RubyGems - kakine - Versions diffs - 0.1.0 → 0.2.0 - Mend

kakine 0.1.0 → 0.2.0

Files changed (11) hide show

checksums.yaml +4 -4
data/README.md +20 -17
data/lib/kakine.rb +5 -0
data/lib/kakine/cli.rb +39 -30
data/lib/kakine/cli/operation.rb +44 -0
data/lib/kakine/diff_parser.rb +88 -0
data/lib/kakine/hash_sort.rb +13 -0
data/lib/kakine/resource.rb +19 -14
data/lib/kakine/security_group.rb +76 -0
data/lib/kakine/version.rb +1 -1
metadata +7 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4768538b225d648ebf64a3eb52c7a2841cb14334
-  data.tar.gz: 5361d5d1eb968a8d238910ff5995fb4ee3b53592
+  metadata.gz: d3f0de2336304ed3476ccfc1b63e2bdc01a9c1cd
+  data.tar.gz: c1b97adbc29b5a659b1fb38b79f04dcb596a1f53
 SHA512:
-  metadata.gz: 5b8b3bc37780557a3c8fe2edd9209aa3f7f36e5de23bd0135f68aff7b541401609e4f77f70c04a3d0a6c803c4403c9d323be2e6d04bd2ed83ca5a620f4573cec
-  data.tar.gz: 5f8b2b5c7389bd4faea0752ff304dada6e433255d5dee7d926c7ec15df4d8281edab36b65597245e36f1157324caa7743c487354aa5ef5d13b4485de3b39bb88
+  metadata.gz: c402eeb05b5d24368f1b66694965fa8fac9116a8354c11a69a33c5bc64695f9d107ed63072f523a1da22d9520bf86eed35bedff78e1811da249ae91b5ccd1c11
+  data.tar.gz: a2c41d220786673210a397f27d049f7d52c6ec5ae5aa623361eb08fd62d8634d7d70350d3a303f931ff2799657d9c1295dc28df9432d065ec9ed61ed9ae2fbde

data/README.md CHANGED

@@ -1,6 +1,6 @@
 # Kakine
-[![Build Status](https://secure.travis-ci.org/hsbt/kaname.png)](https://travis-ci.org/hsbt/kaname)
+[![Build Status](https://secure.travis-ci.org/hsbt/kakine.png)](https://travis-ci.org/hsbt/kakine)
 Kakine(垣根) is configuration management tool of Security Group on OpenStack.
@@ -26,19 +26,22 @@ You can define Security Group configuration for OpenStack via YAML format. Like
 ```yaml
 app:
-  - direction: ingress
-    protocol: tcp
-    port: 443
-    remote_ip: 0.0.0.0/0
-  - direction: ingress
-    protocol: tcp
-    port: 80
-    remote_ip: 0.0.0.0/0
+  rules:
+    - direction: ingress
+      protocol: tcp
+      port: 443
+      remote_ip: 0.0.0.0/0
+    - direction: ingress
+      protocol: tcp
+      port: 80
+      remote_ip: 0.0.0.0/0
+  description: app rules
 rails:
-  - direction: ingress
-    protocol: tcp
-    port: 3000
-    remote_ip: 0.0.0.0/0
+  rules:
+    - direction: ingress
+      protocol: tcp
+      port: 3000
+      remote_ip: 0.0.0.0/0
 ```
 You need to put fog configuration to home directory.
@@ -55,9 +58,9 @@ default:
 run following command.
 ```sh
-$ kakine show tenant_name # show Security Group of tenant_name
-$ kaname apply tenant_name --dryrun # You can see all of invoke commands(dryrun)
-$ kaname apply tenant_name # apply configuration into OpenStack
+$ kakine show -t tenant_name # show Security Group of tenant_name
+$ kaname apply -t tenant_name --dryrun # You can see all of invoke commands(dryrun)
+$ kaname apply -t tenant_name # apply configuration into OpenStack
 ```
 You can create or change Security Group on targeting tenant.
@@ -65,7 +68,7 @@ You can create or change Security Group on targeting tenant.
 If you need to initialize your Security Gruop, you can get it via following command:
 ```sh
-$ kaname show tenant_name > tenant_name.yaml
+$ kaname show -t tenant_name > tenant_name.yaml
 ```
 ## Development

data/lib/kakine.rb CHANGED

@@ -1,7 +1,12 @@
 require "kakine/version"
 require 'kakine/cli'
+require 'kakine/cli/operation'
 require 'kakine/adapter'
 require 'kakine/resource'
+require 'kakine/hash_sort'
+require 'kakine/security_group'
+require 'kakine/diff_parser'
 module Kakine
 end

