sgupdater 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 03e4b2724b74aa7aaba1ecb99372c6204bf51590
4
+ data.tar.gz: ed45dbb105b99b269f4f3537c2db335830a92eec
5
+ SHA512:
6
+ metadata.gz: c6b7ffb1701ac47311ffb5c8b1cb122916293198092bd1a633def2041b794fef12df2ee7a48649de03ab9527fddb8a300b343a080ca5cd7c2bf424c4a0abb50b
7
+ data.tar.gz: be942170a98f5948e946cdcb6de8f62c90e86d4031299d0cc0b672913a97e5f797d5544874a644de40f53df119b7c520a38153d10803d659e101b4bfc8a5f268
data/.gitignore ADDED
@@ -0,0 +1,10 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
10
+ /test/aws.yml
data/.travis.yml ADDED
@@ -0,0 +1,3 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.2.1
@@ -0,0 +1,13 @@
1
+ # Contributor Code of Conduct
2
+
3
+ As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
4
+
5
+ We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, age, or religion.
6
+
7
+ Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
8
+
9
+ Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed from the project team.
10
+
11
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers.
12
+
13
+ This Code of Conduct is adapted from the [Contributor Covenant](http:contributor-covenant.org), version 1.0.0, available at [http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in sgupdater.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2015 ISOBE Kazuhiko
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,73 @@
1
+ # Sgupdater
2
+
3
+ Sgupdater is a tool to update the permissions CIDR of AWS security group.
4
+
5
+ ## Installation
6
+
7
+ $ gem install sgupdater
8
+
9
+ ## Usage
10
+
11
+ ```
12
+ Commands:
13
+ sgupdater help [COMMAND] # Describe available commands or one specific command
14
+ sgupdater show --from-cidr=FROM_CIDR # Show current permissions
15
+ sgupdater update --from-cidr=FROM_CIDR --to-cidr=TO_CIDR # Update cidr address
16
+
17
+ Options:
18
+ p, [--profile=PROFILE] # Load credentials by profile name from shared credentials file.
19
+ k, [--access-key-id=ACCESS_KEY_ID] # AWS access key id.
20
+ s, [--secret-access-key=SECRET_ACCESS_KEY] # AWS secret access key.
21
+ r, [--region=REGION] # AWS region.
22
+ [--shared-credentials-path=SHARED_CREDENTIALS_PATH] # AWS shared credentials path.
23
+ v, [--verbose], [--no-verbose]
24
+ ```
25
+
26
+ ### Show
27
+
28
+ $ sgupdater show --from-cidr 192.0.2.0/24
29
+ (classic) sg-deadbeaf webserver 22 22 192.0.2.0/24
30
+ (classic) sg-deadbeaf webserver 80 80 192.0.2.0/24
31
+ vpc-deadbeaf sg-deadbeaf apiserver 22 22 192.0.2.0/24
32
+ vpc-deadbeaf sg-deadbeaf apiserver 443 443 192.0.2.0/24
33
+
34
+ ### Update
35
+
36
+ $ sgupdater update --from-cidr 192.0.2.0/24 --to-cidr 198.51.100.0/24
37
+ (classic) sg-deadbeaf webserver 22 22 192.0.2.0/24
38
+ (classic) sg-deadbeaf webserver 80 80 192.0.2.0/24
39
+ vpc-deadbeaf sg-deadbeaf apiserver 22 22 192.0.2.0/24
40
+ vpc-deadbeaf sg-deadbeaf apiserver 443 443 192.0.2.0/24
41
+ Update Permission: classic > webserver(ingress) > tcp 22..22
42
+ authorize 198.51.100.0/24
43
+ revoke 192.0.2.0/24
44
+ Update Permission: classic > webserver(ingress) > tcp 80..80
45
+ authorize 198.51.100.0/24
46
+ revoke 192.0.2.0/24
47
+ Update Permission: vpc-deadbeaf > apiserver(ingress) > tcp 22..22
48
+ authorize 198.51.100.0/24
49
+ revoke 192.0.2.0/24
50
+ Update Permission: vpc-deadbeaf > apiserver(ingress) > tcp 443..443
51
+ authorize 198.51.100.0/24
52
+ revoke 192.0.2.0/24
53
+ Update success
54
+
55
+ $ sgupdater show --from-cidr 198.51.10.0/24
56
+ (classic) sg-deadbeaf webserver 22 22 198.51.100.0/24
57
+ (classic) sg-deadbeaf webserver 80 80 198.51.100.0/24
58
+ vpc-deadbeaf sg-deadbeaf apiserver 22 22 198.51.10.0/24
59
+ vpc-deadbeaf sg-deadbeaf apiserver 443 443 198.51.10.0/24
60
+
61
+ ## Development
62
+
63
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/console` for an interactive prompt that will allow you to experiment. Run `bundle exec sgupdater` to use the code located in this directory, ignoring other installed copies of this gem.
64
+
65
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release` to create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
66
+
67
+ ## Contributing
68
+
69
+ 1. Fork it ( https://github.com/muramasa64/sgupdater/fork )
70
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
71
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
72
+ 4. Push to the branch (`git push origin my-new-feature`)
73
+ 5. Create a new Pull Request
data/Rakefile ADDED
@@ -0,0 +1,2 @@
1
+ require "bundler/gem_tasks"
2
+
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "sgupdater"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start
data/bin/setup ADDED
@@ -0,0 +1,7 @@
1
+ #!/bin/bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+
5
+ bundle install
6
+
7
+ # Do any other automated setup that you need to do here
data/exe/sgupdater ADDED
@@ -0,0 +1,5 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "sgupdater"
4
+
5
+ Sgupdater::CLI.start
@@ -0,0 +1,42 @@
1
+ require 'thor'
2
+ require 'thor/aws'
3
+
4
+ module Sgupdater
5
+ class CLI < Thor
6
+ include Thor::Aws
7
+
8
+ class_option :verbose, type: :boolean, default: false, aliases: [:v]
9
+
10
+ desc :show, "Show current permissions"
11
+ method_option :from_cidr, type: :string, required: true
12
+ def show
13
+ client.get.each {|sg| show_security_groups(sg, options[:from_cidr])}
14
+ end
15
+
16
+ desc :update, "Update cidr address"
17
+ method_option :from_cidr, type: :string, required: true
18
+ method_option :to_cidr, type: :string, required: true
19
+ def update
20
+ updated = client.update
21
+ if updated
22
+ puts "Update success"
23
+ else
24
+ puts "No change"
25
+ end
26
+ end
27
+
28
+ private
29
+ def client
30
+ @client ||= Client.new options, aws_configuration
31
+ end
32
+
33
+ def show_security_groups(sg, cidr)
34
+ sg.ip_permissions.each do |perm|
35
+ perm.ip_ranges.select {|ip| ip.values.include? cidr}.each do
36
+ puts [sg.vpc_id || '(classic)', sg.group_id, sg.group_name, perm.from_port, perm.to_port, cidr].join("\t")
37
+ end
38
+ end
39
+ end
40
+ end
41
+ end
42
+
@@ -0,0 +1,43 @@
1
+ require 'aws-sdk'
2
+ require 'sgupdater/updater'
3
+
4
+ module Sgupdater
5
+ class Client
6
+ attr_reader :logger
7
+
8
+ def initialize(cli_options = {}, aws_configuration = {})
9
+ @cli_options = cli_options
10
+ @logger ||= Logger.new STDOUT
11
+
12
+ aws_configuration[:logger] = Logger.new STDOUT if @cli_options[:verbose]
13
+
14
+ @ec2 = Aws::EC2::Resource.new aws_configuration
15
+ end
16
+
17
+ def get(cidr = @cli_options[:from_cidr])
18
+ security_groups_with_cidr(cidr)
19
+ end
20
+
21
+ def update
22
+ updater = Sgupdater::Updater.new(@cli_options)
23
+ updater.replace(@cli_options[:from_cidr], @cli_options[:to_cidr])
24
+ updater.update
25
+ end
26
+
27
+ def security_groups_with_cidr(cidr)
28
+ @ec2.security_groups(
29
+ filters: [
30
+ {name: 'ip-permission.cidr', values: [cidr]}
31
+ ]
32
+ )
33
+ end
34
+
35
+ def put_perms(sg, cidr)
36
+ sg.ip_permissions.each do |perm|
37
+ perm.ip_ranges.select {|ip| ip.values.include? cidr}.each do
38
+ puts [sg.vpc_id, sg.group_id, sg.group_name, perm.from_port, perm.to_port, cidr].join("\t")
39
+ end
40
+ end
41
+ end
42
+ end
43
+ end
@@ -0,0 +1,48 @@
1
+ require 'piculet'
2
+ require 'tempfile'
3
+ require 'json'
4
+ require 'aws-sdk-v1'
5
+
6
+ module Sgupdater
7
+ class Updater
8
+ def initialize(options = {})
9
+ @options = options.dup
10
+ @options[:without_convert] = true
11
+ @options[:format] = :json
12
+ AWS.config(@options)
13
+ @client = Piculet::Client.new(@options)
14
+ @exported = @client.export(without_convert: true)
15
+ end
16
+
17
+ def replace(from, to)
18
+ @exported.each do |vpc, sgs|
19
+ sgs.each do |sg, props|
20
+ props[:ingress].each do |ing|
21
+ ing[:ip_ranges].each_with_index do |cidr, i|
22
+ if cidr == from
23
+ ing[:ip_ranges][i] = to
24
+ puts [vpc ? vpc : 'classic', sg, props[:name], ing[:protocol], ing[:port_range], ing[:ip_rages], ing[:groups], cidr].join("\t")
25
+ end
26
+ end
27
+ end
28
+ end
29
+ end
30
+ end
31
+
32
+ def update
33
+ exported = JSON.pretty_generate(@exported)
34
+ file = Tempfile.new('exported')
35
+ begin
36
+ file.puts exported
37
+ file.rewind
38
+ file.rewind
39
+ updated = @client.apply(file)
40
+ ensure
41
+ file.close
42
+ file.unlink
43
+ end
44
+ updated
45
+ end
46
+ end
47
+ end
48
+
@@ -0,0 +1,3 @@
1
+ module Sgupdater
2
+ VERSION = "0.1.0"
3
+ end
data/lib/sgupdater.rb ADDED
@@ -0,0 +1,3 @@
1
+ require "sgupdater/version"
2
+ require "sgupdater/cli"
3
+ require "sgupdater/client"
data/sgupdater.gemspec ADDED
@@ -0,0 +1,31 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'sgupdater/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "sgupdater"
8
+ spec.version = Sgupdater::VERSION
9
+ spec.authors = ["ISOBE Kazuhiko"]
10
+ spec.email = ["muramasa64@gmail.com"]
11
+
12
+ spec.summary = %q{Sgupdater is a tool to update the permissions CIDR of AWS security group.}
13
+ spec.description = %q{Sgupdater is a tool to update the permissions CIDR of AWS security group.}
14
+ spec.homepage = "https://github.com/uramasa64/sgupdater"
15
+ spec.license = "MIT"
16
+
17
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
18
+ spec.bindir = "exe"
19
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
20
+ spec.require_paths = ["lib"]
21
+
22
+ spec.add_development_dependency "bundler", "~> 1.8"
23
+ spec.add_development_dependency "rake", "~> 10.0"
24
+ spec.add_development_dependency "test-unit", "~> 3.1"
25
+ spec.add_development_dependency "test-unit-power_assert"
26
+
27
+ spec.add_dependency 'aws-sdk', '~> 2.0'
28
+ spec.add_dependency 'thor'
29
+ spec.add_dependency 'thor-aws'
30
+ spec.add_dependency 'piculet', '= 0.2.8'
31
+ end
metadata ADDED
@@ -0,0 +1,174 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: sgupdater
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - ISOBE Kazuhiko
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2015-07-14 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.8'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.8'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '10.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '10.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: test-unit
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '3.1'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '3.1'
55
+ - !ruby/object:Gem::Dependency
56
+ name: test-unit-power_assert
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: aws-sdk
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '2.0'
76
+ type: :runtime
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '2.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: thor
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :runtime
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: thor-aws
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ type: :runtime
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - ">="
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: piculet
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - '='
116
+ - !ruby/object:Gem::Version
117
+ version: 0.2.8
118
+ type: :runtime
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - '='
123
+ - !ruby/object:Gem::Version
124
+ version: 0.2.8
125
+ description: Sgupdater is a tool to update the permissions CIDR of AWS security group.
126
+ email:
127
+ - muramasa64@gmail.com
128
+ executables:
129
+ - sgupdater
130
+ extensions: []
131
+ extra_rdoc_files: []
132
+ files:
133
+ - ".gitignore"
134
+ - ".travis.yml"
135
+ - CODE_OF_CONDUCT.md
136
+ - Gemfile
137
+ - LICENSE.txt
138
+ - README.md
139
+ - Rakefile
140
+ - bin/console
141
+ - bin/setup
142
+ - exe/sgupdater
143
+ - lib/sgupdater.rb
144
+ - lib/sgupdater/cli.rb
145
+ - lib/sgupdater/client.rb
146
+ - lib/sgupdater/updater.rb
147
+ - lib/sgupdater/version.rb
148
+ - sgupdater.gemspec
149
+ homepage: https://github.com/uramasa64/sgupdater
150
+ licenses:
151
+ - MIT
152
+ metadata: {}
153
+ post_install_message:
154
+ rdoc_options: []
155
+ require_paths:
156
+ - lib
157
+ required_ruby_version: !ruby/object:Gem::Requirement
158
+ requirements:
159
+ - - ">="
160
+ - !ruby/object:Gem::Version
161
+ version: '0'
162
+ required_rubygems_version: !ruby/object:Gem::Requirement
163
+ requirements:
164
+ - - ">="
165
+ - !ruby/object:Gem::Version
166
+ version: '0'
167
+ requirements: []
168
+ rubyforge_project:
169
+ rubygems_version: 2.4.8
170
+ signing_key:
171
+ specification_version: 4
172
+ summary: Sgupdater is a tool to update the permissions CIDR of AWS security group.
173
+ test_files: []
174
+ has_rdoc: