second revision of firewalls including suggestions by Michal: * moves create/destroy firewall rules to firewall collection block (rabbit) * renames Firewall_Rule to FirewallRule
Also, this version tidies up the json support for firewalls (and also blobs). I copy/paste notes from original message here for convenience (amended for the above changes): This patch implements 'firewalls' - which are ec2 security groups. Some notes: * This functionality relies on some modifications to the appoxy aws gem - the requested changes have been merged into appoxy/aws https://github.com/appoxy/aws/pull/91 and will be available in the next gem release (look for aws-2.5.4) ======================================================================= * XML looks like: <firewall href='http://localhost:3001/api/firewalls/new_firewall' id='new_firewall'> <name><![CDATA[new_firewall]]></name> <description><![CDATA[new_one]]></description> <owner_id>297467797945</owner_id> <rules> <rule id="dXNlciAyOTc0Njc3OTc5NDU6Ojpwcm90b2NvbCB0Y3A6Ojpmcm9tX3BvcnQgMjQ="> <allow_protocol>tcp</allow_protocol> <port_from>0</port_from> <port_to>65535</port_to> <direction>ingress</direction> <sources> <source name='new_firewall' owner='123456789012' type='group'></source> <source address='10.1.1.1' family='ipv4' prefix='24' type='address'></source> <source address='192.168.1.1' family='ipv4' prefix='24' type='address'></source> </sources> </rule> </rules> </firewall> ======================================================================= * OPERATIONS: implemented GET/POST/DELETE [list, create, destroy] for firewalls (both html and xml interfaces), GET/POST/DELETE for firewall rules. You can also use curl rather than html interface if you prefer: list firewalls: GET /api/firewalls GET /api/firewalls/:firewall curl --user 'aws_key:aws_secret_key' http://localhost:3001/api/firewalls?format=xml create new firewall: POST /api/firewalls curl -F "name=some_new_firewall" -F "description=gonna be deleted immediately" --user 'aws_key:aws_secret_key' http://localhost:3001/api/firewalls?format=xml delete a firewall: DELETE /api/firewalls/:firewall curl -X DELETE --user 'aws_key:aws_secret_key' http://localhost:3001/api/firewalls/some_new_firewall?format=xml create firewall rule: POST /api/firewalls/:firewall/rules curl -F "protocol=tcp" -F "from_port=22" -F "to_port=22" -F "ip_address1=192.168.1.1/24" -F "ip_address2=10.1.1.1/24" -F "group1=new_group" -F "group1owner=123456789" --user 'aws_key:aws_secret_key' http://localhost:3001/api/firewalls/default/rules?format=xml (and can specify additional sources for a given rule using ip_addressN and groupN/groupNowner) delete firewall rule: DELETE /api/firewalls/:firewall/rule curl -X DELETE -F "rule_id=:rule_id" --user 'aws_key:aws_secret_key' http://localhost:3001/api/firewalls/firewall_id/rule?format=xml ======================================================================= * Firewall rule ids... amazon doesn't have any notion of an 'id' for a single firewall rule, rather each firewall rule is identified by its constituent parts (protocol, from&to ports, and sources [groups and ipaddress ranges]). In order to allow for a 'delete /api/firewalls/:firewall/:rule' type operation I use Base64.encode to encode a unique UID for each rule using 'aws_owner_id protocol from_port to_port sources' - but this results in rather ugly looking uids... discussion/suggestions welcome, I'm sure theres more but this is already way too long, thanks to anyone brave enough to try this stuff out, all the best, marios
