Class: Ec2SecurityCzar::SecurityGroup

Inherits:

Object

• Object
• Ec2SecurityCzar::SecurityGroup

Defined in:

lib/ec2-security-czar/security_group.rb

Instance Attribute Summary

• #config ⇒ Object

  Returns the value of attribute config.

• #diff ⇒ Object

  Returns the value of attribute diff.

• #name ⇒ Object

  Returns the value of attribute name.

Class Method Summary

• .from_aws ⇒ Object

  Private: Gets all security groups from AWS.

• .lookup(query) ⇒ Object

  Public: Creates a hash mapping security_group.name to security_group, and looks up security_group by name or id.

• .update_rules ⇒ Object
• .update_security_groups(ec2, environment, region) ⇒ Object

  Public: Creates missing security groups, updates all security groups.

Instance Method Summary

• #initialize(name, environment) ⇒ SecurityGroup constructor

  A new instance of SecurityGroup.

• #load_rules ⇒ Object
• #rule_exists?(direction, current_rule) ⇒ Boolean
• #update_rules ⇒ Object

Constructor Details

#initialize(name, environment) ⇒ SecurityGroup

Returns a new instance of SecurityGroup.

# File 'lib/ec2-security-czar/security_group.rb', line 15

def initialize(name, environment)
  @name = name
  @environment = environment
  load_rules
end

Instance Attribute Details

#config ⇒ Object

Returns the value of attribute config.

# File 'lib/ec2-security-czar/security_group.rb', line 13

def config
  @config
end

#diff ⇒ Object

Returns the value of attribute diff.

# File 'lib/ec2-security-czar/security_group.rb', line 13

def diff
  @diff
end

#name ⇒ Object

Returns the value of attribute name.

# File 'lib/ec2-security-czar/security_group.rb', line 13

def name
  @name
end

Class Method Details

.from_aws ⇒ Object

Private: Gets all security groups from AWS

Returns - SecurityGroupCollection

# File 'lib/ec2-security-czar/security_group.rb', line 58

def self.from_aws
  @security_groups = ec2.security_groups
end

.lookup(query) ⇒ Object

Public: Creates a hash mapping security_group.name to security_group, and looks up security_group by name or id

name: the name of the security group to lookup

Returns - SecurityGroup object

# File 'lib/ec2-security-czar/security_group.rb', line 46

def self.lookup(query)
  @security_group_hash ||= security_groups.inject({}) do |hash, security_group|
    hash[security_group.name] = security_group
    hash[security_group.id] = security_group
    hash
  end
  @security_group_hash[query] 
end

.update_rules ⇒ Object

# File 'lib/ec2-security-czar/security_group.rb', line 34

def self.update_rules
  security_groups.each do |sg|
    security_group = SecurityGroup.new(sg.name, @environment)
    security_group.update_rules
  end
end

.update_security_groups(ec2, environment, region) ⇒ Object

Public: Creates missing security groups, updates all security groups

ec2: ec2 instance created in base.rb environment: environment passed in from commandline region: the region loaded in from aws_keys.yml, defaults to ‘us-east-1’

# File 'lib/ec2-security-czar/security_group.rb', line 26

def self.update_security_groups(ec2, environment, region)
  @ec2 = ec2
  @environment = environment
  @region = region
  create_missing_security_groups(environment)
  update_rules
end

Instance Method Details

#load_rules ⇒ Object

# File 'lib/ec2-security-czar/security_group.rb', line 179

def load_rules
  if File.exists? config_filename
    environment = @environment
    @config = SecurityGroupConfig[YAML.load(ERB.new(File.read(config_filename)).result(binding))]
  end
end

#rule_exists?(direction, current_rule) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ec2-security-czar/security_group.rb', line 191

def rule_exists?(direction, current_rule)
  @diff[:additions][direction].reject!{ |rule| rule.equal?(current_rule) }
end

#update_rules ⇒ Object

# File 'lib/ec2-security-czar/security_group.rb', line 138

def update_rules
  if config
    say "================================================="
    say "Applying changes for #{name}:"
    say "================================================="

    # Apply deletions first
    rules_diff
    [:outbound, :inbound].each do |direction|
      diff[:deletions][direction].each{ |rule| rule.revoke! }
    end

    # Re-calculate the diff after performing deletions to make sure we add
    # back any that got removed because of the way AWS groups rules together.
    rules_diff
    [:outbound, :inbound].each do |direction|
      diff[:additions][direction].each{ |rule| rule.authorize!(self.class.lookup(name)) }
    end
    say "\n"
  else
    say "No config file for #{name}, skipping...\n\n"
  end
end