fog-aws 0.11.0 → 0.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +22 -1
- data/lib/fog/aws.rb +2 -0
- data/lib/fog/aws/cloud_formation.rb +14 -0
- data/lib/fog/aws/compute.rb +2 -0
- data/lib/fog/aws/models/compute/security_group.rb +49 -26
- data/lib/fog/aws/models/compute/vpc.rb +6 -0
- data/lib/fog/aws/models/support/flagged_resource.rb +14 -0
- data/lib/fog/aws/models/support/flagged_resources.rb +11 -0
- data/lib/fog/aws/models/support/trusted_advisor_check.rb +65 -0
- data/lib/fog/aws/models/support/trusted_advisor_checks.rb +21 -0
- data/lib/fog/aws/parsers/cloud_formation/basic.rb +8 -0
- data/lib/fog/aws/parsers/cloud_formation/create_change_set.rb +16 -0
- data/lib/fog/aws/parsers/cloud_formation/describe_account_limits.rb +26 -0
- data/lib/fog/aws/parsers/cloud_formation/describe_change_set.rb +135 -0
- data/lib/fog/aws/parsers/cloud_formation/describe_stack_resource.rb +28 -0
- data/lib/fog/aws/parsers/cloud_formation/estimate_template_cost.rb +16 -0
- data/lib/fog/aws/parsers/cloud_formation/get_stack_policy.rb +16 -0
- data/lib/fog/aws/parsers/cloud_formation/get_template_summary.rb +62 -0
- data/lib/fog/aws/parsers/cloud_formation/list_change_sets.rb +30 -0
- data/lib/fog/aws/parsers/compute/describe_vpcs.rb +3 -1
- data/lib/fog/aws/requests/cloud_formation/cancel_update_stack.rb +25 -0
- data/lib/fog/aws/requests/cloud_formation/continue_update_rollback.rb +26 -0
- data/lib/fog/aws/requests/cloud_formation/create_change_set.rb +70 -0
- data/lib/fog/aws/requests/cloud_formation/create_stack.rb +14 -0
- data/lib/fog/aws/requests/cloud_formation/delete_change_set.rb +26 -0
- data/lib/fog/aws/requests/cloud_formation/delete_stack.rb +1 -1
- data/lib/fog/aws/requests/cloud_formation/describe_account_limits.rb +27 -0
- data/lib/fog/aws/requests/cloud_formation/describe_change_set.rb +43 -0
- data/lib/fog/aws/requests/cloud_formation/describe_stack_resource.rb +40 -0
- data/lib/fog/aws/requests/cloud_formation/estimate_template_cost.rb +48 -0
- data/lib/fog/aws/requests/cloud_formation/execute_change_set.rb +26 -0
- data/lib/fog/aws/requests/cloud_formation/get_stack_policy.rb +27 -0
- data/lib/fog/aws/requests/cloud_formation/get_template_summary.rb +46 -0
- data/lib/fog/aws/requests/cloud_formation/list_change_sets.rb +40 -0
- data/lib/fog/aws/requests/cloud_formation/set_stack_policy.rb +38 -0
- data/lib/fog/aws/requests/cloud_formation/signal_resource.rb +32 -0
- data/lib/fog/aws/requests/cloud_formation/update_stack.rb +49 -0
- data/lib/fog/aws/requests/compute/authorize_security_group_egress.rb +112 -0
- data/lib/fog/aws/requests/compute/revoke_security_group_egress.rb +98 -0
- data/lib/fog/aws/requests/support/describe_trusted_advisor_check_result.rb +31 -0
- data/lib/fog/aws/requests/support/describe_trusted_advisor_checks.rb +29 -0
- data/lib/fog/aws/support.rb +170 -0
- data/lib/fog/aws/version.rb +1 -1
- data/tests/models/compute/security_group_tests.rb +24 -0
- data/tests/models/support/trusted_advisor_tests.rb +25 -0
- data/tests/requests/support/helper.rb +43 -0
- data/tests/requests/support/trusted_advisor_check_tests.rb +16 -0
- metadata +36 -3
@@ -0,0 +1,48 @@
|
|
1
|
+
module Fog
|
2
|
+
module AWS
|
3
|
+
class CloudFormation
|
4
|
+
class Real
|
5
|
+
require 'fog/aws/parsers/cloud_formation/estimate_template_cost'
|
6
|
+
|
7
|
+
# Returns the estimated monthly cost of a template.
|
8
|
+
#
|
9
|
+
# * options [Hash]:
|
10
|
+
# * TemplateBody [String] Structure containing the template body.
|
11
|
+
# or (one of the two Template parameters is required)
|
12
|
+
# * TemplateURL [String] URL of file containing the template body.
|
13
|
+
# * Parameters [Hash] Hash of providers to supply to template
|
14
|
+
#
|
15
|
+
# @return [Excon::Response]:
|
16
|
+
# * body [Hash:
|
17
|
+
# * Url [String] - An AWS Simple Monthly Calculator URL with a query string that describes the resources required to run the template.
|
18
|
+
#
|
19
|
+
# @see http://docs.amazonwebservices.com/AWSCloudFormation/latest/APIReference/API_EstimateTemplateCost.html
|
20
|
+
|
21
|
+
def estimate_template_cost(options = {})
|
22
|
+
params = {}
|
23
|
+
|
24
|
+
if options['Parameters']
|
25
|
+
options['Parameters'].keys.each_with_index do |key, index|
|
26
|
+
index += 1 # params are 1-indexed
|
27
|
+
params.merge!({
|
28
|
+
"Parameters.member.#{index}.ParameterKey" => key,
|
29
|
+
"Parameters.member.#{index}.ParameterValue" => options['Parameters'][key]
|
30
|
+
})
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
if options['TemplateBody']
|
35
|
+
params['TemplateBody'] = options['TemplateBody']
|
36
|
+
elsif options['TemplateURL']
|
37
|
+
params['TemplateURL'] = options['TemplateURL']
|
38
|
+
end
|
39
|
+
|
40
|
+
request({
|
41
|
+
'Action' => 'EstimateTemplateCost',
|
42
|
+
:parser => Fog::Parsers::AWS::CloudFormation::EstimateTemplateCost.new
|
43
|
+
}.merge!(params))
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
module Fog
|
2
|
+
module AWS
|
3
|
+
class CloudFormation
|
4
|
+
class Real
|
5
|
+
require 'fog/aws/parsers/cloud_formation/basic'
|
6
|
+
|
7
|
+
# Execute a change set.
|
8
|
+
#
|
9
|
+
# @param ChangeSetName [String] The name of the change set to delete.
|
10
|
+
# @option options StackName [String] The Stack name or ID (ARN) that is associated with change set.
|
11
|
+
#
|
12
|
+
# @return [Excon::Response]
|
13
|
+
#
|
14
|
+
# @see http://docs.amazonwebservices.com/AWSCloudFormation/latest/APIReference/API_ExecuteChangeSet.html
|
15
|
+
|
16
|
+
def execute_change_set(change_set_name, options = {})
|
17
|
+
options['ChangeSetName'] = change_set_name
|
18
|
+
request({
|
19
|
+
'Action' => 'ExecuteChangeSet',
|
20
|
+
:parser => Fog::Parsers::AWS::CloudFormation::Basic.new
|
21
|
+
}.merge!(options))
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
module Fog
|
2
|
+
module AWS
|
3
|
+
class CloudFormation
|
4
|
+
class Real
|
5
|
+
require 'fog/aws/parsers/cloud_formation/get_stack_policy'
|
6
|
+
|
7
|
+
# Describe stacks.
|
8
|
+
#
|
9
|
+
# @param stack_name [String] The name or unique stack ID that is associated with the stack whose policy you want to get.
|
10
|
+
#
|
11
|
+
# @return [Excon::Response]
|
12
|
+
# * body [Hash]:
|
13
|
+
# * StackPolicyBody [String] - Structure containing the stack policy body.
|
14
|
+
#
|
15
|
+
# @see http://docs.amazonwebservices.com/AWSCloudFormation/latest/APIReference/API_GetStackPolicy.html
|
16
|
+
|
17
|
+
def get_stack_policy(stack_name)
|
18
|
+
request(
|
19
|
+
'Action' => 'GetStackPolicy',
|
20
|
+
'StackName' => stack_name,
|
21
|
+
:parser => Fog::Parsers::AWS::CloudFormation::GetStackPolicy.new
|
22
|
+
)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
module Fog
|
2
|
+
module AWS
|
3
|
+
class CloudFormation
|
4
|
+
class Real
|
5
|
+
require 'fog/aws/parsers/cloud_formation/get_template_summary'
|
6
|
+
|
7
|
+
# Returns information about a new or existing template.
|
8
|
+
#
|
9
|
+
# * options [Hash]:
|
10
|
+
# * stack_name [String] Name of the stack or the stack ID.
|
11
|
+
# or
|
12
|
+
# * TemplateBody [String] Structure containing the template body.
|
13
|
+
# or
|
14
|
+
# * TemplateURL [String] URL of file containing the template body.
|
15
|
+
#
|
16
|
+
# @return [Excon::Response]:
|
17
|
+
# * body [Hash:
|
18
|
+
# * Capabilities [Array] List of capabilties in the template.
|
19
|
+
# * CapabilitiesReason [String] The list of resources that generated the values in the Capabilities response element.
|
20
|
+
# * Description [String] Template Description.
|
21
|
+
# * Metadata [String] Template Metadata.
|
22
|
+
# * Parameters [Array] A list of parameter declarations that describe various properties for each parameter.
|
23
|
+
# * ResourceTypes [Array] all the template resource types that are defined in the template
|
24
|
+
#
|
25
|
+
# @see http://docs.amazonwebservices.com/AWSCloudFormation/latest/APIReference/API_GetTemplateSummary.html
|
26
|
+
|
27
|
+
def get_template_summary(options = {})
|
28
|
+
params = {}
|
29
|
+
|
30
|
+
if options['StackName']
|
31
|
+
params['StackName'] = options['StackName']
|
32
|
+
elsif options['TemplateBody']
|
33
|
+
params['TemplateBody'] = options['TemplateBody']
|
34
|
+
elsif options['TemplateURL']
|
35
|
+
params['TemplateURL'] = options['TemplateURL']
|
36
|
+
end
|
37
|
+
|
38
|
+
request({
|
39
|
+
'Action' => 'GetTemplateSummary',
|
40
|
+
:parser => Fog::Parsers::AWS::CloudFormation::GetTemplateSummary.new
|
41
|
+
}.merge!(params))
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -0,0 +1,40 @@
|
|
1
|
+
module Fog
|
2
|
+
module AWS
|
3
|
+
class CloudFormation
|
4
|
+
class Real
|
5
|
+
require 'fog/aws/parsers/cloud_formation/list_change_sets'
|
6
|
+
|
7
|
+
# List change sets.
|
8
|
+
#
|
9
|
+
# @param stack_name String] Name or the ARN of the stack for which you want to list change sets.
|
10
|
+
#
|
11
|
+
# @option options StackName [String] Name of the stack to describe.
|
12
|
+
#
|
13
|
+
# @return [Excon::Response]
|
14
|
+
# * body [Hash]:
|
15
|
+
# * Summaries [Array] - Matching change sets
|
16
|
+
# * stack [Hash]:
|
17
|
+
# * ChangeSetId [String] -
|
18
|
+
# * ChangeSetName [String] -
|
19
|
+
# * Description [String] -
|
20
|
+
# * CreationTime [Time] -
|
21
|
+
# * ExecutionStatus [String] -
|
22
|
+
# * StackId [String] -
|
23
|
+
# * StackName [String] -
|
24
|
+
# * Status [String] -
|
25
|
+
# * StackReason [String] -
|
26
|
+
#
|
27
|
+
#
|
28
|
+
# @see http://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ListChangeSets.html
|
29
|
+
|
30
|
+
def list_change_sets(stack_name, options = {})
|
31
|
+
request({
|
32
|
+
'Action' => 'ListChangeSets',
|
33
|
+
'StackName' => stack_name,
|
34
|
+
:parser => Fog::Parsers::AWS::CloudFormation::ListChangeSets.new
|
35
|
+
}.merge!(options))
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
module Fog
|
2
|
+
module AWS
|
3
|
+
class CloudFormation
|
4
|
+
class Real
|
5
|
+
require 'fog/aws/parsers/cloud_formation/basic'
|
6
|
+
|
7
|
+
# Sets a stack policy for a specified stack.
|
8
|
+
#
|
9
|
+
# @param stack_name [String] Name or unique stack ID that you want to associate a policy with.
|
10
|
+
# * options [Hash]:
|
11
|
+
# * StackPolicyBody [String] Structure containing the stack policy body.
|
12
|
+
# or (one of the two StackPolicy parameters is required)
|
13
|
+
# * StackPolicyURL [String] URL of file containing the stack policy.
|
14
|
+
# * Parameters [Hash] Hash of providers to supply to StackPolicy
|
15
|
+
#
|
16
|
+
# @return [Excon::Response]:
|
17
|
+
#
|
18
|
+
# @see http://docs.amazonwebservices.com/AWSCloudFormation/latest/APIReference/API_SetStackPolicy.html
|
19
|
+
|
20
|
+
def set_stack_policy(stack_name, options = {})
|
21
|
+
params = {}
|
22
|
+
|
23
|
+
if options['StackPolicyBody']
|
24
|
+
params['StackPolicyBody'] = options['StackPolicyBody']
|
25
|
+
elsif options['StackPolicyURL']
|
26
|
+
params['StackPolicyURL'] = options['StackPolicyURL']
|
27
|
+
end
|
28
|
+
|
29
|
+
request({
|
30
|
+
'Action' => 'SetStackPolicy',
|
31
|
+
'StackName' => stack_name,
|
32
|
+
:parser => Fog::Parsers::AWS::CloudFormation::Basic.new
|
33
|
+
}.merge!(params))
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
module Fog
|
2
|
+
module AWS
|
3
|
+
class CloudFormation
|
4
|
+
class Real
|
5
|
+
require 'fog/aws/parsers/cloud_formation/basic'
|
6
|
+
|
7
|
+
# Sends a signal to the specified resource.
|
8
|
+
#
|
9
|
+
# @param options Hash]:
|
10
|
+
# * LogicalResourceId [String] The logical ID of the resource that you want to signal.
|
11
|
+
# * StackName [String] The stack name or unique stack ID that includes the resource that you want to signal.
|
12
|
+
# * Status [String] The status of the signal, which is either success or failure.
|
13
|
+
# * UniqueId [String] A unique ID of the signal.
|
14
|
+
#
|
15
|
+
# @return [Excon::Response]
|
16
|
+
#
|
17
|
+
# @see http://docs.amazonwebservices.com/AWSCloudFormation/latest/APIReference/API_SignalResource.html
|
18
|
+
|
19
|
+
def signal_resource(logical_resource_id, stack_name, status, unique_id )
|
20
|
+
request(
|
21
|
+
'Action' => 'SignalResource',
|
22
|
+
'LogicalResourceId' => logical_resource_id,
|
23
|
+
'StackName' => stack_name,
|
24
|
+
'Status' => status,
|
25
|
+
'UniqueId' => unique_id,
|
26
|
+
:parser => Fog::Parsers::AWS::CloudFormation::Basic.new
|
27
|
+
)
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
@@ -13,6 +13,14 @@ module Fog
|
|
13
13
|
# * TemplateURL [String] URL of file containing the template body.
|
14
14
|
# * Parameters [Hash] Hash of providers to supply to template.
|
15
15
|
# * Capabilities [Array] List of capabilties the stack is granted. Currently CAPABILITY_IAM for allowing the creation of IAM resources.
|
16
|
+
# * NotificationARNs [Array] List of SNS topics to publish events to.
|
17
|
+
# * ResourceTypes [Array] The template resource types that you have permissions to work.
|
18
|
+
# * StackPolicyBody [String] Structure containing the stack policy body.
|
19
|
+
# * StackPolicyURL [String] URL of file containing the stack policy.
|
20
|
+
# * StackPolicyDuringUpdateBody [String] Structure containing the stack policy body to use during update.
|
21
|
+
# * StackPolicyDuringUpdateURL [String] URL of file containing the stack policy to use during update.
|
22
|
+
# * Tags [Array] Key-value pairs to associate with this stack.
|
23
|
+
# * UsePreviousTemplate [Boolean] Reuse the existing template that is associated with the stack that you are updating.
|
16
24
|
#
|
17
25
|
# @return [Excon::Response]
|
18
26
|
# * body [Hash]:
|
@@ -41,10 +49,51 @@ module Fog
|
|
41
49
|
params['TemplateURL'] = options['TemplateURL']
|
42
50
|
end
|
43
51
|
|
52
|
+
if options['StackPolicyBody']
|
53
|
+
params['StackPolicyBody'] = options['StackPolicyBody']
|
54
|
+
elsif options['StackPolicyURL']
|
55
|
+
params['StackPolicyURL'] = options['StackPolicyURL']
|
56
|
+
end
|
57
|
+
|
58
|
+
if options['StackPolicyDuringUpdateBody']
|
59
|
+
params['StackPolicyDuringUpdateBody'] = options['StackPolicyDuringUpdateBody']
|
60
|
+
elsif options['StackPolicyDuringUpdateURL']
|
61
|
+
params['StackPolicyDuringUpdateURL'] = options['StackPolicyDuringUpdateURL']
|
62
|
+
end
|
63
|
+
|
64
|
+
num_tags = 0
|
65
|
+
if options['Tags']
|
66
|
+
options['Tags'].keys.each_with_index do |key, index|
|
67
|
+
index += 1 # tags are 1-indexed
|
68
|
+
num_tags += 1 # 10 tag max
|
69
|
+
|
70
|
+
params.merge!({
|
71
|
+
"Tags.member.#{index}.Key" => key,
|
72
|
+
"Tags.member.#{index}.Value" => options['Tags'][key]
|
73
|
+
})
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
if num_tags > 10
|
78
|
+
raise ArgumentError.new("a maximum of 10 tags can be specified <#{num_tags}>")
|
79
|
+
end
|
80
|
+
|
44
81
|
if options['Capabilities']
|
45
82
|
params.merge!(Fog::AWS.indexed_param("Capabilities.member", [*options['Capabilities']]))
|
46
83
|
end
|
47
84
|
|
85
|
+
if options['NotificationARNs']
|
86
|
+
params.merge!(Fog::AWS.indexed_param("NotificationARNs.member", [*options['NotificationARNs']]))
|
87
|
+
end
|
88
|
+
|
89
|
+
if options['ResourceTypes']
|
90
|
+
params.merge!(Fog::AWS.indexed_param("ResourceTypes.member", [*options['ResourceTypes']]))
|
91
|
+
end
|
92
|
+
|
93
|
+
if options['UsePreviousTemplate']
|
94
|
+
params['UsePreviousTemplate'] = options['UsePreviousTemplate']
|
95
|
+
end
|
96
|
+
|
48
97
|
request({
|
49
98
|
'Action' => 'UpdateStack',
|
50
99
|
:parser => Fog::Parsers::AWS::CloudFormation::UpdateStack.new
|
@@ -0,0 +1,112 @@
|
|
1
|
+
module Fog
|
2
|
+
module Compute
|
3
|
+
class AWS
|
4
|
+
class Real
|
5
|
+
require 'fog/aws/parsers/compute/basic'
|
6
|
+
|
7
|
+
# Add permissions to a security group
|
8
|
+
#
|
9
|
+
# ==== Parameters
|
10
|
+
# * group_name<~String> - Name of group, optional (can also be specifed as GroupName in options)
|
11
|
+
# * options<~Hash>:
|
12
|
+
# * 'GroupName'<~String> - Name of security group to modify
|
13
|
+
# * 'GroupId'<~String> - Id of security group to modify
|
14
|
+
# * 'SourceSecurityGroupName'<~String> - Name of security group to authorize
|
15
|
+
# * 'SourceSecurityGroupOwnerId'<~String> - Name of owner to authorize
|
16
|
+
# or
|
17
|
+
# * 'CidrIp'<~String> - CIDR range
|
18
|
+
# * 'FromPort'<~Integer> - Start of port range (or -1 for ICMP wildcard)
|
19
|
+
# * 'IpProtocol'<~String> - Ip protocol, must be in ['tcp', 'udp', 'icmp']
|
20
|
+
# * 'ToPort'<~Integer> - End of port range (or -1 for ICMP wildcard)
|
21
|
+
# or
|
22
|
+
# * 'IpPermissions'<~Array>:
|
23
|
+
# * permission<~Hash>:
|
24
|
+
# * 'FromPort'<~Integer> - Start of port range (or -1 for ICMP wildcard)
|
25
|
+
# * 'Groups'<~Array>:
|
26
|
+
# * group<~Hash>:
|
27
|
+
# * 'GroupName'<~String> - Name of security group to authorize
|
28
|
+
# * 'UserId'<~String> - Name of owner to authorize
|
29
|
+
# * 'IpProtocol'<~String> - Ip protocol, must be in ['tcp', 'udp', 'icmp']
|
30
|
+
# * 'IpRanges'<~Array>:
|
31
|
+
# * ip_range<~Hash>:
|
32
|
+
# * 'CidrIp'<~String> - CIDR range
|
33
|
+
# * 'ToPort'<~Integer> - End of port range (or -1 for ICMP wildcard)
|
34
|
+
#
|
35
|
+
# === Returns
|
36
|
+
# * response<~Excon::Response>:
|
37
|
+
# * body<~Hash>:
|
38
|
+
# * 'requestId'<~String> - Id of request
|
39
|
+
# * 'return'<~Boolean> - success?
|
40
|
+
#
|
41
|
+
# {Amazon API Reference}[http://docs.amazonwebservices.com/AWSEC2/latest/APIReference/ApiReference-query-AuthorizeSecurityGroupEgress.html]
|
42
|
+
def authorize_security_group_egress(group_name, options = {})
|
43
|
+
options = Fog::AWS.parse_security_group_options(group_name, options)
|
44
|
+
|
45
|
+
if ip_permissions = options.delete('IpPermissions')
|
46
|
+
options.merge!(indexed_ip_permissions_params(ip_permissions))
|
47
|
+
end
|
48
|
+
|
49
|
+
request({
|
50
|
+
'Action' => 'AuthorizeSecurityGroupEgress',
|
51
|
+
:idempotent => true,
|
52
|
+
:parser => Fog::Parsers::Compute::AWS::Basic.new
|
53
|
+
}.merge!(options))
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
class Mock
|
58
|
+
def authorize_security_group_egress(group_name, options = {})
|
59
|
+
options = Fog::AWS.parse_security_group_options(group_name, options)
|
60
|
+
if options.key?('GroupName')
|
61
|
+
group_name = options['GroupName']
|
62
|
+
else
|
63
|
+
group_name = self.data[:security_groups].reject { |k,v| v['groupId'] != options['GroupId'] } .keys.first
|
64
|
+
end
|
65
|
+
|
66
|
+
response = Excon::Response.new
|
67
|
+
group = self.data[:security_groups][group_name] || raise(Fog::Compute::AWS::NotFound.new("The security group '#{group_name}' does not exist"))
|
68
|
+
|
69
|
+
verify_permission_options(options, group['vpcId'] != nil)
|
70
|
+
|
71
|
+
normalized_permissions = normalize_permissions(options)
|
72
|
+
|
73
|
+
normalized_permissions.each do |permission|
|
74
|
+
if matching_group_permission = find_matching_permission_egress(group, permission)
|
75
|
+
if permission['groups'].any? {|pg| matching_group_permission['groups'].include?(pg) }
|
76
|
+
raise Fog::Compute::AWS::Error, "InvalidPermission.Duplicate => The permission '123' has already been authorized in the specified group"
|
77
|
+
end
|
78
|
+
|
79
|
+
if permission['ipRanges'].any? {|pr| matching_group_permission['ipRanges'].include?(pr) }
|
80
|
+
raise Fog::Compute::AWS::Error, "InvalidPermission.Duplicate => The permission '123' has already been authorized in the specified group"
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
85
|
+
normalized_permissions.each do |permission|
|
86
|
+
if matching_group_permission = find_matching_permission_egress(group, permission)
|
87
|
+
matching_group_permission['groups'] += permission['groups']
|
88
|
+
matching_group_permission['ipRanges'] += permission['ipRanges']
|
89
|
+
else
|
90
|
+
group['ipPermissionsEgress'] << permission
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
94
|
+
response.status = 200
|
95
|
+
response.body = {
|
96
|
+
'requestId' => Fog::AWS::Mock.request_id,
|
97
|
+
'return' => true
|
98
|
+
}
|
99
|
+
response
|
100
|
+
end
|
101
|
+
|
102
|
+
def find_matching_permission_egress(group, permission)
|
103
|
+
group['ipPermissionsEgress'].find do |group_permission|
|
104
|
+
permission['ipProtocol'] == group_permission['ipProtocol'] &&
|
105
|
+
permission['fromPort'] == group_permission['fromPort'] &&
|
106
|
+
permission['toPort'] == group_permission['toPort']
|
107
|
+
end
|
108
|
+
end
|
109
|
+
end
|
110
|
+
end
|
111
|
+
end
|
112
|
+
end
|
@@ -0,0 +1,98 @@
|
|
1
|
+
module Fog
|
2
|
+
module Compute
|
3
|
+
class AWS
|
4
|
+
class Real
|
5
|
+
require 'fog/aws/parsers/compute/basic'
|
6
|
+
|
7
|
+
# Remove permissions from a security group
|
8
|
+
#
|
9
|
+
# ==== Parameters
|
10
|
+
# * group_name<~String> - Name of group, optional (can also be specifed as GroupName in options)
|
11
|
+
# * options<~Hash>:
|
12
|
+
# * 'GroupName'<~String> - Name of security group to modify
|
13
|
+
# * 'GroupId'<~String> - Id of security group to modify
|
14
|
+
# * 'SourceSecurityGroupName'<~String> - Name of security group to authorize
|
15
|
+
# * 'SourceSecurityGroupOwnerId'<~String> - Name of owner to authorize
|
16
|
+
# or
|
17
|
+
# * 'CidrIp'<~String> - CIDR range
|
18
|
+
# * 'FromPort'<~Integer> - Start of port range (or -1 for ICMP wildcard)
|
19
|
+
# * 'IpProtocol'<~String> - Ip protocol, must be in ['tcp', 'udp', 'icmp']
|
20
|
+
# * 'ToPort'<~Integer> - End of port range (or -1 for ICMP wildcard)
|
21
|
+
# or
|
22
|
+
# * 'IpPermissions'<~Array>:
|
23
|
+
# * permission<~Hash>:
|
24
|
+
# * 'FromPort'<~Integer> - Start of port range (or -1 for ICMP wildcard)
|
25
|
+
# * 'Groups'<~Array>:
|
26
|
+
# * group<~Hash>:
|
27
|
+
# * 'GroupName'<~String> - Name of security group to authorize
|
28
|
+
# * 'UserId'<~String> - Name of owner to authorize
|
29
|
+
# * 'IpProtocol'<~String> - Ip protocol, must be in ['tcp', 'udp', 'icmp']
|
30
|
+
# * 'IpRanges'<~Array>:
|
31
|
+
# * ip_range<~Hash>:
|
32
|
+
# * 'CidrIp'<~String> - CIDR range
|
33
|
+
# * 'ToPort'<~Integer> - End of port range (or -1 for ICMP wildcard)
|
34
|
+
#
|
35
|
+
# === Returns
|
36
|
+
# * response<~Excon::Response>:
|
37
|
+
# * body<~Hash>:
|
38
|
+
# * 'requestId'<~String> - Id of request
|
39
|
+
# * 'return'<~Boolean> - success?
|
40
|
+
#
|
41
|
+
# {Amazon API Reference}[http://docs.amazonwebservices.com/AWSEC2/latest/APIReference/ApiReference-query-RevokeSecurityGroupEgress.html]
|
42
|
+
def revoke_security_group_egress(group_name, options = {})
|
43
|
+
options = Fog::AWS.parse_security_group_options(group_name, options)
|
44
|
+
|
45
|
+
if ip_permissions = options.delete('IpPermissions')
|
46
|
+
options.merge!(indexed_ip_permissions_params(ip_permissions))
|
47
|
+
end
|
48
|
+
|
49
|
+
request({
|
50
|
+
'Action' => 'RevokeSecurityGroupEgress',
|
51
|
+
:idempotent => true,
|
52
|
+
:parser => Fog::Parsers::Compute::AWS::Basic.new
|
53
|
+
}.merge!(options))
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
class Mock
|
58
|
+
def revoke_security_group_egress(group_name, options = {})
|
59
|
+
options = Fog::AWS.parse_security_group_options(group_name, options)
|
60
|
+
if options.key?('GroupName')
|
61
|
+
group_name = options['GroupName']
|
62
|
+
else
|
63
|
+
group_name = self.data[:security_groups].reject { |k,v| v['groupId'] != options['GroupId'] } .keys.first
|
64
|
+
end
|
65
|
+
|
66
|
+
response = Excon::Response.new
|
67
|
+
group = self.data[:security_groups][group_name]
|
68
|
+
|
69
|
+
if group
|
70
|
+
verify_permission_options(options, group['vpcId'] != nil)
|
71
|
+
|
72
|
+
normalized_permissions = normalize_permissions(options)
|
73
|
+
|
74
|
+
normalized_permissions.each do |permission|
|
75
|
+
if matching_permission = find_matching_permission_egress(group, permission)
|
76
|
+
matching_permission['ipRanges'] -= permission['ipRanges']
|
77
|
+
matching_permission['groups'] -= permission['groups']
|
78
|
+
|
79
|
+
if matching_permission['ipRanges'].empty? && matching_permission['groups'].empty?
|
80
|
+
group['ipPermissionsEgress'].delete(matching_permission)
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
85
|
+
response.status = 200
|
86
|
+
response.body = {
|
87
|
+
'requestId' => Fog::AWS::Mock.request_id,
|
88
|
+
'return' => true
|
89
|
+
}
|
90
|
+
response
|
91
|
+
else
|
92
|
+
raise Fog::Compute::AWS::NotFound.new("The security group '#{group_name}' does not exist")
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|