def get(self, sgid, create=False):
if not 'securitygroup' in self.server.ec2.config:
log.error("No security groups defined in configuration.")
sys.exit(1)
securitygroup = self.server.ec2.config['securitygroup'][sgid]
if sgid not in self.securitygroups:
if not create:
raise KeyError
sg = self.server.conn.create_security_group(sgid, securitygroup['description'])
self.update()
else:
sg = self.securitygroups[sgid]
if create:
rules = set()
for rule in sg.rules:
for grant in rule.grants:
if grant.cidr_ip:
rules.add((rule.ip_protocol, int(rule.from_port),
int(rule.to_port), grant.cidr_ip))
else:
rules.add('%s-%s' % (grant.name, grant.owner_id))
for connection in securitygroup['connections']:
if connection in rules:
continue
if '-' in connection[3]:
if connection[3] in rules:
continue
grant = GroupOrCIDR()
grant.name, grant.ownerid = connection[3].rsplit('-', 1)
sg.authorize(src_group=grant)
else:
sg.authorize(*connection)
return sg
def get(self, sgid, create=False):
if 'ec2-securitygroup' not in self.master.main_config:
log.error("No security groups defined in configuration.")
sys.exit(1)
securitygroup = self.master.main_config['ec2-securitygroup'][sgid]
if sgid not in self.securitygroups:
if not create:
raise KeyError
if 'description' in securitygroup:
description = securitygroup['description']
else:
description = "security settings for %s" % sgid
sg = self.master.ec2_conn.create_security_group(sgid, description)
self.update()
else:
sg = self.securitygroups[sgid]
if create:
from boto.ec2.securitygroup import GroupOrCIDR
rules = {}
for rule in sg.rules:
for grant in rule.grants:
if grant.cidr_ip:
key = (rule.ip_protocol, int(rule.from_port),
int(rule.to_port), grant.cidr_ip)
else:
key = (rule.ip_protocol, int(rule.from_port),
int(rule.to_port), grant.name)
rules[key] = (rule, grant)
# cleanup rules from config
connections = []
for connection in securitygroup['connections']:
if connection[3].endswith("-%s" % sg.owner_id):
# backward compatibility, strip the owner_id
connection = (connection[0], connection[1], connection[2],
connection[3].rstrip("-%s" % sg.owner_id))
connections.append(connection)
# delete rules which aren't defined in the config
for connection in set(rules).difference(connections):
rule, grant = rules[connection]
status = sg.revoke(ip_protocol=rule.ip_protocol,
from_port=int(rule.from_port),
to_port=int(rule.to_port),
cidr_ip=grant.cidr_ip,
src_group=grant)
if status:
del rules[connection]
for connection in connections:
if connection in rules:
continue
cidr_ip = None
src_group = None
if '/' in connection[3]:
cidr_ip = connection[3]
else:
src_group = GroupOrCIDR()
src_group.name = connection[3]
src_group.ownerid = sg.owner_id
sg.authorize(ip_protocol=connection[0],
from_port=connection[1],
to_port=connection[2],
cidr_ip=cidr_ip,
src_group=src_group)
return sg
def get(self, sgid, create=False):
if 'ec2-securitygroup' not in self.master.main_config:
log.error("No security groups defined in configuration.")
sys.exit(1)
securitygroup = self.master.main_config['ec2-securitygroup'][sgid]
if sgid not in self.securitygroups:
if not create:
raise KeyError
if 'description' in securitygroup:
description = securitygroup['description']
else:
description = "security settings for %s" % sgid
sg = self.master.ec2_conn.create_security_group(sgid, description)
self.update()
else:
sg = self.securitygroups[sgid]
if create:
from boto.ec2.securitygroup import GroupOrCIDR
rules = {}
for rule in sg.rules:
for grant in rule.grants:
if grant.cidr_ip:
key = (
rule.ip_protocol,
int(rule.from_port),
int(rule.to_port),
grant.cidr_ip)
else:
key = (
rule.ip_protocol,
int(rule.from_port),
int(rule.to_port),
grant.name)
rules[key] = (rule, grant)
# cleanup rules from config
connections = []
for connection in securitygroup['connections']:
if connection[3].endswith("-%s" % sg.owner_id):
# backward compatibility, strip the owner_id
connection = (
connection[0],
connection[1],
connection[2],
connection[3].rstrip("-%s" % sg.owner_id))
connections.append(connection)
# delete rules which aren't defined in the config
for connection in set(rules).difference(connections):
rule, grant = rules[connection]
status = sg.revoke(
ip_protocol=rule.ip_protocol,
from_port=int(rule.from_port),
to_port=int(rule.to_port),
cidr_ip=grant.cidr_ip,
src_group=grant)
if status:
del rules[connection]
for connection in connections:
if connection in rules:
continue
cidr_ip = None
src_group = None
if '/' in connection[3]:
cidr_ip = connection[3]
else:
src_group = GroupOrCIDR()
src_group.name = connection[3]
src_group.ownerid = sg.owner_id
sg.authorize(
ip_protocol=connection[0],
from_port=connection[1],
to_port=connection[2],
cidr_ip=cidr_ip,
src_group=src_group)
return sg
