Module: Stem::Group

Extended by:

Group

Includes:

Util

Included in:

Group

Defined in:

lib/stem/group.rb

Instance Method Summary

• #auth(name, rules) ⇒ Object
• #create(name, rules = nil, description = nil) ⇒ Object
• #create!(name, rules = nil, description = nil) ⇒ Object
• #destroy(name) ⇒ Object
• #destroy!(name) ⇒ Object
• #gen_authorize(index, rule) ⇒ Object
• #gen_authorize_ports(index, ports) ⇒ Object
• #gen_authorize_target(index, target) ⇒ Object
• #get(name) ⇒ Object

  icmp://1.2.3.4/32 icmp://1.2.3.4/32:8-0 icmp://GroupName icmp://GroupName@UserId icmp://@UserId tcp://0.0.0.0/0:22 tcp://0.0.0.0/0:22-23 tcp://10.0.0.0/8: (this imples 0-65535 udp://GroupName:4567 udp://GroupName@UserID:4567-9999.

• #parse_rule_ports(rule) ⇒ Object
• #revoke(name, rules) ⇒ Object
• #rules(name) ⇒ Object

Methods included from Util

#get_filter_opts, #swirl, #tags_to_filter, #tagset_to_hash

Instance Method Details

#auth(name, rules) ⇒ Object

# File 'lib/stem/group.rb', line 54

def auth(name, rules)
  index = 0
  args = rules.inject({"GroupName" => name}) do |i,rule|
      index += 1;
      rule_hash = gen_authorize(index, rule)
      i.merge(rule_hash)
  end
  swirl.call "AuthorizeSecurityGroupIngress", args
end

#create(name, rules = nil, description = nil) ⇒ Object

# File 'lib/stem/group.rb', line 26

def create(name, rules = nil, description = nil)
    create!(name, rules, description)
    true
  rescue Swirl::InvalidRequest => e
    raise e unless e.message =~ /The security group '\S+' already exists/
    false
end

#create!(name, rules = nil, description = nil) ⇒ Object

# File 'lib/stem/group.rb', line 34

def create!(name, rules = nil, description = nil)
  description ||= name
  swirl.call "CreateSecurityGroup",  "GroupName" => name, "GroupDescription" => description
  auth(name, rules) if rules
end

#destroy(name) ⇒ Object

# File 'lib/stem/group.rb', line 40

def destroy(name)
    destroy!(name)
    true
  rescue Swirl::InvalidRequest => e
    puts "===> #{e.class}"
    puts "===> #{e.message}"
    puts "#{e.backtrace.join("\n")}"
    false
end

#destroy!(name) ⇒ Object

# File 'lib/stem/group.rb', line 50

def destroy!(name)
  swirl.call "DeleteSecurityGroup", "GroupName" => name
end

#gen_authorize(index, rule) ⇒ Object

# File 'lib/stem/group.rb', line 120

def gen_authorize(index, rule)
  if rule =~ /icmp:\/\/([^:]+)(?::(.*))?/
    auth = { "IpPermissions.#{index}.IpProtocol"         => "icmp",
      "IpPermissions.#{index}.FromPort"           => "-1",
      "IpPermissions.#{index}.ToPort"             => "-1" }.merge(gen_authorize_target(index,$1))
    $2 ? auth.merge(gen_authorize_ports(index, $2)) : auth
  elsif rule =~ /(tcp|udp):\/\/(.*):(.*)/
    { "IpPermissions.#{index}.IpProtocol"         => $1 }.merge(gen_authorize_target(index,$2)).merge(gen_authorize_ports(index,$3))
  else
    raise "bad rule: #{rule}"
  end
end

#gen_authorize_ports(index, ports) ⇒ Object

# File 'lib/stem/group.rb', line 105

def gen_authorize_ports(index, ports)
  if ports =~ /^(\d+)-(\d+)$/
    { "IpPermissions.#{index}.FromPort"           => $1,
      "IpPermissions.#{index}.ToPort"             => $2 }
  elsif ports =~ /^(\d+)$/
    { "IpPermissions.#{index}.FromPort"           => $1,
      "IpPermissions.#{index}.ToPort"             => $1 }
  elsif ports == ""
    { "IpPermissions.#{index}.FromPort"           => "0",
      "IpPermissions.#{index}.ToPort"             => "65535" }
  else
    raise "bad ports: #{rule}"
  end
end

#gen_authorize_target(index, target) ⇒ Object

# File 'lib/stem/group.rb', line 92

def gen_authorize_target(index, target)
  if target =~ /^\d+\.\d+\.\d+.\d+\/\d+$/
    { "IpPermissions.#{index}.IpRanges.1.CidrIp"  => target }
  elsif target =~ /^(.+)@(\w+)$/
    { "IpPermissions.#{index}.Groups.1.GroupName" => $1,
      "IpPermissions.#{index}.Groups.1.UserId"    => $2 }
  elsif target =~ /^@(\w+)$/
    { "IpPermissions.#{index}.Groups.1.UserId"    => $1 }
  else
    { "IpPermissions.#{index}.Groups.1.GroupName" => target }
  end
end

#get(name) ⇒ Object

icmp://1.2.3.4/32 icmp://1.2.3.4/32:8-0 icmp://GroupName icmp://GroupName@UserId icmp://@UserId tcp://0.0.0.0/0:22 tcp://0.0.0.0/0:22-23 tcp://10.0.0.0/8: (this imples 0-65535 udp://GroupName:4567 udp://GroupName@UserID:4567-9999

# File 'lib/stem/group.rb', line 19

def get(name)
    swirl.call("DescribeSecurityGroups", "GroupName.1" => name)["securityGroupInfo"].first
  rescue Swirl::InvalidRequest => e
    raise e unless e.message =~ /The security group '\S+' does not exist/
    nil
end

#parse_rule_ports(rule) ⇒ Object

# File 'lib/stem/group.rb', line 133

def parse_rule_ports(rule)
  if rule['ipProtocol'] == 'icmp' && rule['fromPort'] == '-1' && rule['toPort'] == '-1'
    ""
  elsif rule['fromPort'] == '0' && rule['toPort'] == '65535'
    ":"
  else
    ":#{[ rule['fromPort'], rule['toPort']].uniq.join('-')}"
  end
end

#revoke(name, rules) ⇒ Object

# File 'lib/stem/group.rb', line 64

def revoke(name, rules)
  index = 0
  args = rules.inject({"GroupName" => name}) do |i,rule|
      index += 1;
      rule_hash = gen_authorize(index, rule)
      i.merge(rule_hash)
  end
  swirl.call "RevokeSecurityGroupIngress", args
end

#rules(name) ⇒ Object

# File 'lib/stem/group.rb', line 74

def rules(name)
  group = get(name)
  return unless group
  perms = group["ipPermissions"] || []
  list = []
  perms.map do |h|
    h['ipRanges'].each do |ipr|
      rule = "#{h['ipProtocol']}://#{ipr['cidrIp']}"
      list << [ rule, parse_rule_ports(h) ].join
    end if h['ipRanges']
    h['groups'].each do |group|
      rule = "#{h['ipProtocol']}://#{group['groupName']}@#{group['userId']}"
      list << [ rule, parse_rule_ports(h) ].join
    end if h['groups']
  end
  list
end