Class: Portalign

Inherits:

Object

• Object
• Portalign

Defined in:

lib/portalign.rb,
lib/portalign/config.rb,
lib/portalign/version.rb

Defined Under Namespace

Modules: Config

Constant Summary

CHECK_IP_URL =

"http://checkip.dyndns.org"

CHECK_IP_REGEX =

/(\d+\.){3}\d+/

NARROW_CIDR =

"32"

WIDE_IP =

"0.0.0.0"

WIDE_CIDR =

"0"

VERSION =

"0.1.1"

Class Method Summary

• .authorize_ingress(ec2, ip_address, cidr, security_groups, ports, protocol) ⇒ Object
• .build_config(args) ⇒ Object
• .deauthorize_ingress(ec2, ip_address, cidr, security_groups, ports, protocol) ⇒ Object
• .resolve_ip ⇒ Object
• .run(config) ⇒ Object
• .validate_config(config) ⇒ Object

Class Method Details

.authorize_ingress(ec2, ip_address, cidr, security_groups, ports, protocol) ⇒ Object

# File 'lib/portalign.rb', line 46

def self.authorize_ingress(ec2, ip_address, cidr, security_groups, ports, protocol)
  security_groups.each do |security_group|
    ports.each do |port|
      puts "Authorizing #{ip_address}/#{cidr} for #{security_group} on port #{port}"
      begin
        ec2.authorize_security_group_IP_ingress(security_group, port, port, protocol, "#{ip_address}/#{cidr}")
      rescue Aws::AwsError => e
        # It will throw an error if already authorized, but that's OK
        # with us.
        unless e.message =~ /has already been authorized/
          raise
        end
      end
    end
  end
end

.build_config(args) ⇒ Object

# File 'lib/portalign.rb', line 15

def self.build_config(args)
  {
    :ports => [22],
    :wide => false,
    :deauthorize => false,
    :protocol => "tcp"
  }.merge!(Config.load_from_file).merge!(Config.parse_opts(args))
end

.deauthorize_ingress(ec2, ip_address, cidr, security_groups, ports, protocol) ⇒ Object

# File 'lib/portalign.rb', line 63

def self.deauthorize_ingress(ec2, ip_address, cidr, security_groups, ports, protocol)
  security_groups.each do |security_group|
    ports.each do |port|
      # We deauthorize both the specific IP and also the wide open IP
      puts "Deauthorizing #{ip_address}/#{cidr} for #{security_group} on port #{port}"
      ec2.revoke_security_group_IP_ingress(security_group, port, port, protocol, "#{ip_address}/#{cidr}")

      puts "Deauthorizing #{WIDE_IP}/#{WIDE_CIDR} for #{security_group} on port #{port}"
      ec2.revoke_security_group_IP_ingress(security_group, port, port, protocol, "#{WIDE_IP}/#{WIDE_CIDR}")
    end
  end
end

.resolve_ip ⇒ Object

# File 'lib/portalign.rb', line 76

def self.resolve_ip
  # TODO: Perhaps have several services in case one is down?
  begin
    parse_checkip(call_checkip)
  rescue Exception => e
    puts "Unable to resolve local IP address. Exiting."
    puts "Error: #{e.message}"
    false
  end
end

.run(config) ⇒ Object

# File 'lib/portalign.rb', line 28

def self.run(config)
  unless config[:wide]
    ip_address = resolve_ip
    exit unless ip_address
    puts "Resolved local IP to #{ip_address}"
  end

  ec2 = ec2_instance(config[:access_key_id], config[:secret_access_key])

  if config[:deauthorize]
    deauthorize_ingress(ec2, ip_address, NARROW_CIDR, config[:security_groups], config[:ports], config[:protocol])
  elsif config[:wide]
    authorize_ingress(ec2, WIDE_IP, WIDE_CIDR, config[:security_groups], config[:ports], config[:protocol])
  else
    authorize_ingress(ec2, ip_address, NARROW_CIDR, config[:security_groups], config[:ports], config[:protocol])
  end
end

.validate_config(config) ⇒ Object

# File 'lib/portalign.rb', line 24

def self.validate_config(config)
  Config.validate_config(config)
end