kakine 0.4.0 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +2 -0
- data/.travis.yml +1 -0
- data/README.md +41 -2
- data/kakine.gemspec +1 -1
- data/lib/kakine.rb +0 -2
- data/lib/kakine/adapter.rb +7 -9
- data/lib/kakine/adapter/base.rb +1 -5
- data/lib/kakine/adapter/mock.rb +1 -1
- data/lib/kakine/adapter/real.rb +1 -1
- data/lib/kakine/cli.rb +9 -4
- data/lib/kakine/config.rb +29 -14
- data/lib/kakine/resource/openstack.rb +1 -5
- data/lib/kakine/resource/yaml.rb +31 -3
- data/lib/kakine/security_group.rb +1 -1
- data/lib/kakine/security_rule.rb +5 -3
- data/lib/kakine/version.rb +1 -1
- metadata +7 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f25893373154babc9f6ca9f6e15a46bfc8f5b4b3
|
4
|
+
data.tar.gz: fc7d8616e2056ebad0ba5ba0019b2979dca0b71e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7146432c3aeef77150a529a367e3b3ea589a4c5bd96599318387f40dc33a297edfcca28babb6e420fb8b3fc6a2cc72f1761a81581399066dc6f475ea7f204461
|
7
|
+
data.tar.gz: 9ea4749818c1bf39f95ad96477b6c7e372384340335822355a9a101636ce1d0c6ed119b89e2ccbd9c61442f72b1f2ac373c22ab5fa4a5a9ecd63cadfab94f6ef
|
data/.gitignore
CHANGED
data/.travis.yml
CHANGED
data/README.md
CHANGED
@@ -22,7 +22,9 @@ Or install it yourself as:
|
|
22
22
|
|
23
23
|
## Usage
|
24
24
|
|
25
|
-
|
25
|
+
### Syntax
|
26
|
+
|
27
|
+
You can define Security Group configuration for OpenStack in YAML format as the following example.
|
26
28
|
|
27
29
|
```yaml
|
28
30
|
app:
|
@@ -44,16 +46,53 @@ rails:
|
|
44
46
|
remote_ip: 0.0.0.0/0
|
45
47
|
```
|
46
48
|
|
49
|
+
`port`s and `remote_ip`s may be specified as arrays, in which case the rule is expanded to set of rules with all the combinations of them.
|
50
|
+
```yaml
|
51
|
+
app:
|
52
|
+
rules:
|
53
|
+
- direction: ingress
|
54
|
+
protocol: tcp
|
55
|
+
port: [80, 443]
|
56
|
+
remote_ip:
|
57
|
+
- 192.0.2.0/24
|
58
|
+
- 198.51.100.0/24
|
59
|
+
```
|
60
|
+
|
61
|
+
|
62
|
+
Top-level keys whose name both starts and ends with underscores (eg. `_common_`, `_default_`) are considered **meta sections** and do not correspond to security groups.
|
63
|
+
These sections are useful to define values that commonly appears throughout the file, used with YAML's anchors and references.
|
64
|
+
|
65
|
+
```yaml
|
66
|
+
_common_:
|
67
|
+
- &net1 192.0.2.0/24
|
68
|
+
- &net2 198.51.100.0/24
|
69
|
+
|
70
|
+
restricted_web:
|
71
|
+
rules:
|
72
|
+
- direction: ingress
|
73
|
+
protocol: tcp
|
74
|
+
port: 80
|
75
|
+
remote_ip: *net1
|
76
|
+
- direction: ingress
|
77
|
+
protocol: tcp
|
78
|
+
port: 80
|
79
|
+
remote_ip: *net2
|
80
|
+
description: Restricted HTTP access
|
81
|
+
```
|
82
|
+
|
83
|
+
### Authentication configuration
|
84
|
+
|
47
85
|
You need to put a configuration file to home directory.
|
48
86
|
|
49
87
|
```sh
|
50
88
|
% cat ~/.kakine
|
51
89
|
auth_url: "http://your-openstack-endpoint/v2.0"
|
52
90
|
username: "admin"
|
53
|
-
tenant: "admin"
|
54
91
|
password: "admin"
|
55
92
|
```
|
56
93
|
|
94
|
+
### Commands
|
95
|
+
|
57
96
|
run following command.
|
58
97
|
|
59
98
|
```sh
|
data/kakine.gemspec
CHANGED
@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
|
|
19
19
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
20
20
|
spec.require_paths = ["lib"]
|
21
21
|
|
22
|
-
spec.add_dependency "yao", "
|
22
|
+
spec.add_dependency "yao", ">= 0.2.12"
|
23
23
|
spec.add_dependency 'thor'
|
24
24
|
|
25
25
|
spec.add_development_dependency "bundler"
|
data/lib/kakine.rb
CHANGED
data/lib/kakine/adapter.rb
CHANGED
@@ -1,15 +1,13 @@
|
|
1
|
-
require 'singleton'
|
2
1
|
module Kakine
|
3
|
-
|
4
|
-
@@adapter = nil
|
5
|
-
include Singleton
|
2
|
+
module Adapter
|
6
3
|
class << self
|
7
4
|
def instance
|
8
|
-
@@adapter ||=
|
9
|
-
Kakine::
|
10
|
-
|
11
|
-
|
12
|
-
|
5
|
+
@@adapter ||=
|
6
|
+
if Kakine::Option.dryrun?
|
7
|
+
Kakine::Adapter::Mock.new
|
8
|
+
else
|
9
|
+
Kakine::Adapter::Real.new
|
10
|
+
end
|
13
11
|
end
|
14
12
|
end
|
15
13
|
end
|
data/lib/kakine/adapter/base.rb
CHANGED
data/lib/kakine/adapter/mock.rb
CHANGED
data/lib/kakine/adapter/real.rb
CHANGED
data/lib/kakine/cli.rb
CHANGED
@@ -1,12 +1,10 @@
|
|
1
|
-
require 'kakine'
|
2
|
-
|
3
1
|
module Kakine
|
4
2
|
class CLI < Thor
|
5
3
|
|
6
4
|
option :tenant, type: :string, aliases: '-t'
|
7
5
|
desc 'show', 'show Security Groups specified tenant'
|
8
6
|
def show
|
9
|
-
|
7
|
+
setup(options)
|
10
8
|
Kakine::Director.show_current_security_group
|
11
9
|
end
|
12
10
|
|
@@ -15,8 +13,15 @@ module Kakine
|
|
15
13
|
option :filename, type: :string, aliases: "-f"
|
16
14
|
desc 'apply', "apply local configuration into OpenStack"
|
17
15
|
def apply
|
18
|
-
|
16
|
+
setup(options)
|
19
17
|
Kakine::Director.apply
|
20
18
|
end
|
19
|
+
|
20
|
+
no_commands do
|
21
|
+
def setup(options)
|
22
|
+
Kakine::Option.set_options(options)
|
23
|
+
Kakine::Config.setup unless ENV['RACK_ENV'] == 'test'
|
24
|
+
end
|
25
|
+
end
|
21
26
|
end
|
22
27
|
end
|
data/lib/kakine/config.rb
CHANGED
@@ -3,36 +3,51 @@ require 'yaml'
|
|
3
3
|
|
4
4
|
module Kakine
|
5
5
|
class Config
|
6
|
+
OS_PARAMS = %w[auth_url username password]
|
7
|
+
|
8
|
+
@@config = {}
|
9
|
+
|
6
10
|
def self.setup
|
7
11
|
load_config
|
12
|
+
load_env
|
13
|
+
validate_config
|
8
14
|
setup_yao
|
9
15
|
end
|
10
16
|
|
11
17
|
private
|
12
18
|
|
13
19
|
def self.load_config
|
14
|
-
|
15
|
-
|
20
|
+
config =
|
21
|
+
begin
|
22
|
+
YAML.load_file(File.join(Dir.home, '.kakine'))
|
23
|
+
rescue Errno::ENOENT
|
24
|
+
return
|
25
|
+
end
|
16
26
|
|
17
|
-
config
|
27
|
+
@@config.merge!(config)
|
28
|
+
end
|
18
29
|
|
19
|
-
|
20
|
-
|
30
|
+
def self.load_env
|
31
|
+
OS_PARAMS.each do |param|
|
32
|
+
env = "OS_#{param.upcase}"
|
33
|
+
@@config[param] = ENV[env] if ENV[env]
|
21
34
|
end
|
35
|
+
end
|
22
36
|
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
37
|
+
def self.validate_config
|
38
|
+
OS_PARAMS.each do |param|
|
39
|
+
unless @@config[param]
|
40
|
+
raise "Configuration '#{param}' is missing. Check your ~/.kakine or export OS_#{param.upcase}."
|
41
|
+
end
|
42
|
+
end
|
28
43
|
end
|
29
44
|
|
30
45
|
def self.setup_yao
|
31
46
|
Yao.configure do
|
32
|
-
auth_url @@auth_url
|
33
|
-
tenant_name
|
34
|
-
username @@username
|
35
|
-
password @@password
|
47
|
+
auth_url @@config['auth_url']
|
48
|
+
tenant_name Kakine::Option.tenant_name
|
49
|
+
username @@config['username']
|
50
|
+
password @@config['password']
|
36
51
|
end
|
37
52
|
end
|
38
53
|
end
|
@@ -8,16 +8,12 @@ module Kakine
|
|
8
8
|
end
|
9
9
|
end
|
10
10
|
|
11
|
-
def tenant(tenant_name)
|
12
|
-
@@tenant ||= Kakine::Adapter.instance.tenants.detect{|t| t.name == tenant_name}
|
13
|
-
end
|
14
|
-
|
15
11
|
def security_group(tenant_name, security_group_name)
|
16
12
|
security_groups_on_tenant(tenant_name).detect{|sg| sg.name == security_group_name}
|
17
13
|
end
|
18
14
|
|
19
15
|
def security_groups_on_tenant(tenant_name)
|
20
|
-
Kakine::Adapter.instance.security_groups.select { |sg| sg.tenant_id ==
|
16
|
+
Kakine::Adapter.instance.security_groups.select { |sg| sg.tenant_id == Yao.current_tenant_id }
|
21
17
|
end
|
22
18
|
|
23
19
|
def security_groups_hash
|
data/lib/kakine/resource/yaml.rb
CHANGED
@@ -3,9 +3,16 @@ module Kakine
|
|
3
3
|
class Yaml
|
4
4
|
class << self
|
5
5
|
def load_security_group
|
6
|
-
|
7
|
-
|
8
|
-
|
6
|
+
config = load_file(Kakine::Option.yaml_name)
|
7
|
+
config.map {|sg| Kakine::SecurityGroup.new(Kakine::Option.tenant_name, sg) }
|
8
|
+
end
|
9
|
+
|
10
|
+
def load_file(filename)
|
11
|
+
data = yaml(filename).reject {|k, _| k.start_with?('_') && k.end_with?('_') }
|
12
|
+
validate_file_input(data)
|
13
|
+
data.each do |name, params|
|
14
|
+
params['rules'] = perform_expansion(params['rules']) if params['rules']
|
15
|
+
end
|
9
16
|
end
|
10
17
|
|
11
18
|
def yaml(filename)
|
@@ -71,6 +78,27 @@ module Kakine
|
|
71
78
|
def has_ethertype?(rule)
|
72
79
|
rule.key?("ethertype")
|
73
80
|
end
|
81
|
+
|
82
|
+
# [{key => [val0, val1], ...}] to [{key => val0, ...}, {key => val1, ...}]
|
83
|
+
def expand_rules(rules, key)
|
84
|
+
rules.flat_map do |rule|
|
85
|
+
if rule[key].respond_to?(:to_ary)
|
86
|
+
rule[key].to_ary.flatten.map do |val|
|
87
|
+
rule.dup.tap {|rule| rule[key] = val }
|
88
|
+
end
|
89
|
+
else
|
90
|
+
rule
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
94
|
+
|
95
|
+
def perform_expansion(rules)
|
96
|
+
%w(remote_ip port).each do |key|
|
97
|
+
rules = expand_rules(rules, key)
|
98
|
+
end
|
99
|
+
|
100
|
+
rules
|
101
|
+
end
|
74
102
|
end
|
75
103
|
end
|
76
104
|
end
|
data/lib/kakine/security_rule.rb
CHANGED
@@ -1,6 +1,8 @@
|
|
1
1
|
module Kakine
|
2
2
|
class SecurityRule
|
3
|
-
|
3
|
+
ATTRIBUTES = %i(direction protocol port_range_max port_range_min remote_ip remote_group ethertype).freeze
|
4
|
+
|
5
|
+
attr_reader :id, *ATTRIBUTES
|
4
6
|
|
5
7
|
def initialize(rule, tenant_name, sg_name)
|
6
8
|
@tenant_name = tenant_name
|
@@ -14,8 +16,8 @@ module Kakine
|
|
14
16
|
end
|
15
17
|
|
16
18
|
def ==(target_sg)
|
17
|
-
|
18
|
-
self.
|
19
|
+
ATTRIBUTES.all? do |attr|
|
20
|
+
self.public_send(attr) == target_sg.public_send(attr)
|
19
21
|
end
|
20
22
|
end
|
21
23
|
|
data/lib/kakine/version.rb
CHANGED
metadata
CHANGED
@@ -1,29 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kakine
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- SHIBATA Hiroshi
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2016-06-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: yao
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.2.
|
19
|
+
version: 0.2.12
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - "
|
24
|
+
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.2.
|
26
|
+
version: 0.2.12
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: thor
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -148,9 +148,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
148
148
|
version: '0'
|
149
149
|
requirements: []
|
150
150
|
rubyforge_project:
|
151
|
-
rubygems_version: 2.
|
151
|
+
rubygems_version: 2.4.8
|
152
152
|
signing_key:
|
153
153
|
specification_version: 4
|
154
154
|
summary: Security Group configuration tool for OpenStack.
|
155
155
|
test_files: []
|
156
|
-
has_rdoc:
|