RubyGems - piculet - Versions diffs - 0.0.1 - Mend

piculet 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

data/README.md +124 -0
data/bin/piculet +124 -0
data/lib/piculet.rb +3 -0
data/lib/piculet/client.rb +148 -0
data/lib/piculet/dsl.rb +44 -0
data/lib/piculet/dsl/converter.rb +120 -0
data/lib/piculet/dsl/ec2.rb +30 -0
data/lib/piculet/dsl/permission.rb +64 -0
data/lib/piculet/dsl/permissions.rb +47 -0
data/lib/piculet/dsl/security-group.rb +48 -0
data/lib/piculet/exporter.rb +58 -0
data/lib/piculet/ext/ec2-owner-id-ext.rb +88 -0
data/lib/piculet/ext/ip-permission-collection-ext.rb +45 -0
data/lib/piculet/ext/string-ext.rb +27 -0
data/lib/piculet/logger.rb +33 -0
data/lib/piculet/version.rb +5 -0
data/lib/piculet/wrapper/ec2-wrapper.rb +18 -0
data/lib/piculet/wrapper/permission-collection.rb +134 -0
data/lib/piculet/wrapper/permission.rb +92 -0
data/lib/piculet/wrapper/security-group-collection.rb +36 -0
data/lib/piculet/wrapper/security-group.rb +56 -0
metadata +149 -0

data/lib/piculet/version.rb ADDED

@@ -0,0 +1,5 @@
+module Piculet
+  VERSION = "0.0.1"
+end
+Version = Piculet::VERSION

data/lib/piculet/wrapper/ec2-wrapper.rb ADDED

@@ -0,0 +1,18 @@
+require 'piculet/wrapper/security-group-collection'
+module Piculet
+  class EC2Wrapper
+    def initialize(ec2, options)
+      @ec2 = ec2
+      @options = options.dup
+    end
+    def security_groups
+      SecurityGroupCollection.new(@ec2.security_groups, @options)
+    end
+    def updated?
+      !!@options.updated
+    end
+  end # EC2Wrapper
+end # Piculet

data/lib/piculet/wrapper/permission-collection.rb ADDED

@@ -0,0 +1,134 @@
+require 'piculet/logger'
+require 'piculet/ext/ip-permission-collection-ext'
+require 'piculet/wrapper/permission'
+module Piculet
+  class EC2Wrapper
+    class SecurityGroupCollection
+      class SecurityGroup
+        class PermissionCollection
+          include Logger::ClientHelper
+          def initialize(security_group, direction, options)
+            @security_group = security_group
+            @permissions = security_group.send("#{direction}_ip_permissions")
+            @direction = direction
+            @options = options
+          end
+          def each
+            perm_list = @permissions ? @permissions.aggregate : []
+            perm_list.each do |perm|
+              yield(Permission.new(perm, self, @options))
+            end
+          end
+          def authorize(protocol, ports, *sources)
+            log(:info, "  authorize #{format_sources(sources)}", :green)
+            unless @options.dry_run
+              sources = normalize_sources(sources)
+              case @direction
+              when :ingress
+                @security_group.authorize_ingress(protocol, ports, *sources)
+                @options.updated = true
+              when :egress
+                sources.push(:protocol => protocol, :ports => ports)
+                @security_group.authorize_egress(*sources)
+                @options.updated = true
+              end
+            end
+          end
+          def revoke(protocol, ports, *sources)
+            log(:info, "  revoke #{format_sources(sources)}", :green)
+            unless @options.dry_run
+              sources = normalize_sources(sources)
+              case @direction
+              when :ingress
+                @security_group.revoke_ingress(protocol, ports, *sources)
+                @options.updated = true
+              when :egress
+                sources.push(:protocol => protocol, :ports => ports)
+                @security_group.revoke_egress(*sources)
+                @options.updated = true
+              end
+            end
+          end
+          def create(protocol, port_range, dsl)
+            dsl_ip_ranges = dsl.ip_ranges || []
+            dsl_groups = (dsl.groups || []).map do |i|
+              i.kind_of?(Array) ? i : [@options.ec2.owner_id, i]
+            end
+            sources = dsl_ip_ranges + dsl_groups
+            unless sources.empty?
+              log(:info, 'Create Permission', :cyan, "#{log_id} > #{protocol} #{port_range}")
+              authorize(protocol, port_range, *sources)
+            end
+          end
+          def log_id
+            vpc = @security_group.vpc_id || :classic
+            name = @security_group.name
+            unless @options.ec2.own?(@security_group.owner_id)
+              name = "#{@security_group.owner_id}/#{name}"
+            end
+            "#{vpc} > #{name}(#{@direction})"
+          end
+          private
+          def normalize_sources(sources)
+            normalized = []
+            sources.each do |src|
+              case src
+              when String
+                normalized << src
+              when Array
+                owner_id, group = src
+                unless group =~ /\Asg-[0-9a-f]\Z/
+                  sg_coll = @options.ec2.security_groups.filter('group-name', group)
+                  sg_coll = sg_coll.filter('vpc-id', @security_group.vpc_id) if @security_group.vpc?
+                  sg_coll = sg_coll.filter('owner-id', owner_id) unless @options.ec2.own?(owner_id)
+                  unless (sg = sg_coll.first)
+                    raise "Can't find SecurityGroup: #{owner_id}/#{group} in #{@security_group.vpc_id || :classic}"
+                  end
+                  group = sg.id
+                end
+                normalized << {:user_id => owner_id, :group_id => group}
+              end
+            end
+            return normalized
+          end
+          def format_sources(sources)
+            sources.map {|src|
+              if src.kind_of?(Array)
+                owner_id, group = src
+                dst = [group]
+                dst.unshift(owner_id) unless @options.ec2.own?(owner_id)
+                dst.join('/')
+              else
+                src
+              end
+            }.join(', ')
+          end
+        end # PermissionCollection
+      end # SecurityGroup
+    end # SecurityGroupCollection
+  end # EC2Wrapper
+end # Piculet

data/lib/piculet/wrapper/permission.rb ADDED

@@ -0,0 +1,92 @@
+require 'forwardable'
+require 'piculet/logger'
+module Piculet
+  class EC2Wrapper
+    class SecurityGroupCollection
+      class SecurityGroup
+        class PermissionCollection
+          class Permission
+            extend Forwardable
+            include Logger::ClientHelper
+            def_delegators(
+              :@permission,
+              :protocol, :port_range, :ip_ranges, :groups)
+            def initialize(permission, collection, options)
+              @permission = permission
+              @collection = collection
+              @options = options
+            end
+            def eql?(dsl)
+              dsl_ip_ranges, dsl_groups, self_ip_ranges, self_groups = normalize_attrs(dsl)
+              (self_ip_ranges == dsl_ip_ranges) and (self_groups == dsl_groups)
+            end
+            def update(dsl)
+              log(:info, 'Update Permission', :green, log_id)
+              plus_ip_ranges, minus_ip_ranges, plus_groups, minus_groups = diff(dsl)
+              unless (plus_ip_ranges + plus_groups).empty?
+                @collection.authorize(protocol, port_range, *(plus_ip_ranges + plus_groups))
+              end
+              unless (minus_ip_ranges + minus_groups).empty?
+                @collection.revoke(protocol, port_range, *(minus_ip_ranges + minus_groups))
+              end
+            end
+            def delete
+              log(:info, 'Delete Permission', :red, log_id)
+              self_ip_ranges, self_groups = normalize_self_attrs
+              unless (self_ip_ranges + self_groups).empty?
+                @collection.revoke(protocol, port_range, *(self_ip_ranges + self_groups))
+              end
+            end
+            private
+            def log_id
+              "#{@collection.log_id} > #{protocol} #{port_range}"
+            end
+            def diff(dsl)
+              dsl_ip_ranges, dsl_groups, self_ip_ranges, self_groups = normalize_attrs(dsl)
+              [
+                dsl_ip_ranges - self_ip_ranges,
+                self_ip_ranges - dsl_ip_ranges,
+                dsl_groups - self_groups,
+                self_groups - dsl_groups,
+              ]
+            end
+            def normalize_attrs(dsl)
+              dsl_ip_ranges = (dsl.ip_ranges || []).sort
+              dsl_groups = (dsl.groups || []).map {|i|
+                i.kind_of?(Array) ? i : [@options.ec2.owner_id, i]
+              }.sort
+              self_ip_ranges, self_groups = normalize_self_attrs
+              [dsl_ip_ranges, dsl_groups, self_ip_ranges, self_groups]
+            end
+            def normalize_self_attrs
+              self_ip_ranges = (@permission.ip_ranges || []).sort
+              self_groups = (@permission.groups || []).map {|i|
+                [i.owner_id, i.name]
+              }.sort
+              [self_ip_ranges, self_groups]
+            end
+          end # Permission
+        end # PermissionCollection
+      end # SecurityGroup
+    end # SecurityGroupCollection
+  end # EC2Wrapper
+end # Piculet

data/lib/piculet/wrapper/security-group-collection.rb ADDED

@@ -0,0 +1,36 @@
+require 'ostruct'
+require 'piculet/logger'
+require 'piculet/wrapper/security-group'
+module Piculet
+  class EC2Wrapper
+    class SecurityGroupCollection
+      include Logger::ClientHelper
+      def initialize(security_groups, options)
+        @security_groups = security_groups
+        @options = options
+      end
+      def each
+        @security_groups.each do |sg|
+          yield(SecurityGroup.new(sg, @options))
+        end
+      end
+      def create(name, opts = {})
+        log(:info, 'Create SecurityGroup', :cyan, "#{opts[:vpc] || :classic} > #{name}")
+        log(:warn, '`egress any 0.0.0.0/0` is implicitly defined', :yellow) if @options.dry_run && opts[:vpc]
+        if @options.dry_run
+          sg = OpenStruct.new({:id => '<new security group>', :name => name}.merge(opts))
+        else
+          sg = @security_groups.create(name, opts)
+          @options.updated = true
+        end
+        SecurityGroup.new(sg, @options)
+      end
+    end # SecurityGroupCollection
+  end # EC2Wrapper
+end # Piculet

data/lib/piculet/wrapper/security-group.rb ADDED

@@ -0,0 +1,56 @@
+require 'forwardable'
+require 'piculet/logger'
+require 'piculet/wrapper/permission-collection'
+module Piculet
+  class EC2Wrapper
+    class SecurityGroupCollection
+      class SecurityGroup
+        extend Forwardable
+        include Logger::ClientHelper
+        def_delegators(
+          :@security_group,
+          :vpc_id, :name, :vpc?)
+        def initialize(security_group, options)
+          @security_group = security_group
+          @options = options
+        end
+        def eql?(dsl)
+          @security_group.description == dsl.description
+        end
+        def update(dsl)
+          if @security_group.description != dsl.description
+            log(:warn, '`description` cannot be updated', :yellow, "#{vpc_id || :classic} > #{name}")
+          end
+          # XXX:
+        end
+        def delete
+          log(:info, 'Delete SecurityGroup', :red, "#{vpc_id || :classic} > #{name}")
+          if name == 'default'
+            log(:warn, 'SecurityGroup `default` is reserved', :yellow)
+          else
+            unless @options.dry_run
+              @security_group.delete
+              @options.updated = true
+            end
+          end
+        end
+        def ingress_ip_permissions
+          PermissionCollection.new(@security_group, :ingress, @options)
+        end
+        def egress_ip_permissions
+          PermissionCollection.new(@security_group, :egress, @options)
+        end
+      end # SecurityGroup
+    end # SecurityGroupCollection
+  end # EC2Wrapper
+end # Piculet

metadata ADDED

@@ -0,0 +1,149 @@
+--- !ruby/object:Gem::Specification
+name: piculet
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease:
+platform: ruby
+authors:
+- winebarrel
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2013-09-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.19.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.19.0
+- !ruby/object:Gem::Dependency
+  name: term-ansicolor
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.2.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.2.2
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Piculet is a tool to manage Security Group. It defines the state of Security
+  Group using DSL, and updates Security Group according to DSL.
+email:
+- sgwr_dts@yahoo.co.jp
+executables:
+- piculet
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- bin/piculet
+- lib/piculet/client.rb
+- lib/piculet/dsl/converter.rb
+- lib/piculet/dsl/ec2.rb
+- lib/piculet/dsl/permission.rb
+- lib/piculet/dsl/permissions.rb
+- lib/piculet/dsl/security-group.rb
+- lib/piculet/dsl.rb
+- lib/piculet/exporter.rb
+- lib/piculet/ext/ec2-owner-id-ext.rb
+- lib/piculet/ext/ip-permission-collection-ext.rb
+- lib/piculet/ext/string-ext.rb
+- lib/piculet/logger.rb
+- lib/piculet/version.rb
+- lib/piculet/wrapper/ec2-wrapper.rb
+- lib/piculet/wrapper/permission-collection.rb
+- lib/piculet/wrapper/permission.rb
+- lib/piculet/wrapper/security-group-collection.rb
+- lib/piculet/wrapper/security-group.rb
+- lib/piculet.rb
+homepage: https://bitbucket.org/winebarrel/piculet
+licenses:
+- MIT
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 1.8.23
+signing_key:
+specification_version: 3
+summary: Piculet is a tool to manage Security Group.
+test_files: []