demeter-cli 0.0.4

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f8cd0a1932dcbadb7009e697cfd074370cd00647
+  data.tar.gz: e446ff1b2a1b9f75f60ae032ef5e419c5a5f9188
+SHA512:
+  metadata.gz: 928c88dae96a2b06aa246b030b1863b3c36bf3109d670f518aa391e7ebacdafd27054aba1bc5a2313876427ebfa9aef0a51a1ae4efdb4426234e1e0ede47c4f6
+  data.tar.gz: 4cb19d326eb8cb3f7d0999612d5c722a82627bfe6a3ee4c4c196ae8fa597ec5373a4618df645d527fb7a07320377c7a0ad3608de5dd62507aed1a30e5be503e5

checksums.yaml.gz.sig

@@ -0,0 +1,2 @@
+p-��Ӡ�C��SkU݂����r(���55�y�ه�̚\�wg�V���@�[�Gf�?�ބl�6o���Z��1B ���*S�3��'�-cm��:U�Z�!���Ukz`�z8�r]�����|Wv�"]Ay6����2Cg��w��I�Wd914ہ��Y�«6B����Mu�me|*,�l9�N����ƅ����X�\�-
+F���rx�n�ꆵ��� T��'$o�#��bRf[\��F��2�Ls��d

data.tar.gz.sig

@@ -0,0 +1,3 @@
+a
+�ˊj�f���7�L���jv&����ћ���VK���*�����>����CS.��<��y
+4���n����w�pA�ֿko5�CZW

data/.gitignore

@@ -0,0 +1,6 @@
+.env*
+*.sw*
+pkg/
+.DS_Store
+coverage/
+*.gem

data/.rspec

@@ -0,0 +1 @@
+--color

data/CONTRIBUTING.md

@@ -0,0 +1,50 @@
+Demeter is an open source project and we would love you to help us make it better.
+
+## Reporting Issues
+
+A well formatted issue is appreciated, and goes a long way in helping us help you.
+
+* Make sure you have a [GitHub account](https://github.com/signup/free)
+* Submit a [Github issue](./issues) by:
+  * Clearly describing the issue
+    * Provide a descriptive summary
+    * Explain the expected behavior
+    * Explain the actual behavior
+    * Provide steps to reproduce the actual behavior
+    * Provide your application's complete `Gemfile.lock` as text (in a [Gist](https://gist.github.com) for bonus points)
+    * Any relevant stack traces
+
+If you provide code, make sure it is formatted with the triple backticks (\`).
+
+## Pull requests
+
+We accept pull requests to Demeter for:
+
+* Adding documentation
+* Fixing bugs
+* Adding new features
+
+Not all features proposed will be added but we are open to having a conversation
+about a feature you are championing.
+
+Here's a quick guide:
+
+1. Fork the repo.
+
+2. Run the tests. This is to make sure your starting point works. Tests can be
+run via `rake spec`
+
+3. Create a new branch and make your changes. This includes tests for features!
+
+4. Push to your fork and submit a pull request. For more information, see
+[Github's pull request help section](https://help.github.com/articles/using-pull-requests/).
+
+At this point you're waiting on us. Expect a conversation regarding your pull
+request; Questions, clarifications, and so on.
+
+Some things that will increase the chance that your pull request is accepted:
+
+* Use Demeter idioms
+* Include tests that fail without your code, and pass with it
+* Update the documentation, guides, etc.
+

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+gemspec
+ruby '2.2.2'
+gem 'simplecov', :require => false, :group => :test

data/Gemfile.lock

@@ -0,0 +1,67 @@
+PATH
+  remote: .
+  specs:
+    demeter (0.0.1)
+      aws-sdk (~> 2.1)
+      bundler (~> 1.6)
+      colorize (~> 0.7)
+      hashdiff (~> 0.2)
+      terminal-table (~> 1.5)
+      thor (~> 0.19)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    aws-sdk (2.1.30)
+      aws-sdk-resources (= 2.1.30)
+    aws-sdk-core (2.1.30)
+      jmespath (~> 1.0)
+    aws-sdk-resources (2.1.30)
+      aws-sdk-core (= 2.1.30)
+    coderay (1.1.0)
+    colorize (0.7.7)
+    diff-lcs (1.2.5)
+    docile (1.1.5)
+    hashdiff (0.2.2)
+    jmespath (1.1.3)
+    json (1.8.3)
+    method_source (0.8.2)
+    pry (0.10.3)
+      coderay (~> 1.1.0)
+      method_source (~> 0.8.1)
+      slop (~> 3.4)
+    rake (10.4.2)
+    rspec (3.3.0)
+      rspec-core (~> 3.3.0)
+      rspec-expectations (~> 3.3.0)
+      rspec-mocks (~> 3.3.0)
+    rspec-core (3.3.2)
+      rspec-support (~> 3.3.0)
+    rspec-expectations (3.3.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.3.0)
+    rspec-mocks (3.3.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.3.0)
+    rspec-support (3.3.0)
+    simplecov (0.10.0)
+      docile (~> 1.1.0)
+      json (~> 1.8)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.0)
+    slop (3.6.0)
+    terminal-table (1.5.2)
+    thor (0.19.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  demeter!
+  pry
+  rake (~> 10)
+  rspec (~> 3.3)
+  simplecov
+
+BUNDLED WITH
+   1.10.6

data/LICENSE.md

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Coinbase Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,62 @@
+# Demeter
+
+Demeter is a command line tool for managing security groups across multiple AWS environments. Demeter was written with the following goals:
+*  __Stateless.__  EC2 tags are used to store all metadata about security groups.  This makes it easy for collaborators to make changes to security groups.
+*  __Variables.__  Provides a flexible way to define global and per-environment variables to be used in all templates.
+*  __Multiple AWS Accounts.__  Maintain a naming scheme for your security groups that can be applied to any region or AWS account.
+*  __Infrastructure as code.__  My maintaining your security groups using a demeter repository makes them easy to edit and collaborate on.
+
+## Installation
+
+```shell
+% gem install demeter-cli
+```
+
+
+## Usage
+
+[**Detailed instructions - Demeter Example Project**](https://github.com/coinbase/demeter-example)
+
+## Available Commands
+
+`-environment` or short `-e` is a required parameter. It loads the environment variables and sources `.env.<environment>` file
+
+Show general help or specific command help
+```
+$ demeter help <command>
+```
+
+Get list of all managed and unmanaged security groups
+```
+$ demeter status -e staging
+```
+
+Run a plan against environment and return a diff between local state
+```
+$ demeter plan -e staging
+```
+
+Apply diff changes
+```
+$ demeter apply -e staging
+```
+
+When migrating existing security groups you can generate config by specifying existing security group ids
+```
+$ demeter generate -e staging -ids sg-111111 sg-22222
+```
+
+## Contributing
+
+1. Fork it ( https://github.com/coinbase/demeter/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request
+
+You can use `rake install` to install and test your local development gem
+
+## Copyright
+
+Copyright © 2015 Coinbase Inc. – Released under MIT License
+

data/Rakefile

@@ -0,0 +1,14 @@
+require 'rake'
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new
+
+namespace :test do
+  task :coverage do
+    ENV['COVERAGE'] = 'true'
+    Rake::Task['test'].invoke
+  end
+end
+
+task :default => :spec

data/bin/demeter

@@ -0,0 +1,11 @@
+#!/usr/bin/env ruby
+require 'demeter'
+require 'demeter/cli'
+require 'dotenv'
+
+begin
+  Demeter::Cli.start
+rescue => e
+  puts "Error during processing: #{$!}"
+  puts "Backtrace:\n\t#{e.backtrace.join("\n\t")}" if ARGV.include?('--debug')
+end

data/certs/coinbase.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMRAwDgYDVQQDDAdzdXBw
+b3J0MRgwFgYKCZImiZPyLGQBGRYIY29pbmJhc2UxEzARBgoJkiaJk/IsZAEZFgNj
+b20wHhcNMTUxMTIwMjAyNjMxWhcNMTYxMTE5MjAyNjMxWjBBMRAwDgYDVQQDDAdz
+dXBwb3J0MRgwFgYKCZImiZPyLGQBGRYIY29pbmJhc2UxEzARBgoJkiaJk/IsZAEZ
+FgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG5tBNXR1U7v0+
+hc6LyPa9I2yaXpV0SZzMTGUPZV6SeOSCQR2rX7gCdMOwOHw40zgp9UKo/1TgrefU
+sr1gW2G924QIEFKT+ntl01Qp5oexk7o3Ur/h+u2VQmPcqb9oQ/1HTCEMKYJiZkOq
+UZG4HVtWfo1NB6CmfbKV4TZQtxSg0CmPEgvY5pSMZISQU+jf0EEtnJcqlxjSCK24
+bOj57GnkBeYtdoU+7rGWaUcNlrdZRL7osFePWVCJLI8D/NHEQQO61E9kjcw68RxB
+3TX+IoZxlQgsJ3vQUJRwSynloRSeEvHRkRD5M9p8XaD2Xrmb/jNTkSAARP+z+W4Y
+P6MMErQ3AgMBAAGjezB5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
+BBRZsjqnPq839UVVUohuyqSaxo7G0DAfBgNVHREEGDAWgRRzdXBwb3J0QGNvaW5i
+YXNlLmNvbTAfBgNVHRIEGDAWgRRzdXBwb3J0QGNvaW5iYXNlLmNvbTANBgkqhkiG
+9w0BAQUFAAOCAQEAU39cPSHZwN+Y25YFyQx5EZMdyEOERXCf8/Pfvit7x5Yt8MXw
+bygBPLsCkcEe+FbQOaG9xba1SAknR2iMreup2XjUFl9hh5PM8VLX1zNukgmYuui+
+ENY3lM0N1v482XJ0fdfbg43g9Ss8/JnXMplVJgWLTp+yTCUIMoW1mnarvxHZomzb
+UL9hDd7K8HzMSwi5byL9o4LfQqTwjxBgWY76uROt0pNTPtcuXrnkKqSHwgwZ5RmH
+vMBSV8F4fVD4X38X65JM6sekvTV2g7EfEWXUYRpo+GbTO447fdHbeSeA9LeYTY40
+BrzC5KFFAVcr7Bl/R6Jdzbj7ZlhwFUize0CjOw==
+-----END CERTIFICATE-----

data/demeter.gemspec

@@ -0,0 +1,35 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'demeter/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'demeter-cli'
+  spec.version       = Demeter::VERSION
+  spec.authors       = ['Saso Matejina', 'Jeremy Deininger']
+  spec.email         = []
+  spec.summary       = %q{A complete manager for AWS security groups}
+  spec.description   = %q{A complete manager for AWS security groups}
+  spec.homepage      = 'https://github.com/coinbase/demeter'
+  spec.license       = 'MIT'
+  spec.cert_chain  = ['certs/coinbase.pem']
+  spec.signing_key = File.expand_path("~/.ssh/coinbase-gem-private_key.pem") if $0 =~ /gem\z/  
+
+  spec.files         = `git ls-files`.split("\n")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(spec)/})
+  spec.require_paths = ['lib']
+  spec.required_ruby_version = '>= 2.0.0'
+
+  spec.add_dependency 'thor',           '~> 0.19'
+  spec.add_dependency 'aws-sdk',        '~> 2.1'
+  spec.add_dependency 'hashdiff',       '~> 0.2'
+  spec.add_dependency 'bundler',        '~> 1.6'
+  spec.add_dependency 'colorize',       '~> 0.7'
+  spec.add_dependency 'terminal-table', '~> 1.5'
+  spec.add_dependency 'dotenv',         '~> 2.0'
+
+  spec.add_development_dependency 'rake',   '~> 10'
+  spec.add_development_dependency 'rspec',  '~> 3.3'
+  spec.add_development_dependency 'pry'
+end

data/lib/demeter.rb

@@ -0,0 +1,48 @@
+require 'demeter/version'
+
+module Demeter
+  DEFAULT_ENV = 'development'.freeze
+
+  def self.root(root=nil)
+    if root
+      @root ||= root
+    else
+      @root ||= Pathname.new(Dir.pwd)
+    end
+  end
+
+  def self.env
+    @environment ||= ENV['DEMETER_ENV'] || ENV['ENV'] || DEFAULT_ENV 
+  end
+  
+  def self.vars
+    @vars ||= begin
+      global_vars = {}
+      env_vars = {}
+      global_path = File.join(Demeter::root, "/variables/global.yml")
+      environment_path = File.join(Demeter::root, "/variables/#{self.env}.yml")
+
+      if File.exists?(global_path)
+        global_vars = YAML::load_file(global_path)
+        global_vars = Hash[global_vars.map{|k,v| ["global.#{k}",v]}]
+      else
+        fail "Global file /variables/global.yml not found! Add it before rerunning..."
+      end
+
+      if File.exists?(environment_path)
+        env_vars = YAML::load_file(environment_path)
+        env_vars = Hash[env_vars.map{|k,v| ["env.#{k}",v]}]
+      else
+        fail "Environment file /variables/#{Demeter::env}.yml not found! Add it before rerunning..."
+      end
+
+      global_vars.merge!(env_vars)
+    end
+  end
+
+  def self.set_var(key, value)
+    vars = self.vars
+    vars[key] = value
+    @vars = vars
+  end
+end

data/lib/demeter/aws/manage_security_groups.rb

@@ -0,0 +1,113 @@
+require 'aws-sdk'
+require 'yaml'
+require 'demeter/aws/security_group.rb'
+require 'colorize'
+
+module Demeter
+  module Aws
+    class ManageSecurityGroups
+      def initialize(ec2:, project_path: File.join(Demeter::root, "/configs/**/*.yml"), options:{})
+        @ec2 = ec2
+        @sgs = {}
+        @project_path = project_path  
+        @options = options
+      end
+
+      # Returns array of diffs
+      def diff_all
+        describe
+        all_diffs = {}
+        @sgs.each do |key, sg|
+          diff = sg.diff
+          if diff.any?
+            all_diffs[key] = diff
+          end
+        end
+        all_diffs
+      end
+
+      def create_all
+        describe
+        @sgs.each do |key, sg|
+          sg.create
+        end
+      end
+
+      def modify_all
+        describe
+        @sgs.each do |key, sg|
+          sg.modify
+        end
+      end
+
+      def apply
+        create_all
+        modify_all
+      end
+      
+      def status
+        status = {managed: [], unmanaged: []}
+        local_sgs = []
+
+        Dir.glob(@project_path).each do |path|
+          project_config = YAML::load_file(path)
+          
+          next if !project_config
+          next if project_config['environments'] && @options['environment'] && !project_config['environments'].include?(@options['environment'])
+          
+          if project_config && project_config['security_groups']
+            project_config['security_groups'].each do |local_sg|
+              local_sgs << local_sg['name']
+            end
+          end
+        end
+
+        res = @ec2.describe_security_groups
+        res[:security_groups].each do |object|
+          name_tag = object['tags'].detect{|tag| tag['key'].downcase == 'name'}
+          if name_tag && local_sgs.include?(name_tag['value'])
+            status[:managed] << {
+              name: name_tag['value'],
+              group_id: object.group_id,
+              group_name: object.group_name
+            }
+          else
+            status[:unmanaged] << {
+              name: (name_tag ? name_tag['value'] : ''),
+              group_id: object.group_id,
+              group_name: object.group_name
+            }
+          end
+        end
+        status[:managed].sort_by!{|x| x[:name]}
+        status[:unmanaged].sort_by!{|x| x[:name]}
+        status
+      end
+
+      def describe()
+        Dir.glob(@project_path).each do |path|
+          project_config = YAML::load_file(path)
+          
+          next if !project_config
+          next if project_config['environments'] && @options['environment'] && !project_config['environments'].include?(@options['environment'])
+
+          if project_config && project_config['security_groups']
+            project_config['security_groups'].each do |local_sg|
+              sg = Demeter::Aws::SecurityGroup.new(@ec2)
+              sg.load_local(local_sg)
+              @sgs[sg.hash] = sg
+            end
+          end
+        end
+        
+        res = @ec2.describe_security_groups
+        res[:security_groups].each do |object|
+          name_tag =  object['tags'].detect{|tag| tag['key'].downcase == 'name'}
+          if name_tag && @sgs.include?(name_tag['value'])
+            @sgs[name_tag['value']].load_aws(object)
+          end
+        end
+      end
+    end
+  end
+end