Class: AwSec::Core
- Inherits:
-
Object
- Object
- AwSec::Core
- Defined in:
- lib/aw_sec/core.rb
Class Method Summary collapse
Instance Method Summary collapse
- #conn ⇒ Object
- #get_groups(group_names) ⇒ Object
- #is_authorized?(group, ip) ⇒ Boolean
- #list_ips(group) ⇒ Object
- #port ⇒ Object
- #revoke_access(group, ip) ⇒ Object
- #safe_authorize_port(group, ip) ⇒ Object
- #secure(group_names, public_ip, options = {}) ⇒ Object
Class Method Details
Instance Method Details
#conn ⇒ Object
100 101 102 103 104 105 106 107 |
# File 'lib/aw_sec/core.rb', line 100 def conn @conn ||= Fog::Compute.new({ :provider => 'AWS', :region => @region, :aws_access_key_id => @aws_key, :aws_secret_access_key => @aws_secret }) end |
#get_groups(group_names) ⇒ Object
63 64 65 66 67 68 69 70 |
# File 'lib/aw_sec/core.rb', line 63 def get_groups(group_names) groups = [] group_names.each do |group_name| groups << conn.security_groups.get(group_name) end groups end |
#is_authorized?(group, ip) ⇒ Boolean
87 88 89 90 91 92 93 94 |
# File 'lib/aw_sec/core.rb', line 87 def (group, ip) return group..detect do || ['ipRanges'].first && ['ipRanges'].first['cidrIp'] == ip && ['fromPort'] == port && ['ipProtocol'] == 'tcp' && ['toPort'] == port end end |
#list_ips(group) ⇒ Object
50 51 52 53 54 55 56 57 |
# File 'lib/aw_sec/core.rb', line 50 def list_ips(group) result = [] group..detect do || result << ['ipRanges'].collect{ |i| i["cidrIp"] } if ["toPort"] == port end result.flatten! end |
#port ⇒ Object
96 97 98 |
# File 'lib/aw_sec/core.rb', line 96 def port @port end |
#revoke_access(group, ip) ⇒ Object
59 60 61 |
# File 'lib/aw_sec/core.rb', line 59 def revoke_access(group, ip) group.revoke_port_range(port..port, :cidr_ip => ip) end |
#safe_authorize_port(group, ip) ⇒ Object
72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
# File 'lib/aw_sec/core.rb', line 72 def (group, ip) if group..nil? = false else = (group, ip) end unless begin group.(port..port, :cidr_ip => ip) rescue => exc puts "Failed #{exc.}" end end end |
#secure(group_names, public_ip, options = {}) ⇒ Object
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
# File 'lib/aw_sec/core.rb', line 11 def secure(group_names, public_ip, = {}) public_ip = public_ip @port = [:port] || 22 @region = [:aws_region] @aws_key = [:aws_key] @aws_secret = [:aws_secret] revoke_all = .has_key?(:revoke_all) ? [:revoke_all] : true wtlist = [:whitelist] || [] whitelist = [] public_ip = "#{public_ip}/32" unless public_ip =~ /\// wtlist.each do |ip| whitelist << "#{ip}/32" unless ip =~ /\// end puts "Connecting AWS..." groups = get_groups(group_names) groups.each do |group| puts "Configuring #{group.name}" granted_ips = list_ips(group) || [] puts "Existing IPs with access to port #{port}: #{granted_ips.join(',')}" allowed_ips = granted_ips.select { |i| whitelist.include? i } allowed_ips << public_ip if revoke_all granted_ips.each do |ip| unless allowed_ips.include? ip puts "Revoking access to #{ip}" revoke_access(group, ip) end end end granted_ips.uniq! allowed_ips.each do |ip| puts "Granting access to port #{port} to #{ip}" (group, ip) end end end |