grouper 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/grouper.rb +91 -0
- metadata +63 -0
data/lib/grouper.rb
ADDED
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
module Grouper
|
|
2
|
+
|
|
3
|
+
#find a security group, create it if it does not exist
|
|
4
|
+
#
|
|
5
|
+
def find_or_create(ec2, group_name)
|
|
6
|
+
if ec2.security_groups.map(&:name).include?(group_name)
|
|
7
|
+
ec2.security_groups.filter('group-name', group_name).first
|
|
8
|
+
else
|
|
9
|
+
ec2.security_groups.create(group_name)
|
|
10
|
+
end
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
#Takes an array of rules and applies them to a security froup
|
|
14
|
+
#if the security group has rules that are not part of the rules array being applied these are revoked
|
|
15
|
+
#
|
|
16
|
+
def apply_rules(group, rules)
|
|
17
|
+
remove_old_rules(group, rules)
|
|
18
|
+
rules.each do |rule|
|
|
19
|
+
add_rule(group, rule)
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
#revoke old rules that are not part of the rules array
|
|
24
|
+
#
|
|
25
|
+
def remove_old_rules(group, rules)
|
|
26
|
+
group.ingress_ip_permissions.each do |p|
|
|
27
|
+
p.revoke if !is_rule?(p, rules)
|
|
28
|
+
end
|
|
29
|
+
group.egress_ip_permissions.each do |p|
|
|
30
|
+
p.revoke if !is_rule?(p, rules)
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
#checks to see if an EC2 IP permission is in array of rules
|
|
35
|
+
#
|
|
36
|
+
def is_rule?(permission, rules)
|
|
37
|
+
rules.each do |rule|
|
|
38
|
+
return true if match?(permission, rule)
|
|
39
|
+
end
|
|
40
|
+
false
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
#checks to see if an EC2 IP permission matches a rule
|
|
44
|
+
#AWS doesn't do clever recombination of rules in the background so we do simple comparaisons to keep things simples
|
|
45
|
+
#
|
|
46
|
+
def match?(permission, rule)
|
|
47
|
+
if rule.direction == :in
|
|
48
|
+
(permission.port_range == rule.ports) and (permission.ip_ranges == rule.sources) and (permission.protocol == rule.protocol) and (!permission.egress)
|
|
49
|
+
elsif rule.direction == :out
|
|
50
|
+
(permission.port_range == rule.ports) and (permission.ip_ranges == rule.sources) and (permission.protocol == rule.protocol) and (permission.egress)
|
|
51
|
+
else #rule.direction == :both
|
|
52
|
+
(permission.port_range == rule.ports) and (permission.ip_ranges == rule.sources) and (permission.protocol == rule.protocol)
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
#add a rule to a security group
|
|
57
|
+
#
|
|
58
|
+
def add_rule(group, rule)
|
|
59
|
+
begin
|
|
60
|
+
case rule.direction
|
|
61
|
+
when :in
|
|
62
|
+
group.authorize_ingress(rule.protocol, rule.ports, *rule.sources)
|
|
63
|
+
when :out
|
|
64
|
+
group.authorize_egress(*rule.sources, :protocol => rule.protocol, :ports => rule.ports)
|
|
65
|
+
else
|
|
66
|
+
group.authorize_ingress(rule.protocol, rule.ports, *rule.sources)
|
|
67
|
+
group.authorize_egress(*rule.sources, :protocol => rule.protocol, :ports => rule.ports)
|
|
68
|
+
end
|
|
69
|
+
rescue AWS::EC2::Errors::InvalidPermission::Duplicate
|
|
70
|
+
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
#remove rule from a security group
|
|
75
|
+
#
|
|
76
|
+
def revoke_rule(group, rule)
|
|
77
|
+
case rule.direction
|
|
78
|
+
when :in
|
|
79
|
+
group.revoke_ingress(rule.protocol, rule.ports, *rule.sources)
|
|
80
|
+
when :out
|
|
81
|
+
group.revoke_egress(*rule.sources, :protocol => rule.protocol, :ports => rule.ports)
|
|
82
|
+
else
|
|
83
|
+
group.revoke_ingress(rule.protocol, rule.ports, *rule.sources)
|
|
84
|
+
group.revoke_egress(*rule.sources, :protocol => rule.protocol, :ports => rule.ports)
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
class Rule < Struct.new(:protocol, :ports, :sources, :direction)
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: grouper
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.0.2
|
|
5
|
+
prerelease:
|
|
6
|
+
platform: ruby
|
|
7
|
+
authors:
|
|
8
|
+
- digitalfrost
|
|
9
|
+
autorequire:
|
|
10
|
+
bindir: bin
|
|
11
|
+
cert_chain: []
|
|
12
|
+
date: 2013-04-12 00:00:00.000000000 Z
|
|
13
|
+
dependencies:
|
|
14
|
+
- !ruby/object:Gem::Dependency
|
|
15
|
+
name: aws-sdk
|
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
|
17
|
+
none: false
|
|
18
|
+
requirements:
|
|
19
|
+
- - ! '>='
|
|
20
|
+
- !ruby/object:Gem::Version
|
|
21
|
+
version: '0'
|
|
22
|
+
type: :runtime
|
|
23
|
+
prerelease: false
|
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
25
|
+
none: false
|
|
26
|
+
requirements:
|
|
27
|
+
- - ! '>='
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: '0'
|
|
30
|
+
description: Easily configure and manage Amazon Web Services Security Groups
|
|
31
|
+
email:
|
|
32
|
+
- it@leanbid.com
|
|
33
|
+
executables: []
|
|
34
|
+
extensions: []
|
|
35
|
+
extra_rdoc_files: []
|
|
36
|
+
files:
|
|
37
|
+
- lib/grouper.rb
|
|
38
|
+
homepage: https://github.com/digitalfrost/grouper
|
|
39
|
+
licenses:
|
|
40
|
+
- MIT
|
|
41
|
+
post_install_message:
|
|
42
|
+
rdoc_options: []
|
|
43
|
+
require_paths:
|
|
44
|
+
- lib
|
|
45
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
46
|
+
none: false
|
|
47
|
+
requirements:
|
|
48
|
+
- - ! '>='
|
|
49
|
+
- !ruby/object:Gem::Version
|
|
50
|
+
version: '0'
|
|
51
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
52
|
+
none: false
|
|
53
|
+
requirements:
|
|
54
|
+
- - ! '>='
|
|
55
|
+
- !ruby/object:Gem::Version
|
|
56
|
+
version: '0'
|
|
57
|
+
requirements: []
|
|
58
|
+
rubyforge_project: grouper
|
|
59
|
+
rubygems_version: 1.8.24
|
|
60
|
+
signing_key:
|
|
61
|
+
specification_version: 3
|
|
62
|
+
summary: Super Easy AWS Security Group Management
|
|
63
|
+
test_files: []
|