RubyGems - kakine - Versions diffs - 0.1.0 → 0.2.0 - Mend

kakine 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/README.md +20 -17
data/lib/kakine.rb +5 -0
data/lib/kakine/cli.rb +39 -30
data/lib/kakine/cli/operation.rb +44 -0
data/lib/kakine/diff_parser.rb +88 -0
data/lib/kakine/hash_sort.rb +13 -0
data/lib/kakine/resource.rb +19 -14
data/lib/kakine/security_group.rb +76 -0
data/lib/kakine/version.rb +1 -1
metadata +7 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4768538b225d648ebf64a3eb52c7a2841cb14334
-  data.tar.gz: 5361d5d1eb968a8d238910ff5995fb4ee3b53592
+  metadata.gz: d3f0de2336304ed3476ccfc1b63e2bdc01a9c1cd
+  data.tar.gz: c1b97adbc29b5a659b1fb38b79f04dcb596a1f53
 SHA512:
-  metadata.gz: 5b8b3bc37780557a3c8fe2edd9209aa3f7f36e5de23bd0135f68aff7b541401609e4f77f70c04a3d0a6c803c4403c9d323be2e6d04bd2ed83ca5a620f4573cec
-  data.tar.gz: 5f8b2b5c7389bd4faea0752ff304dada6e433255d5dee7d926c7ec15df4d8281edab36b65597245e36f1157324caa7743c487354aa5ef5d13b4485de3b39bb88
+  metadata.gz: c402eeb05b5d24368f1b66694965fa8fac9116a8354c11a69a33c5bc64695f9d107ed63072f523a1da22d9520bf86eed35bedff78e1811da249ae91b5ccd1c11
+  data.tar.gz: a2c41d220786673210a397f27d049f7d52c6ec5ae5aa623361eb08fd62d8634d7d70350d3a303f931ff2799657d9c1295dc28df9432d065ec9ed61ed9ae2fbde

data/README.md CHANGED

@@ -1,6 +1,6 @@
 # Kakine
-[![Build Status](https://secure.travis-ci.org/hsbt/kaname.png)](https://travis-ci.org/hsbt/kaname)
+[![Build Status](https://secure.travis-ci.org/hsbt/kakine.png)](https://travis-ci.org/hsbt/kakine)
 Kakine(垣根) is configuration management tool of Security Group on OpenStack.
@@ -26,19 +26,22 @@ You can define Security Group configuration for OpenStack via YAML format. Like
 ```yaml
 app:
-  - direction: ingress
-    protocol: tcp
-    port: 443
-    remote_ip: 0.0.0.0/0
-  - direction: ingress
-    protocol: tcp
-    port: 80
-    remote_ip: 0.0.0.0/0
+  rules:
+    - direction: ingress
+      protocol: tcp
+      port: 443
+      remote_ip: 0.0.0.0/0
+    - direction: ingress
+      protocol: tcp
+      port: 80
+      remote_ip: 0.0.0.0/0
+  description: app rules
 rails:
-  - direction: ingress
-    protocol: tcp
-    port: 3000
-    remote_ip: 0.0.0.0/0
+  rules:
+    - direction: ingress
+      protocol: tcp
+      port: 3000
+      remote_ip: 0.0.0.0/0
 ```
 You need to put fog configuration to home directory.
@@ -55,9 +58,9 @@ default:
 run following command.
 ```sh
-$ kakine show tenant_name # show Security Group of tenant_name
-$ kaname apply tenant_name --dryrun # You can see all of invoke commands(dryrun)
-$ kaname apply tenant_name # apply configuration into OpenStack
+$ kakine show -t tenant_name # show Security Group of tenant_name
+$ kaname apply -t tenant_name --dryrun # You can see all of invoke commands(dryrun)
+$ kaname apply -t tenant_name # apply configuration into OpenStack
 ```
 You can create or change Security Group on targeting tenant.
@@ -65,7 +68,7 @@ You can create or change Security Group on targeting tenant.
 If you need to initialize your Security Gruop, you can get it via following command:
 ```sh
-$ kaname show tenant_name > tenant_name.yaml
+$ kaname show -t tenant_name > tenant_name.yaml
 ```
 ## Development

data/lib/kakine.rb CHANGED

@@ -1,7 +1,12 @@
 require "kakine/version"
 require 'kakine/cli'
+require 'kakine/cli/operation'
 require 'kakine/adapter'
 require 'kakine/resource'
+require 'kakine/hash_sort'
+require 'kakine/security_group'
+require 'kakine/diff_parser'
 module Kakine
 end

