wafoo 0.0.3 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +5 -0
- data/README.md +5 -3
- data/docs/images/teisyoku_haizen.png +0 -0
- data/lib/wafoo.rb +1 -0
- data/lib/wafoo/cli.rb +14 -4
- data/lib/wafoo/ext.rb +1 -0
- data/lib/wafoo/ext/string.rb +13 -0
- data/lib/wafoo/run.rb +38 -55
- data/lib/wafoo/version.rb +1 -1
- data/wafoo.gemspec +5 -6
- metadata +30 -27
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 04bbceda52de1c7aa38f36b757a193a844b9802b8191ad22b415db138a67ca16
|
|
4
|
+
data.tar.gz: df50354e02a1255441f08d332294d1e34c4d53f2b8a50cfe8ce1e6e6a0073ea7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2d2de679881fbd0702c776c5d9f37ce9c8eb4dbe08251a8a6be7643fee70ccaad19817f0c3612f8d5fc893f6eac2ec9385b30d0bd755b4d48cb681473303a843
|
|
7
|
+
data.tar.gz: e35f3262542c095e87f8b7d4899f96e2ea92d8a7479e2e0dccf8c8bc60b13d87268ce3434402c148a6c0ebaec4366bd4ef5e44d7039106a7a9d5feb0041e1002
|
data/.travis.yml
CHANGED
data/README.md
CHANGED
|
@@ -1,8 +1,10 @@
|
|
|
1
1
|
# wafoo [](https://travis-ci.org/inokappa/wafoo) [](https://badge.fury.io/rb/wafoo)
|
|
2
2
|
|
|
3
|
+
|
|
4
|
+
|
|
3
5
|
## これなに
|
|
4
6
|
|
|
5
|
-
* AWS WAF の IP
|
|
7
|
+
* AWS WAF の IP Set に登録されている IP リストを操作するツールです
|
|
6
8
|
* ツッコミどころが満載です
|
|
7
9
|
|
|
8
10
|
## Install
|
|
@@ -42,7 +44,7 @@ export AWS_REGION=ap-northeast-1
|
|
|
42
44
|
$ bundle exec wafoo list
|
|
43
45
|
```
|
|
44
46
|
|
|
45
|
-
### Step 2: Export
|
|
47
|
+
### Step 2: Export IPSet details
|
|
46
48
|
|
|
47
49
|
```sh
|
|
48
50
|
$ bundle exec wafoo export --ip-set-id=${IPSet ID}
|
|
@@ -50,7 +52,7 @@ $ bundle exec wafoo export --ip-set-id=${IPSet ID}
|
|
|
50
52
|
|
|
51
53
|
The IP list is exported to the current directory. (The file name is IPSet ID.)
|
|
52
54
|
|
|
53
|
-
### Step 3: Modify
|
|
55
|
+
### Step 3: Modify IPSet details
|
|
54
56
|
|
|
55
57
|
```sh
|
|
56
58
|
$ vim ${IPSet ID}
|
|
Binary file
|
data/lib/wafoo.rb
CHANGED
data/lib/wafoo/cli.rb
CHANGED
|
@@ -2,6 +2,8 @@ require 'wafoo'
|
|
|
2
2
|
|
|
3
3
|
module Wafoo
|
|
4
4
|
class CLI < Thor
|
|
5
|
+
Awsecrets.load
|
|
6
|
+
|
|
5
7
|
default_command :version
|
|
6
8
|
class_option :profile
|
|
7
9
|
class_option :region
|
|
@@ -20,19 +22,27 @@ module Wafoo
|
|
|
20
22
|
|
|
21
23
|
desc 'export', 'Export IP address list of specified IPSet ID'
|
|
22
24
|
option :ip_set_id, type: :string, aliases: '-i', desc: 'Specify IPset ID.'
|
|
23
|
-
option :regional, type: :boolean, default:
|
|
25
|
+
option :regional, type: :boolean, default: false, desc: 'Specify when enabling Regional.'
