convection 0.2.13 → 0.2.14
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f6ce04b3301441c8a25277d9b0c05c3633dbb25a
|
4
|
+
data.tar.gz: a96ecb3a1dd62ecaee0bce721f5254daeb4ff49f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2dd60878873c033ed0e91fb667b824d2cc7df021e4fc0283a64f24a01e5357d4c7015266674c45be13a0ed969e347bfe5327c59fa3dcf5a6c736805e19477ea6
|
7
|
+
data.tar.gz: 95152de7d87ff586342818cb451d4b13f7b81b37af4d12d6b950b755a3451a99ac93082999cc70ee53539f16f649d815d0db64c22a2525045ca0d26300bbf22d
|
data/example/security-groups.rb
CHANGED
@@ -35,6 +35,43 @@ module Convection
|
|
35
35
|
|
36
36
|
with_output
|
37
37
|
end
|
38
|
+
|
39
|
+
ec2_security_group 'FoobarEgress' do
|
40
|
+
vpc stack.get('vpc', 'id')
|
41
|
+
description 'Foobar Egress'
|
42
|
+
|
43
|
+
egress_rule(:tcp, 80, '0.0.0.0/0')
|
44
|
+
egress_rule(:tcp, 443, '0.0.0.0/0')
|
45
|
+
|
46
|
+
tag 'Name', "sg-foobar-egress-#{ stack.cloud }"
|
47
|
+
tag 'Service', 'foobar'
|
48
|
+
tag 'Resource', 'EC2'
|
49
|
+
tag 'Scope', 'private'
|
50
|
+
tag 'Stack', stack.cloud
|
51
|
+
|
52
|
+
with_output
|
53
|
+
end
|
54
|
+
|
55
|
+
ec2_security_group 'FoobarNoEgress' do
|
56
|
+
vpc stack.get('vpc', 'id')
|
57
|
+
description 'Foobar No Egress'
|
58
|
+
|
59
|
+
# By default, Cloud Formation adds a default egress rule that allows
|
60
|
+
# egress traffic on all ports and IP protocols to any location. The default
|
61
|
+
# rule is removed only when you specify one or more egress rules. If you want
|
62
|
+
# to remove the default rule and limit egress traffic to just the localhost,
|
63
|
+
# you can use the following rule:
|
64
|
+
# See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html
|
65
|
+
egress_rule(-1, nil, '127.0.0.1/32')
|
66
|
+
|
67
|
+
tag 'Name', "sg-foobar-noegress-#{ stack.cloud }"
|
68
|
+
tag 'Service', 'foobar'
|
69
|
+
tag 'Resource', 'EC2'
|
70
|
+
tag 'Scope', 'private'
|
71
|
+
tag 'Stack', stack.cloud
|
72
|
+
|
73
|
+
with_output
|
74
|
+
end
|
38
75
|
end
|
39
76
|
end
|
40
77
|
end
|
@@ -19,11 +19,12 @@ module Convection
|
|
19
19
|
security_group_ingress << rule
|
20
20
|
end
|
21
21
|
|
22
|
-
def egress_rule(protocol = nil, port = nil, &block)
|
22
|
+
def egress_rule(protocol = nil, port = nil, destination = nil, &block)
|
23
23
|
rule = Model::Template::Resource::EC2SecurityGroup::Rule.new("#{ name }EgressGroupRule", @template)
|
24
24
|
rule.protocol = protocol unless protocol.nil?
|
25
25
|
rule.from = port unless port.nil?
|
26
26
|
rule.to = port unless port.nil?
|
27
|
+
rule.destination = destination unless destination.nil?
|
27
28
|
|
28
29
|
rule.instance_exec(&block) if block
|
29
30
|
security_group_egress << rule
|
@@ -62,10 +63,10 @@ module Convection
|
|
62
63
|
|
63
64
|
def render
|
64
65
|
{
|
65
|
-
'IpProtocol' => Mixin::Protocol.lookup(protocol)
|
66
|
-
'FromPort' => from,
|
67
|
-
'ToPort' => to
|
66
|
+
'IpProtocol' => Mixin::Protocol.lookup(protocol)
|
68
67
|
}.tap do |rule|
|
68
|
+
rule['FromPort'] = from unless from.nil?
|
69
|
+
rule['ToPort'] = to unless to.nil?
|
69
70
|
rule['CidrIp'] = source unless source.nil?
|
70
71
|
rule['CidrIp'] = destination unless destination.nil?
|
71
72
|
rule['DestinationSecurityGroupId'] = destination_group unless destination_group.nil?
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: convection
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.14
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- John Manero
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-02
|
11
|
+
date: 2016-03-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk
|