Add operations on egress rules for VPC security groups.

* src/sg-cl.opt: New options: --input (--ingress, -I), and --output (--egress, -O). * src/sg.c (command): const. * doc/eclat-sg.1: Document --input/--output modifiers. * TODO: Likewise. * etc/sg.fln: Add support for egress responses.
author: Sergey Poznyakoff <gray@gnu.org.ua> 2015-11-19 15:03:47 +0200
committer: Sergey Poznyakoff <gray@gnu.org.ua> 2015-11-19 15:06:33 +0200
commit: 0a3f8aae4a41c4aa8435214e235af509cd5f4435 (patch)
tree: 6b5e73c8ab74121123584dd2c62b80931d23a636
parent: bedc4dc0057f4d713a4186e79d812f5e9552cfc2 (diff)
download: eclat-0a3f8aae4a41c4aa8435214e235af509cd5f4435.tar.gz
eclat-0a3f8aae4a41c4aa8435214e235af509cd5f4435.tar.bz2
5 files changed, 74 insertions, 9 deletions
diff --git a/TODO b/TODO
index 1a1686b..4fa62d9 100644
--- a/TODO
+++ b/TODO
@@ -17,7 +17,7 @@ AttachInternetGateway              atigw                      [X]        [ ]
 AttachNetworkInterface             -                          [ ]        [ ]
 AttachVolume                       atvol                      [X]        [X]
 AttachVpnGateway                   -                          [ ]        [ ]
-AuthorizeSecurityGroupEgress       -                          [ ]        [ ]
+AuthorizeSecurityGroupEgress       sg                         [X]        [X]
 AuthorizeSecurityGroupIngress      sg                         [X]        [X]
 BundleInstance                     -                          [ ]        [ ]
 CancelBundleTask                   -                          [ ]        [ ]
@@ -146,7 +146,7 @@ ResetImageAttribute                -                          [ ]        [ ]
 ResetInstanceAttribute             -                          [ ]        [ ]
 ResetNetworkInterfaceAttribute     -                          [ ]        [ ]
 ResetSnapshotAttribute             clrsattr                   [X]        [X]
-RevokeSecurityGroupEgress          -                          [ ]        [ ]
+RevokeSecurityGroupEgress          sg                         [X]        [X]
 RevokeSecurityGroupIngress         sg                         [X]        [X]
 RunInstances                       mkinst                     [X]        [X]
 StartInstances                     start                      [X]        [X]
diff --git a/doc/eclat-sg.1 b/doc/eclat-sg.1
index 06a51cd..d60639b 100644
--- a/doc/eclat-sg.1
+++ b/doc/eclat-sg.1
@@ -13,13 +13,15 @@
 .\"
 .\" You should have received a copy of the GNU General Public License
 .\" along with Eclat.  If not, see <http://www.gnu.org/licenses/>.
-.TH ECLAT-SG 1 "January 26, 2015" "ECLAT" "Eclat User Reference"
+.TH ECLAT-SG 1 "November 19, 2015" "ECLAT" "Eclat User Reference"
 .SH NAME
 eclat-sg \- manipulate security groups
 .SH SYNOPSIS
 .nh
 .na
-\fBeclat sg\fR \fB\-A\fR|\fB\-D\fR|\fB\-\-add\fR|\fB\-\-delete\fR [\fB\-Nn\fR]\
+\fBeclat sg\fR\
+ [\fB\-\-input\fR|\fB\-\-ingress\fR|\fB\-I\fR|\fB\-\-output\fR|\fB\-\-egress\fR|\fB\-O\fR]\
+ \fB\-A\fR|\fB\-D\fR|\fB\-\-add\fR|\fB\-\-delete\fR [\fB\-Nn\fR]\
 [\fB\-G\fR \fINAME\fR] [\fB\-P\fR \fIPORT\fR[\fB\-\fIPORT\fR]]\
 [\fB\-g\fR \fIID\fR] [\fB\-p\fR \fIPROTO\fR] [\fB\-s\fR \fICIDR\fR]\
 [\fB\-u\fR \fIUSER\fR] [\fB\-\-group\-id\fR=\fIID\fR]\
@@ -48,8 +50,8 @@ either the group ID, or group name.  In the latter case, the
 \fB\-\-name\fR (\fB\-n\fR) option should be given.
 .PP
 When used with \fB\-\-add\fR (\fB\-A\fR) option, the command adds the
-rules to the security groups.  The rules are described using the command
+rules to the security groups.  The rules to add are
-line options.  For example:
+described by the command line options that follow.  For example:
 .PP
 .EX
 .B eclat sg --add --proto tcp --port 22 --source 192.0.2.0/24 sg-01234567
@@ -72,7 +74,32 @@ Several rules can be added in one invocation.  The \fB\-\-next\fR
 .PP
 The \fB\-\-delete\fR (\fB\-D\fR) option deletes existing rules, which
 are defined using the same syntax as described above.
+.PP
+By default, both \fB\-\-add\fR and \fB\-\-delete\fR operate on ingress
+rules.  This can be changed by placing the \fB\-\-output\fR
+(\fB\-O\fR) option before them.  The \fB\-\-output\fR option remains
+in effect for all options that follow it.  The \fB\-\-input option
+cancels its effect.
+.PP
+The \fB\-\-list\fR (\fB\-L\fR) option instructs the program to list
+rules in the named security group.  If no group is specified, all
+existing groups will be listed.
 .SH OPTIONS
+.SS Modifiers
+.TP
+\fB\-\-input\fR, \fB\-\-ingress\fR, \fB\-I\fR
+Operate on the ingress rules.
+.TP
+\fB\-\-output\fR, \fB\-\-egress\fR, \fB\-O\fR
+Operate on the egress rules.
+.PP
+These modifiers apply to all \fB\-\-add\fR and \fB\-\-delete\fR
+options that follow them, until another modifier or end of line is
+encountered.
+.PP
+By default, \fB\-\-input\fR is assumed.
+.PP
+The \fB\-\-output\fR modifier is valid only for EC2-VPC.
 .SS Commands
 These options define the operation to be performed over the security
 group.  A valid invocation of the \fBsg\fR subcommand must contain
diff --git a/etc/sg.fln b/etc/sg.fln
index 7050c3a..10dac18 100644
--- a/etc/sg.fln
+++ b/etc/sg.fln
@@ -24,5 +24,15 @@ if (.AuthorizeSecurityGroupIngressResponse.return) {
    error("Return: ",.RevokeSecurityGroupIngressResponse.return,"\n");
    exit(1);
  }
+} else if (.AuthorizeSecurityGroupEgressResponse.return) {
+  if (!.AuthorizeSecurityGroupEgressResponse.return[true]) {
+    error("Return: ",.AuthorizeSecurityGroupEressResponse.return,"\n");
+    exit(1);
+  }
+} else if (.RevokeSecurityGroupEgressResponse.return) {
+  if (!.RevokeSecurityGroupEgressResponse.return[true]) {
+    error("Return: ",.RevokeSecurityGroupEgressResponse.return,"\n");
+    exit(1);
+  }
 }
diff --git a/src/sg-cl.opt b/src/sg-cl.opt
index 6b223b2..a54192a 100644
--- a/src/sg-cl.opt
+++ b/src/sg-cl.opt
@@ -14,20 +14,48 @@
   You should have received a copy of the GNU General Public License
   along with Eclat.  If not, see <http://www.gnu.org/licenses/>. */
+#define DIR_INGRESS 0
+#define DIR_EGRESS  1
+static char const *authorize_comtab[] = {
+        "AuthorizeSecurityGroupIngress",
+        "AuthorizeSecurityGroupEgress"
+};
+static char const *revoke_comtab[] = {
+        "RevokeSecurityGroupIngress",
+        "RevokeSecurityGroupEgress"
+};
+static int direction = DIR_INGRESS;
+   
 ECLAT_CL_BEGIN([<modify ingress rules of a security group>],
               [<[GROUPARG]>])
+GROUP(Direction)
+OPTION(input,I,,
+       [<input (ingress)>])
+ALIAS(ingress)       
+BEGIN
+       direction = DIR_INGRESS;
+END
+OPTION(output,O,,
+       [<output (egress)>])
+ALIAS(egress)
+BEGIN
+       direction = DIR_EGRESS;
+END
+               
 GROUP(Commands)        
 OPTION(add,A,,
       [<add rules>])
 BEGIN
-       command = "AuthorizeSecurityGroupIngress";
+       command = authorize_comtab[direction];
 END
 OPTION(delete,D,,
       [<delete rules>])
 BEGIN
-       command = "RevokeSecurityGroupIngress";
+       command = revoke_comtab[direction];
 END
 OPTION(list,L,,
diff --git a/src/sg.c b/src/sg.c
index a1842c3..4ae0b60 100644
--- a/src/sg.c
+++ b/src/sg.c
@@ -26,7 +26,7 @@ struct groupkw groupkw[] = {
 };
 static struct ec2_request *request;
-static char *command;
+static char const *command;
 static int list_option;
 static int dest_n = GROUP_ID;
 static char *proto = "tcp";
author	Sergey Poznyakoff <gray@gnu.org.ua>	2015-11-19 15:03:47 +0200
committer	Sergey Poznyakoff <gray@gnu.org.ua>	2015-11-19 15:06:33 +0200
commit	0a3f8aae4a41c4aa8435214e235af509cd5f4435 (patch)
tree	6b5e73c8ab74121123584dd2c62b80931d23a636
parent	bedc4dc0057f4d713a4186e79d812f5e9552cfc2 (diff)
download	eclat-0a3f8aae4a41c4aa8435214e235af509cd5f4435.tar.gz eclat-0a3f8aae4a41c4aa8435214e235af509cd5f4435.tar.bz2