|
|
24
26
|
def export
|
|
25
27
|
wafoo = Wafoo::Run.new(options)
|
|
26
|
-
wafoo.
|
|
28
|
+
wafoo.export_ipset(options[:ip_set_id])
|
|
27
29
|
end
|
|
28
30
|
|
|
29
31
|
desc 'apply', 'Apply the specified IPSet ID'
|
|
30
32
|
option :ip_set_id, type: :string, aliases: '-i', desc: 'Specify IPset ID.'
|
|
31
33
|
option :dry_run, type: :boolean, aliases: '-d', desc: 'Dryrun.'
|
|
32
|
-
option :regional, type: :boolean, default:
|
|
34
|
+
option :regional, type: :boolean, default: false, desc: 'Specify when enabling Regional.'
|
|
33
35
|
def apply
|
|
34
36
|
wafoo = Wafoo::Run.new(options)
|
|
35
|
-
wafoo.
|
|
37
|
+
wafoo.update_ipset(options[:ip_set_id], options[:dry_run])
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
desc 'create', 'Create IPSet'
|
|
41
|
+
option :ip_set_name, type: :string, aliases: '-n', desc: 'Specify IPset Name.'
|
|
42
|
+
option :regional, type: :boolean, default: false, desc: 'Specify when enabling Regional.'
|
|
43
|
+
def create
|
|
44
|
+
wafoo = Wafoo::Run.new(options)
|
|
45
|
+
wafoo.create_ipset(options[:ip_set_name])
|
|
36
46
|
end
|
|
37
47
|
end
|
|
38
48
|
end
|
data/lib/wafoo/ext.rb
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
require 'wafoo/ext/string'
|
data/lib/wafoo/run.rb
CHANGED
|
@@ -10,7 +10,7 @@ module Wafoo
|
|
|
10
10
|
@regional = options[:regional] unless options.nil?
|
|
11
11
|
end
|
|
12
12
|
|
|
13
|
-
def
|
|
13
|
+
def read_ipset_from_api(ip_set_id)
|
|
14
14
|
waf = @regional ? @waf_regional : @waf
|
|
15
15
|
resp = waf.get_ip_set({
|
|
16
16
|
ip_set_id: ip_set_id
|
|
@@ -24,7 +24,7 @@ module Wafoo
|
|
|
24
24
|
ipsets
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
def
|
|
27
|
+
def read_ipset_from_file(ip_set_id)
|
|
28
28
|
ipsets = []
|
|
29
29
|
File.open(ip_set_id, 'r') do |file|
|
|
30
30
|
file.read.split("\n").each do |ipset|
|
|
@@ -55,9 +55,14 @@ module Wafoo
|
|
|
55
55
|
output_table(ip_sets)
|
|
56
56
|
end
|
|
57
57
|
|
|
58
|
-
def
|
|
59
|
-
ipsets = read_ipsets_from_api(ip_set_id)
|
|
58
|
+
def export_ipset(ip_set_id)
|
|
60
59
|
puts 'Exporting IP List...'
|
|
60
|
+
begin
|
|
61
|
+
ipsets = read_ipset_from_api(ip_set_id)
|
|
62
|
+
rescue => ex
|
|
63
|
+
puts error_print(ex.message)
|
|
64
|
+
exit 1
|
|
65
|
+
end
|
|
61
66
|
ipsets.sort.each { |ipset| puts info_print(ipset) }
|
|
62
67
|
File.open(ip_set_id, 'w') do |f|
|
|
63
68
|
ipsets.sort.each { |ipset| f.puts(ipset) }
|
|
@@ -65,7 +70,7 @@ module Wafoo
|
|
|
65
70
|
puts 'Exported to ' + added_print(ip_set_id)
|
|
66
71
|
end
|
|
67
72
|
|
|
68
|
-
def
|
|
73
|
+
def apply_ipset(ipsets, ip_set_id)
|
|
69
74
|
waf = @regional ? @waf_regional : @waf
|
|
70
75
|
puts 'Applying IP List...'
