def configure(self): EC2Request.configure(self) if (self.args['group'].startswith('sg-') and len(self.args['group']) == 11): # The check could probably be a little better, but meh. Fix if # needed. self.params['GroupId'] = self.args['group'] else: if self.args['egress']: raise ArgumentError('egress rules must use group IDs, not ' 'names') self.params['GroupName'] = self.args['group'] target_group = self.args.get('target_group') if target_group is not None: if target_group.startswith('sg-') and len(target_group) == 11: # Same note as above self.params['IpPermissions.1.Groups.1.GroupId'] = target_group else: if self.args['egress']: raise ArgumentError('argument -o: egress rules must use ' 'group IDs, not names') self.params[ 'IpPermissions.1.Groups.1.GroupName'] = target_group protocol = self.args.get('IpPermissions.1.IpProtocol') if str(protocol).lower() in ('icmp', 'tcp', 'udp', '1', '6', '17'): from_port, to_port = parse_ports(protocol, self.args.get('port_range'), self.args.get('icmp_type_code')) self.params['IpPermissions.1.FromPort'] = from_port self.params['IpPermissions.1.ToPort'] = to_port elif str(protocol).lower() in ('all', '-1'): self.params['IpPermissions.1.IpProtocol'] = -1 elif not str(protocol).isdigit(): try: self.params['IpPermissions.1.IpProtocol'] = \ socket.getprotobyname(protocol) except socket.error: raise ArgumentError( 'argument -P: no such protocol: {0}'.format(protocol)) if (not self.args.get('IpPermissions.1.IpRanges.1.GroupName') and not self.args.get('IpPermissions.1.IpRanges.1.CidrIp')): # Default rule target is the entire Internet self.params['IpPermissions.1.IpRanges.1.CidrIp'] = '0.0.0.0/0' if (self.params.get('IpPermissions.1.Groups.1.GroupName') and not self.args.get('IpPermissions.1.Groups.1.UserId')): raise ArgumentError('argument -u is required when -o names a ' 'security group by name')
def configure(self): EC2Request.configure(self) if self.args['group'].startswith('sg-'): # The check could probably be a little better, but meh. Fix if # needed. self.params['GroupId'] = self.args['group'] else: if self.args['egress']: raise ArgumentError('egress rules must use group IDs, not ' 'names') self.params['GroupName'] = self.args['group'] target_group = self.args.get('target_group') if target_group is not None: if target_group.startswith('sg-'): # Same note as above self.params['IpPermissions.1.Groups.1.GroupId'] = target_group else: if self.args['egress']: raise ArgumentError('argument -o: egress rules must use ' 'group IDs, not names') self.params['IpPermissions.1.Groups.1.GroupName'] = \ target_group protocol = self.args.get('IpPermissions.1.IpProtocol') if str(protocol).lower() in ('icmp', 'tcp', 'udp', '1', '6', '17'): from_port, to_port = parse_ports( protocol, self.args.get('port_range'), self.args.get('icmp_type_code')) self.params['IpPermissions.1.FromPort'] = from_port self.params['IpPermissions.1.ToPort'] = to_port elif str(protocol).lower() in ('all', '-1'): self.params['IpPermissions.1.IpProtocol'] = -1 elif not str(protocol).isdigit(): try: self.params['IpPermissions.1.IpProtocol'] = \ socket.getprotobyname(protocol) except socket.error: raise ArgumentError('argument -P: no such protocol: {0}' .format(protocol)) if (not self.args.get('IpPermissions.1.IpRanges.1.GroupName') and not self.args.get('IpPermissions.1.IpRanges.1.CidrIp')): # Default rule target is the entire Internet self.params['IpPermissions.1.IpRanges.1.CidrIp'] = '0.0.0.0/0' if (self.params.get('IpPermissions.1.Groups.1.GroupName') and not self.args.get('IpPermissions.1.Groups.1.UserId')): raise ArgumentError('argument -u is required when -o names a ' 'security group by name')
def configure(self): EC2Request.configure(self) if (self.args['group'].startswith('sg-') and len(self.args['group']) == 11): # The check could probably be a little better, but meh. Fix if # needed. self.params['GroupId'] = self.args['group'] else: if self.args['egress']: raise ArgumentError('egress rules must use group IDs, not ' 'names') self.params['GroupName'] = self.args['group'] target_group = self.args.get('target_group') if target_group is not None: if target_group.startswith('sg-') and len(target_group) == 11: # Same note as above self.params['IpPermissions.1.Groups.1.GroupId'] = target_group else: if self.args['egress']: raise ArgumentError('argument -o: egress rules must use ' 'group IDs, not names') self.params[ 'IpPermissions.1.Groups.1.GroupName'] = target_group from_port, to_port = parse_ports( self.args.get('IpPermissions.1.IpProtocol'), self.args.get('port_range'), self.args.get('icmp_type_code')) self.params['IpPermissions.1.FromPort'] = from_port self.params['IpPermissions.1.ToPort'] = to_port if (not self.args.get('IpPermissions.1.IpRanges.1.GroupName') and not self.args.get('IpPermissions.1.IpRanges.1.CidrIp')): # Default rule target is the entire Internet self.params['IpPermissions.1.IpRanges.1.CidrIp'] = '0.0.0.0/0' if (self.params.get('IpPermissions.1.Groups.1.GroupName') and not self.args.get('IpPermissions.1.Groups.1.UserId')): raise ArgumentError('argument -u is required when -o names a ' 'security group by name')
def configure(self): EC2Request.configure(self) if (self.args['group'].startswith('sg-') and len(self.args['group']) == 11): # The check could probably be a little better, but meh. Fix if # needed. self.params['GroupId'] = self.args['group'] else: if self.args['egress']: raise ArgumentError('egress rules must use group IDs, not ' 'names') self.params['GroupName'] = self.args['group'] target_group = self.args.get('target_group') if (target_group is not None and target_group.startswith('sg-') and len(target_group) == 11): # Same note as above self.params['IpPermissions.1.Groups.1.GroupId'] = target_group else: if self.args['egress']: raise ArgumentError('argument -o: egress rules must use group ' 'IDs, not names') self.params['IpPermissions.1.Groups.1.GroupName'] = target_group from_port, to_port = parse_ports( self.args.get('IpPermissions.1.IpProtocol'), self.args.get('port_range'), self.args.get('icmp_type_code')) self.params['IpPermissions.1.FromPort'] = from_port self.params['IpPermissions.1.ToPort'] = to_port if (not self.args.get('IpPermissions.1.IpRanges.1.GroupName') and not self.args.get('IpPermissions.1.IpRanges.1.CidrIp')): # Default rule target is the entire Internet self.params['IpPermissions.1.IpRanges.1.CidrIp'] = '0.0.0.0/0' if (self.params.get('IpPermissions.1.Groups.1.GroupName') and not self.args.get('IpPermissions.1.Groups.1.UserId')): raise ArgumentError('argument -u is required when -o names a ' 'security group by name')
def configure(self): EC2Request.configure(self) if not self.params.get('Egress'): self.params['Egress'] = False proto = self.args.get('Protocol') or -1 try: self.params['Protocol'] = int(proto) except ValueError: if proto.lower() == 'all': self.params['Protocol'] = -1 else: try: self.params['Protocol'] = socket.getprotobyname(proto) except socket.error: raise ArgumentError('argument -n/--rule-number: unknown ' 'protocol "{0}"'.format(proto)) from_port, to_port = parse_ports(proto, self.args.get('port_range'), self.args.get('icmp_type_code')) if self.params['Protocol'] == 1: # ICMP self.params['Icmp.Type'] = from_port self.params['Icmp.Code'] = to_port else: self.params['PortRange.From'] = from_port self.params['PortRange.To'] = to_port