Class: Fog::Compute::AWS::NetworkAcl

Inherits:
Model
  • Object
show all
Defined in:
lib/fog/aws/models/compute/network_acl.rb

Constant Summary collapse

ICMP = 
1
TCP = 
6
UDP = 
17

Instance Attribute Summary

Attributes inherited from Model

#collection, #service

Instance Method Summary collapse

Methods inherited from Model

#initialize, #inspect, #reload, #symbolize_keys, #to_json, #wait_for

Methods included from Attributes::ClassMethods

#_load, #aliases, #attribute, #attributes, #identity, #ignore_attributes, #ignored_attributes

Methods included from Fog::Core::DeprecatedConnectionAccessors

#connection, #connection=, #prepare_service_value

Methods included from Attributes::InstanceMethods

#_dump, #attributes, #dup, #identity, #identity=, #merge_attributes, #new_record?, #persisted?, #requires, #requires_one

Constructor Details

This class inherits a constructor from Fog::Model

Instance Method Details

#add_inbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) ⇒ Object

Add an inbound rule, shortcut method for #add_rule



20
21
22
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 20

def add_inbound_rule(rule_number, protocol, rule_action, cidr_block, options = {})
  add_rule(rule_number, protocol, rule_action, cidr_block, false, options)
end

#add_outbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) ⇒ Object

Add an outbound rule, shortcut method for #add_rule



25
26
27
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 25

def add_outbound_rule(rule_number, protocol, rule_action, cidr_block, options = {})
  add_rule(rule_number, protocol, rule_action, cidr_block, true, options)
end

#add_rule(rule_number, protocol, rule_action, cidr_block, egress, options = {}) ⇒ Object

Add a new rule

network_acl.add_rule(100, Fog::Compute::AWS::NetworkAcl::TCP, ‘allow’, ‘0.0.0.0/0’, true, ‘PortRange.From’ => 22, ‘PortRange.To’ => 22)

Parameters

  • rule_number<~Integer> - The rule number for the entry, between 100 and 32766

  • protocol<~Integer> - The IP protocol to which the rule applies. You can use -1 to mean all protocols.

  • rule_action<~String> - Allows or denies traffic that matches the rule. (either allow or deny)

  • cidr_block<~String> - The CIDR range to allow or deny

  • egress<~Boolean> - Indicates whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

  • options<~Hash>:

  • ‘Icmp.Code’ - ICMP code, required if protocol is 1

  • ‘Icmp.Type’ - ICMP type, required if protocol is 1

  • ‘PortRange.From’ - The first port in the range, required if protocol is 6 (TCP) or 17 (UDP)

  • ‘PortRange.To’ - The last port in the range, required if protocol is 6 (TCP) or 17 (UDP)

Returns

True or false depending on the result



49
50
51
52
53
54
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 49

def add_rule(rule_number, protocol, rule_action, cidr_block, egress, options = {})
  requires :network_acl_id

  service.create_network_acl_entry(network_acl_id, rule_number, protocol, rule_action, cidr_block, egress, options)
  true
end

#associate_with(subnet) ⇒ Object

Associate a subnet with this network ACL

network_acl.associate_with(subnet)

Parameters

  • subnet<~Subnet> - Subnet object to associate with this network ACL

Returns

True or false depending on the result



133
134
135
136
137
138
139
140
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 133

def associate_with(subnet)
  requires :network_acl_id

  # We have to manually find out the network ACL the subnet is currently associated with
  old_id = service.network_acls.all('association.subnet-id' => subnet.subnet_id).first.associations.detect { |a| a['subnetId'] == subnet.subnet_id }['networkAclAssociationId']
  service.replace_network_acl_association(old_id, network_acl_id)
  true
end

#destroyObject

Removes an existing network ACL

network_acl.destroy

Returns

True or false depending on the result



150
151
152
153
154
155
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 150

def destroy
  requires :network_acl_id

  service.delete_network_acl(network_acl_id)
  true
end

#remove_inbound_rule(rule_number) ⇒ Object

Remove an inbound rule, shortcut method for #remove_rule



57
58
59
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 57

def remove_inbound_rule(rule_number)
  remove_rule(rule_number, false)
end

#remove_outbound_rule(rule_number) ⇒ Object

Remove an outbound rule, shortcut method for #remove_rule



62
63
64
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 62

def remove_outbound_rule(rule_number)
  remove_rule(rule_number, true)
end

#remove_rule(rule_number, egress) ⇒ Object

Update a specific rule number

network_acl.remove_rule(100, true)

Parameters

  • rule_number<~Integer> - The rule number for the entry, between 100 and 32766

  • egress<~Boolean> - Indicates whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

Returns

True or false depending on the result



78
79
80
81
82
83
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 78

def remove_rule(rule_number, egress)
  requires :network_acl_id

  service.delete_network_acl_entry(network_acl_id, rule_number, egress)
  true
end

#saveObject

Create a network ACL

>> g = AWS.network_acls.new(:vpc_id => 'vpc-abcdefgh')
>> g.save



161
162
163
164
165
166
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 161

def save
  requires :vpc_id
  data = service.create_network_acl(vpc_id).body['networkAcl']
  merge_attributes(data)
  true
end

#update_inbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) ⇒ Object

Update an inbound rule, shortcut method for #update_rule



86
87
88
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 86

def update_inbound_rule(rule_number, protocol, rule_action, cidr_block, options = {})
  update_rule(rule_number, protocol, rule_action, cidr_block, false, options)
end

#update_outbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) ⇒ Object

Update an outbound rule, shortcut method for #update_rule



91
92
93
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 91

def update_outbound_rule(rule_number, protocol, rule_action, cidr_block, options = {})
  update_rule(rule_number, protocol, rule_action, cidr_block, true, options)
end

#update_rule(rule_number, protocol, rule_action, cidr_block, egress, options = {}) ⇒ Object

Update a specific rule number

network_acl.update_rule(100, Fog::Compute::AWS::NetworkAcl::TCP, ‘allow’, ‘0.0.0.0/0’, true, ‘PortRange.From’ => 22, ‘PortRange.To’ => 22)

Parameters

  • rule_number<~Integer> - The rule number for the entry, between 100 and 32766

  • protocol<~Integer> - The IP protocol to which the rule applies. You can use -1 to mean all protocols.

  • rule_action<~String> - Allows or denies traffic that matches the rule. (either allow or deny)

  • cidr_block<~String> - The CIDR range to allow or deny

  • egress<~Boolean> - Indicates whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

  • options<~Hash>:

  • ‘Icmp.Code’ - ICMP code, required if protocol is 1

  • ‘Icmp.Type’ - ICMP type, required if protocol is 1

  • ‘PortRange.From’ - The first port in the range, required if protocol is 6 (TCP) or 17 (UDP)

  • ‘PortRange.To’ - The last port in the range, required if protocol is 6 (TCP) or 17 (UDP)

Returns

True or false depending on the result



115
116
117
118
119
120
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 115

def update_rule(rule_number, protocol, rule_action, cidr_block, egress, options = {})
  requires :network_acl_id

  service.replace_network_acl_entry(network_acl_id, rule_number, protocol, rule_action, cidr_block, egress, options)
  true
end