From f88d840e0d92cf7766155fa29deb180befc400f8 Mon Sep 17 00:00:00 2001 From: Nitz Date: Mon, 28 Sep 2015 16:49:54 +0300 Subject: [PATCH 1/2] Refactored group filtering to function --- lib/piculet/client.rb | 39 +++++++++++---------------------------- 1 file changed, 11 insertions(+), 28 deletions(-) diff --git a/lib/piculet/client.rb b/lib/piculet/client.rb index fdf7359..046510f 100644 --- a/lib/piculet/client.rb +++ b/lib/piculet/client.rb @@ -13,6 +13,13 @@ def apply(file) AWS.memoize { walk(file) } end + def should_skip(sg_name) + if @options.sg_names + return true unless @options.sg_names.include?(sg_name) + end + return true if @options.exclude_sgs and @options.exclude_sgs.any? {|regex| sg_name =~ regex} + end + def export(options = {}) exported = AWS.memoize do Exporter.export(@options.ec2, @options_hash.merge(options)) @@ -98,13 +105,7 @@ def walk_ec2(vpc, ec2_dsl, ec2_aws, collection_api) sg_list_dsl.each do |key, sg_dsl| name = key[0] - if @options.sg_names - next unless @options.sg_names.include?(name) - end - - if @options.exclude_sgs - next if @options.exclude_sgs.any? {|regex| name =~ regex} - end + next if should_skip(name) sg_aws = sg_list_aws[key] @@ -122,13 +123,7 @@ def walk_ec2(vpc, ec2_dsl, ec2_aws, collection_api) sg_list_dsl.each do |key, sg_dsl| name = key[0] - if @options.sg_names - next unless @options.sg_names.include?(name) - end - - if @options.exclude_sgs - next if @options.exclude_sgs.any? {|regex| name =~ regex} - end + next if should_skip(name) sg_aws = sg_list_aws.delete(key) walk_security_group(sg_dsl, sg_aws) @@ -137,13 +132,7 @@ def walk_ec2(vpc, ec2_dsl, ec2_aws, collection_api) sg_list_aws.each do |key, sg_aws| name = key[0] - if @options.sg_names - next unless @options.sg_names.include?(name) - end - - if @options.exclude_sgs - next if @options.exclude_sgs.any? {|regex| name =~ regex} - end + next if should_skip(name) sg_aws.ingress_ip_permissions.each {|i| i.delete } sg_aws.egress_ip_permissions.each {|i| i.delete } if vpc @@ -152,13 +141,7 @@ def walk_ec2(vpc, ec2_dsl, ec2_aws, collection_api) sg_list_aws.each do |key, sg_aws| name = key[0] - if @options.sg_names - next unless @options.sg_names.include?(name) - end - - if @options.exclude_sgs - next if @options.exclude_sgs.any? {|regex| name =~ regex} - end + next if should_skip(name) sg_aws.delete end From 8b8ca5a90a18718e7ba09c5b286dc521b85e488c Mon Sep 17 00:00:00 2001 From: Nitz Date: Mon, 28 Sep 2015 17:46:12 +0300 Subject: [PATCH 2/2] Now supporting tag filtering Passing tags using `-t TAG` or `--exclude_tag TAG` will ignore AWS security groups with nonempty value in this tag --- README.md | 1 + bin/piculet | 1 + lib/piculet/client.rb | 13 ++++++++----- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 24545ca..a518371 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,7 @@ Usage: piculet [options] -f, --file FILE -n, --names SG_LIST -x, --exclude SG_LIST + -t, --exclude_tag TAGS --ec2s VPC_IDS --dry-run -e, --export diff --git a/bin/piculet b/bin/piculet index 7d27f14..64f95e0 100755 --- a/bin/piculet +++ b/bin/piculet @@ -40,6 +40,7 @@ ARGV.options do |opt| opt.on('-f', '--file FILE') {|v| file = v } opt.on('-n', '--names SG_LIST', Array) {|v| options[:sg_names] = v } opt.on('-x', '--exclude SG_LIST', Array) {|v| options[:exclude_sgs] = v } + opt.on('-t', '--exclude_tag TAGS', Array) {|v| options[:exclude_tags] = v } opt.on('', '--ec2s VPC_IDS', Array) {|v| options[:ec2s] = v } opt.on('', '--dry-run') {|v| options[:dry_run] = true } opt.on('-e', '--export') {|v| mode = :export } diff --git a/lib/piculet/client.rb b/lib/piculet/client.rb index 046510f..a5e93df 100644 --- a/lib/piculet/client.rb +++ b/lib/piculet/client.rb @@ -13,11 +13,14 @@ def apply(file) AWS.memoize { walk(file) } end - def should_skip(sg_name) + def should_skip(sg_name, sg) + # Name if @options.sg_names return true unless @options.sg_names.include?(sg_name) end return true if @options.exclude_sgs and @options.exclude_sgs.any? {|regex| sg_name =~ regex} + # Tag + return true if sg and @options.exclude_tags and @options.exclude_tags.any? {|tagname| !sg.tags[tagname].to_s.empty?} end def export(options = {}) @@ -105,7 +108,7 @@ def walk_ec2(vpc, ec2_dsl, ec2_aws, collection_api) sg_list_dsl.each do |key, sg_dsl| name = key[0] - next if should_skip(name) + next if should_skip(name,sg_list_aws[key]) sg_aws = sg_list_aws[key] @@ -123,7 +126,7 @@ def walk_ec2(vpc, ec2_dsl, ec2_aws, collection_api) sg_list_dsl.each do |key, sg_dsl| name = key[0] - next if should_skip(name) + next if should_skip(name,sg_list_aws[key]) sg_aws = sg_list_aws.delete(key) walk_security_group(sg_dsl, sg_aws) @@ -132,7 +135,7 @@ def walk_ec2(vpc, ec2_dsl, ec2_aws, collection_api) sg_list_aws.each do |key, sg_aws| name = key[0] - next if should_skip(name) + next if should_skip(name,sg_list_aws[key]) sg_aws.ingress_ip_permissions.each {|i| i.delete } sg_aws.egress_ip_permissions.each {|i| i.delete } if vpc @@ -141,7 +144,7 @@ def walk_ec2(vpc, ec2_dsl, ec2_aws, collection_api) sg_list_aws.each do |key, sg_aws| name = key[0] - next if should_skip(name) + next if should_skip(name,sg_list_aws[key]) sg_aws.delete end