Class: Wafoo::Run

Inherits:
Object
  • Object
show all
Includes:
Helper
Defined in:
lib/wafoo/run.rb

Constant Summary collapse

IP_SETS_DIR = 
'ipsets'

Instance Method Summary collapse

Methods included from Helper

#added_print, #info_print, #output_table, #removed_print, #split_cidr

Constructor Details

#initialize(options = nil) ⇒ Run

Returns a new instance of Run.



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'lib/wafoo/run.rb', line 8

def initialize(options = nil)
  # Stub は個別にロードしてあげないといけないので苦肉の策
  Wafoo::Stub.load('waf') if ENV['LOAD_STUB'] == 'true'
  @waf = Aws::WAF::Client.new

  # Stub は個別にロードしてあげないといけないので苦肉の策
  Wafoo::Stub.load('wafregional') if ENV['LOAD_STUB'] == 'true'
  @waf_regional = Aws::WAFRegional::Client.new

  @full = options[:full] unless options.nil?
  @waf_webacls = get_waf_webacls if @full
  @wafregioal_webacls = get_wafregional_webacls if @full
  @all_waf_webacls = @waf_webacls + @wafregioal_webacls if @full

  @regional = options[:regional] unless options.nil?
  FileUtils.mkdir_p(IP_SETS_DIR) unless FileTest.exist?(IP_SETS_DIR)
end

Instance Method Details

#apply_ipset(ipsets, ip_set_id) ⇒ Object 



151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
 
# File 'lib/wafoo/run.rb', line 151

def apply_ipset(ipsets, ip_set_id)
  waf = @regional ? @waf_regional : @waf
  puts 'Applying IP List...'
  change_token = waf.get_change_token.change_token
  begin
    waf.update_ip_set(
      ip_set_id: ip_set_id,
      change_token: change_token,
      updates: ipsets
    )
    puts 'Apply Finished.'
    exit 0
  rescue => ex
    puts error_print(ex.message)
    exit 1
  end
end

#create_ipset(ip_set_name) ⇒ Object 



169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
 
# File 'lib/wafoo/run.rb', line 169

def create_ipset(ip_set_name)
  waf = @regional ? @waf_regional : @waf
  puts 'Creating IPSet...'
  change_token = waf.get_change_token.change_token
  begin
    waf.create_ip_set(
      name: ip_set_name,
      change_token: change_token,
    )
    puts 'Create Finished.'
    exit 0
  rescue => ex
    puts error_print(ex.message)
    exit 1
  end
end

#export_ipset(ip_set_id) ⇒ Object 



136
137
138
139
140
141
142
143
144
145
146
147
148
149
 
# File 'lib/wafoo/run.rb', line 136

def export_ipset(ip_set_id)
  puts 'Exporting IP List...'
  begin
    ipsets = read_ipset_from_api(ip_set_id)
  rescue => ex
    puts error_print(ex.message)
    exit 1
  end
  ipsets.sort.each { |ipset| puts info_print(ipset) }
  File.open(IP_SETS_DIR + '/' + ip_set_id, 'w') do |f|
    ipsets.sort.each { |ipset| f.puts(ipset) }
  end
  puts 'Exported to ' + added_print(IP_SETS_DIR + '/' + ip_set_id)
end

#generate_delete_hash(ipset) ⇒ Object 



186
187
188
189
190
191
192
193
194
195
196
 
# File 'lib/wafoo/run.rb', line 186

def generate_delete_hash(ipset)
  ipset.slice!(0)
  ipset_hash = {
                   action: 'DELETE',
                   ip_set_descriptor: {
                     type: 'IPV4',
                     value: ipset
                   }
               }
  ipset_hash
end

#generate_insert_hash(ipset) ⇒ Object 



198
199
200
201
202
203
204
205
206
207
208
 
# File 'lib/wafoo/run.rb', line 198

def generate_insert_hash(ipset)
  ipset.slice!(0)
  ipset_hash = {
                   action: 'INSERT',
                   ip_set_descriptor: {
                     type: 'IPV4',
                     value: ipset
                   }
               }
  ipset_hash
end

#list_ipsetsObject 



130
131
132
133
134
 
# File 'lib/wafoo/run.rb', line 130

def list_ipsets
  ip_sets = []
  ip_sets = get_waf_ipsets + get_wafregional_ipsets
  output_table(ip_sets, @full)
end

#read_ipset_from_api(ip_set_id) ⇒ Object 



68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/wafoo/run.rb', line 68

def read_ipset_from_api(ip_set_id)
  waf_client = @regional ? @waf_regional : @waf
  resp = waf_client.get_ip_set({
    ip_set_id: ip_set_id
  })
  ipsets = []
  sorted_ipsets = resp.ip_set.ip_set_descriptors.sort {|a,b| a[:value] <=> b[:value]}
  sorted_ipsets.each do |ipset|
    ipsets << ipset.value
  end

  ipsets
end

#read_ipset_from_file(ip_set_id) ⇒ Object 



82
83
84
85
86
87
88
89
90
91
 
# File 'lib/wafoo/run.rb', line 82

def read_ipset_from_file(ip_set_id)
  ipsets = []
  File.open(IP_SETS_DIR + '/' + ip_set_id, 'r') do |file|
    file.read.split("\n").each do |ipset|
      ipsets << ipset
    end
  end

  ipsets.sort
end

#update_ipset(ip_set_id, dry_run) ⇒ Object 



210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
 
# File 'lib/wafoo/run.rb', line 210

def update_ipset(ip_set_id, dry_run)
  _old = read_ipset_from_api(ip_set_id).join("\n")
  _new = read_ipset_from_file(ip_set_id).join("\n")
  ipsets = []
  Diffy::Diff.new(_old, _new).each do |line|
    case line
      when /^\+/ then
        puts 'Add Line: ' + added_print(line.chomp)
        ipsets << generate_insert_hash(line.chomp)
      when /^-/ then
        puts 'Remove Line: ' + removed_print(line.chomp)
        ipsets << generate_delete_hash(line.chomp)
    end
  end

  if !dry_run and ipsets.length > 0 then
    apply_ipset(ipsets.flatten, ip_set_id)
    export_ipset(ip_set_id)
  elsif dry_run and ipsets.length > 0 then
    puts 'Above IP list will be changed.'
    exit 0
  else
    puts 'No IP list changed.'
    exit 0
  end
end