awspec 0.54.0 → 0.55.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2d2a41e2828f5a25b1300bcc300425153df818ef
-  data.tar.gz: d5228c0353fb70b41aa66ce0aa2a86a918ed008d
+  metadata.gz: c2786648f3e7a7e6b273f3d154686f6d247113f0
+  data.tar.gz: a65ca8501700768f0b39ec7a24c6de49b03749b2
 SHA512:
-  metadata.gz: 47f40131bb7292c146ab29716f988b3961cfad51d94c5ec5a6e5d3b32c279f21e7c2248cae73c02cdf23bb8efc1bca9ec0250d1adcb2d6721bb9b9bd62c8ab2a
-  data.tar.gz: a48177d7fde1e573422f781edba9395a7ca0635f3af490142f689b7f1b783f230e9287b9a5d378c6b1cbad8fc44327d66e941b909358e8b8f68c2fc02ab9f956
+  metadata.gz: 12665c4e7ae28e5e2bf4e1168ffdcd29d4f10c08e5b7c2de597f3f72eaa8ec71e44ed923b517998666ee330d93ad29366eecce818ac88ebad7fe824fe7b665bf
+  data.tar.gz: 5910721661c227d6ae285e738efafa734f5822701afdd8f385e917fa9c86d2d1fb69a44c5e31cb9673b06b33f17927eaa7a26d33b702e16656c35189cbedabd9

data/doc/_resource_types/waf_web_acl.md

@@ -0,0 +1,29 @@
+# exist
+
+```ruby
+describe waf_web_acl('my-waf-web-acl') do
+  it { should exist }
+  its(:default_action) { should eq 'BLOCK' }
+  it { should have_rule('my-waf-web-acl-allowed-ips') }
+  it { should have_rule('my-waf-web-acl-allowed-ips').order(2).action('BLOCK') }
+end
+```
+
+### have_rule
+
+```ruby
+describe waf_web_acl('my-waf-web-acl') do
+  it { should have_rule('my-waf-web-acl-allowed-ips') }
+  it { should have_rule('my-waf-web-acl-allowed-ips').order(2).action('BLOCK') }
+end
+```
+
+### its(:default_action), its(:web_acl_id), its(:name), its(:metric_name)
+
+```ruby
+describe waf_web_acl('my-waf-web-acl') do
+  its(:default_action) { should eq 'BLOCK' }
+end
+```
+
+

data/doc/resource_types.md

@@ -34,6 +34,7 @@
 | [vpc](#vpc)
 | [cloudfront_distribution](#cloudfront_distribution)
 | [elastictranscoder_pipeline](#elastictranscoder_pipeline)
+| [waf_web_acl](#waf_web_acl)
 
 ## <a name="ami">ami</a>
 
@@ -1852,3 +1853,22 @@ describe elastictranscoder_pipeline('my-elastictranscoder-pipeline') do
   it { should be_active }
 end
 ```
+
+
+## <a name="waf_web_acl">waf_web_acl</a>
+
+WafWebAcl resource type.
+
+### exist
+
+### have_rule
+
+```ruby
+describe waf_web_acl('my-waf-web-acl') do
+  it { should have_rule('my-waf-web-acl-allowed-ips') }
+  it { should have_rule('my-waf-web-acl-allowed-ips').order(2).action('BLOCK') }
+end
+```
+
+
+### its(:default_action), its(:web_acl_id), its(:name), its(:metric_name)

data/lib/awspec/generator/doc/type/waf_web_acl.rb

@@ -0,0 +1,17 @@
+module Awspec::Generator
+  module Doc
+    module Type
+      class WafWebAcl < Base
+        def initialize
+          super
+          @type_name = 'WafWebAcl'
+          @type = Awspec::Type::WafWebAcl.new('my-waf-web-acl')
+          @ret = @type.resource_via_client
+          @matchers = []
+          @ignore_matchers = []
+          @describes = %w(default_action)
+        end
+      end
+    end
+  end
+end

data/lib/awspec/helper/finder.rb

@@ -22,6 +22,7 @@ require 'awspec/helper/finder/ami'
 require 'awspec/helper/finder/cloudfront'
 require 'awspec/helper/finder/elastictranscoder'
 require 'awspec/helper/finder/cloudtrail'
+require 'awspec/helper/finder/waf'
 
 module Awspec::Helper
   module Finder
@@ -48,6 +49,7 @@ module Awspec::Helper
     include Awspec::Helper::Finder::Cloudfront
     include Awspec::Helper::Finder::Elastictranscoder
     include Awspec::Helper::Finder::Cloudtrail
+    include Awspec::Helper::Finder::Waf
 
     CLIENTS = {
       ec2_client: Aws::EC2::Client,
@@ -67,7 +69,8 @@ module Awspec::Helper
       cloudfront_client: Aws::CloudFront::Client,
       elastictranscoder_client: Aws::ElasticTranscoder::Client,
       elasticsearch_client: Aws::ElasticsearchService::Client,
-      cloudtrail_client: Aws::CloudTrail::Client
+      cloudtrail_client: Aws::CloudTrail::Client,
+      waf_client: Aws::WAF::Client
     }
 
     CLIENTS.each do |method_name, client|

data/lib/awspec/helper/finder/waf.rb

@@ -0,0 +1,53 @@
+module Awspec::Helper
+  module Finder
+    module Waf
+      def find_waf_web_acl(id)
+        finded = nil
+        next_marker = nil
+
+        loop do
+          res = waf_client.list_web_acls(next_marker: next_marker, limit: 100)
+          finded = res.web_acls.find do |acl|
+            acl.web_acl_id == id || acl.name == id
+          end
+          (finded.nil? && next_marker = res.next_marker) || break
+        end
+
+        return nil unless finded
+        waf_client.get_web_acl(web_acl_id: finded.web_acl_id).web_acl
+      end
+
+      def find_waf_rule(id)
+        finded = nil
+        next_marker = nil
+
+        loop do
+          res = waf_client.list_rules(next_marker: next_marker, limit: 1)
+          finded = res.rules.find do |rule|
+            rule.rule_id == id || rule.name == id
+          end
+          (finded.nil? && next_marker = res.next_marker) || break
+        end
+
+        return nil unless finded
+        waf_client.get_rule(rule_id: finded.rule_id).rule
+      end
+
+      def find_waf_ip_set(id)
+        finded = nil
+        next_marker = nil
+
+        loop do
+          res = waf_client.list_ip_sets(next_marker: next_marker, limit: 1)
+          finded = res.ip_sets.find do |set|
+            set.ip_set_id == id || set.name == id
+          end
+          (finded.nil? && next_marker = res.next_marker) || break
+        end
+
+        return nil unless finded
+        waf_client.get_ip_set(ip_set_id: finded.ip_set_id).ip_set
+      end
+    end
+  end
+end

data/lib/awspec/helper/type.rb

@@ -9,7 +9,7 @@ module Awspec
         iam_policy iam_role iam_user kms lambda launch_configuration nat_gateway
         network_acl network_interface rds rds_db_cluster_parameter_group rds_db_parameter_group route53_hosted_zone
         route_table s3_bucket security_group ses_identity subnet vpc cloudfront_distribution
-        elastictranscoder_pipeline
+        elastictranscoder_pipeline waf_web_acl
       )
 
       TYPES.each do |type|

data/lib/awspec/matcher.rb

@@ -43,3 +43,6 @@ require 'awspec/matcher/have_origin'
 
 # Kms
 require 'awspec/matcher/have_key_policy'
+
+# WafWebAcl
+require 'awspec/matcher/have_rule'

data/lib/awspec/matcher/have_rule.rb

@@ -0,0 +1,17 @@
+RSpec::Matchers.define :have_rule do |rule_id|
+  match do |web_acl|
+    web_acl.has_rule?(rule_id, @priority, @action)
+  end