|
|
71
76
|
change_token = waf.get_change_token.change_token
|
|
@@ -83,72 +88,50 @@ module Wafoo
|
|
|
83
88
|
end
|
|
84
89
|
end
|
|
85
90
|
|
|
91
|
+
def create_ipset(ip_set_name)
|
|
92
|
+
waf = @regional ? @waf_regional : @waf
|
|
93
|
+
puts 'Creating IPSet...'
|
|
94
|
+
change_token = waf.get_change_token.change_token
|
|
95
|
+
begin
|
|
96
|
+
waf.create_ip_set(
|
|
97
|
+
name: ip_set_name,
|
|
98
|
+
change_token: change_token,
|
|
99
|
+
)
|
|
100
|
+
puts 'Create Finished.'
|
|
101
|
+
exit 0
|
|
102
|
+
rescue => ex
|
|
103
|
+
puts error_print(ex.message)
|
|
104
|
+
exit 1
|
|
105
|
+
end
|
|
106
|
+
end
|
|
107
|
+
|
|
86
108
|
def generate_delete_hash(ipset)
|
|
87
109
|
ipset.slice!(0)
|
|
88
|
-
|
|
89
|
-
h = {
|
|
90
|
-
action: 'DELETE',
|
|
91
|
-
ip_set_descriptor: {
|
|
92
|
-
type: 'IPV4',
|
|
93
|
-
value: ipset
|
|
94
|
-
}
|
|
95
|
-
}
|
|
96
|
-
|
|
97
|
-
# unless %w(8 16 24 33).include?(ipset.split('/').last)
|
|
98
|
-
# ips = split_cidr(ipset)
|
|
99
|
-
# ipsets_array = []
|
|
100
|
-
# ips.each do |ip|
|
|
101
|
-
# ipsets_array << {
|
|
102
|
-
# action: 'DELETE',
|
|
103
|
-
# ip_set_descriptor: {
|
|
104
|
-
# type: 'IPV4',
|
|
105
|
-
# value: ip + '/32'
|
|
106
|
-
# }
|
|
107
|
-
# }
|
|
108
|
-
# end
|
|
109
|
-
# return ipsets_array
|
|
110
|
-
# end
|
|
111
|
-
|
|
112
|
-
ipsets_hash = {
|
|
110
|
+
ipset_hash = {
|
|
113
111
|
action: 'DELETE',
|
|
114
112
|
ip_set_descriptor: {
|
|
115
113
|
type: 'IPV4',
|
|
116
114
|
value: ipset
|
|
117
115
|
}
|
|
118
|
-
|
|
119
|
-
|
|
116
|
+
}
|
|
117
|
+
ipset_hash
|
|
120
118
|
end
|
|
121
119
|
|
|
122
120
|
def generate_insert_hash(ipset)
|
|
123
121
|
ipset.slice!(0)
|
|
124
|
-
|
|
125
|
-
# ips = split_cidr(ipset)
|
|
126
|
-
# ipsets_array = []
|
|
127
|
-
# ips.each do |ip|
|
|
128
|
-
# ipsets_array << {
|
|
129
|
-
# action: 'INSERT',
|
|
130
|
-
# ip_set_descriptor: {
|
|
131
|
-
# type: 'IPV4',
|
|
132
|
-
# value: ip + '/32'
|
|
133
|
-
# }
|
|
134
|
-
# }
|
|
135
|
-
# end
|
|
136
|
-
# return ipsets_array
|
|
137
|
-
# end
|
|
138
|
-
|
|
139
|
-
ipsets_hash = {
|
|
122
|
+
ipset_hash = {
|
|
140
123
|
action: 'INSERT',
|
|
141
124
|
ip_set_descriptor: {
|
|
142
125
|
type: 'IPV4',
|
|
143
126
|
value: ipset
|
|
144
127
|
}
|
|
145
|
-
|
|
146
|
-
|
|
128
|
+
}
|
|
129
|
+
ipset_hash
|
|
147
130
|
end
|
|
148
131
|
|
|
149
|
-
def
|
|
150
|
-
_old =
|
|
151
|
-
_new =
|
|
132
|
+
def update_ipset(ip_set_id, dry_run)
|
|
133
|
+
_old = read_ipset_from_api(ip_set_id).join("\n")
|
|
134
|
+
_new = read_ipset_from_file(ip_set_id).join("\n")
|
|
152
135
|
ipsets = []
|
|
153
136
|
Diffy::Diff.new(_old, _new).each do |line|
