awspec 0.52.0 → 0.52.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e7200f8b9dfcd54e2c4e161c6aac7c23ed79d6f9
4
- data.tar.gz: 36dfafa73f78ad8bfa6244e27bf276de62593438
3
+ metadata.gz: 4c48d93853e11be5e0bc9e18838d2cd08e6e07c1
4
+ data.tar.gz: 5085faefe0442b23f49ffea9c287701a5df5be4f
5
5
  SHA512:
6
- metadata.gz: 671c75bf952d6452f972de8ca020026f6a0e853aa245262202d807fec5c31da527a023e133283e5a8ab33d99fb1b631a8f927732aa87885aaf875d91e77150b0
7
- data.tar.gz: 8a060f32341647696ee2cdc5951fe91fbe841c4a426db22cbf335750ec60cdfaa0a58006670621041672ba5af03d050e808c94bb6450b7dbe4e3ad6c09714812
6
+ metadata.gz: 9bbcf4ba12cfff5d71a2d801b71e4c3ffacbf232fc6f1c941d3c3e2e9f93c43ae5dff355a4056da8aa6194bf9bf963052a89048607e692f2738dcdd4508fb687
7
+ data.tar.gz: 7201e4c92b917e545a53a09d3fa0e37e9043917c5ac3b2774ea4202a73d271fc01dd538a1b7b0f01708dfb02c123a0dd731778dfff21147d66539c104545e135
@@ -30,18 +30,20 @@ module Awspec::Generator
30
30
  permissions = { 'inbound' => sg.ip_permissions, 'outbound' => sg.ip_permissions_egress }
31
31
  %w(inbound outbound).each do |inout|
32
32
  permissions[inout].each do |permission|
33
- if permission.ip_protocol.to_i < 0 || permission.from_port.nil?
34
- linespecs.push('its(:' + inout + ') { should be_opened }')
35
- next
36
- end
37
-
38
- port = if permission.from_port == permission.to_port
33
+ port = if permission.from_port.nil?
34
+ nil
35
+ elsif permission.from_port == permission.to_port
39
36
  permission.from_port
40
37
  else
41
38
  "'" + permission.from_port.to_s + '-' + permission.to_port.to_s + "'"
42
39
  end
43
40
 
44
- protocol = permission.ip_protocol
41
+ protocol = if permission.ip_protocol.to_i < 0
42
+ 'all'
43
+ else
44
+ permission.ip_protocol
45
+ end
46
+
45
47
  permission.ip_ranges.each do |ip_range|
46
48
  target = ip_range.cidr_ip
47
49
  linespecs.push(ERB.new(security_group_spec_linetemplate, nil, '-').result(binding))
@@ -58,7 +60,7 @@ module Awspec::Generator
58
60
 
59
61
  def security_group_spec_linetemplate
60
62
  template = <<-'EOF'
61
- its(:<%= inout %>) { should be_opened(<%= port %>).protocol('<%= protocol %>').for('<%= target %>') }
63
+ its(:<%= inout %>) { should be_opened<%- unless port.nil? -%>(<%= port %>)<%- end -%>.protocol('<%= protocol %>').for('<%= target %>') }
62
64
  EOF
63
65
  template
64
66
  end
@@ -82,6 +82,22 @@ Aws.config[:ec2] = {
82
82
  }
83
83
  ],
84
84
  user_id_group_pairs: []
85
+ },
86
+ {
87
+ from_port: nil,
88
+ to_port: nil,
89
+ ip_protocol: '-1',
90
+ ip_ranges: [],
91
+ user_id_group_pairs: [
92
+ {
93
+ user_id: '1234567890',
94
+ group_name: nil,
95
+ group_id: 'sg-3a4b5cd6',
96
+ vpc_id: nil,
97
+ vpc_peering_connection_id: nil,
98
+ peering_status: nil
99
+ }
100
+ ]
85
101
  }
86
102
  ],
87
103
  ip_permissions_egress: [
@@ -22,33 +22,14 @@ module Awspec::Type
22
22
 
23
23
  def inbound_opened?(port = nil, protocol = nil, cidr = nil)
24
24
  @resource_via_client.ip_permissions.find do |permission|
25
- next true unless port
26
- next true unless permission.from_port
27
- next true unless permission.to_port
28
- next false unless port_between?(port, permission.from_port, permission.to_port)
29
- next false if protocol && permission.ip_protocol != protocol
30
- next true unless cidr
31
- ret = permission.ip_ranges.select do |ip_range|
32
- ip_range.cidr_ip == cidr
33
- end
34
- next true if ret.count > 0
35
- ret = permission.user_id_group_pairs.select do |sg|
36
- next true if sg.group_id == cidr
37
- sg2 = find_security_group(sg.group_id)
38
- next true if sg2.group_name == cidr
39
- sg2.tags.find do |tag|
40
- tag.key == 'Name' && tag.value == cidr
41
- end
42
- end
43
- next true if ret.count > 0
25
+ cidr_opened?(permission, cidr) && protocol_opened?(permission, protocol) && port_opened?(permission, port)
44
26
  end
45
27
  end
46
28
 
