UNPKG

@heroku-cli/plugin-spaces

Version:

Heroku plugin to manage Heroku Private Spaces

github.com/heroku/cli/tree/main/packages/spaces

heroku/cli

70 lines (58 loc) 2.96 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
'use strict' let cli = require('heroku-cli-util') const {SpaceCompletion} = require('@heroku-cli/command/lib/completions') const ProtocolCompletion = { cacheDuration: 60 * 60 * 24 * 365, // cache yearly options: async ctx => { return ['tcp', 'udp', 'icmp', '0-255', 'any'] }, } async function run(context, heroku) { let lib = require('../../lib/outbound-rules')(heroku) let space = context.flags.space if (!space) throw new Error('Space name required.') let ruleset = await lib.getOutboundRules(space) ruleset.rules = ruleset.rules || [] let ports = await lib.parsePorts(context.flags.protocol, context.flags.port) ruleset.rules.push({ target: context.flags.dest, from_port: ports[0], to_port: ports[1] || ports[0], protocol: context.flags.protocol}) ruleset = await lib.putOutboundRules(space, ruleset) cli.log(`Added rule to the Outbound Rules of ${cli.color.cyan.bold(space)}`) cli.warn('Modifying the Outbound Rules may break Add-ons for Apps in this Private Space') } module.exports = { topic: 'outbound-rules', command: 'add', description: 'Add outbound rules to a Private Space', help: ` The destination flag uses CIDR notation. Example: $ heroku outbound-rules:add --space my-space --dest 192.168.2.0/24 --protocol tcp --port 80 Added 192.168.0.1/24 to the outbound rules on my-space Example with port range: $ heroku outbound-rules:add --space my-space --dest 192.168.2.0/24 --protocol tcp --port 80-100 Added 192.168.0.1/24 to the outbound rules on my-space Example opening up everything $ heroku outbound-rules:add --space my-space --dest 0.0.0.0/0 --protocol any --port any Added 0.0.0.0/0 to the outbound rules on my-space ICMP Rules The ICMP protocol has types, not ports, but the underlying systems treat them as the same. For this reason, when you want to allow ICMP traffic you will use the --port flag to specify the ICMP types you want to allow. ICMP types are numbered, 0-255. `, needsApp: false, needsAuth: true, hidden: true, args: [], flags: [ {name: 'space', char: 's', hasValue: true, description: 'space to add rule to', completion: SpaceCompletion}, {name: 'confirm', hasValue: true, description: 'set to space name to bypass confirm prompt'}, {name: 'dest', hasValue: true, description: 'target CIDR block dynos are allowed to communicate with'}, {name: 'protocol', hasValue: true, description: 'the protocol dynos are allowed to use when communicating with hosts in destination CIDR block. Valid protocols are "tcp", "udp", "icmp", "0-255" and "any".', completion: ProtocolCompletion}, {name: 'port', hasValue: true, description: 'the port dynos are allowed to use when communicating with hosts in destination CIDR block. Accepts a range in `<lowest port>-<highest port>` format. 0 is the minimum. The maximum port allowed is 65535, except for ICMP with a maximum of 255.'}, ], run: cli.command(run), }