diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-11-19 15:03:47 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-11-19 15:06:33 +0200 |
commit | 0a3f8aae4a41c4aa8435214e235af509cd5f4435 (patch) | |
tree | 6b5e73c8ab74121123584dd2c62b80931d23a636 | |
parent | bedc4dc0057f4d713a4186e79d812f5e9552cfc2 (diff) | |
download | eclat-0a3f8aae4a41c4aa8435214e235af509cd5f4435.tar.gz eclat-0a3f8aae4a41c4aa8435214e235af509cd5f4435.tar.bz2 |
Add operations on egress rules for VPC security groups.
* src/sg-cl.opt: New options: --input (--ingress, -I), and
--output (--egress, -O).
* src/sg.c (command): const.
* doc/eclat-sg.1: Document --input/--output modifiers.
* TODO: Likewise.
* etc/sg.fln: Add support for egress responses.
-rw-r--r-- | TODO | 4 | ||||
-rw-r--r-- | doc/eclat-sg.1 | 35 | ||||
-rw-r--r-- | etc/sg.fln | 10 | ||||
-rw-r--r-- | src/sg-cl.opt | 32 | ||||
-rw-r--r-- | src/sg.c | 2 |
5 files changed, 74 insertions, 9 deletions
@@ -17,7 +17,7 @@ AttachInternetGateway atigw [X] [ ] | |||
17 | AttachNetworkInterface - [ ] [ ] | 17 | AttachNetworkInterface - [ ] [ ] |
18 | AttachVolume atvol [X] [X] | 18 | AttachVolume atvol [X] [X] |
19 | AttachVpnGateway - [ ] [ ] | 19 | AttachVpnGateway - [ ] [ ] |
20 | AuthorizeSecurityGroupEgress - [ ] [ ] | 20 | AuthorizeSecurityGroupEgress sg [X] [X] |
21 | AuthorizeSecurityGroupIngress sg [X] [X] | 21 | AuthorizeSecurityGroupIngress sg [X] [X] |
22 | BundleInstance - [ ] [ ] | 22 | BundleInstance - [ ] [ ] |
23 | CancelBundleTask - [ ] [ ] | 23 | CancelBundleTask - [ ] [ ] |
@@ -146,7 +146,7 @@ ResetImageAttribute - [ ] [ ] | |||
146 | ResetInstanceAttribute - [ ] [ ] | 146 | ResetInstanceAttribute - [ ] [ ] |
147 | ResetNetworkInterfaceAttribute - [ ] [ ] | 147 | ResetNetworkInterfaceAttribute - [ ] [ ] |
148 | ResetSnapshotAttribute clrsattr [X] [X] | 148 | ResetSnapshotAttribute clrsattr [X] [X] |
149 | RevokeSecurityGroupEgress - [ ] [ ] | 149 | RevokeSecurityGroupEgress sg [X] [X] |
150 | RevokeSecurityGroupIngress sg [X] [X] | 150 | RevokeSecurityGroupIngress sg [X] [X] |
151 | RunInstances mkinst [X] [X] | 151 | RunInstances mkinst [X] [X] |
152 | StartInstances start [X] [X] | 152 | StartInstances start [X] [X] |
diff --git a/doc/eclat-sg.1 b/doc/eclat-sg.1 index 06a51cd..d60639b 100644 --- a/doc/eclat-sg.1 +++ b/doc/eclat-sg.1 | |||
@@ -13,13 +13,15 @@ | |||
13 | .\" | 13 | .\" |
14 | .\" You should have received a copy of the GNU General Public License | 14 | .\" You should have received a copy of the GNU General Public License |
15 | .\" along with Eclat. If not, see <http://www.gnu.org/licenses/>. | 15 | .\" along with Eclat. If not, see <http://www.gnu.org/licenses/>. |
16 | .TH ECLAT-SG 1 "January 26, 2015" "ECLAT" "Eclat User Reference" | 16 | .TH ECLAT-SG 1 "November 19, 2015" "ECLAT" "Eclat User Reference" |
17 | .SH NAME | 17 | .SH NAME |
18 | eclat-sg \- manipulate security groups | 18 | eclat-sg \- manipulate security groups |
19 | .SH SYNOPSIS | 19 | .SH SYNOPSIS |
20 | .nh | 20 | .nh |
21 | .na | 21 | .na |
22 | \fBeclat sg\fR \fB\-A\fR|\fB\-D\fR|\fB\-\-add\fR|\fB\-\-delete\fR [\fB\-Nn\fR]\ | 22 | \fBeclat sg\fR\ |
23 | [\fB\-\-input\fR|\fB\-\-ingress\fR|\fB\-I\fR|\fB\-\-output\fR|\fB\-\-egress\fR|\fB\-O\fR]\ | ||
24 | \fB\-A\fR|\fB\-D\fR|\fB\-\-add\fR|\fB\-\-delete\fR [\fB\-Nn\fR]\ | ||
23 | [\fB\-G\fR \fINAME\fR] [\fB\-P\fR \fIPORT\fR[\fB\-\fIPORT\fR]]\ | 25 | [\fB\-G\fR \fINAME\fR] [\fB\-P\fR \fIPORT\fR[\fB\-\fIPORT\fR]]\ |
24 | [\fB\-g\fR \fIID\fR] [\fB\-p\fR \fIPROTO\fR] [\fB\-s\fR \fICIDR\fR]\ | 26 | [\fB\-g\fR \fIID\fR] [\fB\-p\fR \fIPROTO\fR] [\fB\-s\fR \fICIDR\fR]\ |
25 | [\fB\-u\fR \fIUSER\fR] [\fB\-\-group\-id\fR=\fIID\fR]\ | 27 | [\fB\-u\fR \fIUSER\fR] [\fB\-\-group\-id\fR=\fIID\fR]\ |
@@ -48,8 +50,8 @@ either the group ID, or group name. In the latter case, the | |||
48 | \fB\-\-name\fR (\fB\-n\fR) option should be given. | 50 | \fB\-\-name\fR (\fB\-n\fR) option should be given. |
49 | .PP | 51 | .PP |
50 | When used with \fB\-\-add\fR (\fB\-A\fR) option, the command adds the | 52 | When used with \fB\-\-add\fR (\fB\-A\fR) option, the command adds the |
51 | rules to the security groups. The rules are described using the command | 53 | rules to the security groups. The rules to add are |
52 | line options. For example: | 54 | described by the command line options that follow. For example: |
53 | .PP | 55 | .PP |
54 | .EX | 56 | .EX |
55 | .B eclat sg --add --proto tcp --port 22 --source 192.0.2.0/24 sg-01234567 | 57 | .B eclat sg --add --proto tcp --port 22 --source 192.0.2.0/24 sg-01234567 |
@@ -72,7 +74,32 @@ Several rules can be added in one invocation. The \fB\-\-next\fR | |||
72 | .PP | 74 | .PP |
73 | The \fB\-\-delete\fR (\fB\-D\fR) option deletes existing rules, which | 75 | The \fB\-\-delete\fR (\fB\-D\fR) option deletes existing rules, which |
74 | are defined using the same syntax as described above. | 76 | are defined using the same syntax as described above. |
77 | .PP | ||
78 | By default, both \fB\-\-add\fR and \fB\-\-delete\fR operate on ingress | ||
79 | rules. This can be changed by placing the \fB\-\-output\fR | ||
80 | (\fB\-O\fR) option before them. The \fB\-\-output\fR option remains | ||
81 | in effect for all options that follow it. The \fB\-\-input option | ||
82 | cancels its effect. | ||
83 | .PP | ||
84 | The \fB\-\-list\fR (\fB\-L\fR) option instructs the program to list | ||
85 | rules in the named security group. If no group is specified, all | ||
86 | existing groups will be listed. | ||
75 | .SH OPTIONS | 87 | .SH OPTIONS |
88 | .SS Modifiers | ||
89 | .TP | ||
90 | \fB\-\-input\fR, \fB\-\-ingress\fR, \fB\-I\fR | ||
91 | Operate on the ingress rules. | ||
92 | .TP | ||
93 | \fB\-\-output\fR, \fB\-\-egress\fR, \fB\-O\fR | ||
94 | Operate on the egress rules. | ||
95 | .PP | ||
96 | These modifiers apply to all \fB\-\-add\fR and \fB\-\-delete\fR | ||
97 | options that follow them, until another modifier or end of line is | ||
98 | encountered. | ||
99 | .PP | ||
100 | By default, \fB\-\-input\fR is assumed. | ||
101 | .PP | ||
102 | The \fB\-\-output\fR modifier is valid only for EC2-VPC. | ||
76 | .SS Commands | 103 | .SS Commands |
77 | These options define the operation to be performed over the security | 104 | These options define the operation to be performed over the security |
78 | group. A valid invocation of the \fBsg\fR subcommand must contain | 105 | group. A valid invocation of the \fBsg\fR subcommand must contain |
@@ -24,5 +24,15 @@ if (.AuthorizeSecurityGroupIngressResponse.return) { | |||
24 | error("Return: ",.RevokeSecurityGroupIngressResponse.return,"\n"); | 24 | error("Return: ",.RevokeSecurityGroupIngressResponse.return,"\n"); |
25 | exit(1); | 25 | exit(1); |
26 | } | 26 | } |
27 | } else if (.AuthorizeSecurityGroupEgressResponse.return) { | ||
28 | if (!.AuthorizeSecurityGroupEgressResponse.return[true]) { | ||
29 | error("Return: ",.AuthorizeSecurityGroupEressResponse.return,"\n"); | ||
30 | exit(1); | ||
31 | } | ||
32 | } else if (.RevokeSecurityGroupEgressResponse.return) { | ||
33 | if (!.RevokeSecurityGroupEgressResponse.return[true]) { | ||
34 | error("Return: ",.RevokeSecurityGroupEgressResponse.return,"\n"); | ||
35 | exit(1); | ||
36 | } | ||
27 | } | 37 | } |
28 | 38 | ||
diff --git a/src/sg-cl.opt b/src/sg-cl.opt index 6b223b2..a54192a 100644 --- a/src/sg-cl.opt +++ b/src/sg-cl.opt | |||
@@ -14,20 +14,48 @@ | |||
14 | You should have received a copy of the GNU General Public License | 14 | You should have received a copy of the GNU General Public License |
15 | along with Eclat. If not, see <http://www.gnu.org/licenses/>. */ | 15 | along with Eclat. If not, see <http://www.gnu.org/licenses/>. */ |
16 | 16 | ||
17 | #define DIR_INGRESS 0 | ||
18 | #define DIR_EGRESS 1 | ||
19 | |||
20 | static char const *authorize_comtab[] = { | ||
21 | "AuthorizeSecurityGroupIngress", | ||
22 | "AuthorizeSecurityGroupEgress" | ||
23 | }; | ||
24 | static char const *revoke_comtab[] = { | ||
25 | "RevokeSecurityGroupIngress", | ||
26 | "RevokeSecurityGroupEgress" | ||
27 | }; | ||
28 | static int direction = DIR_INGRESS; | ||
29 | |||
17 | ECLAT_CL_BEGIN([<modify ingress rules of a security group>], | 30 | ECLAT_CL_BEGIN([<modify ingress rules of a security group>], |
18 | [<[GROUPARG]>]) | 31 | [<[GROUPARG]>]) |
19 | 32 | ||
33 | GROUP(Direction) | ||
34 | OPTION(input,I,, | ||
35 | [<input (ingress)>]) | ||
36 | ALIAS(ingress) | ||
37 | BEGIN | ||
38 | direction = DIR_INGRESS; | ||
39 | END | ||
40 | |||
41 | OPTION(output,O,, | ||
42 | [<output (egress)>]) | ||
43 | ALIAS(egress) | ||
44 | BEGIN | ||
45 | direction = DIR_EGRESS; | ||
46 | END | ||
47 | |||
20 | GROUP(Commands) | 48 | GROUP(Commands) |
21 | OPTION(add,A,, | 49 | OPTION(add,A,, |
22 | [<add rules>]) | 50 | [<add rules>]) |
23 | BEGIN | 51 | BEGIN |
24 | command = "AuthorizeSecurityGroupIngress"; | 52 | command = authorize_comtab[direction]; |
25 | END | 53 | END |
26 | 54 | ||
27 | OPTION(delete,D,, | 55 | OPTION(delete,D,, |
28 | [<delete rules>]) | 56 | [<delete rules>]) |
29 | BEGIN | 57 | BEGIN |
30 | command = "RevokeSecurityGroupIngress"; | 58 | command = revoke_comtab[direction]; |
31 | END | 59 | END |
32 | 60 | ||
33 | OPTION(list,L,, | 61 | OPTION(list,L,, |
@@ -26,7 +26,7 @@ struct groupkw groupkw[] = { | |||
26 | }; | 26 | }; |
27 | 27 | ||
28 | static struct ec2_request *request; | 28 | static struct ec2_request *request; |
29 | static char *command; | 29 | static char const *command; |
30 | static int list_option; | 30 | static int list_option; |
31 | static int dest_n = GROUP_ID; | 31 | static int dest_n = GROUP_ID; |
32 | static char *proto = "tcp"; | 32 | static char *proto = "tcp"; |