UNPKG

heroku-spaces/commands/outbound-rules/add.js

Version:

2.65 kBJavaScriptView Raw

1'use strict'
2
3let cli = require('heroku-cli-util')
4let co = require('co')
5
6function * run (context, heroku) {
7  let lib = require('../../lib/outbound-rules')(heroku)
8  let space = context.flags.space
9  if (!space) throw new Error('Space name required.')
10  let ruleset = yield lib.getOutboundRules(space)
11  ruleset.rules = ruleset.rules || []
12  let ports = yield lib.parsePorts(context.flags.protocol, context.flags.port)
13  ruleset.rules.push({
14    target: context.flags.dest,
15    from_port: ports[0],
16    to_port: ports[1] || ports[0],
17    protocol: context.flags.protocol})
18  ruleset = yield lib.putOutboundRules(space, ruleset)
19  cli.log(`Added rule to the Outbound Rules of ${cli.color.cyan.bold(space)}`)
20  cli.warn('Modifying the Outbound Rules may break Add-ons for Apps in this Private Space')
21}
22
23module.exports = {
24  topic: 'outbound-rules',
25  command: 'add',
26  description: 'Add outbound rules to a Private Space',
27  help: `
28The destination flag uses CIDR notation.
29
30Example:
31  $ heroku outbound-rules:add --space my-space --dest 192.168.2.0/24 --protocol tcp --port 80
32  Added 192.168.0.1/24 to the outbound rules on my-space
33
34Example with port range:
35  $ heroku outbound-rules:add --space my-space --dest 192.168.2.0/24 --protocol tcp --port 80-100
36  Added 192.168.0.1/24 to the outbound rules on my-space
37
38Example opening up everything
39  $ heroku outbound-rules:add --space my-space --dest 0.0.0.0/0 --protocol any --port any
40  Added 0.0.0.0/0 to the outbound rules on my-space
41
42ICMP Rules
43The ICMP protocol has types, not ports, but the underlying systems treat them as the same. For this reason,
44when you want to allow ICMP traffic you will use the --port flag to specify the ICMP types you want to
45allow. ICMP types are numbered, 0-255.
46  `,
47  needsApp: false,
48  needsAuth: true,
49  args: [],
50  flags: [
51    {name: 'space', char: 's', hasValue: true, description: 'space to add rule to'},
52    {name: 'confirm', hasValue: true, description: 'set to space name to bypass confirm prompt'},
53    {name: 'dest', hasValue: true, description: 'target CIDR block dynos are allowed to communicate with'},
54    {name: 'protocol', hasValue: true, description: 'the protocol dynos are allowed to use when communicating with hosts in destination CIDR block. Valid protocols are "tcp", "udp", "icmp", "0-255" and "any".'},
55    {name: 'port', hasValue: true, description: 'the port dynos are allowed to use when communicating with hosts in destination CIDR block. Accepts a range in `<lowest port>-<highest port>` format. 0 is the minimum. The maximum port allowed is 65535, except for ICMP with a maximum of 255.'}
56  ],
57  run: cli.command(co.wrap(run))
58}

1	`'use strict'`
2
3	`let cli = require('heroku-cli-util')`
4	`let co = require('co')`
5
6	`function * run (context, heroku) {`
7	`let lib = require('../../lib/outbound-rules')(heroku)`
8	`let space = context.flags.space`
9	`if (!space) throw new Error('Space name required.')`
10	`let ruleset = yield lib.getOutboundRules(space)`
11	`ruleset.rules = ruleset.rules \|\| []`
12	`let ports = yield lib.parsePorts(context.flags.protocol, context.flags.port)`
13	`ruleset.rules.push({`
14	`target: context.flags.dest,`
15	`from_port: ports[0],`
16	`to_port: ports[1] \|\| ports[0],`
17	`protocol: context.flags.protocol})`
18	`ruleset = yield lib.putOutboundRules(space, ruleset)`
19	cli.log(`Added rule to the Outbound Rules of ${cli.color.cyan.bold(space)}`)
20	`cli.warn('Modifying the Outbound Rules may break Add-ons for Apps in this Private Space')`
21	`}`
22
23	`module.exports = {`
24	`topic: 'outbound-rules',`
25	`command: 'add',`
26	`description: 'Add outbound rules to a Private Space',`
27	help: `
28	`The destination flag uses CIDR notation.`
29
30	`Example:`
31	`$ heroku outbound-rules:add --space my-space --dest 192.168.2.0/24 --protocol tcp --port 80`
32	`Added 192.168.0.1/24 to the outbound rules on my-space`
33
34	`Example with port range:`
35	`$ heroku outbound-rules:add --space my-space --dest 192.168.2.0/24 --protocol tcp --port 80-100`
36	`Added 192.168.0.1/24 to the outbound rules on my-space`
37
38	`Example opening up everything`
39	`$ heroku outbound-rules:add --space my-space --dest 0.0.0.0/0 --protocol any --port any`
40	`Added 0.0.0.0/0 to the outbound rules on my-space`
41
42	`ICMP Rules`
43	`The ICMP protocol has types, not ports, but the underlying systems treat them as the same. For this reason,`
44	`when you want to allow ICMP traffic you will use the --port flag to specify the ICMP types you want to`
45	`allow. ICMP types are numbered, 0-255.`
46	`,
47	`needsApp: false,`
48	`needsAuth: true,`
49	`args: [],`
50	`flags: [`
51	`{name: 'space', char: 's', hasValue: true, description: 'space to add rule to'},`
52	`{name: 'confirm', hasValue: true, description: 'set to space name to bypass confirm prompt'},`
53	`{name: 'dest', hasValue: true, description: 'target CIDR block dynos are allowed to communicate with'},`
54	`{name: 'protocol', hasValue: true, description: 'the protocol dynos are allowed to use when communicating with hosts in destination CIDR block. Valid protocols are "tcp", "udp", "icmp", "0-255" and "any".'},`
55	{name: 'port', hasValue: true, description: 'the port dynos are allowed to use when communicating with hosts in destination CIDR block. Accepts a range in `<lowest port>-<highest port>` format. 0 is the minimum. The maximum port allowed is 65535, except for ICMP with a maximum of 255.'}
56	`],`
57	`run: cli.command(co.wrap(run))`
58	`}`