fog-bouncer 0.2.5 → 0.2.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.travis.yml +18 -37
- data/fog-bouncer.gemspec +1 -1
- data/lib/fog/bouncer/group.rb +1 -1
- data/lib/fog/bouncer/group_manager.rb +2 -2
- data/lib/fog/bouncer/protocols.rb +1 -1
- data/lib/fog/bouncer/security.rb +4 -1
- data/lib/fog/bouncer/source_manager.rb +2 -2
- data/lib/fog/bouncer/version.rb +1 -1
- data/spec/fog/bouncer/group_spec.rb +1 -1
- data/spec/fog/bouncer/security_spec.rb +6 -6
- data/spec/helper.rb +10 -0
- metadata +24 -40
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: a2efd35d9c752f00569ed323f3daff266881c120
|
4
|
+
data.tar.gz: d0b9a15c0055b4d08dd74e8dde43bdeaa7013a9f
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 515bb6caa2296ff0cea02c516df77772f7f0414ce38246a2867e3bd6e6bf650243cf6e9e245a007eae9ba181e23fd6d7d58dc5815dc9fa93c471c8cb44c0a543
|
7
|
+
data.tar.gz: 8dac91669d76a6e591b2cc718e9f70fd63bf3fbaef056675ae8e9fb96c3510f66a3f2e2cfff461d35bdcf33a5191cf394c3a7df277318d8c6afd23e8224f18a2
|
data/.travis.yml
CHANGED
@@ -1,47 +1,28 @@
|
|
1
1
|
env:
|
2
2
|
global:
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
3
|
+
- NO_SIMPLECOV=true
|
4
|
+
- secure: Ys71anAIjNI1caD4vzbe8rchDxW01pYq7VPd+BNZl7L3XSeNh6BOKoB61Mxul2uxe+cmuOtgu2kWJaG8Q/2dc2Uk1WIlwPtDLI0RGkaXi1nxcA38wBzE/x5nWqnuO2IC8sH7dnJoCGJh6l3Wh1fa6atM+AumE+opMVmpjzv1XEE=
|
5
|
+
- secure: RRszwiF6zjaFdt9ChebyyxJhya4PVepnCVYn8AgBHsvpYtItn4y/1W5hyRvCAaqg+Fw7OXzjS+bDb0amln8PwEX7dbB8OIX0srRXlEmqZsxvp1aZO4QJE8mBU1SGeDz975/riEqM+WrUs0I3P+YoS0rzYAfDdrgOsZuMOXMv3RQ=
|
6
|
+
- secure: UvtPU/JRExEq0ZR5XclUxIsDw0TdYY2RXRRkrwghBm1od4OasFzv9lPnG3OSCxO9rTG/dxs7P2bzsCA9Z1wcvFvhudcp/uTAHhRh/Bs0iebpRzjXno51dvs86RfXdSuN2gsDhd8mehji8hqmlhwpSznujEekp3Vvtuca40aA/Tk=
|
7
7
|
matrix:
|
8
|
-
|
9
|
-
|
10
|
-
|
8
|
+
- FOG_REAL=false
|
9
|
+
- FOG_REAL=true
|
11
10
|
matrix:
|
12
11
|
exclude:
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
- secure: "jzm0Mn03H2wVsJbk+JxbZ0y2ptrMXKdfAs243W9Bd2PVg/no+CFxw7CDlvcT\n5IEB/3CFPTnbbFj0BMGa5hZFa6eSG4V4vKPRe5M10dx6807nho0G1xWHIj5b\nOok5u1YvDHuaZ6aGwo/oprMBRKh68mhgSYS/KfuFEdj689QVae4="
|
20
|
-
- rvm: jruby-19mode
|
21
|
-
env:
|
22
|
-
- FOG_REAL=true
|
23
|
-
- NO_SIMPLECOV=true
|
24
|
-
- secure: "hBuPzm8oDPYwDzutnwwOkc2cwMNPHuCcTqw9ZHnSJlPyKAIGLBvDca+Nqu/v\niqVS+H8p2vn8/Dj+Y4+OouyL83ibH5PLsMLGqFYQqJ2glj/8qozoq0EB1C5x\n2k7/EtK1fft4oJhyWvEOd92q5/kDYAwRsQYZqBn7E9Yu7D4zfnQ="
|
25
|
-
- secure: "UXDtqnEW0BUtATes/xYIHFFXwGsIJbxMs4dNb6yC2KplHUSenx/RhgVMnRhF\nvSBCFuTPXHHHQKg8SgrxRJe3M841sKZxfSkRJ2PYMoW1qNEhF86EMxvrMDfg\nQ6PM5SDRk3u1PiGNdVlgeRVKFKOTnBaySTGDRVBnTZmK/iYHv5A="
|
26
|
-
- secure: "jzm0Mn03H2wVsJbk+JxbZ0y2ptrMXKdfAs243W9Bd2PVg/no+CFxw7CDlvcT\n5IEB/3CFPTnbbFj0BMGa5hZFa6eSG4V4vKPRe5M10dx6807nho0G1xWHIj5b\nOok5u1YvDHuaZ6aGwo/oprMBRKh68mhgSYS/KfuFEdj689QVae4="
|
27
|
-
- rvm: rbx-19mode
|
28
|
-
env:
|
29
|
-
- FOG_REAL=true
|
30
|
-
- NO_SIMPLECOV=true
|
31
|
-
- secure: "hBuPzm8oDPYwDzutnwwOkc2cwMNPHuCcTqw9ZHnSJlPyKAIGLBvDca+Nqu/v\niqVS+H8p2vn8/Dj+Y4+OouyL83ibH5PLsMLGqFYQqJ2glj/8qozoq0EB1C5x\n2k7/EtK1fft4oJhyWvEOd92q5/kDYAwRsQYZqBn7E9Yu7D4zfnQ="
|
32
|
-
- secure: "UXDtqnEW0BUtATes/xYIHFFXwGsIJbxMs4dNb6yC2KplHUSenx/RhgVMnRhF\nvSBCFuTPXHHHQKg8SgrxRJe3M841sKZxfSkRJ2PYMoW1qNEhF86EMxvrMDfg\nQ6PM5SDRk3u1PiGNdVlgeRVKFKOTnBaySTGDRVBnTZmK/iYHv5A="
|
33
|
-
- secure: "jzm0Mn03H2wVsJbk+JxbZ0y2ptrMXKdfAs243W9Bd2PVg/no+CFxw7CDlvcT\n5IEB/3CFPTnbbFj0BMGa5hZFa6eSG4V4vKPRe5M10dx6807nho0G1xWHIj5b\nOok5u1YvDHuaZ6aGwo/oprMBRKh68mhgSYS/KfuFEdj689QVae4="
|
34
|
-
|
12
|
+
- rvm: 1.9.2
|
13
|
+
env: FOG_REAL=true
|
14
|
+
- rvm: 1.9.3
|
15
|
+
env: FOG_REAL=true
|
16
|
+
- rvm: jruby-19mode
|
17
|
+
env: FOG_REAL=true
|
35
18
|
branches:
|
36
19
|
only:
|
37
|
-
|
38
|
-
|
20
|
+
- master
|
39
21
|
language: ruby
|
40
|
-
|
22
|
+
cache: bundler
|
41
23
|
rvm:
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
24
|
+
- 2.1.1
|
25
|
+
- 1.9.2
|
26
|
+
- 1.9.3
|
27
|
+
- jruby-19mode
|
47
28
|
script: bundle exec rake test --trace
|
data/fog-bouncer.gemspec
CHANGED
@@ -15,7 +15,7 @@ Gem::Specification.new do |gem|
|
|
15
15
|
gem.require_paths = ["lib"]
|
16
16
|
gem.version = Fog::Bouncer::VERSION
|
17
17
|
|
18
|
-
gem.add_dependency "clamp", "~> 0.
|
18
|
+
gem.add_dependency "clamp", "~> 0.5.0"
|
19
19
|
gem.add_dependency "clarence", "1987.0.0"
|
20
20
|
gem.add_dependency "fog", "~> 1.2"
|
21
21
|
gem.add_dependency "ipaddress", "~> 0.8.0"
|
data/lib/fog/bouncer/group.rb
CHANGED
@@ -95,7 +95,7 @@ module Fog
|
|
95
95
|
|
96
96
|
if remote? && permissions.any?
|
97
97
|
log(revoke: true) do
|
98
|
-
remote.
|
98
|
+
remote.service.revoke_security_group_ingress(name, "IpPermissions" => IPPermissions.from(permissions)) unless Fog::Bouncer.pretending?
|
99
99
|
permissions.each do |protocol|
|
100
100
|
log({revoked: true}.merge(protocol.to_log))
|
101
101
|
protocol.source.protocols.delete_if { |p| p == protocol } unless Fog::Bouncer.pretending?
|
@@ -32,7 +32,7 @@ module Fog
|
|
32
32
|
begin
|
33
33
|
group.destroy
|
34
34
|
rescue Fog::Compute::AWS::Error => exception
|
35
|
-
unless exception.message =~ /
|
35
|
+
unless exception.message =~ /InUse/
|
36
36
|
raise
|
37
37
|
end
|
38
38
|
log group_in_use: true, group_name: group.name
|
@@ -56,7 +56,7 @@ module Fog
|
|
56
56
|
begin
|
57
57
|
group.destroy
|
58
58
|
rescue Fog::Compute::AWS::Error => exception
|
59
|
-
unless exception.message =~ /
|
59
|
+
unless exception.message =~ /InUse/
|
60
60
|
raise
|
61
61
|
end
|
62
62
|
log group_in_use: true, group_name: group.name
|
data/lib/fog/bouncer/security.rb
CHANGED
@@ -37,10 +37,13 @@ module Fog
|
|
37
37
|
|
38
38
|
def import_remote_groups
|
39
39
|
Fog::Bouncer.fog.security_groups.each do |remote_group|
|
40
|
+
next if remote_group.vpc_id
|
40
41
|
next if @specific_groups.any? && !@specific_groups.include?(remote_group.name)
|
41
42
|
group = group(remote_group.name, remote_group.description)
|
42
43
|
group.remote = remote_group
|
43
|
-
|
44
|
+
if remote_group.ip_permissions && remote_group.ip_permissions.all?{|p| %w[icmp tcp udp].include?(p["ipProtocol"]) }
|
45
|
+
IPPermissions.to(group, remote_group.ip_permissions)
|
46
|
+
end
|
44
47
|
end
|
45
48
|
end
|
46
49
|
|
@@ -25,7 +25,7 @@ module Fog
|
|
25
25
|
|
26
26
|
def create_missing_source_permissions
|
27
27
|
if missing_source_permissions.any?
|
28
|
-
@group.remote.
|
28
|
+
@group.remote.service.authorize_security_group_ingress(@group.name, "IpPermissions" => IPPermissions.from(missing_source_permissions, :local_only => true)) unless Fog::Bouncer.pretending?
|
29
29
|
missing_source_permissions.each do |protocol|
|
30
30
|
log({authorized: true}.merge(protocol.to_log))
|
31
31
|
protocol.remote = true unless Fog::Bouncer.pretending?
|
@@ -41,7 +41,7 @@ module Fog
|
|
41
41
|
|
42
42
|
def remove_extra_source_permissions
|
43
43
|
if extra_source_permissions.any?
|
44
|
-
@group.remote.
|
44
|
+
@group.remote.service.revoke_security_group_ingress(@group.name, "IpPermissions" => IPPermissions.from(extra_source_permissions, :remote_only => true)) unless Fog::Bouncer.pretending?
|
45
45
|
extra_source_permissions.each do |protocol|
|
46
46
|
log({revoked: true}.merge(protocol.to_log))
|
47
47
|
protocol.source.protocols.delete_if { |p| p == protocol } unless Fog::Bouncer.pretending?
|
data/lib/fog/bouncer/version.rb
CHANGED
@@ -21,7 +21,7 @@ describe Fog::Bouncer do
|
|
21
21
|
|
22
22
|
describe "use" do
|
23
23
|
it "should include any source definition specified" do
|
24
|
-
@group.sources.find { |s| s.source == "0.0.0.0/0" && s.protocols.find { |p| p.type == "icmp" && p.from ==
|
24
|
+
@group.sources.find { |s| s.source == "0.0.0.0/0" && s.protocols.find { |p| p.type == "icmp" && p.from == 0 && p.to == 8 } }.wont_be_nil
|
25
25
|
end
|
26
26
|
|
27
27
|
it "should not create duplicate sources" do
|
@@ -15,15 +15,15 @@ describe Fog::Bouncer::Security do
|
|
15
15
|
describe "pretending" do
|
16
16
|
before do
|
17
17
|
Fog::Bouncer.pretend!
|
18
|
-
@groups =
|
19
|
-
@fog.security_groups.get('default').
|
18
|
+
@groups = fog_security_groups
|
19
|
+
@fog.security_groups.get('default').service.authorize_security_group_ingress('default', "IpPermissions" => [{"Groups" => [], "IpRanges" => [{"CidrIp" => "0.0.0.0/0"}], "IpProtocol" => "icmp", "FromPort" => "-1", "ToPort" => "-1"}])
|
20
20
|
@doorlist.sync
|
21
21
|
end
|
22
22
|
|
23
23
|
it "should not sync anything" do
|
24
24
|
assert !@doorlist.groups.first.remote?
|
25
25
|
@fog.security_groups.get('default').ip_permissions.wont_be_empty
|
26
|
-
|
26
|
+
fog_security_groups.size.must_equal @groups.size
|
27
27
|
end
|
28
28
|
end
|
29
29
|
|
@@ -42,7 +42,7 @@ describe Fog::Bouncer::Security do
|
|
42
42
|
end
|
43
43
|
|
44
44
|
it "synchronises against AWS" do
|
45
|
-
|
45
|
+
fog_security_groups.size.must_equal 4
|
46
46
|
|
47
47
|
fog_douchebag = @fog.security_groups.get('douchebag')
|
48
48
|
douchebag = @doorlist.groups.find { |g| g.name == 'douchebag' }
|
@@ -91,8 +91,8 @@ describe Fog::Bouncer::Security do
|
|
91
91
|
end
|
92
92
|
|
93
93
|
it "removes all groups except default" do
|
94
|
-
|
95
|
-
|
94
|
+
fog_security_groups.size.must_equal 1
|
95
|
+
fog_security_groups.first.name.must_equal "default"
|
96
96
|
end
|
97
97
|
end
|
98
98
|
end
|
data/spec/helper.rb
CHANGED
@@ -27,8 +27,18 @@ def load_security(security)
|
|
27
27
|
Fog::Bouncer.load File.dirname(__FILE__) + "/support/security/#{security}.rb"
|
28
28
|
end
|
29
29
|
|
30
|
+
def fog_security_groups
|
31
|
+
Fog::Bouncer.fog.security_groups.all.reject(&:vpc_id)
|
32
|
+
end
|
33
|
+
|
30
34
|
Fog.mock! unless ENV['FOG_REAL'] && ["1", "true"].include?(ENV['FOG_REAL'])
|
31
35
|
|
36
|
+
class MiniTest::Spec
|
37
|
+
before :each do
|
38
|
+
Fog::Bouncer.pretend = false
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
32
42
|
MiniTest::Unit.after_tests do
|
33
43
|
Fog::Bouncer.doorlists.each do |name, doorlist|
