right_aws 2.1.0 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +38 -14
- data/Manifest.txt +1 -0
- data/Rakefile +34 -8
- data/lib/awsbase/right_awsbase.rb +176 -12
- data/lib/awsbase/version.rb +2 -2
- data/lib/ec2/right_ec2.rb +120 -37
- data/lib/ec2/right_ec2_ebs.rb +57 -41
- data/lib/ec2/right_ec2_images.rb +73 -44
- data/lib/ec2/right_ec2_instances.rb +158 -155
- data/lib/ec2/right_ec2_reserved_instances.rb +36 -26
- data/lib/ec2/right_ec2_security_groups.rb +261 -166
- data/lib/ec2/right_ec2_spot_instances.rb +72 -75
- data/lib/ec2/right_ec2_vpc.rb +15 -8
- data/lib/ec2/right_ec2_vpc2.rb +381 -0
- data/lib/elb/right_elb_interface.rb +3 -1
- data/lib/emr/right_emr_interface.rb +727 -0
- data/lib/rds/right_rds_interface.rb +102 -27
- data/lib/right_aws.rb +4 -1
- data/lib/route_53/right_route_53_interface.rb +24 -14
- data/lib/s3/right_s3.rb +16 -15
- data/lib/s3/right_s3_interface.rb +42 -10
- data/lib/sdb/right_sdb_interface.rb +14 -5
- data/lib/sns/right_sns_interface.rb +286 -0
- data/test/README.mdown +39 -0
- data/test/awsbase/test_right_awsbase.rb +0 -1
- data/test/ec2/test_right_ec2.rb +0 -1
- data/test/elb/test_helper.rb +2 -0
- data/test/elb/test_right_elb.rb +43 -0
- data/test/route_53/fixtures/a_record.xml +18 -0
- data/test/route_53/fixtures/alias_record.xml +18 -0
- data/test/route_53/test_helper.rb +2 -0
- data/test/route_53/test_right_route_53.rb +141 -0
- data/test/s3/test_right_s3.rb +97 -39
- data/test/sns/test_helper.rb +2 -0
- data/test/sns/test_right_sns.rb +153 -0
- data/test/ts_right_aws.rb +1 -0
- metadata +28 -9
@@ -37,16 +37,19 @@ module RightAws
|
|
37
37
|
# reserved-instances-id, start, state, tag-key, tag-value, tag:key, usage-price
|
38
38
|
#
|
39
39
|
# ec2.describe_reserved_instances #=>
|
40
|
-
#
|
41
|
-
#
|
42
|
-
#
|
43
|
-
#
|
44
|
-
#
|
45
|
-
#
|
46
|
-
#
|
47
|
-
#
|
48
|
-
#
|
49
|
-
#
|
40
|
+
# [{:currency_code=>"USD",
|
41
|
+
# :aws_fixed_price=>350.0,
|
42
|
+
# :aws_availability_zone=>"us-east-1c",
|
43
|
+
# :aws_instance_count=>1,
|
44
|
+
# :tags=>{},
|
45
|
+
# :aws_id=>"4357912c-ad94-4f57-8625-15ca71a8e66d",
|
46
|
+
# :aws_product_description=>"Linux/UNIX",
|
47
|
+
# :aws_state=>"active",
|
48
|
+
# :aws_start=>"2010-03-18T20:39:39.569Z",
|
49
|
+
# :aws_duration=>94608000,
|
50
|
+
# :aws_instance_type=>"m1.small",
|
51
|
+
# :instance_tenancy=>"default",
|
52
|
+
# :aws_usage_price=>0.03}]
|
50
53
|
#
|
51
54
|
# ec2.describe_reserved_instances(:filters => {'availability-zone' => 'us-east-1a'})
|
52
55
|
#
|
@@ -63,22 +66,25 @@ module RightAws
|
|
63
66
|
# Filters: availability-zone, duration, fixed-price, instance-type, product-description, reserved-instances-offering-id, usage-price
|
64
67
|
#
|
65
68
|
# ec2.describe_reserved_instances_offerings #=>
|
66
|
-
# [{:
|
67
|
-
# :
|
68
|
-
# :
|
69
|
+
# [{:currency_code=>"USD",
|
70
|
+
# :aws_fixed_price=>700.0,
|
71
|
+
# :aws_id=>"248e7b75-933c-451b-b126-be25865e02a5",
|
69
72
|
# :aws_product_description=>"Linux/UNIX",
|
70
|
-
# :
|
73
|
+
# :aws_instance_type=>"c1.medium",
|
74
|
+
# :aws_duration=>94608000,
|
75
|
+
# :instance_tenancy=>"default",
|
71
76
|
# :aws_usage_price=>0.06,
|
72
|
-
# :
|
73
|
-
#
|
74
|
-
#
|
75
|
-
# :
|
76
|
-
# :
|
77
|
-
# :
|
78
|
-
# :
|
79
|
-
# :
|
80
|
-
# :
|
81
|
-
#
|
77
|
+
# :aws_availability_zone=>"us-east-1a"},
|
78
|
+
# {:currency_code=>"USD",
|
79
|
+
# :aws_fixed_price=>700.0,
|
80
|
+
# :aws_id=>"c48ab04c-7e03-46b2-891a-2df1116e51a3",
|
81
|
+
# :aws_product_description=>"Linux/UNIX (Amazon VPC)",
|
82
|
+
# :aws_instance_type=>"c1.medium",
|
83
|
+
# :aws_duration=>94608000,
|
84
|
+
# :instance_tenancy=>"default",
|
85
|
+
# :aws_usage_price=>0.06,
|
86
|
+
# :aws_availability_zone=>"us-east-1a"}, ... ]
|
87
|
+
#
|
82
88
|
# ec2.describe_reserved_instances_offerings(:filters => {'availability-zone' => 'us-east-1c'})
|
83
89
|
#
|
84
90
|
# P.S. filters: http://docs.amazonwebservices.com/AWSEC2/latest/APIReference/index.html?ApiReference-query-DescribeReservedInstancesOfferings.html
|
@@ -123,6 +129,8 @@ module RightAws
|
|
123
129
|
when 'productDescription' then @item[:aws_product_description] = @text
|
124
130
|
when 'state' then @item[:aws_state] = @text
|
125
131
|
when 'start' then @item[:aws_start] = @text
|
132
|
+
when 'instanceTenancy' then @item[:instance_tenancy] = @text
|
133
|
+
when 'currencyCode' then @item[:currency_code] = @text
|
126
134
|
else
|
127
135
|
case full_tag_name
|
128
136
|
when %r{/tagSet/item/key$} then @aws_tag[:key] = @text
|
@@ -149,9 +157,11 @@ module RightAws
|
|
149
157
|
when 'duration' then @item[:aws_duration] = @text.to_i
|
150
158
|
when 'usagePrice' then @item[:aws_usage_price] = @text.to_f
|
151
159
|
when 'fixedPrice' then @item[:aws_fixed_price] = @text.to_f
|
160
|
+
when 'instanceTenancy' then @item[:instance_tenancy] = @text
|
161
|
+
when 'currencyCode' then @item[:currency_code] = @text
|
152
162
|
when 'productDescription' then @item[:aws_product_description] = @text
|
153
|
-
|
154
|
-
|
163
|
+
when 'item' then @result << @item
|
164
|
+
end
|
155
165
|
end
|
156
166
|
def reset
|
157
167
|
@result = []
|
@@ -30,6 +30,7 @@ module RightAws
|
|
30
30
|
#-----------------------------------------------------------------
|
31
31
|
|
32
32
|
# Retrieve Security Groups information.
|
33
|
+
# Options: By default this methods expects security group ids but if you wanna pass their names then :describe_by => :group_name option must be set.
|
33
34
|
#
|
34
35
|
# Accepts a list of security groups and/or a set of filters as the last parameter.
|
35
36
|
#
|
@@ -40,35 +41,45 @@ module RightAws
|
|
40
41
|
# ec2 = Rightscale::Ec2.new(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
41
42
|
# ec2.describe_security_groups #=>
|
42
43
|
# [{:aws_perms=>
|
43
|
-
#
|
44
|
-
# {:
|
45
|
-
#
|
46
|
-
#
|
47
|
-
#
|
48
|
-
#
|
49
|
-
#
|
50
|
-
#
|
51
|
-
#
|
52
|
-
#
|
53
|
-
#
|
54
|
-
# :
|
44
|
+
# [{:protocol=>"-1", :cidr_ips=>"0.0.0.0/0", :direction=>:egress},
|
45
|
+
# {:protocol=>"tcp",
|
46
|
+
# :cidr_ips=>"127.0.0.2/32",
|
47
|
+
# :direction=>:egress,
|
48
|
+
# :from_port=>"1111",
|
49
|
+
# :to_port=>"1111"},
|
50
|
+
# {:protocol=>"tcp",
|
51
|
+
# :cidr_ips=>"127.0.0.1/32",
|
52
|
+
# :direction=>:egress,
|
53
|
+
# :from_port=>"1111",
|
54
|
+
# :to_port=>"1111"}],
|
55
|
+
# :aws_group_name=>"kd-vpc-egress-test-1",
|
56
|
+
# :vpc_id=>"vpc-e16cf988",
|
57
|
+
# :aws_description=>"vpc test",
|
58
|
+
# :aws_owner=>"826693181925",
|
59
|
+
# :group_id=>"sg-b72032db"}]
|
60
|
+
#
|
61
|
+
# # Describe by group ids
|
62
|
+
# ec2.describe_security_groups("sg-a0b85dc9", "sg-00b05d39", "sg-a1b86dc8")
|
63
|
+
#
|
64
|
+
# # Describe by group names
|
65
|
+
# ec2.describe_security_groups("default", "default1", "kd", :describe_by => :group_name)
|
55
66
|
#
|
56
67
|
# # Eucalyptus cloud:
|
57
68
|
# ec2 = Rightscale::Ec2.new(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, :eucalyptus => true)
|
58
69
|
# ec2.describe_security_groups #=>
|
59
70
|
# [{:aws_perms=>
|
60
71
|
# [{:to_port=>"65535",
|
61
|
-
# :
|
72
|
+
# :group_name=>"default",
|
62
73
|
# :protocol=>"tcp",
|
63
74
|
# :owner=>"048291609141",
|
64
75
|
# :from_port=>"1"},
|
65
76
|
# {:to_port=>"65535",
|
66
|
-
# :
|
77
|
+
# :group_name=>"default",
|
67
78
|
# :protocol=>"udp",
|
68
79
|
# :owner=>"048291609141",
|
69
80
|
# :from_port=>"1"},
|
70
81
|
# {:to_port=>"-1",
|
71
|
-
# :
|
82
|
+
# :group_name=>"default",
|
72
83
|
# :protocol=>"icmp",
|
73
84
|
# :owner=>"048291609141",
|
74
85
|
# :from_port=>"-1"},
|
@@ -89,29 +100,38 @@ module RightAws
|
|
89
100
|
# P.S. filters: http://docs.amazonwebservices.com/AWSEC2/latest/APIReference/ApiReference-query-DescribeSecurityGroups.html
|
90
101
|
#
|
91
102
|
def describe_security_groups(*list_and_options)
|
92
|
-
|
103
|
+
list, options = AwsUtils::split_items_and_params(list_and_options)
|
104
|
+
describe_by = options.delete(:describe_by) == :group_name ? 'GroupName' : 'GroupId'
|
105
|
+
describe_resources_with_list_and_options('DescribeSecurityGroups', describe_by, QEc2DescribeSecurityGroupsParser, list_and_options) do |parser|
|
93
106
|
result = []
|
94
107
|
parser.result.each do |item|
|
95
108
|
result_item = { :aws_owner => item[:owner_id],
|
96
109
|
:aws_group_name => item[:group_name],
|
97
110
|
:aws_description => item[:group_description] }
|
111
|
+
result_item[:group_id] = item[:group_id] unless item[:group_id].right_blank?
|
112
|
+
result_item[:vpc_id] = item[:vpc_id] unless item[:vpc_id].right_blank?
|
98
113
|
aws_perms = []
|
99
114
|
item[:ip_permissions].each do |permission|
|
100
115
|
result_perm = {}
|
101
|
-
result_perm[:from_port] = permission[:from_port]
|
102
|
-
result_perm[:to_port] = permission[:to_port]
|
116
|
+
result_perm[:from_port] = permission[:from_port] unless permission[:from_port].right_blank?
|
117
|
+
result_perm[:to_port] = permission[:to_port] unless permission[:to_port].right_blank?
|
103
118
|
result_perm[:protocol] = permission[:ip_protocol]
|
119
|
+
result_perm[:direction] = permission[:direction]
|
104
120
|
# IP permissions
|
105
121
|
Array(permission[:ip_ranges]).each do |ip_range|
|
106
122
|
perm = result_perm.dup
|
107
|
-
|
123
|
+
# Mhhh... For Eucalyptus we somehow get used to use ":cidr_ip" instead of ":cidr_ips"...
|
124
|
+
if @params[:eucalyptus] then perm[:cidr_ip] = ip_range
|
125
|
+
else perm[:cidr_ips] = ip_range
|
126
|
+
end
|
108
127
|
aws_perms << perm
|
109
128
|
end
|
110
129
|
# Group permissions
|
111
130
|
Array(permission[:groups]).each do |group|
|
112
131
|
perm = result_perm.dup
|
113
|
-
perm[:
|
114
|
-
perm[:
|
132
|
+
perm[:group_name] = group[:group_name] unless group[:group_name].right_blank?
|
133
|
+
perm[:group_id] = group[:group_id] unless group[:group_id].right_blank?
|
134
|
+
perm[:owner] = group[:user_id] unless group[:user_id].right_blank?
|
115
135
|
aws_perms << perm
|
116
136
|
end
|
117
137
|
end
|
@@ -122,87 +142,68 @@ module RightAws
|
|
122
142
|
end
|
123
143
|
end
|
124
144
|
|
145
|
+
def describe_security_groups_by_name(*list)
|
146
|
+
describe_security_groups(list, :describe_by => :group_name)
|
147
|
+
end
|
148
|
+
|
125
149
|
# Create new Security Group. Returns +true+ or an exception.
|
150
|
+
# Options: :vpc_id
|
126
151
|
#
|
127
|
-
# ec2.create_security_group('default-1',"Default allowing SSH, HTTP, and HTTPS ingress") #=>
|
152
|
+
# ec2.create_security_group('default-1',"Default allowing SSH, HTTP, and HTTPS ingress") #=>
|
153
|
+
# { :group_id=>"sg-f0227599", :return=>true }
|
128
154
|
#
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
155
|
+
# ec2.create_security_group('default-2',"my VPC group", :vpc_id => 'vpc-e16c0000') #=>
|
156
|
+
# { :group_id=>"sg-76d1c31a", :return=>true }
|
157
|
+
#
|
158
|
+
def create_security_group(name, description = nil, options = {})
|
159
|
+
options = options.dup
|
160
|
+
options[:group_name] = name
|
161
|
+
options[:group_description] = description.right_blank? ? '-' : description # EC2 rejects an empty description...
|
162
|
+
link = generate_request("CreateSecurityGroup", map_api_keys_and_values(options, :group_name, :group_description, :vpc_id))
|
163
|
+
request_info(link, QEc2CreateSecurityGroupsParser.new(:logger => @logger))
|
136
164
|
rescue Exception
|
137
165
|
on_exception
|
138
166
|
end
|
139
167
|
|
140
168
|
# Remove Security Group. Returns +true+ or an exception.
|
169
|
+
# Options: :group_name, :group_id
|
170
|
+
#
|
171
|
+
# # Delete security group by group_id:
|
172
|
+
# ec2.delete_security_group('sg-90054ef9') #=> true
|
173
|
+
# ec2.delete_security_group(:group_id => 'sg-90054ef9') #=> true
|
141
174
|
#
|
142
|
-
#
|
175
|
+
# # Delete security group by name (EC2 only):
|
176
|
+
# ec2.delete_security_group(:group_name => 'my-group']) #=> true
|
143
177
|
#
|
144
|
-
def delete_security_group(
|
145
|
-
|
146
|
-
|
178
|
+
def delete_security_group(group_id_or_options={})
|
179
|
+
options = group_id_or_options.is_a?(Hash) ? group_id_or_options : { :group_id => group_id_or_options }
|
180
|
+
link = generate_request("DeleteSecurityGroup", map_api_keys_and_values(options, :group_name, :group_id))
|
147
181
|
request_info(link, RightBoolResponseParser.new(:logger => @logger))
|
148
182
|
rescue Exception
|
149
183
|
on_exception
|
150
184
|
end
|
151
185
|
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
# ec2.edit_security_group( :grant,
|
167
|
-
# 'kd-sg-test',
|
168
|
-
# :source_group => "sketchy",
|
169
|
-
# :source_group_owner => "600000000006",
|
170
|
-
# :protocol => 'tcp',
|
171
|
-
# :port => '80',
|
172
|
-
# :cidr_ip => '127.0.0.1/32') #=> true
|
173
|
-
#
|
174
|
-
# P.S. This method is deprecated for AWS and but still good for Eucaliptus clouds.
|
175
|
-
# Use +modify_security_group_ingress+ method for AWS clouds.
|
176
|
-
#
|
177
|
-
def edit_security_group(action, group_name, params)
|
178
|
-
hash = {}
|
179
|
-
case action
|
180
|
-
when :authorize, :grant then action = "AuthorizeSecurityGroupIngress"
|
181
|
-
when :revoke, :remove then action = "RevokeSecurityGroupIngress"
|
182
|
-
else raise "Unknown action #{action.inspect}!"
|
183
|
-
end
|
184
|
-
hash['GroupName'] = group_name
|
185
|
-
hash['SourceSecurityGroupName'] = params[:source_group] unless params[:source_group].right_blank?
|
186
|
-
hash['SourceSecurityGroupOwnerId'] = params[:source_group_owner].to_s.gsub(/-/,'') unless params[:source_group_owner].right_blank?
|
187
|
-
hash['IpProtocol'] = params[:protocol] unless params[:protocol].right_blank?
|
188
|
-
unless params[:port].right_blank?
|
189
|
-
hash['FromPort'] = params[:port]
|
190
|
-
hash['ToPort'] = params[:port]
|
191
|
-
end
|
192
|
-
hash['FromPort'] = params[:from_port] unless params[:from_port].right_blank?
|
193
|
-
hash['ToPort'] = params[:to_port] unless params[:to_port].right_blank?
|
194
|
-
hash['CidrIp'] = params[:cidr_ip] unless params[:cidr_ip].right_blank?
|
195
|
-
#
|
196
|
-
link = generate_request(action, hash)
|
197
|
-
request_info(link, RightBoolResponseParser.new(:logger => @logger))
|
198
|
-
rescue Exception
|
199
|
-
on_exception
|
186
|
+
def grant_security_group_ingress(group_id, permissions)
|
187
|
+
modify_security_group(:grant, :ingress, group_id, permissions)
|
188
|
+
end
|
189
|
+
|
190
|
+
def revoke_security_group_ingress(group_id, permissions)
|
191
|
+
modify_security_group(:revoke, :ingress, group_id, permissions)
|
192
|
+
end
|
193
|
+
|
194
|
+
def grant_security_group_egress(group_id, permissions)
|
195
|
+
modify_security_group(:grant, :egress, group_id, permissions)
|
196
|
+
end
|
197
|
+
|
198
|
+
def revoke_security_group_egress(group_id, permissions)
|
199
|
+
modify_security_group(:revoke, :egress, group_id, permissions)
|
200
200
|
end
|
201
201
|
|
202
202
|
# Modify AWS security group permissions.
|
203
203
|
#
|
204
204
|
# Options:
|
205
205
|
# action - :authorize (or :grant) | :revoke (or :remove)
|
206
|
+
# direction - :ingress | :egress
|
206
207
|
# group_name - security group name
|
207
208
|
# permissions - a combination of options below:
|
208
209
|
# # Ports:
|
@@ -210,70 +211,65 @@ module RightAws
|
|
210
211
|
# :to_port => to port
|
211
212
|
# :port => set both :from_port and to_port with the same value
|
212
213
|
# # Protocol
|
213
|
-
# :protocol => :tcp | :udp | :icmp
|
214
|
-
# #
|
215
|
-
# :
|
216
|
-
# :
|
217
|
-
# # or
|
218
|
-
# :
|
219
|
-
# :source_groups => [ [ UserId1, GroupName1 ], [ UserName2 => GroupName2 ] ]
|
214
|
+
# :protocol => :tcp | :udp | :icmp | -1
|
215
|
+
# # or (ingress)
|
216
|
+
# :groups => { UserId1 => GroupId1, UserName2 => GroupId2 }
|
217
|
+
# :groups => [ [ UserId1, GroupId1 ], [ UserName2 => GroupId2 ] ]
|
218
|
+
# # or (egress)
|
219
|
+
# :groups => [ GroupId1, GroupId2 ]
|
220
220
|
# # CidrIp(s)
|
221
221
|
# :cidr_ip => '0.0.0.0/0'
|
222
222
|
# :cidr_ips => ['1.1.1.1/1', '2.2.2.2/2']
|
223
223
|
#
|
224
224
|
# # CidrIP based permissions:
|
225
225
|
#
|
226
|
-
# ec2.
|
227
|
-
#
|
228
|
-
#
|
229
|
-
#
|
226
|
+
# ec2.modify_security_group(:authorize, :ingress, 'sg-75d1c319',
|
227
|
+
# :cidr_ip => "127.0.0.0/31",
|
228
|
+
# :port => 811,
|
229
|
+
# :protocol => 'tcp' ) #=> true
|
230
230
|
#
|
231
|
-
# ec2.
|
232
|
-
#
|
233
|
-
#
|
234
|
-
#
|
231
|
+
# ec2.modify_security_group(:revoke, :ingress, 'sg-75d1c319',
|
232
|
+
# :cidr_ips => ["127.0.0.1/32", "127.0.0.2/32"],
|
233
|
+
# :port => 812,
|
234
|
+
# :protocol => 'tcp' ) #=> true
|
235
235
|
#
|
236
236
|
# # Group based permissions:
|
237
237
|
#
|
238
|
-
# ec2.
|
239
|
-
#
|
240
|
-
#
|
241
|
-
#
|
242
|
-
#
|
243
|
-
#
|
244
|
-
# ec2.modify_security_group_ingress(:authorize, 'my_cool_group',
|
245
|
-
# :source_groups => { "586789340000" => "sketchy-us",
|
246
|
-
# "635201710000" => "sketchy" },
|
247
|
-
# :port => 801,
|
248
|
-
# :protocol => 'tcp' ) #=> true
|
238
|
+
# ec2.modify_security_group(:authorize, :ingress, 'sg-75d1c319',
|
239
|
+
# :groups => { "586789340000" => "sg-75d1c300",
|
240
|
+
# "635201710000" => "sg-75d1c301" },
|
241
|
+
# :port => 801,
|
242
|
+
# :protocol => 'tcp' ) #=> true
|
249
243
|
#
|
250
|
-
# ec2.
|
251
|
-
#
|
252
|
-
#
|
253
|
-
#
|
254
|
-
#
|
244
|
+
# ec2.modify_security_group(:revoke, :ingress, 'sg-75d1c319',
|
245
|
+
# :groups => [[ "586789340000", "sg-75d1c300" ],
|
246
|
+
# [ "586789340000", "sg-75d1c302" ]],
|
247
|
+
# :port => 809,
|
248
|
+
# :protocol => 'tcp' ) #=> true
|
255
249
|
#
|
256
250
|
# # +Permissions+ can be an array of permission hashes:
|
257
251
|
#
|
258
|
-
# ec2.
|
259
|
-
#
|
260
|
-
#
|
261
|
-
#
|
262
|
-
#
|
263
|
-
#
|
264
|
-
#
|
265
|
-
#
|
252
|
+
# ec2.modify_security_group(:authorize, :ingress, 'sg-75d1c319',
|
253
|
+
# [{ :groups => { "586789340000" => "sg-75d1c300",
|
254
|
+
# "635201710000" => "sg-75d1c301" },
|
255
|
+
# :port => 803,
|
256
|
+
# :protocol => 'tcp'},
|
257
|
+
# { :cidr_ips => ["127.0.0.1/32", "127.0.0.2/32"],
|
258
|
+
# :port => 812,
|
259
|
+
# :protocol => 'tcp' }]) #=> true
|
266
260
|
#
|
267
|
-
def
|
261
|
+
def modify_security_group(action, direction, group_id, permissions)
|
268
262
|
hash = {}
|
269
|
-
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
|
263
|
+
raise "Unknown action #{action.inspect}!" unless [:authorize, :grant, :revoke, :remove].include?(action)
|
264
|
+
raise "Unknown direction #{direction.inspect}!" unless [:ingress, :egress].include?(direction)
|
265
|
+
# Remote action
|
266
|
+
remote_action = case action
|
267
|
+
when :authorize, :grant then direction == :ingress ? "AuthorizeSecurityGroupIngress" : "AuthorizeSecurityGroupEgress"
|
268
|
+
when :revoke, :remove then direction == :ingress ? "RevokeSecurityGroupIngress" : "RevokeSecurityGroupEgress"
|
269
|
+
end
|
274
270
|
# Group Name
|
275
|
-
hash["
|
276
|
-
#
|
271
|
+
hash["GroupId"] = group_id
|
272
|
+
# Permissions
|
277
273
|
permissions = [permissions] unless permissions.is_a?(Array)
|
278
274
|
permissions.each_with_index do |permission, idx|
|
279
275
|
pid = idx+1
|
@@ -287,30 +283,112 @@ module RightAws
|
|
287
283
|
hash["IpPermissions.#{pid}.FromPort"] = permission[:from_port]
|
288
284
|
hash["IpPermissions.#{pid}.ToPort"] = permission[:to_port]
|
289
285
|
end
|
290
|
-
#
|
291
|
-
|
292
|
-
|
293
|
-
|
294
|
-
|
286
|
+
# Groups
|
287
|
+
case direction
|
288
|
+
when :ingress
|
289
|
+
# :groups => {UserId1 => GroupId1, ... UserIdN => GroupIdN}
|
290
|
+
# or (this allows using same UserId multiple times )
|
291
|
+
# :groups => [[UserId1, GroupId1], ... [UserIdN, GroupIdN]]
|
292
|
+
# or even (unset user is == current account user)
|
293
|
+
# :groups => [GroupId1, GroupId2, ... GroupIdN]
|
294
|
+
# :groups => [[UserId1, GroupId1], GroupId2, ... GroupIdN, ... [UserIdM, GroupIdM]]
|
295
|
+
#
|
296
|
+
index = 1
|
297
|
+
unless permission[:group_names].right_blank?
|
298
|
+
owner_and_groups = []
|
299
|
+
groups_only = []
|
300
|
+
Array(permission[:group_names]).each do |item|
|
301
|
+
if item.is_a?(Array) && item.size == 2
|
302
|
+
owner_and_groups << item
|
303
|
+
else
|
304
|
+
groups_only << item
|
305
|
+
end
|
306
|
+
end
|
307
|
+
hash.merge!(amazonize_list( ["IpPermissions.#{pid}.Groups.?.UserId", "IpPermissions.#{pid}.Groups.?.GroupName"], owner_and_groups, :index => index ))
|
308
|
+
index += owner_and_groups.size
|
309
|
+
groups_only = groups_only.flatten
|
310
|
+
hash.merge!(amazonize_list( "IpPermissions.#{pid}.Groups.?.GroupName", groups_only, :index => index ))
|
311
|
+
index += groups_only.size
|
312
|
+
end
|
313
|
+
unless permission[:groups].right_blank?
|
314
|
+
owner_and_groups = []
|
315
|
+
groups_only = []
|
316
|
+
Array(permission[:groups]).each do |item|
|
317
|
+
if item.is_a?(Array) && item.size == 2
|
318
|
+
owner_and_groups << item
|
319
|
+
else
|
320
|
+
groups_only << item
|
321
|
+
end
|
322
|
+
end
|
323
|
+
hash.merge!(amazonize_list( ["IpPermissions.#{pid}.Groups.?.UserId", "IpPermissions.#{pid}.Groups.?.GroupId"], owner_and_groups, :index => index ))
|
324
|
+
index += owner_and_groups.size
|
325
|
+
groups_only = groups_only.flatten
|
326
|
+
hash.merge!(amazonize_list( "IpPermissions.#{pid}.Groups.?.GroupId", groups_only, :index => index ))
|
327
|
+
end
|
328
|
+
when :egress
|
329
|
+
# :groups => [GroupId1, ... GroupIdN]
|
330
|
+
hash.merge!(amazonize_list( "IpPermissions.#{pid}.Groups.?.GroupId", permission[:groups] ))
|
295
331
|
end
|
296
|
-
# # Fix UserId(s): '0000-0000-0000' => '000000000000'
|
297
|
-
# permission[:source_groups] = Array(permission[:source_groups])
|
298
|
-
# permission[:source_groups].each do |item|
|
299
|
-
# item[0] = item[0].to_s.gsub(/-/,'')
|
300
|
-
# end
|
301
|
-
# New way:
|
302
|
-
# :source_groups => {UserId1 => GroupName1, ... UserIdN => GroupNameN}
|
303
|
-
# or (this allows using same UserId multiple times )
|
304
|
-
# :source_groups => [[UserId1, GroupName1], ... [UserIdN, GroupNameN]]
|
305
|
-
hash.merge!(amazonize_list( ["IpPermissions.#{pid}.Groups.?.UserId",
|
306
|
-
"IpPermissions.#{pid}.Groups.?.GroupName"],
|
307
|
-
permission[:source_groups] ))
|
308
332
|
# CidrIp(s)
|
309
333
|
cidr_ips = permission[:cidr_ips] unless permission[:cidr_ips].right_blank?
|
310
334
|
cidr_ips ||= permission[:cidr_ip] unless permission[:cidr_ip].right_blank?
|
311
335
|
hash.merge!(amazonize_list("IpPermissions.1.IpRanges.?.CidrIp", cidr_ips))
|
312
336
|
end
|
313
337
|
#
|
338
|
+
link = generate_request(remote_action, hash)
|
339
|
+
request_info(link, RightBoolResponseParser.new(:logger => @logger))
|
340
|
+
rescue Exception
|
341
|
+
on_exception
|
342
|
+
end
|
343
|
+
|
344
|
+
#-----------------------------------------------------------------
|
345
|
+
# Eucalyptus
|
346
|
+
#-----------------------------------------------------------------
|
347
|
+
|
348
|
+
# Edit AWS/Eucaliptus security group permissions.
|
349
|
+
#
|
350
|
+
# Options:
|
351
|
+
# action - :authorize (or :grant) | :revoke (or :remove)
|
352
|
+
# group_name - security group name
|
353
|
+
# permissions - a combination of options below:
|
354
|
+
# :source_group_owner => UserId
|
355
|
+
# :source_group => GroupName
|
356
|
+
# :from_port => from port
|
357
|
+
# :to_port => to port
|
358
|
+
# :port => set both :from_port and to_port with the same value
|
359
|
+
# :protocol => :tcp | :udp | :icmp
|
360
|
+
# :cidr_ip => '0.0.0.0/0'
|
361
|
+
#
|
362
|
+
# ec2.edit_security_group( :grant,
|
363
|
+
# 'kd-sg-test',
|
364
|
+
# :source_group => "sketchy",
|
365
|
+
# :source_group_owner => "600000000006",
|
366
|
+
# :protocol => 'tcp',
|
367
|
+
# :port => '80',
|
368
|
+
# :cidr_ip => '127.0.0.1/32') #=> true
|
369
|
+
#
|
370
|
+
# P.S. This method is deprecated for AWS and but still good for Eucaliptus clouds.
|
371
|
+
# Use +modify_security_group_ingress+ method for AWS clouds.
|
372
|
+
#
|
373
|
+
def edit_security_group(action, group_name, params)
|
374
|
+
hash = {}
|
375
|
+
case action
|
376
|
+
when :authorize, :grant then action = "AuthorizeSecurityGroupIngress"
|
377
|
+
when :revoke, :remove then action = "RevokeSecurityGroupIngress"
|
378
|
+
else raise "Unknown action #{action.inspect}!"
|
379
|
+
end
|
380
|
+
hash['GroupName'] = group_name
|
381
|
+
hash['SourceSecurityGroupName'] = params[:source_group] unless params[:source_group].right_blank?
|
382
|
+
hash['SourceSecurityGroupOwnerId'] = params[:source_group_owner].to_s.gsub(/-/,'') unless params[:source_group_owner].right_blank?
|
383
|
+
hash['IpProtocol'] = params[:protocol] unless params[:protocol].right_blank?
|
384
|
+
unless params[:port].right_blank?
|
385
|
+
hash['FromPort'] = params[:port]
|
386
|
+
hash['ToPort'] = params[:port]
|
387
|
+
end
|
388
|
+
hash['FromPort'] = params[:from_port] unless params[:from_port].right_blank?
|
389
|
+
hash['ToPort'] = params[:to_port] unless params[:to_port].right_blank?
|
390
|
+
hash['CidrIp'] = params[:cidr_ip] unless params[:cidr_ip].right_blank?
|
391
|
+
#
|
314
392
|
link = generate_request(action, hash)
|
315
393
|
request_info(link, RightBoolResponseParser.new(:logger => @logger))
|
316
394
|
rescue Exception
|
@@ -355,35 +433,52 @@ module RightAws
|
|
355
433
|
# PARSERS: Security Groups
|
356
434
|
#-----------------------------------------------------------------
|
357
435
|
|
436
|
+
class QEc2CreateSecurityGroupsParser < RightAWSParser #:nodoc:
|
437
|
+
def tagend(name)
|
438
|
+
case name
|
439
|
+
when 'groupId' then @result[:group_id] = @text
|
440
|
+
when 'return' then @result[:return] = @text == 'true'
|
441
|
+
end
|
442
|
+
end
|
443
|
+
def reset
|
444
|
+
@result = {}
|
445
|
+
end
|
446
|
+
end
|
447
|
+
|
358
448
|
class QEc2DescribeSecurityGroupsParser < RightAWSParser #:nodoc:
|
359
449
|
def tagstart(name, attributes)
|
360
450
|
if name == 'item'
|
361
|
-
case
|
362
|
-
when
|
363
|
-
when
|
364
|
-
when
|
451
|
+
case full_tag_name
|
452
|
+
when %r{securityGroupInfo/item$} then @item = { :ip_permissions => [] }
|
453
|
+
when %r{ipPermissions/item$} then @ip_perm = { :groups => [], :ip_ranges => [], :direction => :ingress }
|
454
|
+
when %r{ipPermissionsEgress/item$} then @ip_perm = { :groups => [], :ip_ranges => [], :direction => :egress }
|
455
|
+
when %r{ipPermissions(Egress)?/item/groups/item$} then @group = {}
|
365
456
|
end
|
366
457
|
end
|
367
458
|
end
|
368
459
|
def tagend(name)
|
369
460
|
case name
|
370
|
-
when 'ownerId' then @item[:owner_id]
|
371
|
-
when 'groupDescription' then @item[:group_description]
|
372
|
-
when '
|
373
|
-
|
374
|
-
|
375
|
-
|
376
|
-
|
377
|
-
|
378
|
-
|
379
|
-
when
|
380
|
-
when
|
381
|
-
|
382
|
-
|
383
|
-
|
384
|
-
when
|
385
|
-
when
|
386
|
-
|
461
|
+
when 'ownerId' then @item[:owner_id] = @text
|
462
|
+
when 'groupDescription' then @item[:group_description] = @text
|
463
|
+
when 'vpcId' then @item[:vpc_id] = @text
|
464
|
+
else
|
465
|
+
case full_tag_name
|
466
|
+
when %r{securityGroupInfo/item/groupName$} then @item[:group_name] = @text
|
467
|
+
when %r{securityGroupInfo/item/groupId$} then @item[:group_id] = @text
|
468
|
+
# ipPermission[Egress]
|
469
|
+
when %r{ipPermissions(Egress)?/item/ipProtocol$} then @ip_perm[:ip_protocol] = @text
|
470
|
+
when %r{ipPermissions(Egress)?/item/fromPort$} then @ip_perm[:from_port] = @text
|
471
|
+
when %r{ipPermissions(Egress)?/item/toPort$} then @ip_perm[:to_port] = @text
|
472
|
+
when %r{ipPermissions(Egress)?/item/ipRanges/item/cidrIp$} then @ip_perm[:ip_ranges] << @text
|
473
|
+
# ipPermissions[Egress]/Groups
|
474
|
+
when %r{ipPermissions(Egress)?/item/groups/item/groupName$} then @group[:group_name] = @text
|
475
|
+
when %r{ipPermissions(Egress)?/item/groups/item/groupId$} then @group[:group_id] = @text
|
476
|
+
when %r{ipPermissions(Egress)?/item/groups/item/userId$} then @group[:user_id] = @text
|
477
|
+
# Sets
|
478
|
+
when %r{ipPermissions(Egress)?/item/groups/item$} then @ip_perm[:groups] << @group
|
479
|
+
when %r{ipPermissions/item$} then @item[:ip_permissions] << @ip_perm
|
480
|
+
when %r{ipPermissionsEgress/item$} then @item[:ip_permissions] << @ip_perm
|
481
|
+
when %r{securityGroupInfo/item$} then @result << @item
|
387
482
|
end
|
388
483
|
end
|
389
484
|
end
|