fog-bouncer 0.1.1 → 0.2.0

data/fog-bouncer.gemspec

@@ -19,8 +19,8 @@ Gem::Specification.new do |gem|
   gem.add_dependency "fog", "~> 1.2"
   gem.add_dependency "ipaddress", "~> 0.8.0"
   gem.add_dependency "jruby-openssl", "~> 0.7.6" if RUBY_PLATFORM == "java"
-  gem.add_dependency "rake"
-  gem.add_dependency "scrolls", "~> 0.0.5"
+  gem.add_dependency "rake", "~> 0.9.0"
+  gem.add_dependency "scrolls", "~> 0.1.0"
 
   gem.add_development_dependency "minitest"
 end

data/lib/fog/bouncer.rb

@@ -9,8 +9,6 @@ require "fog/bouncer/ip_permissions"
 require "fog/bouncer/group_manager"
 require "fog/bouncer/source_manager"
 
-require "scrolls"
-
 module Fog
   module Bouncer
     # Public: An AWS account ID
@@ -54,54 +52,36 @@ module Fog
       )
     end
 
-    # Public: Log data through Scrolls
+    # Public: Allows the user to specify a logger for the log messages that Fog::Bouncer
+    # produces.
     #
-    # Example
+    # logger = The object you want logs to be sent too
     #
-    #   Fog::Bouncer.log(data_one: true, data_two: true)
+    # Examples
     #
-    # Returns nothing
-    def self.log(data, &block)
-      log! unless logging?
-      Scrolls.log({ 'fog-bouncer' => true, 'pretending' => pretending? }.merge(data), &block)
+    #   Fog::Bouncer.instrument_with(STDOUT.method(:puts))
+    #   # => #<Method: IO#puts>
+    #
+    # Returns the logger object
+    def self.instrument_with(logger)
+      @logger = logger
     end
 
-    # Public: Start the Scrolls logger
-    #
-    # Example
+    # Internal: Top level log method for use by Fog::Bouncer
     #
-    #   Fog::Bouncer.log!
+    # data = Logging data (typically a hash)
+    # blk  = block to execute
     #
-    # Returns nothing
-    def self.log!
-      Scrolls::Log.start(logger)
-      @logging = true
+    # Returns the response from calling the logger with the arguments
+    def self.log(data, &blk)
+      logger.call({ 'fog-bouncer' => true, 'pretending' => pretending? }.merge(data), &blk)
     end
 
     # Public: The logging location
     #
     # Returns an Object
     def self.logger
-      @logger ||= STDOUT
-    end
-
-    # Public: Set the logging location
-    #
-    # Returns nothing
-    def self.logger=(logger)
-      @logger = logger
-    end
-
-    # Public: Check the logging state
-    #
-    # Example
-    #
-    #   Fog::Bouncer.logging?
-    #   # => true
-    #
-    # Returns false or true if logging has been started
-    def self.logging?
-      @logging ||= false
+      @logger || STDOUT.method(:puts)
     end
 
     # Public: Load a file for evaluation
@@ -184,8 +164,16 @@ module Fog
     # Returns a Fog::Bouncer::Security object
     def self.security(name, &block)
       Fog::Bouncer.log(security: true, name: name) do
-        doorlists[name] = Fog::Bouncer::Security.new(name, &block)
+        doorlists[name] = Fog::Bouncer::Security.new(name, specific_groups, &block)
       end
     end
+
+    def self.specific_groups
+      @specific_groups ||= []
+    end
+
+    def self.specific_groups=(groups)
+      @specific_groups = Array(groups)
+    end
   end
 end

data/lib/fog/bouncer/cli.rb

@@ -1,23 +1,81 @@
 require "clamp"
-
 require "fog/bouncer"
+require "scrolls"
 
 module Fog
   module Bouncer
     module CLI
+      class Logger
+        def self.log(data, &block)
+          Scrolls.log(data, &block)
+        end
+      end
+
       def self.run(*a)
         MainCommand.run(*a)
       end
 
       class AbstractCommand < Clamp::Command
+        option "--aws-account-id", "AWS_ACCOUNT_ID", "AWS Account ID" do |id|
+          ENV['AWS_ACCOUNT_ID'] = id
+        end
+        option "--aws-access-key-id", "AWS_ACCESS_KEY_ID", "AWS Access Key ID" do |key|
+          ENV['AWS_ACCESS_KEY_ID'] = key
+        end
+        option "--aws-secret-access-key", "AWS_SECRET_ACCESS_KEY", "AWS Secret Access Key" do |key|
+          ENV['AWS_SECRET_ACCESS_KEY'] = key
+        end
+
+        option ["--confirm"], "CONFIRMATION", "Confirm dangerous action", :attribute_name => :confirmation
+
+        option ["--file", "-f"], "FILE", "Doorlist"
+
+        option ["--groups", "-g"], "GROUPS", "Comma separated list of groups", :default => [] do |groups|
+          Fog::Bouncer.specific_groups = groups.split(',')
+        end
+
+        option ["--pretend"], :flag, "Run in pretend mode" do
+          Fog::Bouncer.pretend!
+        end
+
         option "--version", :flag, "show version" do
-          puts "fog-bounder #{Fog::Bouncer::VERSION}"
+          puts "fog-bouncer #{Fog::Bouncer::VERSION}"
           exit 0
         end
+
+        def confirm
+          unless confirmation
+            puts
+            puts " !    WARNING: This action is not marked as being safe."
+            puts " !    To proceed, enter \"confirmation\" or re-run this command with --confirm confirmation"
+            puts
+            print "> "
+
+            confirmation = $stdin.gets.chomp
+          end
+
+          confirmation == "confirmation" || raise("Confirmation failed")
+        end
+
+        def file
+          if @file && File.exists?(File.expand_path(@file))
+            File.expand_path(@file)
+          elsif File.exists?(File.expand_path("Doorlist"))
+            File.expand_path("Doorlist")
+          else
+            raise("Doorlist not found")
+          end
+        end
       end
 
+      require "fog/bouncer/cli/diff"
+
       class MainCommand < AbstractCommand
+        subcommand "diff", "Generate a diff between local and remote", DiffCommand
       end
     end
   end
 end
+
+Scrolls::Log.start(STDOUT)
+Fog::Bouncer.instrument_with(Fog::Bouncer::CLI::Logger.method(:log))

data/lib/fog/bouncer/cli/diff.rb

@@ -0,0 +1,76 @@
+module Fog
+  module Bouncer
+    module CLI
+      class DiffCommand < AbstractCommand
+        option ["--diff-format"], "DIFF_FORMAT", "The diff output format (ec2)", :default => :ec2
+        option ["--apply"], :flag, "Apply the differences"
+
+        def execute
+          doorlist = Fog::Bouncer.load(file)
+          doorlist.import_remote_groups
+          groups = doorlist.groups
+
+          Fog::Bouncer::CLI::Diff.for(doorlist, diff_format)
+
+          if apply? && confirm
+            doorlist.sync
+          end
+        end
+      end
+
+      class Diff
+        class EC2
+          def self.diff(doorlist)
+            doorlist.groups.each do |group|
+              if group.local? && !group.remote?
+                puts "ec2-create-group #{group.name} -d '#{group.description}'"
+              end
+
+              group.sources.each do |source|
+                source.protocols.each do |protocol|
+                  if protocol.local? && !protocol.remote?
+                    authorize_cmd = "ec2-authorize #{protocol.group.name} -P #{protocol.type}"
+                    if protocol.type == "icmp"
+                      authorize_cmd << " -t #{protocol.from}:#{protocol.to}"
+                    else
+                      authorize_cmd << " -p #{protocol.from}-#{protocol.to}"
+                    end
+
+                    if source.is_a?(Fog::Bouncer::Sources::CIDR)
+                      authorize_cmd << " -s #{source.range}"
+                    else
+                      authorize_cmd << " -u #{source.user_id} -o #{source.name}"
+                    end
+
+                    puts authorize_cmd
+                  elsif !protocol.local? && protocol.remote?
+                    revoke_cmd = "ec2-revoke #{protocol.group.name} -P #{protocol.type}"
+                    if protocol.type == "icmp"
+                      revoke_cmd << " -t #{protocol.from}:#{protocol.to}"
+                    else
+                      revoke_cmd << " -p #{protocol.from}-#{protocol.to}"
+                    end
+
+                    puts revoke_cmd
+                  end
+                end
+              end
+
+              if group.remote? && !group.local?
+                puts "ec2-delete-group #{group.name}"
+              end
+            end
+          end
+        end
+
+        FORMATS = {
+          :ec2 => Fog::Bouncer::CLI::Diff::EC2
+        }
+
+        def self.for(doorlist, diff_format)
+          FORMATS[diff_format.to_sym].diff(doorlist)
+        end
+      end
+    end
+  end
+end

data/lib/fog/bouncer/protocols.rb

@@ -18,6 +18,10 @@ module Fog
         validate
       end
 
+      def group
+        source.group
+      end
+
       def local
         @local ||= false
       end

data/lib/fog/bouncer/security.rb

@@ -5,9 +5,10 @@ module Fog
     class Security
       attr_reader :name, :description
 
-      def initialize(name, &block)
+      def initialize(name, specific_groups = [], &block)
         @name = name
         @definitions = {}
+        @specific_groups = specific_groups
         @using = []
         instance_eval(&block)
         apply_definitions
@@ -36,6 +37,7 @@ module Fog
 
       def import_remote_groups
         Fog::Bouncer.fog.security_groups.each do |remote_group|
+          next if @specific_groups.any? && !@specific_groups.include?(remote_group.name)
           group = group(remote_group.name, remote_group.description)
           group.remote = remote_group
           IPPermissions.to(group, remote_group.ip_permissions) if remote_group.ip_permissions
@@ -77,6 +79,7 @@ module Fog
       end
 
       def group(name, description, &block)
+        return if @specific_groups.any? && !@specific_groups.include?(name)
         group = groups.find { |group| group.name == name }
         if group.nil?
           group = Group.new(name, description, self, &block)

data/lib/fog/bouncer/version.rb

@@ -1,5 +1,5 @@
 module Fog
   module Bouncer
-    VERSION = "0.1.1"
+    VERSION = "0.2.0"
   end
 end

data/spec/helper.rb

@@ -6,8 +6,17 @@ ENV['AWS_SECRET_ACCESS_KEY'] ||= "abcde1234"
 ENV['AWS_ACCOUNT_ID'] ||= "1234567890"
 
 require "fog/bouncer"
+require "scrolls"
 
-Fog::Bouncer.logger = File.open(File.dirname(__FILE__) + '/../logs/test.log', 'w')
+Scrolls::Log.start(File.open(File.dirname(__FILE__) + '/../logs/test.log', 'w'))
+
+module TestLogger
+  def self.log(data, &blk)
+    Scrolls.log(data, &blk)
+  end
+end
+
+Fog::Bouncer.instrument_with(TestLogger.method(:log))
 
 def load_security(security)
   Fog::Bouncer.load File.dirname(__FILE__) + "/support/security/#{security}.rb"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fog-bouncer
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-05-17 00:00:00.000000000 Z
+date: 2012-05-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: clamp
@@ -64,17 +64,17 @@ dependencies:
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.9.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.9.0
 - !ruby/object:Gem::Dependency
   name: scrolls
   requirement: !ruby/object:Gem::Requirement
@@ -82,7 +82,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.0.5
+        version: 0.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -90,7 +90,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.0.5
+        version: 0.1.0
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -128,6 +128,7 @@ files:
 - fog-bouncer.gemspec
 - lib/fog/bouncer.rb
 - lib/fog/bouncer/cli.rb
+- lib/fog/bouncer/cli/diff.rb
 - lib/fog/bouncer/group.rb
 - lib/fog/bouncer/group_manager.rb
 - lib/fog/bouncer/ip_permissions.rb