Rudy::Groups merged with Rudy::AWS::EC2::Groups. All related tests pass.

solutious · Apr 13, 2009 · 0001e93 · 0001e93
1 parent 49ab34d
commit 0001e93
Show file tree

Hide file tree

Showing 11 changed files with 189 additions and 388 deletions.
diff --git a/bin/rudy-ec2 b/bin/rudy-ec2
@@ -34,7 +34,7 @@ module RudyEC2CLI
     @verbose += 1
   end
   global :V, :version, "Display version number" do
-    puts "Rudy version: #{Rudy::VERSION}"
+    puts "rudy-ec2 version: #{Rudy::VERSION}"
     exit 0
   end
 
@@ -43,19 +43,20 @@ module RudyEC2CLI
   # -----------------------------------  AMAZON EC2 COMMANDS  --------
   # ------------------------------------------------------------------
 
-  usage "rudy [global options] addresses [-A address instance ID]"
+  usage "rudy-ec2 [global options] addresses [-A address instance ID]"
   desc "Manage Amazon Elastic IP addresses"
   argv :ipaddress, :instid
   action :A, :associate, "Associate an IP address to a running instance"
   action :C, :create, "Create an IP address"
   action :D, :destroy, "Destroy an IP address"
   command :addresses => Rudy::CLI::AWS::EC2::Addresses
   command_alias :addresses, :address
-
-  usage "rudy [global options] groups [-C -R -A] [-a IP addresses] [-p ports] [group name]"
-  usage "rudy groups -C               (create a group)"
-  usage "rudy -e prod groups          (list groups in the prod environment)"
-  usage "rudy groups -A -p 81,82,83   (open ports to a group from this machine)"
+  command_alias :addresses, :a
+
+  usage "rudy-ec2 [global options] groups [-C -R -A] [-a IP addresses] [-p ports] [group name]"
+  usage "rudy-ec2 groups -C               (create a group)"
+  usage "rudy-ec2 -e prod groups          (list groups in the prod environment)"
+  usage "rudy-ec2 groups -A -p 81,82,83   (open ports to a group from this machine)"
   desc "Manage EC2 Security Groups"
   option :all, "Display all security groups"
   option :r, :protocols, Array, "Comma-separated list of protocols. One of: tcp (default), udp, icmp"
@@ -70,13 +71,14 @@ module RudyEC2CLI
   argv :name
   command :groups => Rudy::CLI::AWS::EC2::Groups
   command_alias :groups, :group
-
+  command_alias :groups, :g
+
   desc "Manage EC2 Volumes"
-  usage "rudy volumes"
-  usage "rudy volume -C -s size [-d device-path]"
-  usage "rudy volume -A volume-id instance-id"
-  usage "rudy volume -N volume-id"
-  usage "rudy volume -D volume-id"
+  usage "rudy-ec2 volumes"
+  usage "rudy-ec2 volume -C -s size [-d device-path]"
+  usage "rudy-ec2 volume -A volume-id instance-id"
+  usage "rudy-ec2 volume -N volume-id"
+  usage "rudy-ec2 volume -D volume-id"
   option :s, :size, String, "Size (in GB)"
   option :d, :device, String, "Device path (default: /dev/sdh)"
   action :D, :destroy, "Destroy a volume"
@@ -86,23 +88,27 @@ module RudyEC2CLI
   argv :volid, :insid
   command :volumes => Rudy::CLI::AWS::EC2::Volumes
   command_alias :volumes, :volume
-
+  command_alias :volumes, :v
+
   desc "Manage KeyPairs"
-  usage "rudy keypairs [-C] [-D] [name]"
+  usage "rudy-ec2 keypairs [-C] [-D] [name]"
   action :D, :destroy, "Destroy KeyPair"
   action :C, :create, "Create KeyPair"
   argv :kpname
   command :keypairs => Rudy::CLI::AWS::EC2::KeyPairs
   command_alias :keypairs, :keypair
-
-  usage "rudy console [-g group] [instance ID]"
+  command_alias :keypairs, :k
+
+  usage "rudy-ec2 console [-g group] [instance ID]"
   desc "Displays system console output for given instance(s)"
   option :g, :group, String, "A group name to authorize or revoke network rule. Must also supply -o!"
   argv :awsid
-  command :console => Rudy::CLI::AWS::EC2::Instances
-
+  command :consoles => Rudy::CLI::AWS::EC2::Instances
+  command_alias :consoles, :console
+  command_alias :consoles, :c
+
   desc "Manage Instances"
-  usage "rudy [global options] instances [-g group-name] [-s state] [instance-ID]"
+  usage "rudy-ec2 instances [-g group-name] [-s state] [instance-ID]"
   option :g, :group, String, "The security group name"
   option :i, :ami, String, "The machine image ID (ami-)"
   option :t, :itype, String, "The instance type (default: m1.small)"
@@ -112,10 +118,11 @@ module RudyEC2CLI
   action :T, :terminate, "Terminate a machine instance"
   argv :awsid
   command :instances => Rudy::CLI::AWS::EC2::Instances
-  command_alias :instances, :instance
+  command_alias :instances, :i
   command_alias :instances, :status
+  command_alias :instances, :instance
 
-  #usage "rudy images [-C -i name [-b bucket -a accountnum]] [-D AMI-ID]"
+  #usage "rudy-ec2 images [-C -i name [-b bucket -a accountnum]] [-D AMI-ID]"
   #desc "Manage EC2 Machine Images (AMIs)"
   #option :a, :accountnum, String, "Your Amazon Account Number"
   #option :i, :image_name, String, "The name of the image"     # TODO: change to --ami
@@ -135,8 +142,8 @@ module RudyEC2CLI
     obj.global.print_header = false  # Don't print Rudy Header
     @start = Time.now
   end
-  after do |obj|
-
+
+  after do |obj|  
     unless obj.global.quiet
       @elapsed = Time.now - @start
       puts $/, "Elapsed: %.2f seconds" % @elapsed.to_f if @elapsed > 0.1

diff --git a/lib/annoy.rb b/lib/annoy.rb
@@ -19,8 +19,8 @@ class Annoy #:nodoc:all
 
   @@operators = {
     :low      => %w(+ -),
-    :medium   => %w(* + -),
-    :high     => %w(& * + -),
+    :medium   => %w(* -),
+    :high     => %w(& * -),
     :insane   => %w(** << | & *)
   }.freeze
 

diff --git a/lib/rudy.rb b/lib/rudy.rb
@@ -316,7 +316,6 @@ def message
 require 'rudy/config'              # order
 require 'rudy/huxtable'
 require 'rudy/metadata'
-require 'rudy/command/keypairs'
 require 'rudy/command/addresses'   # require
 require 'rudy/command/instances'   # statements
 require 'rudy/command/manager'     # is

diff --git a/lib/rudy/aws.rb b/lib/rudy/aws.rb
@@ -17,11 +17,6 @@ def escape!(str)
     end
 
     module ObjectBase
-      attr_accessor :aws
-      def initialize(aws_connection)
-        @aws = aws_connection
-      end
-
 
     protected
 

diff --git a/lib/rudy/aws/ec2.rb b/lib/rudy/aws/ec2.rb
@@ -2,8 +2,9 @@
 module Rudy; module AWS
   module EC2
     module Base
-      def initialize(access_key, secret_key)
+      def initialize(access_key, secret_key, logger=nil)
         @ec2 = ::EC2::Base.new(:access_key_id => access_key, :secret_access_key => secret_key)
+        @logger = logger
       end
     end
   end

diff --git a/lib/rudy/aws/ec2/group.rb b/lib/rudy/aws/ec2/group.rb
@@ -63,7 +63,58 @@ def add_group(group, rule)
   module EC2
     class Groups
       include Rudy::AWS::ObjectBase
+      include Rudy::AWS::EC2::Base
 
+
+      # Create a new EC2 security group
+      # Returns true/false whether successful
+      def create(name, desc=nil, addresses=[], ports=[], protocols=[])
+        desc ||= "Security Group #{name}"
+        ret = @ec2.create_security_group(:group_name => name, :group_description => desc)
+        return false unless (ret && ret['return'] == 'true')
+        authorize(name, addresses, ports, protocols)
+        get(name)
+      end
+
+      # Delete an EC2 security group
+      # Returns true/false whether successful
+      def destroy(name)
+        ret = @ec2.delete_security_group(:group_name => name)
+        (ret && ret['return'] == 'true')
+      end
+
+
+      # Authorize a port/protocol for a specific IP address
+      def authorize(name, addresses=[], ports=[], protocols=[])
+        ports = [[22,22],[80,80],[443,443]] if !ports || ports.empty?
+        protocols = ["tcp"] if !protocols || protocols.empty?
+        addresses = [Rudy::Utils::external_ip_address] if !addresses || addresses.empty?
+        # Make sure the IP addresses have ranges
+        addresses.collect! { |ip| (ip.match /\/\d+/) ? ip : "#{ip}/32" }
+        modify_rules(:authorize, name, addresses, ports, protocols)
+      end
+      alias :authorise :authorize
+
+      # Revoke a port/protocol for a specific IP address
+      # Takes the same arguments as authorize
+      def revoke(name, addresses=[], ports=[], protocols=[])
+        ports = [[22,22],[80,80],[443,443]] if !ports || ports.empty?
+        protocols = ["tcp"] if !protocols || protocols.empty?
+        addresses = [Rudy::Utils::external_ip_address] if !addresses || addresses.empty?
+        # Make sure the IP addresses have ranges
+        addresses.collect! { |ip| (ip.match /\/\d+/) ? ip : "#{ip}/32" }
+        modify_rules(:revoke, name, addresses, ports, protocols)
+      end
+
+      def authorize_group(name, gname, owner)
+        modify_group_rules(:authorize, name, gname, owner)
+      end
+      alias :authorise_group :authorize_group
+
+      def revoke_group(name, gname, owner)
+        modify_group_rules(:revoke, name, gname, owner)
+      end
+
       def list(group_names=[])
         group_names ||= []
         groups = list_as_hash(group_names)
@@ -77,7 +128,7 @@ def list(group_names=[])
       # Returns an Array of Rudy::AWS::EC2::Group objects
       def list_as_hash(group_names=[])
         group_names ||= []
-        glist = @aws.describe_security_groups(:group_name => group_names) || {}
+        glist = @ec2.describe_security_groups(:group_name => group_names) || {}
         return unless glist['securityGroupInfo'].is_a?(Hash)
         groups = {}
         glist['securityGroupInfo']['item'].each do |oldg| 
@@ -92,21 +143,6 @@ def any?
         !groups.empty?
       end
 
-      # Create a new EC2 security group
-      # Returns true/false whether successful
-      def create(name, desc=nil)
-        ret = @aws.create_security_group(:group_name => name, :group_description => desc || "Group #{name}")
-        return false unless (ret && ret['return'] == 'true')
-        get(name)
-      end
-
-      # Delete an EC2 security group
-      # Returns true/false whether successful
-      def destroy(name)
-        ret = @aws.delete_security_group(:group_name => name)
-        (ret && ret['return'] == 'true')
-      end
-
       # * +name+ a string
       def get(name)
         (list([name]) || []).first
@@ -117,53 +153,6 @@ def get(name)
       #  
       #end
 
-      def modify_rules(meth, name, from_port, to_port, protocol='tcp', ipa='0.0.0.0/0')
-        opts = {
-          :group_name => name,
-          :ip_protocol => protocol,
-          :from_port => from_port,
-          :to_port => to_port,
-          :cidr_ip => ipa
-        }
-
-        ret = @aws.send("#{meth}_security_group_ingress", opts)
-        (ret && ret['return'] == 'true')
-      end
-      private :modify_rules
-
-      def modify_group_rules(meth, name, gname=nil, gowner=nil)
-        opts = {
-          :group_name => name,
-          :source_security_group_name => gname,
-          :source_security_group_owner_id => gowner
-        }
-        ret = @aws.send("#{meth}_security_group_ingress", opts)
-        (ret && ret['return'] == 'true')
-      end
-      private :modify_group_rules
-
-      # Authorize a port/protocol for a specific IP address
-      def authorize(*args)
-        modify_rules(:authorize, *args)
-      end
-      alias :authorise :authorize
-
-      def authorize_group(*args)
-        modify_group_rules(:authorize, *args)
-      end
-      alias :authorise_group :authorize_group
-
-      def revoke_group(*args)
-        modify_group_rules(:revoke, *args)
-      end
-
-      # Revoke a port/protocol for a specific IP address
-      # Takes the same arguments as authorize
-      def revoke(*args)
-        modify_rules(:revoke, *args)
-      end
-
-
       # Does the security group +name+ exist?
       def exists?(name)
         begin
@@ -227,13 +216,58 @@ def self.from_hash(ghash)
           end
           if oldp['ipRanges'].is_a?(Hash)
             oldp['ipRanges']['item'].each do |olda|
-              name = "#{olda['cidrIp']}/#{oldp['ipProtocol']}"
+              name = "#{olda['cidrIp']}}"
               newg.add_address(name, newp)   # ipaddress/mask/protocol
             end
           end
         end
         newg
       end
+
+
+    private
+
+
+      def modify_rules(meth, name, addresses, ports, protocols)
+        ret = false
+        protocols.each do |protocol|
+          addresses.each do |address|
+            ports.each do |port|
+              #port_lo, port_hi = port.is_a?(Array) ? (port[0], port[1]) : (port, port)
+              @logger.puts "#{meth} for ports #{port[0]}:#{port[1]} (#{protocol}) for #{addresses.join(', ')}" if @logger
+              ret = modify_rule(meth, name, port[0].to_i, (port[1] || port[0]).to_i, protocol, address)
+              raise "Unknown error during #{meth}" unless ret
+            end
+          end
+        end
+
+        ret
+      end
+
+      def modify_rule(meth, name, from_port, to_port, protocol, ipa)
+        opts = {
+          :group_name => name,
+          :ip_protocol => protocol,
+          :from_port => from_port,
+          :to_port => to_port,
+          :cidr_ip => ipa
+        }
+        ret = @ec2.send("#{meth}_security_group_ingress", opts)
+        (ret && ret['return'] == 'true')
+      end
+
+
+      def modify_group_rules(meth, name, gname, gowner)
+        opts = {
+          :group_name => name,
+          :source_security_group_name => gname,
+          :source_security_group_owner_id => gowner
+        }
+        ret = @ec2.send("#{meth}_security_group_ingress", opts)
+        (ret && ret['return'] == 'true')
+      end
+
+
 
     end
   end