Class: Fog::Compute::AWS::NetworkAcl

Inherits:
Model
  • Object
show all
Defined in:
lib/fog/aws/models/compute/network_acl.rb

Constant Summary collapse

ICMP = 
1
TCP = 
6
UDP = 
17

Instance Method Summary collapse

Instance Method Details

#add_inbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) ⇒ Object

Add an inbound rule, shortcut method for #add_rule



19
20
21
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 19

def add_inbound_rule(rule_number, protocol, rule_action, cidr_block, options = {})
  add_rule(rule_number, protocol, rule_action, cidr_block, false, options)
end

#add_outbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) ⇒ Object

Add an outbound rule, shortcut method for #add_rule



24
25
26
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 24

def add_outbound_rule(rule_number, protocol, rule_action, cidr_block, options = {})
  add_rule(rule_number, protocol, rule_action, cidr_block, true, options)
end

#add_rule(rule_number, protocol, rule_action, cidr_block, egress, options = {}) ⇒ Object

Add a new rule

network_acl.add_rule(100, Fog::Compute::AWS::NetworkAcl::TCP, ‘allow’, ‘0.0.0.0/0’, true, ‘PortRange.From’ => 22, ‘PortRange.To’ => 22)

Parameters

  • rule_number<~Integer> - The rule number for the entry, between 100 and 32766

  • protocol<~Integer> - The IP protocol to which the rule applies. You can use -1 to mean all protocols.

  • rule_action<~String> - Allows or denies traffic that matches the rule. (either allow or deny)

  • cidr_block<~String> - The CIDR range to allow or deny

  • egress<~Boolean> - Indicates whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

  • options<~Hash>:

  • ‘Icmp.Code’ - ICMP code, required if protocol is 1

  • ‘Icmp.Type’ - ICMP type, required if protocol is 1

  • ‘PortRange.From’ - The first port in the range, required if protocol is 6 (TCP) or 17 (UDP)

  • ‘PortRange.To’ - The last port in the range, required if protocol is 6 (TCP) or 17 (UDP)

Returns

True or false depending on the result



48
49
50
51
52
53
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 48

def add_rule(rule_number, protocol, rule_action, cidr_block, egress, options = {})
  requires :network_acl_id

  service.create_network_acl_entry(network_acl_id, rule_number, protocol, rule_action, cidr_block, egress, options)
  true
end

#associate_with(subnet) ⇒ Object

Associate a subnet with this network ACL

network_acl.associate_with(subnet)

Parameters

  • subnet<~Subnet> - Subnet object to associate with this network ACL

Returns

True or false depending on the result



132
133
134
135
136
137
138
139
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 132

def associate_with(subnet)
  requires :network_acl_id

  # We have to manually find out the network ACL the subnet is currently associated with
  old_id = service.network_acls.all('association.subnet-id' => subnet.subnet_id).first.associations.find { |a| a['subnetId'] == subnet.subnet_id }['networkAclAssociationId']
  service.replace_network_acl_association(old_id, network_acl_id)
  true
end

#destroyObject

Removes an existing network ACL

network_acl.destroy

Returns

True or false depending on the result



149
150
151
152
153
154
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 149

def destroy
  requires :network_acl_id

  service.delete_network_acl(network_acl_id)
  true
end

#remove_inbound_rule(rule_number) ⇒ Object

Remove an inbound rule, shortcut method for #remove_rule



56
57
58
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 56

def remove_inbound_rule(rule_number)
  remove_rule(rule_number, false)
end

#remove_outbound_rule(rule_number) ⇒ Object

Remove an outbound rule, shortcut method for #remove_rule



61
62
63
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 61

def remove_outbound_rule(rule_number)
  remove_rule(rule_number, true)
end

#remove_rule(rule_number, egress) ⇒ Object

Update a specific rule number

network_acl.remove_rule(100, true)

Parameters

  • rule_number<~Integer> - The rule number for the entry, between 100 and 32766

  • egress<~Boolean> - Indicates whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

Returns

True or false depending on the result



77
78
79
80
81
82
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 77

def remove_rule(rule_number, egress)
  requires :network_acl_id

  service.delete_network_acl_entry(network_acl_id, rule_number, egress)
  true
end

#saveObject

Create a network ACL

>> g = AWS.network_acls.new(:vpc_id => 'vpc-abcdefgh')
>> g.save



160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 160

def save
  requires :vpc_id
  data = service.create_network_acl(vpc_id).body['networkAcl']
  new_attributes = data.reject { |key,value| key == 'tagSet' }
  merge_attributes(new_attributes)

  if tags = self.tags
    # expect eventual consistency
    Fog.wait_for { self.reload rescue nil }
    service.create_tags(
      self.identity,
      tags
    )
  end

  true
end

#update_inbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) ⇒ Object

Update an inbound rule, shortcut method for #update_rule



85
86
87
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 85

def update_inbound_rule(rule_number, protocol, rule_action, cidr_block, options = {})
  update_rule(rule_number, protocol, rule_action, cidr_block, false, options)
end

#update_outbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) ⇒ Object

Update an outbound rule, shortcut method for #update_rule



90
91
92
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 90

def update_outbound_rule(rule_number, protocol, rule_action, cidr_block, options = {})
  update_rule(rule_number, protocol, rule_action, cidr_block, true, options)
end

#update_rule(rule_number, protocol, rule_action, cidr_block, egress, options = {}) ⇒ Object

Update a specific rule number

network_acl.update_rule(100, Fog::Compute::AWS::NetworkAcl::TCP, ‘allow’, ‘0.0.0.0/0’, true, ‘PortRange.From’ => 22, ‘PortRange.To’ => 22)

Parameters

  • rule_number<~Integer> - The rule number for the entry, between 100 and 32766

  • protocol<~Integer> - The IP protocol to which the rule applies. You can use -1 to mean all protocols.

  • rule_action<~String> - Allows or denies traffic that matches the rule. (either allow or deny)

  • cidr_block<~String> - The CIDR range to allow or deny

  • egress<~Boolean> - Indicates whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

  • options<~Hash>:

  • ‘Icmp.Code’ - ICMP code, required if protocol is 1

  • ‘Icmp.Type’ - ICMP type, required if protocol is 1

  • ‘PortRange.From’ - The first port in the range, required if protocol is 6 (TCP) or 17 (UDP)

  • ‘PortRange.To’ - The last port in the range, required if protocol is 6 (TCP) or 17 (UDP)

Returns

True or false depending on the result



114
115
116
117
118
119
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 114

def update_rule(rule_number, protocol, rule_action, cidr_block, egress, options = {})
  requires :network_acl_id

  service.replace_network_acl_entry(network_acl_id, rule_number, protocol, rule_action, cidr_block, egress, options)
  true
end