kakine 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. data/lib/kakine.rb +3 -3
  3. data/lib/kakine/adapter.rb +20 -0
  4. data/lib/kakine/adapter/mock.rb +5 -7
  5. data/lib/kakine/adapter/real.rb +27 -8
  6. data/lib/kakine/cli.rb +14 -54
  7. data/lib/kakine/operation.rb +38 -0
  8. data/lib/kakine/resource.rb +32 -23
  9. data/lib/kakine/security_group.rb +51 -47
  10. data/lib/kakine/security_rule.rb +58 -0
  11. data/lib/kakine/validate.rb +42 -0
  12. data/lib/kakine/version.rb +1 -1
  13. metadata +5 -5
  14. data/lib/kakine/cli/operation.rb +0 -44
  15. data/lib/kakine/diff_parser.rb +0 -88
  16. data/lib/kakine/hash_sort.rb +0 -13
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d3f0de2336304ed3476ccfc1b63e2bdc01a9c1cd
4
- data.tar.gz: c1b97adbc29b5a659b1fb38b79f04dcb596a1f53
3
+ metadata.gz: 70641f4e229c0b370d35779df007a7df6da8652f
4
+ data.tar.gz: 2dde1b80581774ea0c74f8848e4f703e25faf22f
5
5
  SHA512:
6
- metadata.gz: c402eeb05b5d24368f1b66694965fa8fac9116a8354c11a69a33c5bc64695f9d107ed63072f523a1da22d9520bf86eed35bedff78e1811da249ae91b5ccd1c11
7
- data.tar.gz: a2c41d220786673210a397f27d049f7d52c6ec5ae5aa623361eb08fd62d8634d7d70350d3a303f931ff2799657d9c1295dc28df9432d065ec9ed61ed9ae2fbde
6
+ metadata.gz: 4cead3fba0343c55d0af964843358cdcaaee3e6b0249a5e18195b8fc84cc266cab4930faa0c6cac8012ed111c32a36ac567fa3bc00a32f8fced787a74d6d92d1
7
+ data.tar.gz: 08660d1645a78545d7bf22aff0f0dd074de1d0b358045428a559a1b604350e2f165812eb8351c17d9a63742c0e33bd009e87fc251a8d0f217e3c47c7e32fc85a
data/lib/kakine.rb CHANGED
@@ -1,11 +1,11 @@
1
1
  require "kakine/version"
2
2
  require 'kakine/cli'
3
- require 'kakine/cli/operation'
3
+ require 'kakine/operation'
4
4
  require 'kakine/adapter'
5
5
  require 'kakine/resource'
6
- require 'kakine/hash_sort'
7
6
  require 'kakine/security_group'
8
- require 'kakine/diff_parser'
7
+ require 'kakine/security_rule'
8
+ require 'kakine/validate'
9
9
 
10
10
  module Kakine
11
11
  end
data/lib/kakine/adapter.rb CHANGED
@@ -1,2 +1,22 @@
1
1
  require 'kakine/adapter/real'
2
2
  require 'kakine/adapter/mock'
3
+
4
+ module Kakine
5
+ class Adapter
6
+ def self.set_option(dryrun)
7
+ @@dryrun = dryrun
8
+ end
9
+
10
+ def self.get_instance
11
+ @@adapter ||= if @@dryrun
12
+ Kakine::Adapter::Mock.new
13
+ else
14
+ Kakine::Adapter::Real.new
15
+ end
16
+ end
17
+
18
+ private
19
+ def initialize
20
+ end
21
+ end
22
+ end
data/lib/kakine/adapter/mock.rb CHANGED
@@ -1,18 +1,16 @@
1
1
  module Kakine
2
2
  class Adapter
3
3
  class Mock
4
- def create_rule(security_group_id, direction, attributes)
5
- attributes.delete("direction")
6
- if attributes["port"]
7
- attributes["port_range_max"] = attributes["port_range_min"] = attributes.delete("port")
4
+ def create_rule(security_group_id, direction, security_rule)
5
+ attributes = {}
6
+ %w(protocol port_range_max port_range_min remote_ip ethertype).each do |k|
7
+ attributes[k] = eval("security_rule.#{k}")
8
8
  end
9
9
  if attributes["remote_ip"]
10
10
  attributes["remote_ip_prefix"] = attributes.delete("remote_ip")
11
11
  end
12
12
 
13
- data = {}
14
- attributes.each{|k,v| data[k.to_sym] = v}
15
- puts "Create Rule: #{security_group_id} - #{direction}: #{attributes}"
13
+ puts "Create Rule: #{security_group_id} - #{security_rule.direction}: #{attributes}"
16
14
  end
17
15
 
18
16
  def delete_rule(security_group_rule_id)
data/lib/kakine/adapter/real.rb CHANGED
@@ -1,10 +1,11 @@
1
+ require 'json'
1
2
  module Kakine
2
3
  class Adapter
3
4
  class Real
4
- def create_rule(security_group_id, direction, attributes)
5
- attributes.delete("direction")
6
- if attributes["port"]
7
- attributes["port_range_max"] = attributes["port_range_min"] = attributes.delete("port")
5
+ def create_rule(security_group_id, direction, security_rule)
6
+ attributes = {}
7
+ %w(protocol port_range_max port_range_min remote_ip ethertype).each do |k|
8
+ attributes[k] = eval("security_rule.#{k}")
8
9
  end
9
10
  if attributes["remote_ip"]
10
11
  attributes["remote_ip_prefix"] = attributes.delete("remote_ip")
@@ -12,7 +13,13 @@ module Kakine
12
13
 
13
14
  data = {}
14
15
  attributes.each{|k,v| data[k.to_sym] = v}
15
- Fog::Network[:openstack].create_security_group_rule(security_group_id, direction, data)
16
+ begin
17
+ Fog::Network[:openstack].create_security_group_rule(security_group_id, direction, data)
18
+ rescue Excon::Errors::Conflict => e
19
+ JSON.parse(e.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
20
+ rescue Excon::Errors::BadRequest => e
21
+ JSON.parse(e.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
22
+ end
16
23
  end
17
24
 
18
25
  def delete_rule(security_group_rule_id)
@@ -22,12 +29,24 @@ module Kakine
22
29
  def create_security_group(attributes)
23
30
  data = {}
24
31
  attributes.each{|k,v| data[k.to_sym] = v}
25
- response = Fog::Network[:openstack].create_security_group(data)
26
- response.data[:body]["security_group"]["id"]
32
+ begin
33
+ response = Fog::Network[:openstack].create_security_group(data)
34
+ response.data[:body]["security_group"]["id"]
35
+ rescue Excon::Errors::Conflict => e
36
+ JSON.parse(e.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
37
+ rescue Excon::Errors::BadRequest => e
38
+ JSON.parse(e.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
39
+ end
27
40
  end
28
41
 
29
42
  def delete_security_group(security_group_id)
30
- Fog::Network[:openstack].delete_security_group(security_group_id)
43
+ begin
44
+ Fog::Network[:openstack].delete_security_group(security_group_id)
45
+ rescue Excon::Errors::Conflict => e
46
+ JSON.parse(e.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
47
+ rescue Excon::Errors::BadRequest => e
48
+ JSON.parse(e.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
49
+ end
31
50
  end
32
51
  end
33
52
  end
data/lib/kakine/cli.rb CHANGED
@@ -2,7 +2,6 @@ require 'thor'
2
2
  require 'fog'
3
3
  require 'yaml'
4
4
  require 'hashdiff'
5
-
6
5
  module Kakine
7
6
  class CLI < Thor
8
7
 
@@ -17,62 +16,23 @@ module Kakine
17
16
  option :filename, type: :string, aliases: "-f"
18
17
  desc 'apply', "apply local configuration into OpenStack"
19
18
  def apply
20
- adapter = if options[:dryrun]
21
- Kakine::Adapter::Mock.new
22
- else
23
- Kakine::Adapter::Real.new
24
- end
25
-
26
- operation = Kakine::CLI::Operation.new
27
- operation.set_adapter(adapter)
28
-
29
19
  filename = options[:filename] ? options[:filename] : "#{options[:tenant]}.yaml"
30
-
31
- security_groups = []
32
- delay_create = []
33
-
34
- diffs = HashDiff.diff(
35
- Kakine::Resource.security_groups_hash(options[:tenant]),
36
- Kakine::Resource.yaml(filename)
37
- )
38
-
39
- diffs.each do |diff|
40
- security_groups << Kakine::SecurityGroup.new(options[:tenant], diff)
41
- end
42
-
43
- security_groups.each do |sg|
44
- if sg.update_rule? # foo[2]
45
- case
46
- when sg.add?
47
- operation.create_security_rule(sg)
48
- when sg.delete?
49
- operation.delete_security_rule(sg)
50
- when sg.update_attr?
51
- pre_sg = sg.get_prev_instance
52
- operation.delete_security_rule(pre_sg)
53
- delay_create << sg # avoid duplication entry
54
- else
55
- raise
56
- end
57
- else # foo
58
- case
59
- when sg.add?
60
- security_group_id = operation.create_security_group(sg)
61
- operation.create_security_rule(sg, security_group_id)
62
- when sg.delete?
63
- operation.delete_security_group(sg)
64
- when sg.update_attr?
65
- operation.delete_security_group(sg)
66
- security_group_id = operation.create_security_group(sg)
67
- operation.create_security_rule(sg, security_group_id)
68
- else
69
- raise
70
- end
20
+ Kakine::Adapter.set_option(options[:dryrun])
21
+
22
+ current_security_groups = Kakine::Resource.get_current(options[:tenant])
23
+ new_security_groups = Kakine::Resource.load_security_group_by_yaml(filename, options[:tenant])
24
+
25
+ return unless new_security_groups
26
+ new_security_groups.each do |new_sg|
27
+ registered_sg = current_security_groups.find { |cur_sg| cur_sg.name == new_sg.name }
28
+ if registered_sg
29
+ new_sg.convergence!(registered_sg) if new_sg != registered_sg
30
+ else
31
+ new_sg.register!
71
32
  end
72
33
  end
73
- # update rule attributes delay create
74
- delay_create.each do |sg|
75
- operation.create_security_rule(sg)
34
+ current_security_groups.each do |current_sg|
35
+ current_sg.unregister! if new_security_groups.none? { |new_sg| current_sg.name == new_sg.name }
76
36
  end
77
37
  end
78
38
  end
data/lib/kakine/operation.rb ADDED
@@ -0,0 +1,38 @@
1
+ module Kakine
2
+ class Operation
3
+ class << self
4
+ def adapter
5
+ @@adapter ||= Kakine::Adapter.get_instance
6
+ end
7
+
8
+ def create_security_group(sg)
9
+ attributes = {name: sg.name, description: sg.description, tenant_id: sg.tenant_id}
10
+ security_group_id = adapter.create_security_group(attributes)
11
+
12
+ #delete default rule
13
+ sg.get_default_rule_instance.rules.each { |rule| rule.unregister! } unless adapter.instance_of?(Kakine::Adapter::Mock)
14
+ security_group_id
15
+ end
16
+
17
+ def delete_security_group(sg)
18
+ security_group = Kakine::Resource.security_group(sg.tenant_name, sg.name)
19
+ adapter.delete_security_group(security_group.id)
20
+ end
21
+
22
+ def create_security_rule(tenant_name, sg_name, rule)
23
+ security_group_id = if adapter.instance_of?(Kakine::Adapter::Mock)
24
+ "[Mock] #{sg_name} ID"
25
+ else
26
+ Kakine::Resource.security_group(tenant_name, sg_name).id
27
+ end
28
+ adapter.create_rule(security_group_id, rule.direction, rule)
29
+ end
30
+
31
+ def delete_security_rule(tenant_name, sg_name, rule)
32
+ security_group = Kakine::Resource.security_group(tenant_name, sg_name)
33
+ security_group_rule = Kakine::Resource.security_group_rule(security_group, rule)
34
+ adapter.delete_rule(security_group_rule.id)
35
+ end
36
+ end
37
+ end
38
+ end
data/lib/kakine/resource.rb CHANGED
@@ -1,9 +1,20 @@
1
- require 'kakine/hash_sort'
2
1
  module Kakine
3
2
  class Resource
4
3
  class << self
4
+ def load_security_group_by_yaml(filename, tenant_name)
5
+ load_yaml = yaml(filename)
6
+ return false unless Kakine::Validate.validate_file_input(load_yaml)
7
+ load_yaml.map { |sg| Kakine::SecurityGroup.new(tenant_name, sg) }
8
+ end
9
+
10
+ def get_current(tenant_name)
11
+ Kakine::Resource.security_groups_hash(tenant_name).map do |sg|
12
+ Kakine::SecurityGroup.new(tenant_name, sg)
13
+ end
14
+ end
15
+
5
16
  def yaml(filename)
6
- YAML.load_file(filename).to_hash.sg_rules_sort
17
+ YAML.load_file(filename).to_hash
7
18
  end
8
19
 
9
20
  def tenant(tenant_name)
@@ -16,22 +27,20 @@ module Kakine
16
27
 
17
28
  def security_group_rule(security_group, attributes)
18
29
  security_group.security_group_rules.detect do |sg|
19
- if attributes["port"]
20
- attributes["port_range_max"] = attributes["port_range_min"] = attributes["port"]
21
- end
22
30
 
23
- sg.direction == attributes["direction"] &&
24
- sg.protocol == attributes["protocol"] &&
25
- sg.port_range_max == attributes["port_range_max"] &&
26
- sg.port_range_min == attributes["port_range_min"] &&
31
+ sg.direction == attributes.direction &&
32
+ sg.protocol == attributes.protocol &&
33
+ sg.port_range_max == attributes.port_range_max &&
34
+ sg.port_range_min == attributes.port_range_min &&
35
+ sg.ethertype == attributes.ethertype &&
27
36
  (
28
37
  (
29
- sg.remote_ip_prefix == attributes["remote_ip"] &&
30
- sg.ethertype == attributes["ethertype"]
38
+ attributes.remote_group_id.nil? &&
39
+ sg.remote_ip_prefix == attributes.remote_ip
31
40
  ) ||
32
41
  (
33
- sg.remote_group_id == attributes["remote_group_id"] &&
34
- !attributes["remote_group_id"].nil?
42
+ attributes.remote_ip.nil? &&
43
+ sg.remote_group_id == attributes.remote_group_id
35
44
  )
36
45
  )
37
46
  end
@@ -48,22 +57,24 @@ module Kakine
48
57
  sg_hash[sg.name]["rules"] = format_security_group(sg)
49
58
  sg_hash[sg.name]["description"] = sg.description
50
59
  end
51
- sg_hash.sg_rules_sort
60
+ sg_hash
52
61
  end
53
62
 
54
63
  def format_security_group(security_group)
55
- rules = []
56
-
57
- security_group.security_group_rules.each do |rule|
64
+ security_group.security_group_rules.map do |rule|
58
65
  rule_hash = {}
59
66
  rule_hash["direction"] = rule.direction
60
- rule_hash["protocol"] = rule.protocol
67
+ rule_hash["protocol"] = rule.protocol
68
+ rule_hash["ethertype"] = rule.ethertype
61
69
 
62
- if rule.port_range_max == rule.port_range_min
70
+ if rule.protocol == "icmp"
71
+ rule_hash["type"] = rule.port_range_min
72
+ rule_hash["code"] = rule.port_range_max
73
+ elsif rule.port_range_max == rule.port_range_min
63
74
  rule_hash["port"] = rule.port_range_max
64
75
  else
65
- rule_hash["port_range_max"] = rule.port_range_max
66
76
  rule_hash["port_range_min"] = rule.port_range_min
77
+ rule_hash["port_range_max"] = rule.port_range_max
67
78
  end
68
79
 
