Class: SecurityRecord

Inherits:
Object
  • Object
show all
Extended by:
Rake::DSL
Defined in:
lib/ponyup.rb

Overview

:nodoc:

Class Method Summary collapse

Class Method Details

.add_group_ports(group, other_name, ports) ⇒ Object 



99
100
101
102
103
104
105
106
 
# File 'lib/ponyup.rb', line 99

def self.add_group_ports group, other_name, ports
  external_group = Fog::Compute[:aws].security_groups.get(other_name)
  aws_spec = {external_group.owner_id => external_group.name}
  ports.each do |port|
    range = port.respond_to?(:min) ? port : (port .. port)
    group.authorize_port_range range, group: aws_spec
  end
end

.add_public_ports(group, ports) ⇒ Object 



92
93
94
95
96
97
 
# File 'lib/ponyup.rb', line 92

def self.add_public_ports group, ports
  ports.each do |range|
    range = range.respond_to?(:min) ? range : (range .. range)
    group.authorize_port_range(range)
  end
end

.create(name, public_ports, group_ports) ⇒ Object 



65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
# File 'lib/ponyup.rb', line 65

def self.create name, public_ports, group_ports
  public_ports = Array(public_ports)
  group = Fog::Compute[:aws].security_groups.get(name)
  if group
    delete_all_rules(group)
  else
    group = Fog::Compute[:aws].security_groups.new(name: name,
                                      description: "Autmated Group #{name}")
    group.save
  end
  unless public_ports.empty?
    add_public_ports(group, public_ports)
  end
  unless group_ports.empty?
    group_ports.each do |extern_group, ports|
      ports = Array(ports)
      add_group_ports(group, extern_group, ports)
    end
  end
end

.define(name, public_ports, group_ports) ⇒ Object

Return the namespace as string



48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/ponyup.rb', line 48

def self.define name, public_ports, group_ports
  namespace :security do
    namespace name do
      desc "Create #{name} security group"
      task :create do
        SecurityRecord.create name, public_ports, group_ports
      end

      desc "Delete #{name} security group"
      task :destroy do
        SecurityRecord.destroy name
      end
    end
  end
  "security:#{name}"
end

.delete_all_rules(group) ⇒ Object 



108
109
110
111
112
113
114
115
116
117
118
119
120
 
# File 'lib/ponyup.rb', line 108

def self.delete_all_rules group
  group.ip_permissions.each do |perm|
    ports = (perm['fromPort'] .. perm['toPort'])
    if perm['groups'].any?
      perm['groups'].each do |g|
        group_spec = {g['userId'] => g['groupId']}
        group.revoke_port_range(ports, group: group_spec)
      end
    else
      group.revoke_port_range(ports)
    end
  end
end

.destroy(name, ports) ⇒ Object 



86
87
88
89
90
 
# File 'lib/ponyup.rb', line 86

def self.destroy name, ports
  if group=Fog::Compute[:aws].security_groups.get(name)
    group.delete
  end
end