security.clj | searchcode

/src/clj/backtype/storm/security.clj

http://github.com/nathanmarz/storm-deploy
Clojure | 135 lines | 100 code | 17 blank | 18 comment | 4 complexity | 186079ac0f519aabcc2f116af65d87e8 MD5 | raw file
  1;
  2;
  3; Copyright (C) 2011 Cloud Conscious, LLC. <info@cloudconscious.com>
  4;
  5; ====================================================================
  6; Licensed under the Apache License, Version 2.0 (the "License");
  7; you may not use this file except in compliance with the License.
  8; You may obtain a copy of the License at
  9;
 10; http://www.apache.org/licenses/LICENSE-2.0
 11;
 12; Unless required by applicable law or agreed to in writing, software
 13; distributed under the License is distributed on an "AS IS" BASIS,
 14; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 15; See the License for the specific language governing permissions and
 16; limitations under the License.
 17; ====================================================================
 18;
 19
 20(ns
 21  #^{:author "Juegen Hoetzel, juergen@archlinux.org"
 22     :doc "A clojure binding for the jclouds AWS security group interface."}
 23  backtype.storm.security
 24  (:require (org.jclouds [compute2 :as compute])
 25    [org.jclouds.ec2.ebs2 :as ebs])
 26  (:import org.jclouds.ec2.domain.IpProtocol
 27           org.jclouds.ec2.domain.SecurityGroup
 28           org.jclouds.ec2.services.SecurityGroupClient
 29           org.jclouds.ec2.domain.UserIdGroupPair
 30           java.io.DataInputStream
 31           java.net.URL))
 32
 33(defn #^SecurityGroupClient
 34  sg-service
 35  "Returns the SecurityGroup Client associated with the specified  compute service."
 36  [compute]
 37  (-> compute .getContext .getProviderSpecificContext .getApi .getSecurityGroupServices))
 38
 39(defn create-group
 40  "Creates a new security group.
 41
 42  e.g. (create-group compute \"Database Server\" \"Description for group\" :region :us-west-1)"
 43  [compute name & {:keys [description region]}]
 44  (.createSecurityGroupInRegion (sg-service compute) (ebs/get-region region) name (or description name)))
 45
 46(defn delete-group
 47  "Deletes a security group.
 48
 49  e.g. (delete-group compute \"Database Server\" :region :us-west-1)"
 50  [compute name & {:keys [region]}]
 51  (.deleteSecurityGroupInRegion (sg-service compute) (ebs/get-region region) name))
 52
 53(defn groups
 54  "Returns a map of GroupName -> org.jclouds.ec2.domain.SecurityGroup instances.
 55
 56   e.g. (groups compute :region :us-east-1)"
 57  [compute & {:keys [region]}]
 58  (into {} (for [#^SecurityGroup group (.describeSecurityGroupsInRegion (sg-service compute)
 59                                                                        (ebs/get-region region)
 60                                                                        (into-array String '()))]
 61             [(.getName group) group])))
 62
 63(defn get-protocol [v]
 64  "Coerce argument to a IP Protocol."
 65  (cond
 66   (instance? IpProtocol v) v
 67   (keyword? v) (if-let [p (get {:tcp IpProtocol/TCP
 68                                 :udp IpProtocol/UDP
 69                                 :icmp IpProtocol/ICMP}
 70                                v)]
 71                  p
 72                  (throw (IllegalArgumentException.
 73                          (str "Can't obtain IP protocol from " v " (valid :tcp, :udp and :icmp)"))))
 74   (nil? v) IpProtocol/TCP
 75   :else (throw (IllegalArgumentException.
 76                 (str "Can't obtain IP protocol from argument of type " (type v))))))
 77
 78(defn authorize
 79  "Adds permissions to a security group.
 80
 81   e.g. (authorize compute \"jclouds#webserver#us-east-1\" 80 :ip-range \"0.0.0.0/0\")
 82        (authorize compute \"jclouds#webserver#us-east-1\" [1000,2000] :protocol :udp)"
 83
 84  [compute group-name port & {:keys [protocol ip-range region]}]
 85  (let [group ((groups compute :region region) group-name)
 86        [from-port to-port] (if (number? port) [port port] port)]
 87    (if group
 88      (.authorizeSecurityGroupIngressInRegion
 89       (sg-service compute) (ebs/get-region region) (.getName group) (get-protocol protocol) from-port to-port (or ip-range "0.0.0.0/0"))
 90      (throw (IllegalArgumentException.
 91              (str "Can't find security group for name " group-name region ip-range from-port to-port))))))
 92
 93(def my-ip
 94  (memoize
 95    (fn []
 96      (let [is (DataInputStream. (.openStream (URL. "http://whatismyip.akamai.com/")))
 97            ret (.readLine is)]
 98        (.close is)
 99        ret
100        ))))
101
102(defn authorizeme [compute group-name port region]
103  (try
104    (authorize compute group-name port :ip-range (str (my-ip) "/32") :region region
105    )
106  (catch IllegalStateException _)
107  ))
108
109(defn authorize-group
110  ([compute region to-group from-group]
111    (authorize-group compute region to-group from-group (:aws-user-id (. compute environment)))
112    )
113  ([compute region to-group from-group user-id]
114    (try
115      (.authorizeSecurityGroupIngressInRegion
116        (sg-service compute)
117        region
118        to-group
119        (UserIdGroupPair. "" from-group)
120        )
121    (catch IllegalStateException _)
122    )))
123
124(defn revoke
125  "Revokes permissions from a security group.
126
127   e.g. (revoke compute 80 \"jclouds#webserver#us-east-1\" :protocol :tcp 80 80 :ip-range \"0.0.0.0/0\")"
128  [compute group-name port & {:keys [protocol ip-range region]}]
129  (let [group ((groups compute :region region) group-name)
130        [from-port to-port] (if (number? port) [port port] port)]
131    (if group
132     (.revokeSecurityGroupIngressInRegion
133      (sg-service compute) (ebs/get-region region) (.getName group) (get-protocol protocol) from-port to-port (or ip-range "0.0.0.0/0"))
134     (throw (IllegalArgumentException.
135             (str "Can't find security group for name " group-name))))))