Class: ClusterChef::Cloud::SecurityGroup
- Defined in:
- lib/cluster_chef/security_group.rb
Constant Summary collapse
- @@all =
nil
Instance Attribute Summary collapse
-
#group_authorizations ⇒ Object
readonly
Returns the value of attribute group_authorizations.
-
#range_authorizations ⇒ Object
readonly
Returns the value of attribute range_authorizations.
Class Method Summary collapse
- .all ⇒ Object
- .get_all ⇒ Object
- .get_or_create(group_name, description) ⇒ Object
- .step(group_name, desc, *style) ⇒ Object
Instance Method Summary collapse
- #all ⇒ Object
- #authorize_group(group_name, owner_id = nil) ⇒ Object
- #authorize_port_range(range, cidr_ip = '0.0.0.0/0', ip_protocol = 'tcp') ⇒ Object
- #authorized_by_group(other_name) ⇒ Object
- #get ⇒ Object
- #group_permission_already_set?(fog_group, other_name, authed_owner) ⇒ Boolean
-
#initialize(cloud, group_name, group_description = nil, group_owner_id = nil) ⇒ SecurityGroup
constructor
A new instance of SecurityGroup.
- #range_permission_already_set?(fog_group, range, cidr_ip, ip_protocol) ⇒ Boolean
-
#run ⇒ Object
FIXME: so if you’re saying to yourself, “self, this is some soupy gooey code right here” then you and your self are correct.
- #step(desc, *style) ⇒ Object
Methods inherited from DslObject
#configure, #die, #dump, has_keys, #reverse_merge!, #safely, #set, #to_hash, #to_mash, #to_s, #ui, ui
Constructor Details
#initialize(cloud, group_name, group_description = nil, group_owner_id = nil) ⇒ SecurityGroup
Returns a new instance of SecurityGroup.
9 10 11 12 13 14 15 16 17 18 |
# File 'lib/cluster_chef/security_group.rb', line 9 def initialize cloud, group_name, group_description=nil, group_owner_id=nil super() set :name, group_name.to_s description group_description || "cluster_chef generated group #{group_name}" @cloud = cloud @group_authorizations = [] @group_authorized_by = [] @range_authorizations = [] owner_id(group_owner_id || Chef::Config[:knife][:aws_account_id]) end |
Instance Attribute Details
#group_authorizations ⇒ Object (readonly)
Returns the value of attribute group_authorizations.
6 7 8 |
# File 'lib/cluster_chef/security_group.rb', line 6 def @group_authorizations end |
#range_authorizations ⇒ Object (readonly)
Returns the value of attribute range_authorizations.
7 8 9 |
# File 'lib/cluster_chef/security_group.rb', line 7 def @range_authorizations end |
Class Method Details
.all ⇒ Object
24 25 26 27 |
# File 'lib/cluster_chef/security_group.rb', line 24 def self.all return @@all if @@all get_all end |
.get_all ⇒ Object
28 29 30 31 32 33 |
# File 'lib/cluster_chef/security_group.rb', line 28 def self.get_all groups_list = ClusterChef.fog_connection.security_groups.all @@all = groups_list.inject(Mash.new) do |hsh, fog_group| hsh[fog_group.name] = fog_group ; hsh end end |
.get_or_create(group_name, description) ⇒ Object
39 40 41 42 43 44 45 46 47 48 |
# File 'lib/cluster_chef/security_group.rb', line 39 def self.get_or_create(group_name, description) # FIXME: the '|| ClusterChef.fog' part is probably unnecessary fog_group = all[group_name] || ClusterChef.fog_connection.security_groups.get(group_name) unless fog_group self.step(group_name, "creating (#{description})", :green) fog_group = all[group_name] = ClusterChef.fog_connection.security_groups.new(:name => group_name, :description => description, :connection => ClusterChef.fog_connection) fog_group.save end fog_group end |
.step(group_name, desc, *style) ⇒ Object
110 111 112 |
# File 'lib/cluster_chef/security_group.rb', line 110 def self.step(group_name, desc, *style) ui.info(" group #{"%-15s" % (group_name+":")}\t#{ui.color(desc.to_s, *style)}") end |
Instance Method Details
#all ⇒ Object
21 22 23 |
# File 'lib/cluster_chef/security_group.rb', line 21 def all self.class.all end |
#authorize_group(group_name, owner_id = nil) ⇒ Object
50 51 52 |
# File 'lib/cluster_chef/security_group.rb', line 50 def (group_name, owner_id=nil) @group_authorizations << [group_name.to_s, owner_id] end |
#authorize_port_range(range, cidr_ip = '0.0.0.0/0', ip_protocol = 'tcp') ⇒ Object
58 59 60 61 |
# File 'lib/cluster_chef/security_group.rb', line 58 def (range, cidr_ip = '0.0.0.0/0', ip_protocol = 'tcp') range = (range .. range) if range.is_a?(Integer) @range_authorizations << [range, cidr_ip, ip_protocol] end |
#authorized_by_group(other_name) ⇒ Object
54 55 56 |
# File 'lib/cluster_chef/security_group.rb', line 54 def (other_name) @group_authorized_by << other_name.to_s end |
#get ⇒ Object
35 36 37 |
# File 'lib/cluster_chef/security_group.rb', line 35 def get all[name] || ClusterChef.fog_connection.security_groups.get(name) end |
#group_permission_already_set?(fog_group, other_name, authed_owner) ⇒ Boolean
63 64 65 66 67 68 69 70 |
# File 'lib/cluster_chef/security_group.rb', line 63 def (fog_group, other_name, authed_owner) return false if fog_group..nil? fog_group..any? do || ["groups"].include?({"userId" => authed_owner, "groupName" => other_name}) && ["fromPort"] == 1 && ["toPort"] == 65535 end end |
#range_permission_already_set?(fog_group, range, cidr_ip, ip_protocol) ⇒ Boolean
72 73 74 75 76 77 |
# File 'lib/cluster_chef/security_group.rb', line 72 def (fog_group, range, cidr_ip, ip_protocol) return false if fog_group..nil? fog_group..include?( { "groups"=>[], "ipRanges"=>[{"cidrIp"=>cidr_ip}], "ipProtocol"=>ip_protocol, "fromPort"=>range.first, "toPort"=>range.last}) end |
#run ⇒ Object
FIXME: so if you’re saying to yourself, “self, this is some soupy gooey code right here” then you and your self are correct. Much of this is to work around old limitations in the EC2 api. You can now treat range and group permissions the same, and we should.
84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 |
# File 'lib/cluster_chef/security_group.rb', line 84 def run fog_group = self.class.get_or_create(name, description) @group_authorizations.uniq.each do |other_name, authed_owner| authed_owner ||= self.owner_id next if (fog_group, other_name, authed_owner) step("authorizing access from all machines in #{other_name} to #{name}", :blue) self.class.get_or_create(other_name, "Authorized to access #{name}") begin fog_group.(other_name, authed_owner) rescue StandardError => e ; ui.warn e ; end end @group_authorized_by.uniq.each do |other_name| authed_owner = self.owner_id other_group = self.class.get_or_create(other_name, "Authorized for access by #{self.name}") next if (other_group, self.name, authed_owner) step("authorizing access to all machines in #{other_name} from #{name}", :blue) begin other_group.(self.name, authed_owner) rescue StandardError => e ; ui.warn e ; end end @range_authorizations.uniq.each do |range, cidr_ip, ip_protocol| next if (fog_group, range, cidr_ip, ip_protocol) step("opening #{ip_protocol} ports #{range} to #{cidr_ip}", :blue) begin fog_group.(range, { :cidr_ip => cidr_ip, :ip_protocol => ip_protocol }) rescue StandardError => e ; ui.warn e ; end end end |
#step(desc, *style) ⇒ Object
113 114 115 |
# File 'lib/cluster_chef/security_group.rb', line 113 def step(desc, *style) self.class.step(self.name, desc, *style) end |