2
# -*- coding: utf-8 -*-
4
# Software License Agreement (BSD License)
6
# Copyright (c) 2009, Eucalyptus Systems, Inc.
9
# Redistribution and use of this software in source and binary forms, with or
10
# without modification, are permitted provided that the following conditions
13
# Redistributions of source code must retain the above
14
# copyright notice, this list of conditions and the
15
# following disclaimer.
17
# Redistributions in binary form must reproduce the above
18
# copyright notice, this list of conditions and the
19
# following disclaimer in the documentation and/or other
20
# materials provided with the distribution.
22
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
23
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
26
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32
# POSSIBILITY OF SUCH DAMAGE.
34
# Author: Neil Soman neil@eucalyptus.com
39
from euca2ools import Euca2ool, AddressValidationError, \
40
ProtocolValidationError, Util, ConnectionFailed
44
Revoke a rule for a security group.
46
euca-revoke [-P | --protocol protocol] [-p | --port-range port_range]
47
[-t | --icmp-type-code type:code] [-o | --source-group source_group]
48
[-u | --source-group-user source_group_user] [-s | --source-subnet source_subnet]
49
[-h, --help] [--version] [--debug] group_name
53
group_name Name of the group to add the rule to.
57
-P, --protocol Protocol ("tcp" "udp" or "icmp").
59
-p, --port-range Range of ports for the rule (specified as "from-to").
61
-t, --icmp-type-code ICMP type and code specified as "type:code"
63
-o, --source-group Group from which traffic is authorized by the rule.
65
-u, --source-group-user User ID for the source group.
67
-s, --source-subnet The source subnet for the rule.
74
Util().usage(compat=True)
78
print Util().version()
85
euca = Euca2ool('P:p:o:u:s:t:', [
101
source_group_name = None
102
source_group_owner_id = None
105
for (name, value) in euca.opts:
106
if name in ('-P', '--protocol'):
108
elif name in ('-p', '--port-range'):
109
ports = value.split('-')
111
from_port = int(ports[0])
112
to_port = int(ports[1])
114
from_port = to_port = int(ports[0])
115
elif name in ('-o', '--source-group'):
116
source_group_name = value
118
elif name in ('-u', '--source-group-user'):
119
source_group_owner_id = value
120
elif name in ('-s', '--source-subnet'):
122
elif name in ('-t', '--icmp-type-code'):
123
code_parts = value.split(':')
124
if len(code_parts) > 1:
126
from_port = int(code_parts[0])
127
to_port = int(code_parts[1])
129
print 'port must be an integer.'
131
elif name in ('-h', '--help'):
133
elif name == '--version':
136
if source_group_name:
141
for arg in euca.args:
148
euca.validate_address(cidr_ip)
149
except AddressValidationError:
150
print 'Invalid address', cidr_ip
154
euca.validate_protocol(protocol)
155
except ProtocolValidationError:
156
print 'Invalid protocol', protocol
160
euca_conn = euca.make_connection()
161
except ConnectionFailed, e:
165
return_code = euca_conn.revoke_security_group(
166
group_name=group_name,
167
src_security_group_name=source_group_name,
168
src_security_group_owner_id=source_group_owner_id,
169
ip_protocol=protocol,
174
except Exception, ex:
175
euca.display_error_and_exit('%s' % ex)
178
print 'GROUP\t%s' % group_name
179
permission_string = 'PERMISSION\t%s\tALLOWS' % group_name
181
permission_string += '\t%s' % protocol
183
permission_string += '\t%s' % from_port
185
permission_string += '\t%s' % to_port
186
if source_group_owner_id:
187
permission_string += '\tUSER\t%s' \
188
% source_group_owner_id
189
if source_group_name:
190
permission_string += '\tGRPNAME\t%s' % source_group_name
192
permission_string += '\tFROM\tCIDR\t%s' % cidr_ip
193
print permission_string
196
print 'group_name must be specified'
200
if __name__ == '__main__':