kakine 0.4.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 08d689b653e85c4346a1ef9dc194dab3e247e279
-  data.tar.gz: 235a610f938c16abff1e046340a8361f6cbd9e27
+  metadata.gz: f25893373154babc9f6ca9f6e15a46bfc8f5b4b3
+  data.tar.gz: fc7d8616e2056ebad0ba5ba0019b2979dca0b71e
 SHA512:
-  metadata.gz: 6a688afc029c91f62930b1c393cbf514bf0cc7290d3c1e2b5628780b9603f02aba816b196f735d79ef7fcf9ee7cd5d16c7cd915efcb789b2e1e9657b53759b60
-  data.tar.gz: 6166fdac44b9ed3c370f30681caa18c287fd2736558f96abcfe97c7a1748ed0926802e710d0528624b57bdcfd51f64b771615b2d6595f1df225fe41c76b74d62
+  metadata.gz: 7146432c3aeef77150a529a367e3b3ea589a4c5bd96599318387f40dc33a297edfcca28babb6e420fb8b3fc6a2cc72f1761a81581399066dc6f475ea7f204461
+  data.tar.gz: 9ea4749818c1bf39f95ad96477b6c7e372384340335822355a9a101636ce1d0c6ed119b89e2ccbd9c61442f72b1f2ac373c22ab5fa4a5a9ecd63cadfab94f6ef

data/.gitignore

@@ -8,3 +8,5 @@
 /spec/reports/
 /tmp/
 /*.yaml
+/vendor/
+/bin/

data/.travis.yml

@@ -3,3 +3,4 @@ rvm:
   - 2.0.0
   - 2.1.6
   - 2.2.2
+  - 2.3.1

data/README.md

@@ -22,7 +22,9 @@ Or install it yourself as:
 
 ## Usage
 
-You can define Security Group configuration for OpenStack via YAML format. Like following syntax.
+### Syntax
+
+You can define Security Group configuration for OpenStack in YAML format as the following example.
 
 ```yaml
 app:
@@ -44,16 +46,53 @@ rails:
       remote_ip: 0.0.0.0/0
 ```
 
+`port`s and `remote_ip`s may be specified as arrays, in which case the rule is expanded to set of rules with all the combinations of them.
+```yaml
+app:
+  rules:
+    - direction: ingress
+      protocol: tcp
+      port: [80, 443]
+      remote_ip:
+        - 192.0.2.0/24
+        - 198.51.100.0/24
+```
+
+
+Top-level keys whose name both starts and ends with underscores (eg. `_common_`, `_default_`) are considered **meta sections** and do not correspond to security groups.
+These sections are useful to define values that commonly appears throughout the file, used with YAML's anchors and references.
+
+```yaml
+_common_:
+  - &net1 192.0.2.0/24
+  - &net2 198.51.100.0/24
+
+restricted_web:
+  rules:
+  - direction: ingress
+    protocol: tcp
+    port: 80
+    remote_ip: *net1
+  - direction: ingress
+    protocol: tcp
+    port: 80
+    remote_ip: *net2
+  description: Restricted HTTP access
+```
+
+### Authentication configuration
+
 You need to put a configuration file to home directory.
 
 ```sh
 % cat ~/.kakine
 auth_url: "http://your-openstack-endpoint/v2.0"
 username: "admin"
-tenant: "admin"
 password: "admin"
 ```
 
+### Commands
+
 run following command.
 
 ```sh

data/kakine.gemspec

@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "yao", "~> 0.2.0"
+  spec.add_dependency "yao", ">= 0.2.12"
   spec.add_dependency 'thor'
 
   spec.add_development_dependency "bundler"

data/lib/kakine.rb

@@ -23,5 +23,3 @@ module Kakine
   class ConfigureError < Error; end
   class SecurityRuleError < Error; end
 end
-
-Kakine::Config.setup unless ENV['RACK_ENV'] == 'test'

data/lib/kakine/adapter.rb

@@ -1,15 +1,13 @@
-require 'singleton'
 module Kakine
-  class Adapter
-    @@adapter = nil
-    include Singleton
+  module Adapter
     class << self
       def instance
-        @@adapter ||= if Kakine::Option.dryrun?
-          Kakine::Adapter::Mock.new
-        else
-          Kakine::Adapter::Real.new
-        end
+        @@adapter ||=
+          if Kakine::Option.dryrun?
+            Kakine::Adapter::Mock.new
+          else
+            Kakine::Adapter::Real.new
+          end
       end
     end
   end

data/lib/kakine/adapter/base.rb

@@ -1,10 +1,6 @@
 module Kakine
-  class Adapter
+  module Adapter
     module Base
-      def tenants
-        Yao::Tenant.list
-      end
-
       def security_groups
         Yao::SecurityGroup.list
       end

data/lib/kakine/adapter/mock.rb

@@ -1,5 +1,5 @@
 module Kakine
-  class Adapter
+  module Adapter
     class Mock
       include Kakine::Adapter::Base
       def create_rule(security_group_id, direction, security_rule)

data/lib/kakine/adapter/real.rb

@@ -1,5 +1,5 @@
 module Kakine
-  class Adapter
+  module Adapter
     class Real
       include Kakine::Adapter::Base
       def create_rule(security_group_id, direction, security_rule)

data/lib/kakine/cli.rb

@@ -1,12 +1,10 @@
-require 'kakine'
-
 module Kakine
   class CLI < Thor
 
     option :tenant, type: :string, aliases: '-t'
     desc 'show', 'show Security Groups specified tenant'
     def show
-      Kakine::Option.set_options(options)
+      setup(options)
       Kakine::Director.show_current_security_group
     end
 
@@ -15,8 +13,15 @@ module Kakine
     option :filename, type: :string, aliases: "-f"
     desc 'apply', "apply local configuration into OpenStack"
     def apply
-      Kakine::Option.set_options(options)
+      setup(options)
       Kakine::Director.apply
     end
+
+    no_commands do
+      def setup(options)
+        Kakine::Option.set_options(options)
+        Kakine::Config.setup unless ENV['RACK_ENV'] == 'test'
+      end
+    end
   end
 end

data/lib/kakine/config.rb

@@ -3,36 +3,51 @@ require 'yaml'
 
 module Kakine
   class Config
+    OS_PARAMS = %w[auth_url username password]
+
+    @@config = {}
+
     def self.setup
       load_config
+      load_env
+      validate_config
       setup_yao
     end
 
     private
 
     def self.load_config
-      config_file = File.join(Dir.home, '.kakine')
-      raise '~/.kakine is missing' unless File.exists?(config_file)
+      config =
+        begin
+          YAML.load_file(File.join(Dir.home, '.kakine'))
+        rescue Errno::ENOENT
+          return
+        end
 
-      config = YAML.load_file(config_file)
+      @@config.merge!(config)
+    end
 
-      %w[auth_url tenant username password].each do |conf_item|
-        raise "Configuration '#{conf_item}' is missing. Check your ~/.kakine" unless config[conf_item]
+    def self.load_env
+      OS_PARAMS.each do |param|
+        env = "OS_#{param.upcase}"
+        @@config[param] = ENV[env] if ENV[env]
       end
+    end
 
-      @@auth_url       = config['auth_url']
-      @@tenant         = config['tenant']
-      @@username       = config['username']
-      @@password       = config['password']
-      true
+    def self.validate_config
+      OS_PARAMS.each do |param|
+        unless @@config[param]
+          raise "Configuration '#{param}' is missing. Check your ~/.kakine or export OS_#{param.upcase}."
+        end
+      end
     end
 
     def self.setup_yao
       Yao.configure do
-        auth_url    @@auth_url
-        tenant_name @@tenant
-        username    @@username
-        password    @@password
+        auth_url    @@config['auth_url']
+        tenant_name Kakine::Option.tenant_name
+        username    @@config['username']