69
80
  if rule.remote_group_id
@@ -71,11 +82,9 @@ module Kakine
71
82
  rule_hash["remote_group"] = response.data[:body]["security_group"]["name"]
72
83
  else
73
84
  rule_hash["remote_ip"] = rule.remote_ip_prefix
74
- rule_hash["ethertype"] = rule.ethertype
75
85
  end
76
- rules << rule_hash
86
+ rule_hash
77
87
  end
78
- rules
79
88
  end
80
89
  end
81
90
  end
data/lib/kakine/security_group.rb CHANGED
@@ -1,76 +1,80 @@
1
+ require 'json'
1
2
  module Kakine
2
3
  class SecurityGroup
3
- attr_reader :target_object_name, :name, :transaction_type, :tenant_id, :tenant_name, :description, :rules, :prev_rules
4
+ attr_reader :name, :tenant_id, :tenant_name, :description, :rules
4
5
 
5
- def initialize(tenant_name, diff)
6
- unset_security_rules
7
- Kakine::DiffParser.parse_parameters(tenant_name, diff).each do|k,v|
8
- instance_variable_set(eval(":@#{k.to_s}"), v)
9
- end
10
- set_remote_security_group_id
6
+ def initialize(tenant_name, parameter)
7
+ @name = parameter[0]
8
+ @tenant_name = tenant_name
9
+ @tenant_id = Kakine::Resource.tenant(tenant_name).id
10
+ @description = parameter[1]["description"] || ""
11
+ @rules = parameter[1]["rules"].map do |rule|
12
+ SecurityRule.new(rule, @tenant_name, @name)
13
+ end unless parameter[1]["rules"].nil?
14
+ @rules ||= []
11
15
  end
12
16
 
13
17
  def initialize_copy(obj)
14
18
  @rules = Marshal.load(Marshal.dump(obj.rules))
15
- @prev_rules = Marshal.load(Marshal.dump(obj.prev_rules))
16
- unset_security_rules
17
- end
18
-
19
- def has_rules?
20
- @rules.detect {|v| !v.nil? && v.size > 0}
21
19
  end
22
20
 
23
- def add?
24
- @transaction_type == "+"
21
+ def ==(target_sg)
22
+ instance_variables.reject{ |k| k == :@rules }.each do |val|
23
+ return false unless self.instance_variable_get(val) == target_sg.instance_variable_get(val)
24
+ end
25
+ @rules.each do |rule|
26
+ return false unless target_sg.find_by_rule(rule)
27
+ end
28
+ target_sg.rules.each do |rule|
29
+ return false unless find_by_rule(rule)
30
+ end
31
+ true
25
32
  end
26
33
 
27
- def delete?
28
- @transaction_type == "-"
34
+ def !=(target_sg)
35
+ !(self == target_sg)
29
36
  end
30
37
 
31
- def update_attr?
32
- @transaction_type == "~"
38
+ def find_by_rule(target_rule)
39
+ @rules.find { |rule| rule == target_rule }
33
40
  end
34
41
 
35
- def update_rule?
36
- !@target_object_name.split(/[\[]/, 2)[1].nil?
42
+ def register!
43
+ Kakine::Operation.create_security_group(self)
44
+ @rules.each { |rule| rule.register! } if has_rules?
37
45
  end
38
46
 
39
- def get_prev_instance
40
- prev_sg = self.clone
41
- prev_sg.add_security_rules(@prev_rules)
42
- prev_sg
47
+ def unregister!
48
+ Kakine::Operation.delete_security_group(self)
43
49
  end
44
50
 
