Class: Awspec::Generator::Spec::SecurityGroup

Inherits:

Object

Object
Awspec::Generator::Spec::SecurityGroup

show all

Includes:: Helper::Finder

Defined in:: lib/awspec/generator/spec/security_group.rb

Instance Attribute Summary

Attributes included from Helper::Finder

#ec2_client

Instance Method Summary collapse

Instance Method Details

#generate_by_vpc_id(vpc_id) ⇒ `Object`

# File 'lib/awspec/generator/spec/security_group.rb', line 5

def generate_by_vpc_id(vpc_id)
  describes = %w(
    group_id group_name
  )
  vpc = find_vpc(vpc_id)
  fail 'Not Found VPC' unless vpc
  @vpc_id = vpc[:vpc_id]
  @vpc_tag_name = vpc.tag_name
  sgs = select_security_group_by_vpc_id(@vpc_id)

  specs = sgs.map do |sg|
    linespecs = generate_linespecs(sg)
    content = ERB.new(security_group_spec_template, nil, '-').result(binding).gsub(/^\n/, '')
  end
  specs.join("\n")
end

#generate_linespecs(sg) ⇒ `Object`

# File 'lib/awspec/generator/spec/security_group.rb', line 22

def generate_linespecs(sg)
  linespecs = []
  permissions = { 'inbound' => sg.ip_permissions, 'outbound' => sg.ip_permissions_egress }
  %w(inbound outbound).each do |inout|
    permissions[inout].each do |permission|
      if permission.ip_protocol.to_i < 0 || permission.from_port.nil?
        linespecs.push('its(:' + inout + ') { should be_opened }')
        next
      end
      port = permission.from_port
      protocol = permission.ip_protocol
      permission.ip_ranges.each do |ip_range|
        target = ip_range.cidr_ip
        linespecs.push(ERB.new(security_group_spec_linetemplate, nil, '-').result(binding))
      end
      permission.user_id_group_pairs.each do |group|
        target = group.group_name
        target = group.group_id unless group.group_name
        linespecs.push(ERB.new(security_group_spec_linetemplate, nil, '-').result(binding))
      end
    end
  end
  linespecs
end

#security_group_spec_linetemplate ⇒ `Object`

# File 'lib/awspec/generator/spec/security_group.rb', line 47

def security_group_spec_linetemplate
  template = <<-'EOF'
its(:<%= inout %>) { should be_opened(<%= port %>).protocol('<%= protocol %>').for('<%= target %>') }
EOF
  template
end

#security_group_spec_template ⇒ `Object`

# File 'lib/awspec/generator/spec/security_group.rb', line 54

def security_group_spec_template
  template = <<-'EOF'
describe security_group('<%= sg.group_id %>') do
  it { should exist }
<% describes.each do |describe| %>
<%- if sg.key?(describe) -%>
  its(:<%= describe %>) { should eq '<%= sg[describe] %>' }
<%- end -%>
<% end %>
<% linespecs.each do |line| %>
  <%= line %>
<% end %>
  its(:inbound_permissions_count) { should eq <%= sg.ip_permissions.count %> }
  its(:outbound_permissions_count) { should eq <%= sg.ip_permissions_egress.count %> }
<%- if @vpc_tag_name -%>
  it { should belong_to_vpc('<%= @vpc_tag_name %>') }
<%- else -%>
  it { should belong_to_vpc('<%= @vpc_id %>') }
<%- end -%>
end
EOF
  template
end

Class: Awspec::Generator::Spec::SecurityGroup

Instance Attribute Summary

Attributes included from Helper::Finder

Instance Method Summary collapse

Methods included from Helper::Finder

Methods included from Helper::Finder::Cloudwatch

Methods included from Helper::Finder::Elasticache

Methods included from Helper::Finder::Iam

Methods included from Helper::Finder::Lambda

Methods included from Helper::Finder::Elb

Methods included from Helper::Finder::Ebs

Methods included from Helper::Finder::AutoScaling

Methods included from Helper::Finder::S3

Methods included from Helper::Finder::Route53

Methods included from Helper::Finder::Rds

Methods included from Helper::Finder::SecurityGroup

Methods included from Helper::Finder::Ec2

Methods included from Helper::Finder::Vpc

Instance Method Details

#generate_by_vpc_id(vpc_id) ⇒ Object

#generate_linespecs(sg) ⇒ Object

#security_group_spec_linetemplate ⇒ Object

#security_group_spec_template ⇒ Object

#generate_by_vpc_id(vpc_id) ⇒ `Object`

#generate_linespecs(sg) ⇒ `Object`

#security_group_spec_linetemplate ⇒ `Object`

#security_group_spec_template ⇒ `Object`