toquen 0.0.8 → 0.0.9

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 8f1cb31452676748b9908bc91b8300250ecf6393
+  data.tar.gz: 97434ad4686d0633abfb322a1e2fa3583a0ef76f
+SHA512:
+  metadata.gz: 1f7e6927a983aaed9da271e43d28e5ec348c09d4b18803424c7b38ace8c6c92d4f38082b3dcbe728c9988acde0cd2e1a86f095974794fa05f27b1ab14c74bf99
+  data.tar.gz: e2753fccf28f0bed35b2141981056480fd915270150b61635cc9c702247cf5fb552a4f7a3cb1d401e6203960eae987286b5c032709d71ae11c64755cde093c20

data/README.md

@@ -111,3 +111,11 @@ Or for a given server with:
 
     $ cap server-<server name> details
 
+## Open SSH to Current Machine
+To allow an SSH connection from your current machine (based on your internet visible IP, as determined using [this method](http://findingscience.com/internet/ruby/2014/05/17/stunning:-determining-your-public-ip.html)), use the open_ssh/close_ssh capistrano tasks.
+
+    $ cap databases open_ssh
+
+And then, when you're finished:
+
+    $ cap databases close_ssh

data/lib/toquen.rb

@@ -1,4 +1,5 @@
 require "toquen/version"
+require "toquen/stunning"
 require "toquen/aws"
 require "toquen/local_writer"
 require "toquen/bootstrapper"

data/lib/toquen/aws.rb

@@ -20,6 +20,26 @@ module Toquen
       }
     end
 
+    def authorize_ingress(secgroup, protocol, port, ip)
+      # test if exists first
+      return false if secgroup.ingress_ip_permissions.to_a.select { |p|
+        p.protocol == protocol and p.port_range.include?(port) and p.ip_ranges.include?(ip)
+      }.length > 0
+
+      secgroup.authorize_ingress(protocol, port, ip)
+      true
+    end
+
+    def revoke_ingress(secgroup, protocol, port, ip)
+      # test if exists first
+      return false unless secgroup.ingress_ip_permissions.to_a.select { |p|
+        p.protocol == protocol and p.port_range.include?(port) and p.ip_ranges.include?(ip)
+      }.length > 0
+
+      secgroup.revoke_ingress(protocol, port, ip)
+      true
+    end
+
     def server_details_in(region)
       AWS.config(:access_key_id => @key_id, :secret_access_key => @key, :region => region)
       AWS::EC2.new.instances.map do |i|
@@ -31,7 +51,8 @@ module Toquen
           :roles => Toquen.config.aws_roles_extractor.call(i),
           :type => i.instance_type,
           :external_dns => i.public_dns_name,
-          :internal_dns => i.private_dns_name
+          :internal_dns => i.private_dns_name,
+          :security_groups => i.security_groups
         }
       end
     end

data/lib/toquen/capistrano.rb

@@ -80,6 +80,70 @@ task :cook do
 end
 before :cook, :update_kitchen
 
+desc "Open SSH ingress to current machine"
+task :open_ssh do
+  secgroups = {}
+  filter_roles = Set.new fetch(:filter)[:roles]
+  aws = Toquen::AWSProxy.new
+  aws.regions.each do |region|
+    aws.server_details_in(region).each do |instance|
+      instance_roles = instance[:roles] + ["all", "server-#{instance[:name]}"]
+      unless (filter_roles.intersection instance_roles.to_set).empty?
+        instance[:security_groups].each { |sg| secgroups[sg.id] = sg }
+      end
+    end
+  end
+
+  run_locally do
+    ivip = StunClient.get_ip
+    if ivip.nil?
+      error "Could not fetch internet visible IP of this host."
+      return
+    end
+
+    ivip = "#{ivip}/32"
+    secgroups.values.each do |sg|
+      if aws.authorize_ingress sg, :tcp, 22, ivip
+        info "Opened port tcp:22 on security group '#{sg.name}' (#{sg.id}) to #{ivip}"
+      else
+        warn "Port tcp:22 in security group '#{sg.name}' (#{sg.id}) already open to #{ivip}"
+      end
+    end
+  end
+end
+
+desc "Close SSH ingress to current machine"
+task :close_ssh do
+  secgroups = {}
+  filter_roles = Set.new fetch(:filter)[:roles]
+  aws = Toquen::AWSProxy.new
+  aws.regions.each do |region|
+    aws.server_details_in(region).each do |instance|
+      instance_roles = instance[:roles] + ["all", "server-#{instance[:name]}"]
+      unless (filter_roles.intersection instance_roles.to_set).empty?
+        instance[:security_groups].each { |sg| secgroups[sg.id] = sg }
+      end
+    end
+  end
+
+  run_locally do
+    ivip = StunClient.get_ip
+    if ivip.nil?
+      error "Could not fetch internet visible IP of this host."
+      return
+    end
+
+    ivip = "#{ivip}/32"
+    secgroups.values.each do |sg|
+      if aws.revoke_ingress sg, :tcp, 22, ivip
+        info "Closed port tcp:22 on security group '#{sg.name}' (#{sg.id}) to #{ivip}"
+      else
+        warn "Port tcp:22 in security group '#{sg.name}' (#{sg.id}) already closed to #{ivip}"
+      end
+    end
+  end
+end
+
 desc "install toquen capistrano setup to current directory"
 task :toquen_install do
   unless Dir.exists?('config')

data/lib/toquen/stunning.rb

@@ -0,0 +1,48 @@
+require 'socket'
+require 'timeout'
+
+class StunClient
+  def initialize(host, port)
+    @host = host
+    @port = port
+  end
+
+  def get_ip
+    begin
+      Timeout::timeout(0.5) {
+        socket = UDPSocket.new
+        data = [0x0001,0].pack("nn") + Random.new.bytes(16)
+        socket.send(data, 0, @host, @port)
+        data, _ = socket.recvfrom(1000)
+        type, length = data.unpack("nn")
+
+        # if not a message binding response
+        return nil unless type == 0x0101
+
+        data = data[20..-1]
+        while data.size > 0
+          type, length = data.unpack("nn")
+          # if attr type is ATTR_MAPPED_ADDRESS, return it
+          if type == 0x0001
+            values = data[4...4+length].unpack("CCnCCCC")
+            return values[3..-1]*"."
+          end
+          data = data[4+length..-1]
+        end
+
+        return nil
+      }
+    rescue Timeout::Error
+      return nil
+    end
+  end
+
+  def self.get_ip
+    servers = [["stun.l.google.com", 19302], ["stun.ekiga.net", 3478], ["stunserver.org", 3478]]
+    servers.each do |host, port|
+      ip = StunClient.new(host, port).get_ip
+      return ip unless ip.nil?
+    end
+    nil
+  end
+end

data/lib/toquen/version.rb

@@ -1,3 +1,3 @@
 module Toquen
-  VERSION = "0.0.8"
+  VERSION = "0.0.9"
 end

metadata

@@ -1,20 +1,18 @@
 --- !ruby/object:Gem::Specification
 name: toquen
 version: !ruby/object:Gem::Version
-  version: 0.0.8
-  prerelease: 
+  version: 0.0.9
 platform: ruby
 authors:
 - Brian Muller
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-04-06 00:00:00.000000000 Z
+date: 2014-05-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: capistrano
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -22,7 +20,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -30,68 +27,60 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: terminal-table
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: term-ansicolor
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rdoc
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-description: ! 'Toquen: Capistrano + AWS + Chef-Solo'
+description: 'Toquen: Capistrano + AWS + Chef-Solo'
 email:
 - bamuller@gmail.com
 executables: []
@@ -109,38 +98,32 @@ files:
 - lib/toquen/capistrano.rb
 - lib/toquen/details_table.rb
 - lib/toquen/local_writer.rb
+- lib/toquen/stunning.rb
 - lib/toquen/templates/deploy.rb
 - lib/toquen/templates/ubuntu_bootstrap.erb
 - lib/toquen/version.rb
 - toquen.gemspec
 homepage: https://github.com/bmuller/toquen
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: 544724606650520311
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: 544724606650520311
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.25
+rubygems_version: 2.2.2
 signing_key: 
-specification_version: 3
-summary: ! 'Toquen: Capistrano + AWS + Chef-Solo'
+specification_version: 4
+summary: 'Toquen: Capistrano + AWS + Chef-Solo'
 test_files: []