awspec 1.16.1 → 1.17.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cb52e161700803af0808122c1a0312d4943eb470
-  data.tar.gz: 741e86da6b969778af9b01fd8c881eba5b741396
+  metadata.gz: 0a3421504dfb769b8367414a61de64c4ff31bf23
+  data.tar.gz: bf6e0a3d1e1650497b3fc023d38e74b68cad19db
 SHA512:
-  metadata.gz: 562de31b0cb98ef280c01b728d1a5ed3a6854707d8fb10279964de1ccd90648e4b432fc1057baebcb7469b4ed3dc8963e875c266e461743d8628a2d2b116dde3
-  data.tar.gz: b143b6a9b77a07138090055ae64ce62afb4297699348ddb90086edf0b6667eadf36fa3cbb61fc15efa6d8684f8afda42b7187b622eded5a9aad7f209cd04e3d1
+  metadata.gz: c780579a44dbdfeefeac6b30f63240023afee5487d92cb3f22c2ebc27b9e742e9585c10280bf90413f333cf6f83609d72c7e8bd43d0c7da2ccec3d6aaf44c40f
+  data.tar.gz: 3d7a2b8b2ee72b3819ac838806ef454e1151aa88150a1d445211b9dabfd8f80b1c2583b054ff803f81a1ad8b8aca5fb0c983eb285d1b16f3442a2ea7465e80ea

data/doc/_resource_types/wafregional_web_acl.md

@@ -0,0 +1,29 @@
+### exist
+
+```ruby
+describe wafregional_web_acl('my-wafregional-web-acl') do
+  it { should exist }
+  its(:default_action) { should eq 'BLOCK' }
+  it { should have_rule('my-wafregional-web-acl-allowed-ips') }
+  it { should have_rule('my-wafregional-web-acl-allowed-ips').order(2).action('BLOCK') }
+end
+```
+
+### have_rule
+
+```ruby
+describe wafregional_web_acl('my-wafregional-web-acl') do
+  it { should have_rule('my-wafregional-web-acl-allowed-ips') }
+  it { should have_rule('my-wafregional-web-acl-allowed-ips').order(2).action('BLOCK') }
+end
+```
+
+### its(:default_action), its(:web_acl_id), its(:name), its(:metric_name)
+
+```ruby
+describe wafregional_web_acl('my-wafregional-web-acl') do
+  its(:default_action) { should eq 'BLOCK' }
+end
+```
+
+

data/doc/resource_types.md

@@ -74,6 +74,7 @@
 | [vpn_connection](#vpn_connection)
 | [vpn_gateway](#vpn_gateway)
 | [waf_web_acl](#waf_web_acl)
+| [wafregional_web_acl](#wafregional_web_acl)
 | [account](#account)
 
 ## <a name="acm">acm</a>
@@ -1216,7 +1217,7 @@ describe ecs_task_definition('my-ecs-task-definition') do
 end
 ```
 
-### its(:task_definition_arn), its(:family), its(:task_role_arn), its(:execution_role_arn), its(:network_mode), its(:revision), its(:volumes), its(:status), its(:requires_attributes), its(:placement_constraints), its(:compatibilities), its(:requires_compatibilities), its(:cpu), its(:memory), its(:pid_mode), its(:ipc_mode)
+### its(:task_definition_arn), its(:family), its(:task_role_arn), its(:execution_role_arn), its(:network_mode), its(:revision), its(:volumes), its(:status), its(:requires_attributes), its(:placement_constraints), its(:compatibilities), its(:requires_compatibilities), its(:cpu), its(:memory), its(:pid_mode), its(:ipc_mode), its(:proxy_configuration)
 ## <a name="efs">efs</a>
 
 EFS resource type.
@@ -3583,6 +3584,33 @@ end
 ```
 
 
+### its(:default_action), its(:web_acl_id), its(:name), its(:metric_name), its(:web_acl_arn)
+## <a name="wafregional_web_acl">wafregional_web_acl</a>
+
+WafregionalWebAcl resource type.
+
+### exist
+
+```ruby
+describe wafregional_web_acl('my-wafregional-web-acl') do
+  it { should exist }
+  its(:default_action) { should eq 'BLOCK' }
+  it { should have_rule('my-wafregional-web-acl-allowed-ips') }
+  it { should have_rule('my-wafregional-web-acl-allowed-ips').order(2).action('BLOCK') }
+end
+```
+
+
+### have_rule
+
+```ruby
+describe wafregional_web_acl('my-wafregional-web-acl') do
+  it { should have_rule('my-wafregional-web-acl-allowed-ips') }
+  it { should have_rule('my-wafregional-web-acl-allowed-ips').order(2).action('BLOCK') }
+end
+```
+
+
 ### its(:default_action), its(:web_acl_id), its(:name), its(:metric_name), its(:web_acl_arn)
 # Account and Attributes
 

data/lib/awspec/generator/doc/type/wafregional_web_acl.rb

@@ -0,0 +1,17 @@
+module Awspec::Generator
+  module Doc
+    module Type
+      class WafregionalWebAcl < Base
+        def initialize
+          super
+          @type_name = 'WafregionalWebAcl'
+          @type = Awspec::Type::WafregionalWebAcl.new('my-wafregional-web-acl')
+          @ret = @type.resource_via_client
+          @matchers = []
+          @ignore_matchers = []
+          @describes = %w(default_action)
+        end
+      end
+    end
+  end
+end

data/lib/awspec/helper/finder.rb

@@ -29,6 +29,7 @@ require 'awspec/helper/finder/cloudfront'
 require 'awspec/helper/finder/elastictranscoder'
 require 'awspec/helper/finder/cloudtrail'
 require 'awspec/helper/finder/waf'
+require 'awspec/helper/finder/wafregional'
 require 'awspec/helper/finder/acm'
 require 'awspec/helper/finder/cloudwatch_logs'
 require 'awspec/helper/finder/dynamodb'
@@ -82,6 +83,7 @@ module Awspec::Helper
     include Awspec::Helper::Finder::Elastictranscoder
     include Awspec::Helper::Finder::Cloudtrail
     include Awspec::Helper::Finder::Waf
+    include Awspec::Helper::Finder::WafRegional
     include Awspec::Helper::Finder::Acm
     include Awspec::Helper::Finder::AccountAttributes
     include Awspec::Helper::Finder::CloudwatchLogs
@@ -125,6 +127,7 @@ module Awspec::Helper
       elasticsearch_client: Aws::ElasticsearchService::Client,
       cloudtrail_client: Aws::CloudTrail::Client,
       waf_client: Aws::WAF::Client,
+      wafregional_client: Aws::WAFRegional::Client,
       sts_client: Aws::STS::Client,
       acm_client: Aws::ACM::Client,
       cloudwatch_logs_client: Aws::CloudWatchLogs::Client,

data/lib/awspec/helper/finder/wafregional.rb

@@ -0,0 +1,53 @@
+module Awspec::Helper
+  module Finder
+    module WafRegional
+      def find_wafregional_web_acl(id)
+        finded = nil
+        next_marker = nil
+
+        loop do
+          res = wafregional_client.list_web_acls(next_marker: next_marker, limit: 100)
+          finded = res.web_acls.find do |acl|
+            acl.web_acl_id == id || acl.name == id
+          end
+          (finded.nil? && next_marker = res.next_marker) || break
+        end
+
+        return nil unless finded
+        wafregional_client.get_web_acl(web_acl_id: finded.web_acl_id).web_acl
+      end
+
+      def find_wafregional_rule(id)
+        finded = nil
+        next_marker = nil
+
+        loop do
+          res = wafregional_client.list_rules(next_marker: next_marker, limit: 1)
+          finded = res.rules.find do |rule|
+            rule.rule_id == id || rule.name == id
+          end
+          (finded.nil? && next_marker = res.next_marker) || break
+        end
+
+        return nil unless finded
+        wafregional_client.get_rule(rule_id: finded.rule_id).rule
+      end
+
+      def find_wafregional_ip_set(id)
+        finded = nil
+        next_marker = nil
+
+        loop do
+          res = wafregional_client.list_ip_sets(next_marker: next_marker, limit: 1)
+          finded = res.ip_sets.find do |set|
+            set.ip_set_id == id || set.name == id
+          end
+          (finded.nil? && next_marker = res.next_marker) || break
+        end
+
+        return nil unless finded
+        wafregional_client.get_ip_set(ip_set_id: finded.ip_set_id).ip_set
+      end
+    end
+  end
+end

data/lib/awspec/helper/type.rb

@@ -17,9 +17,9 @@ module Awspec
         network_acl network_interface nlb nlb_listener nlb_target_group
         rds rds_db_cluster_parameter_group rds_db_parameter_group route53_hosted_zone
         route_table s3_bucket security_group ses_identity subnet vpc cloudfront_distribution
-        elastictranscoder_pipeline waf_web_acl customer_gateway vpn_gateway vpn_connection internet_gateway acm
-        cloudwatch_logs dynamodb_table eip sqs ssm_parameter cloudformation_stack codebuild sns_topic redshift
-        redshift_cluster_parameter_group codedeploy codedeploy_deployment_group
+        elastictranscoder_pipeline waf_web_acl wafregional_web_acl customer_gateway vpn_gateway vpn_connection
+        internet_gateway acm cloudwatch_logs dynamodb_table eip sqs ssm_parameter cloudformation_stack
+        codebuild sns_topic redshift redshift_cluster_parameter_group codedeploy codedeploy_deployment_group
       )
 
       ACCOUNT_ATTRIBUTES = %w(

data/lib/awspec/matcher/have_rule.rb

@@ -1,6 +1,7 @@
 RSpec::Matchers.define :have_rule do |rule_id|
   match do |type|
     return type.has_rule?(rule_id, @priority, @action) if type.instance_of?(Awspec::Type::WafWebAcl)
+    return type.has_rule?(rule_id, @priority, @action) if type.instance_of?(Awspec::Type::WafregionalWebAcl)
     return type.has_rule?(rule_id, @priority, @conditions, @actions) if type.instance_of?(Awspec::Type::AlbListener)
     type.has_rule?(rule_id, @priority, @conditions, @actions) if type.instance_of?(Awspec::Type::NlbListener)
   end

data/lib/awspec/stub/wafregional_web_acl.rb

@@ -0,0 +1,62 @@
+Aws.config[:wafregional] = {
+  stub_responses: {
+    list_web_acls: {
+      next_marker: nil,
+      web_acls: [
+        {
+          web_acl_id: '1234567-abcd-1234-efgh-5678-1234567890',
+          name: 'my-wafregional-web-acl'
+        }
+      ]
+    },
+    get_web_acl: {
+      web_acl: {
+        web_acl_id: '1234567-abcd-1234-efgh-5678-1234567890',
+        name: 'my-wafregional-web-acl',
+        metric_name: 'mywafregionalwebacl',
+        default_action: {
+          type: 'BLOCK'
+        },
+        rules: [
+          {
+            priority: 1,
+            rule_id: 'aaaaaaaa-0000-5555-3333-eeeeeeeeeeee',
+            action: {
+              type: 'ALLOW'
+            }
+          },
+          {
+            priority: 2,
+            rule_id: 'dddddddd-1111-2222-3333-eeeeeeeeeeee',
+            action: {
+              type: 'BLOCK'
+            }
+          }
+        ]
+      }
+    },
+    list_rules: {
+      next_marker: nil,
+      rules: [
+        {
+          rule_id: 'dddddddd-1111-2222-3333-eeeeeeeeeeee',
+          name: 'my-wafregional-web-acl-allowed-ips'
+        }
+      ]
+    },
+    get_rule: {
+      rule: {
+        rule_id: 'dddddddd-1111-2222-3333-eeeeeeeeeeee',
+        name: 'my-wafregional-web-acl-allowed-ips',
+        metric_name: 'mywafregionalwebaclallowedips',
+        predicates: [
+          {
+            negated: false,
+            type: 'IPMatch',
+            data_id: '22aa22bb-3333-aaaa-8888-bbbbbbbbbbbb'
+          }
+        ]
+      }
+    }
+  }
+}

data/lib/awspec/type/wafregional_web_acl.rb

@@ -0,0 +1,24 @@
+module Awspec::Type
+  class WafregionalWebAcl < ResourceBase
+    def resource_via_client
+      @resource_via_client ||= find_wafregional_web_acl(@display_name)
+    end
+
+    def id
+      @id ||= resource_via_client.web_acl_id if resource_via_client
+    end
+
+    def default_action
+      resource_via_client.default_action.type
+    end
+
+    def has_rule?(rule_id, priority = nil, action = nil)
+      resource_via_client.rules.find do |rule|
+        next false if !priority.nil? && rule.priority != priority
+        next false if !action.nil? && rule.action.type != action
+        next true if rule.rule_id == rule_id
+        find_wafregional_rule(rule_id).name == rule_id
+      end
+    end
+  end
+end

data/lib/awspec/version.rb

@@ -1,3 +1,3 @@
 module Awspec
-  VERSION = '1.16.1'
+  VERSION = '1.17.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awspec
 version: !ruby/object:Gem::Version
-  version: 1.16.1
+  version: 1.17.0
 platform: ruby
 authors:
 - k1LoW
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-03-06 00:00:00.000000000 Z
+date: 2019-03-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -296,6 +296,7 @@ files:
 - doc/_resource_types/vpn_connection.md
 - doc/_resource_types/vpn_gateway.md
 - doc/_resource_types/waf_web_acl.md
+- doc/_resource_types/wafregional_web_acl.md
 - doc/contributing.md
 - doc/resource_types.md
 - exe/awspec
@@ -392,6 +393,7 @@ files:
 - lib/awspec/generator/doc/type/vpn_connection.rb
 - lib/awspec/generator/doc/type/vpn_gateway.rb
 - lib/awspec/generator/doc/type/waf_web_acl.rb
+- lib/awspec/generator/doc/type/wafregional_web_acl.rb
 - lib/awspec/generator/spec/acm.rb
 - lib/awspec/generator/spec/alb.rb
 - lib/awspec/generator/spec/alb_listener.rb
@@ -482,6 +484,7 @@ files:
 - lib/awspec/helper/finder/subnet.rb
 - lib/awspec/helper/finder/vpc.rb
 - lib/awspec/helper/finder/waf.rb
+- lib/awspec/helper/finder/wafregional.rb
 - lib/awspec/helper/type.rb
 - lib/awspec/matcher.rb
 - lib/awspec/matcher/be_allowed.rb
@@ -606,6 +609,7 @@ files:
 - lib/awspec/stub/vpn_connection.rb
 - lib/awspec/stub/vpn_gateway.rb
 - lib/awspec/stub/waf_web_acl.rb
+- lib/awspec/stub/wafregional_web_acl.rb
 - lib/awspec/toolbox.rb
 - lib/awspec/type/account.rb
 - lib/awspec/type/account_attribute.rb
@@ -690,6 +694,7 @@ files:
 - lib/awspec/type/vpn_connection.rb
 - lib/awspec/type/vpn_gateway.rb
 - lib/awspec/type/waf_web_acl.rb
+- lib/awspec/type/wafregional_web_acl.rb
 - lib/awspec/version.rb
 homepage: https://github.com/k1LoW/awspec
 licenses:
@@ -711,7 +716,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.14
+rubygems_version: 2.6.14.1
 signing_key: 
 specification_version: 4
 summary: RSpec tests for your AWS resources.