Class: Awspec::Generator::Spec::SecurityGroup
- Inherits:
-
Object
- Object
- Awspec::Generator::Spec::SecurityGroup
- Includes:
- Helper::Finder
- Defined in:
- lib/awspec/generator/spec/security_group.rb
Constant Summary
Constants included from Helper::Finder
Helper::Finder::CLIENTS, Helper::Finder::CLIENT_OPTIONS
Instance Method Summary collapse
- #generate_by_vpc_id(vpc_id) ⇒ Object
- #generate_linespecs(sg) ⇒ Object
- #security_group_spec_linetemplate ⇒ Object
- #security_group_spec_template ⇒ Object
Methods included from Helper::Finder
Methods included from Helper::Finder::Transfer
Methods included from Helper::Finder::CognitoIdentityPool
Methods included from Helper::Finder::Msk
Methods included from Helper::Finder::CognitoUserPool
Methods included from Helper::Finder::Secretsmanager
Methods included from Helper::Finder::Mq
Methods included from Helper::Finder::Codedeploy
#find_codedeploy_app, #find_codedeploy_deployment_group
Methods included from Helper::Finder::Redshift
#find_redshift_cluster_identifier, #select_all_redshift_cluster_parameters, #select_redshift_by_vpc_id
Methods included from Helper::Finder::Emr
Methods included from Helper::Finder::SNSTopic
#find_sns_topic, #find_sns_topic_subs
Methods included from Helper::Finder::Eks
#find_eks_cluster, #find_eks_nodegroup
Methods included from Helper::Finder::Batch
#find_batch_compute_environment, #find_batch_job_definition, #find_batch_job_queue
Methods included from Helper::Finder::Kinesis
Methods included from Helper::Finder::Apigateway
#find_api_resources_by_id, #find_apigateway_by_id, #find_apigateway_by_name
Methods included from Helper::Finder::Codebuild
#find_codebuild_project, #select_all_codebuild_projects
Methods included from Helper::Finder::Cloudformation
Methods included from Helper::Finder::SsmParameter
#find_parameter_tag, #find_ssm_parameter
Methods included from Helper::Finder::Sqs
#find_queue, #find_tags_for_queue
Methods included from Helper::Finder::Dynamodb
Methods included from Helper::Finder::CloudwatchLogs
#find_cloudwatch_logs_group, #find_cloudwatch_logs_metric_fileter_by_log_group_name, #find_cloudwatch_logs_stream_by_log_group_name, #find_cloudwatch_logs_subscription_fileter_by_log_group_name, #find_tags_by_log_group_name, #last_cloudwatch_logs_stream_by_log_group_name, #select_all_cloudwatch_logs_log_groups
Methods included from Helper::Finder::AccountAttributes
#find_ec2_account_attributes, #find_lambda_account_settings, #find_rds_account_attributes, #find_ses_send_quota
Methods included from Helper::Finder::Acm
#find_certificate, #select_all_certificates
Methods included from Helper::Finder::WafRegional
#find_wafregional_ip_set, #find_wafregional_rule, #find_wafregional_web_acl
Methods included from Helper::Finder::Waf
#find_waf_ip_set, #find_waf_rule, #find_waf_web_acl
Methods included from Helper::Finder::Cloudtrail
#find_trail, #get_trail_status, #get_trail_tags, #is_logging?, #select_all_trails
Methods included from Helper::Finder::Elastictranscoder
Methods included from Helper::Finder::Cloudfront
Methods included from Helper::Finder::Ami
Methods included from Helper::Finder::Directconnect
#find_virtual_interface, #select_virtual_interfaces
Methods included from Helper::Finder::Ses
Methods included from Helper::Finder::CloudwatchEvent
#find_cloudwatch_event, #select_all_cloudwatch_events
Methods included from Helper::Finder::Cloudwatch
#find_cloudwatch_alarm, #select_all_cloudwatch_alarms
Methods included from Helper::Finder::Elasticsearch
#find_elasticsearch_domain, #select_all_elasticsearch_domains
Methods included from Helper::Finder::Elasticache
#find_cache_cluster, #find_cache_subnet_group
Methods included from Helper::Finder::Kms
#find_kms_key, #find_kms_key_by_alias, #select_all_kms_aliases
Methods included from Helper::Finder::Iam
#select_all_attached_policies, #select_all_iam_groups, #select_all_iam_roles, #select_all_iam_users, #select_attached_entities, #select_attached_groups, #select_attached_roles, #select_attached_users, #select_iam_group_by_user_name, #select_policy_evaluation_results
Methods included from Helper::Finder::Lambda
#find_lambda, #select_all_lambda_functions, #select_event_source_by_function_arn
Methods included from Helper::Finder::Elb
#find_elb, #find_elb_attribute, #select_all_elb_tags, #select_elb_by_vpc_id
Methods included from Helper::Finder::Ebs
#find_ebs, #select_all_attached_ebs, #select_ebs_by_instance_id
Methods included from Helper::Finder::Autoscaling
#find_autoscaling_group, #find_block_device_mapping, #find_launch_configuration, #select_alb_target_group_by_autoscaling_group_name, #select_autoscaling_group_by_vpc_id, #select_lb_target_group_by_autoscaling_group_name
Methods included from Helper::Finder::S3
#find_bucket, #find_bucket_acl, #find_bucket_cors, #find_bucket_lifecycle_configuration, #find_bucket_location, #find_bucket_logging, #find_bucket_policy, #find_bucket_server_side_encryption, #find_bucket_tag, #find_bucket_versioning, #head_object, #select_all_buckets
Methods included from Helper::Finder::Route53
#find_hosted_zone, #select_record_sets_by_hosted_zone_id
Methods included from Helper::Finder::Rds
#find_db_cluster, #find_db_subnet_group, #find_global_cluster, #find_rds, #find_rds_proxy, #select_all_rds_db_cluster_parameters, #select_all_rds_db_parameters, #select_rds_by_vpc_id, #select_rds_proxy_by_vpc_id
Methods included from Helper::Finder::SecurityGroup
#describe_security_groups, #find_security_group, #select_security_group_by_group_id, #select_security_group_by_group_name, #select_security_group_by_tag_name, #select_security_group_by_vpc_id
Methods included from Helper::Finder::Firehose
Methods included from Helper::Finder::Eip
#select_eip, #select_eip_by_instance_id
Methods included from Helper::Finder::Efs
#find_efs, #find_efs_tags, #get_id_by_name_tag, #get_name_by_id, #select_all_file_systems
Methods included from Helper::Finder::Ecs
#find_ecs_cluster, #find_ecs_container_instance, #find_ecs_container_instances, #find_ecs_service, #find_ecs_task_definition, #select_ecs_container_instance_arn_by_cluster_name
Methods included from Helper::Finder::Ecr
#find_ecr_repository, #get_policy_text
Methods included from Helper::Finder::Ec2
#dup_ec2_instance, #find_ec2, #find_ec2_attribute, #find_ec2_credit_specifications, #find_ec2_status, #find_launch_template, #find_launch_template_versions, #find_nat_gateway, #find_network_interface, #find_tgw_attachments_by_tgw_id, #find_vpn_connection, #select_ec2_by_vpc_id, #select_internet_gateway_by_vpc_id, #select_nat_gateway_by_vpc_id, #select_network_interface_by_instance_id, #select_network_interface_by_vpc_id
Methods included from Helper::Finder::Subnet
Methods included from Helper::Finder::VpcEndpoints
Methods included from Helper::Finder::Vpc
