/src/clj/backtype/storm/security.clj
Clojure | 135 lines | 100 code | 17 blank | 18 comment | 4 complexity | 186079ac0f519aabcc2f116af65d87e8 MD5 | raw file
1; 2; 3; Copyright (C) 2011 Cloud Conscious, LLC. <info@cloudconscious.com> 4; 5; ==================================================================== 6; Licensed under the Apache License, Version 2.0 (the "License"); 7; you may not use this file except in compliance with the License. 8; You may obtain a copy of the License at 9; 10; http://www.apache.org/licenses/LICENSE-2.0 11; 12; Unless required by applicable law or agreed to in writing, software 13; distributed under the License is distributed on an "AS IS" BASIS, 14; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15; See the License for the specific language governing permissions and 16; limitations under the License. 17; ==================================================================== 18; 19 20(ns 21 #^{:author "Juegen Hoetzel, juergen@archlinux.org" 22 :doc "A clojure binding for the jclouds AWS security group interface."} 23 backtype.storm.security 24 (:require (org.jclouds [compute2 :as compute]) 25 [org.jclouds.ec2.ebs2 :as ebs]) 26 (:import org.jclouds.ec2.domain.IpProtocol 27 org.jclouds.ec2.domain.SecurityGroup 28 org.jclouds.ec2.services.SecurityGroupClient 29 org.jclouds.ec2.domain.UserIdGroupPair 30 java.io.DataInputStream 31 java.net.URL)) 32 33(defn #^SecurityGroupClient 34 sg-service 35 "Returns the SecurityGroup Client associated with the specified compute service." 36 [compute] 37 (-> compute .getContext .getProviderSpecificContext .getApi .getSecurityGroupServices)) 38 39(defn create-group 40 "Creates a new security group. 41 42 e.g. (create-group compute \"Database Server\" \"Description for group\" :region :us-west-1)" 43 [compute name & {:keys [description region]}] 44 (.createSecurityGroupInRegion (sg-service compute) (ebs/get-region region) name (or description name))) 45 46(defn delete-group 47 "Deletes a security group. 48 49 e.g. (delete-group compute \"Database Server\" :region :us-west-1)" 50 [compute name & {:keys [region]}] 51 (.deleteSecurityGroupInRegion (sg-service compute) (ebs/get-region region) name)) 52 53(defn groups 54 "Returns a map of GroupName -> org.jclouds.ec2.domain.SecurityGroup instances. 55 56 e.g. (groups compute :region :us-east-1)" 57 [compute & {:keys [region]}] 58 (into {} (for [#^SecurityGroup group (.describeSecurityGroupsInRegion (sg-service compute) 59 (ebs/get-region region) 60 (into-array String '()))] 61 [(.getName group) group]))) 62 63(defn get-protocol [v] 64 "Coerce argument to a IP Protocol." 65 (cond 66 (instance? IpProtocol v) v 67 (keyword? v) (if-let [p (get {:tcp IpProtocol/TCP 68 :udp IpProtocol/UDP 69 :icmp IpProtocol/ICMP} 70 v)] 71 p 72 (throw (IllegalArgumentException. 73 (str "Can't obtain IP protocol from " v " (valid :tcp, :udp and :icmp)")))) 74 (nil? v) IpProtocol/TCP 75 :else (throw (IllegalArgumentException. 76 (str "Can't obtain IP protocol from argument of type " (type v)))))) 77 78(defn authorize 79 "Adds permissions to a security group. 80 81 e.g. (authorize compute \"jclouds#webserver#us-east-1\" 80 :ip-range \"0.0.0.0/0\") 82 (authorize compute \"jclouds#webserver#us-east-1\" [1000,2000] :protocol :udp)" 83 84 [compute group-name port & {:keys [protocol ip-range region]}] 85 (let [group ((groups compute :region region) group-name) 86 [from-port to-port] (if (number? port) [port port] port)] 87 (if group 88 (.authorizeSecurityGroupIngressInRegion 89 (sg-service compute) (ebs/get-region region) (.getName group) (get-protocol protocol) from-port to-port (or ip-range "0.0.0.0/0")) 90 (throw (IllegalArgumentException. 91 (str "Can't find security group for name " group-name region ip-range from-port to-port)))))) 92 93(def my-ip 94 (memoize 95 (fn [] 96 (let [is (DataInputStream. (.openStream (URL. "http://whatismyip.akamai.com/"))) 97 ret (.readLine is)] 98 (.close is) 99 ret 100 )))) 101 102(defn authorizeme [compute group-name port region] 103 (try 104 (authorize compute group-name port :ip-range (str (my-ip) "/32") :region region 105 ) 106 (catch IllegalStateException _) 107 )) 108 109(defn authorize-group 110 ([compute region to-group from-group] 111 (authorize-group compute region to-group from-group (:aws-user-id (. compute environment))) 112 ) 113 ([compute region to-group from-group user-id] 114 (try 115 (.authorizeSecurityGroupIngressInRegion 116 (sg-service compute) 117 region 118 to-group 119 (UserIdGroupPair. "" from-group) 120 ) 121 (catch IllegalStateException _) 122 ))) 123 124(defn revoke 125 "Revokes permissions from a security group. 126 127 e.g. (revoke compute 80 \"jclouds#webserver#us-east-1\" :protocol :tcp 80 80 :ip-range \"0.0.0.0/0\")" 128 [compute group-name port & {:keys [protocol ip-range region]}] 129 (let [group ((groups compute :region region) group-name) 130 [from-port to-port] (if (number? port) [port port] port)] 131 (if group 132 (.revokeSecurityGroupIngressInRegion 133 (sg-service compute) (ebs/get-region region) (.getName group) (get-protocol protocol) from-port to-port (or ip-range "0.0.0.0/0")) 134 (throw (IllegalArgumentException. 135 (str "Can't find security group for name " group-name))))))