class Fog::AWS::Compute::SecurityGroup

Public Instance Methods

authorize_group_and_owner(group, owner = nil) click to toggle source

Authorize access by another security group

>> g = AWS.security_groups.all(:description => "something").first
>> g.authorize_group_and_owner("some_group_name", "1234567890")

Parameters:

group

The name of the security group you're granting access to.

owner

The owner id for security group you're granting access to.

Returns:

An excon response object representing the result

<Excon::Response:0x101fc2ae0
  @status=200,
  @body={"requestId"=>"some-id-string",
         "return"=>true},
  headers{"Transfer-Encoding"=>"chunked",
          "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
          "Content-Type"=>"text/xml;charset=UTF-8",
          "Server"=>"AmazonEC2"}
# File lib/fog/aws/models/compute/security_group.rb, line 40
def authorize_group_and_owner(group, owner = nil)
  Fog::Logger.deprecation("authorize_group_and_owner is deprecated, use authorize_port_range with :group option instead")

  requires_one :name, :group_id

  service.authorize_security_group_ingress(
    name,
    'GroupId'                    => group_id,
    'SourceSecurityGroupName'    => group,
    'SourceSecurityGroupOwnerId' => owner
  )
end
authorize_port_range(range, options = {}) click to toggle source

Authorize a new port range for a security group

>> g = AWS.security_groups.all(:description => "something").first
>> g.authorize_port_range(20..21)

Parameters:

range

A Range object representing the port range you want to open up. E.g., 20..21

options

A hash that can contain any of the following keys:

:cidr_ip (defaults to "0.0.0.0/0")
:cidr_ipv6 cannot be used with :cidr_ip
:group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip or :cidr_ipv6
:ip_protocol (defaults to "tcp")

Returns:

An excon response object representing the result

<Excon::Response:0x101fc2ae0
  @status=200,
  @body={"requestId"=>"some-id-string",
         "return"=>true},
  headers{"Transfer-Encoding"=>"chunked",
          "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
          "Content-Type"=>"text/xml;charset=UTF-8",
          "Server"=>"AmazonEC2"}
# File lib/fog/aws/models/compute/security_group.rb, line 83
def authorize_port_range(range, options = {})
  requires_one :name, :group_id

  ip_permission = fetch_ip_permission(range, options)

  if options[:direction].nil? || options[:direction] == 'ingress'
    authorize_port_range_ingress group_id, ip_permission
  elsif options[:direction] == 'egress'
    authorize_port_range_egress group_id, ip_permission
  end
end
authorize_port_range_egress(group_id, ip_permission) click to toggle source
# File lib/fog/aws/models/compute/security_group.rb, line 103
def authorize_port_range_egress(group_id, ip_permission)
  service.authorize_security_group_egress(
    name,
    'GroupId'       => group_id,
    'IpPermissions' => [ ip_permission ]
  )
end
authorize_port_range_ingress(group_id, ip_permission) click to toggle source
# File lib/fog/aws/models/compute/security_group.rb, line 95
def authorize_port_range_ingress(group_id, ip_permission)
  service.authorize_security_group_ingress(
    name,
    'GroupId'       => group_id,
    'IpPermissions' => [ ip_permission ]
  )
end
destroy() click to toggle source

Removes an existing security group

security_group.destroy

Returns

True or false depending on the result

# File lib/fog/aws/models/compute/security_group.rb, line 120
def destroy
  requires_one :name, :group_id

  if group_id.nil?
    service.delete_security_group(name)
  else
    service.delete_security_group(nil, group_id)
  end
  true
end
reload() click to toggle source

Reload a security group

>> g = AWS.security_groups.get(:name => "some_name")
>> g.reload

== Returns:

Up to date model or an exception
Calls superclass method
# File lib/fog/aws/models/compute/security_group.rb, line 237
def reload
  if group_id.nil?
    super
    service.delete_security_group(name)
  else
    requires :group_id

    data = begin
      collection.get_by_id(group_id)
    rescue Excon::Errors::SocketError
      nil
    end

    return unless data

    merge_attributes(data.attributes)
    self
  end
end
revoke_group_and_owner(group, owner = nil) click to toggle source

Revoke access by another security group

>> g = AWS.security_groups.all(:description => "something").first
>> g.revoke_group_and_owner("some_group_name", "1234567890")

Parameters:

group

The name of the security group you're revoking access to.

owner

The owner id for security group you're revoking access access to.

Returns:

An excon response object representing the result

<Excon::Response:0x101fc2ae0
  @status=200,
  @body={"requestId"=>"some-id-string",
         "return"=>true},
  headers{"Transfer-Encoding"=>"chunked",
          "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
          "Content-Type"=>"text/xml;charset=UTF-8",
          "Server"=>"AmazonEC2"}
# File lib/fog/aws/models/compute/security_group.rb, line 157
def revoke_group_and_owner(group, owner = nil)
  Fog::Logger.deprecation("revoke_group_and_owner is deprecated, use revoke_port_range with :group option instead")

  requires_one :name, :group_id

  service.revoke_security_group_ingress(
    name,
    'GroupId'                    => group_id,
    'SourceSecurityGroupName'    => group,
    'SourceSecurityGroupOwnerId' => owner
  )
end
revoke_port_range(range, options = {}) click to toggle source

Revoke an existing port range for a security group

>> g = AWS.security_groups.all(:description => "something").first
>> g.revoke_port_range(20..21)

Parameters:

range

A Range object representing the port range you want to open up. E.g., 20..21

options

A hash that can contain any of the following keys:

:cidr_ip (defaults to "0.0.0.0/0")
:cidr_ipv6 cannot be used with :cidr_ip
:group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip or :cidr_ipv6
:ip_protocol (defaults to "tcp")

Returns:

An excon response object representing the result

<Excon::Response:0x101fc2ae0
  @status=200,
  @body={"requestId"=>"some-id-string",
         "return"=>true},
  headers{"Transfer-Encoding"=>"chunked",
          "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
          "Content-Type"=>"text/xml;charset=UTF-8",
          "Server"=>"AmazonEC2"}
# File lib/fog/aws/models/compute/security_group.rb, line 200
def revoke_port_range(range, options = {})
  requires_one :name, :group_id

  ip_permission = fetch_ip_permission(range, options)

  if options[:direction].nil? || options[:direction] == 'ingress'
    revoke_port_range_ingress group_id, ip_permission
  elsif options[:direction] == 'egress'
    revoke_port_range_egress group_id, ip_permission
  end
end
revoke_port_range_egress(group_id, ip_permission) click to toggle source
# File lib/fog/aws/models/compute/security_group.rb, line 220
def revoke_port_range_egress(group_id, ip_permission)
  service.revoke_security_group_egress(
    name,
    'GroupId'       => group_id,
    'IpPermissions' => [ ip_permission ]
  )
end
revoke_port_range_ingress(group_id, ip_permission) click to toggle source
# File lib/fog/aws/models/compute/security_group.rb, line 212
def revoke_port_range_ingress(group_id, ip_permission)
  service.revoke_security_group_ingress(
    name,
    'GroupId'       => group_id,
    'IpPermissions' => [ ip_permission ]
  )
end
save() click to toggle source

Create a security group

>> g = AWS.security_groups.new(:name => "some_name", :description => "something")
>> g.save

Returns:

True or an exception depending on the result. Keep in mind that this creates a new security group. As such, it yields an InvalidGroup.Duplicate exception if you attempt to save an existing group.

# File lib/fog/aws/models/compute/security_group.rb, line 269
def save
  requires :description, :name
  data = service.create_security_group(name, description, vpc_id).body
  new_attributes = data.reject {|key,value| key == 'requestId'}
  merge_attributes(new_attributes)

  if tags = self.tags
    # expect eventual consistency
    Fog.wait_for { self.reload rescue nil }
    service.create_tags(
      self.group_id,
      tags
    )
  end

  true
end

Private Instance Methods

fetch_ip_permission(range, options) click to toggle source
# File lib/fog/aws/models/compute/security_group.rb, line 324
def fetch_ip_permission(range, options)
  ip_permission = {
    'FromPort'   => range.begin,
    'ToPort'     => range.end,
    'IpProtocol' => options[:ip_protocol] || 'tcp'
  }

  if options[:group].nil?
    if options[:cidr_ipv6].nil?
      ip_permission['IpRanges'] = [
        { 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
      ]
    else
      ip_permission['Ipv6Ranges'] = [
        { 'CidrIpv6' => options[:cidr_ipv6] }
      ]
    end
  else
    ip_permission['Groups'] = [
      group_info(options[:group])
    ]
  end
  ip_permission
end
group_info(group_arg) click to toggle source

group_arg may be a string or a hash with one key & value.

If group_arg is a string, it is assumed to be the group name, and the UserId is assumed to be self.owner_id.

The “account:group” form is deprecated.

If group_arg is a hash, the key is the UserId and value is the group.

# File lib/fog/aws/models/compute/security_group.rb, line 298
def group_info(group_arg)
  if Hash === group_arg
    account = group_arg.keys.first
    group   = group_arg.values.first
  elsif group_arg.match(/:/)
    account, group = group_arg.split(':')
    Fog::Logger.deprecation("'account:group' argument is deprecated. Use {account => group} or just group instead")
  else
    requires :owner_id
    account = owner_id
    group = group_arg
  end

  info = { 'UserId' => account }

  if group.start_with?("sg-")
    # we're dealing with a security group id
    info['GroupId'] = group
  else
    # this has to be a security group name
    info['GroupName'] = group
  end

  info
end