right_aws 1.10.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +53 -15
- data/Manifest.txt +16 -0
- data/README.txt +10 -9
- data/Rakefile +13 -15
- data/lib/acf/right_acf_interface.rb +224 -118
- data/lib/acf/right_acf_origin_access_identities.rb +230 -0
- data/lib/acf/right_acf_streaming_interface.rb +236 -0
- data/lib/acw/right_acw_interface.rb +249 -0
- data/lib/as/right_as_interface.rb +699 -0
- data/lib/awsbase/right_awsbase.rb +232 -51
- data/lib/awsbase/support.rb +4 -0
- data/lib/ec2/right_ec2.rb +33 -1375
- data/lib/ec2/right_ec2_ebs.rb +452 -0
- data/lib/ec2/right_ec2_images.rb +373 -0
- data/lib/ec2/right_ec2_instances.rb +755 -0
- data/lib/ec2/right_ec2_monitoring.rb +70 -0
- data/lib/ec2/right_ec2_reserved_instances.rb +170 -0
- data/lib/ec2/right_ec2_security_groups.rb +280 -0
- data/lib/ec2/right_ec2_spot_instances.rb +399 -0
- data/lib/ec2/right_ec2_vpc.rb +571 -0
- data/lib/elb/right_elb_interface.rb +496 -0
- data/lib/rds/right_rds_interface.rb +998 -0
- data/lib/right_aws.rb +18 -4
- data/lib/s3/right_s3.rb +39 -7
- data/lib/s3/right_s3_interface.rb +77 -53
- data/lib/sdb/active_sdb.rb +203 -11
- data/lib/sdb/right_sdb_interface.rb +68 -45
- data/lib/sqs/right_sqs_gen2.rb +73 -16
- data/lib/sqs/right_sqs_gen2_interface.rb +131 -51
- data/lib/sqs/right_sqs_interface.rb +2 -4
- data/test/acf/test_right_acf.rb +10 -18
- data/test/rds/test_helper.rb +2 -0
- data/test/rds/test_right_rds.rb +120 -0
- data/test/s3/test_right_s3.rb +10 -8
- data/test/s3/test_right_s3_stubbed.rb +6 -4
- data/test/sdb/test_active_sdb.rb +70 -12
- data/test/sdb/test_right_sdb.rb +13 -7
- data/test/sqs/test_right_sqs_gen2.rb +104 -49
- metadata +103 -14
@@ -0,0 +1,70 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2009 RightScale Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining
|
5
|
+
# a copy of this software and associated documentation files (the
|
6
|
+
# "Software"), to deal in the Software without restriction, including
|
7
|
+
# without limitation the rights to use, copy, modify, merge, publish,
|
8
|
+
# distribute, sublicense, and/or sell copies of the Software, and to
|
9
|
+
# permit persons to whom the Software is furnished to do so, subject to
|
10
|
+
# the following conditions:
|
11
|
+
#
|
12
|
+
# The above copyright notice and this permission notice shall be
|
13
|
+
# included in all copies or substantial portions of the Software.
|
14
|
+
#
|
15
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
16
|
+
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
17
|
+
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
18
|
+
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
19
|
+
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
20
|
+
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
21
|
+
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
22
|
+
#
|
23
|
+
|
24
|
+
module RightAws
|
25
|
+
|
26
|
+
class Ec2
|
27
|
+
|
28
|
+
# Enables monitoring for a running instances. For more information, refer to the Amazon CloudWatch Developer Guide.
|
29
|
+
#
|
30
|
+
# ec2.monitor_instances('i-8437ddec') #=>
|
31
|
+
# {:instance_id=>"i-8437ddec", :monitoring_state=>"pending"}
|
32
|
+
#
|
33
|
+
def monitor_instances(*list)
|
34
|
+
link = generate_request("MonitorInstances", amazonize_list('InstanceId', list.flatten) )
|
35
|
+
request_info(link, QEc2MonitorInstancesParser.new(:logger => @logger)).first
|
36
|
+
rescue Exception
|
37
|
+
on_exception
|
38
|
+
end
|
39
|
+
|
40
|
+
# Disables monitoring for a running instances. For more information, refer to the Amazon CloudWatch Developer Guide.
|
41
|
+
#
|
42
|
+
# ec2.unmonitor_instances('i-8437ddec') #=>
|
43
|
+
# {:instance_id=>"i-8437ddec", :monitoring_state=>"disabling"}
|
44
|
+
#
|
45
|
+
def unmonitor_instances(*list)
|
46
|
+
link = generate_request("UnmonitorInstances", amazonize_list('InstanceId', list.flatten) )
|
47
|
+
request_info(link, QEc2MonitorInstancesParser.new(:logger => @logger)).first
|
48
|
+
rescue Exception
|
49
|
+
on_exception
|
50
|
+
end
|
51
|
+
|
52
|
+
class QEc2MonitorInstancesParser < RightAWSParser #:nodoc:
|
53
|
+
def tagstart(name, attributes)
|
54
|
+
@item = {} if name == 'item'
|
55
|
+
end
|
56
|
+
def tagend(name)
|
57
|
+
case name
|
58
|
+
when 'instanceId' then @item[:instance_id] = @text
|
59
|
+
when 'state' then @item[:monitoring_state] = @text
|
60
|
+
when 'item' then @result << @item
|
61
|
+
end
|
62
|
+
end
|
63
|
+
def reset
|
64
|
+
@result = []
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
end
|
69
|
+
|
70
|
+
end
|
@@ -0,0 +1,170 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2009 RightScale Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining
|
5
|
+
# a copy of this software and associated documentation files (the
|
6
|
+
# "Software"), to deal in the Software without restriction, including
|
7
|
+
# without limitation the rights to use, copy, modify, merge, publish,
|
8
|
+
# distribute, sublicense, and/or sell copies of the Software, and to
|
9
|
+
# permit persons to whom the Software is furnished to do so, subject to
|
10
|
+
# the following conditions:
|
11
|
+
#
|
12
|
+
# The above copyright notice and this permission notice shall be
|
13
|
+
# included in all copies or substantial portions of the Software.
|
14
|
+
#
|
15
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
16
|
+
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
17
|
+
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
18
|
+
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
19
|
+
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
20
|
+
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
21
|
+
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
22
|
+
#
|
23
|
+
|
24
|
+
module RightAws
|
25
|
+
|
26
|
+
class Ec2
|
27
|
+
|
28
|
+
#-----------------------------------------------------------------
|
29
|
+
# Reserved instances
|
30
|
+
#-----------------------------------------------------------------
|
31
|
+
|
32
|
+
# Retrieve reserved instances list.
|
33
|
+
# Returns a list of Reserved Instances.
|
34
|
+
#
|
35
|
+
# ec2.describe_reserved_instances #=>
|
36
|
+
# [{:aws_id=>"1ba8e2e3-1c40-434c-a741-5ff16a4c542e",
|
37
|
+
# :aws_duration=>31536000,
|
38
|
+
# :aws_instance_type=>"m1.small",
|
39
|
+
# :aws_usage_price=>0.03,
|
40
|
+
# :aws_availability_zone=>"us-east-1b",
|
41
|
+
# :aws_state=>"payment-pending",
|
42
|
+
# :aws_product_description=>"Test",
|
43
|
+
# :aws_fixed_price=>325.0,
|
44
|
+
# :aws_start=>"2009-12-18T20:39:39.569Z"
|
45
|
+
# :aws_instance_count=>1}]
|
46
|
+
#
|
47
|
+
def describe_reserved_instances(*reserved_instances)
|
48
|
+
reserved_instances = reserved_instances.flatten
|
49
|
+
link = generate_request("DescribeReservedInstances", amazonize_list('ReservedInstancesId', reserved_instances))
|
50
|
+
request_cache_or_info(:describe_reserved_instances, link, QEc2DescribeReservedInstancesParser, @@bench, reserved_instances.blank?)
|
51
|
+
rescue Exception
|
52
|
+
on_exception
|
53
|
+
end
|
54
|
+
|
55
|
+
# Retrieve reserved instances offerings.
|
56
|
+
# Returns a set of available offerings.
|
57
|
+
#
|
58
|
+
# Optional params:
|
59
|
+
# :aws_instance_type => String
|
60
|
+
# :aws_availability_zone => String
|
61
|
+
# :aws_product_description => String
|
62
|
+
#
|
63
|
+
# ec2.describe_reserved_instances_offerings #=>
|
64
|
+
# [{:aws_instance_type=>"c1.medium",
|
65
|
+
# :aws_availability_zone=>"us-east-1c",
|
66
|
+
# :aws_duration=>94608000,
|
67
|
+
# :aws_product_description=>"Linux/UNIX",
|
68
|
+
# :aws_id=>"e5a2ff3b-f6eb-4b4e-83f8-b879d7060257",
|
69
|
+
# :aws_usage_price=>0.06,
|
70
|
+
# :aws_fixed_price=>1000.0},
|
71
|
+
# ...
|
72
|
+
# {:aws_instance_type=>"m1.xlarge",
|
73
|
+
# :aws_availability_zone=>"us-east-1a",
|
74
|
+
# :aws_duration=>31536000,
|
75
|
+
# :aws_product_description=>"Linux/UNIX",
|
76
|
+
# :aws_id=>"c48ab04c-63ab-4cd6-b8f5-978a29eb9bcc",
|
77
|
+
# :aws_usage_price=>0.24,
|
78
|
+
# :aws_fixed_price=>2600.0}]
|
79
|
+
#
|
80
|
+
def describe_reserved_instances_offerings(*list_and_params)
|
81
|
+
list, params = AwsUtils::split_items_and_params(list_and_params)
|
82
|
+
# backward compartibility with the old way
|
83
|
+
list ||= Array(params[:aws_ids])
|
84
|
+
rparams = {}
|
85
|
+
rparams.update(amazonize_list('ReservedInstancesOfferingId', list)) unless list.blank?
|
86
|
+
rparams['InstanceType'] = params[:aws_instance_type] if params[:aws_instance_type]
|
87
|
+
rparams['AvailabilityZone'] = params[:aws_availability_zone] if params[:aws_availability_zone]
|
88
|
+
rparams['ProductDescription'] = params[:aws_product_description] if params[:aws_product_description]
|
89
|
+
link = generate_request("DescribeReservedInstancesOfferings", rparams)
|
90
|
+
request_cache_or_info(:describe_reserved_instances_offerings, link, QEc2DescribeReservedInstancesOfferingsParser, @@bench, list.blank?)
|
91
|
+
rescue Exception
|
92
|
+
on_exception
|
93
|
+
end
|
94
|
+
|
95
|
+
# Purchase a Reserved Instance.
|
96
|
+
# Returns ReservedInstancesId value.
|
97
|
+
#
|
98
|
+
# ec2.purchase_reserved_instances_offering('e5a2ff3b-f6eb-4b4e-83f8-b879d7060257', 3) # => '4b2293b4-5813-4cc8-9ce3-1957fc1dcfc8'
|
99
|
+
#
|
100
|
+
def purchase_reserved_instances_offering(reserved_instances_offering_id, instance_count=1)
|
101
|
+
link = generate_request("PurchaseReservedInstancesOffering", { 'ReservedInstancesOfferingId' => reserved_instances_offering_id,
|
102
|
+
'InstanceCount' => instance_count })
|
103
|
+
request_info(link, QEc2PurchaseReservedInstancesOfferingParser.new)
|
104
|
+
rescue Exception
|
105
|
+
on_exception
|
106
|
+
end
|
107
|
+
|
108
|
+
#-----------------------------------------------------------------
|
109
|
+
# PARSERS: ReservedInstances
|
110
|
+
#-----------------------------------------------------------------
|
111
|
+
|
112
|
+
class QEc2DescribeReservedInstancesParser < RightAWSParser #:nodoc:
|
113
|
+
def tagstart(name, attributes)
|
114
|
+
@item = {} if name == 'item'
|
115
|
+
end
|
116
|
+
def tagend(name)
|
117
|
+
case name
|
118
|
+
when 'reservedInstancesId' then @item[:aws_id] = @text
|
119
|
+
when 'instanceType' then @item[:aws_instance_type] = @text
|
120
|
+
when 'availabilityZone' then @item[:aws_availability_zone] = @text
|
121
|
+
when 'duration' then @item[:aws_duration] = @text.to_i
|
122
|
+
when 'usagePrice' then @item[:aws_usage_price] = @text.to_f
|
123
|
+
when 'fixedPrice' then @item[:aws_fixed_price] = @text.to_f
|
124
|
+
when 'instanceCount' then @item[:aws_instance_count] = @text.to_i
|
125
|
+
when 'productDescription' then @item[:aws_product_description] = @text
|
126
|
+
when 'state' then @item[:aws_state] = @text
|
127
|
+
when 'start' then @item[:aws_start] = @text
|
128
|
+
when 'item' then @result << @item
|
129
|
+
end
|
130
|
+
end
|
131
|
+
def reset
|
132
|
+
@result = []
|
133
|
+
end
|
134
|
+
end
|
135
|
+
|
136
|
+
class QEc2DescribeReservedInstancesOfferingsParser < RightAWSParser #:nodoc:
|
137
|
+
def tagstart(name, attributes)
|
138
|
+
@item = {} if name == 'item'
|
139
|
+
end
|
140
|
+
def tagend(name)
|
141
|
+
case name
|
142
|
+
when 'reservedInstancesOfferingId' then @item[:aws_id] = @text
|
143
|
+
when 'instanceType' then @item[:aws_instance_type] = @text
|
144
|
+
when 'availabilityZone' then @item[:aws_availability_zone] = @text
|
145
|
+
when 'duration' then @item[:aws_duration] = @text.to_i
|
146
|
+
when 'usagePrice' then @item[:aws_usage_price] = @text.to_f
|
147
|
+
when 'fixedPrice' then @item[:aws_fixed_price] = @text.to_f
|
148
|
+
when 'productDescription' then @item[:aws_product_description] = @text
|
149
|
+
when 'item' then @result << @item
|
150
|
+
end
|
151
|
+
end
|
152
|
+
def reset
|
153
|
+
@result = []
|
154
|
+
end
|
155
|
+
end
|
156
|
+
|
157
|
+
class QEc2PurchaseReservedInstancesOfferingParser < RightAWSParser #:nodoc:
|
158
|
+
def tagend(name)
|
159
|
+
if name == 'reservedInstancesId'
|
160
|
+
@result = @text
|
161
|
+
end
|
162
|
+
end
|
163
|
+
def reset
|
164
|
+
@result = ''
|
165
|
+
end
|
166
|
+
end
|
167
|
+
|
168
|
+
end
|
169
|
+
|
170
|
+
end
|
@@ -0,0 +1,280 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2010 RightScale Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining
|
5
|
+
# a copy of this software and associated documentation files (the
|
6
|
+
# "Software"), to deal in the Software without restriction, including
|
7
|
+
# without limitation the rights to use, copy, modify, merge, publish,
|
8
|
+
# distribute, sublicense, and/or sell copies of the Software, and to
|
9
|
+
# permit persons to whom the Software is furnished to do so, subject to
|
10
|
+
# the following conditions:
|
11
|
+
#
|
12
|
+
# The above copyright notice and this permission notice shall be
|
13
|
+
# included in all copies or substantial portions of the Software.
|
14
|
+
#
|
15
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
16
|
+
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
17
|
+
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
18
|
+
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
19
|
+
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
20
|
+
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
21
|
+
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
22
|
+
#
|
23
|
+
|
24
|
+
module RightAws
|
25
|
+
|
26
|
+
class Ec2
|
27
|
+
|
28
|
+
#-----------------------------------------------------------------
|
29
|
+
# Security groups
|
30
|
+
#-----------------------------------------------------------------
|
31
|
+
|
32
|
+
# Retrieve Security Groups information. If +list+ is omitted the returns the whole list of groups.
|
33
|
+
#
|
34
|
+
# # Amazon cloud:
|
35
|
+
# ec2 = Rightscale::Ec2.new(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
36
|
+
# ec2.describe_security_groups #=>
|
37
|
+
# [{:aws_perms=>
|
38
|
+
# [{:group=>"default", :owner=>"048291609141"},
|
39
|
+
# {:to_port=>"22",
|
40
|
+
# :protocol=>"tcp",
|
41
|
+
# :from_port=>"22",
|
42
|
+
# :cidr_ips=>"0.0.0.0/0"},
|
43
|
+
# {:to_port=>"9997",
|
44
|
+
# :protocol=>"tcp",
|
45
|
+
# :from_port=>"9997",
|
46
|
+
# :cidr_ips=>"0.0.0.0/0"}],
|
47
|
+
# :aws_group_name=>"photo_us",
|
48
|
+
# :aws_description=>"default group",
|
49
|
+
# :aws_owner=>"826693181925"}]
|
50
|
+
#
|
51
|
+
# # Eucalyptus cloud:
|
52
|
+
# ec2 = Rightscale::Ec2.new(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, :eucalyptus => true)
|
53
|
+
# ec2.describe_security_groups #=>
|
54
|
+
# [{:aws_perms=>
|
55
|
+
# [{:to_port=>"65535",
|
56
|
+
# :group=>"default",
|
57
|
+
# :protocol=>"tcp",
|
58
|
+
# :owner=>"048291609141",
|
59
|
+
# :from_port=>"1"},
|
60
|
+
# {:to_port=>"65535",
|
61
|
+
# :group=>"default",
|
62
|
+
# :protocol=>"udp",
|
63
|
+
# :owner=>"048291609141",
|
64
|
+
# :from_port=>"1"},
|
65
|
+
# {:to_port=>"-1",
|
66
|
+
# :group=>"default",
|
67
|
+
# :protocol=>"icmp",
|
68
|
+
# :owner=>"048291609141",
|
69
|
+
# :from_port=>"-1"},
|
70
|
+
# {:to_port=>"22",
|
71
|
+
# :protocol=>"tcp",
|
72
|
+
# :from_port=>"22",
|
73
|
+
# :cidr_ip=>"0.0.0.0/0"},
|
74
|
+
# {:to_port=>"9997",
|
75
|
+
# :protocol=>"tcp",
|
76
|
+
# :from_port=>"9997",
|
77
|
+
# :cidr_ip=>"0.0.0.0/0"}],
|
78
|
+
# :aws_group_name=>"photo_us",
|
79
|
+
# :aws_description=>"default group",
|
80
|
+
# :aws_owner=>"826693181925"}]
|
81
|
+
#
|
82
|
+
def describe_security_groups(list=[])
|
83
|
+
link = generate_request("DescribeSecurityGroups", amazonize_list('GroupName', list))
|
84
|
+
|
85
|
+
request_cache_or_info( :describe_security_groups, link, QEc2DescribeSecurityGroupsParser, @@bench, list.blank?) do |parser|
|
86
|
+
result = []
|
87
|
+
parser.result.each do |item|
|
88
|
+
result_item = { :aws_owner => item[:owner_id],
|
89
|
+
:aws_group_name => item[:group_name],
|
90
|
+
:aws_description => item[:group_description] }
|
91
|
+
aws_perms = []
|
92
|
+
item[:ip_permissions].each do |permission|
|
93
|
+
result_perm = {}
|
94
|
+
result_perm[:from_port] = permission[:from_port]
|
95
|
+
result_perm[:to_port] = permission[:to_port]
|
96
|
+
result_perm[:protocol] = permission[:ip_protocol]
|
97
|
+
# IP permissions
|
98
|
+
Array(permission[:ip_ranges]).each do |ip_range|
|
99
|
+
perm = result_perm.dup
|
100
|
+
# Mhhh... For Eucalyptus we somehow get used to use ":cidr_ip" instead of ":cidr_ips"...
|
101
|
+
if @params[:eucalyptus] then perm[:cidr_ip] = ip_range
|
102
|
+
else perm[:cidr_ips] = ip_range
|
103
|
+
end
|
104
|
+
aws_perms << perm
|
105
|
+
end
|
106
|
+
# Group permissions
|
107
|
+
Array(permission[:groups]).each do |group|
|
108
|
+
perm = result_perm.dup
|
109
|
+
perm[:group] = group[:group_name]
|
110
|
+
perm[:owner] = group[:user_id]
|
111
|
+
# AWS does not support Port Based Group Permissions but Eucalyptus does
|
112
|
+
unless @params[:port_based_group_ingress]
|
113
|
+
perm.delete(:from_port)
|
114
|
+
perm.delete(:to_port)
|
115
|
+
perm.delete(:protocol)
|
116
|
+
end
|
117
|
+
aws_perms << perm
|
118
|
+
end
|
119
|
+
end
|
120
|
+
result_item[:aws_perms] = aws_perms.uniq
|
121
|
+
result << result_item
|
122
|
+
end
|
123
|
+
result
|
124
|
+
end
|
125
|
+
rescue Exception
|
126
|
+
on_exception
|
127
|
+
end
|
128
|
+
|
129
|
+
# Create new Security Group. Returns +true+ or an exception.
|
130
|
+
#
|
131
|
+
# ec2.create_security_group('default-1',"Default allowing SSH, HTTP, and HTTPS ingress") #=> true
|
132
|
+
#
|
133
|
+
def create_security_group(name, description=nil)
|
134
|
+
# EC2 doesn't like an empty description...
|
135
|
+
description = "-" if description.blank?
|
136
|
+
link = generate_request("CreateSecurityGroup",
|
137
|
+
'GroupName' => name.to_s,
|
138
|
+
'GroupDescription' => description.to_s)
|
139
|
+
request_info(link, RightBoolResponseParser.new(:logger => @logger))
|
140
|
+
rescue Exception
|
141
|
+
on_exception
|
142
|
+
end
|
143
|
+
|
144
|
+
# Remove Security Group. Returns +true+ or an exception.
|
145
|
+
#
|
146
|
+
# ec2.delete_security_group('default-1') #=> true
|
147
|
+
#
|
148
|
+
def delete_security_group(name)
|
149
|
+
link = generate_request("DeleteSecurityGroup",
|
150
|
+
'GroupName' => name.to_s)
|
151
|
+
request_info(link, RightBoolResponseParser.new(:logger => @logger))
|
152
|
+
rescue Exception
|
153
|
+
on_exception
|
154
|
+
end
|
155
|
+
|
156
|
+
# Edit group permissions.
|
157
|
+
#
|
158
|
+
# action - :authorize (or :grant) | :revoke (or :remove)
|
159
|
+
# group_name - security group name
|
160
|
+
# params - a combination of options below:
|
161
|
+
# :source_group_owner => grantee id
|
162
|
+
# :source_group => grantee group name
|
163
|
+
# :from_port => from port
|
164
|
+
# :to_port => to port
|
165
|
+
# :port => set both :from_port and to_port with the same value
|
166
|
+
# :protocol => :tcp | :udp | :icmp
|
167
|
+
# :cidr_ip => '0.0.0.0/0'
|
168
|
+
#
|
169
|
+
# ec2.edit_security_group( :grant,
|
170
|
+
# 'kd-sg-test',
|
171
|
+
# :source_group => "sketchy",
|
172
|
+
# :source_group_owner => "600000000006",
|
173
|
+
# :protocol => 'tcp',
|
174
|
+
# :port => '80',
|
175
|
+
# :cidr_ip => '127.0.0.1/32') #=> true
|
176
|
+
#
|
177
|
+
# P.S. setting both group based and port based ingresses is not supported by Amazon but by Eucalyptus.
|
178
|
+
#
|
179
|
+
def edit_security_group(action, group_name, params)
|
180
|
+
hash = {}
|
181
|
+
case action
|
182
|
+
when :authorize, :grant then action = "AuthorizeSecurityGroupIngress"
|
183
|
+
when :revoke, :remove then action = "RevokeSecurityGroupIngress"
|
184
|
+
else raise "Unknown action #{action.inspect}!"
|
185
|
+
end
|
186
|
+
hash['GroupName'] = group_name
|
187
|
+
hash['SourceSecurityGroupName'] = params[:source_group] unless params[:source_group].blank?
|
188
|
+
hash['SourceSecurityGroupOwnerId'] = params[:source_group_owner].to_s.gsub(/-/,'') unless params[:source_group_owner].blank?
|
189
|
+
hash['IpProtocol'] = params[:protocol] unless params[:protocol].blank?
|
190
|
+
unless params[:port].blank?
|
191
|
+
hash['FromPort'] = params[:port]
|
192
|
+
hash['ToPort'] = params[:port]
|
193
|
+
end
|
194
|
+
hash['FromPort'] = params[:from_port] unless params[:from_port].blank?
|
195
|
+
hash['ToPort'] = params[:to_port] unless params[:to_port].blank?
|
196
|
+
hash['CidrIp'] = params[:cidr_ip] unless params[:cidr_ip].blank?
|
197
|
+
#
|
198
|
+
link = generate_request(action, hash)
|
199
|
+
request_info(link, RightBoolResponseParser.new(:logger => @logger))
|
200
|
+
rescue Exception
|
201
|
+
on_exception
|
202
|
+
end
|
203
|
+
|
204
|
+
# Authorize named ingress for security group. Allows instances that are member of someone
|
205
|
+
# else's security group to open connections to instances in my group.
|
206
|
+
#
|
207
|
+
# ec2.authorize_security_group_named_ingress('my_awesome_group', '7011-0219-8268', 'their_group_name') #=> true
|
208
|
+
#
|
209
|
+
def authorize_security_group_named_ingress(name, owner, group)
|
210
|
+
edit_security_group( :authorize, name, :source_group_owner => owner, :source_group => group)
|
211
|
+
end
|
212
|
+
|
213
|
+
# Revoke named ingress for security group.
|
214
|
+
#
|
215
|
+
# ec2.revoke_security_group_named_ingress('my_awesome_group', aws_user_id, 'another_group_name') #=> true
|
216
|
+
#
|
217
|
+
def revoke_security_group_named_ingress(name, owner, group)
|
218
|
+
edit_security_group( :revoke, name, :source_group_owner => owner, :source_group => group)
|
219
|
+
end
|
220
|
+
|
221
|
+
# Add permission to a security group. Returns +true+ or an exception. +protocol+ is one of :'tcp'|'udp'|'icmp'.
|
222
|
+
#
|
223
|
+
# ec2.authorize_security_group_IP_ingress('my_awesome_group', 80, 82, 'udp', '192.168.1.0/8') #=> true
|
224
|
+
# ec2.authorize_security_group_IP_ingress('my_awesome_group', -1, -1, 'icmp') #=> true
|
225
|
+
#
|
226
|
+
def authorize_security_group_IP_ingress(name, from_port, to_port, protocol='tcp', cidr_ip='0.0.0.0/0')
|
227
|
+
edit_security_group( :authorize, name, :from_port => from_port, :to_port => to_port, :protocol => protocol, :cidr_ip => cidr_ip )
|
228
|
+
end
|
229
|
+
|
230
|
+
# Remove permission from a security group. Returns +true+ or an exception. +protocol+ is one of :'tcp'|'udp'|'icmp' ('tcp' is default).
|
231
|
+
#
|
232
|
+
# ec2.revoke_security_group_IP_ingress('my_awesome_group', 80, 82, 'udp', '192.168.1.0/8') #=> true
|
233
|
+
#
|
234
|
+
def revoke_security_group_IP_ingress(name, from_port, to_port, protocol='tcp', cidr_ip='0.0.0.0/0')
|
235
|
+
edit_security_group( :revoke, name, :from_port => from_port, :to_port => to_port, :protocol => protocol, :cidr_ip => cidr_ip )
|
236
|
+
end
|
237
|
+
|
238
|
+
#-----------------------------------------------------------------
|
239
|
+
# PARSERS: Security Groups
|
240
|
+
#-----------------------------------------------------------------
|
241
|
+
|
242
|
+
class QEc2DescribeSecurityGroupsParser < RightAWSParser #:nodoc:
|
243
|
+
def tagstart(name, attributes)
|
244
|
+
if name == 'item'
|
245
|
+
case
|
246
|
+
when @xmlpath[/securityGroupInfo$/] then @item = { :ip_permissions => [] }
|
247
|
+
when @xmlpath[/ipPermissions$/] then @ip_permission = { :groups => [], :ip_ranges => [] }
|
248
|
+
when @xmlpath[/groups$/] then @group = {}
|
249
|
+
end
|
250
|
+
end
|
251
|
+
end
|
252
|
+
def tagend(name)
|
253
|
+
case name
|
254
|
+
when 'ownerId' then @item[:owner_id] = @text
|
255
|
+
when 'groupDescription' then @item[:group_description] = @text
|
256
|
+
when 'ipProtocol' then @ip_permission[:ip_protocol] = @text
|
257
|
+
when 'fromPort' then @ip_permission[:from_port] = @text
|
258
|
+
when 'toPort' then @ip_permission[:to_port] = @text
|
259
|
+
when 'cidrIp' then @ip_permission[:ip_ranges] << @text
|
260
|
+
when 'userId' then @group[:user_id] = @text
|
261
|
+
when 'groupName'
|
262
|
+
case
|
263
|
+
when @xmlpath[/securityGroupInfo\/item$/] then @item[:group_name] = @text
|
264
|
+
when @xmlpath[/groups\/item$/] then @group[:group_name] = @text
|
265
|
+
end
|
266
|
+
when 'item'
|
267
|
+
case
|
268
|
+
when @xmlpath[/groups$/] then @ip_permission[:groups] << @group
|
269
|
+
when @xmlpath[/ipPermissions$/] then @item[:ip_permissions] << @ip_permission
|
270
|
+
when @xmlpath[/securityGroupInfo$/]then @result << @item
|
271
|
+
end
|
272
|
+
end
|
273
|
+
end
|
274
|
+
def reset
|
275
|
+
@result = []
|
276
|
+
end
|
277
|
+
end
|
278
|
+
|
279
|
+
end
|
280
|
+
end
|