data/lib/kakine/cli.rb CHANGED

@@ -5,6 +5,7 @@ require 'hashdiff'
 module Kakine
   class CLI < Thor
     option :tenant, type: :string, aliases: '-t'
     desc 'show', 'show Security Groups specified tenant'
     def show
@@ -22,49 +23,57 @@ module Kakine
         Kakine::Adapter::Real.new
       end
+      operation = Kakine::CLI::Operation.new
+      operation.set_adapter(adapter)
       filename = options[:filename] ? options[:filename] : "#{options[:tenant]}.yaml"
-      diffs = HashDiff.diff(Kakine::Resource.security_groups_hash(options[:tenant]), Kakine::Resource.yaml(filename))
+      security_groups = []
+      delay_create = []
+      diffs = HashDiff.diff(
+        Kakine::Resource.security_groups_hash(options[:tenant]),
+        Kakine::Resource.yaml(filename)
+      )
       diffs.each do |diff|
-        sg_name, rule_modification = *diff[1].scan(/^([\w-]+)(\[\d\])?/)[0]
+        security_groups <<  Kakine::SecurityGroup.new(options[:tenant], diff)
+      end
-        if rule_modification # foo[2]
-          security_group = Kakine::Resource.security_group(options[:tenant], sg_name)
-          if diff[2]["remote_group"]
-            remote_security_group = Kakine::Resource.security_group(options[:tenant], diff[2].delete("remote_group"))
-            diff[2]["remote_group_id"] = remote_security_group.id
-          end
-          case diff[0]
-          when "+"
-            diff[2].merge!({"ethertype" => "IPv4", "tenant_id" => Kakine::Resource.tenant(options[:tenant]).id})
-            adapter.create_rule(security_group.id, diff[2]["direction"], diff[2])
-          when "-"
-            security_group_rule = Kakine::Resource.security_group_rule(security_group, diff[2])
-            adapter.delete_rule(security_group_rule.id)
+      security_groups.each do |sg|
+        if sg.update_rule? # foo[2]
+          case
+          when sg.add?
+            operation.create_security_rule(sg)
+          when sg.delete?
+            operation.delete_security_rule(sg)
+          when sg.update_attr?
+            pre_sg = sg.get_prev_instance
+            operation.delete_security_rule(pre_sg)
+            delay_create << sg # avoid duplication entry
           else
             raise
           end
         else # foo
-          case diff[0]
-          when "+"
-            attributes = {name: sg_name, description: "", tenant_id: Kakine::Resource.tenant(options[:tenant]).id}
-            security_group_id = adapter.create_security_group(attributes)
-            diff[2].each do |rule|
-              rule.merge!({"ethertype" => "IPv4", "tenant_id" => Kakine::Resource.tenant(options[:tenant]).id})
-              if rule["remote_group"]
-                remote_security_group = Kakine::Resource.security_group(options[:tenant], rule.delete("remote_group"))
-                rule["remote_group_id"] = remote_security_group.id
-              end
-              adapter.create_rule(security_group_id, rule["direction"], rule)
-            end if diff[2]
-          when "-"
-            security_group = Kakine::Resource.security_group(options[:tenant], sg_name)
-            adapter.delete_security_group(security_group.id)
+          case
+          when sg.add?
+            security_group_id = operation.create_security_group(sg)
+            operation.create_security_rule(sg, security_group_id)
+          when sg.delete?
+            operation.delete_security_group(sg)
+          when sg.update_attr?
+            operation.delete_security_group(sg)
+            security_group_id = operation.create_security_group(sg)
+            operation.create_security_rule(sg, security_group_id)
           else
             raise
           end
         end
       end
+      # update rule attributes delay create
+      delay_create.each do |sg|
+        operation.create_security_rule(sg)
+      end
     end
   end
 end

data/lib/kakine/cli/operation.rb ADDED

@@ -0,0 +1,44 @@
+module Kakine
+  class CLI < Thor
+    class Operation
+      def set_adapter(adapter)
+        @adapter = adapter
+      end
+      def create_security_group(sg)
+        attributes = {name: sg.name, description: sg.description, tenant_id: sg.tenant_id}
+        security_group_id = @adapter.create_security_group(attributes)
+        #delete default rule
+        delete_sg = sg.clone
+        delete_sg.set_default_rules
+        delete_security_rule(delete_sg) unless @adapter.instance_of?(Kakine::Adapter::Mock)
+        security_group_id
+      end
+      def delete_security_group(sg)
+        security_group = Kakine::Resource.security_group(sg.tenant_name, sg.name)
+        @adapter.delete_security_group(security_group.id)
+      end
+      def create_security_rule(sg, security_group_id=nil)
+        if security_group_id.nil?
+          security_group = Kakine::Resource.security_group(sg.tenant_name, sg.name)
+          security_group_id = security_group.id
+        end
+        sg.rules.each do |rule|
+          @adapter.create_rule(security_group_id, rule["direction"], rule)
+        end if sg.has_rules?
+      end
+      def delete_security_rule(sg)
+        security_group = Kakine::Resource.security_group(sg.tenant_name, sg.name)
+        sg.rules.each do |rule|
+          security_group_rule = Kakine::Resource.security_group_rule(security_group, rule)
+          @adapter.delete_rule(security_group_rule.id)
+        end if sg.has_rules?
+      end
+    end
+  end
+end