data/lib/kakine/cli.rb CHANGED

@@ -5,6 +5,7 @@ require 'hashdiff'
 module Kakine
   class CLI < Thor
     option :tenant, type: :string, aliases: '-t'
     desc 'show', 'show Security Groups specified tenant'
     def show
@@ -22,49 +23,57 @@ module Kakine
         Kakine::Adapter::Real.new
       end
+      operation = Kakine::CLI::Operation.new
+      operation.set_adapter(adapter)
       filename = options[:filename] ? options[:filename] : "#{options[:tenant]}.yaml"
-      diffs = HashDiff.diff(Kakine::Resource.security_groups_hash(options[:tenant]), Kakine::Resource.yaml(filename))
+      security_groups = []
+      delay_create = []
+      diffs = HashDiff.diff(
+        Kakine::Resource.security_groups_hash(options[:tenant]),
+        Kakine::Resource.yaml(filename)
+      )
       diffs.each do |diff|
-        sg_name, rule_modification = *diff[1].scan(/^([\w-]+)(\[\d\])?/)[0]
+        security_groups <<  Kakine::SecurityGroup.new(options[:tenant], diff)
+      end
-        if rule_modification # foo[2]
-          security_group = Kakine::Resource.security_group(options[:tenant], sg_name)
-          if diff[2]["remote_group"]
-            remote_security_group = Kakine::Resource.security_group(options[:tenant], diff[2].delete("remote_group"))
-            diff[2]["remote_group_id"] = remote_security_group.id
-          end
-          case diff[0]
-          when "+"
-            diff[2].merge!({"ethertype" => "IPv4", "tenant_id" => Kakine::Resource.tenant(options[:tenant]).id})
-            adapter.create_rule(security_group.id, diff[2]["direction"], diff[2])
-          when "-"
-            security_group_rule = Kakine::Resource.security_group_rule(security_group, diff[2])
-            adapter.delete_rule(security_group_rule.id)
+      security_groups.each do |sg|
+        if sg.update_rule? # foo[2]
+          case
+          when sg.add?
+            operation.create_security_rule(sg)
+          when sg.delete?
+            operation.delete_security_rule(sg)
+          when sg.update_attr?
+            pre_sg = sg.get_prev_instance
+            operation.delete_security_rule(pre_sg)
+            delay_create << sg # avoid duplication entry
           else
             raise
           end
         else # foo
-          case diff[0]
-          when "+"
-            attributes = {name: sg_name, description: "", tenant_id: Kakine::Resource.tenant(options[:tenant]).id}
-            security_group_id = adapter.create_security_group(attributes)
-            diff[2].each do |rule|
-              rule.merge!({"ethertype" => "IPv4", "tenant_id" => Kakine::Resource.tenant(options[:tenant]).id})
-              if rule["remote_group"]
-                remote_security_group = Kakine::Resource.security_group(options[:tenant], rule.delete("remote_group"))
-                rule["remote_group_id"] = remote_security_group.id
-              end
-              adapter.create_rule(security_group_id, rule["direction"], rule)
-            end if diff[2]
-          when "-"
-            security_group = Kakine::Resource.security_group(options[:tenant], sg_name)
-            adapter.delete_security_group(security_group.id)
+          case
+          when sg.add?
+            security_group_id = operation.create_security_group(sg)
+            operation.create_security_rule(sg, security_group_id)
+          when sg.delete?
+            operation.delete_security_group(sg)
+          when sg.update_attr?
+            operation.delete_security_group(sg)
+            security_group_id = operation.create_security_group(sg)
+            operation.create_security_rule(sg, security_group_id)
           else
             raise
           end
         end
       end
+      # update rule attributes delay create
+      delay_create.each do |sg|
+        operation.create_security_rule(sg)
+      end
     end
   end
 end

data/lib/kakine/cli/operation.rb ADDED

@@ -0,0 +1,44 @@
+module Kakine
+  class CLI < Thor
+    class Operation
+      def set_adapter(adapter)
+        @adapter = adapter
+      end
+      def create_security_group(sg)
+        attributes = {name: sg.name, description: sg.description, tenant_id: sg.tenant_id}
+        security_group_id = @adapter.create_security_group(attributes)
+        #delete default rule
+        delete_sg = sg.clone
+        delete_sg.set_default_rules
+        delete_security_rule(delete_sg) unless @adapter.instance_of?(Kakine::Adapter::Mock)
+        security_group_id
+      end
+      def delete_security_group(sg)
+        security_group = Kakine::Resource.security_group(sg.tenant_name, sg.name)
+        @adapter.delete_security_group(security_group.id)
+      end
+      def create_security_rule(sg, security_group_id=nil)
+        if security_group_id.nil?
+          security_group = Kakine::Resource.security_group(sg.tenant_name, sg.name)
+          security_group_id = security_group.id
+        end
+        sg.rules.each do |rule|
+          @adapter.create_rule(security_group_id, rule["direction"], rule)
+        end if sg.has_rules?
+      end
+      def delete_security_rule(sg)
+        security_group = Kakine::Resource.security_group(sg.tenant_name, sg.name)
+        sg.rules.each do |rule|
+          security_group_rule = Kakine::Resource.security_group_rule(security_group, rule)
+          @adapter.delete_rule(security_group_rule.id)
+        end if sg.has_rules?
+      end
+    end
+  end
+end

data/lib/kakine/diff_parser.rb ADDED

@@ -0,0 +1,88 @@
+module Kakine
+ class DiffParser
+    @diff = ""
+    class << self
+      def parse_parameters(tenant_name, diff)
+        @diff = diff
+        registered_sg = Kakine::Resource.security_groups_hash(tenant_name)
+        if ["+", "-"].include?(parse_transaction_type)
+          if unit_is_security_group?
+            rules = parse_security_group["rules"]
+            description = parse_security_group["description"]
+          elsif unit_is_security_rule?
+            rules = [parse_security_group_rule]
+            description = registered_sg[parse_security_group_name]["description"]
+          elsif unit_is_description?
+            raise "description is not exists"
+          end
+        else
+          regex_update_description = /^[\w-]+\.description$/
+          regex_update_rules       = /^[\w-]+\.rules$/
+          regex_update_attr        = /^[\w-]+.[\w]+\[(\d)\].([\w]+)$/
+          if parse_target_object_name.match(regex_update_description)
+            rules = registered_sg[parse_security_group_name]["rules"]
+            description = parse_after_description
+          elsif  parse_target_object_name.match(regex_update_rules)
+            rules = parse_after_rules
+            description = registered_sg[parse_security_group_name]["description"]
+          elsif m = parse_target_object_name.match(regex_update_attr)
+            rules = [registered_sg[parse_security_group_name]["rules"][m[1].to_i]]
+            prev_rules = Marshal.load(Marshal.dump(rules)) # backup before value
+            rules[0][m[2]] = parse_after_attr
+            description = registered_sg[parse_security_group_name]["description"]
+          end
+        end
+        rules ||= []
+        {
+          target_object_name: parse_target_object_name,
+          name: parse_security_group_name,
+          transaction_type: parse_transaction_type,
+          tenant_id: Kakine::Resource.tenant(tenant_name).id,
+          tenant_name: tenant_name,
+          description: description,
+          rules: rules,
+          prev_rules: prev_rules
+        }
+      end
+      def parse_security_group_name
+        parse_target_object_name.split(/[\.\[]/, 2)[0]
+      end
+      def parse_transaction_type
+        @diff[0]
+      end
+      def parse_target_object_name
+        @diff[1]
+      end
+      def parse_security_group
+        @diff[2]
+      end
+      alias :parse_security_group_rule :parse_security_group
+      def parse_after_attr
+        @diff[3]
+      end
+      alias :parse_after_description :parse_after_attr
+      alias :parse_after_rules       :parse_after_attr
+      def unit_is_security_group?
+        parse_security_group && parse_security_group["rules"]
+      end
+      def unit_is_security_rule?
+        !(parse_security_group_rule.nil? || unit_is_description?)
+      end
+      def unit_is_description?
+        parse_target_object_name.index('description')
+      end
+    end
+  end
+end

data/lib/kakine/hash_sort.rb ADDED

@@ -0,0 +1,13 @@
+class Hash
+  def sg_rules_sort
+    self.each do |sg|
+      sg[1]['rules'].sort_by! do |rule|
+        rule.inject(0) do |ascii,(k,v)|
+          ascii += v.ord.to_i unless v.nil?
+          ascii
+        end
+      end unless sg[1].nil? || sg[1]['rules'].nil?
+    end
+    Hash[self]
+  end
+end

