fog-bouncer 0.2.4 → 0.2.5
Sign up to get free protection for your applications and to get access to all the features.
- data/fog-bouncer.gemspec +1 -1
- data/lib/fog/bouncer/group.rb +58 -37
- data/lib/fog/bouncer/security.rb +1 -0
- data/lib/fog/bouncer/version.rb +1 -1
- data/spec/fog/bouncer/group_spec.rb +9 -0
- metadata +4 -4
data/fog-bouncer.gemspec
CHANGED
@@ -15,7 +15,7 @@ Gem::Specification.new do |gem|
|
|
15
15
|
gem.require_paths = ["lib"]
|
16
16
|
gem.version = Fog::Bouncer::VERSION
|
17
17
|
|
18
|
-
gem.add_dependency "clamp", "~> 0.3
|
18
|
+
gem.add_dependency "clamp", "~> 0.3"
|
19
19
|
gem.add_dependency "clarence", "1987.0.0"
|
20
20
|
gem.add_dependency "fog", "~> 1.2"
|
21
21
|
gem.add_dependency "ipaddress", "~> 0.8.0"
|
data/lib/fog/bouncer/group.rb
CHANGED
@@ -24,26 +24,6 @@ module Fog
|
|
24
24
|
end
|
25
25
|
end
|
26
26
|
|
27
|
-
def extra_remote_sources
|
28
|
-
sources.select { |source| !source.local? && source.remote? }
|
29
|
-
end
|
30
|
-
|
31
|
-
def local?
|
32
|
-
!!local
|
33
|
-
end
|
34
|
-
|
35
|
-
def missing_remote_sources
|
36
|
-
sources.select { |source| source.local? && !source.remote? }
|
37
|
-
end
|
38
|
-
|
39
|
-
def remote?
|
40
|
-
!remote.nil?
|
41
|
-
end
|
42
|
-
|
43
|
-
def sources
|
44
|
-
@sources ||= []
|
45
|
-
end
|
46
|
-
|
47
27
|
def add_source(source, &block)
|
48
28
|
if existing = sources.find { |s| s.match(source) }
|
49
29
|
existing.instance_eval(&block)
|
@@ -52,17 +32,6 @@ module Fog
|
|
52
32
|
end
|
53
33
|
end
|
54
34
|
|
55
|
-
def sync
|
56
|
-
log(sync: true) do
|
57
|
-
create_missing_remote
|
58
|
-
synchronize_sources
|
59
|
-
end
|
60
|
-
end
|
61
|
-
|
62
|
-
def use(name)
|
63
|
-
@using << security.definitions(name)
|
64
|
-
end
|
65
|
-
|
66
35
|
def create_missing_remote
|
67
36
|
unless remote?
|
68
37
|
log(create_missing_remote: true) do
|
@@ -74,12 +43,6 @@ module Fog
|
|
74
43
|
end
|
75
44
|
end
|
76
45
|
|
77
|
-
def synchronize_sources
|
78
|
-
log(synchronize_sources: true) do
|
79
|
-
SourceManager.new(self).synchronize
|
80
|
-
end
|
81
|
-
end
|
82
|
-
|
83
46
|
def destroy
|
84
47
|
revoke
|
85
48
|
if remote?
|
@@ -96,6 +59,35 @@ module Fog
|
|
96
59
|
end
|
97
60
|
end
|
98
61
|
|
62
|
+
# Public: Check if it has exceeded the 100 rules limit per group on AWS,
|
63
|
+
# http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-network-security.html.
|
64
|
+
#
|
65
|
+
# Examples
|
66
|
+
#
|
67
|
+
# exceeded?
|
68
|
+
# # => false
|
69
|
+
#
|
70
|
+
# Returns a Boolean
|
71
|
+
def exceeded?
|
72
|
+
local_permissions.size > 100
|
73
|
+
end
|
74
|
+
|
75
|
+
def extra_remote_sources
|
76
|
+
sources.select { |source| !source.local? && source.remote? }
|
77
|
+
end
|
78
|
+
|
79
|
+
def local?
|
80
|
+
!!local
|
81
|
+
end
|
82
|
+
|
83
|
+
def missing_remote_sources
|
84
|
+
sources.select { |source| source.local? && !source.remote? }
|
85
|
+
end
|
86
|
+
|
87
|
+
def remote?
|
88
|
+
!remote.nil?
|
89
|
+
end
|
90
|
+
|
99
91
|
def revoke
|
100
92
|
permissions = sources.map do |source|
|
101
93
|
source.protocols.select { |p| p.remote? }
|
@@ -112,6 +104,21 @@ module Fog
|
|
112
104
|
end
|
113
105
|
end
|
114
106
|
|
107
|
+
def sources
|
108
|
+
@sources ||= []
|
109
|
+
end
|
110
|
+
|
111
|
+
def sync
|
112
|
+
log(sync: true) do
|
113
|
+
create_missing_remote
|
114
|
+
synchronize_sources
|
115
|
+
end
|
116
|
+
end
|
117
|
+
|
118
|
+
def use(name)
|
119
|
+
@using << security.definitions(name)
|
120
|
+
end
|
121
|
+
|
115
122
|
def ==(other)
|
116
123
|
name == other.name &&
|
117
124
|
description == other.description
|
@@ -133,9 +140,23 @@ module Fog
|
|
133
140
|
end
|
134
141
|
end
|
135
142
|
|
143
|
+
def local_permissions
|
144
|
+
permissions = sources.map do |source|
|
145
|
+
source.protocols.select { |p| p.local? }
|
146
|
+
end.flatten.compact
|
147
|
+
end
|
148
|
+
|
136
149
|
def source(source, &block)
|
137
150
|
add_source(source, &block)
|
138
151
|
end
|
152
|
+
|
153
|
+
def synchronize_sources
|
154
|
+
log(synchronize_sources: true) do
|
155
|
+
log(rules_limit: 100, rules: local_permissions.size)
|
156
|
+
log(exceeded_aws_limit: true) if exceeded?
|
157
|
+
SourceManager.new(self).synchronize
|
158
|
+
end
|
159
|
+
end
|
139
160
|
end
|
140
161
|
end
|
141
162
|
end
|
data/lib/fog/bouncer/security.rb
CHANGED
data/lib/fog/bouncer/version.rb
CHANGED
@@ -29,6 +29,15 @@ describe Fog::Bouncer do
|
|
29
29
|
end
|
30
30
|
end
|
31
31
|
|
32
|
+
describe "#exceeded?" do
|
33
|
+
it "should check if the group exceeds the AWS rules limit" do
|
34
|
+
@group.exceeded?.must_equal false
|
35
|
+
source = @group.sources.first
|
36
|
+
0.upto(100) { |i| p = source.add_protocol(:tcp, i + 1000); p.local = true }
|
37
|
+
@group.exceeded?.must_equal true
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
32
41
|
describe "#extras" do
|
33
42
|
before do
|
34
43
|
Fog::Bouncer::IPPermissions.to(@group, [{ "ipProtocol" => "tcp", "fromPort" => 20, "toPort" => 20, "ipRanges" => [{ "cidrIp" => "2.2.2.2/2" }], "groups" => [] }])
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fog-bouncer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.5
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-
|
12
|
+
date: 2012-10-19 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: clamp
|
@@ -18,7 +18,7 @@ dependencies:
|
|
18
18
|
requirements:
|
19
19
|
- - ~>
|
20
20
|
- !ruby/object:Gem::Version
|
21
|
-
version: 0.3
|
21
|
+
version: '0.3'
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
24
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -26,7 +26,7 @@ dependencies:
|
|
26
26
|
requirements:
|
27
27
|
- - ~>
|
28
28
|
- !ruby/object:Gem::Version
|
29
|
-
version: 0.3
|
29
|
+
version: '0.3'
|
30
30
|
- !ruby/object:Gem::Dependency
|
31
31
|
name: clarence
|
32
32
|
requirement: !ruby/object:Gem::Requirement
|