23
23
Represents an EC2 Security Group
25
from boto.ec2.ec2object import EC2Object
27
class SecurityGroup(EC2Object):
28
29
def __init__(self, connection=None, owner_id=None,
29
30
name=None, description=None):
30
self.connection = connection
31
EC2Object.__init__(self, connection)
31
32
self.owner_id = owner_id
33
34
self.description = description
90
91
target_grant = None
91
92
for grant in rule.grants:
92
if grant.group_name == src_group_name:
93
if grant.user_id == src_group_owner_id:
93
if grant.name == src_group_name:
94
if grant.owner_id == src_group_owner_id:
94
95
if grant.cidr_ip == cidr_ip:
95
96
target_grant = grant
101
102
def authorize(self, ip_protocol=None, from_port=None, to_port=None,
102
103
cidr_ip=None, src_group=None):
105
Add a new rule to this security group.
106
You need to pass in either src_group_name
107
OR ip_protocol, from_port, to_port,
108
and cidr_ip. In other words, either you are authorizing another
109
group or you are authorizing some ip-based rule.
111
@type ip_protocol: string
112
@param ip_protocol: Either tcp | udp | icmp
115
@param from_port: The beginning port number you are enabling
118
@param to_port: The ending port number you are enabling
120
@type to_port: string
121
@param to_port: The CIDR block you are providing access to.
122
See http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
124
@type src_group: L{SecurityGroup<boto.ec2.securitygroup.SecurityGroup>} or
125
L{GroupOrCIDR<boto.ec2.securitygroup.GroupOrCIDR}
128
@return: True if successful.
104
135
src_group_name = src_group.name
105
136
src_group_owner_id = src_group.owner_id
121
152
def revoke(self, ip_protocol=None, from_port=None, to_port=None,
122
153
cidr_ip=None, src_group=None):
124
159
src_group_name = src_group.name
125
160
src_group_owner_id = src_group.owner_id
138
173
src_group_owner_id, cidr_ip)
176
def copy_to_region(self, region, name=None):
178
Create a copy of this security group in another region.
179
Note that the new security group will be a separate entity
180
and will not stay in sync automatically after the copy
183
@type region: L{RegionInfo<boto.ec2.regioninfo.RegionInfo>}
184
@param region: The region to which this security group will be copied.
187
@param name: The name of the copy. If not supplied, the copy
188
will have the same name as this security group.
190
@rtype: L{SecurityGroup<boto.ec2.securitygroup.SecurityGroup>}
191
@return: The new security group.
193
if region.name == self.region:
194
raise BotoClientError('Unable to copy to the same Region')
195
conn_params = self.connection.get_params()
196
rconn = region.connect(**conn_params)
197
sg = rconn.create_security_group(name or self.name, self.description)
199
for rule in self.rules:
200
grant = rule.grants[0]
202
if grant.name not in source_groups:
203
source_groups.append(grant.name)
204
sg.authorize(None, None, None, None, grant)
206
sg.authorize(rule.ip_protocol, rule.from_port, rule.to_port,
212
rs = self.connection.get_all_instances()
213
for reservation in rs:
214
uses_group = [g.id for g in reservation.groups if g.id == self.name]
216
instances.extend(reservation.instances)
141
219
class IPPermissions:
143
221
def __init__(self, parent=None):
168
246
setattr(self, name, value)
170
def add_grant(self, user_id=None, group_name=None, cidr_ip=None):
248
def add_grant(self, owner_id=None, name=None, cidr_ip=None):
171
249
grant = GroupOrCIDR(self)
172
grant.user_id = user_id
173
grant.group_name = group_name
250
grant.owner_id = owner_id
174
252
grant.cidr_ip = cidr_ip
175
253
self.grants.append(grant)
178
256
class GroupOrCIDR:
180
258
def __init__(self, parent=None):
182
self.group_name = None
183
261
self.cidr_ip = None
185
263
def __repr__(self):
187
265
return '%s' % self.cidr_ip
189
return '%s-%s' % (self.group_name, self.user_id)
267
return '%s-%s' % (self.name, self.owner_id)
191
269
def startElement(self, name, attrs, connection):
194
272
def endElement(self, name, value, connection):
195
273
if name == 'userId':
274
self.owner_id = value
197
275
elif name == 'groupName':
198
self.group_name = value
199
277
if name == 'cidrIp':
200
278
self.cidr_ip = value