zaws 0.0.3 → 0.0.4

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    zaws (0.0.3)
+    zaws (0.0.4)
       json (~> 1.5.0)
       mixlib-shellout (~> 1.1.0)
       netaddr (~> 1.5.0)

data/feature/compute/compute.feature

@@ -68,7 +68,7 @@ Feature: Compute
 		  ]
 	  }
     """
-    And I double `aws --region us-west-1 ec2 run-instances --image-id ami-abc123 --key-name sshkey --instance-type x1-large --placement AvailabilityZone=us-west-1a --block-device-mappings '[{"DeviceName":"/dev/sda1","Ebs":{"DeleteOnTermination":true,"SnapshotId":"snap-XXX","VolumeSize":70,"VolumeType":"standard"}}]' --enable-api-termination --client-token test_token --network-interfaces '[{"Groups":["sg-903004f8"],"PrivateIpAddress":"10.0.0.6","DeviceIndex":"0","SubnetId":"subnet-YYYYYY"}]' --ebs-optimized` with stdout:
+    And I double `aws --region us-west-1 ec2 run-instances --image-id ami-abc123 --key-name sshkey --instance-type x1-large --placement AvailabilityZone=us-west-1a --block-device-mappings '[{"DeviceName":"/dev/sda1","Ebs":{"DeleteOnTermination":true,"SnapshotId":"snap-XXX","VolumeSize":70,"VolumeType":"standard"}}]' --enable-api-termination --client-token test_token --network-interfaces '[{"Groups":["sg-903004f8"],"PrivateIpAddress":"10.0.0.6","DeviceIndex":0,"SubnetId":"subnet-YYYYYY"}]' --ebs-optimized` with stdout:
     """
 	   { "Instances" : [ {"InstanceId": "i-XXXXXXX","Tags": [ ] } ] } 
 	"""
@@ -85,7 +85,7 @@ Feature: Compute
       { "return":"true" }
     """
 	Given an empty file named "undo.sh.1" 
-    When I run `bundle exec zaws compute declare my_instance ami-abc123 self x1-large 70 us-west-1a sshkey mysecuritygroup --privateip "10.0.0.6" --region us-west-1 --vpcid my_vpc_id --optimized --apiterminate --clienttoken test_token --undofile undo.sh.1 --skipruncheck`
+    When I run `bundle exec zaws compute declare my_instance ami-abc123 self x1-large 70 us-west-1a sshkey mysecuritygroup --privateip "10.0.0.6" --region us-west-1 --vpcid my_vpc_id --optimized --apiterminate --clienttoken test_token --undofile undo.sh.1 --skipruncheck --verbose`
 	Then the output should contain "Instance created.\n" 
 	And the file "undo.sh.1" should contain "zaws compute delete my_instance --region us-west-1 --vpcid my_vpc_id $XTRA_OPTS"
 		

data/feature/security_group/ingress_cidr.feature

@@ -0,0 +1,144 @@
+Feature: Security Group 
+  Security Group(s) are viewable
+    
+   Scenario: Determine a vpc securiry group ingress cidr rule identified by cidr and target has NOT been created
+	Given I double `aws --output json --region us-west-1 ec2 describe-security-groups --filter  'Name=vpc-id,Values=my_vpc_id' 'Name=group-name,Values=target_group_name'` with stdout:
+     """
+	 {	"SecurityGroups": [ { "GroupName": "target_group_name","GroupId": "X_target_group_name" } ] }
+     """
+	 And I double `aws --output json --region us-west-1 ec2 describe-security-groups --filter 'Name=vpc-id,Values=my_vpc_id' 'Name=group-id,Values=X_target_group_name' 'Name=ip-permission.cidr,Values=0.0.0.0/0' 'Name=ip-permission.protocol,Values=tcp' 'Name=ip-permission.to-port,Values=443'` with stdout:
+     """
+      {	"SecurityGroups": [] }
+     """
+    When I run `bundle exec zaws security_group ingress_cidr_exists target_group_name 0.0.0.0/0 tcp 443 --region us-west-1 --vpcid my_vpc_id`
+    Then the output should contain "false\n" 
+
+   Scenario: Determine a vpc security group ingress cidr rule identified by cidr and target has been created
+	Given I double `aws --output json --region us-west-1 ec2 describe-security-groups --filter  'Name=vpc-id,Values=my_vpc_id' 'Name=group-name,Values=target_group_name'` with stdout:
+     """
+	 {	"SecurityGroups": [ { "GroupName": "target_group_name","GroupId": "X_target_group_name" } ] }
+     """
+	 And I double `aws --output json --region us-west-1 ec2 describe-security-groups --filter 'Name=vpc-id,Values=my_vpc_id' 'Name=group-id,Values=X_target_group_name' 'Name=ip-permission.cidr,Values=0.0.0.0/0' 'Name=ip-permission.protocol,Values=tcp' 'Name=ip-permission.to-port,Values=443'` with stdout:
+     """
+	 {	"SecurityGroups": [ { 
+	        "GroupName": "target_group_name",
+			"GroupId": "X_target_group_name",
+			"IpPermissions": [ {
+				  "ToPort": 443,
+				  "IpProtocol": "tcp",
+				  "IpRanges": [ { "CidrIp" : "0.0.0.0/0" } ],
+				  "UserIdGroupPairs": [ ],
+			      "FromPort": 443 } ] } ] }
+     """
+    When I run `bundle exec zaws security_group ingress_cidr_exists target_group_name 0.0.0.0/0 tcp 443 --region us-west-1 --vpcid my_vpc_id`
+    Then the output should contain "true\n" 
+	 
+   Scenario: Declare a new vpc security group ingress group rule identified by source and target. Create it cause it doesn't exist. Also, should append the command to remove the security group to file.
+    Given I double `aws --output json --region us-west-1 ec2 describe-security-groups --filter  'Name=vpc-id,Values=my_vpc_id' 'Name=group-name,Values=target_group_name'` with stdout:
+     """
+	 {	"SecurityGroups": [ { "GroupName": "target_group_name","GroupId": "X_target_group_name" } ] }
+     """
+	 And I double `aws --output json --region us-west-1 ec2 describe-security-groups --filter 'Name=vpc-id,Values=my_vpc_id' 'Name=group-id,Values=X_target_group_name' 'Name=ip-permission.cidr,Values=0.0.0.0/0' 'Name=ip-permission.protocol,Values=tcp' 'Name=ip-permission.to-port,Values=443'` with stdout:
+     """
+      {	"SecurityGroups": [] }
+     """
+    And I double `aws --region us-west-1 ec2 authorize-security-group-ingress --group-id X_target_group_name --cidr 0.0.0.0/0 --protocol tcp --port 443` with stdout:
+     """
+      {	"return": "true" }
+     """
+    When I run `bundle exec zaws security_group declare_ingress_cidr target_group_name 0.0.0.0/0 tcp 443 --region us-west-1 --vpcid my_vpc_id`
+	Then the output should contain "Ingress cidr rule created.\n"
+
+   Scenario: Declare a new vpc security group ingress group rule identified by source and target. Do not create it because it does exist.
+    Given I double `aws --output json --region us-west-1 ec2 describe-security-groups --filter  'Name=vpc-id,Values=my_vpc_id' 'Name=group-name,Values=target_group_name'` with stdout:
+     """
+	 {	"SecurityGroups": [ { "GroupName": "target_group_name","GroupId": "X_target_group_name" } ] }
+     """
+	 And I double `aws --output json --region us-west-1 ec2 describe-security-groups --filter 'Name=vpc-id,Values=my_vpc_id' 'Name=group-id,Values=X_target_group_name' 'Name=ip-permission.cidr,Values=0.0.0.0/0' 'Name=ip-permission.protocol,Values=tcp' 'Name=ip-permission.to-port,Values=443'` with stdout:
+     """
+	 {	"SecurityGroups": [ { 
+	        "GroupName": "target_group_name",
+			"GroupId": "X_target_group_name",
+			"IpPermissions": [ {
+				  "ToPort": 443,
+				  "IpProtocol": "tcp",
+				  "IpRanges": [ { "CidrIp" : "0.0.0.0/0" } ],
+				  "UserIdGroupPairs": [ ],
+			      "FromPort": 443 } ] } ] }
+     """
+    Given an empty file named "undo.sh.1" 
+    When I run `bundle exec zaws security_group declare_ingress_cidr target_group_name 0.0.0.0/0 tcp 443 --region us-west-1 --vpcid my_vpc_id --undofile undo.sh.1`
+	Then the output should contain "Ingress cidr rule not created. Exists already.\n"
+	And the file "undo.sh.1" should contain "zaws security_group delete_ingress_cidr target_group_name 0.0.0.0/0 tcp 443 --region us-west-1 --vpcid my_vpc_id $XTRA_OPTS"
+
+   Scenario: Perform a nagios check, with the result indicatin OK (exit 0), indicating declaring a vpc security group ingress cidr requires no action because it exists.
+    Given I double `aws --output json --region us-west-1 ec2 describe-security-groups --filter  'Name=vpc-id,Values=my_vpc_id' 'Name=group-name,Values=target_group_name'` with stdout:
+     """
+	 {	"SecurityGroups": [ { "GroupName": "target_group_name","GroupId": "X_target_group_name" } ] }
+     """
+     And I double `aws --output json --region us-west-1 ec2 describe-security-groups --filter 'Name=vpc-id,Values=my_vpc_id' 'Name=group-id,Values=X_target_group_name' 'Name=ip-permission.cidr,Values=0.0.0.0/0' 'Name=ip-permission.protocol,Values=tcp' 'Name=ip-permission.to-port,Values=443'` with stdout:
+     """
+	 {	"SecurityGroups": [ { 
+	        "GroupName": "target_group_name",
+			"GroupId": "X_target_group_name",
+			"IpPermissions": [ {
+				  "ToPort": 443,
+				  "IpProtocol": "tcp",
+				  "IpRanges": [ { "CidrIp" : "0.0.0.0/0" } ],
+				  "UserIdGroupPairs": [ ],
+			      "FromPort": 443 } ] } ] }
+     """
+    When I run `bundle exec zaws security_group declare_ingress_cidr target_group_name 0.0.0.0/0 tcp 443 --region us-west-1 --vpcid my_vpc_id --nagios`
+	Then the output should contain "OK: Security group ingress cidr rule exists.\n"
+    And the exit status should be 0
+		
+   Scenario: Perform a nagios check, with the result indicatin CRITICAL (exit 2), indicating declaring a security group ingress group requires action because it does not exist.
+    Given I double `aws --output json --region us-west-1 ec2 describe-security-groups --filter  'Name=vpc-id,Values=my_vpc_id' 'Name=group-name,Values=target_group_name'` with stdout:
+     """
+	 {	"SecurityGroups": [ { "GroupName": "target_group_name","GroupId": "X_target_group_name" } ] }
+     """
+    And I double `aws --output json --region us-west-1 ec2 describe-security-groups --filter 'Name=vpc-id,Values=my_vpc_id' 'Name=group-id,Values=X_target_group_name' 'Name=ip-permission.cidr,Values=0.0.0.0/0' 'Name=ip-permission.protocol,Values=tcp' 'Name=ip-permission.to-port,Values=443'` with stdout:
+     """
+      {	"SecurityGroups": [] }
+     """
+    When I run `bundle exec zaws security_group declare_ingress_cidr target_group_name 0.0.0.0/0 tcp 443 --region us-west-1 --vpcid my_vpc_id --nagios`
+	Then the output should contain "CRITICAL: Security group ingress cidr rule does not exist.\n"
+    And the exit status should be 2
+
+   Scenario: Delete a vpc security group ingress cidr rule, but skip it cause it does not exist
+    Given I double `aws --output json --region us-west-1 ec2 describe-security-groups --filter  'Name=vpc-id,Values=my_vpc_id' 'Name=group-name,Values=target_group_name'` with stdout:
+     """
+	 {	"SecurityGroups": [ { "GroupName": "target_group_name","GroupId": "X_target_group_name" } ] }
+     """
+    And I double `aws --output json --region us-west-1 ec2 describe-security-groups --filter 'Name=vpc-id,Values=my_vpc_id' 'Name=group-id,Values=X_target_group_name' 'Name=ip-permission.cidr,Values=0.0.0.0/0' 'Name=ip-permission.protocol,Values=tcp' 'Name=ip-permission.to-port,Values=443'` with stdout:
+     """
+      {	"SecurityGroups": [] }
+     """
+    When I run `bundle exec zaws security_group delete_ingress_cidr target_group_name 0.0.0.0/0 tcp 443 --region us-west-1 --vpcid my_vpc_id`
+    Then the output should contain "Security group ingress cidr rule does not exist. Skipping deletion.\n" 
+
+   Scenario: Delete a vpc security group ingress cidr rule
+    Given I double `aws --output json --region us-west-1 ec2 describe-security-groups --filter  'Name=vpc-id,Values=my_vpc_id' 'Name=group-name,Values=target_group_name'` with stdout:
+     """
+	 {	"SecurityGroups": [ { "GroupName": "target_group_name","GroupId": "X_target_group_name" } ] }
+     """
+    And I double `aws --output json --region us-west-1 ec2 describe-security-groups --filter 'Name=vpc-id,Values=my_vpc_id' 'Name=group-id,Values=X_target_group_name' 'Name=ip-permission.cidr,Values=0.0.0.0/0' 'Name=ip-permission.protocol,Values=tcp' 'Name=ip-permission.to-port,Values=443'` with stdout:
+     """
+	 {	"SecurityGroups": [ { 
+	        "GroupName": "target_group_name",
+			"GroupId": "X_target_group_name",
+			"IpPermissions": [ {
+				  "ToPort": 443,
+				  "IpProtocol": "tcp",
+				  "IpRanges": [ { "CidrIp" : "0.0.0.0/0" } ],
+				  "UserIdGroupPairs": [ ],
+			      "FromPort": 443 } ] } ] }
+    """
+    And I double `aws --region us-west-1 ec2 revoke-security-group-ingress --group-id X_target_group_name --cidr 0.0.0.0/0 --protocol tcp --port 443` with stdout:
+     """
+       { "return": "true" }         
+     """
+    When I run `bundle exec zaws security_group delete_ingress_cidr target_group_name 0.0.0.0/0 tcp 443 --region us-west-1 --vpcid my_vpc_id`
+    Then the output should contain "Security group ingress cidr rule deleted.\n" 
+
+

data/feature/version.feature

@@ -3,4 +3,4 @@ Feature: Version
     
   Scenario: Get zaws version  
     When I run `bundle exec zaws version`
-    Then the output should contain "zaws version 0.0.3"
+    Then the output should contain "zaws version 0.0.4"

data/lib/zaws.rb

@@ -2,7 +2,7 @@ require "zaws/version"
 require "zaws/helper/option"
 require "zaws/helper/output"
 require "zaws/helper/shell"
-require "zaws/helper/file"
+require "zaws/helper/zfile"
 require "zaws/command/subnet"
 require "zaws/command/security_group"
 require "zaws/command/route_table"

data/lib/zaws/command/compute.rb

@@ -31,7 +31,7 @@ module ZAWS
 		return val
 	  end
 
-      desc "declare EXTERNAL_ID IMAGE TYPE ROOT_SIZE ZONE KEY SECURITY_GROUP","Declare a compute instance."
+      desc "declare EXTERNAL_ID IMAGE OWNER TYPE ROOT_SIZE ZONE KEY SECURITY_GROUP","Declare a compute instance."
       option :vpcid, :type => :string, :desc => "AWS VPC id", :banner => "<vpcid>",  :aliases => :v, :default => nil
       option :privateip, :type => :array, :desc => "array of private ip addresses, in vpc, each given a network interface", :banner => "<privateip>", :aliases => :p, :default => nil
       option :optimized, :type => :string, :desc => "ebs optimized", :banner => "<optimized>", :aliases => :i, :default => false

data/lib/zaws/command/route_table.rb

@@ -68,7 +68,7 @@ module ZAWS
 		aws.ec2.route_table.route_exists_by_gatewayid(options[:region],$stdout,(options[:verbose]?$stdout:nil),options[:vpcid],routetable,cidrblock,gatewayid)
 	  end
 
-	  desc "declare_route ROUTE_TABLE CIDR_BLOCK GATEWAY_ID","Declare a new route to GATEWAY_ID, but skip creating it if it exists."
+	  desc "declare_route_to_gateway ROUTE_TABLE CIDR_BLOCK GATEWAY_ID","Declare a new route to GATEWAY_ID, but skip creating it if it exists."
 	  option :vpcid, :type => :string, :desc => "AWS VPC id", :banner => "<vpcid>",  :aliases => :v, :default => nil
       option :nagios, :type => :boolean, :desc => "Returns a nagios check result",  :aliases => :n, :default => false
 	  option :undofile, :type => :string, :desc => "File for undo commands", :banner => "<undofile>", :aliases => :f, :default => nil

data/lib/zaws/command/security_group.rb

@@ -45,6 +45,13 @@ module ZAWS
 		aws.ec2.security_group.ingress_group_exists(options[:region],options[:vpcid],target,source,protocol,port,$stdout,(options[:verbose]?$stdout:nil))
 	  end
 
+	  desc "ingress_cidr_exists TARGET_GROUP_NAME CIDR PROTOCOL PORT","Determine if an ingress CIDR rule exists."
+	  option :vpcid, :type => :string, :desc => "AWS VPC id", :banner => "<vpcid>",  :aliases => :v, :default => nil
+	  def ingress_cidr_exists(target,cidr,protocol,port) 
+		aws=(ZAWS::AWS.new(ZAWS::Helper::Shell.new))
+		aws.ec2.security_group.ingress_cidr_exists(options[:region],options[:vpcid],target,cidr,protocol,port,$stdout,(options[:verbose]?$stdout:nil))
+	  end
+
 	  desc "declare_ingress_group TARGET_GROUP_NAME SOURCE_GROUP_NAME PROTOCOL PORT","Declare an ingress security group rule."
 	  option :vpcid, :type => :string, :desc => "AWS VPC id", :banner => "<vpcid>",  :aliases => :v, :default => nil
       option :nagios, :type => :boolean, :desc => "Returns a nagios check result",  :aliases => :n, :default => false
@@ -55,6 +62,16 @@ module ZAWS
 		exit exitcode
 	  end
 
+	  desc "declare_ingress_cidr TARGET_GROUP_NAME CIDR PROTOCOL PORT","Declare an ingress CIDR rule."
+	  option :vpcid, :type => :string, :desc => "AWS VPC id", :banner => "<vpcid>",  :aliases => :v, :default => nil
+      option :nagios, :type => :boolean, :desc => "Returns a nagios check result",  :aliases => :n, :default => false
+      option :undofile, :type => :string, :desc => "File for undo commands", :banner => "<undofile>", :aliases => :f, :default => nil
+	  def declare_ingress_cidr(target,cidr,protocol,port) 
+		aws=(ZAWS::AWS.new(ZAWS::Helper::Shell.new))
+		exitcode = aws.ec2.security_group.declare_ingress_cidr(options[:region],options[:vpcid],target,cidr,protocol,port,options[:nagios],$stdout,(options[:verbose]?$stdout:nil),options[:undofile])
+		exit exitcode
+	  end
+
 	  desc "delete_ingress_group TARGET_GROUP_NAME SOURCE_GROUP_NAME PROTOCOL PORT","Delete an ingress security group rule."
 	  option :vpcid, :type => :string, :desc => "AWS VPC id", :banner => "<vpcid>",  :aliases => :v, :default => nil
 	  def delete_ingress_group(target,source,protocol,port) 
@@ -62,6 +79,13 @@ module ZAWS
 		aws.ec2.security_group.delete_ingress_group(options[:region],options[:vpcid],target,source,protocol,port,$stdout,(options[:verbose]?$stdout:nil))
 	  end
 
+	  desc "delete_ingress_cidr TARGET_GROUP_NAME CIDR PROTOCOL PORT","Delete an ingress security cidr rule."
+	  option :vpcid, :type => :string, :desc => "AWS VPC id", :banner => "<vpcid>",  :aliases => :v, :default => nil
+	  def delete_ingress_cidr(target,cidr,protocol,port) 
+		aws=(ZAWS::AWS.new(ZAWS::Helper::Shell.new))
+		aws.ec2.security_group.delete_ingress_cidr(options[:region],options[:vpcid],target,cidr,protocol,port,$stdout,(options[:verbose]?$stdout:nil))
+	  end
+
 	end
   end
 end

data/lib/zaws/ec2/compute.rb

@@ -27,7 +27,6 @@ module ZAWS
 		comline="aws --output #{viewtype} --region #{region} ec2 describe-images"
 		comline = "#{comline} --owner #{owner}" if owner 
 		comline = "#{comline} --image-ids #{imageid}" if imageid 
-		verbose.puts comline if verbose
 		images=@shellout.cli(comline,verbose)
 		textout.puts(images) if textout
 		return images
@@ -52,7 +51,7 @@ module ZAWS
 		ip_to_subnet_id = @aws.ec2.subnet.id_by_ip(region,nil,verbose,vpcid,ip)
 		subnet_id=ip_to_subnet_id
 		security_group_id= @aws.ec2.security_group.id_by_name(region,nil,verbose,vpcid,groupname)
-		new_hash= [{ "Groups"=> [security_group_id], "PrivateIpAddress"=>"#{ip}","DeviceIndex"=>"0","SubnetId"=> ip_to_subnet_id }]
+		new_hash= [{ "Groups"=> [security_group_id], "PrivateIpAddress"=>"#{ip}","DeviceIndex"=>0,"SubnetId"=> ip_to_subnet_id }]
 		return new_hash.to_json
 	  end
 
@@ -67,6 +66,7 @@ module ZAWS
 			  exit 1
 			end
 			x["Ebs"]["VolumeSize"]=rootsize.to_i
+            x["Ebs"].delete("Encrypted") if x["Ebs"]["SnapshotId"] #You cannot specify the encrypted flag if specifying a snapshot id in a block device mapping. -AWS
 		  end
 		end
 		return image_mappings.to_json
@@ -78,7 +78,7 @@ module ZAWS
 
 	  def declare(externalid,image,owner,nodetype,root,zone,key,sgroup,privateip,optimized,apiterminate,clienttoken,region,textout,verbose,vpcid,nagios,ufile,no_sdcheck,skip_running_check,volsize,volume)
 		if ufile
-		  ZAWS::Helper::File.prepend("zaws compute delete #{externalid} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete instance',ufile)
+		  ZAWS::Helper::ZFile.prepend("zaws compute delete #{externalid} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete instance',ufile)
 		end
 		compute_exists,instance_id,sgroups = exists(region,nil,verbose,vpcid,externalid)
 		return ZAWS::Helper::Output.binary_nagios_check(compute_exists,"OK: Instance already exists.","CRITICAL: Instance does not exist.",textout) if nagios
@@ -214,7 +214,7 @@ module ZAWS
 
 	  def declare_secondary_ip(region,ip,textout,verbose,vpcid,externalid,nagios,ufile)
 		if ufile
-		  ZAWS::Helper::File.prepend("zaws compute delete_secondary_ip #{externalid} #{ip} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete secondary ip',ufile)
+		  ZAWS::Helper::ZFile.prepend("zaws compute delete_secondary_ip #{externalid} #{ip} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete secondary ip',ufile)
 		end
 		compute_exists,instance_id,sgroups = exists(region,nil,verbose,vpcid,externalid)
 		secondary_ip_exists,compute_exists,network_interface = exists_secondary_ip(region,ip,nil,verbose,vpcid,externalid)

data/lib/zaws/ec2/elasticip.rb

@@ -45,7 +45,7 @@ module ZAWS
 
 	  def declare(region,externalid,textout=nil,verbose=nil,vpcid=nil,nagios=nil,ufile=nil)
         if ufile
-          ZAWS::Helper::File.prepend("zaws elasticip release #{externalid} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Release elastic ip.',ufile)
+          ZAWS::Helper::ZFile.prepend("zaws elasticip release #{externalid} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Release elastic ip.',ufile)
 		end
         elasticip_exists,instance_id,association_id,allocation_id,ip=assoc_exists(region,externalid,nil,verbose,vpcid)
 		return ZAWS::Helper::Output.binary_nagios_check(elasticip_exists,"OK: Elastic Ip exists.","CRITICAL: Elastic Ip DOES NOT EXIST.",textout) if nagios

data/lib/zaws/ec2/route_table.rb

@@ -33,7 +33,7 @@ module ZAWS
 
 	  def declare(region,vpcid,externalid,nagios,textout=nil,verbose=nil,ufile=nil)
 		if ufile
-		  ZAWS::Helper::File.prepend("zaws route_table delete #{externalid} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete route table',ufile)
+		  ZAWS::Helper::ZFile.prepend("zaws route_table delete #{externalid} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete route table',ufile)
 		end
 		rtable_exists, rtable_id = exists(region,nil,verbose,vpcid,externalid) 
 		return ZAWS::Helper::Output.binary_nagios_check(rtable_exists,"OK: Route table exists.","CRITICAL: Route table does not exist.",textout) if nagios
@@ -47,6 +47,7 @@ module ZAWS
 		else
 		  textout.puts "Route table exists already. Skipping Creation."
 		end
+		return 0
 	  end
 
 	  def delete(region,textout=nil,verbose=nil,vpcid,externalid)
@@ -73,7 +74,7 @@ module ZAWS
 
 	  def declare_route(region,textout=nil,verbose=nil,vpcid,routetable,cidrblock,externalid,nagios,ufile)
         if ufile 
-		  ZAWS::Helper::File.prepend("zaws route_table delete_route #{routetable} #{cidrblock} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete route',ufile)
+		  ZAWS::Helper::ZFile.prepend("zaws route_table delete_route #{routetable} #{cidrblock} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete route',ufile)
 		end
         # TODO: Route exists already of a different type?
 		route_exists, instance_id, rtable_id = route_exists_by_instance(region,nil,verbose,vpcid,routetable,cidrblock,externalid) 
@@ -85,6 +86,7 @@ module ZAWS
 		else
 		  textout.puts "Route not created to instance. Skip creation."
 		end
+		return 0
 	  end
 
 	  def delete_route(region,textout=nil,verbose=nil,vpcid,routetable,cidrblock)
@@ -112,7 +114,7 @@ module ZAWS
 
 	  def declare_route_to_gateway(region,textout=nil,verbose=nil,vpcid,routetable,cidrblock,gatewayid,nagios,ufile)
         if ufile 
-		  ZAWS::Helper::File.prepend("zaws route_table delete_route #{routetable} #{cidrblock} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete route',ufile)
+		  ZAWS::Helper::ZFile.prepend("zaws route_table delete_route #{routetable} #{cidrblock} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete route',ufile)
 		end
         # TODO: Route exists already of a different type?
 		route_exists, rtable_id = route_exists_by_gatewayid(region,nil,verbose,vpcid,routetable,cidrblock,gatewayid) 
@@ -124,6 +126,7 @@ module ZAWS
 		else
 		  textout.puts "Route to gateway exists. Skipping creation."
 		end
+		return 0
 	  end
 
       def subnet_assoc_exists(region,textout=nil,verbose=nil,vpcid,rtable_externalid,cidrblock)
@@ -138,7 +141,7 @@ module ZAWS
 
 	  def assoc_subnet(region,textout=nil,verbose=nil,vpcid,routetable,cidrblock,nagios,ufile)
         if ufile 
-		  ZAWS::Helper::File.prepend("zaws route_table delete_assoc_subnet #{routetable} #{cidrblock} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete route table association to subnet',ufile)
+		  ZAWS::Helper::ZFile.prepend("zaws route_table delete_assoc_subnet #{routetable} #{cidrblock} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete route table association to subnet',ufile)
 		end
 		assoc_exists, subnetid, rtableid, rtassocid = subnet_assoc_exists(region,nil,verbose,vpcid,routetable,cidrblock) 
 		return ZAWS::Helper::Output.binary_nagios_check(assoc_exists,"OK: Route table association to subnet exists.","CRITICAL: Route table association to subnet does not exist.",textout) if nagios
@@ -149,6 +152,7 @@ module ZAWS
 		else
 		  textout.puts "Route table already associated to subnet. Skipping association."
 		end
+		return 0
 	  end
 
 	  def delete_assoc_subnet(region,textout=nil,verbose=nil,vpcid,rtable_externalid,cidrblock)
@@ -172,7 +176,7 @@ module ZAWS
 
 	  def declare_propagation_from_gateway(region,textout=nil,verbose=nil,vpcid,routetable,vgatewayid,nagios,ufile)
         if ufile 
-		  ZAWS::Helper::File.prepend("zaws route_table delete_propagation_from_gateway my_route_table vgw-???????? --region us-west-1 --vpcid my_vpc_id $XTRA_OPTS",'#Delete route propagation',ufile)
+		  ZAWS::Helper::ZFile.prepend("zaws route_table delete_propagation_from_gateway my_route_table vgw-???????? --region us-west-1 --vpcid my_vpc_id $XTRA_OPTS",'#Delete route propagation',ufile)
 		end
 		propagation_exists,rtableid = propagation_exists_from_gateway(region,nil,verbose,vpcid,routetable,vgatewayid) 
 		return ZAWS::Helper::Output.binary_nagios_check(propagation_exists,"OK: Route propagation from gateway enabled.","CRITICAL: Route propagation from gateway not enabled.",textout) if nagios
@@ -183,6 +187,7 @@ module ZAWS
 		else
 		  textout.puts "Route propagation from gateway already enabled. Skipping propagation."
 		end
+		return 0
 	  end
 
       def delete_propagation_from_gateway(region,textout=nil,verbose=nil,vpcid,rtable_externalid,vgatewayid)

data/lib/zaws/ec2/security_group.rb

@@ -11,7 +11,7 @@ module ZAWS
 		@aws=aws
 	  end
 
-	  def view(region,view,textout=nil,verbose=nil,vpcid=nil,groupname=nil,groupid=nil,perm_groupid=nil,perm_protocol=nil,perm_toport=nil)
+	  def view(region,view,textout=nil,verbose=nil,vpcid=nil,groupname=nil,groupid=nil,perm_groupid=nil,perm_protocol=nil,perm_toport=nil,cidr=nil)
 		comline="aws --output #{view} --region #{region} ec2 describe-security-groups"
 		if vpcid || groupname
 		  comline = comline + " --filter"
@@ -20,6 +20,7 @@ module ZAWS
 		comline = comline + " 'Name=group-name,Values=#{groupname}'" if groupname
         comline = comline + " 'Name=group-id,Values=#{groupid}'" if groupid
         comline = comline + " 'Name=ip-permission.group-id,Values=#{perm_groupid}'" if perm_groupid
+        comline = comline + " 'Name=ip-permission.cidr,Values=#{cidr}'" if cidr 
 	    comline = comline + " 'Name=ip-permission.protocol,Values=#{perm_protocol}'" if perm_protocol
         comline = comline + " 'Name=ip-permission.to-port,Values=#{perm_toport}'" if perm_toport
 		sgroups=@shellout.cli(comline,verbose)
@@ -37,7 +38,7 @@ module ZAWS
 
 	  def declare(region,vpcid,groupname,description,nagios,textout=nil,verbose=nil,ufile=nil)
 		if ufile
-          ZAWS::Helper::File.prepend("zaws security_group delete #{groupname} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete security group',ufile)
+          ZAWS::Helper::ZFile.prepend("zaws security_group delete #{groupname} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete security group',ufile)
 		end
 		sgroup_exists,sgroupid = exists(region,nil,verbose,vpcid,groupname) 
 		return ZAWS::Helper::Output.binary_nagios_check(sgroup_exists,"OK: Security Group Exists.","CRITICAL: Security Group Does Not Exist.",textout) if nagios
@@ -48,6 +49,7 @@ module ZAWS
 		else
 		  textout.puts "Security Group Exists Already. Skipping Creation."
 		end
+		return 0
 	  end
 
       def id_by_name(region,textout=nil,verbose=nil,vpcid,groupname)
@@ -81,15 +83,23 @@ module ZAWS
 		end
 	  end
 
+	  def ingress_cidr_exists(region,vpcid,target,cidr,protocol,port,textout=nil,verbose=nil) 
+		verbose=$stdout
+        targetid=id_by_name(region,nil,nil,vpcid,target)
+        if targetid 
+          sgroups=JSON.parse(view(region,'json',nil,verbose,vpcid,nil,targetid,nil,protocol,port,cidr))
+		  val = (sgroups["SecurityGroups"].count > 0)
+          textout.puts val.to_s if textout
+		  return val, targetid 
+		end
+	  end
+
 	  def declare_ingress_group(region,vpcid,target,source,protocol,port,nagios,textout=nil,verbose=nil,ufile=nil) 
 		if ufile
-		  ZAWS::Helper::File.prepend("zaws security_group delete_ingress_group #{target} #{source} #{protocol} #{port} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete security group ingress group rule',ufile)
+		  ZAWS::Helper::ZFile.prepend("zaws security_group delete_ingress_group #{target} #{source} #{protocol} #{port} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete security group ingress group rule',ufile)
 		end
-
 		ingress_exists,targetid,sourceid = ingress_group_exists(region,vpcid,target,source,protocol,port,nil,verbose)
-
 		return ZAWS::Helper::Output.binary_nagios_check(ingress_exists,"OK: Security group ingress group rule exists.","CRITICAL: Security group ingress group rule does not exist.",textout) if nagios
-
 		if not ingress_exists 
           comline="aws --region #{region} ec2 authorize-security-group-ingress --group-id #{targetid} --source-security-group-owner-id #{sourceid} --protocol #{protocol} --port #{port}"
 		  ingressrule=JSON.parse(@shellout.cli(comline,verbose))
@@ -97,6 +107,23 @@ module ZAWS
 		else
           textout.puts "Ingress group rule not created. Exists already."
 		end
+		return 0
+	  end
+
+	  def declare_ingress_cidr(region,vpcid,target,cidr,protocol,port,nagios,textout=nil,verbose=nil,ufile=nil) 
+		if ufile
+		  ZAWS::Helper::ZFile.prepend("zaws security_group delete_ingress_cidr #{target} #{cidr} #{protocol} #{port} --region #{region} --vpcid #{vpcid} $XTRA_OPTS",'#Delete cidr ingress group rule',ufile)
+		end
+		ingress_exists,targetid = ingress_cidr_exists(region,vpcid,target,cidr,protocol,port,nil,verbose)
+		return ZAWS::Helper::Output.binary_nagios_check(ingress_exists,"OK: Security group ingress cidr rule exists.","CRITICAL: Security group ingress cidr rule does not exist.",textout) if nagios
+		if not ingress_exists 
+          comline="aws --region #{region} ec2 authorize-security-group-ingress --group-id #{targetid} --cidr #{cidr} --protocol #{protocol} --port #{port}"
+		  ingressrule=JSON.parse(@shellout.cli(comline,verbose))
+		  textout.puts "Ingress cidr rule created." if ingressrule["return"] == "true"
+		else
+          textout.puts "Ingress cidr rule not created. Exists already."
+		end
+		return 0
 	  end
 
 	  def delete_ingress_group(region,vpcid,target,source,protocol,port,textout=nil,verbose=nil) 
@@ -110,6 +137,17 @@ module ZAWS
 		end
 	  end
 
+	  def delete_ingress_cidr(region,vpcid,target,cidr,protocol,port,textout=nil,verbose=nil) 
+		ingress_exists,targetid = ingress_cidr_exists(region,vpcid,target,cidr,protocol,port,nil,verbose)
+		if ingress_exists 
+          comline="aws --region #{region} ec2 revoke-security-group-ingress --group-id #{targetid} --cidr #{cidr} --protocol #{protocol} --port #{port}"
+		  val=JSON.parse(@shellout.cli(comline,verbose))
+		  textout.puts "Security group ingress cidr rule deleted." if val["return"] == "true"
+		else
+          textout.puts "Security group ingress cidr rule does not exist. Skipping deletion."
+		end
+	  end
+
 	 end
   end
 end

data/lib/zaws/ec2/subnet.rb

@@ -50,7 +50,7 @@ module ZAWS
 
 	  def declare(region,vpcid,cidrblock,availabilityzone,statetimeout,textout=nil,verbose=nil,nagios=false,ufile=nil)
         if ufile
-          ZAWS::Helper::File.prepend("zaws subnet delete #{cidrblock} #{vpcid} --region #{region} $XTRA_OPTS",'#Delete subnet',ufile)
+          ZAWS::Helper::ZFile.prepend("zaws subnet delete #{cidrblock} #{vpcid} --region #{region} $XTRA_OPTS",'#Delete subnet',ufile)
 		end
 		if not exists(region,nil,verbose,vpcid,cidrblock) 
           if nagios

data/lib/zaws/elb/load_balancer.rb

@@ -41,7 +41,7 @@ module ZAWS
 
 	  def create_in_subnet(region,lbname,lbprotocol,lbport,inprotocol,inport,securitygroup,cidrblocks,vpcid,nagios=false,textout=nil,verbose=nil,ufile=nil)
 		if ufile
-		  ZAWS::Helper::File.prepend("zaws load_balancer delete #{lbname} --region #{region} $XTRA_OPTS",'#Delete load balancer',ufile)
+		  ZAWS::Helper::ZFile.prepend("zaws load_balancer delete #{lbname} --region #{region} $XTRA_OPTS",'#Delete load balancer',ufile)
 		end
 		lbexists,instances,ldescriptions=exists(region,lbname,nil,verbose)
 		return ZAWS::Helper::Output.binary_nagios_check(lbexists,"OK: Load Balancer Exists.","CRITICAL: Load Balancer does not exist.",textout) if nagios
@@ -81,7 +81,7 @@ module ZAWS
 
 	  def register_instance(region,lbname,instance_external_id,vpcid,nagios=false,textout=nil,verbose=nil,ufile=nil)
         if ufile
-		  ZAWS::Helper::File.prepend("zaws load_balancer deregister_instance #{lbname} #{instance_external_id} --region #{region} --vpcid my_vpc_id $XTRA_OPTS",'#Deregister instance',ufile)
+		  ZAWS::Helper::ZFile.prepend("zaws load_balancer deregister_instance #{lbname} #{instance_external_id} --region #{region} --vpcid my_vpc_id $XTRA_OPTS",'#Deregister instance',ufile)
 		end
         instance_registered,instance_id = exists_instance(region,lbname,instance_external_id,vpcid,nil,verbose) 
 		return ZAWS::Helper::Output.binary_nagios_check(instance_registered,"OK: Instance registerd.","CRITICAL: Instance not registered.",textout) if nagios
@@ -121,7 +121,7 @@ module ZAWS
 
 	  def declare_listener(region,lbname,lbprotocol,lbport,inprotocol,inport,nagios=false,textout=nil,verbose=nil,ufile=nil)
         if ufile
-		  ZAWS::Helper::File.prepend("zaws load_balancer delete_listener #{lbname} #{lbprotocol} #{lbport} #{inprotocol} #{inport} --region #{region} $XTRA_OPTS",'#Delete listener',ufile)
+		  ZAWS::Helper::ZFile.prepend("zaws load_balancer delete_listener #{lbname} #{lbprotocol} #{lbport} #{inprotocol} #{inport} --region #{region} $XTRA_OPTS",'#Delete listener',ufile)
 		end
         lexists=exists_listener(region,lbname,lbprotocol,lbport,inprotocol,inport,nil,verbose)
 		return ZAWS::Helper::Output.binary_nagios_check(lexists,"OK: Listerner exists.","CRITICAL: Listener does not exist.",textout) if nagios

data/lib/zaws/helper/{file.rb → zfile.rb}

@@ -1,20 +1,20 @@
 module ZAWS
   module Helper
-	class File
+	class ZFile
 
 	  # This prepend function not currently unit tested, 
 	  # see "thor/spec/actions/file_manipulation_spec" 
 	  # for ideas on how to accomplish this.
 	  def self.prepend(command,description,filepath)
         new_file=filepath + ".new"
-        IO::File.open(new_file, 'w') do |fo|
+        File.open(new_file, 'w') do |fo|
           fo.puts description
           fo.puts command
-          IO::File.foreach(filepath) do |li|
+          File.foreach(filepath) do |li|
             fo.puts li
           end
         end
-        IO::File.rename(new_file, filepath)
+          File.rename(new_file, filepath)
 	  end
 
 	end

data/lib/zaws/version.rb

@@ -1,3 +1,3 @@
 module ZAWS
-  VERSION = "0.0.3"
+  VERSION = "0.0.4"
 end

data/spec/zaws/ec2/compute/network_interface_json_spec.rb

@@ -47,7 +47,7 @@ describe ZAWS::EC2Services::Compute do
     expect(shellout).to receive(:cli).with("aws --output json --region us-west-1 ec2 describe-security-groups --filter 'Name=vpc-id,Values=my_vpc_id' 'Name=group-name,Values=my_security_group_name'",nil).and_return(sgroups)
 	aws=ZAWS::AWS.new(shellout)
 	bdm = aws.ec2.compute.network_interface_json('us-west-1',nil,'my_vpc_id','10.0.0.6','my_security_group_name')
-	expect(bdm).to eq('[{"Groups":["sg-903004f8"],"PrivateIpAddress":"10.0.0.6","DeviceIndex":"0","SubnetId":"subnet-YYYYYY"}]')
+	expect(bdm).to eq('[{"Groups":["sg-903004f8"],"PrivateIpAddress":"10.0.0.6","DeviceIndex":0,"SubnetId":"subnet-YYYYYY"}]')
 
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: zaws
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-06-22 00:00:00.000000000 Z
+date: 2014-06-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -226,7 +226,8 @@ files:
 - feature/route_table/route_to_gateway.feature
 - feature/route_table/route_to_instance.feature
 - feature/route_table/view.feature
-- feature/security_group/ingress.feature
+- feature/security_group/ingress_cidr.feature
+- feature/security_group/ingress_group.feature
 - feature/security_group/security_group.feature
 - feature/security_group/view.feature
 - feature/subnet/subnet.feature
@@ -250,10 +251,10 @@ files:
 - lib/zaws/ec2/subnet.rb
 - lib/zaws/elb.rb
 - lib/zaws/elb/load_balancer.rb
-- lib/zaws/helper/file.rb
 - lib/zaws/helper/option.rb
 - lib/zaws/helper/output.rb
 - lib/zaws/helper/shell.rb
+- lib/zaws/helper/zfile.rb
 - lib/zaws/route53.rb
 - lib/zaws/route53/hosted_zone.rb
 - lib/zaws/version.rb
@@ -302,7 +303,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 2757590543026909209
+      hash: -2074333485879354907
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -311,7 +312,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 2757590543026909209
+      hash: -2074333485879354907
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.24