class AWS::EC2::SecurityGroup::IpPermission

Attributes

groups[R]

@return [Array] An array of security groups that have been granted access with this permission.

ip_ranges[R]

@return [Array] An array of string CIDR ip addresses.

port_range[R]

@return [Range] The port range (e.g. 80..80, 4000..4010, etc)

protocol[R]

@return [Symbol] The protocol (:tcp, :udp, :icmp)

security_group[R]

@return [SecurityGroup] The security group this permission is

authorized for.

Public Class Methods

new(security_group, protocol, ports, options = {}) click to toggle source

@param protocol [:tcp, :udp, :icmp]

@param port [Range,Integer] An integer or a range of integers

to open ports for.

@param [Hash] options

@option options [Array] :#ip_ranges An array of CIDR ip address

to grant permission to.

@option options [Array] :groups An array of SecurityGroup objects to

grant permission to.

@option options [Boolean] :egress (false) When true this IpPermission

is assumed to be an egree permission.

# File lib/aws/ec2/security_group/ip_permission.rb, line 37
def initialize security_group, protocol, ports, options = {}

  @security_group = security_group

  @protocol = protocol == '-1' ?  :any : protocol.to_s.downcase.to_sym

  @ip_ranges = Array(options[:ip_ranges])

  @groups = Array(options[:groups])

  @egress = options[:egress]

  # not all egress permissions require port ranges, depends on the
  # protocol
  if ports
    @port_range = Array(ports).first.to_i..Array(ports).last.to_i
  end

  super

end

Public Instance Methods

==(other) click to toggle source

Alias for: eql?

authorize() click to toggle source

Authorizes this permission from its security group. @return [IpPermission] Returns self

# File lib/aws/ec2/security_group/ip_permission.rb, line 83
def authorize
  update_sg(egress? ? :authorize_egress : :authorize_ingress)
end

egress?() click to toggle source

@return [Boolean] Returns true if this is an egress permission.

# File lib/aws/ec2/security_group/ip_permission.rb, line 77
def egress?
  @egress ? true : false
end

eql?(other) click to toggle source

@return [Boolean] Returns true if the other IpPermission matches

this one.

# File lib/aws/ec2/security_group/ip_permission.rb, line 95
def eql? other
  other.is_a?(IpPermission) and
  other.security_group == security_group and
  other.protocol == protocol and
  other.port_range == port_range and
  other.ip_ranges == ip_ranges and
  other.groups == groups and
  other.egress == egress?
end

Also aliased as: ==

revoke() click to toggle source

Revokes this permission from its security group. @return [IpPermission] Returns self

# File lib/aws/ec2/security_group/ip_permission.rb, line 89
def revoke
  update_sg(egress? ? :revoke_egress : :revoke_ingress)
end

Protected Instance Methods

update_sg(method) click to toggle source

# File lib/aws/ec2/security_group/ip_permission.rb, line 107
def update_sg method

  sources = []
  sources += ip_ranges
  sources += groups

  if egress?
    opts = {}
    opts[:protocol] = protocol
    opts[:ports] = port_range if port_range
    sources << opts
    security_group.send(method, *sources)
  else
    security_group.send(method, protocol, port_range, *sources)
  end

  self
end