/src/clj/backtype/storm/security.clj

http://github.com/nathanmarz/storm-deploy · Clojure · 135 lines · 100 code · 17 blank · 18 comment · 8 complexity · 186079ac0f519aabcc2f116af65d87e8 MD5 · raw file

  1. ;
  2. ;
  3. ; Copyright (C) 2011 Cloud Conscious, LLC. <info@cloudconscious.com>
  4. ;
  5. ; ====================================================================
  6. ; Licensed under the Apache License, Version 2.0 (the "License");
  7. ; you may not use this file except in compliance with the License.
  8. ; You may obtain a copy of the License at
  9. ;
  10. ; http://www.apache.org/licenses/LICENSE-2.0
  11. ;
  12. ; Unless required by applicable law or agreed to in writing, software
  13. ; distributed under the License is distributed on an "AS IS" BASIS,
  14. ; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  15. ; See the License for the specific language governing permissions and
  16. ; limitations under the License.
  17. ; ====================================================================
  18. ;
  19. (ns
  20. #^{:author "Juegen Hoetzel, juergen@archlinux.org"
  21. :doc "A clojure binding for the jclouds AWS security group interface."}
  22. backtype.storm.security
  23. (:require (org.jclouds [compute2 :as compute])
  24. [org.jclouds.ec2.ebs2 :as ebs])
  25. (:import org.jclouds.ec2.domain.IpProtocol
  26. org.jclouds.ec2.domain.SecurityGroup
  27. org.jclouds.ec2.services.SecurityGroupClient
  28. org.jclouds.ec2.domain.UserIdGroupPair
  29. java.io.DataInputStream
  30. java.net.URL))
  31. (defn #^SecurityGroupClient
  32. sg-service
  33. "Returns the SecurityGroup Client associated with the specified compute service."
  34. [compute]
  35. (-> compute .getContext .getProviderSpecificContext .getApi .getSecurityGroupServices))
  36. (defn create-group
  37. "Creates a new security group.
  38. e.g. (create-group compute \"Database Server\" \"Description for group\" :region :us-west-1)"
  39. [compute name & {:keys [description region]}]
  40. (.createSecurityGroupInRegion (sg-service compute) (ebs/get-region region) name (or description name)))
  41. (defn delete-group
  42. "Deletes a security group.
  43. e.g. (delete-group compute \"Database Server\" :region :us-west-1)"
  44. [compute name & {:keys [region]}]
  45. (.deleteSecurityGroupInRegion (sg-service compute) (ebs/get-region region) name))
  46. (defn groups
  47. "Returns a map of GroupName -> org.jclouds.ec2.domain.SecurityGroup instances.
  48. e.g. (groups compute :region :us-east-1)"
  49. [compute & {:keys [region]}]
  50. (into {} (for [#^SecurityGroup group (.describeSecurityGroupsInRegion (sg-service compute)
  51. (ebs/get-region region)
  52. (into-array String '()))]
  53. [(.getName group) group])))
  54. (defn get-protocol [v]
  55. "Coerce argument to a IP Protocol."
  56. (cond
  57. (instance? IpProtocol v) v
  58. (keyword? v) (if-let [p (get {:tcp IpProtocol/TCP
  59. :udp IpProtocol/UDP
  60. :icmp IpProtocol/ICMP}
  61. v)]
  62. p
  63. (throw (IllegalArgumentException.
  64. (str "Can't obtain IP protocol from " v " (valid :tcp, :udp and :icmp)"))))
  65. (nil? v) IpProtocol/TCP
  66. :else (throw (IllegalArgumentException.
  67. (str "Can't obtain IP protocol from argument of type " (type v))))))
  68. (defn authorize
  69. "Adds permissions to a security group.
  70. e.g. (authorize compute \"jclouds#webserver#us-east-1\" 80 :ip-range \"0.0.0.0/0\")
  71. (authorize compute \"jclouds#webserver#us-east-1\" [1000,2000] :protocol :udp)"
  72. [compute group-name port & {:keys [protocol ip-range region]}]
  73. (let [group ((groups compute :region region) group-name)
  74. [from-port to-port] (if (number? port) [port port] port)]
  75. (if group
  76. (.authorizeSecurityGroupIngressInRegion
  77. (sg-service compute) (ebs/get-region region) (.getName group) (get-protocol protocol) from-port to-port (or ip-range "0.0.0.0/0"))
  78. (throw (IllegalArgumentException.
  79. (str "Can't find security group for name " group-name region ip-range from-port to-port))))))
  80. (def my-ip
  81. (memoize
  82. (fn []
  83. (let [is (DataInputStream. (.openStream (URL. "http://whatismyip.akamai.com/")))
  84. ret (.readLine is)]
  85. (.close is)
  86. ret
  87. ))))
  88. (defn authorizeme [compute group-name port region]
  89. (try
  90. (authorize compute group-name port :ip-range (str (my-ip) "/32") :region region
  91. )
  92. (catch IllegalStateException _)
  93. ))
  94. (defn authorize-group
  95. ([compute region to-group from-group]
  96. (authorize-group compute region to-group from-group (:aws-user-id (. compute environment)))
  97. )
  98. ([compute region to-group from-group user-id]
  99. (try
  100. (.authorizeSecurityGroupIngressInRegion
  101. (sg-service compute)
  102. region
  103. to-group
  104. (UserIdGroupPair. "" from-group)
  105. )
  106. (catch IllegalStateException _)
  107. )))
  108. (defn revoke
  109. "Revokes permissions from a security group.
  110. e.g. (revoke compute 80 \"jclouds#webserver#us-east-1\" :protocol :tcp 80 80 :ip-range \"0.0.0.0/0\")"
  111. [compute group-name port & {:keys [protocol ip-range region]}]
  112. (let [group ((groups compute :region region) group-name)
  113. [from-port to-port] (if (number? port) [port port] port)]
  114. (if group
  115. (.revokeSecurityGroupIngressInRegion
  116. (sg-service compute) (ebs/get-region region) (.getName group) (get-protocol protocol) from-port to-port (or ip-range "0.0.0.0/0"))
  117. (throw (IllegalArgumentException.
  118. (str "Can't find security group for name " group-name))))))