| 1 | 'use strict'
|
| 2 |
|
| 3 | let cli = require('heroku-cli-util')
|
| 4 | let co = require('co')
|
| 5 | const { SpaceCompletion } = require('@heroku-cli/command/lib/completions')
|
| 6 |
|
| 7 | const ProtocolCompletion = {
|
| 8 | cacheDuration: 60 * 60 * 24 * 365,
|
| 9 | options: async (ctx) => {
|
| 10 | return ['tcp', 'udp', 'icmp', '0-255', 'any']
|
| 11 | }
|
| 12 | }
|
| 13 |
|
| 14 | function * run (context, heroku) {
|
| 15 | let lib = require('../../lib/outbound-rules')(heroku)
|
| 16 | let space = context.flags.space
|
| 17 | if (!space) throw new Error('Space name required.')
|
| 18 | let ruleset = yield lib.getOutboundRules(space)
|
| 19 | ruleset.rules = ruleset.rules || []
|
| 20 | let ports = yield lib.parsePorts(context.flags.protocol, context.flags.port)
|
| 21 | ruleset.rules.push({
|
| 22 | target: context.flags.dest,
|
| 23 | from_port: ports[0],
|
| 24 | to_port: ports[1] || ports[0],
|
| 25 | protocol: context.flags.protocol })
|
| 26 | ruleset = yield lib.putOutboundRules(space, ruleset)
|
| 27 | cli.log(`Added rule to the Outbound Rules of ${cli.color.cyan.bold(space)}`)
|
| 28 | cli.warn('Modifying the Outbound Rules may break Add-ons for Apps in this Private Space')
|
| 29 | }
|
| 30 |
|
| 31 | module.exports = {
|
| 32 | topic: 'outbound-rules',
|
| 33 | command: 'add',
|
| 34 | description: 'Add outbound rules to a Private Space',
|
| 35 | help: `
|
| 36 | The destination flag uses CIDR notation.
|
| 37 |
|
| 38 | Example:
|
| 39 |
|
| 40 | $ heroku outbound-rules:add --space my-space --dest 192.168.2.0/24 --protocol tcp --port 80
|
| 41 | Added 192.168.0.1/24 to the outbound rules on my-space
|
| 42 |
|
| 43 | Example with port range:
|
| 44 |
|
| 45 | $ heroku outbound-rules:add --space my-space --dest 192.168.2.0/24 --protocol tcp --port 80-100
|
| 46 | Added 192.168.0.1/24 to the outbound rules on my-space
|
| 47 |
|
| 48 | Example opening up everything
|
| 49 |
|
| 50 | $ heroku outbound-rules:add --space my-space --dest 0.0.0.0/0 --protocol any --port any
|
| 51 | Added 0.0.0.0/0 to the outbound rules on my-space
|
| 52 |
|
| 53 | ICMP Rules
|
| 54 | The ICMP protocol has types, not ports, but the underlying systems treat them as the same. For this reason,
|
| 55 | when you want to allow ICMP traffic you will use the --port flag to specify the ICMP types you want to
|
| 56 | allow. ICMP types are numbered, 0-255.
|
| 57 | `,
|
| 58 | needsApp: false,
|
| 59 | needsAuth: true,
|
| 60 | hidden: true,
|
| 61 | args: [],
|
| 62 | flags: [
|
| 63 | { name: 'space', char: 's', hasValue: true, description: 'space to add rule to', completion: SpaceCompletion },
|
| 64 | { name: 'confirm', hasValue: true, description: 'set to space name to bypass confirm prompt' },
|
| 65 | { name: 'dest', hasValue: true, description: 'target CIDR block dynos are allowed to communicate with' },
|
| 66 | { name: 'protocol', hasValue: true, description: 'the protocol dynos are allowed to use when communicating with hosts in destination CIDR block. Valid protocols are "tcp", "udp", "icmp", "0-255" and "any".', completion: ProtocolCompletion },
|
| 67 | { name: 'port', hasValue: true, description: 'the port dynos are allowed to use when communicating with hosts in destination CIDR block. Accepts a range in `<lowest port>-<highest port>` format. 0 is the minimum. The maximum port allowed is 65535, except for ICMP with a maximum of 255.' }
|
| 68 | ],
|
| 69 | run: cli.command(co.wrap(run))
|
| 70 | }
|