aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2015-11-19 15:03:47 +0200
committerSergey Poznyakoff <gray@gnu.org.ua>2015-11-19 15:06:33 +0200
commit0a3f8aae4a41c4aa8435214e235af509cd5f4435 (patch)
tree6b5e73c8ab74121123584dd2c62b80931d23a636
parentbedc4dc0057f4d713a4186e79d812f5e9552cfc2 (diff)
downloadeclat-0a3f8aae4a41c4aa8435214e235af509cd5f4435.tar.gz
eclat-0a3f8aae4a41c4aa8435214e235af509cd5f4435.tar.bz2
Add operations on egress rules for VPC security groups.
* src/sg-cl.opt: New options: --input (--ingress, -I), and --output (--egress, -O). * src/sg.c (command): const. * doc/eclat-sg.1: Document --input/--output modifiers. * TODO: Likewise. * etc/sg.fln: Add support for egress responses.
-rw-r--r--TODO4
-rw-r--r--doc/eclat-sg.135
-rw-r--r--etc/sg.fln10
-rw-r--r--src/sg-cl.opt32
-rw-r--r--src/sg.c2
5 files changed, 74 insertions, 9 deletions
diff --git a/TODO b/TODO
index 1a1686b..4fa62d9 100644
--- a/TODO
+++ b/TODO
@@ -17,7 +17,7 @@ AttachInternetGateway atigw [X] [ ]
AttachNetworkInterface - [ ] [ ]
AttachVolume atvol [X] [X]
AttachVpnGateway - [ ] [ ]
-AuthorizeSecurityGroupEgress - [ ] [ ]
+AuthorizeSecurityGroupEgress sg [X] [X]
AuthorizeSecurityGroupIngress sg [X] [X]
BundleInstance - [ ] [ ]
CancelBundleTask - [ ] [ ]
@@ -146,7 +146,7 @@ ResetImageAttribute - [ ] [ ]
ResetInstanceAttribute - [ ] [ ]
ResetNetworkInterfaceAttribute - [ ] [ ]
ResetSnapshotAttribute clrsattr [X] [X]
-RevokeSecurityGroupEgress - [ ] [ ]
+RevokeSecurityGroupEgress sg [X] [X]
RevokeSecurityGroupIngress sg [X] [X]
RunInstances mkinst [X] [X]
StartInstances start [X] [X]
diff --git a/doc/eclat-sg.1 b/doc/eclat-sg.1
index 06a51cd..d60639b 100644
--- a/doc/eclat-sg.1
+++ b/doc/eclat-sg.1
@@ -13,13 +13,15 @@
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with Eclat. If not, see <http://www.gnu.org/licenses/>.
-.TH ECLAT-SG 1 "January 26, 2015" "ECLAT" "Eclat User Reference"
+.TH ECLAT-SG 1 "November 19, 2015" "ECLAT" "Eclat User Reference"
.SH NAME
eclat-sg \- manipulate security groups
.SH SYNOPSIS
.nh
.na
-\fBeclat sg\fR \fB\-A\fR|\fB\-D\fR|\fB\-\-add\fR|\fB\-\-delete\fR [\fB\-Nn\fR]\
+\fBeclat sg\fR\
+ [\fB\-\-input\fR|\fB\-\-ingress\fR|\fB\-I\fR|\fB\-\-output\fR|\fB\-\-egress\fR|\fB\-O\fR]\
+ \fB\-A\fR|\fB\-D\fR|\fB\-\-add\fR|\fB\-\-delete\fR [\fB\-Nn\fR]\
[\fB\-G\fR \fINAME\fR] [\fB\-P\fR \fIPORT\fR[\fB\-\fIPORT\fR]]\
[\fB\-g\fR \fIID\fR] [\fB\-p\fR \fIPROTO\fR] [\fB\-s\fR \fICIDR\fR]\
[\fB\-u\fR \fIUSER\fR] [\fB\-\-group\-id\fR=\fIID\fR]\
@@ -48,8 +50,8 @@ either the group ID, or group name. In the latter case, the
\fB\-\-name\fR (\fB\-n\fR) option should be given.
.PP
When used with \fB\-\-add\fR (\fB\-A\fR) option, the command adds the
-rules to the security groups. The rules are described using the command
-line options. For example:
+rules to the security groups. The rules to add are
+described by the command line options that follow. For example:
.PP
.EX
.B eclat sg --add --proto tcp --port 22 --source 192.0.2.0/24 sg-01234567
@@ -72,7 +74,32 @@ Several rules can be added in one invocation. The \fB\-\-next\fR
.PP
The \fB\-\-delete\fR (\fB\-D\fR) option deletes existing rules, which
are defined using the same syntax as described above.
+.PP
+By default, both \fB\-\-add\fR and \fB\-\-delete\fR operate on ingress
+rules. This can be changed by placing the \fB\-\-output\fR
+(\fB\-O\fR) option before them. The \fB\-\-output\fR option remains
+in effect for all options that follow it. The \fB\-\-input option
+cancels its effect.
+.PP
+The \fB\-\-list\fR (\fB\-L\fR) option instructs the program to list
+rules in the named security group. If no group is specified, all
+existing groups will be listed.
.SH OPTIONS
+.SS Modifiers
+.TP
+\fB\-\-input\fR, \fB\-\-ingress\fR, \fB\-I\fR
+Operate on the ingress rules.
+.TP
+\fB\-\-output\fR, \fB\-\-egress\fR, \fB\-O\fR
+Operate on the egress rules.
+.PP
+These modifiers apply to all \fB\-\-add\fR and \fB\-\-delete\fR
+options that follow them, until another modifier or end of line is
+encountered.
+.PP
+By default, \fB\-\-input\fR is assumed.
+.PP
+The \fB\-\-output\fR modifier is valid only for EC2-VPC.
.SS Commands
These options define the operation to be performed over the security
group. A valid invocation of the \fBsg\fR subcommand must contain
diff --git a/etc/sg.fln b/etc/sg.fln
index 7050c3a..10dac18 100644
--- a/etc/sg.fln
+++ b/etc/sg.fln
@@ -24,5 +24,15 @@ if (.AuthorizeSecurityGroupIngressResponse.return) {
error("Return: ",.RevokeSecurityGroupIngressResponse.return,"\n");
exit(1);
}
+} else if (.AuthorizeSecurityGroupEgressResponse.return) {
+ if (!.AuthorizeSecurityGroupEgressResponse.return[true]) {
+ error("Return: ",.AuthorizeSecurityGroupEressResponse.return,"\n");
+ exit(1);
+ }
+} else if (.RevokeSecurityGroupEgressResponse.return) {
+ if (!.RevokeSecurityGroupEgressResponse.return[true]) {
+ error("Return: ",.RevokeSecurityGroupEgressResponse.return,"\n");
+ exit(1);
+ }
}
diff --git a/src/sg-cl.opt b/src/sg-cl.opt
index 6b223b2..a54192a 100644
--- a/src/sg-cl.opt
+++ b/src/sg-cl.opt
@@ -14,20 +14,48 @@
You should have received a copy of the GNU General Public License
along with Eclat. If not, see <http://www.gnu.org/licenses/>. */
+#define DIR_INGRESS 0
+#define DIR_EGRESS 1
+
+static char const *authorize_comtab[] = {
+ "AuthorizeSecurityGroupIngress",
+ "AuthorizeSecurityGroupEgress"
+};
+static char const *revoke_comtab[] = {
+ "RevokeSecurityGroupIngress",
+ "RevokeSecurityGroupEgress"
+};
+static int direction = DIR_INGRESS;
+
ECLAT_CL_BEGIN([<modify ingress rules of a security group>],
[<[GROUPARG]>])
+GROUP(Direction)
+OPTION(input,I,,
+ [<input (ingress)>])
+ALIAS(ingress)
+BEGIN
+ direction = DIR_INGRESS;
+END
+
+OPTION(output,O,,
+ [<output (egress)>])
+ALIAS(egress)
+BEGIN
+ direction = DIR_EGRESS;
+END
+
GROUP(Commands)
OPTION(add,A,,
[<add rules>])
BEGIN
- command = "AuthorizeSecurityGroupIngress";
+ command = authorize_comtab[direction];
END
OPTION(delete,D,,
[<delete rules>])
BEGIN
- command = "RevokeSecurityGroupIngress";
+ command = revoke_comtab[direction];
END
OPTION(list,L,,
diff --git a/src/sg.c b/src/sg.c
index a1842c3..4ae0b60 100644
--- a/src/sg.c
+++ b/src/sg.c
@@ -26,7 +26,7 @@ struct groupkw groupkw[] = {
};
static struct ec2_request *request;
-static char *command;
+static char const *command;
static int list_option;
static int dest_n = GROUP_ID;
static char *proto = "tcp";

Return to:

Send suggestions and report system problems to the System administrator.