Class: Cumulus::SecurityGroups::SecurityGroupConfig

Inherits:

Object

• Object
• Cumulus::SecurityGroups::SecurityGroupConfig

Defined in:

lib/security/models/SecurityGroupConfig.rb

Overview

Public: An object representing configuration for a security group

Instance Attribute Summary

• #description ⇒ Object readonly

  Returns the value of attribute description.

• #inbound ⇒ Object readonly

  Returns the value of attribute inbound.

• #includes ⇒ Object readonly

  Returns the value of attribute includes.

• #name ⇒ Object readonly

  Returns the value of attribute name.

• #outbound ⇒ Object readonly

  Returns the value of attribute outbound.

• #tags ⇒ Object readonly

  Returns the value of attribute tags.

• #vpc_id ⇒ Object readonly

  Returns the value of attribute vpc_id.

Instance Method Summary

• #diff(aws) ⇒ Object

  Public: Produce an array of the differences between this local configuration and the configuration in AWS.

• #initialize(name, vpc_id, json = nil) ⇒ SecurityGroupConfig constructor

  Public: Constructor.

• #populate!(aws) ⇒ Object

  Public: Populate this SecurityGroupConfig from an AWS resource.

• #pretty_json ⇒ Object

  Public: Get the config as a prettified JSON string.

Constructor Details

#initialize(name, vpc_id, json = nil) ⇒ SecurityGroupConfig

Public: Constructor.

name - the name of the security group vpc_id - the id of the vpc the security group belongs in json - a hash containing the JSON configuration for the security group

# File 'lib/security/models/SecurityGroupConfig.rb', line 28

def initialize(name, vpc_id, json = nil)
  @name = name
  @vpc_id = vpc_id
  if !json.nil?
    @description = if !json["description"].nil? then json["description"] else "" end
    @tags = if !json["tags"].nil? then json["tags"] else {} end


    includes = (json["rules"]["includes"] || []).map { |rule| Loader.rule(rule) }
    inbound_includes = includes.reduce([]) { |sofar, inc| sofar + (inc["inbound"] || []) }.flatten.compact
    outbound_includes = includes.reduce([]) { |sofar, inc| sofar + (inc["outbound"] || []) }.flatten.compact

    combined_inbound = (json["rules"]["inbound"] || []) + inbound_includes
    @inbound = combined_inbound.map(&RuleConfig.method(:expand_ports)).flatten

    combined_outbound = (json["rules"]["outbound"] || []) + outbound_includes
    @outbound = if !json["rules"]["outbound"].nil?
      combined_outbound.map(&RuleConfig.method(:expand_ports)).flatten
    else
      if Configuration.instance.security.outbound_default_all_allowed
        [RuleConfig.allow_all]
      else
        outbound_includes
      end
    end
  end
end

Instance Attribute Details

#description ⇒ Object (readonly)

Returns the value of attribute description.

# File 'lib/security/models/SecurityGroupConfig.rb', line 15

def description
  @description
end

#inbound ⇒ Object (readonly)

Returns the value of attribute inbound.

# File 'lib/security/models/SecurityGroupConfig.rb', line 17

def inbound
  @inbound
end

#includes ⇒ Object (readonly)

Returns the value of attribute includes.

# File 'lib/security/models/SecurityGroupConfig.rb', line 16

def includes
  @includes
end

#name ⇒ Object (readonly)

Returns the value of attribute name.

# File 'lib/security/models/SecurityGroupConfig.rb', line 18

def name
  @name
end

#outbound ⇒ Object (readonly)

Returns the value of attribute outbound.

# File 'lib/security/models/SecurityGroupConfig.rb', line 19

def outbound
  @outbound
end

#tags ⇒ Object (readonly)

Returns the value of attribute tags.

# File 'lib/security/models/SecurityGroupConfig.rb', line 20

def tags
  @tags
end

#vpc_id ⇒ Object (readonly)

Returns the value of attribute vpc_id.

# File 'lib/security/models/SecurityGroupConfig.rb', line 21

def vpc_id
  @vpc_id
end

Instance Method Details

#diff(aws) ⇒ Object

Public: Produce an array of the differences between this local configuration and the configuration in AWS

aws - the aws resource

Returns an array of the SecurityGroupDiffs that were found

# File 'lib/security/models/SecurityGroupConfig.rb', line 62

def diff(aws)
  diffs = []

  if @description != aws.description
    diffs << SecurityGroupDiff.new(SecurityGroupChange::DESCRIPTION, aws, self)
  end

  if @tags != Hash[aws.tags.map { |t| [t.key, t.value] }]
    diffs << SecurityGroupDiff.new(SecurityGroupChange::TAGS, aws, self)
  end

  inbound_diffs = diff_rules(@inbound, aws.ip_permissions)
  if !inbound_diffs.empty?
    diffs << SecurityGroupDiff.inbound(aws, self, inbound_diffs)
  end

  outbound_diffs = diff_rules(@outbound, aws.ip_permissions_egress)
  if !outbound_diffs.empty?
    diffs << SecurityGroupDiff.outbound(aws, self, outbound_diffs)
  end

  diffs
end

#populate!(aws) ⇒ Object

Public: Populate this SecurityGroupConfig from an AWS resource

aws - the aws resource

# File 'lib/security/models/SecurityGroupConfig.rb', line 89

def populate!(aws)
  @vpc_id = aws.vpc_id
  @description = aws.description
  @tags = Hash[aws.tags.map { |t| [t.key, t.value] }]
  @inbound = combine_rules(aws.ip_permissions.map { |rule| RuleConfig.from_aws(rule) })
  @outbound = combine_rules(aws.ip_permissions_egress.map { |rule| RuleConfig.from_aws(rule) })
end

#pretty_json ⇒ Object

Public: Get the config as a prettified JSON string.

Returns the JSON string

# File 'lib/security/models/SecurityGroupConfig.rb', line 100

def pretty_json
  JSON.pretty_generate({
    "description" => @description,
    "tags" => @tags,
    "rules" => {
      "inbound" => @inbound.map(&:hash),
      "outbound" => @outbound.map(&:hash),
    }
  }.reject { |k, v| v.nil? })
end