Class: Ec2SecurityCzar::SecurityGroup
- Inherits:
-
Object
- Object
- Ec2SecurityCzar::SecurityGroup
- Defined in:
- lib/ec2-security-czar/security_group.rb
Instance Attribute Summary collapse
-
#config ⇒ Object
Returns the value of attribute config.
-
#diff ⇒ Object
Returns the value of attribute diff.
-
#name ⇒ Object
Returns the value of attribute name.
Class Method Summary collapse
-
.from_aws ⇒ Object
Private: Gets all security groups from AWS.
-
.lookup(query) ⇒ Object
Public: Creates a hash mapping security_group.name to security_group, and looks up security_group by name or id.
- .update_rules ⇒ Object
-
.update_security_groups(ec2, environment, region) ⇒ Object
Public: Creates missing security groups, updates all security groups.
Instance Method Summary collapse
-
#initialize(name, environment) ⇒ SecurityGroup
constructor
A new instance of SecurityGroup.
- #load_rules ⇒ Object
- #rule_exists?(direction, current_rule) ⇒ Boolean
- #update_rules ⇒ Object
Constructor Details
#initialize(name, environment) ⇒ SecurityGroup
Returns a new instance of SecurityGroup.
15 16 17 18 19 |
# File 'lib/ec2-security-czar/security_group.rb', line 15 def initialize(name, environment) @name = name @environment = environment load_rules end |
Instance Attribute Details
#config ⇒ Object
Returns the value of attribute config.
13 14 15 |
# File 'lib/ec2-security-czar/security_group.rb', line 13 def config @config end |
#diff ⇒ Object
Returns the value of attribute diff.
13 14 15 |
# File 'lib/ec2-security-czar/security_group.rb', line 13 def diff @diff end |
#name ⇒ Object
Returns the value of attribute name.
13 14 15 |
# File 'lib/ec2-security-czar/security_group.rb', line 13 def name @name end |
Class Method Details
.from_aws ⇒ Object
Private: Gets all security groups from AWS
Returns - SecurityGroupCollection
58 59 60 |
# File 'lib/ec2-security-czar/security_group.rb', line 58 def self.from_aws @security_groups = ec2.security_groups end |
.lookup(query) ⇒ Object
Public: Creates a hash mapping security_group.name to security_group, and looks up security_group by name or id
name: the name of the security group to lookup
Returns - SecurityGroup object
46 47 48 49 50 51 52 53 |
# File 'lib/ec2-security-czar/security_group.rb', line 46 def self.lookup(query) @security_group_hash ||= security_groups.inject({}) do |hash, security_group| hash[security_group.name] = security_group hash[security_group.id] = security_group hash end @security_group_hash[query] end |
.update_rules ⇒ Object
34 35 36 37 38 39 |
# File 'lib/ec2-security-czar/security_group.rb', line 34 def self.update_rules security_groups.each do |sg| security_group = SecurityGroup.new(sg.name, @environment) security_group.update_rules end end |
.update_security_groups(ec2, environment, region) ⇒ Object
Public: Creates missing security groups, updates all security groups
ec2: ec2 instance created in base.rb environment: environment passed in from commandline region: the region loaded in from aws_keys.yml, defaults to ‘us-east-1’
26 27 28 29 30 31 32 |
# File 'lib/ec2-security-czar/security_group.rb', line 26 def self.update_security_groups(ec2, environment, region) @ec2 = ec2 @environment = environment @region = region create_missing_security_groups(environment) update_rules end |
Instance Method Details
#load_rules ⇒ Object
179 180 181 182 183 184 |
# File 'lib/ec2-security-czar/security_group.rb', line 179 def load_rules if File.exists? config_filename environment = @environment @config = SecurityGroupConfig[YAML.load(ERB.new(File.read(config_filename)).result(binding))] end end |
#rule_exists?(direction, current_rule) ⇒ Boolean
191 192 193 |
# File 'lib/ec2-security-czar/security_group.rb', line 191 def rule_exists?(direction, current_rule) @diff[:additions][direction].reject!{ |rule| rule.equal?(current_rule) } end |
#update_rules ⇒ Object
138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 |
# File 'lib/ec2-security-czar/security_group.rb', line 138 def update_rules if config say "=================================================" say "Applying changes for #{name}:" say "=================================================" # Apply deletions first rules_diff [:outbound, :inbound].each do |direction| diff[:deletions][direction].each{ |rule| rule.revoke! } end # Re-calculate the diff after performing deletions to make sure we add # back any that got removed because of the way AWS groups rules together. rules_diff [:outbound, :inbound].each do |direction| diff[:additions][direction].each{ |rule| rule.(self.class.lookup(name)) } end say "\n" else say "No config file for #{name}, skipping...\n\n" end end |