Class: Fog::Compute::AWS::SecurityGroup

Inherits:
Model
  • Object
show all
Defined in:
lib/fog/aws/models/compute/security_group.rb

Instance Method Summary collapse

Instance Method Details

#authorize_group_and_owner(group, owner = nil) ⇒ Object

Authorize access by another security group

>> g = AWS.security_groups.all(:description => "something").first
>> g.authorize_group_and_owner("some_group_name", "1234567890")

Parameters:

group

The name of the security group you’re granting access to.

owner

The owner id for security group you’re granting access to.

Returns:

An excon response object representing the result

<Excon::Response:0x101fc2ae0
  @status=200,
  @body={"requestId"=>"some-id-string",
         "return"=>true},
  headers{"Transfer-Encoding"=>"chunked",
          "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
          "Content-Type"=>"text/xml;charset=UTF-8",
          "Server"=>"AmazonEC2"}


41
42
43
44
45
46
47
48
49
50
51
52
# File 'lib/fog/aws/models/compute/security_group.rb', line 41

def authorize_group_and_owner(group, owner = nil)
  Fog::Logger.deprecation("authorize_group_and_owner is deprecated, use authorize_port_range with :group option instead")

  requires_one :name, :group_id

  service.authorize_security_group_ingress(
    name,
    'GroupId'                    => group_id,
    'SourceSecurityGroupName'    => group,
    'SourceSecurityGroupOwnerId' => owner
  )
end

#authorize_port_range(range, options = {}) ⇒ Object

Authorize a new port range for a security group

>> g = AWS.security_groups.all(:description => "something").first
>> g.authorize_port_range(20..21)

Parameters:

range

A Range object representing the port range you want to open up. E.g., 20..21

options

A hash that can contain any of the following keys:

:cidr_ip (defaults to "0.0.0.0/0")
:group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip
:ip_protocol (defaults to "tcp")

Returns:

An excon response object representing the result

<Excon::Response:0x101fc2ae0
  @status=200,
  @body={"requestId"=>"some-id-string",
         "return"=>true},
  headers{"Transfer-Encoding"=>"chunked",
          "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
          "Content-Type"=>"text/xml;charset=UTF-8",
          "Server"=>"AmazonEC2"}


83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# File 'lib/fog/aws/models/compute/security_group.rb', line 83

def authorize_port_range(range, options = {})
  requires_one :name, :group_id

  ip_permission = {
    'FromPort'   => range.min,
    'ToPort'     => range.max,
    'IpProtocol' => options[:ip_protocol] || 'tcp'
  }

  if options[:group].nil?
    ip_permission['IpRanges'] = [
      { 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
    ]
  else
    ip_permission['Groups'] = [
      group_info(options[:group])
    ]
  end

  service.authorize_security_group_ingress(
    name,
    'GroupId'       => group_id,
    'IpPermissions' => [ ip_permission ]
  )
end

#destroyObject

Removes an existing security group

security_group.destroy

Returns

True or false depending on the result



118
119
120
121
122
123
124
125
126
127
# File 'lib/fog/aws/models/compute/security_group.rb', line 118

def destroy
  requires_one :name, :group_id

  if group_id.nil?
    service.delete_security_group(name)
  else
    service.delete_security_group(nil, group_id)
  end
  true
end

#revoke_group_and_owner(group, owner = nil) ⇒ Object

Revoke access by another security group

>> g = AWS.security_groups.all(:description => "something").first
>> g.revoke_group_and_owner("some_group_name", "1234567890")

Parameters:

group

The name of the security group you’re revoking access to.

owner

The owner id for security group you’re revoking access access to.

Returns:

An excon response object representing the result

<Excon::Response:0x101fc2ae0
  @status=200,
  @body={"requestId"=>"some-id-string",
         "return"=>true},
  headers{"Transfer-Encoding"=>"chunked",
          "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
          "Content-Type"=>"text/xml;charset=UTF-8",
          "Server"=>"AmazonEC2"}


155
156
157
158
159
160
161
162
163
164
165
166
# File 'lib/fog/aws/models/compute/security_group.rb', line 155

def revoke_group_and_owner(group, owner = nil)
  Fog::Logger.deprecation("revoke_group_and_owner is deprecated, use revoke_port_range with :group option instead")

  requires_one :name, :group_id

  service.revoke_security_group_ingress(
    name,
    'GroupId'                    => group_id,
    'SourceSecurityGroupName'    => group,
    'SourceSecurityGroupOwnerId' => owner
  )
end

#revoke_port_range(range, options = {}) ⇒ Object

Revoke an existing port range for a security group

>> g = AWS.security_groups.all(:description => "something").first
>> g.revoke_port_range(20..21)

Parameters:

range

A Range object representing the port range you want to open up. E.g., 20..21

options

A hash that can contain any of the following keys:

:cidr_ip (defaults to "0.0.0.0/0")
:group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip
:ip_protocol (defaults to "tcp")

Returns:

An excon response object representing the result

<Excon::Response:0x101fc2ae0
  @status=200,
  @body={"requestId"=>"some-id-string",
         "return"=>true},
  headers{"Transfer-Encoding"=>"chunked",
          "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
          "Content-Type"=>"text/xml;charset=UTF-8",
          "Server"=>"AmazonEC2"}


197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
# File 'lib/fog/aws/models/compute/security_group.rb', line 197

def revoke_port_range(range, options = {})
  requires_one :name, :group_id

  ip_permission = {
    'FromPort'   => range.min,
    'ToPort'     => range.max,
    'IpProtocol' => options[:ip_protocol] || 'tcp'
  }

  if options[:group].nil?
    ip_permission['IpRanges'] = [
      { 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
    ]
  else
    ip_permission['Groups'] = [
      group_info(options[:group])
    ]
  end

  service.revoke_security_group_ingress(
    name,
    'GroupId'       => group_id,
    'IpPermissions' => [ ip_permission ]
  )
end

#saveObject

Create a security group

>> g = AWS.security_groups.new(:name => "some_name", :description => "something")
>> g.save

Returns:

True or an exception depending on the result. Keep in mind that this creates a new security group. As such, it yields an InvalidGroup.Duplicate exception if you attempt to save an existing group.



234
235
236
237
238
239
240
# File 'lib/fog/aws/models/compute/security_group.rb', line 234

def save
  requires :description, :name
  data = service.create_security_group(name, description, vpc_id).body
  new_attributes = data.reject {|key,value| key == 'requestId'}
  merge_attributes(new_attributes)
  true
end