Class: Cumulus::SecurityGroups::RuleMigration

Inherits:

Object

• Object
• Cumulus::SecurityGroups::RuleMigration

Defined in:

lib/security/models/RuleMigration.rb

Overview

A class used to migrate RuleConfigs

Instance Attribute Summary

• #icmp_code ⇒ Object readonly

  Returns the value of attribute icmp_code.

• #icmp_type ⇒ Object readonly

  Returns the value of attribute icmp_type.

• #ports ⇒ Object readonly

  Returns the value of attribute ports.

• #protocol ⇒ Object readonly

  Returns the value of attribute protocol.

• #security_groups ⇒ Object readonly

  Returns the value of attribute security_groups.

• #subnets ⇒ Object readonly

  Returns the value of attribute subnets.

Class Method Summary

• .from_rule_config(rule_config) ⇒ Object

  Public: Static method that will produce a RuleMigration from a RuleConfig.

Instance Method Summary

• #combine_allowed(other) ⇒ Object

  Public: Combine two RuleMigrations by combining allowed entities (security group or subnet).

• #combine_ports(other) ⇒ Object

  Public: Combine two RuleMigrations by combining ports.

• #hash ⇒ Object

  Public: Get the configuration as a hash for migration.

• #initialize(ports, protocol, icmp_type, icmp_code, security_groups, subnets) ⇒ RuleMigration constructor

  Public: Constructor.

Constructor Details

#initialize(ports, protocol, icmp_type, icmp_code, security_groups, subnets) ⇒ RuleMigration

Public: Constructor.

ports - an array of the ports to put into cumulus config, or nil for all protocol - the protocol for the rule icmp_type - if protocol is icmp, the icmp type icmp_code - if protocol is icmp, the icmp code security_groups - an array of security group names for the rule, or nil if there are no security groups subnets - an array of subnets to include in the rule, or nil if there are no subnets

# File 'lib/security/models/RuleMigration.rb', line 59

def initialize(ports, protocol, icmp_type, icmp_code, security_groups, subnets)
  @ports = ports
  @protocol = protocol
  @icmp_type = icmp_type
  @icmp_code = icmp_code
  @security_groups = security_groups
  @subnets = subnets
end

Instance Attribute Details

#icmp_code ⇒ Object (readonly)

Returns the value of attribute icmp_code.

# File 'lib/security/models/RuleMigration.rb', line 8

def icmp_code
  @icmp_code
end

#icmp_type ⇒ Object (readonly)

Returns the value of attribute icmp_type.

# File 'lib/security/models/RuleMigration.rb', line 7

def icmp_type
  @icmp_type
end

#ports ⇒ Object (readonly)

Returns the value of attribute ports.

# File 'lib/security/models/RuleMigration.rb', line 6

def ports
  @ports
end

#protocol ⇒ Object (readonly)

Returns the value of attribute protocol.

# File 'lib/security/models/RuleMigration.rb', line 9

def protocol
  @protocol
end

#security_groups ⇒ Object (readonly)

Returns the value of attribute security_groups.

# File 'lib/security/models/RuleMigration.rb', line 10

def security_groups
  @security_groups
end

#subnets ⇒ Object (readonly)

Returns the value of attribute subnets.

# File 'lib/security/models/RuleMigration.rb', line 11

def subnets
  @subnets
end

Class Method Details

.from_rule_config(rule_config) ⇒ Object

Public: Static method that will produce a RuleMigration from a RuleConfig

rule_config - the RuleConfig to create from

Returns the corresponding RuleMigration

# File 'lib/security/models/RuleMigration.rb', line 18

def self.from_rule_config(rule_config)
  ports = if (rule_config.from.nil? and rule_config.to.nil?) or rule_config.protocol == "icmp"
    nil
  else
    if rule_config.from == rule_config.to
      [rule_config.from]
    else
      ["#{rule_config.from}-#{rule_config.to}"]
    end
  end

  icmp_type = if rule_config.protocol == "icmp" then rule_config.from end
  icmp_code = if rule_config.protocol == "icmp" then rule_config.to end

  # we're gonna replace any "0.0.0.0/0" with all to educate users on subnets.json
  subnets = rule_config.subnets.map do |subnet|
    if subnet == "0.0.0.0/0"
      "all"
    else
      subnet
    end
  end

  RuleMigration.new(
    ports,
    rule_config.protocol,
    icmp_type,
    icmp_code,
    rule_config.security_groups,
    subnets
  )
end

Instance Method Details

#combine_allowed(other) ⇒ Object

Public: Combine two RuleMigrations by combining allowed entities (security group or subnet).

other - the other RuleMigration to combine with this one

Returns the a new RuleMigration with this RuleMigration’s ports and protocol, and the allowed entities of both RuleMigrations concatenated together

# File 'lib/security/models/RuleMigration.rb', line 88

def combine_allowed(other)
  RuleMigration.new(
    @ports,
    @protocol,
    @icmp_type,
    @icmp_code,
    @security_groups + other.security_groups,
    @subnets + other.subnets
  )
end

#combine_ports(other) ⇒ Object

Public: Combine two RuleMigrations by combining ports. If both of the RuleMigrations have nil ports, they will be combined, but if only one does, an array containing both RuleMigrations (unchanged) will be returned

other - the other RuleMigration to combine with this one

Returns a new RuleMigration with this RuleMigration’s allowed entities and the combined port or an array of the two original RuleMigrations

# File 'lib/security/models/RuleMigration.rb', line 107

def combine_ports(other)
  # In this case, they should be identical, we just return self
  if !@ports and !other.ports
    self
  # at this point we're guaranteed that if one of the ports is nil, the other is not
  elsif @ports.nil? or other.ports.nil?
    [self, other]
  else
    RuleMigration.new(
      @ports + other.ports,
      @protocol,
      @icmp_type,
      @icmp_code,
      @security_groups,
      @subnets
    )
  end
end

#hash ⇒ Object

Public: Get the configuration as a hash for migration

Returns the hash

# File 'lib/security/models/RuleMigration.rb', line 71

def hash
  {
    "security-groups" => @security_groups,
    "protocol" => @protocol,
    "ports" => @ports,
    "icmp-type" => @icmp_type,
    "icmp-code" => @icmp_code,
    "subnets" => @subnets,
  }.reject { |k, v| v.nil? }
end