right_aws 2.1.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. data/History.txt +38 -14
  2. data/Manifest.txt +1 -0
  3. data/Rakefile +34 -8
  4. data/lib/awsbase/right_awsbase.rb +176 -12
  5. data/lib/awsbase/version.rb +2 -2
  6. data/lib/ec2/right_ec2.rb +120 -37
  7. data/lib/ec2/right_ec2_ebs.rb +57 -41
  8. data/lib/ec2/right_ec2_images.rb +73 -44
  9. data/lib/ec2/right_ec2_instances.rb +158 -155
  10. data/lib/ec2/right_ec2_reserved_instances.rb +36 -26
  11. data/lib/ec2/right_ec2_security_groups.rb +261 -166
  12. data/lib/ec2/right_ec2_spot_instances.rb +72 -75
  13. data/lib/ec2/right_ec2_vpc.rb +15 -8
  14. data/lib/ec2/right_ec2_vpc2.rb +381 -0
  15. data/lib/elb/right_elb_interface.rb +3 -1
  16. data/lib/emr/right_emr_interface.rb +727 -0
  17. data/lib/rds/right_rds_interface.rb +102 -27
  18. data/lib/right_aws.rb +4 -1
  19. data/lib/route_53/right_route_53_interface.rb +24 -14
  20. data/lib/s3/right_s3.rb +16 -15
  21. data/lib/s3/right_s3_interface.rb +42 -10
  22. data/lib/sdb/right_sdb_interface.rb +14 -5
  23. data/lib/sns/right_sns_interface.rb +286 -0
  24. data/test/README.mdown +39 -0
  25. data/test/awsbase/test_right_awsbase.rb +0 -1
  26. data/test/ec2/test_right_ec2.rb +0 -1
  27. data/test/elb/test_helper.rb +2 -0
  28. data/test/elb/test_right_elb.rb +43 -0
  29. data/test/route_53/fixtures/a_record.xml +18 -0
  30. data/test/route_53/fixtures/alias_record.xml +18 -0
  31. data/test/route_53/test_helper.rb +2 -0
  32. data/test/route_53/test_right_route_53.rb +141 -0
  33. data/test/s3/test_right_s3.rb +97 -39
  34. data/test/sns/test_helper.rb +2 -0
  35. data/test/sns/test_right_sns.rb +153 -0
  36. data/test/ts_right_aws.rb +1 -0
  37. metadata +28 -9
data/lib/ec2/right_ec2_reserved_instances.rb CHANGED
@@ -37,16 +37,19 @@ module RightAws
37
37
  # reserved-instances-id, start, state, tag-key, tag-value, tag:key, usage-price
38
38
  #
39
39
  # ec2.describe_reserved_instances #=>
40
- # [{:aws_id=>"1ba8e2e3-1c40-434c-a741-5ff16a4c542e",
41
- # :aws_duration=>31536000,
42
- # :aws_instance_type=>"m1.small",
43
- # :aws_usage_price=>0.03,
44
- # :aws_availability_zone=>"us-east-1b",
45
- # :aws_state=>"payment-pending",
46
- # :aws_product_description=>"Test",
47
- # :aws_fixed_price=>325.0,
48
- # :aws_start=>"2009-12-18T20:39:39.569Z"
49
- # :aws_instance_count=>1}]
40
+ # [{:currency_code=>"USD",
41
+ # :aws_fixed_price=>350.0,
42
+ # :aws_availability_zone=>"us-east-1c",
43
+ # :aws_instance_count=>1,
44
+ # :tags=>{},
45
+ # :aws_id=>"4357912c-ad94-4f57-8625-15ca71a8e66d",
46
+ # :aws_product_description=>"Linux/UNIX",
47
+ # :aws_state=>"active",
48
+ # :aws_start=>"2010-03-18T20:39:39.569Z",
49
+ # :aws_duration=>94608000,
50
+ # :aws_instance_type=>"m1.small",
51
+ # :instance_tenancy=>"default",
52
+ # :aws_usage_price=>0.03}]
50
53
  #
51
54
  # ec2.describe_reserved_instances(:filters => {'availability-zone' => 'us-east-1a'})
52
55
  #
@@ -63,22 +66,25 @@ module RightAws
63
66
  # Filters: availability-zone, duration, fixed-price, instance-type, product-description, reserved-instances-offering-id, usage-price
64
67
  #
65
68
  # ec2.describe_reserved_instances_offerings #=>
66
- # [{:aws_instance_type=>"c1.medium",
67
- # :aws_availability_zone=>"us-east-1c",
68
- # :aws_duration=>94608000,
69
+ # [{:currency_code=>"USD",
70
+ # :aws_fixed_price=>700.0,
71
+ # :aws_id=>"248e7b75-933c-451b-b126-be25865e02a5",
69
72
  # :aws_product_description=>"Linux/UNIX",
70
- # :aws_id=>"e5a2ff3b-f6eb-4b4e-83f8-b879d7060257",
73
+ # :aws_instance_type=>"c1.medium",
74
+ # :aws_duration=>94608000,
75
+ # :instance_tenancy=>"default",
71
76
  # :aws_usage_price=>0.06,
72
- # :aws_fixed_price=>1000.0},
73
- # ...
74
- # {:aws_instance_type=>"m1.xlarge",
75
- # :aws_availability_zone=>"us-east-1a",
76
- # :aws_duration=>31536000,
77
- # :aws_product_description=>"Linux/UNIX",
78
- # :aws_id=>"c48ab04c-63ab-4cd6-b8f5-978a29eb9bcc",
79
- # :aws_usage_price=>0.24,
80
- # :aws_fixed_price=>2600.0}]
81
- #
77
+ # :aws_availability_zone=>"us-east-1a"},
78
+ # {:currency_code=>"USD",
79
+ # :aws_fixed_price=>700.0,
80
+ # :aws_id=>"c48ab04c-7e03-46b2-891a-2df1116e51a3",
81
+ # :aws_product_description=>"Linux/UNIX (Amazon VPC)",
82
+ # :aws_instance_type=>"c1.medium",
83
+ # :aws_duration=>94608000,
84
+ # :instance_tenancy=>"default",
85
+ # :aws_usage_price=>0.06,
86
+ # :aws_availability_zone=>"us-east-1a"}, ... ]
87
+ #
82
88
  # ec2.describe_reserved_instances_offerings(:filters => {'availability-zone' => 'us-east-1c'})
83
89
  #
84
90
  # P.S. filters: http://docs.amazonwebservices.com/AWSEC2/latest/APIReference/index.html?ApiReference-query-DescribeReservedInstancesOfferings.html
@@ -123,6 +129,8 @@ module RightAws
123
129
  when 'productDescription' then @item[:aws_product_description] = @text
124
130
  when 'state' then @item[:aws_state] = @text
125
131
  when 'start' then @item[:aws_start] = @text
132
+ when 'instanceTenancy' then @item[:instance_tenancy] = @text
133
+ when 'currencyCode' then @item[:currency_code] = @text
126
134
  else
127
135
  case full_tag_name
128
136
  when %r{/tagSet/item/key$} then @aws_tag[:key] = @text
@@ -149,9 +157,11 @@ module RightAws
149
157
  when 'duration' then @item[:aws_duration] = @text.to_i
150
158
  when 'usagePrice' then @item[:aws_usage_price] = @text.to_f
151
159
  when 'fixedPrice' then @item[:aws_fixed_price] = @text.to_f
160
+ when 'instanceTenancy' then @item[:instance_tenancy] = @text
161
+ when 'currencyCode' then @item[:currency_code] = @text
152
162
  when 'productDescription' then @item[:aws_product_description] = @text
153
- when 'item' then @result << @item
154
- end
163
+ when 'item' then @result << @item
164
+ end
155
165
  end
156
166
  def reset
157
167
  @result = []
data/lib/ec2/right_ec2_security_groups.rb CHANGED
@@ -30,6 +30,7 @@ module RightAws
30
30
  #-----------------------------------------------------------------
31
31
 
32
32
  # Retrieve Security Groups information.
33
+ # Options: By default this methods expects security group ids but if you wanna pass their names then :describe_by => :group_name option must be set.
33
34
  #
34
35
  # Accepts a list of security groups and/or a set of filters as the last parameter.
35
36
  #
@@ -40,35 +41,45 @@ module RightAws
40
41
  # ec2 = Rightscale::Ec2.new(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
41
42
  # ec2.describe_security_groups #=>
42
43
  # [{:aws_perms=>
43
- # [{:group=>"default", :owner=>"048291609141"},
44
- # {:to_port=>"22",
45
- # :protocol=>"tcp",
46
- # :from_port=>"22",
47
- # :cidr_ips=>"0.0.0.0/0"},
48
- # {:to_port=>"9997",
49
- # :protocol=>"tcp",
50
- # :from_port=>"9997",
51
- # :cidr_ips=>"0.0.0.0/0"}],
52
- # :aws_group_name=>"photo_us",
53
- # :aws_description=>"default group",
54
- # :aws_owner=>"826693181925"}]
44
+ # [{:protocol=>"-1", :cidr_ips=>"0.0.0.0/0", :direction=>:egress},
45
+ # {:protocol=>"tcp",
46
+ # :cidr_ips=>"127.0.0.2/32",
47
+ # :direction=>:egress,
48
+ # :from_port=>"1111",
49
+ # :to_port=>"1111"},
50
+ # {:protocol=>"tcp",
51
+ # :cidr_ips=>"127.0.0.1/32",
52
+ # :direction=>:egress,
53
+ # :from_port=>"1111",
54
+ # :to_port=>"1111"}],
55
+ # :aws_group_name=>"kd-vpc-egress-test-1",
56
+ # :vpc_id=>"vpc-e16cf988",
57
+ # :aws_description=>"vpc test",
58
+ # :aws_owner=>"826693181925",
59
+ # :group_id=>"sg-b72032db"}]
60
+ #
61
+ # # Describe by group ids
62
+ # ec2.describe_security_groups("sg-a0b85dc9", "sg-00b05d39", "sg-a1b86dc8")
63
+ #
64
+ # # Describe by group names
65
+ # ec2.describe_security_groups("default", "default1", "kd", :describe_by => :group_name)
55
66
  #
56
67
  # # Eucalyptus cloud:
57
68
  # ec2 = Rightscale::Ec2.new(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, :eucalyptus => true)
58
69
  # ec2.describe_security_groups #=>
59
70
  # [{:aws_perms=>
60
71
  # [{:to_port=>"65535",
61
- # :group=>"default",
72
+ # :group_name=>"default",
62
73
  # :protocol=>"tcp",
63
74
  # :owner=>"048291609141",
64
75
  # :from_port=>"1"},
65
76
  # {:to_port=>"65535",
66
- # :group=>"default",
77
+ # :group_name=>"default",
67
78
  # :protocol=>"udp",
68
79
  # :owner=>"048291609141",
69
80
  # :from_port=>"1"},
70
81
  # {:to_port=>"-1",
71
- # :group=>"default",
82
+ # :group_name=>"default",
72
83
  # :protocol=>"icmp",
73
84
  # :owner=>"048291609141",
74
85
  # :from_port=>"-1"},
@@ -89,29 +100,38 @@ module RightAws
89
100
  # P.S. filters: http://docs.amazonwebservices.com/AWSEC2/latest/APIReference/ApiReference-query-DescribeSecurityGroups.html
90
101
  #
91
102
  def describe_security_groups(*list_and_options)
92
- describe_resources_with_list_and_options('DescribeSecurityGroups', 'GroupName', QEc2DescribeSecurityGroupsParser, list_and_options) do |parser|
103
+ list, options = AwsUtils::split_items_and_params(list_and_options)
104
+ describe_by = options.delete(:describe_by) == :group_name ? 'GroupName' : 'GroupId'
105
+ describe_resources_with_list_and_options('DescribeSecurityGroups', describe_by, QEc2DescribeSecurityGroupsParser, list_and_options) do |parser|
93
106
  result = []
94
107
  parser.result.each do |item|
95
108
  result_item = { :aws_owner => item[:owner_id],
96
109
  :aws_group_name => item[:group_name],
97
110
  :aws_description => item[:group_description] }
111
+ result_item[:group_id] = item[:group_id] unless item[:group_id].right_blank?
112
+ result_item[:vpc_id] = item[:vpc_id] unless item[:vpc_id].right_blank?
98
113
  aws_perms = []
99
114
  item[:ip_permissions].each do |permission|
100
115
  result_perm = {}
101
- result_perm[:from_port] = permission[:from_port]
102
- result_perm[:to_port] = permission[:to_port]
116
+ result_perm[:from_port] = permission[:from_port] unless permission[:from_port].right_blank?
117
+ result_perm[:to_port] = permission[:to_port] unless permission[:to_port].right_blank?
103
118
  result_perm[:protocol] = permission[:ip_protocol]
119
+ result_perm[:direction] = permission[:direction]
104
120
  # IP permissions
105
121
  Array(permission[:ip_ranges]).each do |ip_range|
106
122
  perm = result_perm.dup
107
- perm[:cidr_ips] = ip_range
123
+ # Mhhh... For Eucalyptus we somehow get used to use ":cidr_ip" instead of ":cidr_ips"...
124
+ if @params[:eucalyptus] then perm[:cidr_ip] = ip_range
125
+ else perm[:cidr_ips] = ip_range
126
+ end
108
127
  aws_perms << perm
109
128
  end
110
129
  # Group permissions
111
130
  Array(permission[:groups]).each do |group|
112
131
  perm = result_perm.dup
113
- perm[:group] = group[:group_name]
114
- perm[:owner] = group[:user_id]
132
+ perm[:group_name] = group[:group_name] unless group[:group_name].right_blank?
133
+ perm[:group_id] = group[:group_id] unless group[:group_id].right_blank?
134
+ perm[:owner] = group[:user_id] unless group[:user_id].right_blank?
115
135
  aws_perms << perm
116
136
  end
117
137
  end
@@ -122,87 +142,68 @@ module RightAws
122
142
  end
123
143
  end
124
144
 
145
+ def describe_security_groups_by_name(*list)
146
+ describe_security_groups(list, :describe_by => :group_name)
147
+ end
148
+
125
149
  # Create new Security Group. Returns +true+ or an exception.
150
+ # Options: :vpc_id
126
151
  #
127
- # ec2.create_security_group('default-1',"Default allowing SSH, HTTP, and HTTPS ingress") #=> true
152
+ # ec2.create_security_group('default-1',"Default allowing SSH, HTTP, and HTTPS ingress") #=>
153
+ # { :group_id=>"sg-f0227599", :return=>true }
128
154
  #
129
- def create_security_group(name, description=nil)
130
- # EC2 doesn't like an empty description...
131
- description = "-" if description.right_blank?
132
- link = generate_request("CreateSecurityGroup",
133
- 'GroupName' => name.to_s,
134
- 'GroupDescription' => description.to_s)
135
- request_info(link, RightBoolResponseParser.new(:logger => @logger))
155
+ # ec2.create_security_group('default-2',"my VPC group", :vpc_id => 'vpc-e16c0000') #=>
156
+ # { :group_id=>"sg-76d1c31a", :return=>true }
157
+ #
158
+ def create_security_group(name, description = nil, options = {})
159
+ options = options.dup
160
+ options[:group_name] = name
161
+ options[:group_description] = description.right_blank? ? '-' : description # EC2 rejects an empty description...
162
+ link = generate_request("CreateSecurityGroup", map_api_keys_and_values(options, :group_name, :group_description, :vpc_id))
163
+ request_info(link, QEc2CreateSecurityGroupsParser.new(:logger => @logger))
136
164
  rescue Exception
137
165
  on_exception
138
166
  end
139
167
 
140
168
  # Remove Security Group. Returns +true+ or an exception.
169
+ # Options: :group_name, :group_id
170
+ #
171
+ # # Delete security group by group_id:
172
+ # ec2.delete_security_group('sg-90054ef9') #=> true
173
+ # ec2.delete_security_group(:group_id => 'sg-90054ef9') #=> true
141
174
  #
142
- # ec2.delete_security_group('default-1') #=> true
175
+ # # Delete security group by name (EC2 only):
176
+ # ec2.delete_security_group(:group_name => 'my-group']) #=> true
143
177
  #
144
- def delete_security_group(name)
145
- link = generate_request("DeleteSecurityGroup",
146
- 'GroupName' => name.to_s)
178
+ def delete_security_group(group_id_or_options={})
179
+ options = group_id_or_options.is_a?(Hash) ? group_id_or_options : { :group_id => group_id_or_options }
180
+ link = generate_request("DeleteSecurityGroup", map_api_keys_and_values(options, :group_name, :group_id))
147
181
  request_info(link, RightBoolResponseParser.new(:logger => @logger))
148
182
  rescue Exception
149
183
  on_exception
150
184
  end
151
185
 
152
- # Edit AWS/Eucaliptus security group permissions.
153
- #
154
- # Options:
155
- # action - :authorize (or :grant) | :revoke (or :remove)
156
- # group_name - security group name
157
- # permissions - a combination of options below:
158
- # :source_group_owner => UserId
159
- # :source_group => GroupName
160
- # :from_port => from port
161
- # :to_port => to port
162
- # :port => set both :from_port and to_port with the same value
163
- # :protocol => :tcp | :udp | :icmp
164
- # :cidr_ip => '0.0.0.0/0'
165
- #
166
- # ec2.edit_security_group( :grant,
167
- # 'kd-sg-test',
168
- # :source_group => "sketchy",
169
- # :source_group_owner => "600000000006",
170
- # :protocol => 'tcp',
171
- # :port => '80',
172
- # :cidr_ip => '127.0.0.1/32') #=> true
173
- #
174
- # P.S. This method is deprecated for AWS and but still good for Eucaliptus clouds.
175
- # Use +modify_security_group_ingress+ method for AWS clouds.
176
- #
177
- def edit_security_group(action, group_name, params)
178
- hash = {}
179
- case action
180
- when :authorize, :grant then action = "AuthorizeSecurityGroupIngress"
181
- when :revoke, :remove then action = "RevokeSecurityGroupIngress"
182
- else raise "Unknown action #{action.inspect}!"
183
- end
184
- hash['GroupName'] = group_name
185
- hash['SourceSecurityGroupName'] = params[:source_group] unless params[:source_group].right_blank?
186
- hash['SourceSecurityGroupOwnerId'] = params[:source_group_owner].to_s.gsub(/-/,'') unless params[:source_group_owner].right_blank?
187
- hash['IpProtocol'] = params[:protocol] unless params[:protocol].right_blank?
188
- unless params[:port].right_blank?
189
- hash['FromPort'] = params[:port]
190
- hash['ToPort'] = params[:port]
191
- end
192
- hash['FromPort'] = params[:from_port] unless params[:from_port].right_blank?
193
- hash['ToPort'] = params[:to_port] unless params[:to_port].right_blank?
194
- hash['CidrIp'] = params[:cidr_ip] unless params[:cidr_ip].right_blank?
195
- #
196
- link = generate_request(action, hash)
197
- request_info(link, RightBoolResponseParser.new(:logger => @logger))
198
- rescue Exception
199
- on_exception
186
+ def grant_security_group_ingress(group_id, permissions)
187
+ modify_security_group(:grant, :ingress, group_id, permissions)
188
+ end
189
+
190
+ def revoke_security_group_ingress(group_id, permissions)
191
+ modify_security_group(:revoke, :ingress, group_id, permissions)
192
+ end
193
+
194
+ def grant_security_group_egress(group_id, permissions)
195
+ modify_security_group(:grant, :egress, group_id, permissions)
196
+ end
197
+
198
+ def revoke_security_group_egress(group_id, permissions)
199
+ modify_security_group(:revoke, :egress, group_id, permissions)
200
200
  end
201
201
 
202
202
  # Modify AWS security group permissions.
203
203
  #
204
204
  # Options:
205
205
  # action - :authorize (or :grant) | :revoke (or :remove)
206
+ # direction - :ingress | :egress
206
207
  # group_name - security group name
207
208
  # permissions - a combination of options below:
208
209
  # # Ports:
@@ -210,70 +211,65 @@ module RightAws
210
211
  # :to_port => to port
211
212
  # :port => set both :from_port and to_port with the same value
212
213
  # # Protocol
213
- # :protocol => :tcp | :udp | :icmp
214
- # # Group(s)
215
- # :source_group_owner => UserId
216
- # :source_group => GroupName
217
- # # or
218
- # :source_groups => { UserId1 => GroupName1, UserName2 => GroupName2 }
219
- # :source_groups => [ [ UserId1, GroupName1 ], [ UserName2 => GroupName2 ] ]
214
+ # :protocol => :tcp | :udp | :icmp | -1
215
+ # # or (ingress)
216
+ # :groups => { UserId1 => GroupId1, UserName2 => GroupId2 }
217
+ # :groups => [ [ UserId1, GroupId1 ], [ UserName2 => GroupId2 ] ]
218
+ # # or (egress)
219
+ # :groups => [ GroupId1, GroupId2 ]
220
220
  # # CidrIp(s)
221
221
  # :cidr_ip => '0.0.0.0/0'
222
222
  # :cidr_ips => ['1.1.1.1/1', '2.2.2.2/2']
223
223
  #
224
224
  # # CidrIP based permissions:
225
225
  #
226
- # ec2.modify_security_group_ingress(:authorize, 'my_cool_group',
227
- # :cidr_ip => "127.0.0.0/31",
228
- # :port => 811,
229
- # :protocol => 'tcp' ) #=> true
226
+ # ec2.modify_security_group(:authorize, :ingress, 'sg-75d1c319',
227
+ # :cidr_ip => "127.0.0.0/31",
228
+ # :port => 811,
229
+ # :protocol => 'tcp' ) #=> true
230
230
  #
231
- # ec2.modify_security_group_ingress(:revoke, 'my_cool_group',
232
- # :cidr_ips => ["127.0.0.1/32", "127.0.0.2/32"],
233
- # :port => 812,
234
- # :protocol => 'tcp' ) #=> true
231
+ # ec2.modify_security_group(:revoke, :ingress, 'sg-75d1c319',
232
+ # :cidr_ips => ["127.0.0.1/32", "127.0.0.2/32"],
233
+ # :port => 812,
234
+ # :protocol => 'tcp' ) #=> true
235
235
  #
236
236
  # # Group based permissions:
237
237
  #
238
- # ec2.modify_security_group_ingress(:authorize, 'my_cool_group',
239
- # :source_group_owner => "586789340000",
240
- # :source_group => "sketchy-us",
241
- # :port => 800,
242
- # :protocol => 'tcp' ) #=> true
243
- #
244
- # ec2.modify_security_group_ingress(:authorize, 'my_cool_group',
245
- # :source_groups => { "586789340000" => "sketchy-us",
246
- # "635201710000" => "sketchy" },
247
- # :port => 801,
248
- # :protocol => 'tcp' ) #=> true
238
+ # ec2.modify_security_group(:authorize, :ingress, 'sg-75d1c319',
239
+ # :groups => { "586789340000" => "sg-75d1c300",
240
+ # "635201710000" => "sg-75d1c301" },
241
+ # :port => 801,
242
+ # :protocol => 'tcp' ) #=> true
249
243
  #
250
- # ec2.modify_security_group_ingress(:revoke, 'my_cool_group',
251
- # :source_groups => [[ "586789340000", "sketchy-us" ],
252
- # [ "586789340000", "default" ]],
253
- # :port => 809,
254
- # :protocol => 'tcp' ) #=> true
244
+ # ec2.modify_security_group(:revoke, :ingress, 'sg-75d1c319',
245
+ # :groups => [[ "586789340000", "sg-75d1c300" ],
246
+ # [ "586789340000", "sg-75d1c302" ]],
247
+ # :port => 809,
248
+ # :protocol => 'tcp' ) #=> true
255
249
  #
256
250
  # # +Permissions+ can be an array of permission hashes:
257
251
  #
258
- # ec2.modify_security_group_ingress(:authorize, 'my_cool_group',
259
- # [{ :source_groups => { "586789340000" => "sketchy-us",
260
- # "635201710000" => "sketchy" },
261
- # :port => 803,
262
- # :protocol => 'tcp'},
263
- # { :cidr_ips => ["127.0.0.1/32", "127.0.0.2/32"],
264
- # :port => 812,
265
- # :protocol => 'tcp' }]) #=> true
252
+ # ec2.modify_security_group(:authorize, :ingress, 'sg-75d1c319',
253
+ # [{ :groups => { "586789340000" => "sg-75d1c300",
254
+ # "635201710000" => "sg-75d1c301" },
255
+ # :port => 803,
256
+ # :protocol => 'tcp'},
257
+ # { :cidr_ips => ["127.0.0.1/32", "127.0.0.2/32"],
258
+ # :port => 812,
259
+ # :protocol => 'tcp' }]) #=> true
266
260
  #
267
- def modify_security_group_ingress(action, group_name, permissions)
261
+ def modify_security_group(action, direction, group_id, permissions)
268
262
  hash = {}
269
- case action
270
- when :authorize, :grant then action = "AuthorizeSecurityGroupIngress"
271
- when :revoke, :remove then action = "RevokeSecurityGroupIngress"
272
- else raise "Unknown action #{action.inspect}!"
273
- end
263
+ raise "Unknown action #{action.inspect}!" unless [:authorize, :grant, :revoke, :remove].include?(action)
264
+ raise "Unknown direction #{direction.inspect}!" unless [:ingress, :egress].include?(direction)
265
+ # Remote action
266
+ remote_action = case action
267
+ when :authorize, :grant then direction == :ingress ? "AuthorizeSecurityGroupIngress" : "AuthorizeSecurityGroupEgress"
268
+ when :revoke, :remove then direction == :ingress ? "RevokeSecurityGroupIngress" : "RevokeSecurityGroupEgress"
269
+ end
274
270
  # Group Name
275
- hash["GroupName"] = group_name
276
- #
271
+ hash["GroupId"] = group_id
272
+ # Permissions
277
273
  permissions = [permissions] unless permissions.is_a?(Array)
278
274
  permissions.each_with_index do |permission, idx|
279
275
  pid = idx+1
@@ -287,30 +283,112 @@ module RightAws
287
283
  hash["IpPermissions.#{pid}.FromPort"] = permission[:from_port]
288
284
  hash["IpPermissions.#{pid}.ToPort"] = permission[:to_port]
289
285
  end
290
- # Source Group(s)
291
- # Old way (if it is used):
292
- # :source_group_owner => UserId, :source_group => GroupName
293
- if !permission[:source_group].right_blank? && !permission[:source_group_owner].right_blank?
294
- permission[:source_groups] = { permission[:source_group_owner] => permission[:source_group]}
286
+ # Groups
287
+ case direction
288
+ when :ingress
289
+ # :groups => {UserId1 => GroupId1, ... UserIdN => GroupIdN}
290
+ # or (this allows using same UserId multiple times )
291
+ # :groups => [[UserId1, GroupId1], ... [UserIdN, GroupIdN]]
292
+ # or even (unset user is == current account user)
293
+ # :groups => [GroupId1, GroupId2, ... GroupIdN]
294
+ # :groups => [[UserId1, GroupId1], GroupId2, ... GroupIdN, ... [UserIdM, GroupIdM]]
295
+ #
296
+ index = 1
297
+ unless permission[:group_names].right_blank?
298
+ owner_and_groups = []
299
+ groups_only = []
300
+ Array(permission[:group_names]).each do |item|
301
+ if item.is_a?(Array) && item.size == 2
302
+ owner_and_groups << item
303
+ else
304
+ groups_only << item
305
+ end
306
+ end
307
+ hash.merge!(amazonize_list( ["IpPermissions.#{pid}.Groups.?.UserId", "IpPermissions.#{pid}.Groups.?.GroupName"], owner_and_groups, :index => index ))
308
+ index += owner_and_groups.size
309
+ groups_only = groups_only.flatten
310
+ hash.merge!(amazonize_list( "IpPermissions.#{pid}.Groups.?.GroupName", groups_only, :index => index ))
311
+ index += groups_only.size
312
+ end
313
+ unless permission[:groups].right_blank?
314
+ owner_and_groups = []
315
+ groups_only = []
316
+ Array(permission[:groups]).each do |item|
317
+ if item.is_a?(Array) && item.size == 2
318
+ owner_and_groups << item
319
+ else
320
+ groups_only << item
321
+ end
322
+ end
323
+ hash.merge!(amazonize_list( ["IpPermissions.#{pid}.Groups.?.UserId", "IpPermissions.#{pid}.Groups.?.GroupId"], owner_and_groups, :index => index ))
324
+ index += owner_and_groups.size
325
+ groups_only = groups_only.flatten
326
+ hash.merge!(amazonize_list( "IpPermissions.#{pid}.Groups.?.GroupId", groups_only, :index => index ))
327
+ end
328
+ when :egress
329
+ # :groups => [GroupId1, ... GroupIdN]
330
+ hash.merge!(amazonize_list( "IpPermissions.#{pid}.Groups.?.GroupId", permission[:groups] ))
295
331
  end
296
- # # Fix UserId(s): '0000-0000-0000' => '000000000000'
297
- # permission[:source_groups] = Array(permission[:source_groups])
298
- # permission[:source_groups].each do |item|
299
- # item[0] = item[0].to_s.gsub(/-/,'')
300
- # end
301
- # New way:
302
- # :source_groups => {UserId1 => GroupName1, ... UserIdN => GroupNameN}
303
- # or (this allows using same UserId multiple times )
304
- # :source_groups => [[UserId1, GroupName1], ... [UserIdN, GroupNameN]]
305
- hash.merge!(amazonize_list( ["IpPermissions.#{pid}.Groups.?.UserId",
306
- "IpPermissions.#{pid}.Groups.?.GroupName"],
307
- permission[:source_groups] ))
308
332
  # CidrIp(s)
309
333
  cidr_ips = permission[:cidr_ips] unless permission[:cidr_ips].right_blank?
310
334
  cidr_ips ||= permission[:cidr_ip] unless permission[:cidr_ip].right_blank?
311
335
  hash.merge!(amazonize_list("IpPermissions.1.IpRanges.?.CidrIp", cidr_ips))
312
336
  end
313
337
  #
338
+ link = generate_request(remote_action, hash)
339
+ request_info(link, RightBoolResponseParser.new(:logger => @logger))
340
+ rescue Exception
341
+ on_exception
342
+ end
343
+
344
+ #-----------------------------------------------------------------
345
+ # Eucalyptus
346
+ #-----------------------------------------------------------------
347
+
348
+ # Edit AWS/Eucaliptus security group permissions.
349
+ #
350
+ # Options:
351
+ # action - :authorize (or :grant) | :revoke (or :remove)
352
+ # group_name - security group name
353
+ # permissions - a combination of options below:
354
+ # :source_group_owner => UserId
355
+ # :source_group => GroupName
356
+ # :from_port => from port
357
+ # :to_port => to port
358
+ # :port => set both :from_port and to_port with the same value
359
+ # :protocol => :tcp | :udp | :icmp
360
+ # :cidr_ip => '0.0.0.0/0'
361
+ #
362
+ # ec2.edit_security_group( :grant,
363
+ # 'kd-sg-test',
364
+ # :source_group => "sketchy",
365
+ # :source_group_owner => "600000000006",
366
+ # :protocol => 'tcp',
367
+ # :port => '80',
368
+ # :cidr_ip => '127.0.0.1/32') #=> true
369
+ #
370
+ # P.S. This method is deprecated for AWS and but still good for Eucaliptus clouds.
371
+ # Use +modify_security_group_ingress+ method for AWS clouds.
372
+ #
373
+ def edit_security_group(action, group_name, params)
374
+ hash = {}
375
+ case action
376
+ when :authorize, :grant then action = "AuthorizeSecurityGroupIngress"
377
+ when :revoke, :remove then action = "RevokeSecurityGroupIngress"
378
+ else raise "Unknown action #{action.inspect}!"
379
+ end
380
+ hash['GroupName'] = group_name
381
+ hash['SourceSecurityGroupName'] = params[:source_group] unless params[:source_group].right_blank?
382
+ hash['SourceSecurityGroupOwnerId'] = params[:source_group_owner].to_s.gsub(/-/,'') unless params[:source_group_owner].right_blank?
383
+ hash['IpProtocol'] = params[:protocol] unless params[:protocol].right_blank?
384
+ unless params[:port].right_blank?
385
+ hash['FromPort'] = params[:port]
386
+ hash['ToPort'] = params[:port]
387
+ end
388
+ hash['FromPort'] = params[:from_port] unless params[:from_port].right_blank?
389
+ hash['ToPort'] = params[:to_port] unless params[:to_port].right_blank?
390
+ hash['CidrIp'] = params[:cidr_ip] unless params[:cidr_ip].right_blank?
391
+ #
314
392
  link = generate_request(action, hash)
315
393
  request_info(link, RightBoolResponseParser.new(:logger => @logger))
316
394
  rescue Exception
@@ -355,35 +433,52 @@ module RightAws
355
433
  # PARSERS: Security Groups
356
434
  #-----------------------------------------------------------------
357
435
 
436
+ class QEc2CreateSecurityGroupsParser < RightAWSParser #:nodoc:
437
+ def tagend(name)
438
+ case name
439
+ when 'groupId' then @result[:group_id] = @text
440
+ when 'return' then @result[:return] = @text == 'true'
441
+ end
442
+ end
443
+ def reset
444
+ @result = {}
445
+ end
446
+ end
447
+
358
448
  class QEc2DescribeSecurityGroupsParser < RightAWSParser #:nodoc:
359
449
  def tagstart(name, attributes)
360
450
  if name == 'item'
361
- case
362
- when @xmlpath[/securityGroupInfo$/] then @item = { :ip_permissions => [] }
363
- when @xmlpath[/ipPermissions$/] then @ip_permission = { :groups => [], :ip_ranges => [] }
364
- when @xmlpath[/groups$/] then @group = {}
451
+ case full_tag_name
452
+ when %r{securityGroupInfo/item$} then @item = { :ip_permissions => [] }
453
+ when %r{ipPermissions/item$} then @ip_perm = { :groups => [], :ip_ranges => [], :direction => :ingress }
454
+ when %r{ipPermissionsEgress/item$} then @ip_perm = { :groups => [], :ip_ranges => [], :direction => :egress }
455
+ when %r{ipPermissions(Egress)?/item/groups/item$} then @group = {}
365
456
  end
366
457
  end
367
458
  end
368
459
  def tagend(name)
369
460
  case name
370
- when 'ownerId' then @item[:owner_id] = @text
371
- when 'groupDescription' then @item[:group_description] = @text
372
- when 'ipProtocol' then @ip_permission[:ip_protocol] = @text
373
- when 'fromPort' then @ip_permission[:from_port] = @text
374
- when 'toPort' then @ip_permission[:to_port] = @text
375
- when 'cidrIp' then @ip_permission[:ip_ranges] << @text
376
- when 'userId' then @group[:user_id] = @text
377
- when 'groupName'
378
- case
379
- when @xmlpath[/securityGroupInfo\/item$/] then @item[:group_name] = @text
380
- when @xmlpath[/groups\/item$/] then @group[:group_name] = @text
381
- end
382
- when 'item'
383
- case
384
- when @xmlpath[/groups$/] then @ip_permission[:groups] << @group
385
- when @xmlpath[/ipPermissions$/] then @item[:ip_permissions] << @ip_permission
386
- when @xmlpath[/securityGroupInfo$/]then @result << @item
461
+ when 'ownerId' then @item[:owner_id] = @text
462
+ when 'groupDescription' then @item[:group_description] = @text
463
+ when 'vpcId' then @item[:vpc_id] = @text
464
+ else
465
+ case full_tag_name
466
+ when %r{securityGroupInfo/item/groupName$} then @item[:group_name] = @text
467
+ when %r{securityGroupInfo/item/groupId$} then @item[:group_id] = @text
468
+ # ipPermission[Egress]
469
+ when %r{ipPermissions(Egress)?/item/ipProtocol$} then @ip_perm[:ip_protocol] = @text
470
+ when %r{ipPermissions(Egress)?/item/fromPort$} then @ip_perm[:from_port] = @text
471
+ when %r{ipPermissions(Egress)?/item/toPort$} then @ip_perm[:to_port] = @text
472
+ when %r{ipPermissions(Egress)?/item/ipRanges/item/cidrIp$} then @ip_perm[:ip_ranges] << @text
473
+ # ipPermissions[Egress]/Groups
474
+ when %r{ipPermissions(Egress)?/item/groups/item/groupName$} then @group[:group_name] = @text
475
+ when %r{ipPermissions(Egress)?/item/groups/item/groupId$} then @group[:group_id] = @text
476
+ when %r{ipPermissions(Egress)?/item/groups/item/userId$} then @group[:user_id] = @text
477
+ # Sets
478
+ when %r{ipPermissions(Egress)?/item/groups/item$} then @ip_perm[:groups] << @group
479
+ when %r{ipPermissions/item$} then @item[:ip_permissions] << @ip_perm
480
+ when %r{ipPermissionsEgress/item$} then @item[:ip_permissions] << @ip_perm
481
+ when %r{securityGroupInfo/item$} then @result << @item
387
482
  end
388
483
  end
389
484
  end