1 | 'use strict';
|
2 | const { throwProcessedException } = require('./error-message');
|
3 |
|
4 | var requestOption = {
|
5 | method: 'POST'
|
6 | };
|
7 |
|
8 | async function describeSecurityGroups(client, region, vpcId, securityGroupName) {
|
9 | var params = {
|
10 | 'RegionId': region,
|
11 | 'VpcId': vpcId,
|
12 | 'SecurityGroupName': securityGroupName
|
13 | };
|
14 |
|
15 | const describeRs = await client.request('DescribeSecurityGroups', params, requestOption);
|
16 |
|
17 | const securityGroup = describeRs.SecurityGroups.SecurityGroup;
|
18 |
|
19 | return securityGroup;
|
20 | }
|
21 |
|
22 | async function authSecurityGroupRule(ecsClient, region, securityGroupId, protocol, port) {
|
23 | var params = {
|
24 | 'RegionId': region,
|
25 | 'SecurityGroupId': securityGroupId,
|
26 | 'IpProtocol': protocol,
|
27 | 'PortRange': port,
|
28 | 'Policy': 'Accept',
|
29 | 'SourceCidrIp': '0.0.0.0/0',
|
30 | 'NicType': 'intranet'
|
31 | };
|
32 |
|
33 | const rs = await ecsClient.request('AuthorizeSecurityGroup', params, requestOption);
|
34 | return rs;
|
35 | }
|
36 |
|
37 | async function authDefaultSecurityGroupRules(ecsClient, region, securityGroupId) {
|
38 |
|
39 | const sgRules = [
|
40 | { protocol: 'TCP', port: '80/80' },
|
41 | { protocol: 'TCP', port: '443/443' },
|
42 | { protocol: 'ICMP', port: '-1/-1' },
|
43 | { protocol: 'TCP', port: '22/22' }
|
44 | ];
|
45 |
|
46 | for (const rule of sgRules) {
|
47 | await authSecurityGroupRule(ecsClient, region, securityGroupId, rule.protocol, rule.port);
|
48 | }
|
49 | }
|
50 |
|
51 | async function createSecurityGroup(ecsClient, region, vpcId, securityGroupName) {
|
52 | var params = {
|
53 | 'RegionId': region,
|
54 | 'SecurityGroupName': securityGroupName,
|
55 | 'Description': 'default security group created by fc fun',
|
56 | 'VpcId': vpcId,
|
57 | 'SecurityGroupType': 'normal'
|
58 | };
|
59 |
|
60 | var createRs;
|
61 |
|
62 | try {
|
63 |
|
64 | createRs = await ecsClient.request('CreateSecurityGroup', params, requestOption);
|
65 |
|
66 | } catch (ex) {
|
67 |
|
68 | throwProcessedException(ex, 'AliyunECSFullAccess');
|
69 | }
|
70 |
|
71 | return createRs.SecurityGroupId;
|
72 | }
|
73 |
|
74 | module.exports = {
|
75 | describeSecurityGroups,
|
76 | createSecurityGroup,
|
77 | authDefaultSecurityGroupRules
|
78 | }; |
\ | No newline at end of file |