Class: Ec2SecurityCzar::Rule

Inherits:

Object

• Object
• Ec2SecurityCzar::Rule

Defined in:

lib/ec2-security-czar/rule.rb

Instance Attribute Summary

• #egress ⇒ Object

  Returns the value of attribute egress.

• #group ⇒ Object

  Returns the value of attribute group.

• #ip ⇒ Object

  Returns the value of attribute ip.

• #port_range ⇒ Object

  Returns the value of attribute port_range.

• #protocol ⇒ Object

  Returns the value of attribute protocol.

Class Method Summary

• .rules_from_api(api_rules, direction) ⇒ Object
• .rules_from_config(config, direction) ⇒ Object

Instance Method Summary

• #authorize!(security_group_api) ⇒ Object
• #equal?(rule) ⇒ Boolean
• #group_id(group) ⇒ Object
• #initialize(options) ⇒ Rule constructor

  A new instance of Rule.

• #pretty_print ⇒ Object
• #revoke! ⇒ Object

Constructor Details

#initialize(options) ⇒ Rule

Returns a new instance of Rule.

# File 'lib/ec2-security-czar/rule.rb', line 8

def initialize(options)
  @egress = options[:direction] == :outbound
  @ip = options[:ip_range]
  @group = group_id(options[:group])
  @protocol = options[:protocol] || :tcp
  @port_range = options[:port_range] || (0..65535)
  @api_object = options[:api_object]
end

Instance Attribute Details

#egress ⇒ Object

Returns the value of attribute egress.

# File 'lib/ec2-security-czar/rule.rb', line 6

def egress
  @egress
end

#group ⇒ Object

Returns the value of attribute group.

# File 'lib/ec2-security-czar/rule.rb', line 6

def group
  @group
end

#ip ⇒ Object

Returns the value of attribute ip.

# File 'lib/ec2-security-czar/rule.rb', line 6

def ip
  @ip
end

#port_range ⇒ Object

Returns the value of attribute port_range.

# File 'lib/ec2-security-czar/rule.rb', line 6

def port_range
  @port_range
end

#protocol ⇒ Object

Returns the value of attribute protocol.

# File 'lib/ec2-security-czar/rule.rb', line 6

def protocol
  @protocol
end

Class Method Details

.rules_from_api(api_rules, direction) ⇒ Object

# File 'lib/ec2-security-czar/rule.rb', line 54

def self.rules_from_api(api_rules, direction)
  rules = []
  Array(api_rules).map do |api_rule|
    rules << api_rule.ip_ranges.map do |ip|
      Rule.new(ip_range: ip, port_range: api_rule.port_range, protocol: api_rule.protocol, direction: direction, api_object: api_rule)
    end
    rules << api_rule.groups.map do |group|
      Rule.new(group: group.id, port_range: api_rule.port_range, protocol: api_rule.protocol, direction: direction, api_object: api_rule)
    end
  end
  rules.flatten
end

.rules_from_config(config, direction) ⇒ Object

# File 'lib/ec2-security-czar/rule.rb', line 67

def self.rules_from_config(config, direction)
  rules = []
  Array(config[direction]).map do |zone|
    rules << Array(zone[:ip_ranges]).map do |ip|
      Rule.new(ip_range: ip, port_range: zone[:port_range], protocol: zone[:protocol], direction: direction)
    end
    rules << Array(zone[:groups]).map do |group|
      Rule.new(group: group, port_range: zone[:port_range], protocol: zone[:protocol], direction: direction)
    end
  end
  rules.flatten
end

Instance Method Details

#authorize!(security_group_api) ⇒ Object

# File 'lib/ec2-security-czar/rule.rb', line 25

def authorize!(security_group_api)
  sources = ip.nil? ? { group_id: group } : ip
  if egress
    security_group_api.authorize_egress(sources, protocol: protocol, ports: port_range)
  else
    security_group_api.authorize_ingress(protocol, port_range, sources)
  end
  say "<%= color('Authorized - #{pretty_print}', :green) %>"
rescue StandardError => e
  say "<%= color('#{e.class} - #{e.message}', :red) %>"
  say "<%= color('#{pretty_print}', :red) %>"
end

#equal?(rule) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ec2-security-czar/rule.rb', line 17

def equal?(rule)
  rule.protocol.to_s == protocol.to_s &&
  Array(rule.port_range) == Array(port_range) &&
  rule.ip == ip &&
  rule.group == group &&
  rule.egress == egress
end

#group_id(group) ⇒ Object

# File 'lib/ec2-security-czar/rule.rb', line 46

def group_id(group)
  if group.is_a? Hash
    group[:group_id] || SecurityGroup.lookup(group[:group_name]).id
  else
    group
  end
end

#pretty_print ⇒ Object

# File 'lib/ec2-security-czar/rule.rb', line 80

def pretty_print
  direction = egress ? "Outbound" : "Inbound"
  ip_or_group = ip ? ip : SecurityGroup.lookup(group).name
  port = port_range.is_a?(Range) ? "ports #{port_range}" : "port #{port_range}"
  "#{direction} traffic on #{port} for #{ip_or_group} using #{protocol}"
end

#revoke! ⇒ Object

# File 'lib/ec2-security-czar/rule.rb', line 38

def revoke!
  @api_object.revoke
  say "<%= color('Revoked - #{pretty_print}', :cyan) %>"
rescue StandardError => e
  say "<%= color('#{e.class} - #{e.message}', :red) %>"
  say "<%= color('#{pretty_print}', :red) %>"
end