right_aws-yodal 1.10.7 → 1.10.10

data/lib/ec2/right_ec2_ebs.rb

@@ -37,10 +37,10 @@ module RightAws
     #        :aws_attachment_status => "attached",
     #        :zone                  => "merlot",
     #        :snapshot_id           => nil,
-    #        :aws_attached_at       => Wed Jun 18 08:19:28 UTC 2008,
+    #        :aws_attached_at       => "2008-06-18T08:19:28.000Z",
     #        :aws_status            => "in-use",
     #        :aws_id                => "vol-60957009",
-    #        :aws_created_at        => Wed Jun 18 08:19:20s UTC 2008,
+    #        :aws_created_at        => "2008-06-18T08:19:20.000Z",
     #        :aws_instance_id       => "i-c014c0a9"},
     #       {:aws_size       => 1,
     #        :zone           => "merlot",
@@ -49,10 +49,10 @@ module RightAws
     #        :aws_id         => "vol-58957031",
     #        :aws_created_at => Wed Jun 18 08:19:21 UTC 2008,}, ... ]
     #
-    def describe_volumes(list=[])
-      link = generate_request("DescribeVolumes",
-                              amazonize_list('VolumeId',list.to_a))
-      request_cache_or_info :describe_volumes, link,  QEc2DescribeVolumesParser, @@bench, list.blank?
+    def describe_volumes(*volumes)
+      volumes = volumes.flatten
+      link = generate_request("DescribeVolumes", amazonize_list('VolumeId', volumes))
+      request_cache_or_info :describe_volumes, link,  QEc2DescribeVolumesParser, @@bench, volumes.blank?
     rescue Exception
       on_exception
     end
@@ -65,7 +65,7 @@ module RightAws
     #       :aws_status     => "creating",
     #       :aws_id         => "vol-fc9f7a95",
     #       :zone           => "merlot",
-    #       :aws_created_at => Tue Jun 24 18:13:32 UTC 2008,
+    #       :aws_created_at => "2008-06-24T18:13:32.000Z",
     #       :aws_size       => 94}
     #
     def create_volume(snapshot_id, size, zone)
@@ -144,7 +144,7 @@ module RightAws
     #   [ {:aws_volume_id=>"vol-545fac3d",
     #      :aws_description=>"Wikipedia XML Backups (Linux)",
     #      :aws_progress=>"100%",
-    #      :aws_started_at=>Mon Sep 28 23:49:50 UTC 2009,
+    #      :aws_started_at=>"2009-09-28T23:49:50.000Z",
     #      :aws_owner=>"amazon",
     #      :aws_id=>"snap-8041f2e9",
     #      :aws_volume_size=>500,
@@ -152,16 +152,16 @@ module RightAws
     #     {:aws_volume_id=>"vol-185fac71",
     #      :aws_description=>"Sloan Digital Sky Survey DR6 Subset (Linux)",
     #      :aws_progress=>"100%",
-    #      :aws_started_at=>Mon Sep 28 23:56:10 UTC 2009,
+    #      :aws_started_at=>"2009-09-28T23:56:10.000Z",
     #      :aws_owner=>"amazon",
     #      :aws_id=>"snap-3740f35e",
     #      :aws_volume_size=>180,
     #      :aws_status=>"completed"}, ...]
     #
-    def describe_snapshots(list=[])
-      link = generate_request("DescribeSnapshots",
-                              amazonize_list('SnapshotId',list.to_a))
-      request_cache_or_info :describe_snapshots, link,  QEc2DescribeSnapshotsParser, @@bench, list.blank?
+    def describe_snapshots(*snapshots)
+      snapshots = snapshots.flatten
+      link = generate_request("DescribeSnapshots", amazonize_list('SnapshotId', snapshots))
+      request_cache_or_info :describe_snapshots, link,  QEc2DescribeSnapshotsParser, @@bench, snapshots.blank?
     rescue Exception
       on_exception
     end
@@ -170,7 +170,7 @@ module RightAws
     #
     #  ec2.create_snapshot('vol-898a6fe0', 'KD: WooHoo!!') #=>
     #    {:aws_volume_id=>"vol-e429db8d",
-    #     :aws_started_at=>Thu Oct 01 09:23:38 UTC 2009,
+    #     :aws_started_at=>"2009-10-01T09:23:38.000Z",
     #     :aws_description=>"KD: WooHoo!!",
     #     :aws_owner=>"648770000000",
     #     :aws_progress=>"",
@@ -194,7 +194,7 @@ module RightAws
     #
