kotovalexarian-likes-github/fog--fog
1
0
Fork 0
mirror of https://github.com/fog/fog.git synced 2022-11-09 13:51:43 -05:00
Code Releases Activity

add authorize and revoke port range for security group

Browse source
This commit is contained in:
Bulat Shakirzyanov 2012-06-15 19:12:59 -07:00
parent 42b7e1dca6
commit 038d64ed47
3 changed files with 77 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

86
lib/fog/aws/models/compute/security_group.rb
View file

@ -40,6 +40,8 @@ module Fog
#
def authorize_group_and_owner(group, owner = nil)
Fog::Logger.deprecation("authorize_group_and_ownder is deprecated, use authorize_port_range with :group option instead")
requires_one :name, :group_id
connection.authorize_security_group_ingress(
@ -62,6 +64,7 @@ module Fog
# options::
# A hash that can contain any of the following keys:
# :cidr_ip (defaults to "0.0.0.0/0")
# :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip
# :ip_protocol (defaults to "tcp")
#
# == Returns:
@ -81,21 +84,26 @@ module Fog
def authorize_port_range(range, options = {})
requires_one :name, :group_id
ip_permission = {
'FromPort' => range.min,
'ToPort' => range.max,
'IpProtocol' => options[:ip_protocol] || 'tcp'
}
if options[:group].nil?
ip_permission['IpRanges'] = [
{ 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
]
else
ip_permission['Groups'] = [
group_info(options[:group])
]
end
connection.authorize_security_group_ingress(
name,
'GroupId' => group_id,
'IpPermissions' => [
{
'FromPort' => range.min,
'ToPort' => range.max,
'IpProtocol' => options[:ip_protocol] || 'tcp',
'IpRanges' => [
{
'CidrIp' => options[:cidr_ip] || '0.0.0.0/0'
}
]
}
]
'IpPermissions' => [ ip_permission ]
)
end
@ -146,6 +154,8 @@ module Fog
#
def revoke_group_and_owner(group, owner = nil)
Fog::Logger.deprecation("revoke_group_and_owner is deprecated, use revoke_port_range with :group option instead")
requires_one :name, :group_id
connection.revoke_security_group_ingress(
@ -168,6 +178,7 @@ module Fog
# options::
# A hash that can contain any of the following keys:
# :cidr_ip (defaults to "0.0.0.0/0")
# :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip
# :ip_protocol (defaults to "tcp")
#
# == Returns:
@ -187,21 +198,26 @@ module Fog
def revoke_port_range(range, options = {})
requires_one :name, :group_id
ip_permission = {
'FromPort' => range.min,
'ToPort' => range.max,
'IpProtocol' => options[:ip_protocol] || 'tcp'
}
if options[:group].nil?
ip_permission['IpRanges'] = [
{ 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
]
else
ip_permission['Groups'] = [
group_info(options[:group])
]
end
connection.revoke_security_group_ingress(
name,
'GroupId' => group_id,
'IpPermissions' => [
{
'FromPort' => range.min,
'ToPort' => range.max,
'IpProtocol' => options[:ip_protocol] || 'tcp',
'IpRanges' => [
{
'CidrIp' => options[:cidr_ip] || '0.0.0.0/0'
}
]
}
]
'IpPermissions' => [ ip_permission ]
)
end
@ -224,6 +240,28 @@ module Fog
true
end
private
def group_info(group_str)
account, group = group_str.split(":")
if account.empty? || group.nil? || group.empty?
raise ArgumentError, "group must be specified in form of \"<account id>:<group name or id>\", #{group_str} given"
end
info = { 'UserId' => account }
if group.start_with?("sg-")
# we're dealing with a security group id
info['GroupId'] = group
else
# this has to be a security group name
info['GroupName'] = group
end
info
end
end
end

2
lib/fog/aws/requests/compute/authorize_security_group_ingress.rb
View file

@ -184,7 +184,7 @@ module Fog
'ipProtocol' => permission['IpProtocol'],
'fromPort' => Integer(permission['FromPort']),
'toPort' => Integer(permission['ToPort']),
'groups' => (permission['Groups'] || []).map {|g| {'groupName' => g['GroupName'], 'userId' => g['UserId'] || self.data[:owner_id], 'groupId' => self.data[:security_groups][g['GroupName']]['groupId']} },
'groups' => (permission['Groups'] || []).map {|g| {'groupName' => g['GroupName'], 'userId' => g['UserId'] || self.data[:owner_id], 'groupId' => self.data[:security_groups][g['GroupName']] && self.data[:security_groups][g['GroupName']]['groupId']} },
'ipRanges' => (permission['IpRanges'] || []).map {|r| { 'cidrIp' => r['CidrIp'] } }
}
else

14
tests/aws/models/compute/security_group_tests.rb
View file

@ -31,6 +31,20 @@ Shindo.tests("Fog::Compute[:aws] | security_group", ['aws']) do
@group.ip_permissions.empty?
end
test("authorize port range access by another security group") do
@other_group.reload
@group.authorize_port_range(5000..6000, {:group => "#{@other_group.owner_id}:#{@other_group.group_id}"})
@group.reload
@group.ip_permissions.size == 1
end
test("revoke port range access by another security group") do
@other_group.reload
@group.revoke_port_range(5000..6000, {:group => "#{@other_group.owner_id}:#{@other_group.group_id}"})
@group.reload
@group.ip_permissions.empty?
end
@other_group.destroy
@group.destroy
end