kakine 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 4768538b225d648ebf64a3eb52c7a2841cb14334
+  data.tar.gz: 5361d5d1eb968a8d238910ff5995fb4ee3b53592
+SHA512:
+  metadata.gz: 5b8b3bc37780557a3c8fe2edd9209aa3f7f36e5de23bd0135f68aff7b541401609e4f77f70c04a3d0a6c803c4403c9d323be2e6d04bd2ed83ca5a620f4573cec
+  data.tar.gz: 5f8b2b5c7389bd4faea0752ff304dada6e433255d5dee7d926c7ec15df4d8281edab36b65597245e36f1157324caa7743c487354aa5ef5d13b4485de3b39bb88

data/.gitignore

@@ -0,0 +1,10 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/*.yaml

data/.travis.yml

@@ -0,0 +1,5 @@
+language: ruby
+rvm:
+  - 2.0.0
+  - 2.1.6
+  - 2.2.2

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in kakine.gemspec
+gemspec

data/README.md

@@ -0,0 +1,83 @@
+# Kakine
+
+[![Build Status](https://secure.travis-ci.org/hsbt/kaname.png)](https://travis-ci.org/hsbt/kaname)
+
+Kakine(垣根) is configuration management tool of Security Group on OpenStack.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'kakine'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install kakine
+
+## Usage
+
+You can define Security Group configuration for OpenStack via YAML format. Like following syntax.
+
+```yaml
+app:
+  - direction: ingress
+    protocol: tcp
+    port: 443
+    remote_ip: 0.0.0.0/0
+  - direction: ingress
+    protocol: tcp
+    port: 80
+    remote_ip: 0.0.0.0/0
+rails:
+  - direction: ingress
+    protocol: tcp
+    port: 3000
+    remote_ip: 0.0.0.0/0
+```
+
+You need to put fog configuration to home directory.
+
+```sh
+% cat ~/.fog
+default:
+  openstack_auth_url: "http://your-openstack-endpoint/v2.0/tokens"
+  openstack_username: "admin"
+  openstack_tenant: "admin"
+  openstack_api_key: "admin-no-password"
+```
+
+run following command.
+
+```sh
+$ kakine show tenant_name # show Security Group of tenant_name
+$ kaname apply tenant_name --dryrun # You can see all of invoke commands(dryrun)
+$ kaname apply tenant_name # apply configuration into OpenStack
+```
+
+You can create or change Security Group on targeting tenant.
+
+If you need to initialize your Security Gruop, you can get it via following command:
+
+```sh
+$ kaname show tenant_name > tenant_name.yaml
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release` to create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+1. Fork it ( https://github.com/hsbt/kakine/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,9 @@
+require "bundler/gem_tasks"
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << "test"
+  t.test_files = FileList['test/test_*.rb']
+end
+
+task(default: :test)

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "kakine"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/exe/kakine

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+$: << File.expand_path("#{File.dirname __FILE__}/../lib")
+require 'rubygems'
+require 'kakine'
+
+Kakine::CLI.start

data/kakine.gemspec

@@ -0,0 +1,30 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'kakine/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "kakine"
+  spec.version       = Kakine::VERSION
+  spec.authors       = ["SHIBATA Hiroshi"]
+  spec.email         = ["hsbt@ruby-lang.org"]
+
+  spec.summary       = %q{Security Group configuration tool for OpenStack.}
+  spec.description   = %q{Security Group configuration tool for OpenStack. You can apply simple YAML definition into Security Group on OpenStack.}
+  spec.homepage      = "https://github.com/hsbt/kakine"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'fog'
+  spec.add_dependency 'thor'
+  spec.add_dependency 'hashdiff'
+
+  spec.add_development_dependency "bundler"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "minitest"
+  spec.add_development_dependency "mocha"
+end

data/lib/kakine.rb

@@ -0,0 +1,7 @@
+require "kakine/version"
+require 'kakine/cli'
+require 'kakine/adapter'
+require 'kakine/resource'
+
+module Kakine
+end

data/lib/kakine/adapter.rb

@@ -0,0 +1,2 @@
+require 'kakine/adapter/real'
+require 'kakine/adapter/mock'

data/lib/kakine/adapter/mock.rb

@@ -0,0 +1,34 @@
+module Kakine
+  class Adapter
+    class Mock
+      def create_rule(security_group_id, direction, attributes)
+        attributes.delete("direction")
+        if attributes["port"]
+          attributes["port_range_max"] = attributes["port_range_min"] = attributes.delete("port")
+        end
+        if attributes["remote_ip"]
+          attributes["remote_ip_prefix"] = attributes.delete("remote_ip")
+        end
+
+        data = {}
+        attributes.each{|k,v| data[k.to_sym] = v}
+        puts "Create Rule: #{security_group_id} - #{direction}: #{attributes}"
+      end
+
+      def delete_rule(security_group_rule_id)
+        puts "Delete Rule: #{security_group_rule_id}"
+      end
+
+      def create_security_group(attributes)
+        data = {}
+        attributes.each{|k,v| data[k.to_sym] = v}
+        puts "Create Security Group: #{data}"
+        "[Mock] #{attributes[:name]} ID"
+      end
+
+      def delete_security_group(security_group_id)
+        puts "Delete Security Group: #{security_group_id}"
+      end
+    end
+  end
+end

data/lib/kakine/adapter/real.rb

@@ -0,0 +1,34 @@
+module Kakine
+  class Adapter
+    class Real
+      def create_rule(security_group_id, direction, attributes)
+        attributes.delete("direction")
+        if attributes["port"]
+          attributes["port_range_max"] = attributes["port_range_min"] = attributes.delete("port")
+        end
+        if attributes["remote_ip"]
+          attributes["remote_ip_prefix"] = attributes.delete("remote_ip")
+        end
+
+        data = {}
+        attributes.each{|k,v| data[k.to_sym] = v}
+        Fog::Network[:openstack].create_security_group_rule(security_group_id, direction, data)
+      end
+
+      def delete_rule(security_group_rule_id)
+        Fog::Network[:openstack].delete_security_group_rule(security_group_rule_id)
+      end
+
+      def create_security_group(attributes)
+        data = {}
+        attributes.each{|k,v| data[k.to_sym] = v}
+        response = Fog::Network[:openstack].create_security_group(data)
+        response.data[:body]["security_group"]["id"]
+      end
+
+      def delete_security_group(security_group_id)
+        Fog::Network[:openstack].delete_security_group(security_group_id)
+      end
+    end
+  end
+end

data/lib/kakine/cli.rb

@@ -0,0 +1,70 @@
+require 'thor'
+require 'fog'
+require 'yaml'
+require 'hashdiff'
+
+module Kakine
+  class CLI < Thor
+    option :tenant, type: :string, aliases: '-t'
+    desc 'show', 'show Security Groups specified tenant'
+    def show
+      puts Kakine::Resource.security_groups_hash(options[:tenant]).to_yaml
+    end
+
+    option :tenant, type: :string, aliases: "-t"
+    option :dryrun, type: :boolean, aliases: "-d"
+    option :filename, type: :string, aliases: "-f"
+    desc 'apply', "apply local configuration into OpenStack"
+    def apply
+      adapter = if options[:dryrun]
+        Kakine::Adapter::Mock.new
+      else
+        Kakine::Adapter::Real.new
+      end
+
+      filename = options[:filename] ? options[:filename] : "#{options[:tenant]}.yaml"
+      diffs = HashDiff.diff(Kakine::Resource.security_groups_hash(options[:tenant]), Kakine::Resource.yaml(filename))
+
+      diffs.each do |diff|
+        sg_name, rule_modification = *diff[1].scan(/^([\w-]+)(\[\d\])?/)[0]
+
+        if rule_modification # foo[2]
+          security_group = Kakine::Resource.security_group(options[:tenant], sg_name)
+          if diff[2]["remote_group"]
+            remote_security_group = Kakine::Resource.security_group(options[:tenant], diff[2].delete("remote_group"))
+            diff[2]["remote_group_id"] = remote_security_group.id
+          end
+          case diff[0]
+          when "+"
+            diff[2].merge!({"ethertype" => "IPv4", "tenant_id" => Kakine::Resource.tenant(options[:tenant]).id})
+            adapter.create_rule(security_group.id, diff[2]["direction"], diff[2])
+          when "-"
+            security_group_rule = Kakine::Resource.security_group_rule(security_group, diff[2])
+            adapter.delete_rule(security_group_rule.id)
+          else
+            raise
+          end
+        else # foo
+          case diff[0]
+          when "+"
+            attributes = {name: sg_name, description: "", tenant_id: Kakine::Resource.tenant(options[:tenant]).id}
+            security_group_id = adapter.create_security_group(attributes)
+            diff[2].each do |rule|
+              rule.merge!({"ethertype" => "IPv4", "tenant_id" => Kakine::Resource.tenant(options[:tenant]).id})
+              if rule["remote_group"]
+                remote_security_group = Kakine::Resource.security_group(options[:tenant], rule.delete("remote_group"))
+                rule["remote_group_id"] = remote_security_group.id
+              end
+              adapter.create_rule(security_group_id, rule["direction"], rule)
+            end if diff[2]
+          when "-"
+            security_group = Kakine::Resource.security_group(options[:tenant], sg_name)
+            adapter.delete_security_group(security_group.id)
+          else
+            raise
+          end
+        end
+      end
+    end
+  end
+end

