holepunch 1.0.1 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2b279b2eeb6d71a22be15c89d5df8d0a5809f626
-  data.tar.gz: b8f9c861cb294128f381b9e6742e76ca2c63c668
+  metadata.gz: ee112b10944d69873e6fcf50a0b1536a5adfb88c
+  data.tar.gz: f40ac7918db97e6fd64470b40358fe344d456380
 SHA512:
-  metadata.gz: d82f17fcf4e7881ce29141b13801b527483a964e8f42cd45d82cbd5049f3a753449374b2a40d57b388f3c1ea0ef9c9f618296e52d68d6a71d84b1f418b429bb0
-  data.tar.gz: 6e4ebfa45a20aa7f4fc5b034c7f8bfde3b45c56c5eb7e96dd6ea23042109faa8d476755a638c15c79aa73c11024aae7e5cda6ff103b6460701d66b43b7e82b69
+  metadata.gz: 4330a09b9e4e9fc291c3910395bb160bf97a94ba52404113eb6cee6386fe9a9ceadbfd60296c8f5e2efd83f389ae80978d1ec764afee411bc919447e3ae93764
+  data.tar.gz: 828ad00eb16a838923cd72be646348ac4745bee98bdadd19d4faf7c07d5a5322db96edba8cfd06881b40755c7346ca81b41bd458b5dc7718264b56fb24ba2cab

data/bin/holepunch

@@ -23,4 +23,4 @@ lib = File.expand_path('../../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'holepunch/cli'
 
-HolePunch::Cli.new.execute!(ARGV.dup)
+HolePunch::CLI.start(ARGV.dup)

data/lib/holepunch.rb

@@ -33,8 +33,28 @@ module HolePunch
   class GroupDoesNotExistError < HolePunchError; end
   class SecurityGroupsFileNotFoundError < HolePunchError; end
   class SecurityGroupsFileError < HolePunchError; end
+  class ServiceDoesNotExistError < HolePunchError; end
 
   class << self
+    # Examines the given SecurityGroups file for the given service and returns
+    # a list of the security groups that make up that service.
+    #
+    # @param filename [String]      the path to the SecurityGroups file
+    # @param env      [String, nil] the environment
+    # @param name     [String]      the name of the service to query
+    #
+    # @return [Array<String>] the list of security group names
+    def service_groups(filename, env, name)
+      definition = Definition.build(filename, env)
+      service = definition.services[name]
+      raise ServiceDoesNotExistError, "service '#{name}' not found" if service.nil?
+      service.groups
+    end
+
+    #
+    # private helpers
+    #
+
     def cidr?(value)
       value.to_s =~ /\d+\.\d+\.\d+\.\d+\/\d+/
     end

data/lib/holepunch/cli.rb

@@ -19,33 +19,41 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 require 'holepunch'
-require 'optparse'
+require 'thor'
 
 module HolePunch
-  class Options < Struct.new(
-    :aws_access_key_id,
-    :aws_region,
-    :aws_secret_access_key,
-    :env,
-    :filename,
-    :verbose
-  ); end
-
-  class Cli
-    def initialize
+  class CLI < Thor
+    def initialize(*args)
+      super
       Logger.output = LoggerOutputStdio.new
     end
 
-    def execute!(args)
-      opts = parse_opts(args)
-      Logger.verbose = opts.verbose
+    default_task :apply
 
-      definition = Definition.build(opts.filename, opts.env)
+    option :'aws-access-key',         aliases: :A, type: :string, default: ENV['AWS_ACCESS_KEY_ID'], desc:
+      'Your AWS Access Key ID'
+    option :'aws-secret-access-key',  aliases: :k, type: :string, default: ENV['AWS_SECRET_ACCESS_KEY'], desc:
+      'Your AWS API Secret Access Key'
+    option :'aws-region',             aliases: :r, type: :string, default: ENV['AWS_REGION'], desc:
+      'Your AWS region'
+    option :env,                      aliases: :e, type: :string, desc:
+      'Set the environment'
+    option :file,                     aliases: :f, type: :string, default: "#{Dir.pwd}/SecurityGroups", desc:
+      'The location of the SecurityGroups file to use'
+    option :verbose,                  aliases: :v, type: :boolean, desc:
+      'Enable verbose output'
+    desc 'apply [OPTIONS]', 'apply the defined security groups to ec2'
+    def apply
+      Logger.fatal("AWS Access Key ID not defined. Use --aws-access-key or AWS_ACCESS_KEY_ID") if options[:'aws-access-key'].nil?
+      Logger.fatal("AWS Secret Access Key not defined. Use --aws-secret-access-key or AWS_SECRET_ACCESS_KEY") if options[:'aws-secret-access-key'].nil?
+      Logger.fatal("AWS Region not defined. Use --aws-region or AWS_REGION") if options[:'aws-region'].nil?
+      Logger.verbose = options[:verbose]
 
+      definition = Definition.build(options[:file], options[:env])
       ec2 = EC2.new({
-        access_key_id:     opts.aws_access_key_id,
-        secret_access_key: opts.aws_secret_access_key,
-        region:            opts.aws_region,
+        access_key_id:     options[:'aws-access-key'],
+        secret_access_key: options[:'aws-secret-access-key'],
+        region:            options[:'aws-region'],
       })
       ec2.apply(definition)
 
@@ -55,55 +63,45 @@ module HolePunch
       Logger.fatal(e.message)
     end
 
-    private
-      def parse_opts(args)
-        opts                       = Options.new
-        opts.aws_access_key_id     = ENV['AWS_ACCESS_KEY_ID']
-        opts.aws_secret_access_key = ENV['AWS_SECRET_ACCESS_KEY']
-        opts.aws_region            = ENV['AWS_REGION']
-        opts.env                   = nil
-        opts.filename              = "#{Dir.pwd}/SecurityGroups"
-        opts.verbose               = false
+    option :env,                      aliases: :e, type: :string, desc:
+      'Set the environment'
+    option :file,                     aliases: :f, type: :string, default: "#{Dir.pwd}/SecurityGroups", desc:
+      'The location of the SecurityGroups file to use'
+    option :list,                                  type: :boolean, desc:
+      'List all services instead'
+    option :verbose,                  aliases: :v, type: :boolean, desc:
+      'Enable verbose output'
+    desc 'service NAME', 'output the list of security groups for a service'
+    def service(name = nil)
+      Logger.verbose = options[:verbose]
 
-        OptionParser.new(<<-EOS.gsub(/^ {10}/, '')
-          Usage: holepunch [options]
+      definition = Definition.build(options[:file], options[:env])
 
-          Options:
-        EOS
-        ) do |parser|
-          parser.on('-A', '--aws-access-key KEY', String, 'Your AWS Access Key ID') do |value|
-            opts.aws_access_key_id = value
-          end
-          parser.on('-e', '--env ENV', String, 'Set the environment') do |value|
-            opts.env = value
-          end
-          parser.on('-f', '--file FILENAME', String, 'The location of the SecurityGroups file to use') do |value|
-            opts.filename = value
-          end
-          parser.on('-K', '--aws-secret-access-key SECRET', String, 'Your AWS API Secret Access Key') do |value|
-            opts.aws_secret_access_key = value
-          end
-          parser.on('-r', '--aws-region REGION', String, 'Your AWS region') do |v|
-            opts.aws_region = v
-          end
-          parser.on('-v', '--verbose', 'verbose output') do |v|
-            opts.verbose = v
-          end
-          parser.on('-V', '--version', 'display the version and exit') do
-            puts VERSION
-            exit
-          end
-          parser.on_tail('-h', '--help', 'show this message') do
-            puts parser
-            exit
-          end
-        end.parse!(args)
+      if options[:list]
+        definition.services.keys.sort.each do |name|
+          puts name
+        end
+      else
+        service = definition.services[name]
+        Logger.fatal("service '#{name}' not found") if service.nil?
+        puts service.groups.sort.join(',')
+      end
 
-        Logger.fatal("AWS Access Key ID not defined. Use --aws-access-key or AWS_ACCESS_KEY_ID") if opts.aws_access_key_id.nil?
-        Logger.fatal("AWS Secret Access Key not defined. Use --aws-secret-access-key or AWS_SECRET_ACCESS_KEY") if opts.aws_secret_access_key.nil?
-        Logger.fatal("AWS Region not defined. Use --aws-region or AWS_REGION") if opts.aws_region.nil?
+    rescue EnvNotDefinedError => e
+      Logger.fatal('You have security groups that use an environment, but you did not specify one. See --help')
+    rescue HolePunchError => e
+      Logger.fatal(e.message)
+    end
+
+    desc 'version', 'display the version and exit'
+    def version
+      puts VERSION
+    end
+    map %w(-V --version) => :version
 
-        opts
+    protected
+      def exit_on_failure?
+        true
       end
   end
 end

data/lib/holepunch/definition.rb

@@ -19,6 +19,15 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 module HolePunch
+  class Service
+    attr_accessor :id, :groups
+
+    def initialize(id)
+      @id = id
+      @groups = []
+    end
+  end
+
   class SecurityGroup
     attr_accessor :id, :desc, :dependency, :ingresses
 
@@ -59,6 +68,7 @@ module HolePunch
   class Definition
     attr_reader :env
     attr_reader :groups
+    attr_reader :services
 
     class << self
       def build(file, env)
@@ -74,6 +84,7 @@ module HolePunch
     def initialize(env = nil)
       @env = env
       @groups = {}
+      @services = {}
     end
 
     def add_group(group)
@@ -93,6 +104,15 @@ module HolePunch
           end
         end
       end
+
+      # verify service group references are defined
+      services.each do |name, service|
+        service.groups.each do |group|
+          unless groups.include?(group)
+            raise GroupDoesNotExistError, "group '#{group}' referenced by service '#{name}' does not exist"
+          end
+        end
+      end
     end
   end
 end

data/lib/holepunch/dsl.rb

@@ -21,79 +21,104 @@
 require 'pathname'
 
 module HolePunch
-  class DSL
-    attr_reader :groups
+  class BaseDSL
+    def initialize(env, model)
+      @env = env
+      @model = model
+    end
 
-    def self.evaluate(filename, env = nil)
-      DSL.new(env).eval_dsl(filename)
+    def eval_dsl(filename = nil, &block)
+      if !filename.nil?
+        instance_eval(HolePunch.read_file(filename.to_s), filename.to_s, 1)
+      else
+        instance_eval(&block) if block_given?
+      end
+      @model
     end
 
-    def initialize(env)
-      @definition = Definition.new(env)
-      @group = nil
-      @groups = {}
+    def env
+      raise EnvNotDefinedError, 'env not defined' if @env.nil?
+      @env
     end
+  end
 
-    def eval_dsl(filename)
-      instance_eval(HolePunch.read_file(filename.to_s), filename.to_s, 1)
-      @definition.validate!
-      @definition
-    rescue SyntaxError => e
-      raise SecurityGroupsFileError, "SecurityGroups syntax error #{e.message.gsub("#{filename.to_s}:", 'on line ')}"
+  class ServiceDSL < BaseDSL
+    def self.evaluate(env, *args, &block)
+      new(env, *args).eval_dsl(&block)
     end
 
-    def env
-      raise EnvNotDefinedError, 'env not defined' if @definition.env.nil?
-      @definition.env
+    def initialize(env, id)
+      super(env, Service.new(id))
     end
 
-    def depends(id)
-      id = id.to_s
-      raise GroupError, "duplicate group id #{id}" if @definition.groups.include?(id)
-      raise HolePunchSyntaxError, "dependency group #{id} cannot have a block" if block_given?
-      @group            = SecurityGroup.new(id, dependency: true)
-      @definition.add_group(@group)
-      yield if block_given?
-    ensure
-      @group = nil
+    def groups(*ids)
+      @model.groups.concat(ids.flatten)
     end
+  end
 
-    def group(id, &block)
-      id = id.to_s
-      raise GroupError, "duplicate group id #{id}" if @definition.groups.include?(id)
-      @group            = SecurityGroup.new(id, dependency: false)
-      @definition.add_group(@group)
-      yield if block_given?
-    ensure
-      @group = nil
+  class GroupDSL < BaseDSL
+    def self.evaluate(env, *args, &block)
+      new(env, *args).eval_dsl(&block)
+    end
+
+    def initialize(env, id)
+      super(env, SecurityGroup.new(id, dependency: false))
     end
 
     def desc(str)
-      raise HolePunchSyntaxError, 'desc must be used inside a group' if @group.nil?
-      raise HolePunchSyntaxError, 'desc cannot be used in a dependency group (the group is expected to be already defined elsewhere)' if @group.dependency
-      @group.desc = str
+      @model.desc = str
     end
 
     def icmp(*sources)
-      raise HolePunchSyntaxError, 'ping/icmp must be used inside a group' if @group.nil?
-      raise HolePunchSyntaxError, 'ping/icmp cannot be used in a dependency group (the group is expected to be already defined elsewhere)' if @group.dependency
       sources << '0.0.0.0/0' if sources.empty?
-      @group.ingresses << Permission.new(:icmp, nil, sources.flatten)
+      @model.ingresses << Permission.new(:icmp, nil, sources.flatten)
     end
     alias_method :ping, :icmp
 
     def tcp(ports, *sources)
-      raise HolePunchSyntaxError, 'tcp must be used inside a group' if @group.nil?
-      raise HolePunchSyntaxError, 'tcp cannot be used in a dependency group (the group is expected to be already defined elsewhere)' if @group.dependency
       sources << '0.0.0.0/0' if sources.empty?
-      @group.ingresses << Permission.new(:tcp, ports, sources.flatten)
+      @model.ingresses << Permission.new(:tcp, ports, sources.flatten)
     end
 
     def udp(ports, *sources)
-      raise HolePunchSyntaxError, 'udp must be used inside a group' if @group.nil?
-      raise HolePunchSyntaxError, 'udp cannot be used in a dependency group (the group is expected to be already defined elsewhere)' if @group.dependency
       sources << '0.0.0.0/0' if sources.empty?
-      @group.ingresses << Permission.new(:udp, ports, sources.flatten)
+      @model.ingresses << Permission.new(:udp, ports, sources.flatten)
+    end
+  end
+
+  class DSL < BaseDSL
+    def self.evaluate(filename, env)
+      DSL.new(env).eval_dsl(filename)
+    end
+
+    def initialize(env)
+      super(env, Definition.new(env))
+    end
+
+    def eval_dsl(filename)
+      super(filename)
+      @model.validate!
+      @model
+    rescue SyntaxError => e
+      raise SecurityGroupsFileError, "SecurityGroups syntax error #{e.message.gsub("#{filename.to_s}:", 'on line ')}"
+    end
+
+    def depends(id)
+      id = id.to_s
+      raise GroupError, "duplicate group id #{id}" if @model.groups.include?(id)
+      raise HolePunchSyntaxError, "dependency group #{id} cannot have a block" if block_given?
+      @model.add_group(SecurityGroup.new(id, dependency: true))
+    end
+
+    def group(id, &block)
+      id = id.to_s
+      raise GroupError, "duplicate group id #{id}" if @model.groups.include?(id)
+      @model.add_group(GroupDSL.evaluate(@env, id, &block))
+    end
+
+    def service(id, &block)
+      id = id.to_s
+      @model.services[id] = ServiceDSL.evaluate(@env, id, &block)
     end
   end
 end

data/lib/holepunch/version.rb

@@ -19,5 +19,5 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 module HolePunch
-  VERSION = '1.0.1'
+  VERSION = '1.1.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: holepunch
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.0
 platform: ruby
 authors:
 - Ben Scott
@@ -9,8 +9,22 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-06-16 00:00:00.000000000 Z
+date: 2014-07-01 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.19'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.19'
 - !ruby/object:Gem::Dependency
   name: aws-sdk
   requirement: !ruby/object:Gem::Requirement
@@ -119,9 +133,9 @@ description: |
   This allows you to have custom security groups per server environment.
 
   ```ruby
-  group "web-#{env}"
-  group "db-#{env}" do
-    tcp 5432, "web-#{env}"
+  group "#{env}-web"
+  group "#{env}-db" do
+    tcp 5432, "#{env}-web"
   end
   ```
 
@@ -143,6 +157,26 @@ description: |
   end
   ```
 
+  You can specify ping/icmp rules with `icmp` (alias: `ping`).
+
+  ```ruby
+  group 'my-service' do
+    ping '10.0.0.0/16'
+  end
+
+  It can be useful to describe groups of security groups you plan to launch
+  instances with by using the `service` declaration.
+
+  ```ruby
+  service "#{env}-web" do
+    groups %W(
+      admin
+      #{env}-log-producer
+      #{env}-web
+    )
+  end
+  ```
+
   ## Usage
 
   Simply navigate to the directory containing your `SecurityGroups` file and run `holepunch`.
@@ -157,6 +191,19 @@ description: |
   $ holepunch -e live
   ```
 
+  You can get a list of security groups for a service using the `service` subcommand.
+
+  ```
+  $ holepunch service -e prod prod-web
+  admin,prod-log-producer,prod-web
+  ```
+
+  You can also get a list of all defined services.
+
+  ```
+  $ holepunch service --list
+  ```
+
   ## Testing
 
   You can run the unit tests by simply running rspec.