/
securitygroups.go
182 lines (141 loc) · 4.81 KB
/
securitygroups.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
package config
import (
"encoding/json"
"strconv"
"strings"
"github.com/aws/aws-sdk-go/service/simpledb"
)
// SecurityGroupClasses is a map of Security Group Classes
type SecurityGroupClasses map[string]SecurityGroupClass
// SecurityGroupClass is a single Security Group Class
type SecurityGroupClass struct {
Description string `json:"description" awsmClass:"Description"`
SecurityGroupGrants []SecurityGroupGrant `json:"securityGroupGrants" awsmClass:"Grants"`
}
// SecurityGroupGrant is a Security Group Grant
type SecurityGroupGrant struct {
ID string `json:"id" hash:"ignore" awsm:"ignore"`
Note string `json:"note" hash:"ignore"`
Type string `json:"type"` // ingress / egress
FromPort int `json:"fromPort"`
ToPort int `json:"toPort"`
IPProtocol string `json:"ipProtocol"`
CidrIPs []string `json:"cidrIPs" hash:"set"`
SourceSecurityGroupNames []string `json:"sourceSecurityGroupNames"`
}
// DefaultSecurityGroupClasses returns the defauly Security Group Classes
func DefaultSecurityGroupClasses() SecurityGroupClasses {
defaultSecurityGroups := make(SecurityGroupClasses)
defaultSecurityGroups["dev"] = SecurityGroupClass{
Description: "dev servers",
SecurityGroupGrants: []SecurityGroupGrant{
SecurityGroupGrant{
Note: "http port 80",
Type: "ingress",
FromPort: 80,
ToPort: 80,
IPProtocol: "tcp",
CidrIPs: []string{"0.0.0.0/0"},
},
SecurityGroupGrant{
Note: "http port 443",
Type: "ingress",
FromPort: 443,
ToPort: 443,
IPProtocol: "tcp",
CidrIPs: []string{"0.0.0.0/0"},
},
},
}
return defaultSecurityGroups
}
// SaveSecurityGroupClass reads unmarshals a byte slice and inserts it into the db
func SaveSecurityGroupClass(className string, data []byte) (class SecurityGroupClass, err error) {
err = json.Unmarshal(data, &class)
if err != nil {
return
}
err = Insert("securitygroups", SecurityGroupClasses{className: class})
return
}
// LoadSecurityGroupClass loads a Security Group Class by its name
func LoadSecurityGroupClass(name string, splitGrants bool) (SecurityGroupClass, error) {
cfgs := make(SecurityGroupClasses)
item, err := GetItemByName("securitygroups", name)
if err != nil {
return cfgs[name], err
}
cfgs.Marshal([]*simpledb.Item{item})
cfg := cfgs[name]
if splitGrants {
var sGrants []SecurityGroupGrant
for _, grant := range cfg.SecurityGroupGrants {
// Grant Source: Sec Group
for _, secGrp := range grant.SourceSecurityGroupNames {
sGrant := grant
sGrant.CidrIPs = []string{}
sGrant.SourceSecurityGroupNames = []string{secGrp}
sGrants = append(sGrants, sGrant)
}
// Grant Source: CIDR IP
for _, cidrIp := range grant.CidrIPs {
sGrant := grant
sGrant.SourceSecurityGroupNames = []string{}
sGrant.CidrIPs = []string{cidrIp}
sGrants = append(sGrants, sGrant)
}
}
cfg.SecurityGroupGrants = sGrants
}
return cfg, nil
}
// LoadAllSecurityGroupClasses loads all Security Group Classes
func LoadAllSecurityGroupClasses() (SecurityGroupClasses, error) {
cfgs := make(SecurityGroupClasses)
items, err := GetItemsByType("securitygroups")
if err != nil {
return cfgs, err
}
cfgs.Marshal(items)
return cfgs, nil
}
// Marshal puts items from SimpleDB into a Security Group Class
func (c SecurityGroupClasses) Marshal(items []*simpledb.Item) {
for _, item := range items {
name := strings.Replace(*item.Name, "securitygroups/", "", -1)
cfg := new(SecurityGroupClass)
for _, attribute := range item.Attributes {
val := *attribute.Value
switch *attribute.Name {
case "Description":
cfg.Description = val
}
}
// Get the grants
grants, _ := GetItemsByType("securitygroups/" + name + "/grants")
cfg.SecurityGroupGrants = make([]SecurityGroupGrant, len(grants))
for i, grant := range grants {
cfg.SecurityGroupGrants[i].ID = strings.Replace(*grant.Name, "securitygroups/"+name+"/grants/", "", -1)
for _, attribute := range grant.Attributes {
val := *attribute.Value
switch *attribute.Name {
case "Note":
cfg.SecurityGroupGrants[i].Note = val
case "Type":
cfg.SecurityGroupGrants[i].Type = val
case "FromPort":
cfg.SecurityGroupGrants[i].FromPort, _ = strconv.Atoi(val)
case "ToPort":
cfg.SecurityGroupGrants[i].ToPort, _ = strconv.Atoi(val)
case "IPProtocol":
cfg.SecurityGroupGrants[i].IPProtocol = val
case "CidrIPs":
cfg.SecurityGroupGrants[i].CidrIPs = append(cfg.SecurityGroupGrants[i].CidrIPs, val)
case "SourceSecurityGroupNames":
cfg.SecurityGroupGrants[i].SourceSecurityGroupNames = append(cfg.SecurityGroupGrants[i].SourceSecurityGroupNames, val)
}
}
}
c[name] = *cfg
}
}