|
|
154
137
|
case line
|
|
@@ -162,8 +145,8 @@ module Wafoo
|
|
|
162
145
|
end
|
|
163
146
|
|
|
164
147
|
if !dry_run and ipsets.length > 0 then
|
|
165
|
-
|
|
166
|
-
|
|
148
|
+
apply_ipset(ipsets.flatten, ip_set_id)
|
|
149
|
+
export_ipset(ip_set_id)
|
|
167
150
|
elsif dry_run and ipsets.length > 0 then
|
|
168
151
|
puts 'Above IP list will be changed.'
|
|
169
152
|
exit 0
|
data/lib/wafoo/version.rb
CHANGED
data/wafoo.gemspec
CHANGED
|
@@ -26,16 +26,15 @@ Gem::Specification.new do |spec|
|
|
|
26
26
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
27
27
|
spec.require_paths = ['lib']
|
|
28
28
|
|
|
29
|
-
spec.add_development_dependency
|
|
30
|
-
spec.add_development_dependency
|
|
31
|
-
spec.add_development_dependency
|
|
32
|
-
spec.add_development_dependency
|
|
29
|
+
spec.add_development_dependency 'bundler', '~> 1.16'
|
|
30
|
+
spec.add_development_dependency 'octorelease'
|
|
31
|
+
spec.add_development_dependency 'rake', '~> 10.0'
|
|
32
|
+
spec.add_development_dependency 'rspec', '~> 3.0'
|
|
33
33
|
|
|
34
|
-
spec.add_dependency 'thor'
|
|
35
34
|
spec.add_dependency 'aws-sdk'
|
|
36
35
|
spec.add_dependency 'awsecrets'
|
|
37
36
|
spec.add_dependency 'diffy'
|
|
38
37
|
spec.add_dependency 'netaddr', '1.5.1'
|
|
39
38
|
spec.add_dependency 'terminal-table'
|
|
40
|
-
|
|
39
|
+
spec.add_dependency 'thor'
|
|
41
40
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: wafoo
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- inokappa
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-11-
|
|
11
|
+
date: 2018-11-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -24,6 +24,20 @@ dependencies:
|
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: '1.16'
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: octorelease
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - ">="
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '0'
|
|
34
|
+
type: :development
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - ">="
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: '0'
|
|
27
41
|
- !ruby/object:Gem::Dependency
|
|
28
42
|
name: rake
|
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -53,13 +67,13 @@ dependencies:
|
|
|
53
67
|
- !ruby/object:Gem::Version
|
|
54
68
|
version: '3.0'
|
|
55
69
|
- !ruby/object:Gem::Dependency
|
|
56
|
-
name:
|
|
70
|
+
name: aws-sdk
|
|
57
71
|
requirement: !ruby/object:Gem::Requirement
|
|
58
72
|
requirements:
|
|
59
73
|
- - ">="
|
|
60
74
|
- !ruby/object:Gem::Version
|
|
61
75
|
version: '0'
|
|
62
|
-
type: :
|
|
76
|
+
type: :runtime
|
|
63
77
|
prerelease: false
|
|
64
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
79
|
requirements:
|
|
@@ -67,7 +81,7 @@ dependencies:
|
|
|
67
81
|
- !ruby/object:Gem::Version
|
|
68
82
|
version: '0'
|
|
69
83
|
- !ruby/object:Gem::Dependency
|
|
70
|
-
name:
|
|
84
|
+
name: awsecrets
|
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
|
72
86
|
requirements:
|
|
73
87
|
- - ">="
|
|
@@ -81,7 +95,7 @@ dependencies:
|
|
|
81
95
|
- !ruby/object:Gem::Version
|
|
82
96
|
version: '0'
|
|
83
97
|
- !ruby/object:Gem::Dependency
|
|
84
|
-
name:
|
|
98
|
+
name: diffy
|
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|
|
86
100
|
requirements:
|
|
87
101
|
- - ">="
|
|
@@ -95,21 +109,21 @@ dependencies:
|
|
|
95
109
|
- !ruby/object:Gem::Version
|
|
96
110
|
version: '0'
|
|
97
111
|
- !ruby/object:Gem::Dependency
|
|
98
|
-
name:
|
|
112
|
+
name: netaddr
|
|
99
113
|
requirement: !ruby/object:Gem::Requirement
|
|
100
114
|
requirements:
|
|
101
|
-
- -
|
|
115
|
+
- - '='
|
|
102
116
|
- !ruby/object:Gem::Version
|
|
103
|
-
version:
|
|
117
|
+
version: 1.5.1
|
|
104
118
|
type: :runtime
|
|
105
119
|
prerelease: false
|
|
106
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
121
|
requirements:
|
|
108
|
-
- -
|
|
122
|
+
- - '='
|
|
109
123
|
- !ruby/object:Gem::Version
|
|
110
|
-
version:
|
|
124
|
+
version: 1.5.1
|
|
111
125
|
- !ruby/object:Gem::Dependency
|
|
112
|
-
name:
|
|
126
|
+
name: terminal-table
|
|
113
127
|
requirement: !ruby/object:Gem::Requirement
|
|
114
128
|
requirements:
|
|
115
129
|
- - ">="
|
|
@@ -123,21 +137,7 @@ dependencies:
|
|
|
123
137
|
- !ruby/object:Gem::Version
|
|
124
138
|
version: '0'
|
|
125
139
|
- !ruby/object:Gem::Dependency
|
|
126
|
-
name:
|
|
127
|
-
requirement: !ruby/object:Gem::Requirement
|
|
128
|
-
requirements:
|
|
129
|
-
- - '='
|
|
130
|
-
- !ruby/object:Gem::Version
|
|
131
|
-
version: 1.5.1
|
|
132
|
-
type: :runtime
|
|
133
|
-
prerelease: false
|
|
134
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
135
|
-
requirements:
|
|
136
|
-
- - '='
|
|
137
|
-
- !ruby/object:Gem::Version
|
|
138
|
-
version: 1.5.1
|
|
139
|
-
- !ruby/object:Gem::Dependency
|
|
140
|
-
name: terminal-table
|
|
140
|
+
name: thor
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
|
142
142
|
requirements:
|
|
143
143
|
- - ">="
|
|
@@ -165,9 +165,12 @@ files:
|
|
|
165
165
|
- Rakefile
|
|
166
166
|
- bin/console
|
|
167
167
|
- bin/setup
|
|
168
|
+
- docs/images/teisyoku_haizen.png
|
|
168
169
|
- exe/wafoo
|
|
169
170
|
- lib/wafoo.rb
|
|
170
171
|
- lib/wafoo/cli.rb
|
|
172
|
+
- lib/wafoo/ext.rb
|
|
173
|
+
- lib/wafoo/ext/string.rb
|
|
171
174
|
- lib/wafoo/helper.rb
|
|
172
175
|
- lib/wafoo/run.rb
|
|
173
176
|
- lib/wafoo/version.rb
|