diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-11-19 15:03:47 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-11-19 15:06:33 +0200 |
commit | 0a3f8aae4a41c4aa8435214e235af509cd5f4435 (patch) | |
tree | 6b5e73c8ab74121123584dd2c62b80931d23a636 | |
parent | bedc4dc0057f4d713a4186e79d812f5e9552cfc2 (diff) | |
download | eclat-0a3f8aae4a41c4aa8435214e235af509cd5f4435.tar.gz eclat-0a3f8aae4a41c4aa8435214e235af509cd5f4435.tar.bz2 |
Add operations on egress rules for VPC security groups.
* src/sg-cl.opt: New options: --input (--ingress, -I), and
--output (--egress, -O).
* src/sg.c (command): const.
* doc/eclat-sg.1: Document --input/--output modifiers.
* TODO: Likewise.
* etc/sg.fln: Add support for egress responses.
-rw-r--r-- | TODO | 4 | ||||
-rw-r--r-- | doc/eclat-sg.1 | 35 | ||||
-rw-r--r-- | etc/sg.fln | 10 | ||||
-rw-r--r-- | src/sg-cl.opt | 32 | ||||
-rw-r--r-- | src/sg.c | 2 |
5 files changed, 74 insertions, 9 deletions
@@ -17,7 +17,7 @@ AttachInternetGateway atigw [X] [ ] AttachNetworkInterface - [ ] [ ] AttachVolume atvol [X] [X] AttachVpnGateway - [ ] [ ] -AuthorizeSecurityGroupEgress - [ ] [ ] +AuthorizeSecurityGroupEgress sg [X] [X] AuthorizeSecurityGroupIngress sg [X] [X] BundleInstance - [ ] [ ] CancelBundleTask - [ ] [ ] @@ -146,7 +146,7 @@ ResetImageAttribute - [ ] [ ] ResetInstanceAttribute - [ ] [ ] ResetNetworkInterfaceAttribute - [ ] [ ] ResetSnapshotAttribute clrsattr [X] [X] -RevokeSecurityGroupEgress - [ ] [ ] +RevokeSecurityGroupEgress sg [X] [X] RevokeSecurityGroupIngress sg [X] [X] RunInstances mkinst [X] [X] StartInstances start [X] [X] diff --git a/doc/eclat-sg.1 b/doc/eclat-sg.1 index 06a51cd..d60639b 100644 --- a/doc/eclat-sg.1 +++ b/doc/eclat-sg.1 @@ -13,13 +13,15 @@ .\" .\" You should have received a copy of the GNU General Public License .\" along with Eclat. If not, see <http://www.gnu.org/licenses/>. -.TH ECLAT-SG 1 "January 26, 2015" "ECLAT" "Eclat User Reference" +.TH ECLAT-SG 1 "November 19, 2015" "ECLAT" "Eclat User Reference" .SH NAME eclat-sg \- manipulate security groups .SH SYNOPSIS .nh .na -\fBeclat sg\fR \fB\-A\fR|\fB\-D\fR|\fB\-\-add\fR|\fB\-\-delete\fR [\fB\-Nn\fR]\ +\fBeclat sg\fR\ + [\fB\-\-input\fR|\fB\-\-ingress\fR|\fB\-I\fR|\fB\-\-output\fR|\fB\-\-egress\fR|\fB\-O\fR]\ + \fB\-A\fR|\fB\-D\fR|\fB\-\-add\fR|\fB\-\-delete\fR [\fB\-Nn\fR]\ [\fB\-G\fR \fINAME\fR] [\fB\-P\fR \fIPORT\fR[\fB\-\fIPORT\fR]]\ [\fB\-g\fR \fIID\fR] [\fB\-p\fR \fIPROTO\fR] [\fB\-s\fR \fICIDR\fR]\ [\fB\-u\fR \fIUSER\fR] [\fB\-\-group\-id\fR=\fIID\fR]\ @@ -48,8 +50,8 @@ either the group ID, or group name. In the latter case, the \fB\-\-name\fR (\fB\-n\fR) option should be given. .PP When used with \fB\-\-add\fR (\fB\-A\fR) option, the command adds the -rules to the security groups. The rules are described using the command -line options. For example: +rules to the security groups. The rules to add are +described by the command line options that follow. For example: .PP .EX .B eclat sg --add --proto tcp --port 22 --source 192.0.2.0/24 sg-01234567 @@ -72,7 +74,32 @@ Several rules can be added in one invocation. The \fB\-\-next\fR .PP The \fB\-\-delete\fR (\fB\-D\fR) option deletes existing rules, which are defined using the same syntax as described above. +.PP +By default, both \fB\-\-add\fR and \fB\-\-delete\fR operate on ingress +rules. This can be changed by placing the \fB\-\-output\fR +(\fB\-O\fR) option before them. The \fB\-\-output\fR option remains +in effect for all options that follow it. The \fB\-\-input option +cancels its effect. +.PP +The \fB\-\-list\fR (\fB\-L\fR) option instructs the program to list +rules in the named security group. If no group is specified, all +existing groups will be listed. .SH OPTIONS +.SS Modifiers +.TP +\fB\-\-input\fR, \fB\-\-ingress\fR, \fB\-I\fR +Operate on the ingress rules. +.TP +\fB\-\-output\fR, \fB\-\-egress\fR, \fB\-O\fR +Operate on the egress rules. +.PP +These modifiers apply to all \fB\-\-add\fR and \fB\-\-delete\fR +options that follow them, until another modifier or end of line is +encountered. +.PP +By default, \fB\-\-input\fR is assumed. +.PP +The \fB\-\-output\fR modifier is valid only for EC2-VPC. .SS Commands These options define the operation to be performed over the security group. A valid invocation of the \fBsg\fR subcommand must contain @@ -24,5 +24,15 @@ if (.AuthorizeSecurityGroupIngressResponse.return) { error("Return: ",.RevokeSecurityGroupIngressResponse.return,"\n"); exit(1); } +} else if (.AuthorizeSecurityGroupEgressResponse.return) { + if (!.AuthorizeSecurityGroupEgressResponse.return[true]) { + error("Return: ",.AuthorizeSecurityGroupEressResponse.return,"\n"); + exit(1); + } +} else if (.RevokeSecurityGroupEgressResponse.return) { + if (!.RevokeSecurityGroupEgressResponse.return[true]) { + error("Return: ",.RevokeSecurityGroupEgressResponse.return,"\n"); + exit(1); + } } diff --git a/src/sg-cl.opt b/src/sg-cl.opt index 6b223b2..a54192a 100644 --- a/src/sg-cl.opt +++ b/src/sg-cl.opt @@ -14,20 +14,48 @@ You should have received a copy of the GNU General Public License along with Eclat. If not, see <http://www.gnu.org/licenses/>. */ +#define DIR_INGRESS 0 +#define DIR_EGRESS 1 + +static char const *authorize_comtab[] = { + "AuthorizeSecurityGroupIngress", + "AuthorizeSecurityGroupEgress" +}; +static char const *revoke_comtab[] = { + "RevokeSecurityGroupIngress", + "RevokeSecurityGroupEgress" +}; +static int direction = DIR_INGRESS; + ECLAT_CL_BEGIN([<modify ingress rules of a security group>], [<[GROUPARG]>]) +GROUP(Direction) +OPTION(input,I,, + [<input (ingress)>]) +ALIAS(ingress) +BEGIN + direction = DIR_INGRESS; +END + +OPTION(output,O,, + [<output (egress)>]) +ALIAS(egress) +BEGIN + direction = DIR_EGRESS; +END + GROUP(Commands) OPTION(add,A,, [<add rules>]) BEGIN - command = "AuthorizeSecurityGroupIngress"; + command = authorize_comtab[direction]; END OPTION(delete,D,, [<delete rules>]) BEGIN - command = "RevokeSecurityGroupIngress"; + command = revoke_comtab[direction]; END OPTION(list,L,, @@ -26,7 +26,7 @@ struct groupkw groupkw[] = { }; static struct ec2_request *request; -static char *command; +static char const *command; static int list_option; static int dest_n = GROUP_ID; static char *proto = "tcp"; |