Module: Stem::Group

Extended by:
Group
Includes:
Util
Included in:
Group
Defined in:
lib/stem/group.rb

Instance Method Summary collapse

Methods included from Util

#get_filter_opts, #swirl, #tags_to_filter, #tagset_to_hash

Instance Method Details

#auth(name, rules) ⇒ Object 



53
54
55
56
57
58
59
60
61
 
# File 'lib/stem/group.rb', line 53

def auth(name, rules)
  index = 0
  args = rules.inject({"GroupName" => name}) do |i,rule|
      index += 1;
      rule_hash = gen_authorize(index, rule)
      i.merge(rule_hash)
  end
  swirl.call "AuthorizeSecurityGroupIngress", args
end

#create(name, rules = nil, description = nil) ⇒ Object 



25
26
27
28
29
30
31
 
# File 'lib/stem/group.rb', line 25

def create(name, rules = nil, description = nil)
    create!(name, rules, description)
    true
  rescue Swirl::InvalidRequest => e
    raise e unless e.message =~ /The security group '\S+' already exists/
    false
end

#create!(name, rules = nil, description = nil) ⇒ Object 



33
34
35
36
37
 
# File 'lib/stem/group.rb', line 33

def create!(name, rules = nil, description = nil)
  description ||= name
  swirl.call "CreateSecurityGroup",  "GroupName" => name, "GroupDescription" => description
  auth(name, rules) if rules
end

#destroy(name) ⇒ Object 



39
40
41
42
43
44
45
46
47
 
# File 'lib/stem/group.rb', line 39

def destroy(name)
    destroy!(name)
    true
  rescue Swirl::InvalidRequest => e
    puts "===> #{e.class}"
    puts "===> #{e.message}"
    puts "#{e.backtrace.join("\n")}"
    false
end

#destroy!(name) ⇒ Object 



49
50
51
 
# File 'lib/stem/group.rb', line 49

def destroy!(name)
  swirl.call "DeleteSecurityGroup", "GroupName" => name
end

#gen_authorize(index, rule) ⇒ Object 



119
120
121
122
123
124
125
126
127
128
129
 
# File 'lib/stem/group.rb', line 119

def gen_authorize(index, rule)
  if rule =~ /icmp:\/\/(.+)/
    { "IpPermissions.#{index}.IpProtocol"         => "icmp",
      "IpPermissions.#{index}.FromPort"           => "-1",
      "IpPermissions.#{index}.ToPort"             => "-1" }.merge(gen_authorize_target(index,$1))
  elsif rule =~ /(tcp|udp):\/\/(.*):(.*)/
    { "IpPermissions.#{index}.IpProtocol"         => $1 }.merge(gen_authorize_target(index,$2)).merge(gen_authorize_ports(index,$3))
  else
    raise "bad rule: #{rule}"
  end
end

#gen_authorize_ports(index, ports) ⇒ Object 



104
105
106
107
108
109
110
111
112
113
114
115
116
117
 
# File 'lib/stem/group.rb', line 104

def gen_authorize_ports(index, ports)
  if ports =~ /^(\d+)-(\d+)$/
    { "IpPermissions.#{index}.FromPort"           => $1,
      "IpPermissions.#{index}.ToPort"             => $2 }
  elsif ports =~ /^(\d+)$/
    { "IpPermissions.#{index}.FromPort"           => $1,
      "IpPermissions.#{index}.ToPort"             => $1 }
  elsif ports == ""
    { "IpPermissions.#{index}.FromPort"           => "0",
      "IpPermissions.#{index}.ToPort"             => "65535" }
  else
    raise "bad ports: #{rule}"
  end
end

#gen_authorize_target(index, target) ⇒ Object 



91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/stem/group.rb', line 91

def gen_authorize_target(index, target)
  if target =~ /^\d+\.\d+\.\d+.\d+\/\d+$/
    { "IpPermissions.#{index}.IpRanges.1.CidrIp"  => target }
  elsif target =~ /^(.+)@(\w+)$/
    { "IpPermissions.#{index}.Groups.1.GroupName" => $1,
      "IpPermissions.#{index}.Groups.1.UserId"    => $2 }
  elsif target =~ /^@(\w+)$/
    { "IpPermissions.#{index}.Groups.1.UserId"    => $1 }
  else
    { "IpPermissions.#{index}.Groups.1.GroupName" => target }
  end
end

#get(name) ⇒ Object

icmp://1.2.3.4/32 icmp://GroupName icmp://GroupName@UserId icmp://@UserId tcp://0.0.0.0/0:22 tcp://0.0.0.0/0:22-23 tcp://10.0.0.0/8: (this imples 0-65535 udp://GroupName:4567 udp://GroupName@UserID:4567-9999



18
19
20
21
22
23
 
# File 'lib/stem/group.rb', line 18

def get(name)
    swirl.call("DescribeSecurityGroups", "GroupName.1" => name)["securityGroupInfo"].first
  rescue Swirl::InvalidRequest => e
    raise e unless e.message =~ /The security group '\S+' does not exist/
    nil
end

#parse_rule_ports(rule) ⇒ Object 



131
132
133
134
135
136
137
138
139
 
# File 'lib/stem/group.rb', line 131

def parse_rule_ports(rule)
  if rule['ipProtocol'] == 'icmp'
    ""
  elsif rule['fromPort'] == '0' && rule['toPort'] == '65535'
    ":"
  else
    ":#{[ rule['fromPort'], rule['toPort']].uniq.join('-')}"
  end
end

#revoke(name, rules) ⇒ Object 



63
64
65
66
67
68
69
70
71
 
# File 'lib/stem/group.rb', line 63

def revoke(name, rules)
  index = 0
  args = rules.inject({"GroupName" => name}) do |i,rule|
      index += 1;
      rule_hash = gen_authorize(index, rule)
      i.merge(rule_hash)
  end
  swirl.call "RevokeSecurityGroupIngress", args
end

#rules(name) ⇒ Object 



73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'lib/stem/group.rb', line 73

def rules(name)
  group = get(name)
  return unless group
  perms = group["ipPermissions"] || []
  list = []
  perms.map do |h|
    h['ipRanges'].each do |ipr|
      rule = "#{h['ipProtocol']}://#{ipr['cidrIp']}"
      list << [ rule, parse_rule_ports(h) ].join
    end if h['ipRanges']
    h['groups'].each do |group|
      rule = "#{h['ipProtocol']}://#{group['groupName']}@#{group['userId']}"
      list << [ rule, parse_rule_ports(h) ].join
    end if h['groups']
  end
  list
end