holepunch 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: fe47a0599c4e1b19b2d568547aeffe9da1f6fe7c
+  data.tar.gz: 587e038f58741e6f9964cc3de7bbfe633408d5e5
+SHA512:
+  metadata.gz: 91dcdcd8826236fe71ec2dfe9a1267797418f832611960912e95401a2c36478b1cdb2cb650b5467d2f6760859eeaf1beec58d94aedd6b638eca0b746b791facc
+  data.tar.gz: 11b27c316a5d8c62c69055c9b12271b33e05b57535c541518c954b9e2bfab5482e679bd13788bca94cf154c25e3e4b41dccb1381d106243f169319028f553ef3

data/bin/holepunch

@@ -0,0 +1,26 @@
+#!/usr/bin/env ruby
+#
+# Copyright (C) 2014 Undead Labs, LLC
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+lib = File.expand_path('../../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'holepunch/cli'
+
+HolePunch::Cli.new.execute!(ARGV.dup)

data/lib/holepunch.rb

@@ -0,0 +1,48 @@
+#
+# Copyright (C) 2014 Undead Labs, LLC
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+require 'aws-sdk'
+require 'holepunch/definition'
+require 'holepunch/dsl'
+require 'holepunch/ec2'
+require 'holepunch/logger'
+require 'holepunch/version'
+
+module HolePunch
+  class HolePunchError < StandardError; end
+
+  class EnvNotDefinedError < HolePunchError; end
+  class GroupError < HolePunchError; end
+  class GroupDoesNotExistError < HolePunchError; end
+  class SecurityGroupsFileNotFoundError < HolePunchError; end
+  class SecurityGroupsFileError < HolePunchError; end
+
+  class << self
+    def cidr?(value)
+      value.to_s =~ /\d+\.\d+\.\d+\.\d+\/\d+/
+    end
+
+    def read_file(file)
+      content = File.open(file, 'rb') do |io|
+        io.read
+      end
+    end
+  end
+end

data/lib/holepunch/cli.rb

@@ -0,0 +1,109 @@
+#
+# Copyright (C) 2014 Undead Labs, LLC
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+require 'holepunch'
+require 'optparse'
+
+module HolePunch
+  class Options < Struct.new(
+    :aws_access_key_id,
+    :aws_region,
+    :aws_secret_access_key,
+    :env,
+    :filename,
+    :verbose
+  ); end
+
+  class Cli
+    def initialize
+      Logger.output = LoggerOutputStdio.new
+    end
+
+    def execute!(args)
+      opts = parse_opts(args)
+      Logger.verbose = opts.verbose
+
+      definition = Definition.build(opts.filename, opts.env)
+
+      ec2 = EC2.new({
+        access_key_id:     opts.aws_access_key_id,
+        secret_access_key: opts.aws_secret_access_key,
+        region:            opts.aws_region,
+      })
+      ec2.apply(definition)
+
+    rescue EnvNotDefinedError => e
+      Logger.fatal('You have security groups that use an environment, but you did not specify one. See --help')
+    rescue HolePunchError => e
+      Logger.fatal(e.message)
+    end
+
+    private
+      def parse_opts(args)
+        opts                       = Options.new
+        opts.aws_access_key_id     = ENV['AWS_ACCESS_KEY_ID']
+        opts.aws_secret_access_key = ENV['AWS_SECRET_ACCESS_KEY']
+        opts.aws_region            = ENV['AWS_REGION']
+        opts.env                   = nil
+        opts.filename              = "#{Dir.pwd}/SecurityGroups"
+        opts.verbose               = false
+
+        OptionParser.new(<<-EOS.gsub(/^ {10}/, '')
+          Usage: holepunch [options]
+
+          Options:
+        EOS
+        ) do |parser|
+          parser.on('-A', '--aws-access-key KEY', String, 'Your AWS Access Key ID') do |value|
+            opts.aws_access_key_id = value
+          end
+          parser.on('-e', '--env ENV', String, 'Set the environment') do |value|
+            opts.env = value
+          end
+          parser.on('-f', '--file FILENAME', String, 'The location of the SecurityGroups file to use') do |value|
+            opts.filename = value
+          end
+          parser.on('-K', '--aws-secret-access-key SECRET', String, 'Your AWS API Secret Access Key') do |value|
+            opts.aws_secret_access_key = value
+          end
+          parser.on('-r', '--region REGION', String, 'Your AWS region') do |v|
+            opts.aws_region = v
+          end
+          parser.on('-v', '--verbose', 'verbose output') do |v|
+            opts.verbose = v
+          end
+          parser.on('-V', '--version', 'display the version and exit') do
+            puts VERSION
+            exit
+          end
+          parser.on_tail('-h', '--help', 'show this message') do
+            puts parser
+            exit
+          end
+        end.parse!(args)
+
+        Logger.fatal("AWS Access Key ID not defined. Use --aws-access-key or AWS_ACCESS_KEY_ID") if opts.aws_access_key_id.nil?
+        Logger.fatal("AWS Secret Access Key not defined. Use --aws-secret-access-key or AWS_SECRET_ACCESS_KEY") if opts.aws_secret_access_key.nil?
+        Logger.fatal("AWS Region not defined. Use --aws-region or AWS_REGION") if opts.aws_region.nil?
+
+        opts
+      end
+  end
+end

