awspec 0.52.0 → 0.52.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/awspec/generator/spec/security_group.rb +10 -8
- data/lib/awspec/stub/security_group.rb +16 -0
- data/lib/awspec/type/security_group.rb +35 -42
- data/lib/awspec/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4c48d93853e11be5e0bc9e18838d2cd08e6e07c1
|
|
4
|
+
data.tar.gz: 5085faefe0442b23f49ffea9c287701a5df5be4f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9bbcf4ba12cfff5d71a2d801b71e4c3ffacbf232fc6f1c941d3c3e2e9f93c43ae5dff355a4056da8aa6194bf9bf963052a89048607e692f2738dcdd4508fb687
|
|
7
|
+
data.tar.gz: 7201e4c92b917e545a53a09d3fa0e37e9043917c5ac3b2774ea4202a73d271fc01dd538a1b7b0f01708dfb02c123a0dd731778dfff21147d66539c104545e135
|
|
@@ -30,18 +30,20 @@ module Awspec::Generator
|
|
|
30
30
|
permissions = { 'inbound' => sg.ip_permissions, 'outbound' => sg.ip_permissions_egress }
|
|
31
31
|
%w(inbound outbound).each do |inout|
|
|
32
32
|
permissions[inout].each do |permission|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
port = if permission.from_port == permission.to_port
|
|
33
|
+
port = if permission.from_port.nil?
|
|
34
|
+
nil
|
|
35
|
+
elsif permission.from_port == permission.to_port
|
|
39
36
|
permission.from_port
|
|
40
37
|
else
|
|
41
38
|
"'" + permission.from_port.to_s + '-' + permission.to_port.to_s + "'"
|
|
42
39
|
end
|
|
43
40
|
|
|
44
|
-
protocol = permission.ip_protocol
|
|
41
|
+
protocol = if permission.ip_protocol.to_i < 0
|
|
42
|
+
'all'
|
|
43
|
+
else
|
|
44
|
+
permission.ip_protocol
|
|
45
|
+
end
|
|
46
|
+
|
|
45
47
|
permission.ip_ranges.each do |ip_range|
|
|
46
48
|
target = ip_range.cidr_ip
|
|
47
49
|
linespecs.push(ERB.new(security_group_spec_linetemplate, nil, '-').result(binding))
|
|
@@ -58,7 +60,7 @@ module Awspec::Generator
|
|
|
58
60
|
|
|
59
61
|
def security_group_spec_linetemplate
|
|
60
62
|
template = <<-'EOF'
|
|
61
|
-
its(:<%= inout %>) { should be_opened(<%= port %>)
|
|
63
|
+
its(:<%= inout %>) { should be_opened<%- unless port.nil? -%>(<%= port %>)<%- end -%>.protocol('<%= protocol %>').for('<%= target %>') }
|
|
62
64
|
EOF
|
|
63
65
|
template
|
|
64
66
|
end
|
|
@@ -82,6 +82,22 @@ Aws.config[:ec2] = {
|
|
|
82
82
|
}
|
|
83
83
|
],
|
|
84
84
|
user_id_group_pairs: []
|
|
85
|
+
},
|
|
86
|
+
{
|
|
87
|
+
from_port: nil,
|
|
88
|
+
to_port: nil,
|
|
89
|
+
ip_protocol: '-1',
|
|
90
|
+
ip_ranges: [],
|
|
91
|
+
user_id_group_pairs: [
|
|
92
|
+
{
|
|
93
|
+
user_id: '1234567890',
|
|
94
|
+
group_name: nil,
|
|
95
|
+
group_id: 'sg-3a4b5cd6',
|
|
96
|
+
vpc_id: nil,
|
|
97
|
+
vpc_peering_connection_id: nil,
|
|
98
|
+
peering_status: nil
|
|
99
|
+
}
|
|
100
|
+
]
|
|
85
101
|
}
|
|
86
102
|
],
|
|
87
103
|
ip_permissions_egress: [
|
|
@@ -22,33 +22,14 @@ module Awspec::Type
|
|
|
22
22
|
|
|
23
23
|
def inbound_opened?(port = nil, protocol = nil, cidr = nil)
|
|
24
24
|
@resource_via_client.ip_permissions.find do |permission|
|
|
25
|
-
|
|
26
|
-
next true unless permission.from_port
|
|
27
|
-
next true unless permission.to_port
|
|
28
|
-
next false unless port_between?(port, permission.from_port, permission.to_port)
|
|
29
|
-
next false if protocol && permission.ip_protocol != protocol
|
|
30
|
-
next true unless cidr
|
|
31
|
-
ret = permission.ip_ranges.select do |ip_range|
|
|
32
|
-
ip_range.cidr_ip == cidr
|
|
33
|
-
end
|
|
34
|
-
next true if ret.count > 0
|
|
35
|
-
ret = permission.user_id_group_pairs.select do |sg|
|
|
36
|
-
next true if sg.group_id == cidr
|
|
37
|
-
sg2 = find_security_group(sg.group_id)
|
|
38
|
-
next true if sg2.group_name == cidr
|
|
39
|
-
sg2.tags.find do |tag|
|
|
40
|
-
tag.key == 'Name' && tag.value == cidr
|
|
41
|
-
end
|
|
42
|
-
end
|
|
43
|
-
next true if ret.count > 0
|
|
25
|
+
cidr_opened?(permission, cidr) && protocol_opened?(permission, protocol) && port_opened?(permission, port)
|
|
44
26
|
end
|
|
45
27
|
end
|
|
46
28
|
|
|
47
29
|
def inbound_opened_only?(port = nil, protocol = nil, cidr = nil)
|
|
48
30
|
permissions = @resource_via_client.ip_permissions.select do |permission|
|
|
49
|
-
|
|
31
|
+
protocol_opened?(permission, protocol) && port_opened?(permission, port)
|
|
50
32
|
end
|
|
51
|
-
permissions = permissions.select { |permission| permission.ip_protocol == protocol }
|
|
52
33
|
cidrs = []
|
|
53
34
|
permissions.each do |permission|
|
|
54
35
|
permission.ip_ranges.select { |ip_range| cidrs.push(ip_range.cidr_ip) }
|
|
@@ -58,33 +39,14 @@ module Awspec::Type
|
|
|
58
39
|
|
|
59
40
|
def outbound_opened?(port = nil, protocol = nil, cidr = nil)
|
|
60
41
|
@resource_via_client.ip_permissions_egress.find do |permission|
|
|
61
|
-
|
|
62
|
-
next true unless permission.from_port
|
|
63
|
-
next true unless permission.to_port
|
|
64
|
-
next false unless port_between?(port, permission.from_port, permission.to_port)
|
|
65
|
-
next false if protocol && permission.ip_protocol != protocol
|
|
66
|
-
next true unless cidr
|
|
67
|
-
ret = permission.ip_ranges.select do |ip_range|
|
|
68
|
-
ip_range.cidr_ip == cidr
|
|
69
|
-
end
|
|
70
|
-
next true if ret.count > 0
|
|
71
|
-
ret = permission.user_id_group_pairs.select do |sg|
|
|
72
|
-
next true if sg.group_id == cidr
|
|
73
|
-
sg2 = find_security_group(sg.group_id)
|
|
74
|
-
next true if sg2.group_name == cidr
|
|
75
|
-
sg2.tags.find do |tag|
|
|
76
|
-
tag.key == 'Name' && tag.value == cidr
|
|
77
|
-
end
|
|
78
|
-
end
|
|
79
|
-
next true if ret.count > 0
|
|
42
|
+
cidr_opened?(permission, cidr) && protocol_opened?(permission, protocol) && port_opened?(permission, port)
|
|
80
43
|
end
|
|
81
44
|
end
|
|
82
45
|
|
|
83
46
|
def outbound_opened_only?(port = nil, protocol = nil, cidr = nil)
|
|
84
47
|
permissions = @resource_via_client.ip_permissions_egress.select do |permission|
|
|
85
|
-
|
|
48
|
+
protocol_opened?(permission, protocol) && port_opened?(permission, port)
|
|
86
49
|
end
|
|
87
|
-
permissions = permissions.select { |permission| permission.ip_protocol == protocol }
|
|
88
50
|
cidrs = []
|
|
89
51
|
permissions.each do |permission|
|
|
90
52
|
permission.ip_ranges.select { |ip_range| cidrs.push(ip_range.cidr_ip) }
|
|
@@ -126,6 +88,37 @@ module Awspec::Type
|
|
|
126
88
|
|
|
127
89
|
private
|
|
128
90
|
|
|
91
|
+
def cidr_opened?(permission, cidr)
|
|
92
|
+
return true unless cidr
|
|
93
|
+
ret = permission.ip_ranges.select do |ip_range|
|
|
94
|
+
ip_range.cidr_ip == cidr
|
|
95
|
+
end
|
|
96
|
+
return true if ret.count > 0
|
|
97
|
+
ret = permission.user_id_group_pairs.select do |sg|
|
|
98
|
+
next true if sg.group_id == cidr
|
|
99
|
+
sg2 = find_security_group(sg.group_id)
|
|
100
|
+
next true if sg2.group_name == cidr
|
|
101
|
+
sg2.tags.find do |tag|
|
|
102
|
+
tag.key == 'Name' && tag.value == cidr
|
|
103
|
+
end
|
|
104
|
+
end
|
|
105
|
+
ret.count > 0
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
def protocol_opened?(permission, protocol)
|
|
109
|
+
return true unless protocol
|
|
110
|
+
return false if protocol == 'all' && permission.ip_protocol != '-1'
|
|
111
|
+
return true if permission.ip_protocol == '-1'
|
|
112
|
+
permission.ip_protocol == protocol
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
def port_opened?(permission, port)
|
|
116
|
+
return true unless port
|
|
117
|
+
return true unless permission.from_port
|
|
118
|
+
return true unless permission.to_port
|
|
119
|
+
port_between?(port, permission.from_port, permission.to_port)
|
|
120
|
+
end
|
|
121
|
+
|
|
129
122
|
def port_between?(port, from_port, to_port)
|
|
130
123
|
if port.is_a?(String) && port.include?('-')
|
|
131
124
|
f, t = port.split('-')
|
data/lib/awspec/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: awspec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.52.
|
|
4
|
+
version: 0.52.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- k1LoW
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-08-
|
|
11
|
+
date: 2016-08-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|