1 | 'use strict';
|
2 | const { throwProcessedException } = require('./error-message');
|
3 |
|
4 | var requestOption = {
|
5 | method: 'POST'
|
6 | };
|
7 |
|
8 | async function describeSecurityGroups(client, region, vpcId, securityGroupName) {
|
9 | var params = {
|
10 | 'RegionId': region,
|
11 | 'VpcId': vpcId
|
12 | };
|
13 |
|
14 | if (securityGroupName) {
|
15 | Object.assign(params, {
|
16 | 'SecurityGroupName': securityGroupName
|
17 | });
|
18 | }
|
19 | const describeRs = await client.request('DescribeSecurityGroups', params, requestOption);
|
20 |
|
21 | const securityGroup = describeRs.SecurityGroups.SecurityGroup;
|
22 |
|
23 | return securityGroup;
|
24 | }
|
25 |
|
26 | async function authSecurityGroupRule(ecsClient, region, securityGroupId, protocol, port) {
|
27 | var params = {
|
28 | 'RegionId': region,
|
29 | 'SecurityGroupId': securityGroupId,
|
30 | 'IpProtocol': protocol,
|
31 | 'PortRange': port,
|
32 | 'Policy': 'Accept',
|
33 | 'SourceCidrIp': '0.0.0.0/0',
|
34 | 'NicType': 'intranet'
|
35 | };
|
36 |
|
37 | const rs = await ecsClient.request('AuthorizeSecurityGroup', params, requestOption);
|
38 | return rs;
|
39 | }
|
40 |
|
41 | async function authDefaultSecurityGroupRules(ecsClient, region, securityGroupId) {
|
42 |
|
43 | const sgRules = [
|
44 | { protocol: 'TCP', port: '80/80' },
|
45 | { protocol: 'TCP', port: '443/443' },
|
46 | { protocol: 'ICMP', port: '-1/-1' },
|
47 | { protocol: 'TCP', port: '22/22' }
|
48 | ];
|
49 |
|
50 | for (const rule of sgRules) {
|
51 | await authSecurityGroupRule(ecsClient, region, securityGroupId, rule.protocol, rule.port);
|
52 | }
|
53 | }
|
54 |
|
55 | async function createSecurityGroup(ecsClient, region, vpcId, securityGroupName) {
|
56 | var params = {
|
57 | 'RegionId': region,
|
58 | 'SecurityGroupName': securityGroupName,
|
59 | 'Description': 'default security group created by fc fun',
|
60 | 'VpcId': vpcId,
|
61 | 'SecurityGroupType': 'normal'
|
62 | };
|
63 |
|
64 | var createRs;
|
65 |
|
66 | try {
|
67 |
|
68 | createRs = await ecsClient.request('CreateSecurityGroup', params, requestOption);
|
69 |
|
70 | } catch (ex) {
|
71 |
|
72 | throwProcessedException(ex, 'AliyunECSFullAccess');
|
73 | }
|
74 |
|
75 | return createRs.SecurityGroupId;
|
76 | }
|
77 |
|
78 | module.exports = {
|
79 | describeSecurityGroups,
|
80 | createSecurityGroup,
|
81 | authDefaultSecurityGroupRules
|
82 | }; |
\ | No newline at end of file |