data/lib/holepunch/definition.rb

@@ -0,0 +1,98 @@
+#
+# Copyright (C) 2014 Undead Labs, LLC
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+module HolePunch
+  class SecurityGroup
+    attr_accessor :id, :desc, :dependency, :ingresses
+
+    def initialize(id, opts = {})
+      opts = {
+        dependency: false
+      }.merge(opts)
+
+      @id         = id
+      @desc       = id
+      @dependency = opts[:dependency]
+      @ingresses  = []
+    end
+
+    def include_ingress?(type, ports, source)
+      ports = ports.first if ports.is_a?(Range) and ports.size == 1
+
+      ingresses.any? do |ingress|
+        ingress.type == type && ingress.ports == ports && ingress.sources.include?(source)
+      end
+    end
+  end
+
+  class Permission < Struct.new(:type, :ports, :sources)
+    def icmp?
+      type == :icmp
+    end
+
+    def tcp?
+      type == :tcp
+    end
+
+    def udp?
+      type == :udp
+    end
+  end
+
+  class Definition
+    attr_reader :env
+    attr_reader :groups
+
+    class << self
+      def build(file, env)
+        filename = Pathname.new(file).expand_path
+        unless filename.file?
+          raise SecurityGroupsFileNotFoundError, "#{filename} not found"
+        end
+
+        DSL.evaluate(file, env)
+      end
+    end
+
+    def initialize(env = nil)
+      @env = env
+      @groups = {}
+    end
+
+    def add_group(group)
+      raise DuplicateGroupError, "another group already exists with id #{id}" if groups.include?(group.id)
+      groups[group.id] = group
+    end
+
+    def validate!
+      # verify group references are defined
+      groups.each do |id, group|
+        group.ingresses.each do |ingress|
+          ingress.sources.each do |source|
+            next if HolePunch.cidr?(source)
+            unless groups.include?(source)
+              raise GroupError, "group '#{source}' referenced by group '#{id}' does not exist"
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/holepunch/dsl.rb

@@ -0,0 +1,99 @@
+#
+# Copyright (C) 2014 Undead Labs, LLC
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+require 'pathname'
+
+module HolePunch
+  class DSL
+    attr_reader :groups
+
+    def self.evaluate(filename, env = nil)
+      DSL.new(env).eval_dsl(filename)
+    end
+
+    def initialize(env)
+      @definition = Definition.new(env)
+      @group = nil
+      @groups = {}
+    end
+
+    def eval_dsl(filename)
+      instance_eval(HolePunch.read_file(filename.to_s), filename.to_s, 1)
+      @definition.validate!
+      @definition
+    rescue SyntaxError => e
+      raise SecurityGroupsFileError, "SecurityGroups syntax error #{e.message.gsub("#{filename.to_s}:", 'on line ')}"
+    end
+
+    def env
+      raise EnvNotDefinedError, 'env not defined' if @definition.env.nil?
+      @definition.env
+    end
+
+    def depends(id)
+      id = id.to_s
+      raise GroupError, "duplicate group id #{id}" if @definition.groups.include?(id)
+      raise HolePunchSyntaxError, "dependency group #{id} cannot have a block" if block_given?
+      @group            = SecurityGroup.new(id, dependency: true)
+      @definition.add_group(@group)
+      yield if block_given?
+    ensure
+      @group = nil
+    end
+
+    def group(id, &block)
+      id = id.to_s
+      raise GroupError, "duplicate group id #{id}" if @definition.groups.include?(id)
+      @group            = SecurityGroup.new(id, dependency: false)
+      @definition.add_group(@group)
+      yield if block_given?
+    ensure
+      @group = nil
+    end
+
+    def desc(str)
+      raise HolePunchSyntaxError, 'desc must be used inside a group' if @group.nil?
+      raise HolePunchSyntaxError, 'desc cannot be used in a dependency group (the group is expected to be already defined elsewhere)' if @group.dependency
+      @group.desc = str
+    end
+
+    def icmp(*sources)
+      raise HolePunchSyntaxError, 'ping/icmp must be used inside a group' if @group.nil?
+      raise HolePunchSyntaxError, 'ping/icmp cannot be used in a dependency group (the group is expected to be already defined elsewhere)' if @group.dependency
+      sources << '0.0.0.0/0' if sources.empty?
+      @group.ingresses << Permission.new(:icmp, nil, sources.flatten)
+    end
+    alias_method :ping, :icmp
+
+    def tcp(ports, *sources)
+      raise HolePunchSyntaxError, 'tcp must be used inside a group' if @group.nil?
+      raise HolePunchSyntaxError, 'tcp cannot be used in a dependency group (the group is expected to be already defined elsewhere)' if @group.dependency
+      sources << '0.0.0.0/0' if sources.empty?
+      @group.ingresses << Permission.new(:tcp, ports, sources.flatten)
+    end
+
+    def udp(ports, *sources)
+      raise HolePunchSyntaxError, 'udp must be used inside a group' if @group.nil?
+      raise HolePunchSyntaxError, 'udp cannot be used in a dependency group (the group is expected to be already defined elsewhere)' if @group.dependency
+      sources << '0.0.0.0/0' if sources.empty?
+      @group.ingresses << Permission.new(:udp, ports, sources.flatten)
+    end
+  end
+end

data/lib/holepunch/ec2.rb

@@ -0,0 +1,160 @@
+#
+# Copyright (C) 2014 Undead Labs, LLC
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+require 'shellwords'
+
+module HolePunch
+  class EC2
+    attr_reader :ec2
+    attr_reader :region
+
+    def initialize(opts = {})
+      opts = {
+        access_key_id:     ENV['AWS_ACCESS_KEY_ID'],
+        secret_access_key: ENV['AWS_SECRET_ACCESS_KEY'],
+        region:            ENV['AWS_REGION'],
+      }.merge(opts)
+
+      AWS.config(opts)
+
+      @ec2    = AWS::EC2.new
+      @region = @ec2.regions[opts[:region]]
+    end
+
+    def apply(definition)
+      if definition.env.nil?
+        Logger.log("Creating security groups in '#{@region.name}' region")
+      else
+        Logger.log("Creating security groups for '#{definition.env}' environment in '#{@region.name}' region")
+      end
+
+      # get the security group data from the AWS servers
+      fetch!
+
+      # ensure dependency groups exist
+      definition.groups.select { |id, group| group.dependency }.each do |id, group|
+        unless exists?(id)
+          raise GroupDoesNotExistError, "Dependent security group '#{id}' does not exist"
+        end
+      end
+
+      # find/create the groups
+      ec2_groups = {}
+      definition.groups.each do |id, group|
+        ec2_group = find(id)
+        if ec2_group.nil?
+          Logger.log(:create, id)
+          ec2_group = create(id, group.desc)
+        end
+        ec2_groups[id] = ec2_group
+      end
+
+      definition.groups.each do |id, group|
+        next if group.dependency
+        ec2_group = ec2_groups[id]
+
+        # revoke existing ingresses no longer desired
+        ec2_group.ingress_ip_permissions.each do |ec2_perm|
+          revoke_sources = []
+          ec2_perm.groups.each do |source|
+            unless group.include_ingress?(ec2_perm.protocol, ec2_perm.port_range, source.name)
+              revoke_sources << source
+            end
+          end
+          ec2_perm.ip_ranges.each do |source|
+            unless group.include_ingress?(ec2_perm.protocol, ec2_perm.port_range, source)
+              revoke_sources << source
+            end
+          end
+          unless revoke_sources.empty?
+            Logger.log("revoke #{ec2_perm.protocol}", "#{id} #{sources_list_to_s(revoke_sources)}")
+            ec2_group.revoke_ingress(ec2_perm.protocol, ec2_perm.port_range, *revoke_sources)
+          end
+        end
+
+        # add new ingresses
+        group.ingresses.each do |perm|
+          new_sources = []
+          perm.sources.each do |source|
+            if HolePunch.cidr?(source)
+              unless group_has_ingress(ec2_group, perm.type, perm.ports, source)
+                new_sources << source
+              end
+            else
+              ec2_source_group = ec2_groups[source]
+              if ec2_source_group.nil?
+                raise GroupDoesNotExistError, "unknown security group '#{source}"
+              end
+              unless group_has_ingress(ec2_group, perm.type, perm.ports, ec2_source_group)
+                new_sources << ec2_source_group
+              end
+            end
+          end
+          unless new_sources.empty?
+            Logger.log(perm.type, "#{id} #{sources_list_to_s(new_sources)}")
+            ec2_group.authorize_ingress(perm.type, perm.ports, *new_sources)
+          end
+        end
+      end
+    end
+
+
+    private
+      def fetch!
+        @groups = @region.security_groups.to_a
+      end
+
+      def create(name, description)
+        group = @region.security_groups.create(name, description: description)
+        @groups << group
+        group
+      end
+
+      def find(name)
+        @groups.detect { |group| group.name == name }
+      end
+
+      def exists?(name)
+        !find(name).nil?
+      end
+
+      def group_has_ingress(group, protocol, ports, source)
+        ports = ports..ports unless ports.is_a?(Range)
+        is_cidr = HolePunch.cidr?(source)
+        group.ingress_ip_permissions.any? do |perm|
+          if is_cidr
+            perm.protocol == protocol && perm.port_range == ports && perm.ip_ranges.include?(source)
+          else
+            perm.protocol == protocol && perm.port_range == ports && perm.groups.include?(source)
+          end
+        end
+      end
+
+      def sources_list_to_s(sources)
+        sources.map do |source|
+          if source.is_a?(AWS::EC2::SecurityGroup)
+            source.name
+          else
+            source.to_s
+          end.shellescape
+        end.sort.join(' ')
+      end
+  end
+end

data/lib/holepunch/logger.rb

@@ -0,0 +1,54 @@
+#
+# Copyright (C) 2014 Undead Labs, LLC
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+module HolePunch
+  class LoggerOutputStdio
+    def log(msg)
+      $stdout.puts(msg)
+    end
+
+    def fatal(msg)
+      $stderr.puts(msg)
+    end
+  end
+
+  module Logger
+    class << self
+      attr_accessor :verbose
+      attr_accessor :output
+
+      def log(prefix, msg = nil)
+        return unless verbose
+        return if output.nil?
+        if msg.nil?
+          output.log prefix
+        else
+          output.log "#{prefix.to_s.rjust(12)} #{msg}"
+        end
+      end
+
+      def fatal(msg, exit_code = 1)
+        return if output.nil?
+        output.fatal("ERROR: #{msg}")
+        exit(exit_code)
+      end
+    end
+  end
+end

