예제 #1
0
func main() {

	// cmdline options
	versionFlag := flag.Bool("v", false, "show version and exit")
	cidr := flag.String("c", "", "set a specific cidr block (default: current public ip)")
	protocol := flag.String("P", "TCP", "protocol to allow (default: TCP)")
	port := flag.Int("p", 22, "port number to allow (default: 22)")
	revoke := flag.Bool("r", false, "revoke access from security groups (default: false)")
	flag.Parse()

	// show version and exit
	if *versionFlag {
		fmt.Printf("let-me-in %v\n", VERSION)
		return
	}

	// if cidr not given get ip from external service
	if *cidr == "" {
		ident := os.Getenv("LMI_IDENT_URL")
		if ident == "" {
			ident = "http://ident.me/"
		}
		ip := getMyIp(ident) + "/32"
		cidr = &ip
	}

	// configure aws-sdk from AWS_* env vars
	client := ec2.New(&aws.Config{})

	// get security group names and any command to exec after '--'
	groups, cmd := parseArgs(flag.Args())

	// convert security group names to ids for vpc
	ids := getGroupIds(client, groups)

	// revoke on -r option
	if *revoke {
		revokeGroups(client, ids, protocol, port, cidr)
	} else {
		authorizeGroups(client, ids, protocol, port, cidr)

		// exec any command after '--', then revoke
		if cmd != nil {
			c := exec.Command(cmd[0], cmd[1:]...)
			c.Stdout = os.Stdout
			c.Stdin = os.Stdin
			c.Stderr = os.Stderr
			err := c.Run()
			if err != nil {
				fmt.Println(err) // show err and keep running so we hit revoke below
			}
			revokeGroups(client, ids, protocol, port, cidr)
		}
	}

}
예제 #2
0
func TestCopySnapshotPresignedURL(t *testing.T) {
	svc := ec2.New(&aws.Config{Region: aws.String("us-west-2")})

	assert.NotPanics(t, func() {
		// Doesn't panic on nil input
		req, _ := svc.CopySnapshotRequest(nil)
		req.Sign()
	})

	req, _ := svc.CopySnapshotRequest(&ec2.CopySnapshotInput{
		SourceRegion:     aws.String("us-west-1"),
		SourceSnapshotId: aws.String("snap-id"),
	})
	req.Sign()

	b, _ := ioutil.ReadAll(req.HTTPRequest.Body)
	q, _ := url.ParseQuery(string(b))
	url, _ := url.QueryUnescape(q.Get("PresignedUrl"))
	assert.Equal(t, "us-west-2", q.Get("DestinationRegion"))
	assert.Regexp(t, `^https://ec2\.us-west-1\.amazon.+&DestinationRegion=us-west-2`, url)
}
예제 #3
0
func TestInterface(t *testing.T) {
	assert.Implements(t, (*ec2iface.EC2API)(nil), ec2.New(nil))
}