#find_network_acl, #find_route_table, #find_vpc, #find_vpc_attribute, #find_vpc_peering_connection, #select_network_acl_by_vpc_id, #select_route_table_by_vpc_id, #select_vpc_attribute, #select_vpc_peering_connection_by_vpc_id
Methods included from Helper::Finder::Alb
#find_alb, #find_alb_listener, #find_alb_target_group, #select_alb_by_vpc_id, #select_alb_listener_by_alb_arn, #select_all_alb_tags, #select_rule_by_alb_listener_id
Methods included from Helper::Finder::Nlb
#find_nlb, #find_nlb_listener, #find_nlb_target_group, #select_nlb_by_vpc_id, #select_nlb_listener_by_nlb_arn, #select_rule_by_nlb_listener_id
Instance Method Details
#generate_by_vpc_id(vpc_id) ⇒ Object
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# File 'lib/awspec/generator/spec/security_group.rb', line 7 def generate_by_vpc_id(vpc_id) describes = %w[ group_id group_name ] vpc = find_vpc(vpc_id) raise 'Not Found VPC' unless vpc @vpc_id = vpc[:vpc_id] @vpc_tag_name = vpc.tag_name sgs = select_security_group_by_vpc_id(@vpc_id) specs = sgs.map do |sg| linespecs = generate_linespecs(sg) inbound_rule_count = sg[:ip_permissions].reduce(0) do |sum, | sum += .ip_ranges.count + .user_id_group_pairs.count end outbound_rule_count = sg[:ip_permissions_egress].reduce(0) do |sum, | sum += .ip_ranges.count + .user_id_group_pairs.count end content = ERB.new(security_group_spec_template, nil, '-').result(binding).gsub(/^\n/, '') end specs.join("\n") end |
#generate_linespecs(sg) ⇒ Object
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
# File 'lib/awspec/generator/spec/security_group.rb', line 31 def generate_linespecs(sg) linespecs = [] = { 'inbound' => sg., 'outbound' => sg. } %w[inbound outbound].each do |inout| [inout].each do || port = if .from_port.nil? nil elsif .from_port == .to_port .from_port else "'#{.from_port}-#{.to_port}'" end protocol = if .ip_protocol.to_i < 0 'all' else .ip_protocol end .ip_ranges.each do |ip_range| target = ip_range.cidr_ip linespecs.push(ERB.new(security_group_spec_linetemplate, nil, '-').result(binding)) end .user_id_group_pairs.each do |group| target = group.group_name target = group.group_id unless group.group_name linespecs.push(ERB.new(security_group_spec_linetemplate, nil, '-').result(binding)) end end end linespecs end |
#security_group_spec_linetemplate ⇒ Object
64 65 66 67 68 |
# File 'lib/awspec/generator/spec/security_group.rb', line 64 def security_group_spec_linetemplate <<-'EOF' its(:<%= inout %>) { should be_opened<%- unless port.nil? -%>(<%= port %>)<%- end -%>.protocol('<%= protocol %>').for('<%= target %>') } EOF end |
#security_group_spec_template ⇒ Object
70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
# File 'lib/awspec/generator/spec/security_group.rb', line 70 def security_group_spec_template <<-'EOF' describe security_group('<%= sg.group_name %>') do it { should exist } <% describes.each do |describe| %> <%- if sg.key?(describe) -%> its(:<%= describe %>) { should eq '<%= sg[describe] %>' } <%- end -%> <% end %> <% linespecs.each do |line| %> <%= line %> <% end %> its(:inbound_rule_count) { should eq <%= inbound_rule_count %> } its(:outbound_rule_count) { should eq <%= outbound_rule_count %> } its(:inbound_permissions_count) { should eq <%= sg.ip_permissions.count %> } its(:outbound_permissions_count) { should eq <%= sg.ip_permissions_egress.count %> } <%- if @vpc_tag_name -%> it { should belong_to_vpc('<%= @vpc_tag_name %>') } <%- else -%> it { should belong_to_vpc('<%= @vpc_id %>') } <%- end -%> end EOF end |