45
- def set_default_rules
46
- unset_security_rules
47
- ["IPv4", "IPv6"].each do |ip|
48
- add_security_rules({"direction"=>"egress", "protocol"=>nil, "port"=>nil, "remote_ip"=>nil, "ethertype"=>ip})
51
+ def convergence!(target_sg)
52
+ if @description != target_sg.description
53
+ target_sg.unregister!
54
+ register!
55
+ else
56
+ target_sg.rules.each do |rule|
57
+ rule.unregister! unless find_by_rule(rule)
58
+ end
59
+ @rules.each do |rule|
60
+ rule.register! unless target_sg.find_by_rule(rule)
61
+ end
49
62
  end
50
63
  end
51
64
 
52
- def add_security_rules(rule)
53
- case
54
- when rule.instance_of?(Array)
55
- @rules = rule
56
- when rule.instance_of?(Hash)
57
- @rules << rule
58
- end
65
+ def has_rules?
66
+ @rules.detect {|v| !v.nil?}
59
67
  end
60
68
 
61
- private
62
-
63
- def unset_security_rules
64
- @rules = []
69
+ def get_default_rule_instance
70
+ default_sg = self.clone
71
+ default_sg.set_default_rule
72
+ default_sg
65
73
  end
66
74
 
67
- def set_remote_security_group_id
68
- @rules.each do |rule|
69
- unless rule['remote_group'].nil?
70
- remote_security_group = Kakine::Resource.security_group(@tenant_name, rule.delete("remote_group"))
71
- rule["remote_group_id"] = remote_security_group.id
72
- end
73
- end if has_rules?
75
+ def set_default_rule
76
+ @rules = %w(IPv4 IPv6).map { |v| {"direction"=>"egress", "protocol" => nil, "port"=>nil, "remote_ip"=>nil, "ethertype"=>v } }.
77
+ map{ |rule| SecurityRule.new(rule, @tenant_name, @name) }
74
78
  end
75
79
  end
76
80
  end
data/lib/kakine/security_rule.rb ADDED
@@ -0,0 +1,58 @@
1
+ module Kakine
2
+ class SecurityRule
3
+ attr_reader :direction, :protocol, :port_range_max, :port_range_min, :remote_ip, :remote_group, :remote_group_id, :ethertype
4
+
5
+ def initialize(rule, tenant_name, sg_name)
6
+ @tenant_name = tenant_name
7
+ @sg_name = sg_name
8
+
9
+ rule.each do|k,v|
10
+ instance_variable_set(eval(":@#{k.to_s}"), v) unless k.include?("port")
11
+ end
12
+
13
+ @port_range_min, @port_range_max = *convert_port_format(rule)
14
+ set_remote_security_group_id
15
+
16
+ end
17
+
18
+ def register!
19
+ Kakine::Operation.create_security_rule(@tenant_name, @sg_name, self)
20
+ end
21
+
22
+ def unregister!
23
+ Kakine::Operation.delete_security_rule(@tenant_name, @sg_name, self)
24
+ end
25
+
26
+ def ==(target_sg)
27
+ instance_variables.each do |val|
28
+ unless self.instance_variable_get(val) == target_sg.instance_variable_get(val)
29
+ return false
30
+ end
31
+ end
32
+ true
33
+ end
34
+
35
+ private
36
+
37
+ def convert_port_format(rule)
38
+ case
39
+ when rule.has_key?('port')
40
+ [rule['port'] ,rule['port']]
41
+ when rule.has_key?('type'), rule.has_key?('code')
42
+ [rule['type'] ,rule['code']]
43
+ when rule.has_key?('port_range_max'), rule.has_key?('port_range_min')
44
+ [rule['port_range_min'] ,rule['port_range_max']]
45
+ else
46
+ raise "no match port format"
47
+ end
48
+ end
49
+
50
+ def set_remote_security_group_id
51
+ unless @remote_group.nil?
52
+ remote_security_group = Kakine::Resource.security_group(@tenant_name, @remote_group)
53
+ raise "not exists #{@remote_group}" unless remote_security_group
54
+ @remote_group_id = remote_security_group.id
55
+ end
56
+ end
57
+ end
58
+ end
data/lib/kakine/validate.rb ADDED
@@ -0,0 +1,42 @@
1
+ module Kakine
2
+ class Validate
