mirror of
https://github.com/fog/fog-aws.git
synced 2022-11-09 13:50:52 -05:00
Add IPv6 support for Ingress Security Groups
This commit is contained in:
Petrik
parent
026b666096
commit
171ad6ff5f
6 changed files with 66 additions and 13 deletions
|
|
@ -233,21 +233,24 @@ module Fog
|
||||||
'fromPort' => -1,
|
'fromPort' => -1,
|
||||||
'toPort' => -1,
|
'toPort' => -1,
|
||||||
'ipProtocol' => 'icmp',
|
'ipProtocol' => 'icmp',
|
||||||
'ipRanges' => []
|
'ipRanges' => [],
|
||||||
|
'ipv6Ranges' => []
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
'groups' => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id}],
|
'groups' => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id}],
|
||||||
'fromPort' => 0,
|
'fromPort' => 0,
|
||||||
'toPort' => 65535,
|
'toPort' => 65535,
|
||||||
'ipProtocol' => 'tcp',
|
'ipProtocol' => 'tcp',
|
||||||
'ipRanges' => []
|
'ipRanges' => [],
|
||||||
|
'ipv6Ranges' => []
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
'groups' => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id}],
|
'groups' => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id}],
|
||||||
'fromPort' => 0,
|
'fromPort' => 0,
|
||||||
'toPort' => 65535,
|
'toPort' => 65535,
|
||||||
'ipProtocol' => 'udp',
|
'ipProtocol' => 'udp',
|
||||||
'ipRanges' => []
|
'ipRanges' => [],
|
||||||
|
'ipv6Ranges' => []
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
'ownerId' => owner_id
|
'ownerId' => owner_id
|
||||||
|
|
|
||||||
|
|
@ -62,7 +62,8 @@ module Fog
|
||||||
# options::
|
# options::
|
||||||
# A hash that can contain any of the following keys:
|
# A hash that can contain any of the following keys:
|
||||||
# :cidr_ip (defaults to "0.0.0.0/0")
|
# :cidr_ip (defaults to "0.0.0.0/0")
|
||||||
# :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip
|
# :cidr_ipv6 cannot be used with :cidr_ip
|
||||||
|
# :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip or :cidr_ipv6
|
||||||
# :ip_protocol (defaults to "tcp")
|
# :ip_protocol (defaults to "tcp")
|
||||||
#
|
#
|
||||||
# == Returns:
|
# == Returns:
|
||||||
|
|
@ -178,7 +179,8 @@ module Fog
|
||||||
# options::
|
# options::
|
||||||
# A hash that can contain any of the following keys:
|
# A hash that can contain any of the following keys:
|
||||||
# :cidr_ip (defaults to "0.0.0.0/0")
|
# :cidr_ip (defaults to "0.0.0.0/0")
|
||||||
# :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip
|
# :cidr_ipv6 cannot be used with :cidr_ip
|
||||||
|
# :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip or :cidr_ipv6
|
||||||
# :ip_protocol (defaults to "tcp")
|
# :ip_protocol (defaults to "tcp")
|
||||||
#
|
#
|
||||||
# == Returns:
|
# == Returns:
|
||||||
|
|
@ -327,9 +329,15 @@ module Fog
|
||||||
}
|
}
|
||||||
|
|
||||||
if options[:group].nil?
|
if options[:group].nil?
|
||||||
ip_permission['IpRanges'] = [
|
if options[:cidr_ipv6].nil?
|
||||||
{ 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
|
ip_permission['IpRanges'] = [
|
||||||
]
|
{ 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
|
||||||
|
]
|
||||||
|
else
|
||||||
|
ip_permission['Ipv6Ranges'] = [
|
||||||
|
{ 'CidrIpv6' => options[:cidr_ipv6] }
|
||||||
|
]
|
||||||
|
end
|
||||||
else
|
else
|
||||||
ip_permission['Groups'] = [
|
ip_permission['Groups'] = [
|
||||||
group_info(options[:group])
|
group_info(options[:group])
|
||||||
|
|
|
||||||
|
|
@ -5,9 +5,10 @@ module Fog
|
||||||
class DescribeSecurityGroups < Fog::Parsers::Base
|
class DescribeSecurityGroups < Fog::Parsers::Base
|
||||||
def reset
|
def reset
|
||||||
@group = {}
|
@group = {}
|
||||||
@ip_permission = { 'groups' => [], 'ipRanges' => []}
|
@ip_permission = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
|
||||||
@ip_permission_egress = { 'groups' => [], 'ipRanges' => []}
|
@ip_permission_egress = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
|
||||||
@ip_range = {}
|
@ip_range = {}
|
||||||
|
@ipv6_range = {}
|
||||||
@security_group = { 'ipPermissions' => [], 'ipPermissionsEgress' => [], 'tagSet' => {} }
|
@security_group = { 'ipPermissions' => [], 'ipPermissionsEgress' => [], 'tagSet' => {} }
|
||||||
@response = { 'securityGroupInfo' => [] }
|
@response = { 'securityGroupInfo' => [] }
|
||||||
@tag = {}
|
@tag = {}
|
||||||
|
|
@ -24,6 +25,8 @@ module Fog
|
||||||
@in_ip_permissions_egress = true
|
@in_ip_permissions_egress = true
|
||||||
when 'ipRanges'
|
when 'ipRanges'
|
||||||
@in_ip_ranges = true
|
@in_ip_ranges = true
|
||||||
|
when 'ipv6Ranges'
|
||||||
|
@in_ipv6_ranges = true
|
||||||
when 'tagSet'
|
when 'tagSet'
|
||||||
@in_tag_set = true
|
@in_tag_set = true
|
||||||
end
|
end
|
||||||
|
|
@ -44,6 +47,8 @@ module Fog
|
||||||
case name
|
case name
|
||||||
when 'cidrIp'
|
when 'cidrIp'
|
||||||
@ip_range[name] = value
|
@ip_range[name] = value
|
||||||
|
when 'cidrIpv6'
|
||||||
|
@ipv6_range[name] = value
|
||||||
when 'fromPort', 'toPort'
|
when 'fromPort', 'toPort'
|
||||||
if @in_ip_permissions_egress
|
if @in_ip_permissions_egress
|
||||||
@ip_permission_egress[name] = value.to_i
|
@ip_permission_egress[name] = value.to_i
|
||||||
|
|
@ -72,6 +77,8 @@ module Fog
|
||||||
end
|
end
|
||||||
when 'ipRanges'
|
when 'ipRanges'
|
||||||
@in_ip_ranges = false
|
@in_ip_ranges = false
|
||||||
|
when 'ipv6Ranges'
|
||||||
|
@in_ipv6_ranges = false
|
||||||
when 'item'
|
when 'item'
|
||||||
if @in_groups
|
if @in_groups
|
||||||
if @in_ip_permissions_egress
|
if @in_ip_permissions_egress
|
||||||
|
|
@ -87,12 +94,19 @@ module Fog
|
||||||
@ip_permission['ipRanges'] << @ip_range
|
@ip_permission['ipRanges'] << @ip_range
|
||||||
end
|
end
|
||||||
@ip_range = {}
|
@ip_range = {}
|
||||||
|
elsif @in_ipv6_ranges
|
||||||
|
if @in_ip_permissions_egress
|
||||||
|
@ip_permission_egress['ipv6Ranges'] << @ipv6_range
|
||||||
|
else
|
||||||
|
@ip_permission['ipv6Ranges'] << @ipv6_range
|
||||||
|
end
|
||||||
|
@ipv6_range = {}
|
||||||
elsif @in_ip_permissions
|
elsif @in_ip_permissions
|
||||||
@security_group['ipPermissions'] << @ip_permission
|
@security_group['ipPermissions'] << @ip_permission
|
||||||
@ip_permission = { 'groups' => [], 'ipRanges' => []}
|
@ip_permission = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
|
||||||
elsif @in_ip_permissions_egress
|
elsif @in_ip_permissions_egress
|
||||||
@security_group['ipPermissionsEgress'] << @ip_permission_egress
|
@security_group['ipPermissionsEgress'] << @ip_permission_egress
|
||||||
@ip_permission_egress = { 'groups' => [], 'ipRanges' => []}
|
@ip_permission_egress = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
|
||||||
else
|
else
|
||||||
@response['securityGroupInfo'] << @security_group
|
@response['securityGroupInfo'] << @security_group
|
||||||
@security_group = { 'ipPermissions' => [], 'ipPermissionsEgress' => [], 'tagSet' => {} }
|
@security_group = { 'ipPermissions' => [], 'ipPermissionsEgress' => [], 'tagSet' => {} }
|
||||||
|
|
|
||||||
|
|
@ -30,6 +30,9 @@ module Fog
|
||||||
# * 'IpRanges'<~Array>:
|
# * 'IpRanges'<~Array>:
|
||||||
# * ip_range<~Hash>:
|
# * ip_range<~Hash>:
|
||||||
# * 'CidrIp'<~String> - CIDR range
|
# * 'CidrIp'<~String> - CIDR range
|
||||||
|
# * 'Ipv6Ranges'<~Array>:
|
||||||
|
# * ip_range<~Hash>:
|
||||||
|
# * 'CidrIpv6'<~String> - CIDR range
|
||||||
# * 'ToPort'<~Integer> - End of port range (or -1 for ICMP wildcard)
|
# * 'ToPort'<~Integer> - End of port range (or -1 for ICMP wildcard)
|
||||||
#
|
#
|
||||||
# === Returns
|
# === Returns
|
||||||
|
|
@ -72,6 +75,10 @@ module Fog
|
||||||
range_index += 1
|
range_index += 1
|
||||||
params[format('IpPermissions.%d.IpRanges.%d.CidrIp', key_index, range_index)] = ip_range['CidrIp']
|
params[format('IpPermissions.%d.IpRanges.%d.CidrIp', key_index, range_index)] = ip_range['CidrIp']
|
||||||
end
|
end
|
||||||
|
(permission['Ipv6Ranges'] || []).each_with_index do |ip_range, range_index|
|
||||||
|
range_index += 1
|
||||||
|
params[format('IpPermissions.%d.Ipv6Ranges.%d.CidrIpv6', key_index, range_index)] = ip_range['CidrIpv6']
|
||||||
|
end
|
||||||
end
|
end
|
||||||
params.reject {|k, v| v.nil? }
|
params.reject {|k, v| v.nil? }
|
||||||
end
|
end
|
||||||
|
|
@ -186,6 +193,14 @@ module Fog
|
||||||
'groups' => [],
|
'groups' => [],
|
||||||
'ipRanges' => [{'cidrIp' => options['CidrIp']}]
|
'ipRanges' => [{'cidrIp' => options['CidrIp']}]
|
||||||
}
|
}
|
||||||
|
elsif options['CidrIpv6']
|
||||||
|
normalized_permissions << {
|
||||||
|
'ipProtocol' => options['IpProtocol'],
|
||||||
|
'fromPort' => Integer(options['FromPort']),
|
||||||
|
'toPort' => Integer(options['ToPort']),
|
||||||
|
'groups' => [],
|
||||||
|
'ipv6Ranges' => [{'cidrIpv6' => options['CidrIpv6']}]
|
||||||
|
}
|
||||||
elsif options['IpPermissions']
|
elsif options['IpPermissions']
|
||||||
options['IpPermissions'].each do |permission|
|
options['IpPermissions'].each do |permission|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -27,6 +27,8 @@ module Fog
|
||||||
# * 'ipProtocol'<~String> - Ip protocol, must be in ['tcp', 'udp', 'icmp']
|
# * 'ipProtocol'<~String> - Ip protocol, must be in ['tcp', 'udp', 'icmp']
|
||||||
# * 'ipRanges'<~Array>:
|
# * 'ipRanges'<~Array>:
|
||||||
# * 'cidrIp'<~String> - CIDR range
|
# * 'cidrIp'<~String> - CIDR range
|
||||||
|
# * 'ipv6Ranges'<~Array>:
|
||||||
|
# * 'cidrIpv6'<~String> - CIDR ipv6 range
|
||||||
# * 'toPort'<~Integer> - End of port range (or -1 for ICMP wildcard)
|
# * 'toPort'<~Integer> - End of port range (or -1 for ICMP wildcard)
|
||||||
# * 'ownerId'<~String> - AWS Access Key Id of the owner of the security group
|
# * 'ownerId'<~String> - AWS Access Key Id of the owner of the security group
|
||||||
# * 'NextToken'<~String> - The token to retrieve the next page of results
|
# * 'NextToken'<~String> - The token to retrieve the next page of results
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
|
||||||
'groups' => [{ 'groupName' => Fog::Nullable::String, 'userId' => String, 'groupId' => String }],
|
'groups' => [{ 'groupName' => Fog::Nullable::String, 'userId' => String, 'groupId' => String }],
|
||||||
'ipProtocol' => String,
|
'ipProtocol' => String,
|
||||||
'ipRanges' => [Fog::Nullable::Hash],
|
'ipRanges' => [Fog::Nullable::Hash],
|
||||||
|
'ipv6Ranges' => [Fog::Nullable::Hash],
|
||||||
'toPort' => Fog::Nullable::Integer,
|
'toPort' => Fog::Nullable::Integer,
|
||||||
}],
|
}],
|
||||||
'ipPermissionsEgress' => [],
|
'ipPermissionsEgress' => [],
|
||||||
|
|
@ -54,16 +55,19 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
|
||||||
{"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
|
{"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
|
||||||
"fromPort"=>1,
|
"fromPort"=>1,
|
||||||
"ipRanges"=>[],
|
"ipRanges"=>[],
|
||||||
|
"ipv6Ranges"=>[],
|
||||||
"ipProtocol"=>"tcp",
|
"ipProtocol"=>"tcp",
|
||||||
"toPort"=>65535},
|
"toPort"=>65535},
|
||||||
{"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
|
{"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
|
||||||
"fromPort"=>1,
|
"fromPort"=>1,
|
||||||
"ipRanges"=>[],
|
"ipRanges"=>[],
|
||||||
|
"ipv6Ranges"=>[],
|
||||||
"ipProtocol"=>"udp",
|
"ipProtocol"=>"udp",
|
||||||
"toPort"=>65535},
|
"toPort"=>65535},
|
||||||
{"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
|
{"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
|
||||||
"fromPort"=>-1,
|
"fromPort"=>-1,
|
||||||
"ipRanges"=>[],
|
"ipRanges"=>[],
|
||||||
|
"ipv6Ranges"=>[],
|
||||||
"ipProtocol"=>"icmp",
|
"ipProtocol"=>"icmp",
|
||||||
"toPort"=>-1}
|
"toPort"=>-1}
|
||||||
]
|
]
|
||||||
|
|
@ -88,6 +92,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
|
||||||
[{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
|
[{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
|
||||||
{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
|
{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
|
||||||
"ipRanges"=>[],
|
"ipRanges"=>[],
|
||||||
|
"ipv6Ranges"=>[],
|
||||||
"ipProtocol"=>"tcp",
|
"ipProtocol"=>"tcp",
|
||||||
"fromPort"=>1,
|
"fromPort"=>1,
|
||||||
"toPort"=>65535},
|
"toPort"=>65535},
|
||||||
|
|
@ -95,6 +100,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
|
||||||
[{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
|
[{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
|
||||||
{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
|
{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
|
||||||
"ipRanges"=>[],
|
"ipRanges"=>[],
|
||||||
|
"ipv6Ranges"=>[],
|
||||||
"ipProtocol"=>"udp",
|
"ipProtocol"=>"udp",
|
||||||
"fromPort"=>1,
|
"fromPort"=>1,
|
||||||
"toPort"=>65535},
|
"toPort"=>65535},
|
||||||
|
|
@ -102,6 +108,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
|
||||||
[{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
|
[{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
|
||||||
{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
|
{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
|
||||||
"ipRanges"=>[],
|
"ipRanges"=>[],
|
||||||
|
"ipv6Ranges"=>[],
|
||||||
"ipProtocol"=>"icmp",
|
"ipProtocol"=>"icmp",
|
||||||
"fromPort"=>-1,
|
"fromPort"=>-1,
|
||||||
"toPort"=>-1}
|
"toPort"=>-1}
|
||||||
|
|
@ -133,6 +140,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
|
||||||
expected_permissions += [
|
expected_permissions += [
|
||||||
{"groups"=>[],
|
{"groups"=>[],
|
||||||
"ipRanges"=>[{"cidrIp"=>"10.0.0.0/8"}],
|
"ipRanges"=>[{"cidrIp"=>"10.0.0.0/8"}],
|
||||||
|
"ipv6Ranges"=>[],
|
||||||
"ipProtocol"=>"tcp",
|
"ipProtocol"=>"tcp",
|
||||||
"fromPort"=>22,
|
"fromPort"=>22,
|
||||||
"toPort"=>22}
|
"toPort"=>22}
|
||||||
|
|
@ -164,7 +172,8 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
|
||||||
'IpPermissions' => [
|
'IpPermissions' => [
|
||||||
{
|
{
|
||||||
'IpProtocol' => 'tcp', 'FromPort' => '80', 'ToPort' => '80',
|
'IpProtocol' => 'tcp', 'FromPort' => '80', 'ToPort' => '80',
|
||||||
'IpRanges' => [{ 'CidrIp' => '192.168.0.0/24' }]
|
'IpRanges' => [{ 'CidrIp' => '192.168.0.0/24' }],
|
||||||
|
'Ipv6Ranges' => []
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
@ -177,6 +186,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
|
||||||
expected_permissions += [
|
expected_permissions += [
|
||||||
{"groups"=>[],
|
{"groups"=>[],
|
||||||
"ipRanges"=>[{"cidrIp"=>"192.168.0.0/24"}],
|
"ipRanges"=>[{"cidrIp"=>"192.168.0.0/24"}],
|
||||||
|
"ipv6Ranges"=>[],
|
||||||
"ipProtocol"=>"tcp",
|
"ipProtocol"=>"tcp",
|
||||||
"fromPort"=>80,
|
"fromPort"=>80,
|
||||||
"toPort"=>80}
|
"toPort"=>80}
|
||||||
|
|
@ -204,6 +214,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
|
||||||
expected_permissions += [
|
expected_permissions += [
|
||||||
{"groups"=>[{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
|
{"groups"=>[{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
|
||||||
"ipRanges"=>[],
|
"ipRanges"=>[],
|
||||||
|
"ipv6Ranges"=>[],
|
||||||
"ipProtocol"=>"tcp",
|
"ipProtocol"=>"tcp",
|
||||||
"fromPort"=>8000,
|
"fromPort"=>8000,
|
||||||
"toPort"=>8000}
|
"toPort"=>8000}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue