Class: Ec2SecurityCzar::Rule
- Inherits:
-
Object
- Object
- Ec2SecurityCzar::Rule
- Defined in:
- lib/ec2-security-czar/rule.rb
Instance Attribute Summary collapse
-
#egress ⇒ Object
Returns the value of attribute egress.
-
#group ⇒ Object
Returns the value of attribute group.
-
#ip ⇒ Object
Returns the value of attribute ip.
-
#port_range ⇒ Object
Returns the value of attribute port_range.
-
#protocol ⇒ Object
Returns the value of attribute protocol.
Class Method Summary collapse
Instance Method Summary collapse
- #authorize!(security_group_api) ⇒ Object
- #equal?(rule) ⇒ Boolean
- #group_id(group) ⇒ Object
-
#initialize(options) ⇒ Rule
constructor
A new instance of Rule.
- #pretty_print ⇒ Object
- #revoke! ⇒ Object
Constructor Details
#initialize(options) ⇒ Rule
Returns a new instance of Rule.
8 9 10 11 12 13 14 15 |
# File 'lib/ec2-security-czar/rule.rb', line 8 def initialize() @egress = [:direction] == :outbound @ip = [:ip_range] @group = group_id([:group]) @protocol = [:protocol] || :tcp @port_range = [:port_range] || (0..65535) @api_object = [:api_object] end |
Instance Attribute Details
#egress ⇒ Object
Returns the value of attribute egress.
6 7 8 |
# File 'lib/ec2-security-czar/rule.rb', line 6 def egress @egress end |
#group ⇒ Object
Returns the value of attribute group.
6 7 8 |
# File 'lib/ec2-security-czar/rule.rb', line 6 def group @group end |
#ip ⇒ Object
Returns the value of attribute ip.
6 7 8 |
# File 'lib/ec2-security-czar/rule.rb', line 6 def ip @ip end |
#port_range ⇒ Object
Returns the value of attribute port_range.
6 7 8 |
# File 'lib/ec2-security-czar/rule.rb', line 6 def port_range @port_range end |
#protocol ⇒ Object
Returns the value of attribute protocol.
6 7 8 |
# File 'lib/ec2-security-czar/rule.rb', line 6 def protocol @protocol end |
Class Method Details
.rules_from_api(api_rules, direction) ⇒ Object
54 55 56 57 58 59 60 61 62 63 64 65 |
# File 'lib/ec2-security-czar/rule.rb', line 54 def self.rules_from_api(api_rules, direction) rules = [] Array(api_rules).map do |api_rule| rules << api_rule.ip_ranges.map do |ip| Rule.new(ip_range: ip, port_range: api_rule.port_range, protocol: api_rule.protocol, direction: direction, api_object: api_rule) end rules << api_rule.groups.map do |group| Rule.new(group: group.id, port_range: api_rule.port_range, protocol: api_rule.protocol, direction: direction, api_object: api_rule) end end rules.flatten end |
.rules_from_config(config, direction) ⇒ Object
67 68 69 70 71 72 73 74 75 76 77 78 |
# File 'lib/ec2-security-czar/rule.rb', line 67 def self.rules_from_config(config, direction) rules = [] Array(config[direction]).map do |zone| rules << Array(zone[:ip_ranges]).map do |ip| Rule.new(ip_range: ip, port_range: zone[:port_range], protocol: zone[:protocol], direction: direction) end rules << Array(zone[:groups]).map do |group| Rule.new(group: group, port_range: zone[:port_range], protocol: zone[:protocol], direction: direction) end end rules.flatten end |
Instance Method Details
#authorize!(security_group_api) ⇒ Object
25 26 27 28 29 30 31 32 33 34 35 36 |
# File 'lib/ec2-security-czar/rule.rb', line 25 def (security_group_api) sources = ip.nil? ? { group_id: group } : ip if egress security_group_api.(sources, protocol: protocol, ports: port_range) else security_group_api.(protocol, port_range, sources) end say "<%= color('Authorized - #{pretty_print}', :green) %>" rescue StandardError => e say "<%= color('#{e.class} - #{e.}', :red) %>" say "<%= color('#{pretty_print}', :red) %>" end |
#equal?(rule) ⇒ Boolean
17 18 19 20 21 22 23 |
# File 'lib/ec2-security-czar/rule.rb', line 17 def equal?(rule) rule.protocol.to_s == protocol.to_s && Array(rule.port_range) == Array(port_range) && rule.ip == ip && rule.group == group && rule.egress == egress end |
#group_id(group) ⇒ Object
46 47 48 49 50 51 52 |
# File 'lib/ec2-security-czar/rule.rb', line 46 def group_id(group) if group.is_a? Hash group[:group_id] || SecurityGroup.lookup(group[:group_name]).id else group end end |
#pretty_print ⇒ Object
80 81 82 83 84 85 |
# File 'lib/ec2-security-czar/rule.rb', line 80 def pretty_print direction = egress ? "Outbound" : "Inbound" ip_or_group = ip ? ip : SecurityGroup.lookup(group).name port = port_range.is_a?(Range) ? "ports #{port_range}" : "port #{port_range}" "#{direction} traffic on #{port} for #{ip_or_group} using #{protocol}" end |
#revoke! ⇒ Object
38 39 40 41 42 43 44 |
# File 'lib/ec2-security-czar/rule.rb', line 38 def revoke! @api_object.revoke say "<%= color('Revoked - #{pretty_print}', :cyan) %>" rescue StandardError => e say "<%= color('#{e.class} - #{e.}', :red) %>" say "<%= color('#{pretty_print}', :red) %>" end |