Class: Awspec::Type::SecurityGroup

Inherits:

Base

• Object
• Base
• Awspec::Type::SecurityGroup

Defined in:

lib/awspec/type/security_group.rb

Constant Summary

Constants included from Helper::Finder

Helper::Finder::CLIENTS

Instance Attribute Summary

Attributes inherited from Base

#id, #resource_via_client

Instance Method Summary

• #inbound ⇒ Object
• #inbound_opened?(port = nil, protocol = nil, cidr = nil) ⇒ Boolean
• #inbound_opened_only?(port = nil, protocol = nil, cidr = nil) ⇒ Boolean
• #inbound_rule_count ⇒ Object
• #initialize(id) ⇒ SecurityGroup constructor

  A new instance of SecurityGroup.

• #ip_permissions_count ⇒ Object (also: #inbound_permissions_count)
• #ip_permissions_egress_count ⇒ Object (also: #outbound_permissions_count)
• #opened?(port = nil, protocol = nil, cidr = nil) ⇒ Boolean
• #opened_only?(port = nil, protocol = nil, cidr = nil) ⇒ Boolean
• #outbound ⇒ Object
• #outbound_opened?(port = nil, protocol = nil, cidr = nil) ⇒ Boolean
• #outbound_opened_only?(port = nil, protocol = nil, cidr = nil) ⇒ Boolean
• #outbound_rule_count ⇒ Object

Methods inherited from Base

aws_resource, #exists?, #inspect, #method_missing, tags_allowed, #to_s

Methods included from BlackListForwardable

#method_missing_via_black_list

Methods included from Helper::Finder::Cloudfront

#find_cloudfront_distribution

Methods included from Helper::Finder::Ami

#find_ami

Methods included from Helper::Finder::Directconnect

#find_virtual_interface, #select_virtual_interfaces

Methods included from Helper::Finder::Ses

#find_ses_identity

Methods included from Helper::Finder::Cloudwatch

#find_cloudwatch_alarm, #select_all_cloudwatch_alarms

Methods included from Helper::Finder::Elasticache

#find_cache_cluster, #find_cache_subnet_group

Methods included from Helper::Finder::Iam

#select_all_attached_policies, #select_all_iam_groups, #select_all_iam_roles, #select_all_iam_users, #select_attached_entities, #select_attached_groups, #select_attached_roles, #select_attached_users, #select_iam_group_by_user_name, #select_policy_evaluation_results

Methods included from Helper::Finder::Lambda

#find_lambda, #select_all_lambda_functions, #select_event_source_by_function_arn

Methods included from Helper::Finder::Elb

#find_elb, #select_elb_by_vpc_id

Methods included from Helper::Finder::Ebs

#find_ebs, #select_all_attached_ebs, #select_ebs_by_instance_id

Methods included from Helper::Finder::Autoscaling

#find_autoscaling_group, #find_launch_configuration

Methods included from Helper::Finder::S3

#find_bucket, #find_bucket_acl, #find_bucket_cors, #find_bucket_policy, #select_all_buckets

Methods included from Helper::Finder::Route53

#find_hosted_zone, #select_record_sets_by_hosted_zone_id

Methods included from Helper::Finder::Rds

#find_rds, #select_rds_by_vpc_id

Methods included from Helper::Finder::SecurityGroup

#find_security_group, #select_security_group_by_vpc_id

Methods included from Helper::Finder::Ec2

#find_ec2, #find_ec2_attribute, #find_ec2_status, #find_nat_gateway, #find_network_interface, #select_ec2_by_vpc_id, #select_eip_by_instance_id, #select_nat_gateway_by_vpc_id, #select_network_interface_by_vpc_id

Methods included from Helper::Finder::Subnet

#find_subnet, #select_subnet_by_vpc_id

Methods included from Helper::Finder::Vpc

#find_network_acl, #find_route_table, #find_vpc, #find_vpc_peering_connection, #select_network_acl_by_vpc_id, #select_route_table_by_vpc_id

Constructor Details

#initialize(id) ⇒ SecurityGroup

Returns a new instance of SecurityGroup.

# File 'lib/awspec/type/security_group.rb', line 5

def initialize(id)
  super
  @inbound = true
  @resource_via_client = find_security_group(id)
  @id = @resource_via_client.group_id if @resource_via_client
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class Awspec::Type::Base

Instance Method Details

#inbound ⇒ Object

# File 'lib/awspec/type/security_group.rb', line 94

def inbound
  @inbound = true
  self
end

#inbound_opened?(port = nil, protocol = nil, cidr = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/awspec/type/security_group.rb', line 22

def inbound_opened?(port = nil, protocol = nil, cidr = nil)
  @resource_via_client.ip_permissions.find do |permission|
    next true unless port
    next true unless permission.from_port
    next true unless permission.to_port
    next false unless port_between?(port, permission.from_port, permission.to_port)
    next false if protocol && permission.ip_protocol != protocol
    next true unless cidr
    ret = permission.ip_ranges.select do |ip_range|
      ip_range.cidr_ip == cidr
    end
    next true if ret.count > 0
    ret = permission.user_id_group_pairs.select do |sg|
      next true if sg.group_id == cidr
      sg2 = find_security_group(sg.group_id)
      next true if sg2.group_name == cidr
      sg2.tags.find do |tag|
        tag.key == 'Name' && tag.value == cidr
      end
    end
    next true if ret.count > 0
  end
end

#inbound_opened_only?(port = nil, protocol = nil, cidr = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/awspec/type/security_group.rb', line 46

def inbound_opened_only?(port = nil, protocol = nil, cidr = nil)
  permissions = @resource_via_client.ip_permissions.select do |permission|
    port_between?(port, permission.from_port, permission.to_port)
  end
  permissions = permissions.select { |permission| permission.ip_protocol == protocol }
  cidrs = []
  permissions.each do |permission|
    permission.ip_ranges.select { |ip_range| cidrs.push(ip_range.cidr_ip) }
  end
  cidrs == Array(cidr)
end

#inbound_rule_count ⇒ Object

# File 'lib/awspec/type/security_group.rb', line 114

def inbound_rule_count
  @resource_via_client.ip_permissions.reduce(0) do |sum, permission|
    sum += permission.ip_ranges.count + permission.user_id_group_pairs.count
  end
end

#ip_permissions_count ⇒ Object Also known as: inbound_permissions_count

# File 'lib/awspec/type/security_group.rb', line 104

def ip_permissions_count
  @resource_via_client.ip_permissions.count
end

#ip_permissions_egress_count ⇒ Object Also known as: outbound_permissions_count

# File 'lib/awspec/type/security_group.rb', line 109

def ip_permissions_egress_count
  @resource_via_client.ip_permissions_egress.count
end

#opened?(port = nil, protocol = nil, cidr = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/awspec/type/security_group.rb', line 12

def opened?(port = nil, protocol = nil, cidr = nil)
  return inbound_opened?(port, protocol, cidr) if @inbound
  outbound_opened?(port, protocol, cidr)
end

#opened_only?(port = nil, protocol = nil, cidr = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/awspec/type/security_group.rb', line 17

def opened_only?(port = nil, protocol = nil, cidr = nil)
  return inbound_opened_only?(port, protocol, cidr) if @inbound
  outbound_opened_only?(port, protocol, cidr)
end

#outbound ⇒ Object

# File 'lib/awspec/type/security_group.rb', line 99

def outbound
  @inbound = false
  self
end

#outbound_opened?(port = nil, protocol = nil, cidr = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/awspec/type/security_group.rb', line 58

def outbound_opened?(port = nil, protocol = nil, cidr = nil)
  @resource_via_client.ip_permissions_egress.find do |permission|
    next true unless port
    next true unless permission.from_port
    next true unless permission.to_port
    next false unless port_between?(port, permission.from_port, permission.to_port)
    next false if protocol && permission.ip_protocol != protocol
    next true unless cidr
    ret = permission.ip_ranges.select do |ip_range|
      ip_range.cidr_ip == cidr
    end
    next true if ret.count > 0
    ret = permission.user_id_group_pairs.select do |sg|
      next true if sg.group_id == cidr
      sg2 = find_security_group(sg.group_id)
      next true if sg2.group_name == cidr
      sg2.tags.find do |tag|
        tag.key == 'Name' && tag.value == cidr
      end
    end
    next true if ret.count > 0
  end
end

#outbound_opened_only?(port = nil, protocol = nil, cidr = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/awspec/type/security_group.rb', line 82

def outbound_opened_only?(port = nil, protocol = nil, cidr = nil)
  permissions = @resource_via_client.ip_permissions_egress.select do |permission|
    port_between?(port, permission.from_port, permission.to_port)
  end
  permissions = permissions.select { |permission| permission.ip_protocol == protocol }
  cidrs = []
  permissions.each do |permission|
    permission.ip_ranges.select { |ip_range| cidrs.push(ip_range.cidr_ip) }
  end
  cidrs == Array(cidr)
end

#outbound_rule_count ⇒ Object

# File 'lib/awspec/type/security_group.rb', line 120

def outbound_rule_count
  @resource_via_client.ip_permissions_egress.reduce(0) do |sum, permission|
    sum += permission.ip_ranges.count + permission.user_id_group_pairs.count
  end
end