+        password    @@config['password']
       end
     end
   end

data/lib/kakine/resource/openstack.rb

@@ -8,16 +8,12 @@ module Kakine
           end
         end
 
-        def tenant(tenant_name)
-          @@tenant ||= Kakine::Adapter.instance.tenants.detect{|t| t.name == tenant_name}
-        end
-
         def security_group(tenant_name, security_group_name)
           security_groups_on_tenant(tenant_name).detect{|sg| sg.name == security_group_name}
         end
 
         def security_groups_on_tenant(tenant_name)
-          Kakine::Adapter.instance.security_groups.select { |sg| sg.tenant_id == tenant(tenant_name).id }
+          Kakine::Adapter.instance.security_groups.select { |sg| sg.tenant_id == Yao.current_tenant_id }
         end
 
         def security_groups_hash

data/lib/kakine/resource/yaml.rb

@@ -3,9 +3,16 @@ module Kakine
     class Yaml
       class << self
         def load_security_group
-          load_yaml = yaml(Kakine::Option.yaml_name)
-          validate_file_input(load_yaml)
-          load_yaml.map { |sg| Kakine::SecurityGroup.new(Kakine::Option.tenant_name, sg) }
+          config = load_file(Kakine::Option.yaml_name)
+          config.map {|sg| Kakine::SecurityGroup.new(Kakine::Option.tenant_name, sg) }
+        end
+
+        def load_file(filename)
+          data = yaml(filename).reject {|k, _| k.start_with?('_') && k.end_with?('_') }
+          validate_file_input(data)
+          data.each do |name, params|
+            params['rules'] = perform_expansion(params['rules']) if params['rules']
+          end
         end
 
         def yaml(filename)
@@ -71,6 +78,27 @@ module Kakine
         def has_ethertype?(rule)
           rule.key?("ethertype")
         end
+
+        # [{key => [val0, val1], ...}] to [{key => val0, ...}, {key => val1, ...}]
+        def expand_rules(rules, key)
+          rules.flat_map do |rule|
+            if rule[key].respond_to?(:to_ary)
+              rule[key].to_ary.flatten.map do |val|
+                rule.dup.tap {|rule| rule[key] = val }
+              end
+            else
+              rule
+            end
+          end
+        end
+
+        def perform_expansion(rules)
+          %w(remote_ip port).each do |key|
+            rules = expand_rules(rules, key)
+          end
+
+          rules
+        end
       end
     end
   end

data/lib/kakine/security_group.rb

@@ -12,7 +12,7 @@ module Kakine
     end
 
     def tenant_id
-      Kakine::Resource.get(:openstack).tenant(@tenant_name).id
+      Yao.current_tenant_id
     end
 
     def ==(target_sg)

data/lib/kakine/security_rule.rb

@@ -1,6 +1,8 @@
 module Kakine
   class SecurityRule
-    attr_reader :id, :direction, :protocol, :port_range_max, :port_range_min, :remote_ip, :remote_group, :ethertype
+    ATTRIBUTES = %i(direction protocol port_range_max port_range_min remote_ip remote_group ethertype).freeze
+
+    attr_reader :id, *ATTRIBUTES
 
     def initialize(rule, tenant_name, sg_name)
       @tenant_name = tenant_name
@@ -14,8 +16,8 @@ module Kakine
     end
 
     def ==(target_sg)
-      %i(@direction @protocol @port_range_max @port_range_min @remote_ip @remote_group @ethertype).all? do |val|
-        self.instance_variable_get(val) == target_sg.instance_variable_get(val)
+      ATTRIBUTES.all? do |attr|
+        self.public_send(attr) == target_sg.public_send(attr)
       end
     end
 

data/lib/kakine/version.rb

@@ -1,3 +1,3 @@
 module Kakine
-  VERSION = "0.4.0"
+  VERSION = "0.5.0"
 end

metadata

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: kakine
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - SHIBATA Hiroshi
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2015-12-11 00:00:00.000000000 Z
+date: 2016-06-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: yao
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.2.12
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.2.12
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -148,9 +148,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.0
+rubygems_version: 2.4.8
 signing_key: 
 specification_version: 4
 summary: Security Group configuration tool for OpenStack.
 test_files: []
-has_rdoc: