class Knife::Clc::IpAssignment::Validator

Attributes

config[R]
errors[R]

Public Class Methods

new(params) click to toggle source
# File lib/knife-clc/ip_assignment/validator.rb, line 7
def initialize(params)
  @config = params.fetch(:config)
  @errors = params.fetch(:errors)
end

Public Instance Methods

validate() click to toggle source
# File lib/knife-clc/ip_assignment/validator.rb, line 12
def validate
  parse_protocol_permissions
  parse_sources
end

Private Instance Methods

parse_protocol_permissions() click to toggle source
# File lib/knife-clc/ip_assignment/validator.rb, line 19
def parse_protocol_permissions
  permissions = config[:clc_allowed_protocols]

  return unless permissions && permissions.any?

  permissions.map! do |param|
    protocol, port_range = param.split(':', 2)

    case protocol.downcase
    when 'ssh', 'sftp' then { 'protocol' => 'tcp', 'port' => 22 }
    when 'rdp' then { 'protocol' => 'tcp', 'port' => 3389 }
    when 'icmp' then { 'protocol' => 'icmp' }
    when 'http' then [{ 'protocol' => 'tcp', 'port' => 80 }, { 'protocol' => 'tcp', 'port' => 8080 }]
    when 'https' then { 'protocol' => 'tcp', 'port' => 443 }
    when 'ftp' then { 'protocol' => 'tcp', 'port' => 21 }
    when 'ftps' then { 'protocol' => 'tcp', 'port' => 990 }
    when 'winrm' then [{ 'protocol' => 'tcp', 'port' => 5985 }, { 'protocol' => 'tcp', 'port' => 5986 }]
    when 'udp', 'tcp'
      unless port_range
        errors << "No ports specified for #{param}"
      else
        ports = port_range.split('-').map do |port_string|
          Integer(port_string) rescue nil
        end

        if ports.any?(&:nil?) || ports.size > 2 || ports.size < 1
          errors << "Malformed port range for #{param}"
        end

        {
          'protocol' => protocol.downcase,
          'port' => ports[0],
          'portTo' => ports[1]
        }.keep_if { |_, value| value }
      end
    else
      errors << "Unsupported protocol for #{param}"
    end
  end

  permissions.flatten!
end
parse_sources() click to toggle source
# File lib/knife-clc/ip_assignment/validator.rb, line 62
def parse_sources
  sources = config[:clc_sources]

  return unless sources && sources.any?

  sources.map! do |cidr|
    { 'cidr' => cidr }
  end
end