kakine 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/kakine.rb +3 -3
- data/lib/kakine/adapter.rb +20 -0
- data/lib/kakine/adapter/mock.rb +5 -7
- data/lib/kakine/adapter/real.rb +27 -8
- data/lib/kakine/cli.rb +14 -54
- data/lib/kakine/operation.rb +38 -0
- data/lib/kakine/resource.rb +32 -23
- data/lib/kakine/security_group.rb +51 -47
- data/lib/kakine/security_rule.rb +58 -0
- data/lib/kakine/validate.rb +42 -0
- data/lib/kakine/version.rb +1 -1
- metadata +5 -5
- data/lib/kakine/cli/operation.rb +0 -44
- data/lib/kakine/diff_parser.rb +0 -88
- data/lib/kakine/hash_sort.rb +0 -13
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 70641f4e229c0b370d35779df007a7df6da8652f
|
4
|
+
data.tar.gz: 2dde1b80581774ea0c74f8848e4f703e25faf22f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4cead3fba0343c55d0af964843358cdcaaee3e6b0249a5e18195b8fc84cc266cab4930faa0c6cac8012ed111c32a36ac567fa3bc00a32f8fced787a74d6d92d1
|
7
|
+
data.tar.gz: 08660d1645a78545d7bf22aff0f0dd074de1d0b358045428a559a1b604350e2f165812eb8351c17d9a63742c0e33bd009e87fc251a8d0f217e3c47c7e32fc85a
|
data/lib/kakine.rb
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
require "kakine/version"
|
2
2
|
require 'kakine/cli'
|
3
|
-
require 'kakine/
|
3
|
+
require 'kakine/operation'
|
4
4
|
require 'kakine/adapter'
|
5
5
|
require 'kakine/resource'
|
6
|
-
require 'kakine/hash_sort'
|
7
6
|
require 'kakine/security_group'
|
8
|
-
require 'kakine/
|
7
|
+
require 'kakine/security_rule'
|
8
|
+
require 'kakine/validate'
|
9
9
|
|
10
10
|
module Kakine
|
11
11
|
end
|
data/lib/kakine/adapter.rb
CHANGED
@@ -1,2 +1,22 @@
|
|
1
1
|
require 'kakine/adapter/real'
|
2
2
|
require 'kakine/adapter/mock'
|
3
|
+
|
4
|
+
module Kakine
|
5
|
+
class Adapter
|
6
|
+
def self.set_option(dryrun)
|
7
|
+
@@dryrun = dryrun
|
8
|
+
end
|
9
|
+
|
10
|
+
def self.get_instance
|
11
|
+
@@adapter ||= if @@dryrun
|
12
|
+
Kakine::Adapter::Mock.new
|
13
|
+
else
|
14
|
+
Kakine::Adapter::Real.new
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
private
|
19
|
+
def initialize
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
data/lib/kakine/adapter/mock.rb
CHANGED
@@ -1,18 +1,16 @@
|
|
1
1
|
module Kakine
|
2
2
|
class Adapter
|
3
3
|
class Mock
|
4
|
-
def create_rule(security_group_id, direction,
|
5
|
-
attributes
|
6
|
-
|
7
|
-
attributes[
|
4
|
+
def create_rule(security_group_id, direction, security_rule)
|
5
|
+
attributes = {}
|
6
|
+
%w(protocol port_range_max port_range_min remote_ip ethertype).each do |k|
|
7
|
+
attributes[k] = eval("security_rule.#{k}")
|
8
8
|
end
|
9
9
|
if attributes["remote_ip"]
|
10
10
|
attributes["remote_ip_prefix"] = attributes.delete("remote_ip")
|
11
11
|
end
|
12
12
|
|
13
|
-
|
14
|
-
attributes.each{|k,v| data[k.to_sym] = v}
|
15
|
-
puts "Create Rule: #{security_group_id} - #{direction}: #{attributes}"
|
13
|
+
puts "Create Rule: #{security_group_id} - #{security_rule.direction}: #{attributes}"
|
16
14
|
end
|
17
15
|
|
18
16
|
def delete_rule(security_group_rule_id)
|
data/lib/kakine/adapter/real.rb
CHANGED
@@ -1,10 +1,11 @@
|
|
1
|
+
require 'json'
|
1
2
|
module Kakine