3
+ class << self
4
+ def validate_file_input(load_sg)
5
+ err = []
6
+ load_sg.each do |sg|
7
+ err << validate_attributes(sg)
8
+ err << validate_rules(sg)
9
+ end
10
+ return true unless err.detect {|e| !e.nil? }
11
+ err.map { |m| puts m unless m.nil? }
12
+ false
13
+ end
14
+
15
+ def validate_attributes(sg)
16
+ case
17
+ when sg[1].nil?
18
+ "[error] #{sg[0]}:rules and description is required"
19
+ when !sg[1].key?("rules")
20
+ "[error] #{sg[0]}:rules is required"
21
+ when !sg[1].key?("description")
22
+ "[error] #{sg[0]}:description is required"
23
+ end
24
+ end
25
+
26
+ def validate_rules(sg)
27
+ sg[1]["rules"].each do |rule|
28
+ if !rule.key?("port") &&
29
+ (!rule.key?("port_range_max") || !rule.key?("port_range_min")) &&
30
+ (!rule.key?("type") || !rule.key?("code"))
31
+ return "[error] #{sg[0]}:rules port(icmp code) is required"
32
+ elsif !rule.key?("remote_ip") && !rule.key?("remote_group")
33
+ return "[error] #{sg[0]}:rules remote_ip or remote_group required"
34
+ elsif col = %w(direction protocol ethertype).find { |k| !rule.key?(k) }
35
+ return "[error] #{sg[0]}:rules #{col} is required"
36
+ end
37
+ end unless sg[1]["rules"].nil?
38
+ nil
39
+ end
40
+ end
41
+ end
42
+ end
data/lib/kakine/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Kakine
2
- VERSION = "0.2.0"
2
+ VERSION = "0.3.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kakine
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - SHIBATA Hiroshi
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2015-05-20 00:00:00.000000000 Z
11
+ date: 2015-05-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: fog
@@ -131,11 +131,11 @@ files:
131
131
  - lib/kakine/adapter/mock.rb
132
132
  - lib/kakine/adapter/real.rb
133
133
  - lib/kakine/cli.rb
134
- - lib/kakine/cli/operation.rb
135
- - lib/kakine/diff_parser.rb
136
- - lib/kakine/hash_sort.rb
134
+ - lib/kakine/operation.rb
137
135
  - lib/kakine/resource.rb
138
136
  - lib/kakine/security_group.rb
137
+ - lib/kakine/security_rule.rb
138
+ - lib/kakine/validate.rb
139
139
  - lib/kakine/version.rb
140
140
  homepage: https://github.com/hsbt/kakine
141
141
  licenses:
data/lib/kakine/cli/operation.rb DELETED
@@ -1,44 +0,0 @@
1
- module Kakine
2
- class CLI < Thor
3
- class Operation
4
- def set_adapter(adapter)
5
- @adapter = adapter
6
- end
7
-
8
- def create_security_group(sg)
9
- attributes = {name: sg.name, description: sg.description, tenant_id: sg.tenant_id}
10
- security_group_id = @adapter.create_security_group(attributes)
11
-
12
- #delete default rule
13
- delete_sg = sg.clone
14
- delete_sg.set_default_rules
15
-
16
- delete_security_rule(delete_sg) unless @adapter.instance_of?(Kakine::Adapter::Mock)
17
- security_group_id
18
- end
19
-
20
- def delete_security_group(sg)
21
- security_group = Kakine::Resource.security_group(sg.tenant_name, sg.name)
22
- @adapter.delete_security_group(security_group.id)
23
- end
24
-
25
- def create_security_rule(sg, security_group_id=nil)
26
- if security_group_id.nil?
27
- security_group = Kakine::Resource.security_group(sg.tenant_name, sg.name)
28
- security_group_id = security_group.id
29
- end
30
- sg.rules.each do |rule|
31
- @adapter.create_rule(security_group_id, rule["direction"], rule)
32
- end if sg.has_rules?
33
- end
34
-
35
- def delete_security_rule(sg)
36
