Class: Fog::Compute::AWS::SecurityGroup

Inherits:

Model

• Object
• Model
• Fog::Compute::AWS::SecurityGroup

Defined in:

lib/fog/aws/models/compute/security_group.rb

Instance Method Summary

• #authorize_group_and_owner(group, owner = nil) ⇒ Object

  Authorize access by another security group.

• #authorize_port_range(range, options = {}) ⇒ Object

  Authorize a new port range for a security group.

• #destroy ⇒ Object

  Removes an existing security group.

• #revoke_group_and_owner(group, owner = nil) ⇒ Object

  Revoke access by another security group.

• #revoke_port_range(range, options = {}) ⇒ Object

  Revoke an existing port range for a security group.

• #save ⇒ Object

  Create a security group.

Instance Method Details

#authorize_group_and_owner(group, owner = nil) ⇒ Object

Authorize access by another security group

>> g = AWS.security_groups.all(:description => "something").first
>> g.authorize_group_and_owner("some_group_name", "1234567890")

Parameters:

group

The name of the security group you’re granting access to.

owner

The owner id for security group you’re granting access to.

Returns:

An excon response object representing the result

<Excon::Response:0x101fc2ae0
  @status=200,
  @body={"requestId"=>"some-id-string",
         "return"=>true},
  headers{"Transfer-Encoding"=>"chunked",
          "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
          "Content-Type"=>"text/xml;charset=UTF-8",
          "Server"=>"AmazonEC2"}

# File 'lib/fog/aws/models/compute/security_group.rb', line 42

def authorize_group_and_owner(group, owner = nil)
  Fog::Logger.deprecation("authorize_group_and_owner is deprecated, use authorize_port_range with :group option instead")

  requires_one :name, :group_id

  service.authorize_security_group_ingress(
    name,
    'GroupId'                    => group_id,
    'SourceSecurityGroupName'    => group,
    'SourceSecurityGroupOwnerId' => owner
  )
end

#authorize_port_range(range, options = {}) ⇒ Object

Authorize a new port range for a security group

>> g = AWS.security_groups.all(:description => "something").first
>> g.authorize_port_range(20..21)

Parameters:

range

A Range object representing the port range you want to open up. E.g., 20..21

options

A hash that can contain any of the following keys:

:cidr_ip (defaults to "0.0.0.0/0")
:group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip
:ip_protocol (defaults to "tcp")

Returns:

An excon response object representing the result

<Excon::Response:0x101fc2ae0
  @status=200,
  @body={"requestId"=>"some-id-string",
         "return"=>true},
  headers{"Transfer-Encoding"=>"chunked",
          "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
          "Content-Type"=>"text/xml;charset=UTF-8",
          "Server"=>"AmazonEC2"}

# File 'lib/fog/aws/models/compute/security_group.rb', line 84

def authorize_port_range(range, options = {})
  requires_one :name, :group_id

  ip_permission = {
    'FromPort'   => range.min,
    'ToPort'     => range.max,
    'IpProtocol' => options[:ip_protocol] || 'tcp'
  }

  if options[:group].nil?
    ip_permission['IpRanges'] = [
      { 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
    ]
  else
    ip_permission['Groups'] = [
      group_info(options[:group])
    ]
  end

  service.authorize_security_group_ingress(
    name,
    'GroupId'       => group_id,
    'IpPermissions' => [ ip_permission ]
  )
end

#destroy ⇒ Object

Removes an existing security group

security_group.destroy

Returns

True or false depending on the result

# File 'lib/fog/aws/models/compute/security_group.rb', line 119

def destroy
  requires_one :name, :group_id

  if group_id.nil?
    service.delete_security_group(name)
  else
    service.delete_security_group(nil, group_id)
  end
  true
end

#revoke_group_and_owner(group, owner = nil) ⇒ Object

Revoke access by another security group

>> g = AWS.security_groups.all(:description => "something").first
>> g.revoke_group_and_owner("some_group_name", "1234567890")

Parameters:

group

The name of the security group you’re revoking access to.

owner

The owner id for security group you’re revoking access access to.

Returns:

An excon response object representing the result

<Excon::Response:0x101fc2ae0
  @status=200,
  @body={"requestId"=>"some-id-string",
         "return"=>true},
  headers{"Transfer-Encoding"=>"chunked",
          "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
          "Content-Type"=>"text/xml;charset=UTF-8",
          "Server"=>"AmazonEC2"}

# File 'lib/fog/aws/models/compute/security_group.rb', line 156

def revoke_group_and_owner(group, owner = nil)
  Fog::Logger.deprecation("revoke_group_and_owner is deprecated, use revoke_port_range with :group option instead")

  requires_one :name, :group_id

  service.revoke_security_group_ingress(
    name,
    'GroupId'                    => group_id,
    'SourceSecurityGroupName'    => group,
    'SourceSecurityGroupOwnerId' => owner
  )
end

#revoke_port_range(range, options = {}) ⇒ Object

Revoke an existing port range for a security group

>> g = AWS.security_groups.all(:description => "something").first
>> g.revoke_port_range(20..21)

Parameters:

range

A Range object representing the port range you want to open up. E.g., 20..21

options

A hash that can contain any of the following keys:

:cidr_ip (defaults to "0.0.0.0/0")
:group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip
:ip_protocol (defaults to "tcp")

Returns:

An excon response object representing the result

<Excon::Response:0x101fc2ae0
  @status=200,
  @body={"requestId"=>"some-id-string",
         "return"=>true},
  headers{"Transfer-Encoding"=>"chunked",
          "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
          "Content-Type"=>"text/xml;charset=UTF-8",
          "Server"=>"AmazonEC2"}

# File 'lib/fog/aws/models/compute/security_group.rb', line 198

def revoke_port_range(range, options = {})
  requires_one :name, :group_id

  ip_permission = {
    'FromPort'   => range.min,
    'ToPort'     => range.max,
    'IpProtocol' => options[:ip_protocol] || 'tcp'
  }

  if options[:group].nil?
    ip_permission['IpRanges'] = [
      { 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
    ]
  else
    ip_permission['Groups'] = [
      group_info(options[:group])
    ]
  end

  service.revoke_security_group_ingress(
    name,
    'GroupId'       => group_id,
    'IpPermissions' => [ ip_permission ]
  )
end

#save ⇒ Object

Create a security group

>> g = AWS.security_groups.new(:name => "some_name", :description => "something")
>> g.save

Returns:

True or an exception depending on the result. Keep in mind that this creates a new security group. As such, it yields an InvalidGroup.Duplicate exception if you attempt to save an existing group.

# File 'lib/fog/aws/models/compute/security_group.rb', line 235

def save
  requires :description, :name
  data = service.create_security_group(name, description, vpc_id).body
  new_attributes = data.reject {|key,value| key == 'requestId'}
  merge_attributes(new_attributes)

  if tags = self.tags
    # expect eventual consistency
    Fog.wait_for { self.reload rescue nil }
    service.create_tags(
      self.group_id,
      tags
    )
  end

  true
end