cyoi 0.8.2 → 0.8.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ChangeLog.md +1 -0
- data/Guardfile +1 -1
- data/lib/cyoi/providers/clients/aws_provider_client.rb +17 -0
- data/lib/cyoi/providers/clients/fog_provider_client.rb +4 -9
- data/lib/cyoi/providers/clients/openstack_provider_client.rb +6 -6
- data/lib/cyoi/version.rb +1 -1
- data/spec/unit/providers/clients/{fog_provider_client_spec.rb → aws_provider_client_spec.rb} +12 -16
- data/spec/unit/providers/clients/openstack_provider_client_spec.rb +119 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b88ef3e5f5668e5a52188ea9480a61926909c388
|
4
|
+
data.tar.gz: 72e166d5644c3b52427c4bfbaf22140dc8a01679
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c954c0b314728d8abf4a5fa5aaa21790100c42499c6b627c32451e020f6fa8690c4f5b575c76483b99b83ea6fd72b7c09385128f1f01187e65afd2c47b948020
|
7
|
+
data.tar.gz: beb99edf501386f00f8d2ff7041e8a9207d715cd3d49c720534bb8b52e8959d01582456ed20d52e9441579110058a3ee2bde0059b6f645ad17fc33bfb3b33f37
|
data/ChangeLog.md
CHANGED
@@ -9,6 +9,7 @@ Cyoi (choose-your-own-infrastructure) is a library to ask an end-user to choose
|
|
9
9
|
* openstack neutron - asks to select a subnet and then an available IP
|
10
10
|
* create_security_group can take a list of ports to open [v0.8.1]
|
11
11
|
* allow for legacy API usage of create_security_group [v0.8.2]
|
12
|
+
* fixed create_security_group support for OpenStack & AWS [v0.8.3]
|
12
13
|
|
13
14
|
## v0.7
|
14
15
|
|
data/Guardfile
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
guard "rspec", spec_paths: ["spec/unit"] do
|
2
2
|
watch(%r{^spec/unit})
|
3
|
-
|
3
|
+
watch(%r{^lib/cyoi}) { |m| "spec" }
|
4
4
|
# watch(%r{^lib/cyoi/cli/(?:|provider_)address}) { |m| "spec/integration/cli/address" }
|
5
5
|
watch(%r{^lib/cyoi/cli/(?:|provider_)key_pair}) { |m| "spec/unit/cli" }
|
6
6
|
end
|
@@ -73,6 +73,23 @@ class Cyoi::Providers::Clients::AwsProviderClient < Cyoi::Providers::Clients::Fo
|
|
73
73
|
gateway.id
|
74
74
|
end
|
75
75
|
|
76
|
+
def ip_permissions(sg)
|
77
|
+
sg.ip_permissions
|
78
|
+
end
|
79
|
+
|
80
|
+
def port_open?(ip_permissions, port_range, protocol, ip_range)
|
81
|
+
ip_permissions && ip_permissions.find do |ip|
|
82
|
+
ip["ipProtocol"] == protocol \
|
83
|
+
&& ip["ipRanges"].detect { |range| range["cidrIp"] == ip_range } \
|
84
|
+
&& ip["fromPort"] <= port_range.min \
|
85
|
+
&& ip["toPort"] >= port_range.max
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
def authorize_port_range(sg, port_range, protocol, ip_range)
|
90
|
+
sg.authorize_port_range(port_range, {:ip_protocol => protocol, :cidr_ip => ip_range})
|
91
|
+
end
|
92
|
+
|
76
93
|
def find_server_device(server, device)
|
77
94
|
server.volumes.all.find {|v| v.device == device}
|
78
95
|
end
|
@@ -10,7 +10,7 @@ class Cyoi::Providers::Clients::FogProviderClient
|
|
10
10
|
def initialize(attributes)
|
11
11
|
@attributes = attributes.is_a?(Hash) ? ReadWriteSettings.new(attributes) : attributes
|
12
12
|
raise "@attributes must be ReadWriteSettings (or Hash)" unless @attributes.is_a?(ReadWriteSettings)
|
13
|
-
setup_fog_connection
|
13
|
+
setup_fog_connection unless attributes.delete("skip_fog_setup")
|
14
14
|
end
|
15
15
|
|
16
16
|
# Implement in subclasses
|
@@ -129,20 +129,15 @@ class Cyoi::Providers::Clients::FogProviderClient
|
|
129
129
|
end
|
130
130
|
|
131
131
|
def port_open?(ip_permissions, port_range, protocol, ip_range)
|
132
|
-
|
133
|
-
ip["ipProtocol"] == protocol \
|
134
|
-
&& ip["ipRanges"].detect { |range| range["cidrIp"] == ip_range } \
|
135
|
-
&& ip["fromPort"] <= port_range.min \
|
136
|
-
&& ip["toPort"] >= port_range.max
|
137
|
-
end
|
132
|
+
raise "must implement"
|
138
133
|
end
|
139
134
|
|
140
135
|
def authorize_port_range(sg, port_range, protocol, ip_range)
|
141
|
-
|
136
|
+
raise "must implement"
|
142
137
|
end
|
143
138
|
|
144
139
|
def ip_permissions(sg)
|
145
|
-
|
140
|
+
raise "must implement"
|
146
141
|
end
|
147
142
|
|
148
143
|
# Any of the following +port_defn+ can be used:
|
@@ -69,19 +69,19 @@ class Cyoi::Providers::Clients::OpenStackProviderClient < Cyoi::Providers::Clien
|
|
69
69
|
sg.security_group_rules
|
70
70
|
end
|
71
71
|
|
72
|
-
# Hook method for FogProviderClient#create_security_group
|
73
72
|
def port_open?(ip_permissions, port_range, protocol, ip_range)
|
74
73
|
ip_permissions && ip_permissions.find do |ip|
|
75
|
-
ip
|
76
|
-
&& ip
|
77
|
-
&& ip
|
78
|
-
&& ip
|
74
|
+
ip.ip_protocol == protocol \
|
75
|
+
&& ip.ip_range["cidr"] == ip_range \
|
76
|
+
&& ip.from_port <= port_range.min \
|
77
|
+
&& ip.to_port >= port_range.max
|
79
78
|
end
|
80
79
|
end
|
81
80
|
|
82
81
|
# Hook method for FogProviderClient#create_security_group
|
83
82
|
def authorize_port_range(sg, port_range, protocol, ip_range)
|
84
|
-
|
83
|
+
rules = ip_permissions(sg)
|
84
|
+
rules.create(from_port: port_range.min, to_port: port_range.max, ip_range: {"cidr" => ip_range}, ip_protocol: protocol)
|
85
85
|
end
|
86
86
|
|
87
87
|
def find_server_device(server, device)
|
data/lib/cyoi/version.rb
CHANGED
data/spec/unit/providers/clients/{fog_provider_client_spec.rb → aws_provider_client_spec.rb}
RENAMED
@@ -1,23 +1,19 @@
|
|
1
|
-
require "cyoi/providers/clients/
|
2
|
-
require "fog/
|
1
|
+
require "cyoi/providers/clients/aws_provider_client"
|
2
|
+
require "fog/aws/models/compute/security_group"
|
3
|
+
require "fog/aws/models/compute/security_groups"
|
3
4
|
|
4
|
-
describe Cyoi::Providers::Clients::
|
5
|
+
describe Cyoi::Providers::Clients::AwsProviderClient do
|
5
6
|
let(:provider_attributes) do
|
6
7
|
{
|
7
|
-
"name" => "
|
8
|
-
"credentials" => {
|
9
|
-
|
10
|
-
"openstack_api_key" => "PASSWORD",
|
11
|
-
"openstack_tenant" => "TENANT",
|
12
|
-
"openstack_auth_url" => "http://someurl.com/v2/tokens",
|
13
|
-
"openstack_region" => "REGION"
|
14
|
-
}
|
8
|
+
"name" => "aws",
|
9
|
+
"credentials" => {},
|
10
|
+
"skip_fog_setup" => true
|
15
11
|
}
|
16
12
|
end
|
17
|
-
let(:fog_compute) { instance_double("Fog::Compute::
|
18
|
-
let(:security_groups) { instance_double("Fog::Compute::
|
19
|
-
let(:security_group) { instance_double("Fog::Compute::
|
20
|
-
subject { Cyoi::Providers::Clients::
|
13
|
+
let(:fog_compute) { instance_double("Fog::Compute::AWS::Real") }
|
14
|
+
let(:security_groups) { instance_double("Fog::Compute::AWS::SecurityGroups") }
|
15
|
+
let(:security_group) { instance_double("Fog::Compute::AWS::SecurityGroup") }
|
16
|
+
subject { Cyoi::Providers::Clients::AwsProviderClient.new(provider_attributes) }
|
21
17
|
|
22
18
|
before do
|
23
19
|
expect(subject).to receive(:fog_compute).at_least(1).times.and_return(fog_compute)
|
@@ -75,7 +71,7 @@ describe Cyoi::Providers::Clients::FogProviderClient do
|
|
75
71
|
expect(fog_compute).to receive(:security_groups).and_return(security_groups)
|
76
72
|
expect(security_groups).to receive(:find).and_return(security_group)
|
77
73
|
expect(subject).to receive(:puts).with("Reusing security group foo")
|
78
|
-
expect(security_group).to receive(:ip_permissions).and_return([{"fromPort"=>22, "toPort"=>22, "ipRanges"=>[{"cidrIp" => "0.0.0.0/0"}], "ipProtocol"=>"tcp"}])
|
74
|
+
expect(security_group).to receive(:ip_permissions).and_return([{"fromPort" => 22, "toPort" => 22, "ipRanges" => [{"cidrIp" => "0.0.0.0/0"}], "ipProtocol" => "tcp"}])
|
79
75
|
expect(subject).to receive(:puts).with(" -> no additional ports opened")
|
80
76
|
|
81
77
|
subject.create_security_group("foo", "foo", 22)
|
@@ -1,5 +1,8 @@
|
|
1
1
|
require "fog"
|
2
2
|
require "fog/openstack"
|
3
|
+
require "fog/openstack/models/compute/security_groups"
|
4
|
+
require "fog/openstack/models/compute/security_group_rule"
|
5
|
+
require "fog/openstack/models/compute/security_group_rules"
|
3
6
|
require 'fog/openstack/models/network/subnets'
|
4
7
|
require "cyoi/providers"
|
5
8
|
|
@@ -14,7 +17,8 @@ describe "cyoi address openstack" do
|
|
14
17
|
"openstack_tenant" => "TENANT",
|
15
18
|
"openstack_auth_url" => "http://someurl.com/v2/tokens",
|
16
19
|
"openstack_region" => "REGION"
|
17
|
-
}
|
20
|
+
},
|
21
|
+
"skip_fog_setup" => true
|
18
22
|
}
|
19
23
|
end
|
20
24
|
|
@@ -107,4 +111,118 @@ describe "cyoi address openstack" do
|
|
107
111
|
end
|
108
112
|
end
|
109
113
|
end
|
114
|
+
|
115
|
+
describe "create_security_group" do
|
116
|
+
let(:security_groups) { instance_double("Fog::Compute::OpenStack::SecurityGroups") }
|
117
|
+
let(:security_group) { instance_double("Fog::Compute::OpenStack::SecurityGroup") }
|
118
|
+
let(:security_group_rules) { instance_double("Fog::Compute::OpenStack::SecurityGroupRules") }
|
119
|
+
let(:security_group_rule) { instance_double("Fog::Compute::OpenStack::SecurityGroupRule",
|
120
|
+
from_port: 22, to_port: 22, ip_range: [{"cidrIp" => "0.0.0.0/0"}], ip_protocol: "tcp") }
|
121
|
+
|
122
|
+
before do
|
123
|
+
expect(subject).to receive(:fog_compute).at_least(1).times.and_return(fog_compute)
|
124
|
+
end
|
125
|
+
|
126
|
+
it "add new single port to new SecurityGroup" do
|
127
|
+
expect(fog_compute).to receive(:security_groups).twice.and_return(security_groups)
|
128
|
+
expect(security_groups).to receive(:find).and_return(nil)
|
129
|
+
expect(security_groups).to receive(:create).with(name: "foo", description: "foo").and_return(security_group)
|
130
|
+
expect(subject).to receive(:puts).with("Created security group foo")
|
131
|
+
expect(security_group).to receive(:security_group_rules).twice.and_return(security_group_rules)
|
132
|
+
expect(security_group_rules).to receive(:find)
|
133
|
+
expect(security_group_rules).to receive(:create).with(from_port: 22, to_port: 22, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
|
134
|
+
expect(subject).to receive(:puts).with(" -> opened foo ports TCP 22..22 from IP range 0.0.0.0/0")
|
135
|
+
|
136
|
+
subject.create_security_group("foo", "foo", 22)
|
137
|
+
end
|
138
|
+
|
139
|
+
it "add new single port by integer to existing SecurityGroup" do
|
140
|
+
expect(fog_compute).to receive(:security_groups).and_return(security_groups)
|
141
|
+
expect(security_groups).to receive(:find).and_return(security_group)
|
142
|
+
expect(subject).to receive(:puts).with("Reusing security group foo")
|
143
|
+
expect(security_group).to receive(:security_group_rules).twice.and_return(security_group_rules)
|
144
|
+
expect(security_group_rules).to receive(:find)
|
145
|
+
expect(security_group_rules).to receive(:create).with(from_port: 22, to_port: 22, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
|
146
|
+
expect(subject).to receive(:puts).with(" -> opened foo ports TCP 22..22 from IP range 0.0.0.0/0")
|
147
|
+
|
148
|
+
subject.create_security_group("foo", "foo", 22)
|
149
|
+
end
|
150
|
+
|
151
|
+
context 'legacy API used by old bosh-bootstrap - allow :ports key' do
|
152
|
+
it "add new single port by :ports key to existing SecurityGroup" do
|
153
|
+
expect(fog_compute).to receive(:security_groups).and_return(security_groups)
|
154
|
+
expect(security_groups).to receive(:find).and_return(security_group)
|
155
|
+
expect(subject).to receive(:puts).with("Reusing security group foo")
|
156
|
+
expect(security_group).to receive(:security_group_rules).twice.and_return(security_group_rules)
|
157
|
+
expect(security_group_rules).to receive(:find)
|
158
|
+
expect(security_group_rules).to receive(:create).with(from_port: 22, to_port: 22, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
|
159
|
+
expect(subject).to receive(:puts).with(" -> opened foo ports TCP 22..22 from IP range 0.0.0.0/0")
|
160
|
+
|
161
|
+
subject.create_security_group("foo", "foo", ports: 22)
|
162
|
+
end
|
163
|
+
|
164
|
+
it "add UDP ports by :ports key" do
|
165
|
+
expect(fog_compute).to receive(:security_groups).and_return(security_groups)
|
166
|
+
expect(security_groups).to receive(:find).and_return(security_group)
|
167
|
+
expect(subject).to receive(:puts).with("Reusing security group foo")
|
168
|
+
expect(security_group).to receive(:security_group_rules).twice.and_return(security_group_rules)
|
169
|
+
expect(security_group_rules).to receive(:find)
|
170
|
+
expect(security_group_rules).to receive(:create).with(from_port: 53, to_port: 53, ip_protocol: "udp", ip_range: {"cidr" => "0.0.0.0/0"})
|
171
|
+
expect(subject).to receive(:puts).with(" -> opened foo ports UDP 53..53 from IP range 0.0.0.0/0")
|
172
|
+
|
173
|
+
subject.create_security_group("foo", "foo", ports: { protocol: "udp", ports: (53..53) })
|
174
|
+
end
|
175
|
+
end
|
176
|
+
|
177
|
+
it "add skip existing single port on existing SecurityGroup" do
|
178
|
+
expect(fog_compute).to receive(:security_groups).and_return(security_groups)
|
179
|
+
expect(security_groups).to receive(:find).and_return(security_group)
|
180
|
+
expect(subject).to receive(:puts).with("Reusing security group foo")
|
181
|
+
expect(security_group).to receive(:security_group_rules).and_return(security_group_rules)
|
182
|
+
expect(security_group_rules).to receive(:find).and_return(security_group_rule)
|
183
|
+
expect(subject).to receive(:puts).with(" -> no additional ports opened")
|
184
|
+
|
185
|
+
subject.create_security_group("foo", "foo", 22)
|
186
|
+
end
|
187
|
+
|
188
|
+
it "add new range of ports" do
|
189
|
+
expect(fog_compute).to receive(:security_groups).and_return(security_groups)
|
190
|
+
expect(security_groups).to receive(:find).and_return(security_group)
|
191
|
+
expect(subject).to receive(:puts).with("Reusing security group foo")
|
192
|
+
expect(security_group).to receive(:security_group_rules).twice.and_return(security_group_rules)
|
193
|
+
expect(security_group_rules).to receive(:find)
|
194
|
+
expect(security_group_rules).to receive(:create).with(from_port: 60000, to_port: 60050, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
|
195
|
+
expect(subject).to receive(:puts).with(" -> opened foo ports TCP 60000..60050 from IP range 0.0.0.0/0")
|
196
|
+
|
197
|
+
subject.create_security_group("foo", "foo", ports: 60000..60050)
|
198
|
+
end
|
199
|
+
|
200
|
+
it "add UDP ports" do
|
201
|
+
expect(fog_compute).to receive(:security_groups).and_return(security_groups)
|
202
|
+
expect(security_groups).to receive(:find).and_return(security_group)
|
203
|
+
expect(subject).to receive(:puts).with("Reusing security group foo")
|
204
|
+
expect(security_group).to receive(:security_group_rules).twice.and_return(security_group_rules)
|
205
|
+
expect(security_group_rules).to receive(:find)
|
206
|
+
expect(security_group_rules).to receive(:create).with(from_port: 53, to_port: 53, ip_protocol: "udp", ip_range: {"cidr" => "0.0.0.0/0"})
|
207
|
+
expect(subject).to receive(:puts).with(" -> opened foo ports UDP 53..53 from IP range 0.0.0.0/0")
|
208
|
+
|
209
|
+
subject.create_security_group("foo", "foo", { protocol: "udp", ports: (53..53) })
|
210
|
+
end
|
211
|
+
|
212
|
+
it "add list of unrelated ports" do
|
213
|
+
expect(fog_compute).to receive(:security_groups).and_return(security_groups)
|
214
|
+
expect(security_groups).to receive(:find).and_return(security_group)
|
215
|
+
expect(subject).to receive(:puts).with("Reusing security group foo")
|
216
|
+
expect(security_group).to receive(:security_group_rules).at_least(1).times.and_return(security_group_rules)
|
217
|
+
expect(security_group_rules).to receive(:find).at_least(1).times
|
218
|
+
expect(security_group_rules).to receive(:create).with(from_port: 22, to_port: 22, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
|
219
|
+
expect(security_group_rules).to receive(:create).with(from_port: 443, to_port: 443, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
|
220
|
+
expect(security_group_rules).to receive(:create).with(from_port: 4443, to_port: 4443, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
|
221
|
+
expect(subject).to receive(:puts).with(" -> opened foo ports TCP 22..22 from IP range 0.0.0.0/0")
|
222
|
+
expect(subject).to receive(:puts).with(" -> opened foo ports TCP 443..443 from IP range 0.0.0.0/0")
|
223
|
+
expect(subject).to receive(:puts).with(" -> opened foo ports TCP 4443..4443 from IP range 0.0.0.0/0")
|
224
|
+
|
225
|
+
subject.create_security_group("foo", "foo", [22, 443, 4443])
|
226
|
+
end
|
227
|
+
end
|
110
228
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cyoi
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.8.
|
4
|
+
version: 0.8.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dr Nic Williams
|
@@ -192,7 +192,7 @@ files:
|
|
192
192
|
- spec/unit/.gitkeep
|
193
193
|
- spec/unit/cli/image_spec.rb
|
194
194
|
- spec/unit/cli/key_pair_spec.rb
|
195
|
-
- spec/unit/providers/clients/
|
195
|
+
- spec/unit/providers/clients/aws_provider_client_spec.rb
|
196
196
|
- spec/unit/providers/clients/openstack_provider_client_spec.rb
|
197
197
|
homepage: https://github.com/drnic/cyoi
|
198
198
|
licenses:
|
@@ -240,5 +240,5 @@ test_files:
|
|
240
240
|
- spec/unit/.gitkeep
|
241
241
|
- spec/unit/cli/image_spec.rb
|
242
242
|
- spec/unit/cli/key_pair_spec.rb
|
243
|
-
- spec/unit/providers/clients/
|
243
|
+
- spec/unit/providers/clients/aws_provider_client_spec.rb
|
244
244
|
- spec/unit/providers/clients/openstack_provider_client_spec.rb
|