Class: Fog::Compute::AWS::NetworkAcl

Inherits:
Model
  • Object
show all
Defined in:
lib/fog/aws/models/compute/network_acl.rb

Constant Summary collapse

ICMP = 
1
TCP = 
6
UDP = 
17

Instance Method Summary collapse

Instance Method Details

#add_inbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) ⇒ Object

Add an inbound rule, shortcut method for #add_rule



17
18
19
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 17

def add_inbound_rule(rule_number, protocol, rule_action, cidr_block, options = {})
  add_rule(rule_number, protocol, rule_action, cidr_block, false, options)
end

#add_outbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) ⇒ Object

Add an outbound rule, shortcut method for #add_rule



22
23
24
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 22

def add_outbound_rule(rule_number, protocol, rule_action, cidr_block, options = {})
  add_rule(rule_number, protocol, rule_action, cidr_block, true, options)
end

#add_rule(rule_number, protocol, rule_action, cidr_block, egress, options = {}) ⇒ Object

Add a new rule

network_acl.add_rule(100, Fog::Compute::AWS::NetworkAcl::TCP, ‘allow’, ‘0.0.0.0/0’, true, ‘PortRange.From’ => 22, ‘PortRange.To’ => 22)

Parameters

  • rule_number<~Integer> - The rule number for the entry, between 100 and 32766

  • protocol<~Integer> - The IP protocol to which the rule applies. You can use -1 to mean all protocols.

  • rule_action<~String> - Allows or denies traffic that matches the rule. (either allow or deny)

  • cidr_block<~String> - The CIDR range to allow or deny

  • egress<~Boolean> - Indicates whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

  • options<~Hash>:

  • ‘Icmp.Code’ - ICMP code, required if protocol is 1

  • ‘Icmp.Type’ - ICMP type, required if protocol is 1

  • ‘PortRange.From’ - The first port in the range, required if protocol is 6 (TCP) or 17 (UDP)

  • ‘PortRange.To’ - The last port in the range, required if protocol is 6 (TCP) or 17 (UDP)

Returns

True or false depending on the result



46
47
48
49
50
51
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 46

def add_rule(rule_number, protocol, rule_action, cidr_block, egress, options = {})
  requires :network_acl_id

  service.create_network_acl_entry(network_acl_id, rule_number, protocol, rule_action, cidr_block, egress, options)
  true
end

#associate_with(subnet) ⇒ Object

Associate a subnet with this network ACL

network_acl.associate_with(subnet)

Parameters

  • subnet<~Subnet> - Subnet object to associate with this network ACL

Returns

True or false depending on the result



130
131
132
133
134
135
136
137
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 130

def associate_with(subnet)
  requires :network_acl_id

  # We have to manually find out the network ACL the subnet is currently associated with
  old_id = service.network_acls.all('association.subnet-id' => subnet.subnet_id).first.associations.find { |a| a['subnetId'] == subnet.subnet_id }['networkAclAssociationId']
  service.replace_network_acl_association(old_id, network_acl_id)
  true
end

#destroyObject

Removes an existing network ACL

network_acl.destroy

Returns

True or false depending on the result



147
148
149
150
151
152
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 147

def destroy
  requires :network_acl_id

  service.delete_network_acl(network_acl_id)
  true
end

#remove_inbound_rule(rule_number) ⇒ Object

Remove an inbound rule, shortcut method for #remove_rule



54
55
56
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 54

def remove_inbound_rule(rule_number)
  remove_rule(rule_number, false)
end

#remove_outbound_rule(rule_number) ⇒ Object

Remove an outbound rule, shortcut method for #remove_rule



59
60
61
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 59

def remove_outbound_rule(rule_number)
  remove_rule(rule_number, true)
end

#remove_rule(rule_number, egress) ⇒ Object

Update a specific rule number

network_acl.remove_rule(100, true)

Parameters

  • rule_number<~Integer> - The rule number for the entry, between 100 and 32766

  • egress<~Boolean> - Indicates whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

Returns

True or false depending on the result



75
76
77
78
79
80
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 75

def remove_rule(rule_number, egress)
  requires :network_acl_id

  service.delete_network_acl_entry(network_acl_id, rule_number, egress)
  true
end

#saveObject

Create a network ACL

>> g = AWS.network_acls.new(:vpc_id => 'vpc-abcdefgh')
>> g.save



158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 158

def save
  requires :vpc_id
  data = service.create_network_acl(vpc_id).body['networkAcl']
  new_attributes = data.reject { |key,value| key == 'tagSet' }
  merge_attributes(new_attributes)

  if tags = self.tags
    # expect eventual consistency
    Fog.wait_for { self.reload rescue nil }
    service.create_tags(
      self.identity,
      tags
    )
  end

  true
end

#update_inbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) ⇒ Object

Update an inbound rule, shortcut method for #update_rule



83
84
85
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 83

def update_inbound_rule(rule_number, protocol, rule_action, cidr_block, options = {})
  update_rule(rule_number, protocol, rule_action, cidr_block, false, options)
end

#update_outbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) ⇒ Object

Update an outbound rule, shortcut method for #update_rule



88
89
90
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 88

def update_outbound_rule(rule_number, protocol, rule_action, cidr_block, options = {})
  update_rule(rule_number, protocol, rule_action, cidr_block, true, options)
end

#update_rule(rule_number, protocol, rule_action, cidr_block, egress, options = {}) ⇒ Object

Update a specific rule number

network_acl.update_rule(100, Fog::Compute::AWS::NetworkAcl::TCP, ‘allow’, ‘0.0.0.0/0’, true, ‘PortRange.From’ => 22, ‘PortRange.To’ => 22)

Parameters

  • rule_number<~Integer> - The rule number for the entry, between 100 and 32766

  • protocol<~Integer> - The IP protocol to which the rule applies. You can use -1 to mean all protocols.

  • rule_action<~String> - Allows or denies traffic that matches the rule. (either allow or deny)

  • cidr_block<~String> - The CIDR range to allow or deny

  • egress<~Boolean> - Indicates whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

  • options<~Hash>:

  • ‘Icmp.Code’ - ICMP code, required if protocol is 1

  • ‘Icmp.Type’ - ICMP type, required if protocol is 1

  • ‘PortRange.From’ - The first port in the range, required if protocol is 6 (TCP) or 17 (UDP)

  • ‘PortRange.To’ - The last port in the range, required if protocol is 6 (TCP) or 17 (UDP)

Returns

True or false depending on the result



112
113
114
115
116
117
 
# File 'lib/fog/aws/models/compute/network_acl.rb', line 112

def update_rule(rule_number, protocol, rule_action, cidr_block, egress, options = {})
  requires :network_acl_id

  service.replace_network_acl_entry(network_acl_id, rule_number, protocol, rule_action, cidr_block, egress, options)
  true
end