awspec 0.52.0 → 0.52.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/awspec/generator/spec/security_group.rb +10 -8
- data/lib/awspec/stub/security_group.rb +16 -0
- data/lib/awspec/type/security_group.rb +35 -42
- data/lib/awspec/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4c48d93853e11be5e0bc9e18838d2cd08e6e07c1
|
|
4
|
+
data.tar.gz: 5085faefe0442b23f49ffea9c287701a5df5be4f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9bbcf4ba12cfff5d71a2d801b71e4c3ffacbf232fc6f1c941d3c3e2e9f93c43ae5dff355a4056da8aa6194bf9bf963052a89048607e692f2738dcdd4508fb687
|
|
7
|
+
data.tar.gz: 7201e4c92b917e545a53a09d3fa0e37e9043917c5ac3b2774ea4202a73d271fc01dd538a1b7b0f01708dfb02c123a0dd731778dfff21147d66539c104545e135
|
|
@@ -30,18 +30,20 @@ module Awspec::Generator
|
|
|
30
30
|
permissions = { 'inbound' => sg.ip_permissions, 'outbound' => sg.ip_permissions_egress }
|
|
31
31
|
%w(inbound outbound).each do |inout|
|
|
32
32
|
permissions[inout].each do |permission|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
port = if permission.from_port == permission.to_port
|
|
33
|
+
port = if permission.from_port.nil?
|
|
34
|
+
nil
|
|
35
|
+
elsif permission.from_port == permission.to_port
|
|
39
36
|
permission.from_port
|
|
40
37
|
else
|
|
41
38
|
"'" + permission.from_port.to_s + '-' + permission.to_port.to_s + "'"
|
|
42
39
|
end
|
|
43
40
|
|
|
44
|
-
protocol = permission.ip_protocol
|
|
41
|
+
protocol = if permission.ip_protocol.to_i < 0
|
|
42
|
+
'all'
|
|
43
|
+
else
|
|
44
|
+
permission.ip_protocol
|
|
45
|
+
end
|
|
46
|
+
|
|
45
47
|
permission.ip_ranges.each do |ip_range|
|
|
46
48
|
target = ip_range.cidr_ip
|
|
47
49
|
linespecs.push(ERB.new(security_group_spec_linetemplate, nil, '-').result(binding))
|
|
@@ -58,7 +60,7 @@ module Awspec::Generator
|
|
|
58
60
|
|
|
59
61
|
def security_group_spec_linetemplate
|
|
60
62
|
template = <<-'EOF'
|
|
61
|
-
its(:<%= inout %>) { should be_opened(<%= port %>)
|
|
63
|
+
its(:<%= inout %>) { should be_opened<%- unless port.nil? -%>(<%= port %>)<%- end -%>.protocol('<%= protocol %>').for('<%= target %>') }
|
|
62
64
|
EOF
|
|
63
65
|
template
|
|
64
66
|
end
|
|
@@ -82,6 +82,22 @@ Aws.config[:ec2] = {
|
|
|
82
82
|
}
|
|
83
83
|
],
|
|
84
84
|
user_id_group_pairs: []
|
|
85
|
+
},
|
|
86
|
+
{
|
|
87
|
+
from_port: nil,
|
|
88
|
+
to_port: nil,
|
|
89
|
+
ip_protocol: '-1',
|
|
90
|
+
ip_ranges: [],
|
|
91
|
+
user_id_group_pairs: [
|
|
92
|
+
{
|
|
93
|
+
user_id: '1234567890',
|
|
94
|
+
group_name: nil,
|
|
95
|
+
group_id: 'sg-3a4b5cd6',
|
|
96
|
+
vpc_id: nil,
|
|
97
|
+
vpc_peering_connection_id: nil,
|
|
98
|
+
peering_status: nil
|
|
99
|
+
}
|
|
100
|
+
]
|
|
85
101
|
}
|
|
86
102
|
],
|
|
87
103
|
ip_permissions_egress: [
|
|
@@ -22,33 +22,14 @@ module Awspec::Type
|
|
|
22
22
|
|
|
23
23
|
def inbound_opened?(port = nil, protocol = nil, cidr = nil)
|
|
24
24
|
@resource_via_client.ip_permissions.find do |permission|
|
|
25
|
-
|
|
26
|
-
next true unless permission.from_port
|
|
27
|
-
next true unless permission.to_port
|
|
28
|
-
next false unless port_between?(port, permission.from_port, permission.to_port)
|
|
29
|
-
next false if protocol && permission.ip_protocol != protocol
|
|
30
|
-
next true unless cidr
|
|
31
|
-
ret = permission.ip_ranges.select do |ip_range|
|
|
32
|
-
ip_range.cidr_ip == cidr
|
|
33
|
-
end
|
|
34
|
-
next true if ret.count > 0
|
|
35
|
-
ret = permission.user_id_group_pairs.select do |sg|
|
|
36
|
-
next true if sg.group_id == cidr
|
|
37
|
-
sg2 = find_security_group(sg.group_id)
|
|
38
|
-
next true if sg2.group_name == cidr
|
|
39
|
-
sg2.tags.find do |tag|
|
|
40
|
-
tag.key == 'Name' && tag.value == cidr
|
|
41
|
-
end
|
|
42
|
-
end
|
|
43
|
-
next true if ret.count > 0
|
|
25
|
+
cidr_opened?(permission, cidr) && protocol_opened?(permission, protocol) && port_opened?(permission, port)
|
|
44
26
|
end
|
|
45
27
|
end
|
|
46
28
|
|
|
47
29
|
def inbound_opened_only?(port = nil, protocol = nil, cidr = nil)
|
|
48
30
|
permissions = @resource_via_client.ip_permissions.select do |permission|
|
|
49
|
-
|
|
31
|
+
protocol_opened?(permission, protocol) && port_opened?(permission, port)
|
|
50
32
|
end
|
|
51
|
-
permissions = permissions.select { |permission| permission.ip_protocol == protocol }
|
|
52
33
|
cidrs = []
|
|
53
34
|
permissions.each do |permission|
|
|
54
35
|
permission.ip_ranges.select { |ip_range| cidrs.push(ip_range.cidr_ip) }
|
|
@@ -58,33 +39,14 @@ module Awspec::Type
|
|
|
58
39
|
|
|
59
40
|
def outbound_opened?(port = nil, protocol = nil, cidr = nil)
|
|
60
41
|
@resource_via_client.ip_permissions_egress.find do |permission|
|
|
61
|
-
|
|
62
|
-
next true unless permission.from_port
|
|
63
|
-
next true unless permission.to_port
|
|
64
|
-
next false unless port_between?(port, permission.from_port, permission.to_port)
|
|
65
|
-
next false if protocol && permission.ip_protocol != protocol
|
|
66
|
-
next true unless cidr
|
|
67
|
-
ret = permission.ip_ranges.select do |ip_range|
|
|
68
|
-
ip_range.cidr_ip == cidr
|
|
69
|
-
end
|
|
70
|
-
next true if ret.count > 0
|
|
71
|
-
ret = permission.user_id_group_pairs.select do |sg|
|
|
72
|
-
next true if sg.group_id == cidr
|
|
73
|
-
sg2 = find_security_group(sg.group_id)
|
|
74
|
-
next true if sg2.group_name == cidr
|
|
75
|
-
sg2.tags.find do |tag|
|
|
76
|
-
tag.key == 'Name' && tag.value == cidr
|
|
77
|
-
end
|
|
78
|
-
end
|
|
79
|
-
next true if ret.count > 0
|
|
42
|
+
cidr_opened?(permission, cidr) && protocol_opened?(permission, protocol) && port_opened?(permission, port)
|
|
80
43
|
end
|
|
81
44
|
end
|
|
82
45
|
|
|
83
46
|
def outbound_opened_only?(port = nil, protocol = nil, cidr = nil)
|
|
84
47
|
permissions = @resource_via_client.ip_permissions_egress.select do |permission|
|
|
85
|
-
|
|
48
|
+
protocol_opened?(permission, protocol) && port_opened?(permission, port)
|
|
86
49
|
end
|
|
87
|
-
permissions = permissions.select { |permission| permission.ip_protocol == protocol }
|
|
88
50
|
cidrs = []
|
|
89
51
|
permissions.each do |permission|
|
|
90
52
|
permission.ip_ranges.select { |ip_range| cidrs.push(ip_range.cidr_ip) }
|
|
@@ -126,6 +88,37 @@ module Awspec::Type
|
|
|
126
88
|
|
|
127
89
|
private
|
|
128
90
|
|
|
91
|
+
def cidr_opened?(permission, cidr)
|
|
92
|
+
return true unless cidr
|
|
93
|
+
ret = permission.ip_ranges.select do |ip_range|
|
|
94
|
+
ip_range.cidr_ip == cidr
|
|
95
|
+
end
|
|
96
|
+
return true if ret.count > 0
|
|
97
|
+
ret = permission.user_id_group_pairs.select do |sg|
|
|
98
|
+
next true if sg.group_id == cidr
|
|
99
|
+
sg2 = find_security_group(sg.group_id)
|
|
100
|
+
next true if sg2.group_name == cidr
|
|
101
|
+
sg2.tags.find do |tag|
|
|
102
|
+
tag.key == 'Name' && tag.value == cidr
|
|
103
|
+
end
|
|
104
|
+
end
|
|
105
|
+
ret.count > 0
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
def protocol_opened?(permission, protocol)
|
|
109
|
+
return true unless protocol
|
|
110
|
+
return false if protocol == 'all' && permission.ip_protocol != '-1'
|
|
111
|
+
return true if permission.ip_protocol == '-1'
|
|
112
|
+
permission.ip_protocol == protocol
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
def port_opened?(permission, port)
|
|
116
|
+
return true unless port
|
|
117
|
+
return true unless permission.from_port
|
|
118
|
+
return true unless permission.to_port
|
|
119
|
+
port_between?(port, permission.from_port, permission.to_port)
|
|
120
|
+
end
|
|
121
|
+
|
|
129
122
|
def port_between?(port, from_port, to_port)
|
|
130
123
|
if port.is_a?(String) && port.include?('-')
|
|
131
124
|
f, t = port.split('-')
|
data/lib/awspec/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: awspec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.52.
|
|
4
|
+
version: 0.52.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- k1LoW
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-08-
|
|
11
|
+
date: 2016-08-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|