Class: Cumulus::SecurityGroups::RuleMigration
- Inherits:
-
Object
- Object
- Cumulus::SecurityGroups::RuleMigration
- Defined in:
- lib/security/models/RuleMigration.rb
Overview
A class used to migrate RuleConfigs
Instance Attribute Summary collapse
-
#icmp_code ⇒ Object
readonly
Returns the value of attribute icmp_code.
-
#icmp_type ⇒ Object
readonly
Returns the value of attribute icmp_type.
-
#ports ⇒ Object
readonly
Returns the value of attribute ports.
-
#protocol ⇒ Object
readonly
Returns the value of attribute protocol.
-
#security_groups ⇒ Object
readonly
Returns the value of attribute security_groups.
-
#subnets ⇒ Object
readonly
Returns the value of attribute subnets.
Class Method Summary collapse
-
.from_rule_config(rule_config) ⇒ Object
Public: Static method that will produce a RuleMigration from a RuleConfig.
Instance Method Summary collapse
-
#combine_allowed(other) ⇒ Object
Public: Combine two RuleMigrations by combining allowed entities (security group or subnet).
-
#combine_ports(other) ⇒ Object
Public: Combine two RuleMigrations by combining ports.
-
#hash ⇒ Object
Public: Get the configuration as a hash for migration.
-
#initialize(ports, protocol, icmp_type, icmp_code, security_groups, subnets) ⇒ RuleMigration
constructor
Public: Constructor.
Constructor Details
#initialize(ports, protocol, icmp_type, icmp_code, security_groups, subnets) ⇒ RuleMigration
Public: Constructor.
ports - an array of the ports to put into cumulus config, or nil for all protocol - the protocol for the rule icmp_type - if protocol is icmp, the icmp type icmp_code - if protocol is icmp, the icmp code security_groups - an array of security group names for the rule, or nil if there are no security groups subnets - an array of subnets to include in the rule, or nil if there are no subnets
59 60 61 62 63 64 65 66 |
# File 'lib/security/models/RuleMigration.rb', line 59 def initialize(ports, protocol, icmp_type, icmp_code, security_groups, subnets) @ports = ports @protocol = protocol @icmp_type = icmp_type @icmp_code = icmp_code @security_groups = security_groups @subnets = subnets end |
Instance Attribute Details
#icmp_code ⇒ Object (readonly)
Returns the value of attribute icmp_code.
8 9 10 |
# File 'lib/security/models/RuleMigration.rb', line 8 def icmp_code @icmp_code end |
#icmp_type ⇒ Object (readonly)
Returns the value of attribute icmp_type.
7 8 9 |
# File 'lib/security/models/RuleMigration.rb', line 7 def icmp_type @icmp_type end |
#ports ⇒ Object (readonly)
Returns the value of attribute ports.
6 7 8 |
# File 'lib/security/models/RuleMigration.rb', line 6 def ports @ports end |
#protocol ⇒ Object (readonly)
Returns the value of attribute protocol.
9 10 11 |
# File 'lib/security/models/RuleMigration.rb', line 9 def protocol @protocol end |
#security_groups ⇒ Object (readonly)
Returns the value of attribute security_groups.
10 11 12 |
# File 'lib/security/models/RuleMigration.rb', line 10 def security_groups @security_groups end |
#subnets ⇒ Object (readonly)
Returns the value of attribute subnets.
11 12 13 |
# File 'lib/security/models/RuleMigration.rb', line 11 def subnets @subnets end |
Class Method Details
.from_rule_config(rule_config) ⇒ Object
Public: Static method that will produce a RuleMigration from a RuleConfig
rule_config - the RuleConfig to create from
Returns the corresponding RuleMigration
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'lib/security/models/RuleMigration.rb', line 18 def self.from_rule_config(rule_config) ports = if (rule_config.from.nil? and rule_config.to.nil?) or rule_config.protocol == "icmp" nil else if rule_config.from == rule_config.to [rule_config.from] else ["#{rule_config.from}-#{rule_config.to}"] end end icmp_type = if rule_config.protocol == "icmp" then rule_config.from end icmp_code = if rule_config.protocol == "icmp" then rule_config.to end # we're gonna replace any "0.0.0.0/0" with all to educate users on subnets.json subnets = rule_config.subnets.map do |subnet| if subnet == "0.0.0.0/0" "all" else subnet end end RuleMigration.new( ports, rule_config.protocol, icmp_type, icmp_code, rule_config.security_groups, subnets ) end |
Instance Method Details
#combine_allowed(other) ⇒ Object
Public: Combine two RuleMigrations by combining allowed entities (security group or subnet).
other - the other RuleMigration to combine with this one
Returns the a new RuleMigration with this RuleMigration’s ports and protocol, and the allowed entities of both RuleMigrations concatenated together
88 89 90 91 92 93 94 95 96 97 |
# File 'lib/security/models/RuleMigration.rb', line 88 def combine_allowed(other) RuleMigration.new( @ports, @protocol, @icmp_type, @icmp_code, @security_groups + other.security_groups, @subnets + other.subnets ) end |
#combine_ports(other) ⇒ Object
Public: Combine two RuleMigrations by combining ports. If both of the RuleMigrations have nil ports, they will be combined, but if only one does, an array containing both RuleMigrations (unchanged) will be returned
other - the other RuleMigration to combine with this one
Returns a new RuleMigration with this RuleMigration’s allowed entities and the combined port or an array of the two original RuleMigrations
107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 |
# File 'lib/security/models/RuleMigration.rb', line 107 def combine_ports(other) # In this case, they should be identical, we just return self if !@ports and !other.ports self # at this point we're guaranteed that if one of the ports is nil, the other is not elsif @ports.nil? or other.ports.nil? [self, other] else RuleMigration.new( @ports + other.ports, @protocol, @icmp_type, @icmp_code, @security_groups, @subnets ) end end |
#hash ⇒ Object
Public: Get the configuration as a hash for migration
Returns the hash
71 72 73 74 75 76 77 78 79 80 |
# File 'lib/security/models/RuleMigration.rb', line 71 def hash { "security-groups" => @security_groups, "protocol" => @protocol, "ports" => @ports, "icmp-type" => @icmp_type, "icmp-code" => @icmp_code, "subnets" => @subnets, }.reject { |k, v| v.nil? } end |