cyoi 0.8.2 → 0.8.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/ChangeLog.md +1 -0
- data/Guardfile +1 -1
- data/lib/cyoi/providers/clients/aws_provider_client.rb +17 -0
- data/lib/cyoi/providers/clients/fog_provider_client.rb +4 -9
- data/lib/cyoi/providers/clients/openstack_provider_client.rb +6 -6
- data/lib/cyoi/version.rb +1 -1
- data/spec/unit/providers/clients/{fog_provider_client_spec.rb → aws_provider_client_spec.rb} +12 -16
- data/spec/unit/providers/clients/openstack_provider_client_spec.rb +119 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b88ef3e5f5668e5a52188ea9480a61926909c388
|
|
4
|
+
data.tar.gz: 72e166d5644c3b52427c4bfbaf22140dc8a01679
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c954c0b314728d8abf4a5fa5aaa21790100c42499c6b627c32451e020f6fa8690c4f5b575c76483b99b83ea6fd72b7c09385128f1f01187e65afd2c47b948020
|
|
7
|
+
data.tar.gz: beb99edf501386f00f8d2ff7041e8a9207d715cd3d49c720534bb8b52e8959d01582456ed20d52e9441579110058a3ee2bde0059b6f645ad17fc33bfb3b33f37
|
data/ChangeLog.md
CHANGED
|
@@ -9,6 +9,7 @@ Cyoi (choose-your-own-infrastructure) is a library to ask an end-user to choose
|
|
|
9
9
|
* openstack neutron - asks to select a subnet and then an available IP
|
|
10
10
|
* create_security_group can take a list of ports to open [v0.8.1]
|
|
11
11
|
* allow for legacy API usage of create_security_group [v0.8.2]
|
|
12
|
+
* fixed create_security_group support for OpenStack & AWS [v0.8.3]
|
|
12
13
|
|
|
13
14
|
## v0.7
|
|
14
15
|
|
data/Guardfile
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
guard "rspec", spec_paths: ["spec/unit"] do
|
|
2
2
|
watch(%r{^spec/unit})
|
|
3
|
-
|
|
3
|
+
watch(%r{^lib/cyoi}) { |m| "spec" }
|
|
4
4
|
# watch(%r{^lib/cyoi/cli/(?:|provider_)address}) { |m| "spec/integration/cli/address" }
|
|
5
5
|
watch(%r{^lib/cyoi/cli/(?:|provider_)key_pair}) { |m| "spec/unit/cli" }
|
|
6
6
|
end
|
|
@@ -73,6 +73,23 @@ class Cyoi::Providers::Clients::AwsProviderClient < Cyoi::Providers::Clients::Fo
|
|
|
73
73
|
gateway.id
|
|
74
74
|
end
|
|
75
75
|
|
|
76
|
+
def ip_permissions(sg)
|
|
77
|
+
sg.ip_permissions
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
def port_open?(ip_permissions, port_range, protocol, ip_range)
|
|
81
|
+
ip_permissions && ip_permissions.find do |ip|
|
|
82
|
+
ip["ipProtocol"] == protocol \
|
|
83
|
+
&& ip["ipRanges"].detect { |range| range["cidrIp"] == ip_range } \
|
|
84
|
+
&& ip["fromPort"] <= port_range.min \
|
|
85
|
+
&& ip["toPort"] >= port_range.max
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
def authorize_port_range(sg, port_range, protocol, ip_range)
|
|
90
|
+
sg.authorize_port_range(port_range, {:ip_protocol => protocol, :cidr_ip => ip_range})
|
|
91
|
+
end
|
|
92
|
+
|
|
76
93
|
def find_server_device(server, device)
|
|
77
94
|
server.volumes.all.find {|v| v.device == device}
|
|
78
95
|
end
|
|
@@ -10,7 +10,7 @@ class Cyoi::Providers::Clients::FogProviderClient
|
|
|
10
10
|
def initialize(attributes)
|
|
11
11
|
@attributes = attributes.is_a?(Hash) ? ReadWriteSettings.new(attributes) : attributes
|
|
12
12
|
raise "@attributes must be ReadWriteSettings (or Hash)" unless @attributes.is_a?(ReadWriteSettings)
|
|
13
|
-
setup_fog_connection
|
|
13
|
+
setup_fog_connection unless attributes.delete("skip_fog_setup")
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
# Implement in subclasses
|
|
@@ -129,20 +129,15 @@ class Cyoi::Providers::Clients::FogProviderClient
|
|
|
129
129
|
end
|
|
130
130
|
|
|
131
131
|
def port_open?(ip_permissions, port_range, protocol, ip_range)
|
|
132
|
-
|
|
133
|
-
ip["ipProtocol"] == protocol \
|
|
134
|
-
&& ip["ipRanges"].detect { |range| range["cidrIp"] == ip_range } \
|
|
135
|
-
&& ip["fromPort"] <= port_range.min \
|
|
136
|
-
&& ip["toPort"] >= port_range.max
|
|
137
|
-
end
|
|
132
|
+
raise "must implement"
|
|
138
133
|
end
|
|
139
134
|
|
|
140
135
|
def authorize_port_range(sg, port_range, protocol, ip_range)
|
|
141
|
-
|
|
136
|
+
raise "must implement"
|
|
142
137
|
end
|
|
143
138
|
|
|
144
139
|
def ip_permissions(sg)
|
|
145
|
-
|
|
140
|
+
raise "must implement"
|
|
146
141
|
end
|
|
147
142
|
|
|
148
143
|
# Any of the following +port_defn+ can be used:
|
|
@@ -69,19 +69,19 @@ class Cyoi::Providers::Clients::OpenStackProviderClient < Cyoi::Providers::Clien
|
|
|
69
69
|
sg.security_group_rules
|
|
70
70
|
end
|
|
71
71
|
|
|
72
|
-
# Hook method for FogProviderClient#create_security_group
|
|
73
72
|
def port_open?(ip_permissions, port_range, protocol, ip_range)
|
|
74
73
|
ip_permissions && ip_permissions.find do |ip|
|
|
75
|
-
ip
|
|
76
|
-
&& ip
|
|
77
|
-
&& ip
|
|
78
|
-
&& ip
|
|
74
|
+
ip.ip_protocol == protocol \
|
|
75
|
+
&& ip.ip_range["cidr"] == ip_range \
|
|
76
|
+
&& ip.from_port <= port_range.min \
|
|
77
|
+
&& ip.to_port >= port_range.max
|
|
79
78
|
end
|
|
80
79
|
end
|
|
81
80
|
|
|
82
81
|
# Hook method for FogProviderClient#create_security_group
|
|
83
82
|
def authorize_port_range(sg, port_range, protocol, ip_range)
|
|
84
|
-
|
|
83
|
+
rules = ip_permissions(sg)
|
|
84
|
+
rules.create(from_port: port_range.min, to_port: port_range.max, ip_range: {"cidr" => ip_range}, ip_protocol: protocol)
|
|
85
85
|
end
|
|
86
86
|
|
|
87
87
|
def find_server_device(server, device)
|
data/lib/cyoi/version.rb
CHANGED
data/spec/unit/providers/clients/{fog_provider_client_spec.rb → aws_provider_client_spec.rb}
RENAMED
|
@@ -1,23 +1,19 @@
|
|
|
1
|
-
require "cyoi/providers/clients/
|
|
2
|
-
require "fog/
|
|
1
|
+
require "cyoi/providers/clients/aws_provider_client"
|
|
2
|
+
require "fog/aws/models/compute/security_group"
|
|
3
|
+
require "fog/aws/models/compute/security_groups"
|
|
3
4
|
|
|
4
|
-
describe Cyoi::Providers::Clients::
|
|
5
|
+
describe Cyoi::Providers::Clients::AwsProviderClient do
|
|
5
6
|
let(:provider_attributes) do
|
|
6
7
|
{
|
|
7
|
-
"name" => "
|
|
8
|
-
"credentials" => {
|
|
9
|
-
|
|
10
|
-
"openstack_api_key" => "PASSWORD",
|
|
11
|
-
"openstack_tenant" => "TENANT",
|
|
12
|
-
"openstack_auth_url" => "http://someurl.com/v2/tokens",
|
|
13
|
-
"openstack_region" => "REGION"
|
|
14
|
-
}
|
|
8
|
+
"name" => "aws",
|
|
9
|
+
"credentials" => {},
|
|
10
|
+
"skip_fog_setup" => true
|
|
15
11
|
}
|
|
16
12
|
end
|
|
17
|
-
let(:fog_compute) { instance_double("Fog::Compute::
|
|
18
|
-
let(:security_groups) { instance_double("Fog::Compute::
|
|
19
|
-
let(:security_group) { instance_double("Fog::Compute::
|
|
20
|
-
subject { Cyoi::Providers::Clients::
|
|
13
|
+
let(:fog_compute) { instance_double("Fog::Compute::AWS::Real") }
|
|
14
|
+
let(:security_groups) { instance_double("Fog::Compute::AWS::SecurityGroups") }
|
|
15
|
+
let(:security_group) { instance_double("Fog::Compute::AWS::SecurityGroup") }
|
|
16
|
+
subject { Cyoi::Providers::Clients::AwsProviderClient.new(provider_attributes) }
|
|
21
17
|
|
|
22
18
|
before do
|
|
23
19
|
expect(subject).to receive(:fog_compute).at_least(1).times.and_return(fog_compute)
|
|
@@ -75,7 +71,7 @@ describe Cyoi::Providers::Clients::FogProviderClient do
|
|
|
75
71
|
expect(fog_compute).to receive(:security_groups).and_return(security_groups)
|
|
76
72
|
expect(security_groups).to receive(:find).and_return(security_group)
|
|
77
73
|
expect(subject).to receive(:puts).with("Reusing security group foo")
|
|
78
|
-
expect(security_group).to receive(:ip_permissions).and_return([{"fromPort"=>22, "toPort"=>22, "ipRanges"=>[{"cidrIp" => "0.0.0.0/0"}], "ipProtocol"=>"tcp"}])
|
|
74
|
+
expect(security_group).to receive(:ip_permissions).and_return([{"fromPort" => 22, "toPort" => 22, "ipRanges" => [{"cidrIp" => "0.0.0.0/0"}], "ipProtocol" => "tcp"}])
|
|
79
75
|
expect(subject).to receive(:puts).with(" -> no additional ports opened")
|
|
80
76
|
|
|
81
77
|
subject.create_security_group("foo", "foo", 22)
|
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
require "fog"
|
|
2
2
|
require "fog/openstack"
|
|
3
|
+
require "fog/openstack/models/compute/security_groups"
|
|
4
|
+
require "fog/openstack/models/compute/security_group_rule"
|
|
5
|
+
require "fog/openstack/models/compute/security_group_rules"
|
|
3
6
|
require 'fog/openstack/models/network/subnets'
|
|
4
7
|
require "cyoi/providers"
|
|
5
8
|
|
|
@@ -14,7 +17,8 @@ describe "cyoi address openstack" do
|
|
|
14
17
|
"openstack_tenant" => "TENANT",
|
|
15
18
|
"openstack_auth_url" => "http://someurl.com/v2/tokens",
|
|
16
19
|
"openstack_region" => "REGION"
|
|
17
|
-
}
|
|
20
|
+
},
|
|
21
|
+
"skip_fog_setup" => true
|
|
18
22
|
}
|
|
19
23
|
end
|
|
20
24
|
|
|
@@ -107,4 +111,118 @@ describe "cyoi address openstack" do
|
|
|
107
111
|
end
|
|
108
112
|
end
|
|
109
113
|
end
|
|
114
|
+
|
|
115
|
+
describe "create_security_group" do
|
|
116
|
+
let(:security_groups) { instance_double("Fog::Compute::OpenStack::SecurityGroups") }
|
|
117
|
+
let(:security_group) { instance_double("Fog::Compute::OpenStack::SecurityGroup") }
|
|
118
|
+
let(:security_group_rules) { instance_double("Fog::Compute::OpenStack::SecurityGroupRules") }
|
|
119
|
+
let(:security_group_rule) { instance_double("Fog::Compute::OpenStack::SecurityGroupRule",
|
|
120
|
+
from_port: 22, to_port: 22, ip_range: [{"cidrIp" => "0.0.0.0/0"}], ip_protocol: "tcp") }
|
|
121
|
+
|
|
122
|
+
before do
|
|
123
|
+
expect(subject).to receive(:fog_compute).at_least(1).times.and_return(fog_compute)
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
it "add new single port to new SecurityGroup" do
|
|
127
|
+
expect(fog_compute).to receive(:security_groups).twice.and_return(security_groups)
|
|
128
|
+
expect(security_groups).to receive(:find).and_return(nil)
|
|
129
|
+
expect(security_groups).to receive(:create).with(name: "foo", description: "foo").and_return(security_group)
|
|
130
|
+
expect(subject).to receive(:puts).with("Created security group foo")
|
|
131
|
+
expect(security_group).to receive(:security_group_rules).twice.and_return(security_group_rules)
|
|
132
|
+
expect(security_group_rules).to receive(:find)
|
|
133
|
+
expect(security_group_rules).to receive(:create).with(from_port: 22, to_port: 22, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
|
|
134
|
+
expect(subject).to receive(:puts).with(" -> opened foo ports TCP 22..22 from IP range 0.0.0.0/0")
|
|
135
|
+
|
|
136
|
+
subject.create_security_group("foo", "foo", 22)
|
|
137
|
+
end
|
|
138
|
+
|
|
139
|
+
it "add new single port by integer to existing SecurityGroup" do
|
|
140
|
+
expect(fog_compute).to receive(:security_groups).and_return(security_groups)
|
|
141
|
+
expect(security_groups).to receive(:find).and_return(security_group)
|
|
142
|
+
expect(subject).to receive(:puts).with("Reusing security group foo")
|
|
143
|
+
expect(security_group).to receive(:security_group_rules).twice.and_return(security_group_rules)
|
|
144
|
+
expect(security_group_rules).to receive(:find)
|
|
145
|
+
expect(security_group_rules).to receive(:create).with(from_port: 22, to_port: 22, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
|
|
146
|
+
expect(subject).to receive(:puts).with(" -> opened foo ports TCP 22..22 from IP range 0.0.0.0/0")
|
|
147
|
+
|
|
148
|
+
subject.create_security_group("foo", "foo", 22)
|
|
149
|
+
end
|
|
150
|
+
|
|
151
|
+
context 'legacy API used by old bosh-bootstrap - allow :ports key' do
|
|
152
|
+
it "add new single port by :ports key to existing SecurityGroup" do
|
|
153
|
+
expect(fog_compute).to receive(:security_groups).and_return(security_groups)
|
|
154
|
+
expect(security_groups).to receive(:find).and_return(security_group)
|
|
155
|
+
expect(subject).to receive(:puts).with("Reusing security group foo")
|
|
156
|
+
expect(security_group).to receive(:security_group_rules).twice.and_return(security_group_rules)
|
|
157
|
+
expect(security_group_rules).to receive(:find)
|
|
158
|
+
expect(security_group_rules).to receive(:create).with(from_port: 22, to_port: 22, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
|
|
159
|
+
expect(subject).to receive(:puts).with(" -> opened foo ports TCP 22..22 from IP range 0.0.0.0/0")
|
|
160
|
+
|
|
161
|
+
subject.create_security_group("foo", "foo", ports: 22)
|
|
162
|
+
end
|
|
163
|
+
|
|
164
|
+
it "add UDP ports by :ports key" do
|
|
165
|
+
expect(fog_compute).to receive(:security_groups).and_return(security_groups)
|
|
166
|
+
expect(security_groups).to receive(:find).and_return(security_group)
|
|
167
|
+
expect(subject).to receive(:puts).with("Reusing security group foo")
|
|
168
|
+
expect(security_group).to receive(:security_group_rules).twice.and_return(security_group_rules)
|
|
169
|
+
expect(security_group_rules).to receive(:find)
|
|
170
|
+
expect(security_group_rules).to receive(:create).with(from_port: 53, to_port: 53, ip_protocol: "udp", ip_range: {"cidr" => "0.0.0.0/0"})
|
|
171
|
+
expect(subject).to receive(:puts).with(" -> opened foo ports UDP 53..53 from IP range 0.0.0.0/0")
|
|
172
|
+
|
|
173
|
+
subject.create_security_group("foo", "foo", ports: { protocol: "udp", ports: (53..53) })
|
|
174
|
+
end
|
|
175
|
+
end
|
|
176
|
+
|
|
177
|
+
it "add skip existing single port on existing SecurityGroup" do
|
|
178
|
+
expect(fog_compute).to receive(:security_groups).and_return(security_groups)
|
|
179
|
+
expect(security_groups).to receive(:find).and_return(security_group)
|
|
180
|
+
expect(subject).to receive(:puts).with("Reusing security group foo")
|
|
181
|
+
expect(security_group).to receive(:security_group_rules).and_return(security_group_rules)
|
|
182
|
+
expect(security_group_rules).to receive(:find).and_return(security_group_rule)
|
|
183
|
+
expect(subject).to receive(:puts).with(" -> no additional ports opened")
|
|
184
|
+
|
|
185
|
+
subject.create_security_group("foo", "foo", 22)
|
|
186
|
+
end
|
|
187
|
+
|
|
188
|
+
it "add new range of ports" do
|
|
189
|
+
expect(fog_compute).to receive(:security_groups).and_return(security_groups)
|
|
190
|
+
expect(security_groups).to receive(:find).and_return(security_group)
|
|
191
|
+
expect(subject).to receive(:puts).with("Reusing security group foo")
|
|
192
|
+
expect(security_group).to receive(:security_group_rules).twice.and_return(security_group_rules)
|
|
193
|
+
expect(security_group_rules).to receive(:find)
|
|
194
|
+
expect(security_group_rules).to receive(:create).with(from_port: 60000, to_port: 60050, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
|
|
195
|
+
expect(subject).to receive(:puts).with(" -> opened foo ports TCP 60000..60050 from IP range 0.0.0.0/0")
|
|
196
|
+
|
|
197
|
+
subject.create_security_group("foo", "foo", ports: 60000..60050)
|
|
198
|
+
end
|
|
199
|
+
|
|
200
|
+
it "add UDP ports" do
|
|
201
|
+
expect(fog_compute).to receive(:security_groups).and_return(security_groups)
|
|
202
|
+
expect(security_groups).to receive(:find).and_return(security_group)
|
|
203
|
+
expect(subject).to receive(:puts).with("Reusing security group foo")
|
|
204
|
+
expect(security_group).to receive(:security_group_rules).twice.and_return(security_group_rules)
|
|
205
|
+
expect(security_group_rules).to receive(:find)
|
|
206
|
+
expect(security_group_rules).to receive(:create).with(from_port: 53, to_port: 53, ip_protocol: "udp", ip_range: {"cidr" => "0.0.0.0/0"})
|
|
207
|
+
expect(subject).to receive(:puts).with(" -> opened foo ports UDP 53..53 from IP range 0.0.0.0/0")
|
|
208
|
+
|
|
209
|
+
subject.create_security_group("foo", "foo", { protocol: "udp", ports: (53..53) })
|
|
210
|
+
end
|
|
211
|
+
|
|
212
|
+
it "add list of unrelated ports" do
|
|
213
|
+
expect(fog_compute).to receive(:security_groups).and_return(security_groups)
|
|
214
|
+
expect(security_groups).to receive(:find).and_return(security_group)
|
|
215
|
+
expect(subject).to receive(:puts).with("Reusing security group foo")
|
|
216
|
+
expect(security_group).to receive(:security_group_rules).at_least(1).times.and_return(security_group_rules)
|
|
217
|
+
expect(security_group_rules).to receive(:find).at_least(1).times
|
|
218
|
+
expect(security_group_rules).to receive(:create).with(from_port: 22, to_port: 22, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
|
|
219
|
+
expect(security_group_rules).to receive(:create).with(from_port: 443, to_port: 443, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
|
|
220
|
+
expect(security_group_rules).to receive(:create).with(from_port: 4443, to_port: 4443, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
|
|
221
|
+
expect(subject).to receive(:puts).with(" -> opened foo ports TCP 22..22 from IP range 0.0.0.0/0")
|
|
222
|
+
expect(subject).to receive(:puts).with(" -> opened foo ports TCP 443..443 from IP range 0.0.0.0/0")
|
|
223
|
+
expect(subject).to receive(:puts).with(" -> opened foo ports TCP 4443..4443 from IP range 0.0.0.0/0")
|
|
224
|
+
|
|
225
|
+
subject.create_security_group("foo", "foo", [22, 443, 4443])
|
|
226
|
+
end
|
|
227
|
+
end
|
|
110
228
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cyoi
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.8.
|
|
4
|
+
version: 0.8.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dr Nic Williams
|
|
@@ -192,7 +192,7 @@ files:
|
|
|
192
192
|
- spec/unit/.gitkeep
|
|
193
193
|
- spec/unit/cli/image_spec.rb
|
|
194
194
|
- spec/unit/cli/key_pair_spec.rb
|
|
195
|
-
- spec/unit/providers/clients/
|
|
195
|
+
- spec/unit/providers/clients/aws_provider_client_spec.rb
|
|
196
196
|
- spec/unit/providers/clients/openstack_provider_client_spec.rb
|
|
197
197
|
homepage: https://github.com/drnic/cyoi
|
|
198
198
|
licenses:
|
|
@@ -240,5 +240,5 @@ test_files:
|
|
|
240
240
|
- spec/unit/.gitkeep
|
|
241
241
|
- spec/unit/cli/image_spec.rb
|
|
242
242
|
- spec/unit/cli/key_pair_spec.rb
|
|
243
|
-
- spec/unit/providers/clients/
|
|
243
|
+
- spec/unit/providers/clients/aws_provider_client_spec.rb
|
|
244
244
|
- spec/unit/providers/clients/openstack_provider_client_spec.rb
|