data/lib/kakine/resource.rb

@@ -0,0 +1,77 @@
+module Kakine
+  class Resource
+    class << self
+      def yaml(filename)
+        YAML.load_file(filename).to_hash
+      end
+
+      def tenant(tenant_name)
+        tenants = Fog::Identity[:openstack].tenants
+        tenants.detect{|t| t.name == tenant_name}
+      end
+
+      def security_group(tenant_name, security_group_name)
+        security_groups_on_tenant(tenant_name).detect{|sg| sg.name == security_group_name}
+      end
+
+      def security_group_rule(security_group, attributes)
+        security_group.security_group_rules.detect do |sg|
+          if attributes["port"]
+            attributes["port_range_max"] = attributes["port_range_min"] = attributes["port"]
+          end
+
+          sg.direction == attributes["direction"] &&
+          sg.protocol == attributes["protocol"] &&
+          sg.port_range_max == attributes["port_range_max"] &&
+          sg.port_range_min == attributes["port_range_min"] &&
+          sg.remote_ip_prefix == attributes["remote_ip"] &&
+          sg.remote_group_id == attributes["remote_group_id"]
+        end
+      end
+
+      def security_groups_on_tenant(tenant_name)
+        security_groups = Fog::Network[:openstack].security_groups
+        security_groups.select{|sg| sg.tenant_id == tenant(tenant_name).id}
+      end
+
+      def security_groups_hash(tenant_name)
+        sg_hash = {}
+
+        security_groups_on_tenant(tenant_name).each do |sg|
+          sg_hash[sg.name] = format_security_group(sg)
+        end
+
+        sg_hash
+      end
+
+      def format_security_group(security_group)
+        rules = []
+
+        security_group.security_group_rules.each do |rule|
+          rule_hash = {}
+
+          rule_hash["direction"] = rule.direction
+          rule_hash["protocol"] = rule.protocol
+
+          if rule.port_range_max == rule.port_range_min
+            rule_hash["port"] = rule.port_range_max
+          else
+            rule_hash["port_range_max"] = rule.port_range_max
+            rule_hash["port_range_min"] = rule.port_range_min
+          end
+
+          if rule.remote_group_id
+            response = Fog::Network[:openstack].get_security_group(rule.remote_group_id)
+            rule_hash["remote_group"] = response.data[:body]["security_group"]["name"]
+          else
+            rule_hash["remote_ip"] = rule.remote_ip_prefix
+          end
+
+          rules << rule_hash
+        end
+
+        rules
+      end
+    end
+  end
+end

data/lib/kakine/version.rb

@@ -0,0 +1,3 @@
+module Kakine
+  VERSION = "0.1.0"
+end

metadata

@@ -0,0 +1,161 @@
+--- !ruby/object:Gem::Specification
+name: kakine
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- SHIBATA Hiroshi
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-04-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: fog
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: hashdiff
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Security Group configuration tool for OpenStack. You can apply simple
+  YAML definition into Security Group on OpenStack.
+email:
+- hsbt@ruby-lang.org
+executables:
+- kakine
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- exe/kakine
+- kakine.gemspec
+- lib/kakine.rb
+- lib/kakine/adapter.rb
+- lib/kakine/adapter/mock.rb
+- lib/kakine/adapter/real.rb
+- lib/kakine/cli.rb
+- lib/kakine/resource.rb
+- lib/kakine/version.rb
+homepage: https://github.com/hsbt/kakine
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
+specification_version: 4
+summary: Security Group configuration tool for OpenStack.
+test_files: []
+has_rdoc: