fog-aws 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/fog/aws/dns.rb +14 -1
- data/lib/fog/aws/iam.rb +9 -0
- data/lib/fog/aws/models/compute/flavors.rb +50 -0
- data/lib/fog/aws/models/dns/records.rb +14 -20
- data/lib/fog/aws/models/dns/zones.rb +1 -1
- data/lib/fog/aws/models/storage/file.rb +28 -3
- data/lib/fog/aws/models/storage/files.rb +5 -0
- data/lib/fog/aws/parsers/.DS_Store +0 -0
- data/lib/fog/aws/parsers/iam/list_managed_policies.rb +29 -0
- data/lib/fog/aws/parsers/iam/policy_parser.rb +57 -0
- data/lib/fog/aws/parsers/iam/single_policy.rb +27 -0
- data/lib/fog/aws/rds.rb +3 -1
- data/lib/fog/aws/requests/.DS_Store +0 -0
- data/lib/fog/aws/requests/compute/authorize_security_group_ingress.rb +67 -62
- data/lib/fog/aws/requests/compute/delete_security_group.rb +42 -28
- data/lib/fog/aws/requests/dns/change_resource_record_sets.rb +20 -20
- data/lib/fog/aws/requests/dns/create_hosted_zone.rb +1 -3
- data/lib/fog/aws/requests/dns/delete_hosted_zone.rb +5 -7
- data/lib/fog/aws/requests/dns/get_change.rb +11 -16
- data/lib/fog/aws/requests/dns/get_hosted_zone.rb +1 -3
- data/lib/fog/aws/requests/dns/list_resource_record_sets.rb +7 -12
- data/lib/fog/aws/requests/dynamodb/scan.rb +2 -1
- data/lib/fog/aws/requests/iam/attach_group_policy.rb +32 -0
- data/lib/fog/aws/requests/iam/attach_role_policy.rb +32 -0
- data/lib/fog/aws/requests/iam/attach_user_policy.rb +32 -0
- data/lib/fog/aws/requests/iam/create_policy.rb +47 -0
- data/lib/fog/aws/requests/iam/delete_policy.rb +30 -0
- data/lib/fog/aws/requests/iam/detach_group_policy.rb +32 -0
- data/lib/fog/aws/requests/iam/detach_role_policy.rb +32 -0
- data/lib/fog/aws/requests/iam/detach_user_policy.rb +32 -0
- data/lib/fog/aws/requests/iam/list_policies.rb +47 -0
- data/lib/fog/aws/requests/storage/head_object_url.rb +40 -0
- data/lib/fog/aws/storage.rb +1 -0
- data/lib/fog/aws/version.rb +1 -1
- data/tests/models/compute/security_group_tests.rb +11 -1
- data/tests/models/storage/file_tests.rb +29 -0
- data/tests/requests/compute/security_group_tests.rb +9 -0
- data/tests/requests/dns/dns_tests.rb +29 -42
- data/tests/requests/iam/managed_policy_tests.rb +91 -0
- data/tests/requests/storage/object_tests.rb +6 -0
- metadata +18 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cdc745bb5b1444b37a5fd7c9ab29afe8aca65eec
|
4
|
+
data.tar.gz: 412dec3ceb7f2afc1232ba1115b8b09bdafd5b59
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b711a8189322c47c11ab9ff818302657fff403f14062169663f4914f7efc58a6aa706e826fdc21a3b2bac0cccc6974c7cb7f985323e0ceda3cfccb97efcd552c
|
7
|
+
data.tar.gz: 0254a3121c9fed3f257634c80f06939e6b6008adcddc8ac873d3a3c57ae70a8e0942a2f42a670cd9a88dfc2a1c56b77ade2ffa3a70d8f96ae8a6d4a61aa4fa38
|
data/lib/fog/aws/dns.rb
CHANGED
@@ -79,7 +79,7 @@ module Fog
|
|
79
79
|
# :aws_secret_access_key in order to create a connection
|
80
80
|
#
|
81
81
|
# ==== Examples
|
82
|
-
# dns = Fog::AWS
|
82
|
+
# dns = Fog::DNS::AWS.new(
|
83
83
|
# :aws_access_key_id => your_aws_access_key_id,
|
84
84
|
# :aws_secret_access_key => your_aws_secret_access_key
|
85
85
|
# )
|
@@ -141,6 +141,19 @@ module Fog
|
|
141
141
|
|
142
142
|
def _request(params, &block)
|
143
143
|
@connection.request(params, &block)
|
144
|
+
rescue Excon::Errors::HTTPStatusError => error
|
145
|
+
match = Fog::AWS::Errors.match_error(error)
|
146
|
+
|
147
|
+
if match.empty?
|
148
|
+
raise
|
149
|
+
else
|
150
|
+
case match[:code]
|
151
|
+
when 'NoSuchHostedZone', 'NoSuchChange' then
|
152
|
+
Fog::DNS::AWS::NotFound.slurp(error, match[:message])
|
153
|
+
else
|
154
|
+
Fog::DNS::AWS::Error.slurp(error, "#{match[:code]} => #{match[:message]}")
|
155
|
+
end
|
156
|
+
end
|
144
157
|
end
|
145
158
|
|
146
159
|
def signature(params)
|
data/lib/fog/aws/iam.rb
CHANGED
@@ -17,11 +17,15 @@ module Fog
|
|
17
17
|
request_path 'fog/aws/requests/iam'
|
18
18
|
request :add_user_to_group
|
19
19
|
request :add_role_to_instance_profile
|
20
|
+
request :attach_group_policy
|
21
|
+
request :attach_role_policy
|
22
|
+
request :attach_user_policy
|
20
23
|
request :create_access_key
|
21
24
|
request :create_account_alias
|
22
25
|
request :create_group
|
23
26
|
request :create_instance_profile
|
24
27
|
request :create_login_profile
|
28
|
+
request :create_policy
|
25
29
|
request :create_role
|
26
30
|
request :create_user
|
27
31
|
request :delete_access_key
|
@@ -31,12 +35,16 @@ module Fog
|
|
31
35
|
request :delete_group_policy
|
32
36
|
request :delete_instance_profile
|
33
37
|
request :delete_login_profile
|
38
|
+
request :delete_policy
|
34
39
|
request :delete_role
|
35
40
|
request :delete_role_policy
|
36
41
|
request :delete_server_certificate
|
37
42
|
request :delete_signing_certificate
|
38
43
|
request :delete_user
|
39
44
|
request :delete_user_policy
|
45
|
+
request :detach_group_policy
|
46
|
+
request :detach_role_policy
|
47
|
+
request :detach_user_policy
|
40
48
|
request :get_account_summary
|
41
49
|
request :get_account_password_policy
|
42
50
|
request :get_group
|
@@ -56,6 +64,7 @@ module Fog
|
|
56
64
|
request :list_instance_profiles
|
57
65
|
request :list_instance_profiles_for_role
|
58
66
|
request :list_mfa_devices
|
67
|
+
request :list_policies
|
59
68
|
request :list_roles
|
60
69
|
request :list_role_policies
|
61
70
|
request :list_server_certificates
|
@@ -155,6 +155,56 @@ module Fog
|
|
155
155
|
:ebs_optimized_available => false,
|
156
156
|
:instance_store_volumes => 2
|
157
157
|
},
|
158
|
+
{
|
159
|
+
:id => 'c4.large',
|
160
|
+
:name => 'C4 Large',
|
161
|
+
:bits => 64,
|
162
|
+
:cores => 7,
|
163
|
+
:disk => 32,
|
164
|
+
:ram => 3750,
|
165
|
+
:ebs_optimized_available => true,
|
166
|
+
:instance_store_volumes => 2
|
167
|
+
},
|
168
|
+
{
|
169
|
+
:id => 'c4.xlarge',
|
170
|
+
:name => 'C4 Extra Large',
|
171
|
+
:bits => 64,
|
172
|
+
:cores => 14,
|
173
|
+
:disk => 80,
|
174
|
+
:ram => 7168,
|
175
|
+
:ebs_optimized_available => true,
|
176
|
+
:instance_store_volumes => 2
|
177
|
+
},
|
178
|
+
{
|
179
|
+
:id => 'c4.2xlarge',
|
180
|
+
:name => 'C4 Double Extra Large',
|
181
|
+
:bits => 64,
|
182
|
+
:cores => 28,
|
183
|
+
:disk => 160,
|
184
|
+
:ram => 15360,
|
185
|
+
:ebs_optimized_available => true,
|
186
|
+
:instance_store_volumes => 2
|
187
|
+
},
|
188
|
+
{
|
189
|
+
:id => 'c4.4xlarge',
|
190
|
+
:name => 'C4 Quadruple Extra Large',
|
191
|
+
:bits => 64,
|
192
|
+
:cores => 55,
|
193
|
+
:disk => 320,
|
194
|
+
:ram => 30720,
|
195
|
+
:ebs_optimized_available => true,
|
196
|
+
:instance_store_volumes => 2
|
197
|
+
},
|
198
|
+
{
|
199
|
+
:id => 'c4.8xlarge',
|
200
|
+
:name => 'C4 Eight Extra Large',
|
201
|
+
:bits => 64,
|
202
|
+
:cores => 122,
|
203
|
+
:disk => 640,
|
204
|
+
:ram => 61440,
|
205
|
+
:ebs_optimized_available => false,
|
206
|
+
:instance_store_volumes => 2
|
207
|
+
},
|
158
208
|
{
|
159
209
|
:id => 'g2.2xlarge',
|
160
210
|
:name => 'GPU Double Extra Large',
|
@@ -81,32 +81,26 @@ module Fog
|
|
81
81
|
record_type = record_type.upcase unless record_type.nil?
|
82
82
|
|
83
83
|
options = {
|
84
|
-
:max_items
|
85
|
-
:name
|
86
|
-
:type
|
84
|
+
:max_items => 1,
|
85
|
+
:name => record_name,
|
86
|
+
:type => record_type,
|
87
87
|
:identifier => record_identifier
|
88
88
|
}
|
89
89
|
options.delete_if {|key, value| value.nil?}
|
90
90
|
|
91
91
|
data = service.list_resource_record_sets(zone.id, options).body
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
nil
|
102
|
-
else
|
103
|
-
record
|
104
|
-
end
|
92
|
+
|
93
|
+
# look for an exact match in the records
|
94
|
+
(data['ResourceRecordSets'] || []).map do |record_data|
|
95
|
+
record = new(record_data)
|
96
|
+
|
97
|
+
if (record.name == record_name) &&
|
98
|
+
(record_type.nil? || (record.type == record_type)) &&
|
99
|
+
(record_identifier.nil? || (record.set_identifier == record_identifier))
|
100
|
+
record
|
105
101
|
end
|
106
|
-
|
107
|
-
|
108
|
-
end
|
109
|
-
rescue Excon::Errors::NotFound
|
102
|
+
end.compact.first
|
103
|
+
rescue Fog::DNS::AWS::NotFound
|
110
104
|
nil
|
111
105
|
end
|
112
106
|
|
@@ -23,6 +23,7 @@ module Fog
|
|
23
23
|
attribute :owner, :aliases => 'Owner'
|
24
24
|
attribute :storage_class, :aliases => ['x-amz-storage-class', 'StorageClass']
|
25
25
|
attribute :encryption, :aliases => 'x-amz-server-side-encryption'
|
26
|
+
attribute :encryption_key, :aliases => 'x-amz-server-side-encryption-customer-key'
|
26
27
|
attribute :version, :aliases => 'x-amz-version-id'
|
27
28
|
|
28
29
|
# @note Chunk size to use for multipart uploads.
|
@@ -199,7 +200,7 @@ module Fog
|
|
199
200
|
options['Expires'] = expires if expires
|
200
201
|
options.merge!(metadata)
|
201
202
|
options['x-amz-storage-class'] = storage_class if storage_class
|
202
|
-
options
|
203
|
+
options.merge!(encryption_headers)
|
203
204
|
|
204
205
|
if multipart_chunk_size && body.respond_to?(:read)
|
205
206
|
data = multipart_save(options)
|
@@ -261,8 +262,7 @@ module Fog
|
|
261
262
|
body.rewind rescue nil
|
262
263
|
end
|
263
264
|
while (chunk = body.read(multipart_chunk_size)) do
|
264
|
-
|
265
|
-
part_upload = service.upload_part(directory.key, key, upload_id, part_tags.size + 1, chunk, 'Content-MD5' => md5 )
|
265
|
+
part_upload = service.upload_part(directory.key, key, upload_id, part_tags.size + 1, chunk, part_headers(chunk, options))
|
266
266
|
part_tags << part_upload.headers["ETag"]
|
267
267
|
end
|
268
268
|
|
@@ -274,6 +274,31 @@ module Fog
|
|
274
274
|
# Complete the upload
|
275
275
|
service.complete_multipart_upload(directory.key, key, upload_id, part_tags)
|
276
276
|
end
|
277
|
+
|
278
|
+
def encryption_headers
|
279
|
+
if encryption && encryption_key
|
280
|
+
encryption_customer_key_headers
|
281
|
+
elsif encryption
|
282
|
+
{ 'x-amz-server-side-encryption' => encryption }
|
283
|
+
else
|
284
|
+
{}
|
285
|
+
end
|
286
|
+
end
|
287
|
+
|
288
|
+
def part_headers(chunk, options)
|
289
|
+
md5 = Base64.encode64(Digest::MD5.digest(chunk)).strip
|
290
|
+
encryption_keys = encryption_customer_key_headers.keys
|
291
|
+
encryption_headers = options.select { |key| encryption_keys.include?(key) }
|
292
|
+
{ 'Content-MD5' => md5 }.merge(encryption_headers)
|
293
|
+
end
|
294
|
+
|
295
|
+
def encryption_customer_key_headers
|
296
|
+
{
|
297
|
+
'x-amz-server-side-encryption-customer-algorithm' => encryption,
|
298
|
+
'x-amz-server-side-encryption-customer-key' => Base64.encode64(encryption_key.to_s).chomp!,
|
299
|
+
'x-amz-server-side-encryption-customer-key-md5' => Base64.encode64(Digest::MD5.digest(encryption_key.to_s)).chomp!
|
300
|
+
}
|
301
|
+
end
|
277
302
|
end
|
278
303
|
end
|
279
304
|
end
|
@@ -92,6 +92,11 @@ module Fog
|
|
92
92
|
service.get_object_https_url(directory.key, key, expires, options)
|
93
93
|
end
|
94
94
|
|
95
|
+
def head_url(key, expires, options = {})
|
96
|
+
requires :directory
|
97
|
+
service.head_object_url(directory.key, key, expires, options)
|
98
|
+
end
|
99
|
+
|
95
100
|
def head(key, options = {})
|
96
101
|
requires :directory
|
97
102
|
data = service.head_object(directory.key, key, options)
|
Binary file
|
@@ -0,0 +1,29 @@
|
|
1
|
+
module Fog
|
2
|
+
module Parsers
|
3
|
+
module AWS
|
4
|
+
module IAM
|
5
|
+
require 'fog/aws/parsers/iam/policy_parser'
|
6
|
+
class ListManagedPolicies < Fog::Parsers::AWS::IAM::PolicyParser
|
7
|
+
def reset
|
8
|
+
super
|
9
|
+
@response = { 'Policies' => [] , 'Marker' => '', 'IsTruncated' => false}
|
10
|
+
end
|
11
|
+
|
12
|
+
def finished_policy(policy)
|
13
|
+
@response['Policies'] << policy
|
14
|
+
end
|
15
|
+
|
16
|
+
def end_element(name)
|
17
|
+
case name
|
18
|
+
when 'RequestId', 'Marker'
|
19
|
+
@response[name] = value
|
20
|
+
when 'IsTruncated'
|
21
|
+
@response[name] = (value == 'true')
|
22
|
+
end
|
23
|
+
super
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,57 @@
|
|
1
|
+
module Fog
|
2
|
+
module Parsers
|
3
|
+
module AWS
|
4
|
+
module IAM
|
5
|
+
class PolicyParser < Fog::Parsers::Base
|
6
|
+
def reset
|
7
|
+
@policy = fresh_policy
|
8
|
+
@stack = []
|
9
|
+
end
|
10
|
+
|
11
|
+
def start_element(name,attrs = [])
|
12
|
+
case name
|
13
|
+
when 'Policies'
|
14
|
+
@stack << name
|
15
|
+
when 'Policy'
|
16
|
+
@role =fresh_policy
|
17
|
+
when 'member'
|
18
|
+
if @stack.last == 'Policies'
|
19
|
+
@role = fresh_policy
|
20
|
+
end
|
21
|
+
end
|
22
|
+
super
|
23
|
+
end
|
24
|
+
|
25
|
+
def fresh_policy
|
26
|
+
{'AttachmentCount' => 0, 'Description' => ''}
|
27
|
+
end
|
28
|
+
|
29
|
+
def end_element(name)
|
30
|
+
case name
|
31
|
+
when 'Arn', 'DefaultVersionId', 'Description', 'Path', 'PolicyName', 'PolicyId'
|
32
|
+
@policy[name] = value
|
33
|
+
when 'CreateDate', 'UpdateDate'
|
34
|
+
@policy[name] = Time.parse(value)
|
35
|
+
when 'IsAttachable'
|
36
|
+
@policy[name] = (value == 'true')
|
37
|
+
when 'AttachmentCount'
|
38
|
+
@policy[name] = value.to_i
|
39
|
+
when 'Policy'
|
40
|
+
finished_policy(@policy)
|
41
|
+
@policy = nil
|
42
|
+
when 'Policies'
|
43
|
+
if @stack.last == 'Policies'
|
44
|
+
@stack.pop
|
45
|
+
end
|
46
|
+
when 'member'
|
47
|
+
if @stack.last == 'Policies'
|
48
|
+
finished_policy(@policy)
|
49
|
+
@policy = nil
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
module Fog
|
2
|
+
module Parsers
|
3
|
+
module AWS
|
4
|
+
module IAM
|
5
|
+
require 'fog/aws/parsers/iam/policy_parser'
|
6
|
+
class SinglePolicy < Fog::Parsers::AWS::IAM::PolicyParser
|
7
|
+
def reset
|
8
|
+
super
|
9
|
+
@response = { 'Policy' => {} }
|
10
|
+
end
|
11
|
+
|
12
|
+
def finished_policy(policy)
|
13
|
+
@response['Policy'] = policy
|
14
|
+
end
|
15
|
+
|
16
|
+
def end_element(name)
|
17
|
+
case name
|
18
|
+
when 'RequestId'
|
19
|
+
@response[name] = value
|
20
|
+
end
|
21
|
+
super
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
data/lib/fog/aws/rds.rb
CHANGED
@@ -126,11 +126,13 @@ module Fog
|
|
126
126
|
|
127
127
|
def initialize(options={})
|
128
128
|
@use_iam_profile = options[:use_iam_profile]
|
129
|
-
@region
|
129
|
+
@region = options[:region] || 'us-east-1'
|
130
130
|
|
131
131
|
unless ['ap-northeast-1', 'ap-southeast-1', 'ap-southeast-2', 'eu-central-1', 'eu-west-1', 'us-east-1', 'us-west-1', 'us-west-2', 'sa-east-1'].include?(@region)
|
132
132
|
raise ArgumentError, "Unknown region: #{@region.inspect}"
|
133
133
|
end
|
134
|
+
|
135
|
+
setup_credentials(options)
|
134
136
|
end
|
135
137
|
|
136
138
|
def data
|
Binary file
|
@@ -87,43 +87,39 @@ module Fog
|
|
87
87
|
end
|
88
88
|
|
89
89
|
response = Excon::Response.new
|
90
|
-
group = self.data[:security_groups][group_name]
|
90
|
+
group = self.data[:security_groups][group_name] || raise(Fog::Compute::AWS::NotFound.new("The security group '#{group_name}' does not exist"))
|
91
91
|
|
92
|
-
|
93
|
-
verify_permission_options(options, group['vpcId'] != nil)
|
92
|
+
verify_permission_options(options, group['vpcId'] != nil)
|
94
93
|
|
95
|
-
|
94
|
+
normalized_permissions = normalize_permissions(options)
|
96
95
|
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
end
|
102
|
-
|
103
|
-
if permission['ipRanges'].any? {|pr| matching_group_permission['ipRanges'].include?(pr) }
|
104
|
-
raise Fog::Compute::AWS::Error, "InvalidPermission.Duplicate => The permission '123' has already been authorized in the specified group"
|
105
|
-
end
|
96
|
+
normalized_permissions.each do |permission|
|
97
|
+
if matching_group_permission = find_matching_permission(group, permission)
|
98
|
+
if permission['groups'].any? {|pg| matching_group_permission['groups'].include?(pg) }
|
99
|
+
raise Fog::Compute::AWS::Error, "InvalidPermission.Duplicate => The permission '123' has already been authorized in the specified group"
|
106
100
|
end
|
107
|
-
end
|
108
101
|
|
109
|
-
|
110
|
-
|
111
|
-
matching_group_permission['groups'] += permission['groups']
|
112
|
-
matching_group_permission['ipRanges'] += permission['ipRanges']
|
113
|
-
else
|
114
|
-
group['ipPermissions'] << permission
|
102
|
+
if permission['ipRanges'].any? {|pr| matching_group_permission['ipRanges'].include?(pr) }
|
103
|
+
raise Fog::Compute::AWS::Error, "InvalidPermission.Duplicate => The permission '123' has already been authorized in the specified group"
|
115
104
|
end
|
116
105
|
end
|
106
|
+
end
|
117
107
|
|
118
|
-
|
119
|
-
|
120
|
-
'
|
121
|
-
'
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
raise Fog::Compute::AWS::NotFound.new("The security group '#{group_name}' does not exist")
|
108
|
+
normalized_permissions.each do |permission|
|
109
|
+
if matching_group_permission = find_matching_permission(group, permission)
|
110
|
+
matching_group_permission['groups'] += permission['groups']
|
111
|
+
matching_group_permission['ipRanges'] += permission['ipRanges']
|
112
|
+
else
|
113
|
+
group['ipPermissions'] << permission
|
114
|
+
end
|
126
115
|
end
|
116
|
+
|
117
|
+
response.status = 200
|
118
|
+
response.body = {
|
119
|
+
'requestId' => Fog::AWS::Mock.request_id,
|
120
|
+
'return' => true
|
121
|
+
}
|
122
|
+
response
|
127
123
|
end
|
128
124
|
|
129
125
|
private
|
@@ -158,58 +154,67 @@ module Fog
|
|
158
154
|
['tcp', 'udp'].each do |protocol|
|
159
155
|
normalized_permissions << {
|
160
156
|
'ipProtocol' => protocol,
|
161
|
-
'fromPort'
|
162
|
-
'toPort'
|
163
|
-
'groups'
|
164
|
-
|
157
|
+
'fromPort' => 1,
|
158
|
+
'toPort' => 65535,
|
159
|
+
'groups' => [{
|
160
|
+
'groupName' => options['SourceSecurityGroupName'],
|
161
|
+
'userId' => options['SourceSecurityGroupOwnerId'] || self.data[:owner_id],
|
162
|
+
'groupId' => source_group_id
|
163
|
+
}],
|
164
|
+
'ipRanges' => []
|
165
165
|
}
|
166
166
|
end
|
167
167
|
normalized_permissions << {
|
168
168
|
'ipProtocol' => 'icmp',
|
169
|
-
'fromPort'
|
170
|
-
'toPort'
|
171
|
-
'groups'
|
169
|
+
'fromPort' => -1,
|
170
|
+
'toPort' => -1,
|
171
|
+
'groups' => [{
|
172
|
+
'groupName' => options['SourceSecurityGroupName'],
|
173
|
+
'userId' => options['SourceSecurityGroupOwnerId'] || self.data[:owner_id],
|
174
|
+
'groupId' => source_group_id
|
175
|
+
}],
|
172
176
|
'ipRanges' => []
|
173
177
|
}
|
174
178
|
elsif options['CidrIp']
|
175
179
|
normalized_permissions << {
|
176
180
|
'ipProtocol' => options['IpProtocol'],
|
177
|
-
'fromPort'
|
178
|
-
'toPort'
|
179
|
-
'groups'
|
180
|
-
'ipRanges'
|
181
|
+
'fromPort' => Integer(options['FromPort']),
|
182
|
+
'toPort' => Integer(options['ToPort']),
|
183
|
+
'groups' => [],
|
184
|
+
'ipRanges' => [{'cidrIp' => options['CidrIp']}]
|
181
185
|
}
|
182
186
|
elsif options['IpPermissions']
|
183
187
|
options['IpPermissions'].each do |permission|
|
188
|
+
|
189
|
+
groups = (permission['Groups'] || []).map do |authorized_group|
|
190
|
+
security_group = if group_name = authorized_group['GroupName']
|
191
|
+
self.data[:security_groups][group_name]
|
192
|
+
elsif group_id = authorized_group['GroupId']
|
193
|
+
self.data[:security_groups].values.find { |sg| sg['groupId'] == group_id }
|
194
|
+
end ||
|
195
|
+
raise(Fog::Compute::AWS::NotFound.new("The security group '#{group_name || group_id}' does not exist"))
|
196
|
+
|
197
|
+
{
|
198
|
+
'groupName' => authorized_group['GroupName'] || security_group["groupName"],
|
199
|
+
'userId' => authorized_group['UserId'] || self.data[:owner_id],
|
200
|
+
'groupId' => authorized_group["GroupId"] || security_group['groupId']
|
201
|
+
}
|
202
|
+
end
|
203
|
+
|
204
|
+
|
184
205
|
if ['tcp', 'udp', 'icmp'].include?(permission['IpProtocol'])
|
185
206
|
normalized_permissions << {
|
186
207
|
'ipProtocol' => permission['IpProtocol'],
|
187
|
-
'fromPort'
|
188
|
-
'toPort'
|
189
|
-
'groups'
|
190
|
-
security_group = if group_name = authorized_group['GroupName']
|
191
|
-
self.data[:security_groups][group_name] || {}
|
192
|
-
elsif group_id = authorized_group['GroupId']
|
193
|
-
self.data[:security_groups].values.find { |sg| sg['groupId'] == group_id } || {}
|
194
|
-
end
|
195
|
-
|
196
|
-
{'groupName' => authorized_group['GroupName'] || security_group["groupName"], 'userId' => authorized_group['UserId'] || self.data[:owner_id], 'groupId' => authorized_group["GroupId"] || security_group['groupId']}
|
197
|
-
end,
|
208
|
+
'fromPort' => Integer(permission['FromPort']),
|
209
|
+
'toPort' => Integer(permission['ToPort']),
|
210
|
+
'groups' => groups,
|
198
211
|
'ipRanges' => (permission['IpRanges'] || []).map {|r| { 'cidrIp' => r['CidrIp'] } }
|
199
212
|
}
|
200
213
|
else
|
201
214
|
normalized_permissions << {
|
202
215
|
'ipProtocol' => permission['IpProtocol'],
|
203
|
-
'groups'
|
204
|
-
|
205
|
-
self.data[:security_groups][group_name] || {}
|
206
|
-
elsif group_id = authorized_group['GroupId']
|
207
|
-
self.data[:security_groups].values.find { |sg| sg['groupId'] == group_id } || {}
|
208
|
-
end
|
209
|
-
|
210
|
-
{'groupName' => authorized_group['GroupName'] || security_group["groupName"], 'userId' => authorized_group['UserId'] || self.data[:owner_id], 'groupId' => authorized_group["GroupId"] || security_group['groupId']}
|
211
|
-
end,
|
212
|
-
'ipRanges' => (permission['IpRanges'] || []).map {|r| { 'cidrIp' => r['CidrIp'] } }
|
216
|
+
'groups' => groups,
|
217
|
+
'ipRanges' => (permission['IpRanges'] || []).map {|r| { 'cidrIp' => r['CidrIp'] } }
|
213
218
|
}
|
214
219
|
end
|
215
220
|
end
|
@@ -221,8 +226,8 @@ module Fog
|
|
221
226
|
def find_matching_permission(group, permission)
|
222
227
|
group['ipPermissions'].find {|group_permission|
|
223
228
|
permission['ipProtocol'] == group_permission['ipProtocol'] &&
|
224
|
-
|
225
|
-
|
229
|
+
permission['fromPort'] == group_permission['fromPort'] &&
|
230
|
+
permission['toPort'] == group_permission['toPort'] }
|
226
231
|
end
|
227
232
|
end
|
228
233
|
end
|