47
29
  def inbound_opened_only?(port = nil, protocol = nil, cidr = nil)
48
30
  permissions = @resource_via_client.ip_permissions.select do |permission|
49
- port_between?(port, permission.from_port, permission.to_port)
31
+ protocol_opened?(permission, protocol) && port_opened?(permission, port)
50
32
  end
51
- permissions = permissions.select { |permission| permission.ip_protocol == protocol }
52
33
  cidrs = []
53
34
  permissions.each do |permission|
54
35
  permission.ip_ranges.select { |ip_range| cidrs.push(ip_range.cidr_ip) }
@@ -58,33 +39,14 @@ module Awspec::Type
58
39
 
59
40
  def outbound_opened?(port = nil, protocol = nil, cidr = nil)
60
41
  @resource_via_client.ip_permissions_egress.find do |permission|
61
- next true unless port
62
- next true unless permission.from_port
63
- next true unless permission.to_port
64
- next false unless port_between?(port, permission.from_port, permission.to_port)
65
- next false if protocol && permission.ip_protocol != protocol
66
- next true unless cidr
67
- ret = permission.ip_ranges.select do |ip_range|
68
- ip_range.cidr_ip == cidr
69
- end
70
- next true if ret.count > 0
71
- ret = permission.user_id_group_pairs.select do |sg|
72
- next true if sg.group_id == cidr
73
- sg2 = find_security_group(sg.group_id)
74
- next true if sg2.group_name == cidr
75
- sg2.tags.find do |tag|
76
- tag.key == 'Name' && tag.value == cidr
77
- end
78
- end
79
- next true if ret.count > 0
42
+ cidr_opened?(permission, cidr) && protocol_opened?(permission, protocol) && port_opened?(permission, port)
80
43
  end
81
44
  end
82
45
 
83
46
  def outbound_opened_only?(port = nil, protocol = nil, cidr = nil)
84
47
  permissions = @resource_via_client.ip_permissions_egress.select do |permission|
85
- port_between?(port, permission.from_port, permission.to_port)
48
+ protocol_opened?(permission, protocol) && port_opened?(permission, port)
86
49
  end
87
- permissions = permissions.select { |permission| permission.ip_protocol == protocol }
88
50
  cidrs = []
89
51
  permissions.each do |permission|
90
52
  permission.ip_ranges.select { |ip_range| cidrs.push(ip_range.cidr_ip) }
@@ -126,6 +88,37 @@ module Awspec::Type
126
88
 
127
89
  private
128
90
 
91
+ def cidr_opened?(permission, cidr)
92
+ return true unless cidr
93
+ ret = permission.ip_ranges.select do |ip_range|
94
+ ip_range.cidr_ip == cidr
95
+ end
96
+ return true if ret.count > 0
97
+ ret = permission.user_id_group_pairs.select do |sg|
98
+ next true if sg.group_id == cidr
99
+ sg2 = find_security_group(sg.group_id)
100
+ next true if sg2.group_name == cidr
101
+ sg2.tags.find do |tag|
102
+ tag.key == 'Name' && tag.value == cidr
103
+ end
104
+ end
105
+ ret.count > 0
106
+ end
107
+
108
+ def protocol_opened?(permission, protocol)
109
+ return true unless protocol
110
+ return false if protocol == 'all' && permission.ip_protocol != '-1'
111
+ return true if permission.ip_protocol == '-1'
112
+ permission.ip_protocol == protocol
113
+ end
114
+
115
+ def port_opened?(permission, port)
116
+ return true unless port
117
+ return true unless permission.from_port
118
+ return true unless permission.to_port
119
+ port_between?(port, permission.from_port, permission.to_port)
120
+ end
121
+
129
122
  def port_between?(port, from_port, to_port)
130
123
  if port.is_a?(String) && port.include?('-')
131
124
  f, t = port.split('-')
@@ -1,3 +1,3 @@
1
1
  module Awspec
2
- VERSION = '0.52.0'
2
+ VERSION = '0.52.1'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: awspec
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.52.0
4
+ version: 0.52.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - k1LoW
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-08-25 00:00:00.000000000 Z
11
+ date: 2016-08-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec