wakame-vdc-agents 11.06.0 → 11.12.0

data/lib/dcmgr/cli/keypair.rb

@@ -4,18 +4,19 @@ module Dcmgr::Cli
   class KeyPair < Base
     namespace :keypair
     M = Dcmgr::Models
+    include Dcmgr::Helpers::CliHelper
 
     desc "add [options]", "Register a new key pair."
-    method_option :uuid, :type => :string, :aliases => "-u", :desc => "The UUID for the new key pair"
-    method_option :account_id, :type => :string, :aliases => "-a", :desc => "The UUID of the account this key pair belongs to", :required => true
-    method_option :name, :type => :string, :aliases => "-n", :desc => "The name for this key pair", :required => true
-    method_option :public_key, :type => :string, :aliases => "-p", :desc => "The path to the public key", :required => true
-    method_option :private_key, :type => :string, :aliases => "-r", :desc => "The path to the private key", :required => true
+    method_option :uuid, :type => :string, :desc => "The UUID for the new key pair"
+    method_option :account_id, :type => :string, :desc => "The UUID of the account this key pair belongs to", :required => true
+    method_option :public_key, :type => :string, :desc => "The path to the public key", :required => true
+    method_option :private_key, :type => :string, :desc => "The path to the private key"
+    method_option :description, :type => :string, :desc => "Description for this key pair"
     def add
       UnknownUUIDError.raise(options[:account_id]) if M::Account[options[:account_id]].nil?
       private_key_path = File.expand_path(options[:private_key])
       public_key_path = File.expand_path(options[:public_key])
-      Error.raise "Private key file doesn't exist",100 unless File.exists?(private_key_path)
+      Error.raise "Private key file doesn't exist",100 unless File.exists?(private_key_path) || options[:private_key]
       Error.raise "Public key file doesn't exist",100 unless File.exists?(public_key_path)
       
       fields = options.dup
@@ -25,14 +26,15 @@ module Dcmgr::Cli
       fields[:private_key] = File.open(private_key_path) {|f| f.readlines.map.join}
       
       #Generate the fingerprint from the public key file
-      fields[:finger_print] = %x{ssh-keygen -lf #{options[:public_key]} | cut -d ' ' -f2}.chomp
+      res = sh("ssh-keygen -lf #{options[:public_key]}")
+      fields[:finger_print] = res[:stdout].split(' ')[1]
       
       puts super(M::SshKeyPair,fields)
     end
     
     desc "modify UUID [options]", "Modify an existing key pair"
-    method_option :account_id, :type => :string, :aliases => "-a", :desc => "The UUID of the account this key pair belongs to"
-    method_option :name, :type => :string, :aliases => "-n", :desc => "The name for this key pair"
+    method_option :account_id, :type => :string, :desc => "The UUID of the account this key pair belongs to"
+    method_option :description, :type => :string, :desc => "Description for this key pair"
     def modify(uuid)
       UnknownUUIDError.raise(options[:account_id]) if options[:account_id] && M::Account[options[:account_id]].nil?
       super(M::SshKeyPair,uuid,options)
@@ -52,17 +54,19 @@ Keypair UUID:
   <%= keypair.canonical_uuid %>
 Account id:
   <%= keypair.account_id %>
-Name:
-  <%= keypair.name%>
 Finger print:
   <%= keypair.finger_print %>
 Public Key:
   <%= keypair.public_key%>
+<%- if keypair.description -%>
+Description:
+  <%= keypair.description %>
+<%- end -%>
 __END
       else
         puts ERB.new(<<__END, nil, '-').result(binding)
 <%- M::SshKeyPair.each { |row| -%>
-<%= row.canonical_uuid %>\t<%= row.account_id %>\t<%= row.name %>\t<%= row.finger_print %>
+<%= row.canonical_uuid %>\t<%= row.account_id %>\t<%= row.finger_print %>
 <%- } -%>
 __END
       end

