Add opened_only matcher for security groups.

[ceaess]

Not sure how well this fits in with the overall development plan. My company needs this for our use of awspec, and it seems silly not to contribute back to core. I'd be happy to make any changes y'all see fit, or move it into a plugin-type infrastructure if you have that. Please let me know!

This matcher allows the user to make exclusivity statements about certain rules.
Prior, a user could only make statements about the existence of opened rules for
security groups, now they can state that not only is there an opened rule but that
that is the only open rule for a given port, protocol.

The specs and stubs were reworked only to ensure testability of this new matcher without creating any new stubs. Again, happy to go in a different direction if you're up for larger scale changes to the organization of the specs/stubs.

[k1LoW]

Thank you for your contribution!

plugin-type infrastructure.

The specs and stubs were reworked only to ensure testability of this new matcher without creating any new stubs.

You are right.... It is worthy of consideration.

opened_only

Its nice idea. and I want opened_only 2 cidrs opened_only 4 cidrs like

its(:outbound) { should be_opened_only(50_000).protocol('tcp').for(%w(100.456.789.012/32 200.567.890.123/32)) }

[ceaess]

@k1LoW That last commit should allow arbitrary numbers of cidrs. :)

[k1LoW]

Great commit!!
LGTM! Thank you!!

[k1LoW]

Released as v0.33.0.