data/lib/kakine/resource.rb CHANGED

@@ -1,13 +1,13 @@
+require 'kakine/hash_sort'
 module Kakine
   class Resource
     class << self
       def yaml(filename)
-        YAML.load_file(filename).to_hash
+        YAML.load_file(filename).to_hash.sg_rules_sort
       end
       def tenant(tenant_name)
-        tenants = Fog::Identity[:openstack].tenants
-        tenants.detect{|t| t.name == tenant_name}
+        @tenant ||= Fog::Identity[:openstack].tenants.detect{|t| t.name == tenant_name}
       end
       def security_group(tenant_name, security_group_name)
@@ -24,24 +24,31 @@ module Kakine
           sg.protocol == attributes["protocol"] &&
           sg.port_range_max == attributes["port_range_max"] &&
           sg.port_range_min == attributes["port_range_min"] &&
-          sg.remote_ip_prefix == attributes["remote_ip"] &&
-          sg.remote_group_id == attributes["remote_group_id"]
+          (
+            (
+              sg.remote_ip_prefix == attributes["remote_ip"] &&
+              sg.ethertype == attributes["ethertype"]
+            ) ||
+            (
+              sg.remote_group_id == attributes["remote_group_id"] &&
+              !attributes["remote_group_id"].nil?
+            )
+          )
         end
       end
       def security_groups_on_tenant(tenant_name)
-        security_groups = Fog::Network[:openstack].security_groups
-        security_groups.select{|sg| sg.tenant_id == tenant(tenant_name).id}
+        Fog::Network[:openstack].security_groups.select{|sg| sg.tenant_id == tenant(tenant_name).id}
       end
       def security_groups_hash(tenant_name)
-        sg_hash = {}
+        sg_hash = Hash.new { |h,k| h[k] = {} }
         security_groups_on_tenant(tenant_name).each do |sg|
-          sg_hash[sg.name] = format_security_group(sg)
+          sg_hash[sg.name]["rules"]       = format_security_group(sg)
+          sg_hash[sg.name]["description"] = sg.description
         end
-        sg_hash
+        sg_hash.sg_rules_sort
       end
       def format_security_group(security_group)
@@ -49,7 +56,6 @@ module Kakine
         security_group.security_group_rules.each do |rule|
           rule_hash = {}
           rule_hash["direction"] = rule.direction
           rule_hash["protocol"] = rule.protocol
@@ -65,11 +71,10 @@ module Kakine
             rule_hash["remote_group"] = response.data[:body]["security_group"]["name"]
           else
             rule_hash["remote_ip"] = rule.remote_ip_prefix
+            rule_hash["ethertype"] = rule.ethertype
           end
           rules << rule_hash
         end
         rules
       end
     end

data/lib/kakine/security_group.rb ADDED

@@ -0,0 +1,76 @@
+module Kakine
+  class SecurityGroup
+    attr_reader :target_object_name, :name, :transaction_type, :tenant_id, :tenant_name, :description, :rules, :prev_rules
+    def initialize(tenant_name, diff)
+      unset_security_rules
+      Kakine::DiffParser.parse_parameters(tenant_name, diff).each do|k,v|
+        instance_variable_set(eval(":@#{k.to_s}"), v)
+      end
+      set_remote_security_group_id
+    end
+    def initialize_copy(obj)
+      @rules = Marshal.load(Marshal.dump(obj.rules))
+      @prev_rules = Marshal.load(Marshal.dump(obj.prev_rules))
+      unset_security_rules
+    end
+    def has_rules?
+      @rules.detect {|v| !v.nil? && v.size > 0}
+    end
+    def add?
+      @transaction_type == "+"
+    end
+    def delete?
+      @transaction_type == "-"
+    end
+    def update_attr?
+      @transaction_type == "~"
+    end
+    def update_rule?
+      !@target_object_name.split(/[\[]/, 2)[1].nil?
+    end
+    def get_prev_instance
+      prev_sg = self.clone
+      prev_sg.add_security_rules(@prev_rules)
+      prev_sg
+    end
+    def set_default_rules
+      unset_security_rules
+      ["IPv4", "IPv6"].each do |ip|
+          add_security_rules({"direction"=>"egress", "protocol"=>nil, "port"=>nil, "remote_ip"=>nil, "ethertype"=>ip})
+      end
+    end
+    def add_security_rules(rule)
+      case
+        when rule.instance_of?(Array)
+          @rules = rule
+        when rule.instance_of?(Hash)
+          @rules << rule
+      end
+    end
+    private
+    def unset_security_rules
+      @rules = []
+    end
+    def set_remote_security_group_id
+      @rules.each do |rule|
+        unless rule['remote_group'].nil?
+          remote_security_group = Kakine::Resource.security_group(@tenant_name, rule.delete("remote_group"))
+          rule["remote_group_id"] = remote_security_group.id
+        end
+      end if has_rules?
+    end
+  end
+end

data/lib/kakine/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Kakine
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kakine
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - SHIBATA Hiroshi
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2015-04-27 00:00:00.000000000 Z
+date: 2015-05-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fog
@@ -131,7 +131,11 @@ files:
 - lib/kakine/adapter/mock.rb
 - lib/kakine/adapter/real.rb
 - lib/kakine/cli.rb
+- lib/kakine/cli/operation.rb
+- lib/kakine/diff_parser.rb
+- lib/kakine/hash_sort.rb
 - lib/kakine/resource.rb
+- lib/kakine/security_group.rb
 - lib/kakine/version.rb
 homepage: https://github.com/hsbt/kakine
 licenses:
@@ -153,7 +157,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.6
+rubygems_version: 2.4.7
 signing_key:
 specification_version: 4
 summary: Security Group configuration tool for OpenStack.