+
+  chain :priority do |priority|
+    @priority = priority
+  end
+
+  chain :order do |priority|
+    @priority = priority
+  end
+
+  chain :action do |action|
+    @action = action
+  end
+end

data/lib/awspec/stub/waf_web_acl.rb

@@ -0,0 +1,62 @@
+Aws.config[:waf] = {
+  stub_responses: {
+    list_web_acls: {
+      next_marker: nil,
+      web_acls: [
+        {
+          web_acl_id: '1234567-abcd-1234-efgh-5678-1234567890',
+          name: 'my-waf-web-acl'
+        }
+      ]
+    },
+    get_web_acl: {
+      web_acl: {
+        web_acl_id: '1234567-abcd-1234-efgh-5678-1234567890',
+        name: 'my-waf-web-acl',
+        metric_name: 'mywafwebacl',
+        default_action: {
+          type: 'BLOCK'
+        },
+        rules: [
+          {
+            priority: 1,
+            rule_id: 'aaaaaaaa-0000-5555-3333-eeeeeeeeeeee',
+            action: {
+              type: 'ALLOW'
+            }
+          },
+          {
+            priority: 2,
+            rule_id: 'dddddddd-1111-2222-3333-eeeeeeeeeeee',
+            action: {
+              type: 'BLOCK'
+            }
+          }
+        ]
+      }
+    },
+    list_rules: {
+      next_marker: nil,
+      rules: [
+        {
+          rule_id: 'dddddddd-1111-2222-3333-eeeeeeeeeeee',
+          name: 'my-waf-web-acl-allowed-ips'
+        }
+      ]
+    },
+    get_rule: {
+      rule: {
+        rule_id: 'dddddddd-1111-2222-3333-eeeeeeeeeeee',
+        name: 'my-waf-web-acl-allowed-ips',
+        metric_name: 'mywafwebaclallowedips',
+        predicates: [
+          {
+            negated: false,
+            type: 'IPMatch',
+            data_id: '22aa22bb-3333-aaaa-8888-bbbbbbbbbbbb'
+          }
+        ]
+      }
+    }
+  }
+}

data/lib/awspec/type/waf_web_acl.rb

@@ -0,0 +1,22 @@
+module Awspec::Type
+  class WafWebAcl < Base
+    def initialize(id)
+      super
+      @resource_via_client = find_waf_web_acl(id)
+      @id = @resource_via_client.web_acl_id if @resource_via_client
+    end
+
+    def default_action
+      @resource_via_client.default_action.type
+    end
+
+    def has_rule?(rule_id, priority = nil, action = nil)
+      @resource_via_client.rules.find do |rule|
+        next false if !priority.nil? && rule.priority != priority
+        next false if !action.nil? && rule.action.type != action
+        next true if rule.rule_id == rule_id
+        find_waf_rule(rule_id).name == rule_id
+      end
+    end
+  end
+end

data/lib/awspec/version.rb

@@ -1,3 +1,3 @@
 module Awspec
-  VERSION = '0.54.0'
+  VERSION = '0.55.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awspec
 version: !ruby/object:Gem::Version
-  version: 0.54.0
+  version: 0.55.0
 platform: ruby
 authors:
 - k1LoW
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-09-05 00:00:00.000000000 Z
+date: 2016-09-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -239,6 +239,7 @@ files:
 - doc/_resource_types/ses_identity.md
 - doc/_resource_types/subnet.md
 - doc/_resource_types/vpc.md
+- doc/_resource_types/waf_web_acl.md
 - doc/contributing.md
 - doc/resource_types.md
 - exe/awspec
@@ -286,6 +287,7 @@ files:
 - lib/awspec/generator/doc/type/ses_identity.rb
 - lib/awspec/generator/doc/type/subnet.rb
 - lib/awspec/generator/doc/type/vpc.rb
+- lib/awspec/generator/doc/type/waf_web_acl.rb
 - lib/awspec/generator/spec/cloudwatch_alarm.rb
 - lib/awspec/generator/spec/cloudwatch_event.rb
 - lib/awspec/generator/spec/directconnect.rb
@@ -336,6 +338,7 @@ files:
 - lib/awspec/helper/finder/ses.rb
 - lib/awspec/helper/finder/subnet.rb
 - lib/awspec/helper/finder/vpc.rb
+- lib/awspec/helper/finder/waf.rb
 - lib/awspec/helper/type.rb
 - lib/awspec/matcher.rb
 - lib/awspec/matcher/be_allowed.rb
@@ -357,6 +360,7 @@ files:
 - lib/awspec/matcher/have_private_ip_address.rb
 - lib/awspec/matcher/have_record_set.rb
 - lib/awspec/matcher/have_route.rb
+- lib/awspec/matcher/have_rule.rb
 - lib/awspec/matcher/have_tag.rb
 - lib/awspec/resource_reader.rb
 - lib/awspec/setup.rb
@@ -396,6 +400,7 @@ files:
 - lib/awspec/stub/ses_identity.rb
 - lib/awspec/stub/subnet.rb
 - lib/awspec/stub/vpc.rb
+- lib/awspec/stub/waf_web_acl.rb
 - lib/awspec/toolbox.rb
 - lib/awspec/type/ami.rb
 - lib/awspec/type/autoscaling_group.rb
@@ -432,6 +437,7 @@ files:
 - lib/awspec/type/ses_identity.rb
 - lib/awspec/type/subnet.rb
 - lib/awspec/type/vpc.rb
+- lib/awspec/type/waf_web_acl.rb
 - lib/awspec/version.rb
 homepage: https://github.com/k1LoW/awspec
 licenses: