Skip to content

Commit

Permalink
Add IPv6 support for Ingress Security Groups
Browse files Browse the repository at this point in the history
  • Loading branch information
@p8
p8 committed Aug 19, 2021
1 parent 026b666 commit 171ad6f
Show file tree
Hide file tree
Showing 6 changed files with 66 additions and 13 deletions.
9 changes: 6 additions & 3 deletions lib/fog/aws/compute.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,21 +233,24 @@ def self.data
'fromPort' => -1,
'toPort' => -1,
'ipProtocol' => 'icmp',
'ipRanges' => []
'ipRanges' => [],
'ipv6Ranges' => []
},
{
'groups' => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id}],
'fromPort' => 0,
'toPort' => 65535,
'ipProtocol' => 'tcp',
'ipRanges' => []
'ipRanges' => [],
'ipv6Ranges' => []
},
{
'groups' => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id}],
'fromPort' => 0,
'toPort' => 65535,
'ipProtocol' => 'udp',
'ipRanges' => []
'ipRanges' => [],
'ipv6Ranges' => []
}
],
'ownerId' => owner_id
Expand Down
18 changes: 13 additions & 5 deletions lib/fog/aws/models/compute/security_group.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,8 @@ def authorize_group_and_owner(group, owner = nil)
# options::
# A hash that can contain any of the following keys:
# :cidr_ip (defaults to "0.0.0.0/0")
# :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip
# :cidr_ipv6 cannot be used with :cidr_ip
# :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip or :cidr_ipv6
# :ip_protocol (defaults to "tcp")
#
# == Returns:
Expand Down Expand Up @@ -178,7 +179,8 @@ def revoke_group_and_owner(group, owner = nil)
# options::
# A hash that can contain any of the following keys:
# :cidr_ip (defaults to "0.0.0.0/0")
# :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip
# :cidr_ipv6 cannot be used with :cidr_ip
# :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip or :cidr_ipv6
# :ip_protocol (defaults to "tcp")
#
# == Returns:
Expand Down Expand Up @@ -327,9 +329,15 @@ def fetch_ip_permission(range, options)
}

if options[:group].nil?
ip_permission['IpRanges'] = [
{ 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
]
if options[:cidr_ipv6].nil?
ip_permission['IpRanges'] = [
{ 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
]
else
ip_permission['Ipv6Ranges'] = [
{ 'CidrIpv6' => options[:cidr_ipv6] }
]
end
else
ip_permission['Groups'] = [
group_info(options[:group])
Expand Down
22 changes: 18 additions & 4 deletions lib/fog/aws/parsers/compute/describe_security_groups.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,10 @@ module Compute
class DescribeSecurityGroups < Fog::Parsers::Base
def reset
@group = {}
@ip_permission = { 'groups' => [], 'ipRanges' => []}
@ip_permission_egress = { 'groups' => [], 'ipRanges' => []}
@ip_permission = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
@ip_permission_egress = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
@ip_range = {}
@ipv6_range = {}
@security_group = { 'ipPermissions' => [], 'ipPermissionsEgress' => [], 'tagSet' => {} }
@response = { 'securityGroupInfo' => [] }
@tag = {}
Expand All @@ -24,6 +25,8 @@ def start_element(name, attrs = [])
@in_ip_permissions_egress = true
when 'ipRanges'
@in_ip_ranges = true
when 'ipv6Ranges'
@in_ipv6_ranges = true
when 'tagSet'
@in_tag_set = true
end
Expand All @@ -44,6 +47,8 @@ def end_element(name)
case name
when 'cidrIp'
@ip_range[name] = value
when 'cidrIpv6'
@ipv6_range[name] = value
when 'fromPort', 'toPort'
if @in_ip_permissions_egress
@ip_permission_egress[name] = value.to_i
Expand Down Expand Up @@ -72,6 +77,8 @@ def end_element(name)
end
when 'ipRanges'
@in_ip_ranges = false
when 'ipv6Ranges'
@in_ipv6_ranges = false
when 'item'
if @in_groups
if @in_ip_permissions_egress
Expand All @@ -87,12 +94,19 @@ def end_element(name)
@ip_permission['ipRanges'] << @ip_range
end
@ip_range = {}
elsif @in_ipv6_ranges
if @in_ip_permissions_egress
@ip_permission_egress['ipv6Ranges'] << @ipv6_range
else
@ip_permission['ipv6Ranges'] << @ipv6_range
end
@ipv6_range = {}
elsif @in_ip_permissions
@security_group['ipPermissions'] << @ip_permission
@ip_permission = { 'groups' => [], 'ipRanges' => []}
@ip_permission = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
elsif @in_ip_permissions_egress
@security_group['ipPermissionsEgress'] << @ip_permission_egress
@ip_permission_egress = { 'groups' => [], 'ipRanges' => []}
@ip_permission_egress = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
else
@response['securityGroupInfo'] << @security_group
@security_group = { 'ipPermissions' => [], 'ipPermissionsEgress' => [], 'tagSet' => {} }
Expand Down
15 changes: 15 additions & 0 deletions lib/fog/aws/requests/compute/authorize_security_group_ingress.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,9 @@ class Real
# * 'IpRanges'<~Array>:
# * ip_range<~Hash>:
# * 'CidrIp'<~String> - CIDR range
# * 'Ipv6Ranges'<~Array>:
# * ip_range<~Hash>:
# * 'CidrIpv6'<~String> - CIDR range
# * 'ToPort'<~Integer> - End of port range (or -1 for ICMP wildcard)
#
# === Returns
Expand Down Expand Up @@ -72,6 +75,10 @@ def indexed_ip_permissions_params(ip_permissions)
range_index += 1
params[format('IpPermissions.%d.IpRanges.%d.CidrIp', key_index, range_index)] = ip_range['CidrIp']
end
(permission['Ipv6Ranges'] || []).each_with_index do |ip_range, range_index|
range_index += 1
params[format('IpPermissions.%d.Ipv6Ranges.%d.CidrIpv6', key_index, range_index)] = ip_range['CidrIpv6']
end
end
params.reject {|k, v| v.nil? }
end
Expand Down Expand Up @@ -186,6 +193,14 @@ def normalize_permissions(options)
'groups' => [],
'ipRanges' => [{'cidrIp' => options['CidrIp']}]
}
elsif options['CidrIpv6']
normalized_permissions << {
'ipProtocol' => options['IpProtocol'],
'fromPort' => Integer(options['FromPort']),
'toPort' => Integer(options['ToPort']),
'groups' => [],
'ipv6Ranges' => [{'cidrIpv6' => options['CidrIpv6']}]
}
elsif options['IpPermissions']
options['IpPermissions'].each do |permission|

Expand Down
2 changes: 2 additions & 0 deletions lib/fog/aws/requests/compute/describe_security_groups.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ class Real
# * 'ipProtocol'<~String> - Ip protocol, must be in ['tcp', 'udp', 'icmp']
# * 'ipRanges'<~Array>:
# * 'cidrIp'<~String> - CIDR range
# * 'ipv6Ranges'<~Array>:
# * 'cidrIpv6'<~String> - CIDR ipv6 range
# * 'toPort'<~Integer> - End of port range (or -1 for ICMP wildcard)
# * 'ownerId'<~String> - AWS Access Key Id of the owner of the security group
# * 'NextToken'<~String> - The token to retrieve the next page of results
Expand Down
13 changes: 12 additions & 1 deletion tests/requests/compute/security_group_tests.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
'groups' => [{ 'groupName' => Fog::Nullable::String, 'userId' => String, 'groupId' => String }],
'ipProtocol' => String,
'ipRanges' => [Fog::Nullable::Hash],
'ipv6Ranges' => [Fog::Nullable::Hash],
'toPort' => Fog::Nullable::Integer,
}],
'ipPermissionsEgress' => [],
Expand Down Expand Up @@ -54,16 +55,19 @@
{"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
"fromPort"=>1,
"ipRanges"=>[],
"ipv6Ranges"=>[],
"ipProtocol"=>"tcp",
"toPort"=>65535},
{"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
"fromPort"=>1,
"ipRanges"=>[],
"ipv6Ranges"=>[],
"ipProtocol"=>"udp",
"toPort"=>65535},
{"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
"fromPort"=>-1,
"ipRanges"=>[],
"ipv6Ranges"=>[],
"ipProtocol"=>"icmp",
"toPort"=>-1}
]
Expand All @@ -88,20 +92,23 @@
[{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
"ipRanges"=>[],
"ipv6Ranges"=>[],
"ipProtocol"=>"tcp",
"fromPort"=>1,
"toPort"=>65535},
{"groups"=>
[{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
"ipRanges"=>[],
"ipv6Ranges"=>[],
"ipProtocol"=>"udp",
"fromPort"=>1,
"toPort"=>65535},
{"groups"=>
[{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
"ipRanges"=>[],
"ipv6Ranges"=>[],
"ipProtocol"=>"icmp",
"fromPort"=>-1,
"toPort"=>-1}
Expand Down Expand Up @@ -133,6 +140,7 @@
expected_permissions += [
{"groups"=>[],
"ipRanges"=>[{"cidrIp"=>"10.0.0.0/8"}],
"ipv6Ranges"=>[],
"ipProtocol"=>"tcp",
"fromPort"=>22,
"toPort"=>22}
Expand Down Expand Up @@ -164,7 +172,8 @@
'IpPermissions' => [
{
'IpProtocol' => 'tcp', 'FromPort' => '80', 'ToPort' => '80',
'IpRanges' => [{ 'CidrIp' => '192.168.0.0/24' }]
'IpRanges' => [{ 'CidrIp' => '192.168.0.0/24' }],
'Ipv6Ranges' => []
}
]
}
Expand All @@ -177,6 +186,7 @@
expected_permissions += [
{"groups"=>[],
"ipRanges"=>[{"cidrIp"=>"192.168.0.0/24"}],
"ipv6Ranges"=>[],
"ipProtocol"=>"tcp",
"fromPort"=>80,
"toPort"=>80}
Expand Down Expand Up @@ -204,6 +214,7 @@
expected_permissions += [
{"groups"=>[{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
"ipRanges"=>[],
"ipv6Ranges"=>[],
"ipProtocol"=>"tcp",
"fromPort"=>8000,
"toPort"=>8000}
Expand Down

0 comments on commit 171ad6f

Please sign in to comment.