Class: AWS::EC2::SecurityGroup::IpPermission

Inherits:

Object

• Object
• AWS::EC2::SecurityGroup::IpPermission

Defined in:

lib/aws/ec2/security_group/ip_permission.rb

Instance Attribute Summary

• #egress ⇒ Boolean readonly

  True if this is an egress permission.

• #groups ⇒ Array readonly

  An array of security groups that have been granted access with this permission.

• #ip_ranges ⇒ Array readonly

  An array of string CIDR ip addresses.

• #port_range ⇒ Range readonly

  The port range (e.g. 80..80, 4000..4010, etc).

• #protocol ⇒ Symbol readonly

  The protocol (:tcp, :udp, :icmp).

• #security_group ⇒ SecurityGroup readonly

  The security group this permission is authorized for.

Instance Method Summary

• #authorize ⇒ IpPermission

  Authorizes this permission from its security group.

• #egress? ⇒ Boolean

  Returns true if this is an egress permission.

• #eql?(other) ⇒ Boolean (also: #==)

  Returns true if the other IpPermission matches this one.

• #initialize(security_group, protocol, ports, options = {}) ⇒ IpPermission constructor

  A new instance of IpPermission.

• #revoke ⇒ IpPermission

  Revokes this permission from its security group.

Constructor Details

#initialize(security_group, protocol, ports, options = {}) ⇒ IpPermission

Returns a new instance of IpPermission.

Parameters:

• protocol (:tcp, :udp, :icmp)
• ports (Integer, Range<Integer>) —

  A port or port range to allow.

• options (Hash) (defaults to: {})

Options Hash (options):

• :ip_ranges (Array) —

  An array of CIDR ip address to grant permission to.

• :groups (Array) —

  An array of SecurityGroup objects to grant permission to.

• :egress (Boolean) — default: false —

  When true this IpPermission is assumed to be an egress permission.

# File 'lib/aws/ec2/security_group/ip_permission.rb', line 36

def initialize security_group, protocol, ports, options = {}

  @security_group = security_group

  @protocol = protocol == '-1' ?  :any : protocol.to_s.downcase.to_sym

  @ip_ranges = Array(options[:ip_ranges])

  @groups = Array(options[:groups])

  @egress = options[:egress] || false

  # not all egress permissions require port ranges, depends on the
  # protocol
  if ports
    if ports.is_a?(Range)
      @port_range = ports
    else
      @port_range = Array(ports).first.to_i..Array(ports).last.to_i
    end
  end

  super

end

Instance Attribute Details

#egress ⇒ Boolean (readonly)

Returns True if this is an egress permission.

Returns:

• (Boolean) —

  True if this is an egress permission

# File 'lib/aws/ec2/security_group/ip_permission.rb', line 80

def egress
  @egress
end

#groups ⇒ Array (readonly)

Returns An array of security groups that have been granted access with this permission.

Returns:

• (Array) —

  An array of security groups that have been granted access with this permission.

# File 'lib/aws/ec2/security_group/ip_permission.rb', line 77

def groups
  @groups
end

#ip_ranges ⇒ Array (readonly)

Returns An array of string CIDR ip addresses.

Returns:

• (Array) —

  An array of string CIDR ip addresses.

# File 'lib/aws/ec2/security_group/ip_permission.rb', line 73

def ip_ranges
  @ip_ranges
end

#port_range ⇒ Range (readonly)

Returns The port range (e.g. 80..80, 4000..4010, etc).

Returns:

• (Range) —

  The port range (e.g. 80..80, 4000..4010, etc)

# File 'lib/aws/ec2/security_group/ip_permission.rb', line 70

def port_range
  @port_range
end

#protocol ⇒ Symbol (readonly)

Returns The protocol (:tcp, :udp, :icmp).

Returns:

• (Symbol) —

  The protocol (:tcp, :udp, :icmp)

# File 'lib/aws/ec2/security_group/ip_permission.rb', line 67

def protocol
  @protocol
end

#security_group ⇒ SecurityGroup (readonly)

Returns The security group this permission is authorized for.

Returns:

• (SecurityGroup) —

  The security group this permission is authorized for.

# File 'lib/aws/ec2/security_group/ip_permission.rb', line 64

def security_group
  @security_group
end

Instance Method Details

#authorize ⇒ IpPermission

Authorizes this permission from its security group.

Returns:

• (IpPermission) —

  Returns self

# File 'lib/aws/ec2/security_group/ip_permission.rb', line 89

def authorize
  update_sg(egress? ? :authorize_egress : :authorize_ingress)
end

#egress? ⇒ Boolean

Returns true if this is an egress permission.

Returns:

• (Boolean) —

  Returns true if this is an egress permission.

# File 'lib/aws/ec2/security_group/ip_permission.rb', line 83

def egress?
  @egress ? true : false
end

#eql?(other) ⇒ Boolean Also known as: ==

Returns true if the other IpPermission matches this one.

Returns:

• (Boolean) —

  Returns true if the other IpPermission matches this one.

# File 'lib/aws/ec2/security_group/ip_permission.rb', line 101

def eql? other
  other.is_a?(IpPermission) and
  other.security_group == security_group and
  other.protocol == protocol and
  other.port_range == port_range and
  other.ip_ranges.sort == ip_ranges.sort and
  other.groups.sort == groups.sort and
  other.egress? == egress?
end

#revoke ⇒ IpPermission

Revokes this permission from its security group.

Returns:

• (IpPermission) —

  Returns self

# File 'lib/aws/ec2/security_group/ip_permission.rb', line 95

def revoke
  update_sg(egress? ? :revoke_egress : :revoke_ingress)
end