     #  ec2.try_create_snapshot('vol-898a6fe0', 'KD: WooHoo!!') #=>
     #    {:aws_volume_id=>"vol-e429db8d",
-    #     :aws_started_at=>Thu Oct 01 09:23:38 UTC 2009,
+    #     :aws_started_at=>"2009-10-01T09:23:38.000Z",
     #     :aws_description=>"KD: WooHoo!!",
     #     :aws_owner=>"648770000000",
     #     :aws_progress=>"",
@@ -270,8 +270,8 @@ module RightAws
       params =  {'SnapshotId'    => snapshot_id,
                  'Attribute'     => attribute,
                  'OperationType' => operation_type}
-      params.update(amazonize_list('UserId',    vars[:user_id].to_a))    if vars[:user_id]
-      params.update(amazonize_list('UserGroup', vars[:user_group].to_a)) if vars[:user_group]
+      params.update(amazonize_list('UserId',    Array(vars[:user_id])))    if vars[:user_id]
+      params.update(amazonize_list('UserGroup', Array(vars[:user_group]))) if vars[:user_group]
       link = generate_request("ModifySnapshotAttribute", params)
       request_info(link, RightBoolResponseParser.new(:logger => @logger))
     rescue Exception
@@ -335,7 +335,7 @@ module RightAws
         case name
         when 'volumeId'         then @result[:aws_id]         = @text
         when 'status'           then @result[:aws_status]     = @text
-        when 'createTime'       then @result[:aws_created_at] = Time.parse(@text)
+        when 'createTime'       then @result[:aws_created_at] = @text
         when 'size'             then @result[:aws_size]       = @text.to_i ###
         when 'snapshotId'       then @result[:snapshot_id]    = @text.blank? ? nil : @text ###
         when 'availabilityZone' then @result[:zone]           = @text ###
@@ -353,7 +353,7 @@ module RightAws
         when 'instanceId' then @result[:aws_instance_id]       = @text
         when 'device'     then @result[:aws_device]            = @text
         when 'status'     then @result[:aws_attachment_status] = @text
-        when 'attachTime' then @result[:aws_attached_at]       = Time.parse(@text)
+        when 'attachTime' then @result[:aws_attached_at]       = @text
         end
       end
       def reset
@@ -382,12 +382,13 @@ module RightAws
           when 'DescribeVolumesResponse/volumeSet/item/attachmentSet/item' then @volume[:aws_attachment_status] = @text
           end
         when 'size'             then @volume[:aws_size]        = @text.to_i
-        when 'createTime'       then @volume[:aws_created_at]  = Time.parse(@text)
+        when 'createTime'       then @volume[:aws_created_at]  = @text
         when 'instanceId'       then @volume[:aws_instance_id] = @text
         when 'device'           then @volume[:aws_device]      = @text
-        when 'attachTime'       then @volume[:aws_attached_at] = Time.parse(@text)
+        when 'attachTime'       then @volume[:aws_attached_at] = @text
         when 'snapshotId'       then @volume[:snapshot_id]     = @text.blank? ? nil : @text
         when 'availabilityZone' then @volume[:zone]            = @text
+        when 'deleteOnTermination' then @volume[:delete_on_termination] = (@text == 'true')
         when 'item'
           case @xmlpath
           when 'DescribeVolumesResponse/volumeSet' then @result << @volume
@@ -414,7 +415,7 @@ module RightAws
         when 'volumeId'    then @snapshot[:aws_volume_id]   = @text
         when 'snapshotId'  then @snapshot[:aws_id]          = @text
         when 'status'      then @snapshot[:aws_status]      = @text
-        when 'startTime'   then @snapshot[:aws_started_at]  = Time.parse(@text)
+        when 'startTime'   then @snapshot[:aws_started_at]  = @text
         when 'progress'    then @snapshot[:aws_progress]    = @text
         when 'description' then @snapshot[:aws_description] = @text
         when 'ownerId'     then @snapshot[:aws_owner]       = @text

data/lib/ec2/right_ec2_images.rb

@@ -38,7 +38,7 @@ module RightAws
     def ec2_describe_images(params={}, image_type=nil, cache_for=nil) #:nodoc:
       request_hash = {}
       params.each do |list_by, list|
-        request_hash.merge! amazonize_list(list_by, list.to_a)
+        request_hash.merge! amazonize_list(list_by, Array(list))
       end
       request_hash['ImageType'] = image_type if image_type
       link = generate_request("DescribeImages", request_hash)
@@ -80,10 +80,10 @@ module RightAws
     #
     #  ec2.describe_images(['ami-5aa1f74c'])
     #
-    def describe_images(list=[], image_type=nil)
-      list = list.to_a
-      cache_for = list.empty? && !image_type ? :describe_images : nil
-      ec2_describe_images({ 'ImageId' => list }, image_type, cache_for)
+    def describe_images(images=[], image_type=nil)
+      images = Array(images)
+      cache_for = images.empty? && !image_type ? :describe_images : nil
+      ec2_describe_images({ 'ImageId' => images }, image_type, cache_for)
     end
 
     #  Example:
@@ -91,10 +91,10 @@ module RightAws
     #   ec2.describe_images_by_owner('522821470517')
     #   ec2.describe_images_by_owner('self')
     #
-    def describe_images_by_owner(list=['self'], image_type=nil)
-      list = list.to_a
-      cache_for = list==['self'] && !image_type ? :describe_images_by_owner : nil
-      ec2_describe_images({ 'Owner' => list }, image_type, cache_for)
+    def describe_images_by_owner(owners=['self'], image_type=nil)
+      owners = Array(owners)
+      cache_for = (owners == ['self']) && (!image_type ? :describe_images_by_owner : nil)
+      ec2_describe_images({ 'Owner' => owners }, image_type, cache_for)
     end
 
     #  Example:
@@ -103,10 +103,10 @@ module RightAws
     #   ec2.describe_images_by_executable_by('self')
     #   ec2.describe_images_by_executable_by('all')
     #
-    def describe_images_by_executable_by(list=['self'], image_type=nil)
-      list = list.to_a
-      cache_for = list==['self'] && !image_type ? :describe_images_by_executable_by : nil
-      ec2_describe_images({ 'ExecutableBy' => list }, image_type, cache_for)
+    def describe_images_by_executable_by(executable_by=['self'], image_type=nil)
+      executable_by = Array(executable_by)
+      cache_for = (executable_by==['self']) && (!image_type ? :describe_images_by_executable_by : nil)
+      ec2_describe_images({ 'ExecutableBy' => executable_by }, image_type, cache_for)
     end
 
 
@@ -209,9 +209,9 @@ module RightAws
       params =  {'ImageId'   => image_id,
                  'Attribute' => attribute}
       params['OperationType'] = operation_type if operation_type
-      params.update(amazonize_list('UserId',      vars[:user_id].to_a))    if vars[:user_id]
-      params.update(amazonize_list('UserGroup',   vars[:user_group].to_a)) if vars[:user_group]
-      params.update(amazonize_list('ProductCode', vars[:product_code]))    if vars[:product_code]
+      params.update(amazonize_list('UserId',      vars[:user_id]))      if vars[:user_id]
+      params.update(amazonize_list('UserGroup',   vars[:user_group]))   if vars[:user_group]
+      params.update(amazonize_list('ProductCode', vars[:product_code])) if vars[:product_code]
       link = generate_request("ModifyImageAttribute", params)
       request_info(link, RightBoolResponseParser.new(:logger => @logger))
     rescue Exception
@@ -224,7 +224,7 @@ module RightAws
     #
     #  ec2.modify_image_launch_perm_add_users('ami-e444444d',['000000000777','000000000778']) #=> true
     def modify_image_launch_perm_add_users(image_id, user_id=[])
-      modify_image_attribute(image_id, 'launchPermission', 'add', :user_id => user_id.to_a)
+      modify_image_attribute(image_id, 'launchPermission', 'add', :user_id => user_id)
     end
 
     # Revokes image launch permissions for users. +user_id+ is a list of users AWS accounts ids. Returns +true+ or an exception.
@@ -232,7 +232,7 @@ module RightAws
     #  ec2.modify_image_launch_perm_remove_users('ami-e444444d',['000000000777','000000000778']) #=> true
     #
     def modify_image_launch_perm_remove_users(image_id, user_id=[])
-      modify_image_attribute(image_id, 'launchPermission', 'remove', :user_id => user_id.to_a)
+      modify_image_attribute(image_id, 'launchPermission', 'remove', :user_id => user_id)
     end
 
     # Add image launch permissions for users groups (currently only 'all' is supported, which gives public launch permissions).
@@ -241,7 +241,7 @@ module RightAws
     #  ec2.modify_image_launch_perm_add_groups('ami-e444444d') #=> true
     #
     def modify_image_launch_perm_add_groups(image_id, user_group=['all'])
-      modify_image_attribute(image_id, 'launchPermission', 'add', :user_group => user_group.to_a)
+      modify_image_attribute(image_id, 'launchPermission', 'add', :user_group => user_group)
     end
 
     # Remove image launch permissions for users groups (currently only 'all' is supported, which gives public launch permissions).
@@ -249,7 +249,7 @@ module RightAws
     #  ec2.modify_image_launch_perm_remove_groups('ami-e444444d') #=> true
     #
     def modify_image_launch_perm_remove_groups(image_id, user_group=['all'])
-      modify_image_attribute(image_id, 'launchPermission', 'remove', :user_group => user_group.to_a)
+      modify_image_attribute(image_id, 'launchPermission', 'remove', :user_group => user_group)
     end
 
     # Add product code to image
@@ -257,7 +257,7 @@ module RightAws
     #  ec2.modify_image_product_code('ami-e444444d','0ABCDEF') #=> true
     #
     def modify_image_product_code(image_id, product_code=[])
-      modify_image_attribute(image_id, 'productCodes', nil, :product_code => product_code.to_a)
+      modify_image_attribute(image_id, 'productCodes', nil, :product_code => product_code)
     end
 
     # Create a new image.

data/lib/ec2/right_ec2_instances.rb

@@ -84,9 +84,10 @@ module RightAws
     #         :ebs_volume_id=>"vol-f900f990"}],
     #      :aws_instance_id=>"i-8ce84ae4"} , ... ]
     #
-    def describe_instances(list=[])
-      link = generate_request("DescribeInstances", amazonize_list('InstanceId',list.to_a))
-      request_cache_or_info(:describe_instances, link,  QEc2DescribeInstancesParser, @@bench, list.blank?) do |parser|
+    def describe_instances(*instances)
+      instances = instances.flatten
+      link = generate_request("DescribeInstances", amazonize_list('InstanceId', instances))
+      request_cache_or_info(:describe_instances, link,  QEc2DescribeInstancesParser, @@bench, instances.blank?) do |parser|
         get_desc_instances(parser.result)
       end
     rescue Exception
@@ -191,7 +192,7 @@ module RightAws
     #
     def launch_instances(image_id, options={})
       @logger.info("Launching instance of image #{image_id} for #{@aws_access_key_id}, " +
-                   "key: #{options[:key_name]}, groups: #{(options[:group_ids]).to_a.join(',')}")
+                   "key: #{options[:key_name]}, groups: #{Array(options[:group_ids]).join(',')}")
       options[:image_id]    = image_id
       options[:min_count] ||= 1
       options[:max_count] ||= options[:min_count]
@@ -203,22 +204,8 @@ module RightAws
       on_exception
     end
 
-=begin
-    # TODO: API does not support this call yet
-    def create_instance(options={})
-      @logger.info("Creating instance #{@aws_access_key_id}, " +
-                   "key: #{options[:key_name]}, groups: #{(options[:group_ids]).to_a.join(',')}")
-      params = prepare_instance_launch_params(options)
-      link = generate_request("CreateInstance", params)
-      instances = request_info(link, QEc2DescribeInstancesParser.new(:logger => @logger))
-      get_desc_instances(instances).first
-    rescue Exception
-      on_exception
-    end
-=end
-
     def prepare_instance_launch_params(options={}) # :nodoc:
-      params = amazonize_list('SecurityGroup', options[:group_ids].to_a)
+      params = amazonize_list('SecurityGroup', Array(options[:group_ids]))
       params['InstanceType']                      = options[:instance_type] || DEFAULT_INSTANCE_TYPE
       params['ImageId']                           = options[:image_id]                             unless options[:image_id].blank?
       params['AddressingType']                    = options[:addressing_type]                      unless options[:addressing_type].blank?
@@ -313,8 +300,9 @@ module RightAws
     #
     #  ec2.reboot_instances(['i-f222222d','i-f222222e']) #=> true
     #
-    def reboot_instances(list)
-      link = generate_request("RebootInstances", amazonize_list('InstanceId', list.to_a))
+    def reboot_instances(*instances)
+      instances = instances.flatten
+      link = generate_request("RebootInstances", amazonize_list('InstanceId', instances))
       request_info(link, RightBoolResponseParser.new(:logger => @logger))
     rescue Exception
       on_exception
@@ -431,6 +419,25 @@ module RightAws
       on_exception
     end
 
+    # Get Initial windows instance password using Amazon API call GetPasswordData.
+    #
+    #  puts ec2.get_initial_password_v2(my_awesome_instance[:aws_instance_id], my_awesome_key[:aws_material]) #=> "MhjWcgZuY6"
+    #
+    # P.S. To say the truth there is absolutely no any speedup if to compare to the old get_initial_password method... ;(
+    #
+    def get_initial_password_v2(instance_id, private_key)
+      link = generate_request('GetPasswordData',
+                              'InstanceId' => instance_id )
+      response = request_info(link, QEc2GetPasswordDataParser.new(:logger => @logger))
+      if response[:password_data].blank?
+        raise AwsError.new("Initial password is not yet created for #{instance_id}")
+      else
+        OpenSSL::PKey::RSA.new(private_key).private_decrypt(Base64.decode64(response[:password_data]))
+      end
+    rescue Exception
+      on_exception
+    end
+
     # Bundle a Windows image.
     # Internally, it queues the bundling task and shuts down the instance.
     # It then takes a snapshot of the Windows volume bundles it, and uploads it to
@@ -455,7 +462,7 @@ module RightAws
       s3_owner_aws_secret_access_key ||= @aws_secret_access_key
       s3_expires = Time.now.utc + s3_expires if s3_expires.is_a?(Fixnum) && (s3_expires < S3Interface::ONE_YEAR_IN_SECONDS)
       # policy
-      policy = { 'expiration' => s3_expires.strftime('%Y-%m-%dT%H:%M:%SZ'),
+      policy = { 'expiration' => AwsUtils::utc_iso8601(s3_expires),
                  'conditions' => [ { 'bucket' => s3_bucket },
                                    { 'acl'    => s3_upload_policy },
                                    [ 'starts-with', '$key', s3_prefix ] ] }.to_json
@@ -490,8 +497,9 @@ module RightAws
     #      :aws_state         => "failed",
     #      :aws_instance_id   => "i-e3e24e8a"}]
     #
-    def describe_bundle_tasks(list=[])
-      link = generate_request("DescribeBundleTasks", amazonize_list('BundleId', list.to_a))
+    def describe_bundle_tasks(*tasks)
+      tasks = tasks.flatten
+      link = generate_request("DescribeBundleTasks", amazonize_list('BundleId', tasks))
       request_info(link, QEc2DescribeBundleTasksParser.new)
     rescue Exception
       on_exception
@@ -517,35 +525,6 @@ module RightAws
       on_exception
     end
 
-    #-----------------------------------------------------------------
-    #      Helpers
-    #-----------------------------------------------------------------
-
-    BLOCK_DEVICE_KEY_MAPPING = {                               # :nodoc:
-      :device_name               => 'DeviceName',
-      :virtual_name              => 'VirtualName',
-      :no_device                 => 'NoDevice',
-      :ebs_snapshot_id           => 'Ebs.SnapshotId',
-      :ebs_volume_size           => 'Ebs.VolumeSize',
-      :ebs_delete_on_termination => 'Ebs.DeleteOnTermination' }
-
-    def amazonize_block_device_mappings(block_device_mappings) # :nodoc:
-      result = {}
-      unless block_device_mappings.blank?
-        block_device_mappings = [block_device_mappings] unless block_device_mappings.is_a?(Array)
-        block_device_mappings.each_with_index do |b, idx|
-          BLOCK_DEVICE_KEY_MAPPING.each do |local_name, remote_name|
-            value = b[local_name]
-            case local_name
-            when :no_device then value = value ? '' : nil   # allow to pass :no_device as boolean
-            end
-            result["BlockDeviceMapping.#{idx+1}.#{remote_name}"] = value unless value.nil?
-          end
-        end
-      end
-      result
-    end
-
     #-----------------------------------------------------------------
     #      PARSERS: Instances
     #-----------------------------------------------------------------
@@ -599,9 +578,12 @@ module RightAws
         when 'rootDeviceType'   then @item[:root_device_type]      = @text
         when 'rootDeviceName'   then @item[:root_device_name]      = @text
         when 'instanceClass'    then @item[:instance_class]        = @text
+        when 'instanceLifecycle'     then @item[:instance_lifecycle]       = @text
+        when 'spotInstanceRequestId' then @item[:spot_instance_request_id] = @text
+        when 'requesterId'           then @item[:requester_id]             = @text
         else
           case full_tag_name
-          when %r{/stateReason/code$}    then @item[:state_reason_code]    = @text.to_i
+          when %r{/stateReason/code$}    then @item[:state_reason_code]    = @text
           when %r{/stateReason/message$} then @item[:state_reason_message] = @text
           when %r{/instanceState/code$}  then @item[:aws_state_code]       = @text.to_i
           when %r{/instanceState/name$}  then @item[:aws_state]            = @text
@@ -755,6 +737,19 @@ module RightAws
       end
     end
 
+    class QEc2GetPasswordDataParser < RightAWSParser #:nodoc:
+      def tagend(name)
+        case name
+        when 'instanceId'   then @result[:aws_instance_id] = @text
+        when 'timestamp'    then @result[:timestamp]       = @text
+        when 'passwordData' then @result[:password_data]   = @text
+        end
+      end
+      def reset
+        @result = {}
+      end
+    end
+
   end
 
 end

data/lib/ec2/right_ec2_reserved_instances.rb

@@ -41,11 +41,13 @@ module RightAws
     #      :aws_state=>"payment-pending",
     #      :aws_product_description=>"Test",
     #      :aws_fixed_price=>325.0,
+    #      :aws_start=>"2009-12-18T20:39:39.569Z"
     #      :aws_instance_count=>1}]
     #
-    def describe_reserved_instances(list=[])
-      link = generate_request("DescribeReservedInstances", amazonize_list('ReservedInstancesId',list.to_a))
-      request_cache_or_info(:describe_reserved_instances, link,  QEc2DescribeReservedInstancesParser, @@bench, list.blank?)
+    def describe_reserved_instances(*reserved_instances)
+      reserved_instances = reserved_instances.flatten
+      link = generate_request("DescribeReservedInstances", amazonize_list('ReservedInstancesId', reserved_instances))
+      request_cache_or_info(:describe_reserved_instances, link,  QEc2DescribeReservedInstancesParser, @@bench, reserved_instances.blank?)
     rescue Exception
       on_exception
     end
@@ -78,7 +80,7 @@ module RightAws
     def describe_reserved_instances_offerings(*list_and_params)
       list, params = AwsUtils::split_items_and_params(list_and_params)
       # backward compartibility with the old way
-      list ||= params[:aws_ids].to_a
+      list ||= Array(params[:aws_ids])
       rparams = {}
       rparams.update(amazonize_list('ReservedInstancesOfferingId', list)) unless list.blank?
       rparams['InstanceType']       = params[:aws_instance_type]       if params[:aws_instance_type]
@@ -122,6 +124,7 @@ module RightAws
           when 'instanceCount'       then @item[:aws_instance_count]      = @text.to_i
           when 'productDescription'  then @item[:aws_product_description] = @text
           when 'state'               then @item[:aws_state]               = @text
+          when 'start'               then @item[:aws_start]               = @text
           when 'item'                then @result << @item
         end
       end

data/lib/ec2/right_ec2_security_groups.rb

@@ -0,0 +1,277 @@
+#
+# Copyright (c) 2010 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+module RightAws
+
+  class Ec2
+
+    #-----------------------------------------------------------------
+    #      Security groups
+    #-----------------------------------------------------------------
+
+    # Retrieve Security Groups information. If +list+ is omitted the returns the whole list of groups.
+    #
+    #  # Amazon cloud:
+    #  ec2 = Rightscale::Ec2.new(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
+    #  ec2.describe_security_groups #=>
+    #    [{:aws_perms=>
+    #       [{:group=>"default", :owner=>"048291609141"},
+    #        {:to_port=>"22",
+    #         :protocol=>"tcp",
+    #         :from_port=>"22",
+    #         :cidr_ips=>"0.0.0.0/0"},
+    #        {:to_port=>"9997",
+    #         :protocol=>"tcp",
+    #         :from_port=>"9997",
+    #         :cidr_ips=>"0.0.0.0/0"}],
+    #      :aws_group_name=>"photo_us",
+    #      :aws_description=>"default group",
+    #      :aws_owner=>"826693181925"}]
+    #
+    #  # Eucalyptus cloud:
+    #  ec2 = Rightscale::Ec2.new(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, :eucalyptus => true)
+    #  ec2.describe_security_groups #=>
+    #    [{:aws_perms=>
+    #       [{:to_port=>"65535",
+    #         :group=>"default",
+    #         :protocol=>"tcp",
+    #         :owner=>"048291609141",
+    #         :from_port=>"1"},
+    #        {:to_port=>"65535",
+    #         :group=>"default",
+    #         :protocol=>"udp",
+    #         :owner=>"048291609141",
+    #         :from_port=>"1"},
+    #        {:to_port=>"-1",
+    #         :group=>"default",
+    #         :protocol=>"icmp",
+    #         :owner=>"048291609141",
+    #         :from_port=>"-1"},
+    #        {:to_port=>"22",
+    #         :protocol=>"tcp",
+    #         :from_port=>"22",
+    #         :cidr_ip=>"0.0.0.0/0"},
+    #        {:to_port=>"9997",
+    #         :protocol=>"tcp",
+    #         :from_port=>"9997",
+    #         :cidr_ip=>"0.0.0.0/0"}],
+    #      :aws_group_name=>"photo_us",
+    #      :aws_description=>"default group",
+    #      :aws_owner=>"826693181925"}]
+    #
+    def describe_security_groups(list=[])
+      link = generate_request("DescribeSecurityGroups", amazonize_list('GroupName', list))
+
+      request_cache_or_info( :describe_security_groups, link,  QEc2DescribeSecurityGroupsParser, @@bench, list.blank?) do |parser|
+        result = []
+        parser.result.each do |item|
+          result_item = { :aws_owner       => item[:owner_id],
+                          :aws_group_name  => item[:group_name],
+                          :aws_description => item[:group_description] }
+          aws_perms = []
+          item[:ip_permissions].each do |permission|
+            result_perm = {}
+            result_perm[:from_port] = permission[:from_port]
+            result_perm[:to_port]   = permission[:to_port]
+            result_perm[:protocol]  = permission[:ip_protocol]
+            # IP permissions
+            Array(permission[:ip_ranges]).each do |ip_range|
+              perm = result_perm.dup
+              perm[:cidr_ips] = ip_range
+              aws_perms << perm
+            end
+            # Group permissions
+            Array(permission[:groups]).each do |group|
+              perm = result_perm.dup
+              perm[:group] = group[:group_name]
+              perm[:owner] = group[:user_id]
+              # AWS does not support Port Based Group Permissions but Eucalyptus does
+              unless @params[:port_based_group_ingress]
+                perm.delete(:from_port)
+                perm.delete(:to_port)
+                perm.delete(:protocol)
+              end
+              aws_perms << perm
+            end
+          end
+          result_item[:aws_perms] = aws_perms.uniq
+          result << result_item
+        end
+        result
+      end
+    rescue Exception
+      on_exception
+    end
+
+    # Create new Security Group. Returns +true+ or an exception.
+    #
+    #  ec2.create_security_group('default-1',"Default allowing SSH, HTTP, and HTTPS ingress") #=> true
+    #
+    def create_security_group(name, description=nil)
+      # EC2 doesn't like an empty description...
+      description = "-" if description.blank?
+      link = generate_request("CreateSecurityGroup",
+                              'GroupName'        => name.to_s,
+                              'GroupDescription' => description.to_s)
+      request_info(link, RightBoolResponseParser.new(:logger => @logger))
+    rescue Exception
+      on_exception
+    end
+
+    # Remove Security Group. Returns +true+ or an exception.
+    #
+    #  ec2.delete_security_group('default-1') #=> true
+    #
+    def delete_security_group(name)
+      link = generate_request("DeleteSecurityGroup",
+                              'GroupName' => name.to_s)
+      request_info(link, RightBoolResponseParser.new(:logger => @logger))
+    rescue Exception
+      on_exception
+    end
+
+    # Edit group permissions.
+    #
+    #    action     - :authorize (or :grant) | :revoke (or :remove)
+    #    group_name - security group name
+    #    params     - a combination of options below:
+    #      :source_group_owner => grantee id
+    #      :source_group       => grantee group name
+    #      :from_port          => from port
+    #      :to_port            => to port
+    #      :port               => set both :from_port and to_port with the same value
+    #      :protocol           => :tcp | :udp | :icmp
+    #      :cidr_ip            => '0.0.0.0/0'
+    #
+    #  ec2.edit_security_group( :grant,
+    #                           'kd-sg-test',
+    #                           :source_group       => "sketchy",
+    #                           :source_group_owner => "600000000006",
+    #                           :protocol           => 'tcp',
+    #                           :port               => '80',
+    #                           :cidr_ip            => '127.0.0.1/32') #=> true
+    #
+    # P.S. setting both group based and port based ingresses is not supported by Amazon but by Eucalyptus.
+    #
+    def edit_security_group(action, group_name, params)
+      hash = {}
+      case action
+      when :authorize, :grant then action = "AuthorizeSecurityGroupIngress"
+      when :revoke, :remove   then action = "RevokeSecurityGroupIngress"
+      else raise "Unknown action #{action.inspect}!"
+      end
+      hash['GroupName']                  = group_name
+      hash['SourceSecurityGroupName']    = params[:source_group]                         unless params[:source_group].blank?
+      hash['SourceSecurityGroupOwnerId'] = params[:source_group_owner].to_s.gsub(/-/,'') unless params[:source_group_owner].blank?
+      hash['IpProtocol']                 = params[:protocol]                             unless params[:protocol].blank?
+      unless params[:port].blank?
+        hash['FromPort'] = params[:port]
+        hash['ToPort']   = params[:port]
+      end
+      hash['FromPort']   = params[:from_port] unless params[:from_port].blank?
+      hash['ToPort']     = params[:to_port]   unless params[:to_port].blank?
+      hash['CidrIp']     = params[:cidr_ip]   unless params[:cidr_ip].blank?
+      #
+      link = generate_request(action, hash)
+      request_info(link, RightBoolResponseParser.new(:logger => @logger))
+    rescue Exception
+      on_exception
+    end
+
+    # Authorize named ingress for security group. Allows instances that are member of someone
+    # else's security group to open connections to instances in my group.
+    #
+    #  ec2.authorize_security_group_named_ingress('my_awesome_group', '7011-0219-8268', 'their_group_name') #=> true
+    #
+    def authorize_security_group_named_ingress(name, owner, group)
+      edit_security_group( :authorize, name, :source_group_owner => owner, :source_group => group)
+    end
+
+    # Revoke named ingress for security group.
+    #
+    #  ec2.revoke_security_group_named_ingress('my_awesome_group', aws_user_id, 'another_group_name') #=> true
+    #
+    def revoke_security_group_named_ingress(name, owner, group)
+      edit_security_group( :revoke, name, :source_group_owner => owner, :source_group => group)
+    end
+
+    # Add permission to a security group. Returns +true+ or an exception. +protocol+ is one of :'tcp'|'udp'|'icmp'.
+    #
+    #  ec2.authorize_security_group_IP_ingress('my_awesome_group', 80, 82, 'udp', '192.168.1.0/8') #=> true
+    #  ec2.authorize_security_group_IP_ingress('my_awesome_group', -1, -1, 'icmp') #=> true
+    #
+    def authorize_security_group_IP_ingress(name, from_port, to_port, protocol='tcp', cidr_ip='0.0.0.0/0')
+      edit_security_group( :authorize, name, :from_port => from_port, :to_port => to_port, :protocol => protocol, :cidr_ip => cidr_ip )
+    end
+
+    # Remove permission from a security group. Returns +true+ or an exception. +protocol+ is one of :'tcp'|'udp'|'icmp' ('tcp' is default).
+    #
+    #  ec2.revoke_security_group_IP_ingress('my_awesome_group', 80, 82, 'udp', '192.168.1.0/8') #=> true
+    #
+    def revoke_security_group_IP_ingress(name, from_port, to_port, protocol='tcp', cidr_ip='0.0.0.0/0')
+      edit_security_group( :revoke, name, :from_port => from_port, :to_port => to_port, :protocol => protocol, :cidr_ip => cidr_ip )
+    end
+
+    #-----------------------------------------------------------------
+    #      PARSERS: Security Groups
+    #-----------------------------------------------------------------
+
+    class QEc2DescribeSecurityGroupsParser < RightAWSParser #:nodoc:
+      def tagstart(name, attributes)
+        if name == 'item'
+          case
+          when @xmlpath[/securityGroupInfo$/] then @item = { :ip_permissions => [] }
+          when @xmlpath[/ipPermissions$/]     then @ip_permission = { :groups => [], :ip_ranges => [] }
+          when @xmlpath[/groups$/]            then @group = {}
+          end
+        end
+      end
+      def tagend(name)
+        case name
+        when 'ownerId'          then @item[:owner_id]             = @text
+        when 'groupDescription' then @item[:group_description]    = @text
+        when 'ipProtocol'       then @ip_permission[:ip_protocol] = @text
+        when 'fromPort'         then @ip_permission[:from_port]   = @text
+        when 'toPort'           then @ip_permission[:to_port]     = @text
+        when 'cidrIp'           then @ip_permission[:ip_ranges]  << @text
+        when 'userId'           then @group[:user_id]             = @text
+        when 'groupName'
+          case
+          when @xmlpath[/securityGroupInfo\/item$/] then @item[:group_name]  = @text
+          when @xmlpath[/groups\/item$/]            then @group[:group_name] = @text
+          end
+        when 'item'
+          case
+          when @xmlpath[/groups$/]           then @ip_permission[:groups] << @group
+          when @xmlpath[/ipPermissions$/]    then @item[:ip_permissions] << @ip_permission
+          when @xmlpath[/securityGroupInfo$/]then @result << @item
+          end
+        end
+      end
+      def reset
+        @result = []
+      end
+    end
+    
+  end
+end