aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2013-12-17 00:55:05 +0200
committerSergey Poznyakoff <gray@gnu.org.ua>2013-12-17 00:55:05 +0200
commit2d1ccdcc5baef88fa65d0052c96de1e4f8213ceb (patch)
treec9f78cfa62bc6a4f03ab31c019eec974c95fae48
parent7641c3ffc301d1b4fd444d39e18ca85e1a86fba8 (diff)
downloadeclat-2d1ccdcc5baef88fa65d0052c96de1e4f8213ceb.tar.gz
eclat-2d1ccdcc5baef88fa65d0052c96de1e4f8213ceb.tar.bz2
Document sg
* TODO: Update. * doc/Makefile.inc: Add eclat-sg.1 * doc/eclat-lssg.1: Update. * doc/eclat-sg.1: New file. * src/sg-cl.opt: Fix docstrings.
-rw-r--r--TODO4
-rw-r--r--doc/Makefile.inc1
-rw-r--r--doc/eclat-lssg.15
-rw-r--r--doc/eclat-sg.1154
-rw-r--r--src/sg-cl.opt10
5 files changed, 165 insertions, 9 deletions
diff --git a/TODO b/TODO
index e04c596..c8182b6 100644
--- a/TODO
+++ b/TODO
@@ -18,7 +18,7 @@ AttachNetworkInterface - [ ] [ ]
AttachVolume atvol [X] [X]
AttachVpnGateway - [ ] [ ]
AuthorizeSecurityGroupEgress - [ ] [ ]
-AuthorizeSecurityGroupIngress sg [X] [ ]
+AuthorizeSecurityGroupIngress sg [X] [X]
BundleInstance - [ ] [ ]
CancelBundleTask - [ ] [ ]
CancelConversionTask - [ ] [ ]
@@ -144,7 +144,7 @@ ResetInstanceAttribute - [ ] [ ]
ResetNetworkInterfaceAttribute - [ ] [ ]
ResetSnapshotAttribute clrsattr [X] [X]
RevokeSecurityGroupEgress - [ ] [ ]
-RevokeSecurityGroupIngress sg [X] [ ]
+RevokeSecurityGroupIngress sg [X] [X]
RunInstances mkinst [X] [X]
StartInstances start [X] [X]
StopInstances stop [X] [X]
diff --git a/doc/Makefile.inc b/doc/Makefile.inc
index 0e619cd..4c10f82 100644
--- a/doc/Makefile.inc
+++ b/doc/Makefile.inc
@@ -50,6 +50,7 @@ MANPAGES1=\
eclat-disasaddr.1\
eclat-setiattr.1\
eclat-setsattr.1\
+ eclat-sg.1\
eclat-conmesg.1\
eclat-start.1\
eclat-stop.1\
diff --git a/doc/eclat-lssg.1 b/doc/eclat-lssg.1
index 1f1cfb1..69c31c9 100644
--- a/doc/eclat-lssg.1
+++ b/doc/eclat-lssg.1
@@ -13,7 +13,7 @@
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with Eclat. If not, see <http://www.gnu.org/licenses/>.
-.TH LSSEC 1 "April 20, 2013" "ECLAT" "Eclat User Reference"
+.TH LSSEC 1 "December 16, 2013" "ECLAT" "Eclat User Reference"
.SH NAME
eclat lssg, describe\-security\-groups \- return information about security groups
.SH SYNOPSIS
@@ -108,7 +108,8 @@ user 111122223333, group sg\-99gh4012 ("Group B") 6000\-7000
Outgoing:
.EE
.SH "SEE ALSO"
-.BR eclat (1).
+.BR eclat (1),
+.BR eclat\-sg (1).
.SH AUTHORS
Sergey Poznyakoff
.SH "BUG REPORTS"
diff --git a/doc/eclat-sg.1 b/doc/eclat-sg.1
new file mode 100644
index 0000000..f9f62d6
--- /dev/null
+++ b/doc/eclat-sg.1
@@ -0,0 +1,154 @@
+.\" This file is part of Eclat -*- nroff -*-
+.\" Copyright (C) 2012, 2013 Sergey Poznyakoff
+.\"
+.\" Eclat is free software; you can redistribute it and/or modify
+.\" it under the terms of the GNU General Public License as published by
+.\" the Free Software Foundation; either version 3, or (at your option)
+.\" any later version.
+.\"
+.\" Eclat is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public License
+.\" along with Eclat. If not, see <http://www.gnu.org/licenses/>.
+.TH SG 1 "December 17, 2013" "ECLAT" "Eclat User Reference"
+.SH NAME
+eclat sg \- manipulate security groups
+.SH SYNOPSIS
+\fBeclat sg\fR \fB\-A\fR|\fB\-D\fR|\fB\-\-add\fR|\fB\-\-delete\fR [\fB\-Nn\fR] [\fB\-G\fR \fINAME\fR] [\fB\-P\fR \fIPORT\fR[\fB\-\fIPORT\fR]]
+ [\fB\-g\fR \fIID\fR] [\fB\-p\fR \fIPROTO\fR] [\fB\-s\fR \fICIDR\fR] [\fB\-u\fR \fIUSER\fR] [\fB\-\-group\-id\fR=\fIID\fR]
+ [\fB\-\-group\-name\fR=\fINAME\fR] [\fB\-\-name\fR] [\fB\-\-next\fR, \fB\-\-new\fR]
+ [\fB\-\-port\fR=\fIPORT\fR[\fB\-\fIPORT\fR]] [\fB\-\-protocol\fr=\fIPROTO\fR] [\fB\-\-source\fR=\fICIDR\fR]
+ [\fB\-\-user\fR=\fIUSER\fR] \fIGROUP\fR
+.br
+\fBeclat sg\fR \fB\-\-list\fR|\fB\-L\fR [\fB\-n\fR] [\fB\-\-name\fR] [\fIGROUP\fR]
+.br
+\fBeclat sg\fR \fB\-h\fR
+.br
+\fBeclat sg\fR \fB\-\-help\fR
+.br
+\fBeclat sg\fR \fB\-\-usage\fR
+.SH DESCRIPTION
+The \fBsg\fR command is used to list and configure \fBEC2\fR security
+groups. When used with the \fB\-\-list\fR (\fB\-L\fR) argument, it
+displays the information about the given group, or all groups in the
+account, if the \fIGROUP\fR argument is not provided. The argument is
+either the group ID, or group name. In the latter case, the
+\fB\-\-name\fR (\fB\-n\fR) option should be given.
+.PP
+When used with \fB\-\-add\fR (\fB\-A\fR) option, the command adds the
+rules to the security groups. The rules are described using the command
+line options. For example:
+.PP
+.EX
+.B eclat sg --add --proto tcp --port 22 --source 192.0.2.0/24 sg-01234567
+.EE
+.PP
+This command adds to the security group \fBsg\-01234567\fR a rule
+allowing access to port \fB22\fR from IP addresses in the range
+\fB192.0.2.0\fR \- \fB192.0.2.255\fR.
+.PP
+If \fB\-\-proto icmp\fR is used the \fB\-\-port\fR option can be
+omitted.
+.PP
+Several rules can be added in one invocation. The \fB\-\-next\fR
+(\fB\-\-new\fR) option is used to separate them. E.g.:
+.PP
+.EX
+.B eclat sg --add --proto tcp --port 22 --source 192.0.2.0/24 --next \\\\
+.B --proto icmp --source 192.0.2.0/24 sg-01234567
+.EE
+.PP
+The \fB\-\-delete\fR (\fB\-D\fR) option deletes existing rules, which
+are defined using the same syntax as described above.
+.SH OPTIONS
+.SS Commands
+These options define the operation to be performed over the security
+group. A valid invocation of the \fBsg\fR subcommand must contain
+exactly one of these:
+.TP
+.BR \-A , \-\-add
+Add rules.
+.TP
+.BR \-D , \-\-delete
+Delete rules.
+.TP
+.BR \-L , \-\-list
+List rules.
+.SS Rule constituents
+The options below are used to define the rules. Unless \fB\-\-list\fR
+is requsted, at least one rule must be defined.
+.PP
+A rule defines a set of IPv4 addresses and a port range that these are
+allowed to access. The IP addresses can be specfied either in
+dotted-quad notation or as host names and can optionally be followed
+by a \fB/\fR and the network mask length or the network mask. For
+example: \fB192.0.2.0/24\fR or \fB192.0.2.0/255.255.255.0\fR. Missing
+netmask part implies the network mask length of \fB32\fR.
+.PP
+Another way of defining IP addresses is by supplying the name or ID of
+another \fBEC2\fR security group.
+.TP
+\fB\-G\fR, \fB\-\-group\-name=\fINAME\fR
+Sets source group name.
+.TP
+\fB\-P\fR, \fB\-\-port\fR=\fIPORT\fR[\fB-\fIPORT\fR]
+Destination port number or range. Each \fIPORT\fR can be either a
+port number in decimal or a service name from
+.BR services (5).
+.TP
+\fB\-g\fR, \fB\-\-group\-id=\fIID\fR
+Sets source group ID.
+.TP
+\fB\-p\fR, \fB\-\-protocol=\fIPROTO\fR
+Protocol name or number.
+.TP
+\fB\-s\fR, \fB\-\-source=\fICIDR\fR
+Source CIDR. The argument is an IPv4 address or host name, optionally
+followed by a \fB/\fR and the network mask length in decimal or the
+network mask in dotted-quad notation.
+.TP
+\fB\-u\fR, \fB\-\-user=\fIUSER\fR
+User name for the subsequent \fB\-\-group\-name\fR or
+\fB\-\-group\-id\fR option.
+.SS Other options
+.TP
+.BR \-n , \-\-name
+The \fIGROUP\fR argument is a group name. Without this option it is
+treated as the group name.
+.TP
+.BR \-N , \-\-next , \-\-new
+Begins next rule.
+.SS Informational options
+.TP
+.BR \-h , \-\-help
+Give a terse help summary.
+.TP
+.BR \-\-usage
+List command line syntax and available options.
+.SH "SEE ALSO"
+.BR eclat (1),
+.BR eclat\-lssg (1).
+.SH AUTHORS
+Sergey Poznyakoff
+.SH "BUG REPORTS"
+Report bugs to <bug\-eclat@gnu.org.ua>.
+.SH COPYRIGHT
+Copyright \(co 2012, 2013 Sergey Poznyakoff
+.br
+.na
+License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
+.br
+.ad
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+.\" Local variables:
+.\" eval: (add-hook 'write-file-hooks 'time-stamp)
+.\" time-stamp-start: ".TH [A-Z_][A-Z0-9_.\\-]* [0-9] \""
+.\" time-stamp-format: "%:B %:d, %:y"
+.\" time-stamp-end: "\""
+.\" time-stamp-line-limit: 20
+.\" end:
+
diff --git a/src/sg-cl.opt b/src/sg-cl.opt
index 45c5bf4..5eaa426 100644
--- a/src/sg-cl.opt
+++ b/src/sg-cl.opt
@@ -15,7 +15,7 @@
along with Eclat. If not, see <http://www.gnu.org/licenses/>. */
ECLAT_CL_BEGIN([<modify ingress rules of a security group>],
- [<[GROUPID-OR-NAME]>])
+ [<[GROUPARG]>])
OPTION(add,A,,
[<add rules>])
@@ -37,7 +37,7 @@ BEGIN
END
OPTION(name,n,,
- [<ID argument is a group name>])
+ [<the GROUPARG argument is a group name>])
BEGIN
dest_n = GROUP_NAME;
END
@@ -49,7 +49,7 @@ BEGIN
END
OPTION(group-id,g,[<ID>],
- [<use before --from to indicate that its argument is a group ID>])
+ [<source group ID>])
BEGIN
struct group_arg *g = grecs_malloc(sizeof(*g));
translate_ids(1, &optarg, rt[GROUP_ID].map);
@@ -62,7 +62,7 @@ BEGIN
END
OPTION(group-name,G,[<NAME>],
- [<use before --from to indicate that its argument is a group name>])
+ [<source group name>])
BEGIN
struct group_arg *g = grecs_malloc(sizeof(*g));
translate_ids(1, &optarg, rt[GROUP_NAME].map);
@@ -75,7 +75,7 @@ BEGIN
END
OPTION(user,u,[<USER>],
- [<user name for the subsequent --from option>])
+ [<user name for the subsequent --group-name or --group-id option>])
BEGIN
user = optarg;
END

Return to:

Send suggestions and report system problems to the System administrator.