVD' => 66, 'IPPC' => 67, '68' => 68, 'SAT-MON' => 69, 'VISA' => 70,
-                  'IPCV' => 71, 'CPNX' => 72, 'CPHB' => 73, 'WSN' => 74, 'PVP' => 75, 'BR-SAT-MON' => 76, 'SUN-ND' => 77, 'WB-MON' => 78, 'WB-EXPAK' => 79, 'ISO-IP' => 80,
-                  'VMTP' => 81, 'SECURE-VMTP' => 82, 'VINES' => 83, 'IPTM' => 84, 'TTP' => 84, 'NSFNET-IGP' => 85, 'DGP' => 86, 'TCF' => 87, 'EIGRP' => 88, 'OSPFIGP' => 89, 'Sprite-RPC' => 90,
-                  'LARP' => 91, 'MTP' => 92, 'AX.25' => 93, 'IPIP' => 94, 'MICP' => 95, 'SCC-SP' => 96, 'ETHERIP' => 97, 'ENCAP' => 98, '99' => 99, 'GMTP' => 100,
-                  'IFMP' => 101, 'PNNI' => 102, 'PIM' => 103, 'ARIS' => 104, 'SCPS' => 105, 'QNX' => 106, 'A/N' => 107, 'IPComp' => 108, 'SNP' => 109, 'Compaq-Peer' => 110,
-                  'IPX-in-IP' => 111, 'VRRP' => 112, 'PGM' => 113, '114' => 114, 'L2TP' => 115, 'DDX' => 116, 'IATP' => 117, 'STP' => 118, 'SRP' => 119, 'UTI' => 120,
-                  'SMP' => 121, 'SM' => 122, 'PTP' => 123, 'ISIS over IPv4' => 124, 'FIRE' => 125, 'CRTP' => 126, 'CRUDP' => 127, 'SSCOPMCE' => 128, 'IPLT' => 129, 'SPS' => 130,
-                  'PIPE' => 131, 'SCTP' => 132, 'FC' => 133, 'RSVP-E2E-IGNORE' => 134, 'Mobility Header' => 135, 'UDPLite' => 136, 'MPLS-in-IP' => 137, 'manet' => 138, 'HIP' => 139, 'Shim6' => 140,
-                  'WESP' => 141, 'ROHC' => 142, '253' => 253, '254' => 254 }
-    # rubocop:enable Metrics/LineLength
-
     def protocol_match?(a, b)
       if a.match(/\A\d+\z/) && a.to_i >= 0
         return false unless b.to_i == a.to_i

data/lib/awspec/version.rb

@@ -1,3 +1,3 @@
 module Awspec
-  VERSION = '0.20.0'
+  VERSION = '0.20.1'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: awspec
 version: !ruby/object:Gem::Version
-  version: 0.20.0
+  version: 0.20.1
 platform: ruby
 authors:
 - k1LoW
@@ -216,6 +216,7 @@ files:
 - lib/awspec/generator/spec/ec2.rb
 - lib/awspec/generator/spec/elb.rb
 - lib/awspec/generator/spec/iam_policy.rb
+- lib/awspec/generator/spec/network_acl.rb
 - lib/awspec/generator/spec/rds.rb
 - lib/awspec/generator/spec/route53_hosted_zone.rb
 - lib/awspec/generator/spec/security_group.rb