|
2
3
|
class Adapter
|
3
4
|
class Real
|
4
|
-
def create_rule(security_group_id, direction,
|
5
|
-
attributes
|
6
|
-
|
7
|
-
attributes[
|
5
|
+
def create_rule(security_group_id, direction, security_rule)
|
6
|
+
attributes = {}
|
7
|
+
%w(protocol port_range_max port_range_min remote_ip ethertype).each do |k|
|
8
|
+
attributes[k] = eval("security_rule.#{k}")
|
8
9
|
end
|
9
10
|
if attributes["remote_ip"]
|
10
11
|
attributes["remote_ip_prefix"] = attributes.delete("remote_ip")
|
@@ -12,7 +13,13 @@ module Kakine
|
|
12
13
|
|
13
14
|
data = {}
|
14
15
|
attributes.each{|k,v| data[k.to_sym] = v}
|
15
|
-
|
16
|
+
begin
|
17
|
+
Fog::Network[:openstack].create_security_group_rule(security_group_id, direction, data)
|
18
|
+
rescue Excon::Errors::Conflict => e
|
19
|
+
JSON.parse(e.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
|
20
|
+
rescue Excon::Errors::BadRequest => e
|
21
|
+
JSON.parse(e.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
|
22
|
+
end
|
16
23
|
end
|
17
24
|
|
18
25
|
def delete_rule(security_group_rule_id)
|
@@ -22,12 +29,24 @@ module Kakine
|
|
22
29
|
def create_security_group(attributes)
|
23
30
|
data = {}
|
24
31
|
attributes.each{|k,v| data[k.to_sym] = v}
|
25
|
-
|
26
|
-
|
32
|
+
begin
|
33
|
+
response = Fog::Network[:openstack].create_security_group(data)
|
34
|
+
response.data[:body]["security_group"]["id"]
|
35
|
+
rescue Excon::Errors::Conflict => e
|
36
|
+
JSON.parse(e.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
|
37
|
+
rescue Excon::Errors::BadRequest => e
|
38
|
+
JSON.parse(e.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
|
39
|
+
end
|
27
40
|
end
|
28
41
|
|
29
42
|
def delete_security_group(security_group_id)
|
30
|
-
|
43
|
+
begin
|
44
|
+
Fog::Network[:openstack].delete_security_group(security_group_id)
|
45
|
+
rescue Excon::Errors::Conflict => e
|
46
|
+
JSON.parse(e.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
|
47
|
+
rescue Excon::Errors::BadRequest => e
|
48
|
+
JSON.parse(e.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
|
49
|
+
end
|
31
50
|
end
|
32
51
|
end
|
33
52
|
end
|
data/lib/kakine/cli.rb
CHANGED
@@ -2,7 +2,6 @@ require 'thor'
|
|
2
2
|
require 'fog'
|
3
3
|
require 'yaml'
|
4
4
|
require 'hashdiff'
|
5
|
-
|
6
5
|
module Kakine
|
7
6
|
class CLI < Thor
|
8
7
|
|
@@ -17,62 +16,23 @@ module Kakine
|
|
17
16
|
option :filename, type: :string, aliases: "-f"
|
18
17
|
desc 'apply', "apply local configuration into OpenStack"
|
19
18
|
def apply
|
20
|
-
adapter = if options[:dryrun]
|
21
|
-
Kakine::Adapter::Mock.new
|
22
|
-
else
|
23
|
-
Kakine::Adapter::Real.new
|
24
|
-
end
|
25
|
-
|
26
|
-
operation = Kakine::CLI::Operation.new
|
27
|
-
operation.set_adapter(adapter)
|
28
|
-
|
29
19
|
filename = options[:filename] ? options[:filename] : "#{options[:tenant]}.yaml"
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
security_groups.each do |sg|
|
44
|
-
if sg.update_rule? # foo[2]
|
45
|
-
case
|
46
|
-
when sg.add?
|
47
|
-
operation.create_security_rule(sg)
|
48
|
-
when sg.delete?
|
49
|
-
operation.delete_security_rule(sg)
|
50
|
-
when sg.update_attr?
|
51
|
-
pre_sg = sg.get_prev_instance
|
52
|
-
operation.delete_security_rule(pre_sg)
|
53
|
-
delay_create << sg # avoid duplication entry
|
54
|
-
else
|
55
|
-
raise
|
56
|
-
end
|
57
|
-
else # foo
|
58
|
-
case
|
59
|
-
when sg.add?
|
60
|
-
security_group_id = operation.create_security_group(sg)
|
61
|
-
operation.create_security_rule(sg, security_group_id)
|
62
|
-
when sg.delete?
|
63
|
-
operation.delete_security_group(sg)
|
64
|
-
when sg.update_attr?
|
65
|
-
operation.delete_security_group(sg)
|
66
|
-
security_group_id = operation.create_security_group(sg)
|
67
|
-
operation.create_security_rule(sg, security_group_id)
|
68
|
-
else
|
69
|
-
raise
|
70
|
-
end
|
20
|
+
Kakine::Adapter.set_option(options[:dryrun])
|
21
|
+
|
22
|
+
current_security_groups = Kakine::Resource.get_current(options[:tenant])
|
23
|
+
new_security_groups = Kakine::Resource.load_security_group_by_yaml(filename, options[:tenant])
|
24
|
+
|
25
|
+
return unless new_security_groups
|
26
|
+
new_security_groups.each do |new_sg|
|
27
|
+
registered_sg = current_security_groups.find { |cur_sg| cur_sg.name == new_sg.name }
|
28
|
+
if registered_sg
|
29
|
+
new_sg.convergence!(registered_sg) if new_sg != registered_sg
|
30
|
+
else
|
31
|
+
new_sg.register!
|
71
32
|
end
|
72
33
|
end
|
73
|
-
|
74
|
-
|
75
|
-
operation.create_security_rule(sg)
|
34
|
+
current_security_groups.each do |current_sg|
|
35
|
+
current_sg.unregister! if new_security_groups.none? { |new_sg| current_sg.name == new_sg.name }
|
76
36
|
end
|
77
37
|
end
|
78
38
|
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
module Kakine
|
2
|
+
class Operation
|
3
|
+
class << self
|
4
|
+
def adapter
|
5
|
+
@@adapter ||= Kakine::Adapter.get_instance
|
6
|
+
end
|
7
|
+
|
8
|
+
def create_security_group(sg)
|
9
|
+
attributes = {name: sg.name, description: sg.description, tenant_id: sg.tenant_id}
|
10
|
+
security_group_id = adapter.create_security_group(attributes)
|
11
|
+
|
12
|
+
#delete default rule
|
13
|
+
sg.get_default_rule_instance.rules.each { |rule| rule.unregister! } unless adapter.instance_of?(Kakine::Adapter::Mock)
|
14
|
+
security_group_id
|
15
|
+
end
|
16
|
+
|
17
|
+
def delete_security_group(sg)
|
18
|
+
security_group = Kakine::Resource.security_group(sg.tenant_name, sg.name)
|
19
|
+
adapter.delete_security_group(security_group.id)
|
20
|
+
end
|
21
|
+
|
22
|
+
def create_security_rule(tenant_name, sg_name, rule)
|
23
|
+
security_group_id = if adapter.instance_of?(Kakine::Adapter::Mock)
|
24
|
+
"[Mock] #{sg_name} ID"
|
25
|
+
else
|
26
|
+
Kakine::Resource.security_group(tenant_name, sg_name).id
|
27
|
+
end
|
28
|
+
adapter.create_rule(security_group_id, rule.direction, rule)
|
29
|
+
end
|
30
|
+
|
31
|
+
def delete_security_rule(tenant_name, sg_name, rule)
|
32
|
+
security_group = Kakine::Resource.security_group(tenant_name, sg_name)
|
33
|
+
security_group_rule = Kakine::Resource.security_group_rule(security_group, rule)
|
34
|
+
adapter.delete_rule(security_group_rule.id)
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
data/lib/kakine/resource.rb
CHANGED
@@ -1,9 +1,20 @@
|
|
1
|
-
require 'kakine/hash_sort'
|
2
1
|
module Kakine
|
3
2
|
class Resource
|
4
3
|
class << self
|
4
|
+
def load_security_group_by_yaml(filename, tenant_name)
|
5
|
+
load_yaml = yaml(filename)
|
6
|
+
return false unless Kakine::Validate.validate_file_input(load_yaml)
|
7
|
+
load_yaml.map { |sg| Kakine::SecurityGroup.new(tenant_name, sg) }
|
8
|
+
end
|
9
|
+
|
10
|
+
def get_current(tenant_name)
|
11
|
+
Kakine::Resource.security_groups_hash(tenant_name).map do |sg|
|
12
|
+
Kakine::SecurityGroup.new(tenant_name, sg)
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
5
16
|
def yaml(filename)
|
6
|
-
YAML.load_file(filename).to_hash
|
17
|
+
YAML.load_file(filename).to_hash
|
7
18
|
end
|
8
19
|
|
9
20
|
def tenant(tenant_name)
|
@@ -16,22 +27,20 @@ module Kakine
|
|
16
27
|
|
17
28
|
def security_group_rule(security_group, attributes)
|
18
29
|
security_group.security_group_rules.detect do |sg|
|
19
|
-
if attributes["port"]
|
20
|
-
attributes["port_range_max"] = attributes["port_range_min"] = attributes["port"]
|
21
|
-
end
|
22
30
|
|
23
|
-
sg.direction == attributes
|
24
|
-
sg.protocol == attributes
|
25
|
-
sg.port_range_max == attributes
|
26
|
-
sg.port_range_min == attributes
|
31
|
+
sg.direction == attributes.direction &&
|
32
|
+
sg.protocol == attributes.protocol &&
|
33
|
+
sg.port_range_max == attributes.port_range_max &&
|
34
|
+
sg.port_range_min == attributes.port_range_min &&
|
35
|
+
sg.ethertype == attributes.ethertype &&
|
27
36
|
(
|
28
37
|
(
|
29
|
-
|
30
|
-
sg.
|
38
|
+
attributes.remote_group_id.nil? &&
|
39
|
+
sg.remote_ip_prefix == attributes.remote_ip
|
31
40
|
) ||
|
32
41
|
(
|
33
|
-
|
34
|
-
|
42
|
+
attributes.remote_ip.nil? &&
|
43
|
+
sg.remote_group_id == attributes.remote_group_id
|
35
44
|
)
|
36
45
|
)
|
37
46
|
end
|
@@ -48,22 +57,24 @@ module Kakine
|
|
48
57
|
sg_hash[sg.name]["rules"] = format_security_group(sg)
|
49
58
|
sg_hash[sg.name]["description"] = sg.description
|
50
59
|
end
|
51
|
-
sg_hash
|
60
|
+
sg_hash
|
52
61
|
end
|
53
62
|
|
54
63
|
def format_security_group(security_group)
|
55
|
-
|
56
|
-
|
57
|
-
security_group.security_group_rules.each do |rule|
|
64
|
+
security_group.security_group_rules.map do |rule|
|
58
65
|
rule_hash = {}
|
59
66
|
rule_hash["direction"] = rule.direction
|
60
|
-
rule_hash["protocol"]
|
67
|
+
rule_hash["protocol"] = rule.protocol
|
68
|
+
rule_hash["ethertype"] = rule.ethertype
|
61
69
|
|
62
|
-
if rule.
|
70
|
+
if rule.protocol == "icmp"
|
71
|
+
rule_hash["type"] = rule.port_range_min
|
72
|
+
rule_hash["code"] = rule.port_range_max
|
73
|
+
elsif rule.port_range_max == rule.port_range_min
|
63
74
|
rule_hash["port"] = rule.port_range_max
|
64
75
|
else
|
65
|
-
rule_hash["port_range_max"] = rule.port_range_max
|
66
76
|
rule_hash["port_range_min"] = rule.port_range_min
|
77
|
+
rule_hash["port_range_max"] = rule.port_range_max
|
67
78
|
end
|
68
79
|
|
69
80
|
if rule.remote_group_id
|
@@ -71,11 +82,9 @@ module Kakine
|
|
71
82
|
rule_hash["remote_group"] = response.data[:body]["security_group"]["name"]
|
72
83
|
else
|
73
84
|
rule_hash["remote_ip"] = rule.remote_ip_prefix
|
74
|
-
rule_hash["ethertype"] = rule.ethertype
|
75
85
|
end
|
76
|
-
|
86
|
+
rule_hash
|
77
87
|
end
|
78
|
-
rules
|
79
88
|
end
|
80
89
|
end
|
81
90
|
end
|
@@ -1,76 +1,80 @@
|
|
1
|
+
require 'json'
|
1
2
|
module Kakine
|
2
3
|
class SecurityGroup
|
3
|
-
attr_reader :
|
4
|
+
attr_reader :name, :tenant_id, :tenant_name, :description, :rules
|
4
5
|
|
5
|
-
def initialize(tenant_name,
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
6
|
+
def initialize(tenant_name, parameter)
|
7
|
+
@name = parameter[0]
|
8
|
+
@tenant_name = tenant_name
|
9
|
+
@tenant_id = Kakine::Resource.tenant(tenant_name).id
|
10
|
+
@description = parameter[1]["description"] || ""
|
11
|
+
@rules = parameter[1]["rules"].map do |rule|
|
12
|
+
SecurityRule.new(rule, @tenant_name, @name)
|
13
|
+
end unless parameter[1]["rules"].nil?
|
14
|
+
@rules ||= []
|
11
15
|
end
|
12
16
|
|
13
17
|
def initialize_copy(obj)
|
14
18
|
@rules = Marshal.load(Marshal.dump(obj.rules))
|
15
|
-
@prev_rules = Marshal.load(Marshal.dump(obj.prev_rules))
|
16
|
-
unset_security_rules
|
17
|
-
end
|
18
|
-
|
19
|
-
def has_rules?
|
20
|
-
@rules.detect {|v| !v.nil? && v.size > 0}
|
21
19
|
end
|
22
20
|
|
23
|
-
def
|
24
|
-
|
21
|
+
def ==(target_sg)
|
22
|
+
instance_variables.reject{ |k| k == :@rules }.each do |val|
|
23
|
+
return false unless self.instance_variable_get(val) == target_sg.instance_variable_get(val)
|
24
|
+
end
|
25
|
+
@rules.each do |rule|
|
26
|
+
return false unless target_sg.find_by_rule(rule)
|
27
|
+
end
|
28
|
+
target_sg.rules.each do |rule|
|
29
|
+
return false unless find_by_rule(rule)
|
30
|
+
end
|
31
|
+
true
|
25
32
|
end
|
26
33
|
|
27
|
-
def
|
28
|
-
|
34
|
+
def !=(target_sg)
|
35
|
+
!(self == target_sg)
|
29
36
|
end
|
30
37
|
|
31
|
-
def
|
32
|
-
@
|
38
|
+
def find_by_rule(target_rule)
|
39
|
+
@rules.find { |rule| rule == target_rule }
|
33
40
|
end
|
34
41
|
|
35
|
-
def
|
36
|
-
|
42
|
+
def register!
|
43
|
+
Kakine::Operation.create_security_group(self)
|
44
|
+
@rules.each { |rule| rule.register! } if has_rules?
|
37
45
|
end
|
38
46
|
|
39
|
-
def
|
40
|
-
|
41
|
-
prev_sg.add_security_rules(@prev_rules)
|
42
|
-
prev_sg
|
47
|
+
def unregister!
|
48
|
+
Kakine::Operation.delete_security_group(self)
|
43
49
|
end
|
44
50
|
|
45
|
-
def
|
46
|
-
|
47
|
-
|
48
|
-
|
51
|
+
def convergence!(target_sg)
|
52
|
+
if @description != target_sg.description
|
53
|
+
target_sg.unregister!
|
54
|
+
register!
|
55
|
+
else
|
56
|
+
target_sg.rules.each do |rule|
|
57
|
+
rule.unregister! unless find_by_rule(rule)
|
58
|
+
end
|
59
|
+
@rules.each do |rule|
|
60
|
+
rule.register! unless target_sg.find_by_rule(rule)
|
61
|
+
end
|
49
62
|
end
|
50
63
|
end
|
51
64
|
|
52
|
-
def
|
53
|
-
|
54
|
-
when rule.instance_of?(Array)
|
55
|
-
@rules = rule
|
56
|
-
when rule.instance_of?(Hash)
|
57
|
-
@rules << rule
|
58
|
-
end
|
65
|
+
def has_rules?
|
66
|
+
@rules.detect {|v| !v.nil?}
|
59
67
|
end
|
60
68
|
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
69
|
+
def get_default_rule_instance
|
70
|
+
default_sg = self.clone
|
71
|
+
default_sg.set_default_rule
|
72
|
+
default_sg
|
65
73
|
end
|
66
74
|
|
67
|
-
def
|
68
|
-
@rules.
|
69
|
-
|
70
|
-
remote_security_group = Kakine::Resource.security_group(@tenant_name, rule.delete("remote_group"))
|
71
|
-
rule["remote_group_id"] = remote_security_group.id
|
72
|
-
end
|
73
|
-
end if has_rules?
|
75
|
+
def set_default_rule
|
76
|
+
@rules = %w(IPv4 IPv6).map { |v| {"direction"=>"egress", "protocol" => nil, "port"=>nil, "remote_ip"=>nil, "ethertype"=>v } }.
|
77
|
+
map{ |rule| SecurityRule.new(rule, @tenant_name, @name) }
|
74
78
|
end
|
75
79
|
end
|
76
80
|
end
|
@@ -0,0 +1,58 @@
|
|
1
|
+
module Kakine
|
2
|
+
class SecurityRule
|
3
|
+
attr_reader :direction, :protocol, :port_range_max, :port_range_min, :remote_ip, :remote_group, :remote_group_id, :ethertype
|
4
|
+
|
5
|
+
def initialize(rule, tenant_name, sg_name)
|
6
|
+
@tenant_name = tenant_name
|
7
|
+
@sg_name = sg_name
|
8
|
+
|
9
|
+
rule.each do|k,v|
|
10
|
+
instance_variable_set(eval(":@#{k.to_s}"), v) unless k.include?("port")
|
11
|
+
end
|
12
|
+
|
13
|
+
@port_range_min, @port_range_max = *convert_port_format(rule)
|
14
|
+
set_remote_security_group_id
|
15
|
+
|
16
|
+
end
|
17
|
+
|
18
|
+
def register!
|
19
|
+
Kakine::Operation.create_security_rule(@tenant_name, @sg_name, self)
|
20
|
+
end
|
21
|
+
|
22
|
+
def unregister!
|
23
|
+
Kakine::Operation.delete_security_rule(@tenant_name, @sg_name, self)
|
24
|
+
end
|
25
|
+
|
26
|
+
def ==(target_sg)
|
27
|
+
instance_variables.each do |val|
|
28
|
+
unless self.instance_variable_get(val) == target_sg.instance_variable_get(val)
|
29
|
+
return false
|
30
|
+
end
|
31
|
+
end
|
32
|
+
true
|
33
|
+
end
|
34
|
+
|
35
|
+
private
|
36
|
+
|
37
|
+
def convert_port_format(rule)
|
38
|
+
case
|
39
|
+
when rule.has_key?('port')
|
40
|
+
[rule['port'] ,rule['port']]
|
41
|
+
when rule.has_key?('type'), rule.has_key?('code')
|
42
|
+
[rule['type'] ,rule['code']]
|
43
|
+
when rule.has_key?('port_range_max'), rule.has_key?('port_range_min')
|
44
|
+
[rule['port_range_min'] ,rule['port_range_max']]
|
45
|
+
else
|
46
|
+
raise "no match port format"
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
def set_remote_security_group_id
|
51
|
+
unless @remote_group.nil?
|
52
|
+
remote_security_group = Kakine::Resource.security_group(@tenant_name, @remote_group)
|
53
|
+
raise "not exists #{@remote_group}" unless remote_security_group
|
54
|
+
@remote_group_id = remote_security_group.id
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
module Kakine
|
2
|
+
class Validate
|
3
|
+
class << self
|
4
|
+
def validate_file_input(load_sg)
|
5
|
+
err = []
|
6
|
+
load_sg.each do |sg|
|
7
|
+
err << validate_attributes(sg)
|
8
|
+
err << validate_rules(sg)
|
9
|
+
end
|
10
|
+
return true unless err.detect {|e| !e.nil? }
|
11
|
+
err.map { |m| puts m unless m.nil? }
|
12
|
+
false
|
13
|
+
end
|
14
|
+
|
15
|
+
def validate_attributes(sg)
|
16
|
+
case
|
17
|
+
when sg[1].nil?
|
18
|
+
"[error] #{sg[0]}:rules and description is required"
|
19
|
+
when !sg[1].key?("rules")
|
20
|
+
"[error] #{sg[0]}:rules is required"
|
21
|
+
when !sg[1].key?("description")
|
22
|
+
"[error] #{sg[0]}:description is required"
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
def validate_rules(sg)
|
27
|
+
sg[1]["rules"].each do |rule|
|
28
|
+
if !rule.key?("port") &&
|
29
|
+
(!rule.key?("port_range_max") || !rule.key?("port_range_min")) &&
|
30
|
+
(!rule.key?("type") || !rule.key?("code"))
|
31
|
+
return "[error] #{sg[0]}:rules port(icmp code) is required"
|
32
|
+
elsif !rule.key?("remote_ip") && !rule.key?("remote_group")
|
33
|
+
return "[error] #{sg[0]}:rules remote_ip or remote_group required"
|
34
|
+
elsif col = %w(direction protocol ethertype).find { |k| !rule.key?(k) }
|
35
|
+
return "[error] #{sg[0]}:rules #{col} is required"
|
36
|
+
end
|
37
|
+
end unless sg[1]["rules"].nil?
|
38
|
+
nil
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
data/lib/kakine/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kakine
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- SHIBATA Hiroshi
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-05-
|
11
|
+
date: 2015-05-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: fog
|
@@ -131,11 +131,11 @@ files:
|
|
131
131
|
- lib/kakine/adapter/mock.rb
|
132
132
|
- lib/kakine/adapter/real.rb
|
133
133
|
- lib/kakine/cli.rb
|
134
|
-
- lib/kakine/
|
135
|
-
- lib/kakine/diff_parser.rb
|
136
|
-
- lib/kakine/hash_sort.rb
|
134
|
+
- lib/kakine/operation.rb
|
137
135
|
- lib/kakine/resource.rb
|
138
136
|
- lib/kakine/security_group.rb
|
137
|
+
- lib/kakine/security_rule.rb
|
138
|
+
- lib/kakine/validate.rb
|
139
139
|
- lib/kakine/version.rb
|
140
140
|
homepage: https://github.com/hsbt/kakine
|
141
141
|
licenses:
|
data/lib/kakine/cli/operation.rb
DELETED
@@ -1,44 +0,0 @@
|
|
1
|
-
module Kakine
|
2
|
-
class CLI < Thor
|
3
|
-
class Operation
|
4
|
-
def set_adapter(adapter)
|
5
|
-
@adapter = adapter
|
6
|
-
end
|
7
|
-
|
8
|
-
def create_security_group(sg)
|
9
|
-
attributes = {name: sg.name, description: sg.description, tenant_id: sg.tenant_id}
|
10
|
-
security_group_id = @adapter.create_security_group(attributes)
|
11
|
-
|
12
|
-
#delete default rule
|
13
|
-
delete_sg = sg.clone
|
14
|
-
delete_sg.set_default_rules
|
15
|
-
|
16
|
-
delete_security_rule(delete_sg) unless @adapter.instance_of?(Kakine::Adapter::Mock)
|
17
|
-
security_group_id
|
18
|
-
end
|
19
|
-
|
20
|
-
def delete_security_group(sg)
|
21
|
-
security_group = Kakine::Resource.security_group(sg.tenant_name, sg.name)
|
22
|
-
@adapter.delete_security_group(security_group.id)
|
23
|
-
end
|
24
|
-
|
25
|
-
def create_security_rule(sg, security_group_id=nil)
|
26
|
-
if security_group_id.nil?
|
27
|
-
security_group = Kakine::Resource.security_group(sg.tenant_name, sg.name)
|
28
|
-
security_group_id = security_group.id
|
29
|
-
end
|
30
|
-
sg.rules.each do |rule|
|
31
|
-
@adapter.create_rule(security_group_id, rule["direction"], rule)
|
32
|
-
end if sg.has_rules?
|
33
|
-
end
|
34
|
-
|
35
|
-
def delete_security_rule(sg)
|
36
|
-
security_group = Kakine::Resource.security_group(sg.tenant_name, sg.name)
|
37
|
-
sg.rules.each do |rule|
|
38
|
-
security_group_rule = Kakine::Resource.security_group_rule(security_group, rule)
|
39
|
-
@adapter.delete_rule(security_group_rule.id)
|
40
|
-
end if sg.has_rules?
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
data/lib/kakine/diff_parser.rb
DELETED
@@ -1,88 +0,0 @@
|
|
1
|
-
module Kakine
|
2
|
-
class DiffParser
|
3
|
-
@diff = ""
|
4
|
-
class << self
|
5
|
-
def parse_parameters(tenant_name, diff)
|
6
|
-
@diff = diff
|
7
|
-
|
8
|
-
registered_sg = Kakine::Resource.security_groups_hash(tenant_name)
|
9
|
-
if ["+", "-"].include?(parse_transaction_type)
|
10
|
-
if unit_is_security_group?
|
11
|
-
rules = parse_security_group["rules"]
|
12
|
-
description = parse_security_group["description"]
|
13
|
-
elsif unit_is_security_rule?
|
14
|
-
rules = [parse_security_group_rule]
|
15
|
-
description = registered_sg[parse_security_group_name]["description"]
|
16
|
-
elsif unit_is_description?
|
17
|
-
raise "description is not exists"
|
18
|
-
end
|
19
|
-
else
|
20
|
-
regex_update_description = /^[\w-]+\.description$/
|
21
|
-
regex_update_rules = /^[\w-]+\.rules$/
|
22
|
-
regex_update_attr = /^[\w-]+.[\w]+\[(\d)\].([\w]+)$/
|
23
|
-
|
24
|
-
if parse_target_object_name.match(regex_update_description)
|
25
|
-
rules = registered_sg[parse_security_group_name]["rules"]
|
26
|
-
description = parse_after_description
|
27
|
-
elsif parse_target_object_name.match(regex_update_rules)
|
28
|
-
rules = parse_after_rules
|
29
|
-
description = registered_sg[parse_security_group_name]["description"]
|
30
|
-
elsif m = parse_target_object_name.match(regex_update_attr)
|
31
|
-
rules = [registered_sg[parse_security_group_name]["rules"][m[1].to_i]]
|
32
|
-
prev_rules = Marshal.load(Marshal.dump(rules)) # backup before value
|
33
|
-
rules[0][m[2]] = parse_after_attr
|
34
|
-
description = registered_sg[parse_security_group_name]["description"]
|
35
|
-
end
|
36
|
-
end
|
37
|
-
rules ||= []
|
38
|
-
|
39
|
-
{
|
40
|
-
target_object_name: parse_target_object_name,
|
41
|
-
name: parse_security_group_name,
|
42
|
-
transaction_type: parse_transaction_type,
|
43
|
-
tenant_id: Kakine::Resource.tenant(tenant_name).id,
|
44
|
-
tenant_name: tenant_name,
|
45
|
-
description: description,
|
46
|
-
rules: rules,
|
47
|
-
prev_rules: prev_rules
|
48
|
-
}
|
49
|
-
end
|
50
|
-
|
51
|
-
def parse_security_group_name
|
52
|
-
parse_target_object_name.split(/[\.\[]/, 2)[0]
|
53
|
-
end
|
54
|
-
|
55
|
-
|
56
|
-
def parse_transaction_type
|
57
|
-
@diff[0]
|
58
|
-
end
|
59
|
-
|
60
|
-
def parse_target_object_name
|
61
|
-
@diff[1]
|
62
|
-
end
|
63
|
-
|
64
|
-
def parse_security_group
|
65
|
-
@diff[2]
|
66
|
-
end
|
67
|
-
alias :parse_security_group_rule :parse_security_group
|
68
|
-
|
69
|
-
def parse_after_attr
|
70
|
-
@diff[3]
|
71
|
-
end
|
72
|
-
alias :parse_after_description :parse_after_attr
|
73
|
-
alias :parse_after_rules :parse_after_attr
|
74
|
-
|
75
|
-
def unit_is_security_group?
|
76
|
-
parse_security_group && parse_security_group["rules"]
|
77
|
-
end
|
78
|
-
|
79
|
-
def unit_is_security_rule?
|
80
|
-
!(parse_security_group_rule.nil? || unit_is_description?)
|
81
|
-
end
|
82
|
-
|
83
|
-
def unit_is_description?
|
84
|
-
parse_target_object_name.index('description')
|
85
|
-
end
|
86
|
-
end
|
87
|
-
end
|
88
|
-
end
|
data/lib/kakine/hash_sort.rb
DELETED