Class: Fog::AWS::Compute::SecurityGroup

Inherits:
Model
  • Object
show all
Defined in:
lib/fog/aws/models/compute/security_group.rb

Instance Method Summary collapse

Instance Method Details

#authorize_group_and_owner(group, owner = nil) ⇒ Object

Authorize access by another security group

>> g = AWS.security_groups.all(:description => "something").first
>> g.authorize_group_and_owner("some_group_name", "1234567890")

Parameters:

group

The name of the security group you’re granting access to.

owner

The owner id for security group you’re granting access to.

Returns:

An excon response object representing the result

<Excon::Response:0x101fc2ae0
  @status=200,
  @body={"requestId"=>"some-id-string",
         "return"=>true},
  headers{"Transfer-Encoding"=>"chunked",
          "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
          "Content-Type"=>"text/xml;charset=UTF-8",
          "Server"=>"AmazonEC2"}



40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/fog/aws/models/compute/security_group.rb', line 40

def authorize_group_and_owner(group, owner = nil)
  Fog::Logger.deprecation("authorize_group_and_owner is deprecated, use authorize_port_range with :group option instead")

  requires_one :name, :group_id

  service.authorize_security_group_ingress(
    name,
    'GroupId'                    => group_id,
    'SourceSecurityGroupName'    => group,
    'SourceSecurityGroupOwnerId' => owner
  )
end

#authorize_port_range(range, options = {}) ⇒ Object

Authorize a new port range for a security group

>> g = AWS.security_groups.all(:description => "something").first
>> g.authorize_port_range(20..21)

Parameters:

range

A Range object representing the port range you want to open up. E.g., 20..21

options

A hash that can contain any of the following keys:

:cidr_ip (defaults to "0.0.0.0/0")
:cidr_ipv6 cannot be used with :cidr_ip
:group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip or :cidr_ipv6
:ip_protocol (defaults to "tcp")

Returns:

An excon response object representing the result

<Excon::Response:0x101fc2ae0
  @status=200,
  @body={"requestId"=>"some-id-string",
         "return"=>true},
  headers{"Transfer-Encoding"=>"chunked",
          "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
          "Content-Type"=>"text/xml;charset=UTF-8",
          "Server"=>"AmazonEC2"}



83
84
85
86
87
88
89
90
91
92
93
 
# File 'lib/fog/aws/models/compute/security_group.rb', line 83

def authorize_port_range(range, options = {})
  requires_one :name, :group_id

  ip_permission = fetch_ip_permission(range, options)

  if options[:direction].nil? || options[:direction] == 'ingress'
    authorize_port_range_ingress group_id, ip_permission
  elsif options[:direction] == 'egress'
    authorize_port_range_egress group_id, ip_permission
  end
end

#authorize_port_range_egress(group_id, ip_permission) ⇒ Object 



103
104
105
106
107
108
109
 
# File 'lib/fog/aws/models/compute/security_group.rb', line 103

def authorize_port_range_egress(group_id, ip_permission)
  service.authorize_security_group_egress(
    name,
    'GroupId'       => group_id,
    'IpPermissions' => [ ip_permission ]
  )
end

#authorize_port_range_ingress(group_id, ip_permission) ⇒ Object 



95
96
97
98
99
100
101
 
# File 'lib/fog/aws/models/compute/security_group.rb', line 95

def authorize_port_range_ingress(group_id, ip_permission)
  service.authorize_security_group_ingress(
    name,
    'GroupId'       => group_id,
    'IpPermissions' => [ ip_permission ]
  )
end

#destroyObject

Removes an existing security group

security_group.destroy

Returns

True or false depending on the result



120
121
122
123
124
125
126
127
128
129
 
# File 'lib/fog/aws/models/compute/security_group.rb', line 120

def destroy
  requires_one :name, :group_id

  if group_id.nil?
    service.delete_security_group(name)
  else
    service.delete_security_group(nil, group_id)
  end
  true
end

#reloadObject

Reload a security group

>> g = AWS.security_groups.get(:name => "some_name")
>> g.reload

== Returns:

Up to date model or an exception



237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
 
# File 'lib/fog/aws/models/compute/security_group.rb', line 237

def reload
  if group_id.nil?
    super
    service.delete_security_group(name)
  else
    requires :group_id

    data = begin
      collection.get_by_id(group_id)
    rescue Excon::Errors::SocketError
      nil
    end

    return unless data

    merge_attributes(data.attributes)
    self
  end
end

#revoke_group_and_owner(group, owner = nil) ⇒ Object

Revoke access by another security group

>> g = AWS.security_groups.all(:description => "something").first
>> g.revoke_group_and_owner("some_group_name", "1234567890")

Parameters:

group

The name of the security group you’re revoking access to.

owner

The owner id for security group you’re revoking access access to.

Returns:

An excon response object representing the result

<Excon::Response:0x101fc2ae0
  @status=200,
  @body={"requestId"=>"some-id-string",
         "return"=>true},
  headers{"Transfer-Encoding"=>"chunked",
          "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
          "Content-Type"=>"text/xml;charset=UTF-8",
          "Server"=>"AmazonEC2"}



157
158
159
160
161
162
163
164
165
166
167
168
 
# File 'lib/fog/aws/models/compute/security_group.rb', line 157

def revoke_group_and_owner(group, owner = nil)
  Fog::Logger.deprecation("revoke_group_and_owner is deprecated, use revoke_port_range with :group option instead")

  requires_one :name, :group_id

  service.revoke_security_group_ingress(
    name,
    'GroupId'                    => group_id,
    'SourceSecurityGroupName'    => group,
    'SourceSecurityGroupOwnerId' => owner
  )
end

#revoke_port_range(range, options = {}) ⇒ Object

Revoke an existing port range for a security group

>> g = AWS.security_groups.all(:description => "something").first
>> g.revoke_port_range(20..21)

Parameters:

range

A Range object representing the port range you want to open up. E.g., 20..21

options

A hash that can contain any of the following keys:

:cidr_ip (defaults to "0.0.0.0/0")
:cidr_ipv6 cannot be used with :cidr_ip
:group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip or :cidr_ipv6
:ip_protocol (defaults to "tcp")

Returns:

An excon response object representing the result

<Excon::Response:0x101fc2ae0
  @status=200,
  @body={"requestId"=>"some-id-string",
         "return"=>true},
  headers{"Transfer-Encoding"=>"chunked",
          "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
          "Content-Type"=>"text/xml;charset=UTF-8",
          "Server"=>"AmazonEC2"}



200
201
202
203
204
205
206
207
208
209
210
 
# File 'lib/fog/aws/models/compute/security_group.rb', line 200

def revoke_port_range(range, options = {})
  requires_one :name, :group_id

  ip_permission = fetch_ip_permission(range, options)

  if options[:direction].nil? || options[:direction] == 'ingress'
    revoke_port_range_ingress group_id, ip_permission
  elsif options[:direction] == 'egress'
    revoke_port_range_egress group_id, ip_permission
  end
end

#revoke_port_range_egress(group_id, ip_permission) ⇒ Object 



220
221
222
223
224
225
226
 
# File 'lib/fog/aws/models/compute/security_group.rb', line 220

def revoke_port_range_egress(group_id, ip_permission)
  service.revoke_security_group_egress(
    name,
    'GroupId'       => group_id,
    'IpPermissions' => [ ip_permission ]
  )
end

#revoke_port_range_ingress(group_id, ip_permission) ⇒ Object 



212
213
214
215
216
217
218
 
# File 'lib/fog/aws/models/compute/security_group.rb', line 212

def revoke_port_range_ingress(group_id, ip_permission)
  service.revoke_security_group_ingress(
    name,
    'GroupId'       => group_id,
    'IpPermissions' => [ ip_permission ]
  )
end

#saveObject

Create a security group

>> g = AWS.security_groups.new(:name => "some_name", :description => "something")
>> g.save

Returns:

True or an exception depending on the result. Keep in mind that this creates a new security group. As such, it yields an InvalidGroup.Duplicate exception if you attempt to save an existing group.



269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
 
# File 'lib/fog/aws/models/compute/security_group.rb', line 269

def save
  requires :description, :name
  data = service.create_security_group(name, description, vpc_id).body
  new_attributes = data.reject {|key,value| key == 'requestId'}
  merge_attributes(new_attributes)

  if tags = self.tags
    # expect eventual consistency
    Fog.wait_for { self.reload rescue nil }
    service.create_tags(
      self.group_id,
      tags
    )
  end

  true
end