Class: AWS::EC2::SecurityGroup::IpPermission

Inherits:
Object
  • Object
show all
Includes:
Core::Model
Defined in:
lib/aws/ec2/security_group/ip_permission.rb

Instance Attribute Summary collapse

Attributes included from Core::Model

#config

Instance Method Summary collapse

Methods included from Core::Model

#client, #config_prefix, #inspect

Constructor Details

#initialize(security_group, protocol, ports, options = {}) ⇒ IpPermission

Returns a new instance of IpPermission.

Parameters:

  • protocol (:tcp, :udp, :icmp)
  • ports (Integer, Range<Integer>)

    A port or port range to allow.

  • options (Hash) (defaults to: {})

Options Hash (options):

  • :ip_ranges (Array)

    An array of CIDR ip address to grant permission to.

  • :groups (Array)

    An array of SecurityGroup objects to grant permission to.

  • :egress (Boolean) — default: false

    When true this IpPermission is assumed to be an egree permission.


36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# File 'lib/aws/ec2/security_group/ip_permission.rb', line 36

def initialize security_group, protocol, ports, options = {}

  @security_group = security_group

  @protocol = protocol == '-1' ?  :any : protocol.to_s.downcase.to_sym

  @ip_ranges = Array(options[:ip_ranges])

  @groups = Array(options[:groups])

  @egress = options[:egress]

  # not all egress permissions require port ranges, depends on the
  # protocol
  if ports
    @port_range = Array(ports).first.to_i..Array(ports).last.to_i
  end

  super

end

Instance Attribute Details

#groupsArray (readonly)

granted access with this permission.

Returns:

  • (Array)

    An array of security groups that have been


73
74
75
# File 'lib/aws/ec2/security_group/ip_permission.rb', line 73

def groups
  @groups
end

#ip_rangesArray (readonly)

Returns An array of string CIDR ip addresses.

Returns:

  • (Array)

    An array of string CIDR ip addresses.


69
70
71
# File 'lib/aws/ec2/security_group/ip_permission.rb', line 69

def ip_ranges
  @ip_ranges
end

#port_rangeRange (readonly)

Returns The port range (e.g. 80..80, 4000..4010, etc).

Returns:

  • (Range)

    The port range (e.g. 80..80, 4000..4010, etc)


66
67
68
# File 'lib/aws/ec2/security_group/ip_permission.rb', line 66

def port_range
  @port_range
end

#protocolSymbol (readonly)

Returns The protocol (:tcp, :udp, :icmp).

Returns:

  • (Symbol)

    The protocol (:tcp, :udp, :icmp)


63
64
65
# File 'lib/aws/ec2/security_group/ip_permission.rb', line 63

def protocol
  @protocol
end

#security_groupSecurityGroup (readonly)

Returns The security group this permission is authorized for.

Returns:

  • (SecurityGroup)

    The security group this permission is authorized for.


60
61
62
# File 'lib/aws/ec2/security_group/ip_permission.rb', line 60

def security_group
  @security_group
end

Instance Method Details

#authorizeIpPermission

Authorizes this permission from its security group.

Returns:


82
83
84
# File 'lib/aws/ec2/security_group/ip_permission.rb', line 82

def authorize
  update_sg(egress? ? :authorize_egress : :authorize_ingress)
end

#egress?Boolean

Returns true if this is an egress permission.

Returns:

  • (Boolean)

    Returns true if this is an egress permission.


76
77
78
# File 'lib/aws/ec2/security_group/ip_permission.rb', line 76

def egress?
  @egress ? true : false
end

#eql?(other) ⇒ Boolean Also known as: ==

Returns true if the other IpPermission matches this one.

Returns:

  • (Boolean)

    Returns true if the other IpPermission matches this one.


94
95
96
97
98
99
100
101
102
# File 'lib/aws/ec2/security_group/ip_permission.rb', line 94

def eql? other
  other.is_a?(IpPermission) and
  other.security_group == security_group and
  other.protocol == protocol and
  other.port_range == port_range and
  other.ip_ranges == ip_ranges and
  other.groups == groups and
  other.egress == egress?
end

#revokeIpPermission

Revokes this permission from its security group.

Returns:


88
89
90
# File 'lib/aws/ec2/security_group/ip_permission.rb', line 88

def revoke
  update_sg(egress? ? :revoke_egress : :revoke_ingress)
end