class Awspec::Type::SecurityGroup

Public Instance Methods

id() click to toggle source
# File lib/awspec/type/security_group.rb, line 10
def id
  @id ||= resource_via_client.group_id if resource_via_client
end
inbound() click to toggle source
# File lib/awspec/type/security_group.rb, line 58
def inbound
  @inbound = true
  self
end
inbound_opened?(port = nil, protocol = nil, cidr = nil) click to toggle source
# File lib/awspec/type/security_group.rb, line 24
def inbound_opened?(port = nil, protocol = nil, cidr = nil)
  resource_via_client.ip_permissions.find do |permission|
    cidr_opened?(permission, cidr) && protocol_opened?(permission, protocol) && port_opened?(permission, port)
  end
end
inbound_opened_only?(port = nil, protocol = nil, cidr = nil) click to toggle source
# File lib/awspec/type/security_group.rb, line 30
def inbound_opened_only?(port = nil, protocol = nil, cidr = nil)
  permissions = resource_via_client.ip_permissions.select do |permission|
    protocol_opened?(permission, protocol) && port_opened?(permission, port)
  end
  cidrs = []
  permissions.each do |permission|
    permission.ip_ranges.select { |ip_range| cidrs.push(ip_range.cidr_ip) }
  end
  cidrs == Array(cidr)
end
inbound_permissions_count()
inbound_rule_count() click to toggle source
# File lib/awspec/type/security_group.rb, line 78
def inbound_rule_count
  resource_via_client.ip_permissions.reduce(0) do |sum, permission|
    sum += permission.ip_ranges.count + permission.user_id_group_pairs.count
  end
end
ip_permissions_count() click to toggle source
# File lib/awspec/type/security_group.rb, line 68
def ip_permissions_count
  resource_via_client.ip_permissions.count
end
Also aliased as: inbound_permissions_count
ip_permissions_egress_count() click to toggle source
# File lib/awspec/type/security_group.rb, line 73
def ip_permissions_egress_count
  resource_via_client.ip_permissions_egress.count
end
Also aliased as: outbound_permissions_count
opened?(port = nil, protocol = nil, cidr = nil) click to toggle source
# File lib/awspec/type/security_group.rb, line 14
def opened?(port = nil, protocol = nil, cidr = nil)
  return inbound_opened?(port, protocol, cidr) if @inbound
  outbound_opened?(port, protocol, cidr)
end
opened_only?(port = nil, protocol = nil, cidr = nil) click to toggle source
# File lib/awspec/type/security_group.rb, line 19
def opened_only?(port = nil, protocol = nil, cidr = nil)
  return inbound_opened_only?(port, protocol, cidr) if @inbound
  outbound_opened_only?(port, protocol, cidr)
end
outbound() click to toggle source
# File lib/awspec/type/security_group.rb, line 63
def outbound
  @inbound = false
  self
end
outbound_opened?(port = nil, protocol = nil, cidr = nil) click to toggle source
# File lib/awspec/type/security_group.rb, line 41
def outbound_opened?(port = nil, protocol = nil, cidr = nil)
  resource_via_client.ip_permissions_egress.find do |permission|
    cidr_opened?(permission, cidr) && protocol_opened?(permission, protocol) && port_opened?(permission, port)
  end
end
outbound_opened_only?(port = nil, protocol = nil, cidr = nil) click to toggle source
# File lib/awspec/type/security_group.rb, line 47
def outbound_opened_only?(port = nil, protocol = nil, cidr = nil)
  permissions = resource_via_client.ip_permissions_egress.select do |permission|
    protocol_opened?(permission, protocol) && port_opened?(permission, port)
  end
  cidrs = []
  permissions.each do |permission|
    permission.ip_ranges.select { |ip_range| cidrs.push(ip_range.cidr_ip) }
  end
  cidrs == Array(cidr)
end
outbound_permissions_count()
outbound_rule_count() click to toggle source
# File lib/awspec/type/security_group.rb, line 84
def outbound_rule_count
  resource_via_client.ip_permissions_egress.reduce(0) do |sum, permission|
    sum += permission.ip_ranges.count + permission.user_id_group_pairs.count
  end
end
resource_via_client() click to toggle source
# File lib/awspec/type/security_group.rb, line 6
def resource_via_client
  @resource_via_client ||= find_security_group(@display_name)
end

Private Instance Methods

cidr_opened?(permission, cidr) click to toggle source
# File lib/awspec/type/security_group.rb, line 92
def cidr_opened?(permission, cidr)
  return true unless cidr
  ret = permission.ip_ranges.select do |ip_range|
    ip_range.cidr_ip == cidr
  end
  return true if ret.count > 0
  ret = permission.user_id_group_pairs.select do |sg|
    # Compare the sg group_name if the remote group is in another account.
    # find_security_group call doesn't return info on a remote security group.
    if !sg.user_id.nil? && (sg.user_id != resource_via_client.owner_id)
      next (sg.group_name == cidr) || (sg.group_id == cidr)
    end
    next true if sg.group_id == cidr
    sg2 = find_security_group(sg.group_id)
    next false if sg2.nil?
    next true if sg2.group_name == cidr
    sg2.tags.find do |tag|
      tag.key == 'Name' && tag.value == cidr
    end
  end
  ret.count > 0
end
port_between?(port, from_port, to_port) click to toggle source
# File lib/awspec/type/security_group.rb, line 129
def port_between?(port, from_port, to_port)
  if port.is_a?(String) && port.include?('-')
    f, t = port.split('-')
    from_port == f.to_i && to_port == t.to_i
  else
    port.between?(from_port, to_port)
  end
end
port_opened?(permission, port) click to toggle source
# File lib/awspec/type/security_group.rb, line 122
def port_opened?(permission, port)
  return true unless port
  return true unless permission.from_port
  return true unless permission.to_port
  port_between?(port, permission.from_port, permission.to_port)
end
protocol_opened?(permission, protocol) click to toggle source
# File lib/awspec/type/security_group.rb, line 115
def protocol_opened?(permission, protocol)
  return true unless protocol
  return false if protocol == 'all' && permission.ip_protocol != '-1'
  return true if permission.ip_protocol == '-1'
  permission.ip_protocol == protocol
end