data/lib/holepunch/version.rb

@@ -0,0 +1,23 @@
+#
+# Copyright (C) 2014 Undead Labs, LLC
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+module HolePunch
+  VERSION = '1.0.0'
+end

metadata

@@ -0,0 +1,223 @@
+--- !ruby/object:Gem::Specification
+name: holepunch
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Ben Scott
+- Pat Wyatt
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-06-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.32'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.32'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.8.7
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.8.7
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: |
+  # holepunch
+  [![Build Status](https://travis-ci.org/undeadlabs/holepunch.svg?branch=master)](https://travis-ci.org/undeadlabs/holepunch)
+
+  Holepunch manages AWS EC2 security groups in a declarative way through a DSL.
+
+  ## Requirements
+
+  - Ruby 1.9.3 or newer.
+
+  ## Installation
+
+  ```bash
+  gem install holepunch
+  ```
+
+  or in your Gemfile
+
+  ```ruby
+  gem 'holepunch'
+  ```
+
+  ## Basic Configuration
+
+  You need to provide your AWS security credentials and a region. These can be
+  provided as the command-line options, or you can use the standard AWS
+  environment variables:
+
+  ```bash
+  export AWS_ACCESS_KEY_ID='...'
+  export AWS_SECRET_ACCESS_KEY='...'
+  export AWS_REGION='us-west-2'
+  ```
+
+  ## The SecurityGroups file
+
+  Specify your security groups in a `SecurityGroups` file in your project's root.
+  Declare security groups that you need and the ingresses you want to expose. You
+  can add ingresses using `tcp`, `udp`, and `ping`. For each ingress you can list
+  allowed hosts using group names or CIDR notation.
+
+  ```ruby
+  group 'web' do
+    desc 'Web servers'
+
+    tcp 80
+  end
+
+  group 'db' do
+    desc 'database servers'
+
+    tcp 5432, 'web'
+  end
+
+  group 'log' do
+    desc 'log server'
+
+    tcp 9999, 'web', 'db', '10.1.0.0/16'
+  end
+  ```
+
+  An environment can be specified which is available through the `env` variable.
+  This allows you to have custom security groups per server environment.
+
+  ```ruby
+  group "web-#{env}"
+  group "db-#{env}" do
+    tcp 5432, "web-#{env}"
+  end
+  ```
+
+  Your application may depend on security groups defined by other services. Ensure
+  they exist using the `depends` method.
+
+  ```ruby
+  depends 'my-other-service'
+  group 'my-service' do
+    udp 9999, 'my-other-service'
+  end
+  ```
+
+  You may specify port ranges for `tcp` and `udp` using the range operator.
+
+  ```ruby
+  group 'my-service' do
+    udp 5000..9999, '0.0.0.0/0'
+  end
+  ```
+
+  ## Usage
+
+  Simply navigate to the directory containing your `SecurityGroups` file and run `holepunch`.
+
+  ```
+  $ holepunch
+  ```
+
+  If you need to specify an environment:
+
+  ```
+  $ holepunch -e live
+  ```
+
+  ## Testing
+
+  You can run the unit tests by simply running rspec.
+
+  ```
+  $ rspec
+  ```
+
+  By default the integration tests with EC2 are not run. You may run them with:
+
+  ```
+  $ rspec -t integration
+  ```
+
+  ## Authors
+
+  - Ben Scott (gamepoet@gmail.com)
+  - Pat Wyatt (pat@codeofhonor.com)
+
+  ## License
+
+  Copyright 2014 Undead Labs, LLC.
+
+  Licensed under the MIT License: http://opensource.org/licenses/MIT
+email:
+- gamepoet@gmail.com
+- pat@codeofhonor.com
+executables:
+- holepunch
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/holepunch
+- lib/holepunch.rb
+- lib/holepunch/cli.rb
+- lib/holepunch/definition.rb
+- lib/holepunch/dsl.rb
+- lib/holepunch/ec2.rb
+- lib/holepunch/logger.rb
+- lib/holepunch/version.rb
+homepage: https://github.com/undeadlabs/holepunch
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 1.9.3
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Manage AWS security groups in a declarative way
+test_files: []