- security_group = Kakine::Resource.security_group(sg.tenant_name, sg.name)
37
- sg.rules.each do |rule|
38
- security_group_rule = Kakine::Resource.security_group_rule(security_group, rule)
39
- @adapter.delete_rule(security_group_rule.id)
40
- end if sg.has_rules?
41
- end
42
- end
43
- end
44
- end
data/lib/kakine/diff_parser.rb DELETED
@@ -1,88 +0,0 @@
1
- module Kakine
2
- class DiffParser
3
- @diff = ""
4
- class << self
5
- def parse_parameters(tenant_name, diff)
6
- @diff = diff
7
-
8
- registered_sg = Kakine::Resource.security_groups_hash(tenant_name)
9
- if ["+", "-"].include?(parse_transaction_type)
10
- if unit_is_security_group?
11
- rules = parse_security_group["rules"]
12
- description = parse_security_group["description"]
13
- elsif unit_is_security_rule?
14
- rules = [parse_security_group_rule]
15
- description = registered_sg[parse_security_group_name]["description"]
16
- elsif unit_is_description?
17
- raise "description is not exists"
18
- end
19
- else
20
- regex_update_description = /^[\w-]+\.description$/
21
- regex_update_rules = /^[\w-]+\.rules$/
22
- regex_update_attr = /^[\w-]+.[\w]+\[(\d)\].([\w]+)$/
23
-
24
- if parse_target_object_name.match(regex_update_description)
25
- rules = registered_sg[parse_security_group_name]["rules"]
26
- description = parse_after_description
27
- elsif parse_target_object_name.match(regex_update_rules)
28
- rules = parse_after_rules
29
- description = registered_sg[parse_security_group_name]["description"]
30
- elsif m = parse_target_object_name.match(regex_update_attr)
31
- rules = [registered_sg[parse_security_group_name]["rules"][m[1].to_i]]
32
- prev_rules = Marshal.load(Marshal.dump(rules)) # backup before value
33
- rules[0][m[2]] = parse_after_attr
34
- description = registered_sg[parse_security_group_name]["description"]
35
- end
36
- end
37
- rules ||= []
38
-
39
- {
40
- target_object_name: parse_target_object_name,
41
- name: parse_security_group_name,
42
- transaction_type: parse_transaction_type,
43
- tenant_id: Kakine::Resource.tenant(tenant_name).id,
44
- tenant_name: tenant_name,
45
- description: description,
46
- rules: rules,
47
- prev_rules: prev_rules
48
- }
49
- end
50
-
51
- def parse_security_group_name
52
- parse_target_object_name.split(/[\.\[]/, 2)[0]
53
- end
54
-
55
-
56
- def parse_transaction_type
57
- @diff[0]
58
- end
59
-
60
- def parse_target_object_name
61
- @diff[1]
62
- end
63
-
64
- def parse_security_group
65
- @diff[2]
66
- end
67
- alias :parse_security_group_rule :parse_security_group
68
-
69
- def parse_after_attr
70
- @diff[3]
71
- end
72
- alias :parse_after_description :parse_after_attr
73
- alias :parse_after_rules :parse_after_attr
74
-
75
- def unit_is_security_group?
76
- parse_security_group && parse_security_group["rules"]
77
- end
78
-
79
- def unit_is_security_rule?
80
- !(parse_security_group_rule.nil? || unit_is_description?)
81
- end
82
-
83
- def unit_is_description?
84
- parse_target_object_name.index('description')
85
- end
86
- end
87
- end
88
- end
data/lib/kakine/hash_sort.rb DELETED
@@ -1,13 +0,0 @@
1
- class Hash
2
- def sg_rules_sort
3
- self.each do |sg|
4
- sg[1]['rules'].sort_by! do |rule|
5
- rule.inject(0) do |ascii,(k,v)|
6
- ascii += v.ord.to_i unless v.nil?
7
- ascii
8
- end
9
- end unless sg[1].nil? || sg[1]['rules'].nil?
10
- end
11
- Hash[self]
12
- end
13
- end