build-cloud 0.0.9 → 0.0.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -13
- data/README.md +2 -0
- data/build-cloud.gemspec +1 -1
- data/lib/build-cloud/securitygroup.rb +134 -15
- metadata +11 -11
checksums.yaml
CHANGED
|
@@ -1,15 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
|
|
5
|
-
data.tar.gz: !binary |-
|
|
6
|
-
MTNhZTJlMDAzYmYzODFiMjgwOWVjZTEwN2IzZDA3Mjg5M2YyODljMw==
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: b46efc757b6cc4e2d30df4b845e6472719f680e2
|
|
4
|
+
data.tar.gz: 713e03740e84b1f99bf58d1c2adba9bf0c9ad6b0
|
|
7
5
|
SHA512:
|
|
8
|
-
metadata.gz:
|
|
9
|
-
|
|
10
|
-
OTZjOWE3NTA3NDUxMjc1ZDI5YmIxYjUzY2E1ZTc3NDhmY2M1YmQ1NWM1ODRm
|
|
11
|
-
OWI1YTM1MjI3MmZlZmI4YzkwODZhYmQxOTNmZmM1Y2RjYzVjYzg=
|
|
12
|
-
data.tar.gz: !binary |-
|
|
13
|
-
OTA1Y2NhZWI3ZTIwM2U2MzBiOTlmMWQ4NGQ5Yjc1Y2RlYTZmOGQyYTFlODdm
|
|
14
|
-
YWI2MTJjMmNlYTc5OThjNTMzYjkyNjcyY2U2MDc4MzcwZGRlYTk4YTU3YmI1
|
|
15
|
-
ZTY5M2QxM2JkMjYzMzVlODM2ZDJjNjc0YmYyYjY2ZmU4ZmIxMjQ=
|
|
6
|
+
metadata.gz: cc19de13443897e1d5aaa15f9d7e03696298b82821f420cea175e543eb954788186e97f893460df6d8f4920c3bc71574b09fa3227117138cef5f805e54c4a56a
|
|
7
|
+
data.tar.gz: 9707da8ae27fc6bb54a4d05ed8bbab7a9a6965193d8c508f237fb85446893917eccc7dc1c79c94c19e242f9d210a3852ca321e8a063586758cb09c71c43ee06c
|
data/README.md
CHANGED
|
@@ -22,6 +22,8 @@ See the command line help for `build-cloud`.
|
|
|
22
22
|
|
|
23
23
|
## Changelog
|
|
24
24
|
|
|
25
|
+
2015-04-14 - version 0.0.10 - adds "lifecycle" functionality for security groups. Existing security groups will now have rules removed from them or added to them to make AWS reflect the YAML passed to build-cloud. Previously, once a security group had been created by build-cloud, it was never subsequently updated.
|
|
26
|
+
|
|
25
27
|
2014-12-12 - version 0.0.9 - bugfixes to file path resolution. It is worth noting that when multiple files are passed to `--config` they're treated as relative to the CWD - this is what you'd expect from referencing a file in a command line option. When file(s) are specified in an `:include` key in the given YAML file, relative paths given there are considered to be relative to the location of the YAML file given to `--config` - this is to ensure consistent behaviour regardless of what $CWD is when calling build-cloud.
|
|
26
28
|
|
|
27
29
|
2014-12-01 - version 0.0.8 - when multiple files are passed to `--config`, any top-level elements in the second and subsequent files which are arrays are merged into the arrays from previously read in files. This means, for examples, that you can have lists of instances or security groups in multiple files, and they will all be read in. Previously, subsequent files overwrote what was in previous files. Note that this only applies for top level elements of YAML files which are arrays - the previous overwriting behaviour applies still to strings.
|
data/build-cloud.gemspec
CHANGED
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |spec|
|
|
6
6
|
spec.name = "build-cloud"
|
|
7
|
-
spec.version = "0.0.
|
|
7
|
+
spec.version = "0.0.10"
|
|
8
8
|
spec.authors = ["The Scale Factory"]
|
|
9
9
|
spec.email = ["info@scalefactory.com"]
|
|
10
10
|
spec.summary = %q{Tools for building resources in AWS}
|
|
@@ -36,38 +36,157 @@ class BuildCloud::SecurityGroup
|
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
def create
|
|
39
|
-
|
|
40
|
-
return if exists?
|
|
41
|
-
|
|
42
|
-
@log.info( "Creating security group #{@options[:name]}" )
|
|
43
39
|
|
|
44
40
|
options = @options.dup
|
|
45
41
|
|
|
46
|
-
unless options[:vpc_id]
|
|
47
|
-
|
|
48
|
-
options[:vpc_id] = BuildCloud::VPC.get_id_by_name( options[:vpc_name] )
|
|
49
|
-
options.delete(:vpc_name)
|
|
50
|
-
|
|
51
|
-
end
|
|
52
|
-
|
|
53
42
|
authorized_ranges = []
|
|
54
43
|
if options[:authorized_ranges]
|
|
55
44
|
authorized_ranges = options[:authorized_ranges]
|
|
56
45
|
options.delete(:authorized_ranges)
|
|
57
46
|
end
|
|
58
47
|
|
|
59
|
-
|
|
60
|
-
|
|
48
|
+
unless exists?
|
|
49
|
+
|
|
50
|
+
@log.info( "Creating security group #{@options[:name]}" )
|
|
51
|
+
|
|
52
|
+
unless options[:vpc_id]
|
|
53
|
+
|
|
54
|
+
options[:vpc_id] = BuildCloud::VPC.get_id_by_name( options[:vpc_name] )
|
|
55
|
+
options.delete(:vpc_name)
|
|
56
|
+
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
security_group = @compute.security_groups.new( options )
|
|
60
|
+
security_group.save
|
|
61
|
+
|
|
62
|
+
@log.debug( security_group.inspect )
|
|
63
|
+
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
rationalise_rules( authorized_ranges )
|
|
67
|
+
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
def rationalise_rules( authorized_ranges )
|
|
71
|
+
|
|
72
|
+
security_group = read
|
|
73
|
+
|
|
74
|
+
current_rules = []
|
|
75
|
+
rules_to_add = []
|
|
76
|
+
|
|
77
|
+
# Read all the existing rules from the SG object. Turn what we find into
|
|
78
|
+
# a list of hashes, where the hash parameter names match those that we use
|
|
79
|
+
# in the YAML description. This will aid comparison of current vs. desired rules
|
|
80
|
+
|
|
81
|
+
security_group.ip_permissions.each do |r|
|
|
82
|
+
|
|
83
|
+
if r['groups'] != []
|
|
84
|
+
|
|
85
|
+
c = {
|
|
86
|
+
:min_port => r['fromPort'],
|
|
87
|
+
:max_port => r['toPort'],
|
|
88
|
+
:ip_protocol => r['ipProtocol'],
|
|
89
|
+
:name => @compute.security_groups.select { |sg| sg.group_id == r['groups'].first['groupId'] }.first.name,
|
|
90
|
+
}
|
|
91
|
+
|
|
92
|
+
current_rules << c
|
|
93
|
+
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
if r['ipRanges'] != []
|
|
97
|
+
|
|
98
|
+
r['ipRanges'].each do |ipRange|
|
|
99
|
+
|
|
100
|
+
c = {
|
|
101
|
+
:min_port => r['fromPort'],
|
|
102
|
+
:max_port => r['toPort'],
|
|
103
|
+
:ip_protocol => r['ipProtocol'],
|
|
104
|
+
:cidr_ip => ipRange['cidrIp'],
|
|
105
|
+
}
|
|
106
|
+
|
|
107
|
+
current_rules << c
|
|
108
|
+
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
# Work through the list of desired rules.
|
|
61
116
|
|
|
62
117
|
authorized_ranges.each do |r|
|
|
63
118
|
|
|
64
|
-
|
|
119
|
+
# If we find a current rule that matches the desired rule, then
|
|
120
|
+
# remove that from the list of current rules - you'll see why later.
|
|
121
|
+
|
|
122
|
+
already_exists = false
|
|
123
|
+
current_rules.delete_if do |c|
|
|
124
|
+
if c == r
|
|
125
|
+
@log.debug ( "#{r.inspect} already exists" )
|
|
126
|
+
already_exists = true
|
|
127
|
+
true # so that delete_if removes the list item
|
|
128
|
+
end
|
|
129
|
+
end
|
|
130
|
+
|
|
131
|
+
unless already_exists
|
|
132
|
+
|
|
133
|
+
# If the rule doesn't exist already, flag it to be added.
|
|
134
|
+
# We do this *after* deleting old rules since some changes
|
|
135
|
+
# to existing rules can cause conflict and error.
|
|
136
|
+
# (eg. changing a rule from matching a sg name to matching
|
|
137
|
+
# a cidr block causes this)
|
|
138
|
+
|
|
139
|
+
rules_to_add << r
|
|
140
|
+
|
|
141
|
+
end
|
|
142
|
+
|
|
143
|
+
end
|
|
144
|
+
|
|
145
|
+
# At the end of this loop, anything left in the current_rules list
|
|
146
|
+
# represents a rule that's present on the infra, but should be deleted
|
|
147
|
+
# (since there's no matching desired rule), so delete those.
|
|
148
|
+
# Changing a rule maps to "delete old rule, create new one".
|
|
149
|
+
|
|
150
|
+
current_rules.each do |r|
|
|
151
|
+
|
|
152
|
+
@log.debug ( "Revoking superfluous #{r.inspect}" )
|
|
153
|
+
|
|
154
|
+
# Translate sg name into id - looking up with API so we can reference SG names not in the config yaml
|
|
155
|
+
if r.has_key?(:name)
|
|
156
|
+
groups = @compute.security_groups.select { |sg| sg.name == r[:name] }
|
|
157
|
+
if groups.count == 0
|
|
158
|
+
raise "Can't find security group id for group name '#{r[:name]}'"
|
|
159
|
+
end
|
|
160
|
+
r[:group] = groups.first.group_id
|
|
161
|
+
end
|
|
162
|
+
|
|
163
|
+
|
|
164
|
+
security_group.revoke_port_range(
|
|
65
165
|
r.delete(:min_port)..r.delete(:max_port), r
|
|
66
166
|
)
|
|
67
167
|
|
|
68
168
|
end
|
|
69
169
|
|
|
70
|
-
|
|
170
|
+
# Add any new rules that are required.
|
|
171
|
+
|
|
172
|
+
rules_to_add.each do |r|
|
|
173
|
+
|
|
174
|
+
@log.debug( "Adding #{r.inspect}" )
|
|
175
|
+
|
|
176
|
+
# Translate sg name into id - looking up with API so we can reference SG names not in the config yaml
|
|
177
|
+
if r.has_key?(:name)
|
|
178
|
+
groups = @compute.security_groups.select { |sg| sg.name == r[:name] }
|
|
179
|
+
if groups.count == 0
|
|
180
|
+
raise "Can't find security group id for group name '#{r[:name]}'"
|
|
181
|
+
end
|
|
182
|
+
r[:group] = groups.first.group_id
|
|
183
|
+
end
|
|
184
|
+
|
|
185
|
+
security_group.authorize_port_range(
|
|
186
|
+
r.delete(:min_port)..r.delete(:max_port), r
|
|
187
|
+
)
|
|
188
|
+
|
|
189
|
+
end
|
|
71
190
|
|
|
72
191
|
end
|
|
73
192
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: build-cloud
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- The Scale Factory
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2015-04-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -28,42 +28,42 @@ dependencies:
|
|
|
28
28
|
name: rake
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- -
|
|
31
|
+
- - '>='
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
33
|
version: '0'
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- -
|
|
38
|
+
- - '>='
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: fog
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
|
-
- -
|
|
45
|
+
- - '>='
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
47
|
version: 1.22.0
|
|
48
48
|
type: :runtime
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
|
-
- -
|
|
52
|
+
- - '>='
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: 1.22.0
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: pry
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
|
-
- -
|
|
59
|
+
- - '>='
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
61
|
version: 0.9.12.6
|
|
62
62
|
type: :runtime
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
|
-
- -
|
|
66
|
+
- - '>='
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: 0.9.12.6
|
|
69
69
|
description:
|
|
@@ -117,17 +117,17 @@ require_paths:
|
|
|
117
117
|
- lib
|
|
118
118
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
119
119
|
requirements:
|
|
120
|
-
- -
|
|
120
|
+
- - '>='
|
|
121
121
|
- !ruby/object:Gem::Version
|
|
122
122
|
version: '0'
|
|
123
123
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
124
124
|
requirements:
|
|
125
|
-
- -
|
|
125
|
+
- - '>='
|
|
126
126
|
- !ruby/object:Gem::Version
|
|
127
127
|
version: '0'
|
|
128
128
|
requirements: []
|
|
129
129
|
rubyforge_project:
|
|
130
|
-
rubygems_version: 2.
|
|
130
|
+
rubygems_version: 2.0.14
|
|
131
131
|
signing_key:
|
|
132
132
|
specification_version: 4
|
|
133
133
|
summary: Tools for building resources in AWS
|