|
34
44
|
doorlist.groups.each do |group|
|
metadata
CHANGED
@@ -1,36 +1,32 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fog-bouncer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
5
|
-
prerelease:
|
4
|
+
version: 0.2.6
|
6
5
|
platform: ruby
|
7
6
|
authors:
|
8
7
|
- Dylan Egan
|
9
8
|
autorequire:
|
10
9
|
bindir: bin
|
11
10
|
cert_chain: []
|
12
|
-
date:
|
11
|
+
date: 2014-04-24 00:00:00.000000000 Z
|
13
12
|
dependencies:
|
14
13
|
- !ruby/object:Gem::Dependency
|
15
14
|
name: clamp
|
16
15
|
requirement: !ruby/object:Gem::Requirement
|
17
|
-
none: false
|
18
16
|
requirements:
|
19
|
-
- - ~>
|
17
|
+
- - "~>"
|
20
18
|
- !ruby/object:Gem::Version
|
21
|
-
version:
|
19
|
+
version: 0.5.0
|
22
20
|
type: :runtime
|
23
21
|
prerelease: false
|
24
22
|
version_requirements: !ruby/object:Gem::Requirement
|
25
|
-
none: false
|
26
23
|
requirements:
|
27
|
-
- - ~>
|
24
|
+
- - "~>"
|
28
25
|
- !ruby/object:Gem::Version
|
29
|
-
version:
|
26
|
+
version: 0.5.0
|
30
27
|
- !ruby/object:Gem::Dependency
|
31
28
|
name: clarence
|
32
29
|
requirement: !ruby/object:Gem::Requirement
|
33
|
-
none: false
|
34
30
|
requirements:
|
35
31
|
- - '='
|
36
32
|
- !ruby/object:Gem::Version
|
@@ -38,7 +34,6 @@ dependencies:
|
|
38
34
|
type: :runtime
|
39
35
|
prerelease: false
|
40
36
|
version_requirements: !ruby/object:Gem::Requirement
|
41
|
-
none: false
|
42
37
|
requirements:
|
43
38
|
- - '='
|
44
39
|
- !ruby/object:Gem::Version
|
@@ -46,81 +41,71 @@ dependencies:
|
|
46
41
|
- !ruby/object:Gem::Dependency
|
47
42
|
name: fog
|
48
43
|
requirement: !ruby/object:Gem::Requirement
|
49
|
-
none: false
|
50
44
|
requirements:
|
51
|
-
- - ~>
|
45
|
+
- - "~>"
|
52
46
|
- !ruby/object:Gem::Version
|
53
47
|
version: '1.2'
|
54
48
|
type: :runtime
|
55
49
|
prerelease: false
|
56
50
|
version_requirements: !ruby/object:Gem::Requirement
|
57
|
-
none: false
|
58
51
|
requirements:
|
59
|
-
- - ~>
|
52
|
+
- - "~>"
|
60
53
|
- !ruby/object:Gem::Version
|
61
54
|
version: '1.2'
|
62
55
|
- !ruby/object:Gem::Dependency
|
63
56
|
name: ipaddress
|
64
57
|
requirement: !ruby/object:Gem::Requirement
|
65
|
-
none: false
|
66
58
|
requirements:
|
67
|
-
- - ~>
|
59
|
+
- - "~>"
|
68
60
|
- !ruby/object:Gem::Version
|
69
61
|
version: 0.8.0
|
70
62
|
type: :runtime
|
71
63
|
prerelease: false
|
72
64
|
version_requirements: !ruby/object:Gem::Requirement
|
73
|
-
none: false
|
74
65
|
requirements:
|
75
|
-
- - ~>
|
66
|
+
- - "~>"
|
76
67
|
- !ruby/object:Gem::Version
|
77
68
|
version: 0.8.0
|
78
69
|
- !ruby/object:Gem::Dependency
|
79
70
|
name: rake
|
80
71
|
requirement: !ruby/object:Gem::Requirement
|
81
|
-
none: false
|
82
72
|
requirements:
|
83
|
-
- - ~>
|
73
|
+
- - "~>"
|
84
74
|
- !ruby/object:Gem::Version
|
85
75
|
version: 0.9.0
|
86
76
|
type: :runtime
|
87
77
|
prerelease: false
|
88
78
|
version_requirements: !ruby/object:Gem::Requirement
|
89
|
-
none: false
|
90
79
|
requirements:
|
91
|
-
- - ~>
|
80
|
+
- - "~>"
|
92
81
|
- !ruby/object:Gem::Version
|
93
82
|
version: 0.9.0
|
94
83
|
- !ruby/object:Gem::Dependency
|
95
84
|
name: scrolls
|
96
85
|
requirement: !ruby/object:Gem::Requirement
|
97
|
-
none: false
|
98
86
|
requirements:
|
99
|
-
- - ~>
|
87
|
+
- - "~>"
|
100
88
|
- !ruby/object:Gem::Version
|
101
89
|
version: 0.2.1
|
102
90
|
type: :runtime
|
103
91
|
prerelease: false
|
104
92
|
version_requirements: !ruby/object:Gem::Requirement
|
105
|
-
none: false
|
106
93
|
requirements:
|
107
|
-
- - ~>
|
94
|
+
- - "~>"
|
108
95
|
- !ruby/object:Gem::Version
|
109
96
|
version: 0.2.1
|
110
97
|
- !ruby/object:Gem::Dependency
|
111
98
|
name: minitest
|
112
99
|
requirement: !ruby/object:Gem::Requirement
|
113
|
-
none: false
|
114
100
|
requirements:
|
115
|
-
- -
|
101
|
+
- - ">="
|
116
102
|
- !ruby/object:Gem::Version
|
117
103
|
version: '0'
|
118
104
|
type: :development
|
119
105
|
prerelease: false
|
120
106
|
version_requirements: !ruby/object:Gem::Requirement
|
121
|
-
none: false
|
122
107
|
requirements:
|
123
|
-
- -
|
108
|
+
- - ">="
|
124
109
|
- !ruby/object:Gem::Version
|
125
110
|
version: '0'
|
126
111
|
description: A simple way to define and manage security groups for AWS with the backing
|
@@ -132,9 +117,9 @@ executables:
|
|
132
117
|
extensions: []
|
133
118
|
extra_rdoc_files: []
|
134
119
|
files:
|
135
|
-
- .gitignore
|
136
|
-
- .simplecov
|
137
|
-
- .travis.yml
|
120
|
+
- ".gitignore"
|
121
|
+
- ".simplecov"
|
122
|
+
- ".travis.yml"
|
138
123
|
- Gemfile
|
139
124
|
- Makefile
|
140
125
|
- README.md
|
@@ -165,27 +150,26 @@ files:
|
|
165
150
|
- spec/support/security/private.rb
|
166
151
|
homepage: https://github.com/dylanegan/fog-bouncer
|
167
152
|
licenses: []
|
153
|
+
metadata: {}
|
168
154
|
post_install_message:
|
169
155
|
rdoc_options: []
|
170
156
|
require_paths:
|
171
157
|
- lib
|
172
158
|
required_ruby_version: !ruby/object:Gem::Requirement
|
173
|
-
none: false
|
174
159
|
requirements:
|
175
|
-
- -
|
160
|
+
- - ">="
|
176
161
|
- !ruby/object:Gem::Version
|
177
162
|
version: '0'
|
178
163
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
179
|
-
none: false
|
180
164
|
requirements:
|
181
|
-
- -
|
165
|
+
- - ">="
|
182
166
|
- !ruby/object:Gem::Version
|
183
167
|
version: '0'
|
184
168
|
requirements: []
|
185
169
|
rubyforge_project:
|
186
|
-
rubygems_version:
|
170
|
+
rubygems_version: 2.2.2
|
187
171
|
signing_key:
|
188
|
-
specification_version:
|
172
|
+
specification_version: 4
|
189
173
|
summary: A manage security.
|
190
174
|
test_files:
|
191
175
|
- spec/fog/bouncer/group_spec.rb
|