# Copyright (c) 2009-2016 Hewlett Packard Enterprise Development LP
#
# Redistribution and use of this software in source and binary forms,
# with or without modification, are permitted provided that the following
# conditions are met:
#
# Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
from euca2ools.commands.ec2 import EC2Request
from requestbuilder import Arg, Filter, GenericTagFilter
class DescribeSecurityGroups(EC2Request):
DESCRIPTION = ('Show information about security groups\n\nNote that '
'filters are matched on literal strings only, so '
'"--filter ip-permission.from-port=22" will *not* match a '
'group with a port range of 20 to 30.')
ARGS = [Arg('group', metavar='GROUP', nargs='*', route_to=None,
default=[], help='limit results to specific security groups')]
FILTERS = [Filter('description', help='group description'),
Filter('group-id'),
Filter('group-name'),
Filter('ip-permission.cidr',
help='CIDR IP range granted permission by the group'),
Filter('ip-permission.from-port',
help='start of TCP/UDP port range, or ICMP type number'),
Filter('ip-permission.group-name', help='''name of another group
granted permission by this group'''),
Filter('ip-permission.group-id', help='''ID of another group
granted permission by this group'''),
Filter('ip-permission.protocol',
help='IP protocol for the permission'),
Filter('ip-permission.to-port',
help='end of TCP/UDP port range, or ICMP code'),
Filter('ip-permission.user-id',
help='ID of an account granted permission'),
Filter('owner-id', help="account ID of the group's owner"),
Filter('tag-key', help='key of a tag assigned to the group'),
Filter('tag-value',
help='value of a tag assigned to the group'),
GenericTagFilter('tag:KEY',
help='specific tag key/value combination'),
Filter('vpc-id',
help='[VPC only] ID of a VPC the group belongs to')]
LIST_TAGS = ['securityGroupInfo', 'ipPermissions', 'ipPermissionsEgress',
'groups', 'ipRanges', 'tagSet']
def preprocess(self):
for group in self.args['group']:
if group.startswith('sg-'):
self.params.setdefault('GroupId', [])
self.params['GroupId'].append(group)
else:
self.params.setdefault('GroupName', [])
self.params['GroupName'].append(group)
def print_result(self, result):
for group in result.get('securityGroupInfo', []):
self.print_group(group)
def print_group(self, group):
print self.tabify(('GROUP', group.get('groupId'), group.get('ownerId'),
group.get('groupName'),
group.get('groupDescription'),
group.get('vpcId')))
for perm in group.get('ipPermissions', []):
perm_base = ['PERMISSION', group.get('ownerId'),
group.get('groupName'), 'ALLOWS',
perm.get('ipProtocol'), perm.get('fromPort'),
perm.get('toPort')]
for cidr_range in perm.get('ipRanges', []):
perm_item = ['FROM', 'CIDR', cidr_range.get('cidrIp'),
'ingress']
print self.tabify(perm_base + perm_item)
for othergroup in perm.get('groups', []):
perm_item = ['FROM', 'USER', othergroup.get('userId')]
if othergroup.get('groupName'):
perm_item.extend(['NAME', othergroup['groupName']])
if othergroup.get('groupId'):
perm_item.extend(['ID', othergroup['groupId']])
perm_item.append('ingress')
print self.tabify(perm_base + perm_item)
for perm in group.get('ipPermissionsEgress', []):
perm_base = ['PERMISSION', group.get('ownerId'),
group.get('groupName'), 'ALLOWS',
perm.get('ipProtocol'), perm.get('fromPort'),
perm.get('toPort')]
for cidr_range in perm.get('ipRanges', []):
perm_item = ['TO', 'CIDR', cidr_range.get('cidrIp'), 'egress']
print self.tabify(perm_base + perm_item)
for othergroup in perm.get('groups', []):
perm_item = ['TO', 'USER', othergroup.get('userId')]
if othergroup.get('groupName'):
perm_item.extend(['NAME', othergroup['groupName']])
if othergroup.get('groupId'):
perm_item.extend(['ID', othergroup['groupId']])
perm_item.append('egress')
print self.tabify(perm_base + perm_item)
for tag in group.get('tagSet', []):
self.print_resource_tag(tag, (group.get('groupId') or
group.get('groupName')))