data/lib/dcmgr/cli/network.rb

@@ -6,42 +6,65 @@ module Dcmgr::Cli
 class Network < Base
   namespace :network
   M=Dcmgr::Models
+
+  no_tasks {
+    def validate_ipv4_range
+      @network_addr = IPAddress::IPv4.new("#{options[:ipv4_network]}/#{options[:prefix]}").network
+      if options[:ipv4_gw] && !@network_addr.include?(IPAddress::IPv4.new(options[:ipv4_gw]))
+        Error.raise("ipv4_gw #{options[:ipv4_gw]} is out of range from network address: #{@network_addr}")
+      end
+      # DHCP IP address has to be in same IP network.
+      if options[:dhcp] && !@network_addr.include?(IPAddress::IPv4.new(options[:dhcp]))
+        Error.raise("dhcp server address #{options[:dhcp]} is out of range from network address: #{@network_addr}")
+      end
+    end
+    private :validate_ipv4_range
+
+    def map_network_params
+      optmap(options) { |c|
+        c.option(:ipv4_network) {
+          @network_addr.to_s
+        }
+        c.map(:domain, :domain_name)
+        c.map(:dhcp, :dhcp_server)
+        c.map(:dns, :dns_server)
+        c.map(:metadata, :metadata_server)
+        c.map(:metadata_port, :metadata_server_port)
+        c.option(:vlan_id, :vlan_lease_id) {
+          @vlan_pk
+        }
+      }
+    end
+    private :map_network_params
+  }
   
   desc "add [options]", "Register a new network entry"
-  method_option :uuid, :type => :string, :aliases => "-u", :desc => "UUID of the network"
-  method_option :ipv4_gw, :type => :string, :aliases => "-g", :required => true, :desc => "Gateway address for IPv4 network"
-  method_option :prefix, :type => :numeric, :default=>24, :aliases => "-p", :desc => "IP network mask size (1 < prefix < 32)"
-  method_option :domain, :type => :string, :aliases => "-m", :desc => "DNS domain name of the network"
-  method_option :dns, :type => :string, :aliases => "-n", :desc => "IP address for DNS server of the network"
-  method_option :dhcp, :type => :string, :aliases => "-c", :desc => "IP address for DHCP server of the network"
-  method_option :metadata, :type => :string, :aliases => "-t", :desc => "IP address for metadata server of the network"
-  method_option :metadata_port, :type => :string, :aliases => "--tp", :desc => "Port for the metadata server of the network"
-  method_option :bandwidth, :type => :numeric, :aliases => "-b", :desc => "The maximum bandwidth for the network in Mbit/s"
-  method_option :vlan_id, :type => :numeric, :default=>0, :aliases => "-l", :desc => "Tag VLAN (802.1Q) ID of the network. 0 is for no VLAN network"
-  method_option :description, :type => :string, :aliases => "-d", :desc => "Description for the network"
-  method_option :account_id, :type => :string, :default=>'a-shpool', :aliases => "-a", :desc => "The account ID to own this"
+  method_option :uuid, :type => :string, :desc => "UUID of the network"
+  method_option :ipv4_network, :type => :string, :required=>true, :desc => "IPv4 network address"
+  method_option :ipv4_gw, :type => :string, :desc => "Gateway address for IPv4 network"
+  method_option :prefix, :type => :numeric, :required => true, :desc => "IP network mask size (1 < prefix < 32)"
+  method_option :domain, :type => :string, :desc => "DNS domain name of the network"
+  method_option :dns, :type => :string, :desc => "IP address for DNS server of the network"
+  method_option :dhcp, :type => :string, :desc => "IP address for DHCP server of the network"
+  method_option :metadata, :type => :string, :desc => "IP address for metadata server of the network"
+  method_option :metadata_port, :type => :string, :desc => "Port for the metadata server of the network"
+  method_option :bandwidth, :type => :numeric,  :desc => "The maximum bandwidth for the network in Mbit/s"
+  method_option :vlan_id, :type => :numeric, :default=>0, :desc => "Tag VLAN (802.1Q) ID of the network. 0 is for no VLAN network"
+  method_option :link_interface, :type => :string, :desc => "Link interface name from virtual interfaces"
+  method_option :description, :type => :string,  :desc => "Description for the network"
+  method_option :account_id, :type => :string, :default=>'a-shpoolxx', :required => true, :desc => "The account ID to own this"
+  method_option :metric, :type => :numeric, :default=>100, :desc => "Routing priority order of this network segment"
   def add
-    vlan_pk = if options[:vlan_id].to_i > 0
-                vlan = M::VlanLease.find(:tag_id=>options[:vlan_id]) || Error.raise("Invalid or Unknown VLAN ID: #{options[:vlan_id]}", 100)
-                vlan.id
-              else
-                0
-              end
-    
-    fields = {
-       :ipv4_gw => options[:ipv4_gw],
-       :prefix => options[:prefix],
-       :dns_server => options[:dns],
-       :domain_name => options[:domain],
-       :dhcp_server => options[:dhcp],
-       :metadata_server => options[:metadata],
-       :metadata_server_port => options[:metadata_port],
-       :description => options[:description],
-       :account_id => options[:account_id],
-       :bandwidth => options[:bandwidth],
-       :vlan_lease_id => vlan_pk,
-    }
-    fields.merge!({:uuid => options[:uuid]}) unless options[:uuid].nil?
+    @vlan_pk = if options[:vlan_id].to_i > 0
+                 vlan = M::VlanLease.find(:tag_id=>options[:vlan_id]) || Error.raise("Invalid or Unknown VLAN ID: #{options[:vlan_id]}", 100)
+                 vlan.id
+               else
+                 0
+               end
+
+    validate_ipv4_range
+
+    fields = map_network_params
 
     puts super(M::Network,fields)
   end
@@ -52,44 +75,37 @@ class Network < Base
   end
 
   desc "modify UUID [options]", "Update network information"
-  method_option :ipv4_gw, :type => :string, :aliases => "-g", :desc => "Gateway address for IPv4 network"
-  method_option :prefix, :type => :numeric, :aliases => "-p", :desc => "IP network mask size (1 < prefix < 32)"
-  method_option :domain, :type => :string, :aliases => "-m", :desc => "DNS domain name of the network"
-  method_option :dns, :type => :string, :aliases => "-n", :desc => "IP address for DNS server of the network"
-  method_option :dhcp, :type => :string, :aliases => "-c", :desc => "IP address for DHCP server of the network"
-  method_option :metadata, :type => :string, :aliases => "-t", :desc => "IP address for metadata server of the network"
-  method_option :metadata_port, :type => :string, :aliases => "--tp", :desc => "Port for the metadata server of the network" 
-  method_option :vlan_id, :type => :numeric, :aliases => "-l", :desc => "Tag VLAN (802.1Q) ID of the network. 0 is for no VLAN network"
-  method_option :bandwidth, :type => :numeric, :aliases => "-b", :desc => "The maximum bandwidth for the network in Mbit/s"
-  method_option :description, :type => :string, :aliases => "-d", :desc => "Description for the network"
-  method_option :account_id, :type => :string, :aliases => "-a", :desc => "The account ID to own this"
+  method_option :ipv4_network, :type => :string, :required=>true, :desc => "IPv4 network address"
+  method_option :ipv4_gw, :type => :string, :desc => "Gateway address for IPv4 network"
+  method_option :prefix, :type => :numeric, :desc => "IP network mask size (1 < prefix < 32)"
+  method_option :domain, :type => :string, :desc => "DNS domain name of the network"
+  method_option :dns, :type => :string, :desc => "IP address for DNS server of the network"
+  method_option :dhcp, :type => :string, :desc => "IP address for DHCP server of the network"
+  method_option :metadata, :type => :string, :desc => "IP address for metadata server of the network"
+  method_option :metadata_port, :type => :string, :desc => "Port for the metadata server of the network" 
+  method_option :vlan_id, :type => :numeric, :desc => "Tag VLAN (802.1Q) ID of the network. 0 is for no VLAN network"
+  method_option :link_interface, :type => :string, :desc => "Link interface name from virtual interfaces"
+  method_option :bandwidth, :type => :numeric, :desc => "The maximum bandwidth for the network in Mbit/s"
+  method_option :description, :type => :string, :desc => "Description for the network"
+  method_option :account_id, :type => :string, :desc => "The account ID to own this"
   def modify(uuid)
-    vlan_pk = if options[:vlan_id].to_i > 0
-                vlan = M::VlanLease.find(:tag_id=>options[:vlan_id]) || Error.raise("Invalid or Unknown VLAN ID: #{options[:vlan_id]}", 100)
-                vlan.id
-              else
-                0
-              end
+    @vlan_pk = if options[:vlan_id].to_i > 0
+                 vlan = M::VlanLease.find(:tag_id=>options[:vlan_id]) || Error.raise("Invalid or Unknown VLAN ID: #{options[:vlan_id]}", 100)
+                 vlan.id
+               else
+                 0
+               end
+    
+    validate_ipv4_range
+
+    fields = map_network_params
     
-    fields = {
-       :ipv4_gw => options[:ipv4_gw],
-       :prefix => options[:prefix],
-       :dns_server => options[:dns],
-       :domain_name => options[:domain],
-       :dhcp_server => options[:dhcp],
-       :metadata_server => options[:metadata],
-       :metadata_server_port => options[:metadata_port],
-       :description => options[:description],
-       :account_id => options[:account_id],
-       :bandwidth => options[:bandwidth],
-       :vlan_lease_id => vlan_pk,
-    }
     super(M::Network,uuid,fields)
   end
 
   desc "nat UUID [options]", "Set or clear nat mapping for a network"
-  method_option :outside_network_id, :type => :string, :aliases => "-o", :desc => "The network that this network will be natted to"
-  method_option :clear, :type => :boolean, :aliases => "-c", :desc => "Clears a previously natted network"
+  method_option :outside_network_id, :type => :string, :desc => "The network that this network will be natted to"
+  method_option :clear, :type => :boolean, :desc => "Clears a previously natted network"
   def nat(uuid)
     in_nw = M::Network[uuid] || Error.raise("Unknown network UUID: #{uuid}", 100)
     ex_nw = M::Network[options[:outside_network_id]] || Error.raise("Unknown network UUID: #{uuid}", 100) unless options[:outside_network_id].nil?
@@ -104,21 +120,21 @@ class Network < Base
   end
 
   desc "show [UUID] [options]", "Show network(s)"
-  method_option :vlan_id, :type => :numeric, :aliases => "-l", :desc => "Show networks in the VLAN ID"
-  method_option :account_id, :type => :string, :aliases => "-a", :desc => "Show networks with the account"
+  method_option :vlan_id, :type => :numeric, :desc => "Show networks in the VLAN ID"
+  method_option :account_id, :type => :string, :desc => "Show networks with the account"
   def show(uuid=nil)
     if uuid
-      nw = M::Network[uuid] || Error.raise("Unknown network UUID: #{uuid}", 100)
+      nw = M::Network[uuid] || UnknownUUIDError.raise(uuid)
       puts ERB.new(<<__END, nil, '-').result(binding)
 Network UUID:
   <%= nw.canonical_uuid %>
 Tag VLAN:
   <%= nw.vlan_lease_id == 0 ? 'none' : nw.vlan_lease.tag_id %>
 IPv4:
-  Network address: <%= nw.ipaddress.network %>/<%= nw.prefix %>
+  Network address: <%= nw.ipv4_ipaddress %>/<%= nw.prefix %>
   Gateway address: <%= nw.ipv4_gw %>
 <%- if nw.nat_network_id -%>
-  Outside NAT network address: <%= nw.nat_network.ipaddress.network %>/<%= nw.nat_network.prefix %> (<%= nw.nat_network.canonical_uuid %>)
+  Outside NAT network address: <%= nw.nat_network.ipv4_ipaddress %>/<%= nw.nat_network.prefix %> (<%= nw.nat_network.canonical_uuid %>)
 <%- end -%>
 DHCP Information:
   DHCP Server: <%= nw.dhcp_server %>
@@ -148,7 +164,7 @@ __END
       nw = M::Network.filter(cond).all
       puts ERB.new(<<__END, nil, '-').result(binding)
 <%- nw.each { |row| -%>
-<%= row.canonical_uuid %>\t<%= row.ipaddress.network %>/<%= row.prefix %>\t<%= (row.vlan_lease && row.vlan_lease.tag_id) %>
+<%= row.canonical_uuid %>\t<%= row.ipv4_ipaddress %>/<%= row.prefix %>\t<%= (row.vlan_lease && row.vlan_lease.tag_id) %>
 <%- } -%>
 __END
     end
@@ -166,19 +182,19 @@ __END
   end
 
   desc "reserve UUID", "Add reserved IP to the network"
-  method_option :ipv4, :type => :string, :aliases => "-i", :required => true, :desc => "The ip address to reserve"
+  method_option :ipv4, :type => :string, :required => true, :desc => "The ip address to reserve"
   def reserve(uuid)
     nw = M::Network[uuid] || UnknownUUIDError.raise(uuid)
-
-    if nw.ipaddress.include?(IPAddress(options[:ipv4]))
+    
+    if nw.include?(IPAddress(options[:ipv4]))
       nw.ip_lease_dataset.add_reserved(options[:ipv4])
     else
-      Error.raise("IP address is out of range: #{options[:ipv4]} => #{nw.ipaddress.network}/#{nw.ipaddress.prefix}",100)
+      Error.raise("IP address is out of range: #{options[:ipv4]} => #{nw.ipv4_ipaddress}/#{nw.prefix}",100)
     end
   end
 
   desc "release UUID", "Release a reserved IP from the network"
-  method_option :ipv4, :type => :string, :aliases => "-i", :required => true, :desc => "The ip address to release"
+  method_option :ipv4, :type => :string, :required => true, :desc => "The ip address to release"
   def release(uuid)
     nw = M::Network[uuid] || UnknownUUIDError.raise(uuid)
 
@@ -187,12 +203,104 @@ __END
     end
   end
 
-  no_tasks {
-    private
-    def find_network(uuid)
-      M::Network[uuid] || Error.raise("Unknown network UUID: #{uuid}")
+  desc "forward UUID PHYSICAL", "Set forward interface for network"
+  def forward(uuid, phynet)
+    nw = M::Network[uuid] || UnknownUUIDError.raise(uuid)
+    phy = M::PhysicalNetwork.find(:name=>phynet) || Error.raise("Unknown physical network: #{phynet}")
+    nw.physical_network = phy
+    nw.save
+  end
+
+  class PhyOps < Base
+    namespace :phy
+    M=Dcmgr::Models
+    
+    desc "add NAME [options]", "Add new physical network"
+    method_option :null, :type => :boolean, :desc => "Do not attach to any physical interfaces"
+    method_option :interface, :type => :string, :desc => "Physical interface name on host nodes"
+    method_option :description, :type => :string, :desc => "Description for the physical network"
+    def add(name)
+      M::PhysicalNetwork.find(:name=>name) && Error.raise("Duplicate physical network name: #{name}", 100)
+      phy = options[:null] ? nil : (options[:interface] || name)
+
+      fields={
+        :name=>name,
+        :interface=>phy,
+        :description=>options[:description],
+      }
+      M::PhysicalNetwork.create(fields)
     end
-  }
 
+    desc "modify NAME [options]", "Modify physical network parameters"
+    method_option :null, :type => :boolean, :desc => "Do not attach to any physical interfaces"
+    method_option :interface, :type => :string, :desc => "Physical interface name on host nodes"
+    method_option :description, :type => :string, :desc => "Description for the physical network"
+    def modify(name)
+      phy = M::PhysicalNetwork.find(:name=>name) || Error.raise("Unknown physical network: #{name}", 100)
+      phy = options[:null] ? nil : options[:interface]
+
+      phy.update({
+                   :interface=>phy,
+                   :description=>options[:description],
+                 })
+    end
+
+    desc "del NAME [options]", "Delete physical network"
+    def del(name)
+      phy = M::PhysicalNetwork.find(:name=>name) || Error.raise("Unknown physical network: #{name}", 100)
+      phy.destroy
+    end
+    
+    desc "show [NAME]", "Show/List physical network"
+    def show(name=nil)
+      if name
+        phy = M::PhysicalNetwork.find(:name=>name) || Error.raise("Unknown physical network: #{name}", 100)
+        print ERB.new(<<__END, nil, '-').result(binding)
+Physical Network:       <%= phy.name %>
+Forwarding Interface:   <%= phy.interface.nil? ? 'none': phy.interface %>
+<%- if phy.description -%>
+Description:
+<%= phy.description %>
+<%- end -%>
+__END
+      else
+    print ERB.new(<<__END, nil, '-').result(binding)
+<%- M::PhysicalNetwork.order(:id).all.each { |l| -%>
+<%= "%-20s  %-15s" % [l.name, l.interface] %>
+<%- } -%>
+__END
+      end
+    end
+    
+    protected
+    def self.basename
+      "vdc-manage #{Network.namespace} #{self.namespace}"
+    end
+  end
+  register PhyOps, 'phy', "phy [options]", "Maintain physical network"
+
+  class DhcpOps < Base
+    namespace :dhcp
+    M=Dcmgr::Models
+    
+    desc "addrange UUID ADDRESS_BEGIN ADDRESS_END", "Add dynamic IP address range to the network"
+    def addrange(uuid, range_begin, range_end)
+      nw = M::Network[uuid] || UnknownUUIDEntry.raise
+      nw.add_ipv4_dynamic_range(range_begin, range_end)
+    end
+
+    desc "delrange UUID ADDRESS_BEGIN ADDRESS_END", "Delete dynamic IP address range from the network"
+    def delrange(uuid, range_begin, range_end)
+      nw = M::Network[uuid] || UnknownUUIDEntry.raise
+      nw.del_ipv4_dynamic_range(range_begin, range_end)
+    end
+    
+    protected
+    def self.basename
+      "vdc-manage #{Network.namespace} #{self.namespace}"
+    end
+  end
+  register DhcpOps, 'dhcp', "dhcp [options]", "Maintain dhcp parameters"
+  
 end
 end

data/lib/dcmgr/cli/quota.rb

@@ -6,8 +6,8 @@ module Dcmgr::Cli
     M = Dcmgr::Models
   
     desc "modify ACCOUNT_UUID [options]", "Modify the quota settings for an account"
-    method_option :weight, :type => :numeric, :aliases => "-w", :desc => "The instance total weight for this account's quota"
-    method_option :size, :type => :numeric, :aliases => "-s", :desc => "The volume total size for this account's quota"
+    method_option :weight, :type => :numeric, :desc => "The instance total weight for this account's quota"
+    method_option :size, :type => :numeric, :desc => "The volume total size for this account's quota"
     def modify(account_uuid)
       acc = M::Account[account_uuid] || UnknownUUIDError.raise(account_uuid)
       super(M::Quota,acc.quota.canonical_uuid,{:instance_total_weight => options[:weight], :volume_total_size => options[:size]})

data/lib/dcmgr/cli/security_group.rb

@@ -0,0 +1,106 @@
+# -*- coding: utf-8 -*-
+
+module Dcmgr::Cli
+  class SecurityGroup < Base
+    namespace :securitygroup
+    M = Dcmgr::Models
+
+    no_tasks {
+      def read_rule_text
+        if options[:rule].nil?
+          # Set blank string as rule.
+          return ''
+        elsif options[:rule] == '-'
+          # Read from STDIN
+          STDIN.read
+        else
+          # Read from file.
+          raise "Unknown rule file: #{options[:rule]}" if !File.exists?(options[:rule])
+          File.read(options[:rule])
+        end
+      end
+    }
+
+    desc "add [options]", "Add a new security group"
+    method_option :uuid, :type => :string, :desc => "The UUID for the new security group."
+    method_option :account_id, :type => :string, :desc => "The UUID of the account this security group belongs to.", :required => true
+    method_option :description, :type => :string, :desc => "The description for this new security group."
+    method_option :rule, :type => :string, :desc => "Path to the rule text file. (\"-\" is from STDIN)"
+    def add
+      UnknownUUIDError.raise(options[:account_id]) if M::Account[options[:account_id]].nil?
+
+      fields = options.dup
+      fields[:rule] = read_rule_text
+      
+      puts super(M::SecurityGroup,fields)
+    end
+    
+    desc "del UUID", "Delete a security group"
+    def del(uuid)
+      super(M::SecurityGroup,uuid)
+    end
+    
+    desc "show [UUID]", "Show security group(s)"
+    def show(uuid=nil)
+      if uuid
+        group = M::SecurityGroup[uuid] || UnknownUUIDError.raise(uuid)
+        puts ERB.new(<<__END, nil, '-').result(binding)
+Group UUID:
+  <%= group.canonical_uuid %>
+Account id:
+  <%= group.account_id %>
+<%- if group.description -%>
+Description:
+  <%= group.description %>
+<%- end -%>
+<%- unless group.security_group_rules.empty? -%>
+Rules:
+<%- group.security_group_rules.each { |rule| -%>
+  <%= rule.permission %>
+<%- } -%>
+<%- end -%>
+__END
+      else
+        puts ERB.new(<<__END, nil, '-').result(binding)
+<%- M::SecurityGroup.all { |row| -%>
+<%= row.canonical_uuid %>\t<%= row.account_id %>\t<%= row.description %>
+<%- } -%>
+__END
+      end
+    end
+    
+    desc "modify UUID [options]", "Modify an existing security group"
+    method_option :account_id, :type => :string, :desc => "The UUID of the account this security group belongs to."
+    method_option :description, :type => :string, :desc => "The description for this new security group."
+    method_option :rule, :type => :string, :desc => "Path to the rule text file. (\"-\" is from STDIN)"
+    def modify(uuid)
+      UnknownUUIDError.raise(options[:account_id]) if options[:account_id] && M::Account[options[:account_id]].nil?
+
+      fields = options.dup
+      if options[:rule]
+        fields[:rule] = read_rule_text
+      end
+      
+      super(M::SecurityGroup,uuid, fields)
+    end
+    
+    desc "apply UUID [options]", "Apply a security group to an instance"
+    method_option :instance, :type => :string, :required => :true, :desc => "The instance to apply the group to"
+    def apply(uuid)
+      group = M::SecurityGroup[uuid] || UnknownUUIDError.raise(uuid)
+      instance = M::Instance[options[:instance]] || UnknownUUIDError.raise(options[:instance])
+      Error.raise("Group #{uuid} is already applied to instance #{options[:instance]}.",100) if group.instances.member?(instance)
+      group.add_instance(instance)
+    end
+    
+    desc "remove UUID [options]", "Remove a security group from an instance"
+    method_option :instance, :type => :string, :required => :true, :desc => "The instance to remove the group from"
+    def remove(uuid)
+      group = M::SecurityGroup[uuid] || UnknownUUIDError.raise(uuid)
+      instance = M::Instance[options[:instance]] || UnknownUUIDError.raise(options[:instance])
+      Error.raise("Group #{uuid} is not applied to instance #{options[:instance]}.",100) unless group.instances.member?(instance)
+      group.remove_instance(instance)
+    end
+    
+  end
+end