#!/usr/bin/env bash

# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Set up security groups for the EC2 HBase cluster

if [ -z $1 ]; then
  echo "Cluster name required!"
  exit 1
fi

CLUSTER=$1

# Import variables
bin=`dirname "$0"`
bin=`cd "$bin"; pwd`
. "$bin"/hbase-ec2-env.sh

echo "Creating/checking security groups"

ec2-describe-group $TOOL_OPTS | egrep "[[:space:]]$CLUSTER_MASTER[[:space:]]" > /dev/null
if [ ! $? -eq 0 ]; then
  echo "Creating group $CLUSTER_MASTER"
  ec2-add-group $TOOL_OPTS $CLUSTER_MASTER -d "Group for HBase Master."
  ec2-authorize $TOOL_OPTS $CLUSTER_MASTER -o $CLUSTER_MASTER -u $AWS_ACCOUNT_ID
  ec2-authorize $TOOL_OPTS $CLUSTER_MASTER -p 22    # ssh

  if [ $ENABLE_WEB_PORTS = "true" ]; then
    ec2-authorize $TOOL_OPTS $CLUSTER_MASTER -p 50070 # NameNode web interface
    ec2-authorize $TOOL_OPTS $CLUSTER_MASTER -p 50075 # DataNode web interface
    ec2-authorize $TOOL_OPTS $CLUSTER_MASTER -p 60010 # HBase master web interface
    ec2-authorize $TOOL_OPTS $CLUSTER_MASTER -p 60030 # HBase region server web interface
  fi
else
  echo "Security group $CLUSTER_MASTER exists, ok"
fi

ec2-describe-group $TOOL_OPTS | egrep "[[:space:]]$CLUSTER[[:space:]]" > /dev/null
if [ ! $? -eq 0 ]; then
  echo "Creating group $CLUSTER"
  ec2-add-group $TOOL_OPTS $CLUSTER -d "Group for HBase Slaves."
  ec2-authorize $TOOL_OPTS $CLUSTER -o $CLUSTER -u $AWS_ACCOUNT_ID
  ec2-authorize $TOOL_OPTS $CLUSTER -p 22    # ssh

  if [ $ENABLE_WEB_PORTS = "true" ]; then
    ec2-authorize $TOOL_OPTS $CLUSTER -p 50070 # NameNode web interface
    ec2-authorize $TOOL_OPTS $CLUSTER -p 50075 # DataNode web interface
    ec2-authorize $TOOL_OPTS $CLUSTER -p 60010 # HBase master web interface
    ec2-authorize $TOOL_OPTS $CLUSTER -p 60030 # HBase region server web interface
  fi

  ec2-authorize $TOOL_OPTS $CLUSTER_MASTER -o $CLUSTER -u $AWS_ACCOUNT_ID
  ec2-authorize $TOOL_OPTS $CLUSTER -o $CLUSTER_MASTER -u $AWS_ACCOUNT_ID
else
  echo "Security group $CLUSTER exists, ok"
fi

# Set up zookeeper group

ec2-describe-group $TOOL_OPTS | egrep "[[:space:]]$CLUSTER_ZOOKEEPER[[:space:]]" > /dev/null
if [ ! $? -eq 0 ]; then
  echo "Creating group $CLUSTER_ZOOKEEPER"
  ec2-add-group $TOOL_OPTS $CLUSTER_ZOOKEEPER -d "Group for HBase Zookeeper quorum."
  ec2-authorize $TOOL_OPTS $CLUSTER_ZOOKEEPER -o $CLUSTER_ZOOKEEPER -u $AWS_ACCOUNT_ID
  ec2-authorize $TOOL_OPTS $CLUSTER_ZOOKEEPER -p 22    # ssh

  ec2-authorize $TOOL_OPTS $CLUSTER_MASTER -o $CLUSTER_ZOOKEEPER -u $AWS_ACCOUNT_ID
  ec2-authorize $TOOL_OPTS $CLUSTER_ZOOKEEPER -o $CLUSTER_MASTER -u $AWS_ACCOUNT_ID
  ec2-authorize $TOOL_OPTS $CLUSTER -o $CLUSTER_ZOOKEEPER -u $AWS_ACCOUNT_ID
  ec2-authorize $TOOL_OPTS $CLUSTER_ZOOKEEPER -o $CLUSTER -u $AWS_ACCOUNT_ID
else
  echo "Security group $CLUSTER_ZOOKEEPER exists, ok"
fi