/src/clj/backtype/storm/security.clj
http://github.com/nathanmarz/storm-deploy · Clojure · 135 lines · 100 code · 17 blank · 18 comment · 8 complexity · 186079ac0f519aabcc2f116af65d87e8 MD5 · raw file
- ;
- ;
- ; Copyright (C) 2011 Cloud Conscious, LLC. <info@cloudconscious.com>
- ;
- ; ====================================================================
- ; Licensed under the Apache License, Version 2.0 (the "License");
- ; you may not use this file except in compliance with the License.
- ; You may obtain a copy of the License at
- ;
- ; http://www.apache.org/licenses/LICENSE-2.0
- ;
- ; Unless required by applicable law or agreed to in writing, software
- ; distributed under the License is distributed on an "AS IS" BASIS,
- ; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ; See the License for the specific language governing permissions and
- ; limitations under the License.
- ; ====================================================================
- ;
- (ns
- #^{:author "Juegen Hoetzel, juergen@archlinux.org"
- :doc "A clojure binding for the jclouds AWS security group interface."}
- backtype.storm.security
- (:require (org.jclouds [compute2 :as compute])
- [org.jclouds.ec2.ebs2 :as ebs])
- (:import org.jclouds.ec2.domain.IpProtocol
- org.jclouds.ec2.domain.SecurityGroup
- org.jclouds.ec2.services.SecurityGroupClient
- org.jclouds.ec2.domain.UserIdGroupPair
- java.io.DataInputStream
- java.net.URL))
- (defn #^SecurityGroupClient
- sg-service
- "Returns the SecurityGroup Client associated with the specified compute service."
- [compute]
- (-> compute .getContext .getProviderSpecificContext .getApi .getSecurityGroupServices))
- (defn create-group
- "Creates a new security group.
- e.g. (create-group compute \"Database Server\" \"Description for group\" :region :us-west-1)"
- [compute name & {:keys [description region]}]
- (.createSecurityGroupInRegion (sg-service compute) (ebs/get-region region) name (or description name)))
- (defn delete-group
- "Deletes a security group.
- e.g. (delete-group compute \"Database Server\" :region :us-west-1)"
- [compute name & {:keys [region]}]
- (.deleteSecurityGroupInRegion (sg-service compute) (ebs/get-region region) name))
- (defn groups
- "Returns a map of GroupName -> org.jclouds.ec2.domain.SecurityGroup instances.
- e.g. (groups compute :region :us-east-1)"
- [compute & {:keys [region]}]
- (into {} (for [#^SecurityGroup group (.describeSecurityGroupsInRegion (sg-service compute)
- (ebs/get-region region)
- (into-array String '()))]
- [(.getName group) group])))
- (defn get-protocol [v]
- "Coerce argument to a IP Protocol."
- (cond
- (instance? IpProtocol v) v
- (keyword? v) (if-let [p (get {:tcp IpProtocol/TCP
- :udp IpProtocol/UDP
- :icmp IpProtocol/ICMP}
- v)]
- p
- (throw (IllegalArgumentException.
- (str "Can't obtain IP protocol from " v " (valid :tcp, :udp and :icmp)"))))
- (nil? v) IpProtocol/TCP
- :else (throw (IllegalArgumentException.
- (str "Can't obtain IP protocol from argument of type " (type v))))))
- (defn authorize
- "Adds permissions to a security group.
- e.g. (authorize compute \"jclouds#webserver#us-east-1\" 80 :ip-range \"0.0.0.0/0\")
- (authorize compute \"jclouds#webserver#us-east-1\" [1000,2000] :protocol :udp)"
- [compute group-name port & {:keys [protocol ip-range region]}]
- (let [group ((groups compute :region region) group-name)
- [from-port to-port] (if (number? port) [port port] port)]
- (if group
- (.authorizeSecurityGroupIngressInRegion
- (sg-service compute) (ebs/get-region region) (.getName group) (get-protocol protocol) from-port to-port (or ip-range "0.0.0.0/0"))
- (throw (IllegalArgumentException.
- (str "Can't find security group for name " group-name region ip-range from-port to-port))))))
- (def my-ip
- (memoize
- (fn []
- (let [is (DataInputStream. (.openStream (URL. "http://whatismyip.akamai.com/")))
- ret (.readLine is)]
- (.close is)
- ret
- ))))
- (defn authorizeme [compute group-name port region]
- (try
- (authorize compute group-name port :ip-range (str (my-ip) "/32") :region region
- )
- (catch IllegalStateException _)
- ))
- (defn authorize-group
- ([compute region to-group from-group]
- (authorize-group compute region to-group from-group (:aws-user-id (. compute environment)))
- )
- ([compute region to-group from-group user-id]
- (try
- (.authorizeSecurityGroupIngressInRegion
- (sg-service compute)
- region
- to-group
- (UserIdGroupPair. "" from-group)
- )
- (catch IllegalStateException _)
- )))
- (defn revoke
- "Revokes permissions from a security group.
- e.g. (revoke compute 80 \"jclouds#webserver#us-east-1\" :protocol :tcp 80 80 :ip-range \"0.0.0.0/0\")"
- [compute group-name port & {:keys [protocol ip-range region]}]
- (let [group ((groups compute :region region) group-name)
- [from-port to-port] (if (number? port) [port port] port)]
- (if group
- (.revokeSecurityGroupIngressInRegion
- (sg-service compute) (ebs/get-region region) (.getName group) (get-protocol protocol) from-port to-port (or ip-range "0.0.0.0/0"))
- (throw (IllegalArgumentException.
- (str "Can't find security group for name " group-name))))))