Class: Awspec::Generator::Spec::NetworkAcl
- Inherits:
-
Object
- Object
- Awspec::Generator::Spec::NetworkAcl
- Includes:
- Helper::Finder
- Defined in:
- lib/awspec/generator/spec/network_acl.rb
Constant Summary
Constants included from Helper::Finder
Helper::Finder::CLIENTS, Helper::Finder::CLIENT_OPTIONS
Instance Method Summary collapse
- #generate_by_vpc_id(vpc_id) ⇒ Object
- #generate_linespecs(acl) ⇒ Object
- #generate_subnet_specs(acl) ⇒ Object
- #network_acl_spec_template ⇒ Object
Methods included from Helper::Finder::Secretsmanager
Methods included from Helper::Finder::Mq
Methods included from Helper::Finder::Codedeploy
#find_codedeploy_app, #find_codedeploy_deployment_group
Methods included from Helper::Finder::Redshift
#find_redshift_cluster_identifier, #select_all_redshift_cluster_parameters, #select_redshift_by_vpc_id
Methods included from Helper::Finder::Emr
Methods included from Helper::Finder::SNSTopic
#find_sns_topic, #find_sns_topic_subs
Methods included from Helper::Finder::Eks
Methods included from Helper::Finder::Batch
#find_batch_compute_environment, #find_batch_job_definition, #find_batch_job_queue
Methods included from Helper::Finder::Kinesis
Methods included from Helper::Finder::Apigateway
#find_api_resources_by_id, #find_apigateway_by_id, #find_apigateway_by_name
Methods included from Helper::Finder::Codebuild
#find_codebuild_project, #select_all_codebuild_projects
Methods included from Helper::Finder::Cloudformation
Methods included from Helper::Finder::SsmParameter
#find_parameter_tag, #find_ssm_parameter
Methods included from Helper::Finder::Sqs
#find_queue, #find_tags_for_queue
Methods included from Helper::Finder::Dynamodb
Methods included from Helper::Finder::CloudwatchLogs
#find_cloudwatch_logs_group, #find_cloudwatch_logs_metric_fileter_by_log_group_name, #find_cloudwatch_logs_stream_by_log_group_name, #find_cloudwatch_logs_subscription_fileter_by_log_group_name, #find_tags_by_log_group_name, #last_cloudwatch_logs_stream_by_log_group_name, #select_all_cloudwatch_logs_log_groups
Methods included from Helper::Finder::AccountAttributes
#find_ec2_account_attributes, #find_lambda_account_settings, #find_rds_account_attributes, #find_ses_send_quota
Methods included from Helper::Finder::Acm
#find_certificate, #select_all_certificates
Methods included from Helper::Finder::WafRegional
#find_wafregional_ip_set, #find_wafregional_rule, #find_wafregional_web_acl
Methods included from Helper::Finder::Waf
#find_waf_ip_set, #find_waf_rule, #find_waf_web_acl
Methods included from Helper::Finder::Cloudtrail
#find_trail, #get_trail_status, #get_trail_tags, #is_logging?, #select_all_trails
Methods included from Helper::Finder::Elastictranscoder
Methods included from Helper::Finder::Cloudfront
Methods included from Helper::Finder::Ami
Methods included from Helper::Finder::Directconnect
#find_virtual_interface, #select_virtual_interfaces
Methods included from Helper::Finder::Ses
Methods included from Helper::Finder::CloudwatchEvent
#find_cloudwatch_event, #select_all_cloudwatch_events
Methods included from Helper::Finder::Cloudwatch
#find_cloudwatch_alarm, #select_all_cloudwatch_alarms
Methods included from Helper::Finder::Elasticsearch
#find_elasticsearch_domain, #select_all_elasticsearch_domains
Methods included from Helper::Finder::Elasticache
#find_cache_cluster, #find_cache_subnet_group
Methods included from Helper::Finder::Kms
#find_kms_key, #find_kms_key_by_alias, #select_all_kms_aliases
Methods included from Helper::Finder::Iam
#select_all_attached_policies, #select_all_iam_groups, #select_all_iam_roles, #select_all_iam_users, #select_attached_entities, #select_attached_groups, #select_attached_roles, #select_attached_users, #select_iam_group_by_user_name, #select_policy_evaluation_results
Methods included from Helper::Finder::Lambda
#find_lambda, #select_all_lambda_functions, #select_event_source_by_function_arn
Methods included from Helper::Finder::Elb
#find_elb, #find_elb_attribute, #select_all_elb_tags, #select_elb_by_vpc_id
Methods included from Helper::Finder::Ebs
#find_ebs, #select_all_attached_ebs, #select_ebs_by_instance_id
Methods included from Helper::Finder::Autoscaling
#find_autoscaling_group, #find_block_device_mapping, #find_launch_configuration, #select_alb_target_group_by_autoscaling_group_name, #select_autoscaling_group_by_vpc_id, #select_lb_target_group_by_autoscaling_group_name
Methods included from Helper::Finder::S3
#find_bucket, #find_bucket_acl, #find_bucket_cors, #find_bucket_lifecycle_configuration, #find_bucket_logging, #find_bucket_policy, #find_bucket_server_side_encryption, #find_bucket_tag, #find_bucket_versioning, #head_object, #select_all_buckets
Methods included from Helper::Finder::Route53
#find_hosted_zone, #select_record_sets_by_hosted_zone_id
Methods included from Helper::Finder::Rds
#find_rds, #select_all_rds_db_cluster_parameters, #select_all_rds_db_parameters, #select_rds_by_vpc_id
Methods included from Helper::Finder::SecurityGroup
#describe_security_groups, #find_security_group, #select_security_group_by_group_id, #select_security_group_by_group_name, #select_security_group_by_tag_name, #select_security_group_by_vpc_id
Methods included from Helper::Finder::Firehose
Methods included from Helper::Finder::Efs
#find_efs, #find_efs_tags, #get_id_by_name_tag, #get_name_by_id, #select_all_file_systems
Methods included from Helper::Finder::Ecs
#find_ecs_cluster, #find_ecs_container_instance, #find_ecs_container_instances, #find_ecs_service, #find_ecs_task_definition, #select_ecs_container_instance_arn_by_cluster_name
Methods included from Helper::Finder::Ecr
Methods included from Helper::Finder::Ec2
#find_ec2, #find_ec2_attribute, #find_ec2_credit_specifications, #find_ec2_status, #find_launch_template, #find_launch_template_versions, #find_nat_gateway, #find_network_interface, #find_vpn_connection, #select_ec2_by_vpc_id, #select_eip_by_instance_id, #select_eip_by_public_ip, #select_internet_gateway_by_vpc_id, #select_nat_gateway_by_vpc_id, #select_network_interface_by_instance_id, #select_network_interface_by_vpc_id
Methods included from Helper::Finder::Subnet
#find_subnet, #select_subnet_by_vpc_id
Methods included from Helper::Finder::Vpc
#find_network_acl, #find_route_table, #find_vpc, #find_vpc_attribute, #find_vpc_peering_connection, #select_network_acl_by_vpc_id, #select_route_table_by_vpc_id, #select_vpc_attribute, #select_vpc_peering_connection_by_vpc_id
Methods included from Helper::Finder::Alb
#find_alb, #find_alb_listener, #find_alb_target_group, #select_alb_by_vpc_id, #select_alb_listener_by_alb_arn, #select_all_alb_tags, #select_rule_by_alb_listener_id
Methods included from Helper::Finder::Nlb
#find_nlb, #find_nlb_listener, #find_nlb_target_group, #select_nlb_by_vpc_id, #select_nlb_listener_by_nlb_arn, #select_rule_by_nlb_listener_id
Instance Method Details
#generate_by_vpc_id(vpc_id) ⇒ Object
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
# File 'lib/awspec/generator/spec/network_acl.rb', line 5 def generate_by_vpc_id(vpc_id) describes = %w( ) vpc = find_vpc(vpc_id) raise 'Not Found VPC' unless vpc @vpc_id = vpc[:vpc_id] @vpc_tag_name = vpc.tag_name network_acls = select_network_acl_by_vpc_id(@vpc_id) specs = network_acls.map do |acl| linespecs = generate_linespecs(acl) subnet_specs = generate_subnet_specs(acl) network_acl_id = acl[:network_acl_id] network_acl_tag_name = acl.tag_name inbound_entries_count = acl.entries.count do |entry| entry.egress == false end outbound_entries_count = acl.entries.count do |entry| entry.egress == true end content = ERB.new(network_acl_spec_template, nil, '-').result(binding).gsub(/^\n/, '') end specs.join("\n") end |
#generate_linespecs(acl) ⇒ Object
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
# File 'lib/awspec/generator/spec/network_acl.rb', line 43 def generate_linespecs(acl) linespecs = [] protocols = Awspec::Type::NetworkAcl::PROTOCOLS.invert acl.entries.each do |entry| line = '' inout = 'inbound' inout = 'outbound' if entry.egress line += 'its(:' + inout + ') { should' actions = { allow: 'be_allowed', deny: 'be_denied' } line += ' ' + actions[entry.rule_action.to_sym] port_range = entry.port_range unless port_range.nil? port = if port_range.from == port_range.to port_range.from.to_s else "'" + port_range.from.to_s + '-' + port_range.to.to_s + "'" end line += '(' + port + ')' end line += ".protocol('" + protocols[entry.protocol.to_i] + "')" line += ".source('" + entry.cidr_block + "')" rule_number = entry.rule_number.to_i rule_number = "'*'" if rule_number == 32_767 line += '.rule_number(' + rule_number.to_s + ')' line += ' }' linespecs.push(line) end linespecs end |
#generate_subnet_specs(acl) ⇒ Object
29 30 31 32 33 34 35 36 37 38 39 40 41 |
# File 'lib/awspec/generator/spec/network_acl.rb', line 29 def generate_subnet_specs(acl) specs = [] acl.associations.each do |a| subnet = find_subnet(a.subnet_id) spec = if subnet.tag_name "it { should have_subnet('" + subnet.tag_name + "') }" else "it { should have_subnet('" + subnet.subnet_id + "') }" end specs.push(spec) end specs end |
#network_acl_spec_template ⇒ Object
73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
# File 'lib/awspec/generator/spec/network_acl.rb', line 73 def network_acl_spec_template template = <<-'EOF' <%- if network_acl_tag_name -%> describe network_acl('<%= network_acl_tag_name %>') do <%- else -%> describe network_acl('<%= network_acl_id %>') do <%- end -%> it { should exist } it { should belong_to_vpc('<%= @vpc_tag_name %>') } <% subnet_specs.each do |spec| %> <%= spec %> <% end %> <% linespecs.each do |line| %> <%= line %> <% end %> its(:inbound_entries_count) { should eq <%= inbound_entries_count %> } its(:outbound_entries_count) { should eq <%= inbound_entries_count %> } end EOF template end |