awspec 1.19.1 → 1.19.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/doc/resource_types.md +7 -3
- data/lib/awspec/type/security_group.rb +44 -0
- data/lib/awspec/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0cb0f518cbb9a6fd1719a6ab94547039f8ce88140d1a3536f47813f2c1de866a
|
|
4
|
+
data.tar.gz: 7ac384fb88ba40da139ba7ff562b17b93c2000a89dada4011ad9a3eeda64976a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 027a2d063404ce032e2257d01e520a142152e81c33118d69a8a1a2f8defc9667b50f45362bc9051ef6e08594f47d4d9cc2fcafb64b508ce9e023bbd01a61701f
|
|
7
|
+
data.tar.gz: ad59add2cf039e0e2371b96899106f970c1d0a64ef3a0aca81f54af7f9fa9c5253563cad3772e1579f88837fe227ce34fe5de1cc23c3eba48f4eec8f56d080f8
|
data/doc/resource_types.md
CHANGED
|
@@ -198,7 +198,7 @@ describe alb_listener('arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:li
|
|
|
198
198
|
end
|
|
199
199
|
```
|
|
200
200
|
|
|
201
|
-
### its(:listener_arn), its(:load_balancer_arn), its(:port), its(:protocol), its(:certificates), its(:ssl_policy)
|
|
201
|
+
### its(:listener_arn), its(:load_balancer_arn), its(:port), its(:protocol), its(:certificates), its(:ssl_policy), its(:alpn_policy)
|
|
202
202
|
## <a name="alb_target_group">alb_target_group</a>
|
|
203
203
|
|
|
204
204
|
AlbTargetGroup resource type.
|
|
@@ -1620,7 +1620,7 @@ describe emr('my-emr') do
|
|
|
1620
1620
|
end
|
|
1621
1621
|
```
|
|
1622
1622
|
|
|
1623
|
-
### its(:id), its(:name), its(:instance_collection_type), its(:log_uri), its(:requested_ami_version), its(:running_ami_version), its(:release_label), its(:auto_terminate), its(:termination_protected), its(:visible_to_all_users), its(:service_role), its(:normalized_instance_hours), its(:master_public_dns_name), its(:configurations), its(:security_configuration), its(:auto_scaling_role), its(:scale_down_behavior), its(:custom_ami_id), its(:ebs_root_volume_size), its(:repo_upgrade_on_boot), its(:cluster_arn), its(:outpost_arn), its(:step_concurrency_level)
|
|
1623
|
+
### its(:id), its(:name), its(:instance_collection_type), its(:log_uri), its(:log_encryption_kms_key_id), its(:requested_ami_version), its(:running_ami_version), its(:release_label), its(:auto_terminate), its(:termination_protected), its(:visible_to_all_users), its(:service_role), its(:normalized_instance_hours), its(:master_public_dns_name), its(:configurations), its(:security_configuration), its(:auto_scaling_role), its(:scale_down_behavior), its(:custom_ami_id), its(:ebs_root_volume_size), its(:repo_upgrade_on_boot), its(:cluster_arn), its(:outpost_arn), its(:step_concurrency_level)
|
|
1624
1624
|
## <a name="firehose">firehose</a>
|
|
1625
1625
|
|
|
1626
1626
|
Firehose resource type.
|
|
@@ -2591,7 +2591,7 @@ describe nlb_listener('arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:li
|
|
|
2591
2591
|
end
|
|
2592
2592
|
```
|
|
2593
2593
|
|
|
2594
|
-
### its(:listener_arn), its(:load_balancer_arn), its(:port), its(:protocol), its(:certificates), its(:ssl_policy)
|
|
2594
|
+
### its(:listener_arn), its(:load_balancer_arn), its(:port), its(:protocol), its(:certificates), its(:ssl_policy), its(:alpn_policy)
|
|
2595
2595
|
## <a name="nlb_target_group">nlb_target_group</a>
|
|
2596
2596
|
|
|
2597
2597
|
NlbTargetGroup resource type.
|
|
@@ -3200,6 +3200,10 @@ end
|
|
|
3200
3200
|
|
|
3201
3201
|
### be_outbound_opened_only
|
|
3202
3202
|
|
|
3203
|
+
### have_inbound_rule
|
|
3204
|
+
|
|
3205
|
+
### have_outbound_rule
|
|
3206
|
+
|
|
3203
3207
|
### have_tag
|
|
3204
3208
|
|
|
3205
3209
|
```ruby
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
module Awspec::Type
|
|
2
|
+
# rubocop:disable Metrics/ClassLength
|
|
2
3
|
class SecurityGroup < ResourceBase
|
|
3
4
|
aws_resource Aws::EC2::SecurityGroup
|
|
4
5
|
tags_allowed
|
|
@@ -75,12 +76,24 @@ module Awspec::Type
|
|
|
75
76
|
end
|
|
76
77
|
alias_method :outbound_permissions_count, :ip_permissions_egress_count
|
|
77
78
|
|
|
79
|
+
def has_inbound_rule?(rule)
|
|
80
|
+
resource_via_client.ip_permissions.find do |permission|
|
|
81
|
+
sg_rule_match?(permission, rule)
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
|
|
78
85
|
def inbound_rule_count
|
|
79
86
|
resource_via_client.ip_permissions.reduce(0) do |sum, permission|
|
|
80
87
|
sum += permission.ip_ranges.count + permission.user_id_group_pairs.count
|
|
81
88
|
end
|
|
82
89
|
end
|
|
83
90
|
|
|
91
|
+
def has_outbound_rule?(rule)
|
|
92
|
+
resource_via_client.ip_permissions_egress.find do |permission|
|
|
93
|
+
sg_rule_match?(permission, rule)
|
|
94
|
+
end
|
|
95
|
+
end
|
|
96
|
+
|
|
84
97
|
def outbound_rule_count
|
|
85
98
|
resource_via_client.ip_permissions_egress.reduce(0) do |sum, permission|
|
|
86
99
|
sum += permission.ip_ranges.count + permission.user_id_group_pairs.count
|
|
@@ -144,5 +157,36 @@ module Awspec::Type
|
|
|
144
157
|
port.between?(from_port, to_port)
|
|
145
158
|
end
|
|
146
159
|
end
|
|
160
|
+
|
|
161
|
+
def sg_rule_match?(permission, rule)
|
|
162
|
+
rule[:ip_protocol] = '-1' if rule[:ip_protocol] == 'all'
|
|
163
|
+
return false unless permission.ip_protocol == rule[:ip_protocol]
|
|
164
|
+
return false unless permission.ip_protocol == '-1' || permission.from_port == rule[:from_port]
|
|
165
|
+
return false unless permission.ip_protocol == '-1' || permission.to_port == rule[:to_port]
|
|
166
|
+
|
|
167
|
+
if rule[:ip_range]
|
|
168
|
+
return false unless permission.ip_ranges.find do |ip_range|
|
|
169
|
+
ip_range.cidr_ip == rule[:ip_range]
|
|
170
|
+
end
|
|
171
|
+
elsif rule[:group_pair]
|
|
172
|
+
return false unless permission.user_id_group_pairs.find do |pair|
|
|
173
|
+
group_pair_match?(pair, rule[:group_pair])
|
|
174
|
+
end
|
|
175
|
+
end
|
|
176
|
+
true
|
|
177
|
+
end
|
|
178
|
+
|
|
179
|
+
def group_pair_match?(actual_pair, rule_pair)
|
|
180
|
+
return false unless actual_pair.group_id == rule_pair[:group_id] || rule_pair[:group_id].nil?
|
|
181
|
+
return false unless actual_pair.group_name == rule_pair[:group_name] || rule_pair[:group_name].nil?
|
|
182
|
+
return false unless actual_pair.user_id == rule_pair[:user_id] || rule_pair[:user_id].nil?
|
|
183
|
+
return false unless actual_pair.vpc_id == rule_pair[:vpc_id] || rule_pair[:vpc_id].nil?
|
|
184
|
+
return false unless
|
|
185
|
+
actual_pair.vpc_peering_connection_id == rule_pair[:vpc_peering_connection_id] ||
|
|
186
|
+
rule_pair[:vpc_peering_connection_id].nil?
|
|
187
|
+
return false unless actual_pair.peering_status == rule_pair[:peering_status] || rule_pair[:peering_status].nil?
|
|
188
|
+
true
|
|
189
|
+
end
|
|
147
190
|
end
|
|
191
|
+
# rubocop:enable Metrics/ClassLength
|
|
148
192
|
end
|
data/lib/awspec/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: awspec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.19.
|
|
4
|
+
version: 1.19.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- k1LoW
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-05
|
|
11
|
+
date: 2020-06-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk
|