data/lib/kakine/diff_parser.rb ADDED

@@ -0,0 +1,88 @@
+module Kakine
+ class DiffParser
+    @diff = ""
+    class << self
+      def parse_parameters(tenant_name, diff)
+        @diff = diff
+        registered_sg = Kakine::Resource.security_groups_hash(tenant_name)
+        if ["+", "-"].include?(parse_transaction_type)
+          if unit_is_security_group?
+            rules = parse_security_group["rules"]
+            description = parse_security_group["description"]
+          elsif unit_is_security_rule?
+            rules = [parse_security_group_rule]
+            description = registered_sg[parse_security_group_name]["description"]
+          elsif unit_is_description?
+            raise "description is not exists"
+          end
+        else
+          regex_update_description = /^[\w-]+\.description$/
+          regex_update_rules       = /^[\w-]+\.rules$/
+          regex_update_attr        = /^[\w-]+.[\w]+\[(\d)\].([\w]+)$/
+          if parse_target_object_name.match(regex_update_description)
+            rules = registered_sg[parse_security_group_name]["rules"]
+            description = parse_after_description
+          elsif  parse_target_object_name.match(regex_update_rules)
+            rules = parse_after_rules
+            description = registered_sg[parse_security_group_name]["description"]
+          elsif m = parse_target_object_name.match(regex_update_attr)
+            rules = [registered_sg[parse_security_group_name]["rules"][m[1].to_i]]
+            prev_rules = Marshal.load(Marshal.dump(rules)) # backup before value
+            rules[0][m[2]] = parse_after_attr
+            description = registered_sg[parse_security_group_name]["description"]
+          end
+        end
+        rules ||= []
+        {
+          target_object_name: parse_target_object_name,
+          name: parse_security_group_name,
+          transaction_type: parse_transaction_type,
+          tenant_id: Kakine::Resource.tenant(tenant_name).id,
+          tenant_name: tenant_name,
+          description: description,
+          rules: rules,
+          prev_rules: prev_rules
+        }
+      end
+      def parse_security_group_name
+        parse_target_object_name.split(/[\.\[]/, 2)[0]
+      end
+      def parse_transaction_type
+        @diff[0]
+      end
+      def parse_target_object_name
+        @diff[1]
+      end
+      def parse_security_group
+        @diff[2]
+      end
+      alias :parse_security_group_rule :parse_security_group
+      def parse_after_attr
+        @diff[3]
+      end
+      alias :parse_after_description :parse_after_attr
+      alias :parse_after_rules       :parse_after_attr
+      def unit_is_security_group?
+        parse_security_group && parse_security_group["rules"]
+      end
+      def unit_is_security_rule?
+        !(parse_security_group_rule.nil? || unit_is_description?)
+      end
+      def unit_is_description?
+        parse_target_object_name.index('description')
+      end
+    end
+  end
+end

data/lib/kakine/hash_sort.rb ADDED

@@ -0,0 +1,13 @@
+class Hash
+  def sg_rules_sort
+    self.each do |sg|
+      sg[1]['rules'].sort_by! do |rule|
+        rule.inject(0) do |ascii,(k,v)|
+          ascii += v.ord.to_i unless v.nil?
+          ascii
+        end
+      end unless sg[1].nil? || sg[1]['rules'].nil?
+    end
+    Hash[self]
+  end
+end

data/lib/kakine/resource.rb CHANGED

@@ -1,13 +1,13 @@
+require 'kakine/hash_sort'
 module Kakine
   class Resource
     class << self
       def yaml(filename)
-        YAML.load_file(filename).to_hash
+        YAML.load_file(filename).to_hash.sg_rules_sort
       end
       def tenant(tenant_name)
-        tenants = Fog::Identity[:openstack].tenants
-        tenants.detect{|t| t.name == tenant_name}
+        @tenant ||= Fog::Identity[:openstack].tenants.detect{|t| t.name == tenant_name}
       end
       def security_group(tenant_name, security_group_name)
@@ -24,24 +24,31 @@ module Kakine
           sg.protocol == attributes["protocol"] &&
           sg.port_range_max == attributes["port_range_max"] &&
           sg.port_range_min == attributes["port_range_min"] &&
-          sg.remote_ip_prefix == attributes["remote_ip"] &&
-          sg.remote_group_id == attributes["remote_group_id"]
+          (
+            (
+              sg.remote_ip_prefix == attributes["remote_ip"] &&
+              sg.ethertype == attributes["ethertype"]
+            ) ||
+            (
+              sg.remote_group_id == attributes["remote_group_id"] &&
+              !attributes["remote_group_id"].nil?
+            )
+          )
         end
       end
       def security_groups_on_tenant(tenant_name)
-        security_groups = Fog::Network[:openstack].security_groups
-        security_groups.select{|sg| sg.tenant_id == tenant(tenant_name).id}
+        Fog::Network[:openstack].security_groups.select{|sg| sg.tenant_id == tenant(tenant_name).id}
       end
       def security_groups_hash(tenant_name)
-        sg_hash = {}
+        sg_hash = Hash.new { |h,k| h[k] = {} }
         security_groups_on_tenant(tenant_name).each do |sg|
-          sg_hash[sg.name] = format_security_group(sg)
+          sg_hash[sg.name]["rules"]       = format_security_group(sg)
+          sg_hash[sg.name]["description"] = sg.description
         end
-        sg_hash
+        sg_hash.sg_rules_sort
       end
       def format_security_group(security_group)
@@ -49,7 +56,6 @@ module Kakine
         security_group.security_group_rules.each do |rule|
           rule_hash = {}
           rule_hash["direction"] = rule.direction
           rule_hash["protocol"] = rule.protocol
@@ -65,11 +71,10 @@ module Kakine
             rule_hash["remote_group"] = response.data[:body]["security_group"]["name"]
           else
             rule_hash["remote_ip"] = rule.remote_ip_prefix
+            rule_hash["ethertype"] = rule.ethertype
           end
           rules << rule_hash
         end
         rules
       end
     end

data/lib/kakine/security_group.rb ADDED

@@ -0,0 +1,76 @@
+module Kakine
+  class SecurityGroup
+    attr_reader :target_object_name, :name, :transaction_type, :tenant_id, :tenant_name, :description, :rules, :prev_rules
+    def initialize(tenant_name, diff)
+      unset_security_rules
+      Kakine::DiffParser.parse_parameters(tenant_name, diff).each do|k,v|
+        instance_variable_set(eval(":@#{k.to_s}"), v)
+      end
+      set_remote_security_group_id
+    end
+    def initialize_copy(obj)
+      @rules = Marshal.load(Marshal.dump(obj.rules))
+      @prev_rules = Marshal.load(Marshal.dump(obj.prev_rules))
+      unset_security_rules
+    end
+    def has_rules?
+      @rules.detect {|v| !v.nil? && v.size > 0}
+    end
+    def add?
+      @transaction_type == "+"
+    end
+    def delete?
+      @transaction_type == "-"
+    end
+    def update_attr?
+      @transaction_type == "~"
+    end
+    def update_rule?
+      !@target_object_name.split(/[\[]/, 2)[1].nil?
+    end
+    def get_prev_instance
+      prev_sg = self.clone
+      prev_sg.add_security_rules(@prev_rules)
+      prev_sg
+    end
+    def set_default_rules
+      unset_security_rules
+      ["IPv4", "IPv6"].each do |ip|
+          add_security_rules({"direction"=>"egress", "protocol"=>nil, "port"=>nil, "remote_ip"=>nil, "ethertype"=>ip})
+      end
+    end
+    def add_security_rules(rule)
+      case
+        when rule.instance_of?(Array)
+          @rules = rule
+        when rule.instance_of?(Hash)
+          @rules << rule
+      end
+    end
+    private
+    def unset_security_rules
+      @rules = []
+    end
+    def set_remote_security_group_id
+      @rules.each do |rule|
+        unless rule['remote_group'].nil?
+          remote_security_group = Kakine::Resource.security_group(@tenant_name, rule.delete("remote_group"))
+          rule["remote_group_id"] = remote_security_group.id
+        end
+      end if has_rules?
+    end
+  end
+end

data/lib/kakine/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Kakine
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kakine
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - SHIBATA Hiroshi
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2015-04-27 00:00:00.000000000 Z
+date: 2015-05-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fog
@@ -131,7 +131,11 @@ files:
 - lib/kakine/adapter/mock.rb
 - lib/kakine/adapter/real.rb
 - lib/kakine/cli.rb
+- lib/kakine/cli/operation.rb
+- lib/kakine/diff_parser.rb
+- lib/kakine/hash_sort.rb
 - lib/kakine/resource.rb
+- lib/kakine/security_group.rb
 - lib/kakine/version.rb
 homepage: https://github.com/hsbt/kakine
 licenses:
@@ -153,7 +157,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.6
+rubygems_version: 2.4.7
 signing_key:
 specification_version: 4
 summary: Security Group configuration tool for OpenStack.