fog--fog/lib/fog/aws/models/compute/security_group.rb

require 'fog/core/model'

module Fog
  module Compute
    class AWS
      class SecurityGroup < Fog::Model
        identity  :name,            :aliases => 'groupName'
        attribute :description,     :aliases => 'groupDescription'
        attribute :group_id,        :aliases => 'groupId'
        attribute :ip_permissions,  :aliases => 'ipPermissions'
        attribute :ip_permissions_egress,  :aliases => 'ipPermissionsEgress'
        attribute :owner_id,        :aliases => 'ownerId'
        attribute :vpc_id,          :aliases => 'vpcId'

        # Authorize access by another security group
        #
        #  >> g = AWS.security_groups.all(:description => "something").first
        #  >> g.authorize_group_and_owner("some_group_name", "1234567890")
        #
        # == Parameters:
        # group::
        #   The name of the security group you're granting access to.
        #
        # owner::
        #   The owner id for security group you're granting access to.
        #
        # == Returns:
        #
        # An excon response object representing the result
        #
        #  <Excon::Response:0x101fc2ae0
        #    @status=200,
        #    @body={"requestId"=>"some-id-string",
        #           "return"=>true},
        #    headers{"Transfer-Encoding"=>"chunked",
        #            "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
        #            "Content-Type"=>"text/xml;charset=UTF-8",
        #            "Server"=>"AmazonEC2"}
        #

        def authorize_group_and_owner(group, owner = nil)
          Fog::Logger.deprecation("authorize_group_and_owner is deprecated, use authorize_port_range with :group option instead")

          requires_one :name, :group_id

          service.authorize_security_group_ingress(
            name,
            'GroupId'                    => group_id,
            'SourceSecurityGroupName'    => group,
            'SourceSecurityGroupOwnerId' => owner
          )
        end

        # Authorize a new port range for a security group
        #
        #  >> g = AWS.security_groups.all(:description => "something").first
        #  >> g.authorize_port_range(20..21)
        #
        # == Parameters:
        # range::
        #   A Range object representing the port range you want to open up. E.g., 20..21
        #
        # options::
        #   A hash that can contain any of the following keys:
        #    :cidr_ip (defaults to "0.0.0.0/0")
        #    :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip
        #    :ip_protocol (defaults to "tcp")
        #
        # == Returns:
        #
        # An excon response object representing the result
        #
        #  <Excon::Response:0x101fc2ae0
        #    @status=200,
        #    @body={"requestId"=>"some-id-string",
        #           "return"=>true},
        #    headers{"Transfer-Encoding"=>"chunked",
        #            "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
        #            "Content-Type"=>"text/xml;charset=UTF-8",
        #            "Server"=>"AmazonEC2"}
        #

        def authorize_port_range(range, options = {})
          requires_one :name, :group_id

          ip_permission = {
            'FromPort'   => range.min,
            'ToPort'     => range.max,
            'IpProtocol' => options[:ip_protocol] || 'tcp'
          }

          if options[:group].nil?
            ip_permission['IpRanges'] = [
              { 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
            ]
          else
            ip_permission['Groups'] = [
              group_info(options[:group])
            ]
          end

          service.authorize_security_group_ingress(
            name,
            'GroupId'       => group_id,
            'IpPermissions' => [ ip_permission ]
          )
        end

        # Removes an existing security group
        #
        # security_group.destroy
        #
        # ==== Returns
        #
        # True or false depending on the result
        #

        def destroy
          requires_one :name, :group_id

          if group_id.nil?
            service.delete_security_group(name)
          else
            service.delete_security_group(nil, group_id)
          end
          true
        end

        # Revoke access by another security group
        #
        #  >> g = AWS.security_groups.all(:description => "something").first
        #  >> g.revoke_group_and_owner("some_group_name", "1234567890")
        #
        # == Parameters:
        # group::
        #   The name of the security group you're revoking access to.
        #
        # owner::
        #   The owner id for security group you're revoking access access to.
        #
        # == Returns:
        #
        # An excon response object representing the result
        #
        #  <Excon::Response:0x101fc2ae0
        #    @status=200,
        #    @body={"requestId"=>"some-id-string",
        #           "return"=>true},
        #    headers{"Transfer-Encoding"=>"chunked",
        #            "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
        #            "Content-Type"=>"text/xml;charset=UTF-8",
        #            "Server"=>"AmazonEC2"}
        #

        def revoke_group_and_owner(group, owner = nil)
          Fog::Logger.deprecation("revoke_group_and_owner is deprecated, use revoke_port_range with :group option instead")

          requires_one :name, :group_id

          service.revoke_security_group_ingress(
            name,
            'GroupId'                    => group_id,
            'SourceSecurityGroupName'    => group,
            'SourceSecurityGroupOwnerId' => owner
          )
        end

        # Revoke an existing port range for a security group
        #
        #  >> g = AWS.security_groups.all(:description => "something").first
        #  >> g.revoke_port_range(20..21)
        #
        # == Parameters:
        # range::
        #   A Range object representing the port range you want to open up. E.g., 20..21
        #
        # options::
        #   A hash that can contain any of the following keys:
        #    :cidr_ip (defaults to "0.0.0.0/0")
        #    :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip
        #    :ip_protocol (defaults to "tcp")
        #
        # == Returns:
        #
        # An excon response object representing the result
        #
        #  <Excon::Response:0x101fc2ae0
        #    @status=200,
        #    @body={"requestId"=>"some-id-string",
        #           "return"=>true},
        #    headers{"Transfer-Encoding"=>"chunked",
        #            "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",
        #            "Content-Type"=>"text/xml;charset=UTF-8",
        #            "Server"=>"AmazonEC2"}
        #

        def revoke_port_range(range, options = {})
          requires_one :name, :group_id

          ip_permission = {
            'FromPort'   => range.min,
            'ToPort'     => range.max,
            'IpProtocol' => options[:ip_protocol] || 'tcp'
          }

          if options[:group].nil?
            ip_permission['IpRanges'] = [
              { 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
            ]
          else
            ip_permission['Groups'] = [
              group_info(options[:group])
            ]
          end

          service.revoke_security_group_ingress(
            name,
            'GroupId'       => group_id,
            'IpPermissions' => [ ip_permission ]
          )
        end

        # Create a security group
        #
        #  >> g = AWS.security_groups.new(:name => "some_name", :description => "something")
        #  >> g.save
        #
        # == Returns:
        #
        # True or an exception depending on the result. Keep in mind that this *creates* a new security group.
        # As such, it yields an InvalidGroup.Duplicate exception if you attempt to save an existing group.
        #

        def save
          requires :description, :name
          data = service.create_security_group(name, description, vpc_id).body
          new_attributes = data.reject {|key,value| key == 'requestId'}
          merge_attributes(new_attributes)
          true
        end

        private

        #
        # +group_arg+ may be a string or a hash with one key & value.
        #
        # If group_arg is a string, it is assumed to be the group name,
        # and the UserId is assumed to be self.owner_id.
        #
        # The "account:group" form is deprecated.
        #
        # If group_arg is a hash, the key is the UserId and value is the group.
        def group_info(group_arg)
          if Hash === group_arg
            account = group_arg.keys.first
            group   = group_arg.values.first
          elsif group_arg.match(/:/)
            account, group = group_arg.split(':')
            Fog::Logger.deprecation("'account:group' argument is deprecated. Use {account => group} or just group instead")
          else
            requires :owner_id
            account = owner_id
            group = group_arg
          end

          info = { 'UserId' => account }

          if group.start_with?("sg-")
            # we're dealing with a security group id
            info['GroupId'] = group
          else
            # this has to be a security group name
            info['GroupName'] = group
          end

          info
        end
      end
    end
  end
end
fix paths for core requires 2010-10-04 17:02:08 -04:00			`require 'fog/core/model'`
[ec2] cleaner mocking/dependencies 2010-03-16 18:46:21 -04:00
first pass at security group models 2009-09-18 11:56:42 -04:00			`module Fog`
[compute] refactor provider/service namespacing 2011-06-16 19:28:54 -04:00			`module Compute`
			`class AWS`
first pass at security group models 2009-09-18 11:56:42 -04:00			`class SecurityGroup < Fog::Model`
update attribute to consistently take hash and remove legacy array of aliases usage 2010-09-07 14:30:02 -04:00			`identity :name, :aliases => 'groupName'`
			`attribute :description, :aliases => 'groupDescription'`
Add the ability to return the security group ID when requesting a SecurityGroupData object 2011-12-14 16:25:06 -05:00			`attribute :group_id, :aliases => 'groupId'`
update attribute to consistently take hash and remove legacy array of aliases usage 2010-09-07 14:30:02 -04:00			`attribute :ip_permissions, :aliases => 'ipPermissions'`
Update lib/fog/aws/models/compute/security_group.rb 2012-08-17 16:57:02 -04:00			`attribute :ip_permissions_egress, :aliases => 'ipPermissionsEgress'`
update attribute to consistently take hash and remove legacy array of aliases usage 2010-09-07 14:30:02 -04:00			`attribute :owner_id, :aliases => 'ownerId'`
Add code to support the creation and modification of security groups existing in a VPC 2011-12-23 08:40:47 -05:00			`attribute :vpc_id, :aliases => 'vpcId'`
first pass at security group models 2009-09-18 11:56:42 -04:00
[aws\|compute] Add better security group documentation. 2010-12-27 19:07:39 -05:00			`# Authorize access by another security group`
			`#`
			`# >> g = AWS.security_groups.all(:description => "something").first`
			`# >> g.authorize_group_and_owner("some_group_name", "1234567890")`
			`#`
			`# == Parameters:`
			`# group::`
			`# The name of the security group you're granting access to.`
			`#`
			`# owner::`
			`# The owner id for security group you're granting access to.`
			`#`
			`# == Returns:`
			`#`
			`# An excon response object representing the result`
			`#`
			`# <Excon::Response:0x101fc2ae0`
			`# @status=200,`
			`# @body={"requestId"=>"some-id-string",`
			`# "return"=>true},`
			`# headers{"Transfer-Encoding"=>"chunked",`
			`# "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",`
			`# "Content-Type"=>"text/xml;charset=UTF-8",`
			`# "Server"=>"AmazonEC2"}`
			`#`

[compute\|aws] Since this is really proving the use of nil, let's just not pretend there's a value for owner_id. 2011-08-23 19:19:49 -04:00			`def authorize_group_and_owner(group, owner = nil)`
[aws\|compute] fix typo in deprecation warning 2012-08-02 10:36:38 -04:00			`Fog::Logger.deprecation("authorize_group_and_owner is deprecated, use authorize_port_range with :group option instead")`
add authorize and revoke port range for security group 2012-06-15 22:12:59 -04:00
[vpc-fixes] AWS security group model + VPC [vpc-fixes] drop sec group name when id is provided [vpc-fixes] must use IpPermissions in order to apply [vpc-fixes] adjust sec group tests since group id can be provided instead of group name [vpc-fixes] update other methods to allow for name or id [vpc-fixes] fix whitespace in test [vpc-fixes] testing nil name and id [vpc-fixes] get sec group revoke working [vpc-fixes] name_specified & group_id_specified to catch where GroupId key exists but is nil 2012-03-29 03:52:14 -04:00			`requires_one :name, :group_id`
nicer error messages for missing required params on models 2009-11-21 16:56:39 -05:00
[aws\|compute] Updates reference to service 2012-12-22 18:31:31 -05:00			`service.authorize_security_group_ingress(`
[aws\|compute] authorize/revoke security group requests name should be required param 2011-02-21 19:34:43 -05:00			`name,`
[vpc-fixes] AWS security group model + VPC [vpc-fixes] drop sec group name when id is provided [vpc-fixes] must use IpPermissions in order to apply [vpc-fixes] adjust sec group tests since group id can be provided instead of group name [vpc-fixes] update other methods to allow for name or id [vpc-fixes] fix whitespace in test [vpc-fixes] testing nil name and id [vpc-fixes] get sec group revoke working [vpc-fixes] name_specified & group_id_specified to catch where GroupId key exists but is nil 2012-03-29 03:52:14 -04:00			`'GroupId' => group_id,`
			`'SourceSecurityGroupName' => group,`
			`'SourceSecurityGroupOwnerId' => owner`
nicer model interface to authorizing security group ingresses 2009-10-24 14:20:05 -04:00			`)`
			`end`

[aws\|compute] Add better security group documentation. 2010-12-27 19:07:39 -05:00			`# Authorize a new port range for a security group`
			`#`
			`# >> g = AWS.security_groups.all(:description => "something").first`
			`# >> g.authorize_port_range(20..21)`
			`#`
			`# == Parameters:`
			`# range::`
			`# A Range object representing the port range you want to open up. E.g., 20..21`
			`#`
			`# options::`
			`# A hash that can contain any of the following keys:`
			`# :cidr_ip (defaults to "0.0.0.0/0")`
add authorize and revoke port range for security group 2012-06-15 22:12:59 -04:00			`# :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip`
[aws\|compute] Add better security group documentation. 2010-12-27 19:07:39 -05:00			`# :ip_protocol (defaults to "tcp")`
			`#`
			`# == Returns:`
			`#`
			`# An excon response object representing the result`
			`#`
			`# <Excon::Response:0x101fc2ae0`
			`# @status=200,`
			`# @body={"requestId"=>"some-id-string",`
			`# "return"=>true},`
			`# headers{"Transfer-Encoding"=>"chunked",`
			`# "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",`
			`# "Content-Type"=>"text/xml;charset=UTF-8",`
			`# "Server"=>"AmazonEC2"}`
			`#`

nicer model interface to authorizing security group ingresses 2009-10-24 14:20:05 -04:00			`def authorize_port_range(range, options = {})`
[vpc-fixes] AWS security group model + VPC [vpc-fixes] drop sec group name when id is provided [vpc-fixes] must use IpPermissions in order to apply [vpc-fixes] adjust sec group tests since group id can be provided instead of group name [vpc-fixes] update other methods to allow for name or id [vpc-fixes] fix whitespace in test [vpc-fixes] testing nil name and id [vpc-fixes] get sec group revoke working [vpc-fixes] name_specified & group_id_specified to catch where GroupId key exists but is nil 2012-03-29 03:52:14 -04:00			`requires_one :name, :group_id`
nicer error messages for missing required params on models 2009-11-21 16:56:39 -05:00
add authorize and revoke port range for security group 2012-06-15 22:12:59 -04:00			`ip_permission = {`
			`'FromPort' => range.min,`
			`'ToPort' => range.max,`
			`'IpProtocol' => options[:ip_protocol] \|\| 'tcp'`
			`}`

			`if options[:group].nil?`
			`ip_permission['IpRanges'] = [`
			`{ 'CidrIp' => options[:cidr_ip] \|\| '0.0.0.0/0' }`
			`]`
			`else`
			`ip_permission['Groups'] = [`
			`group_info(options[:group])`
			`]`
			`end`

[aws\|compute] Updates reference to service 2012-12-22 18:31:31 -05:00			`service.authorize_security_group_ingress(`
[aws\|compute] authorize/revoke security group requests name should be required param 2011-02-21 19:34:43 -05:00			`name,`
[vpc-fixes] AWS security group model + VPC [vpc-fixes] drop sec group name when id is provided [vpc-fixes] must use IpPermissions in order to apply [vpc-fixes] adjust sec group tests since group id can be provided instead of group name [vpc-fixes] update other methods to allow for name or id [vpc-fixes] fix whitespace in test [vpc-fixes] testing nil name and id [vpc-fixes] get sec group revoke working [vpc-fixes] name_specified & group_id_specified to catch where GroupId key exists but is nil 2012-03-29 03:52:14 -04:00			`'GroupId' => group_id,`
add authorize and revoke port range for security group 2012-06-15 22:12:59 -04:00			`'IpPermissions' => [ ip_permission ]`
nicer model interface to authorizing security group ingresses 2009-10-24 14:20:05 -04:00			`)`
fix security group param on instance model, add first pass at authorize method for security groups 2009-10-23 17:37:04 -04:00			`end`

[aws\|compute] Add better security group documentation. 2010-12-27 19:07:39 -05:00			`# Removes an existing security group`
			`#`
			`# security_group.destroy`
			`#`
			`# ==== Returns`
			`#`
			`# True or false depending on the result`
			`#`

cleanup/consistency in ec2 models 2009-09-20 12:21:03 -04:00			`def destroy`
[vpc-fixes] AWS security group model + VPC [vpc-fixes] drop sec group name when id is provided [vpc-fixes] must use IpPermissions in order to apply [vpc-fixes] adjust sec group tests since group id can be provided instead of group name [vpc-fixes] update other methods to allow for name or id [vpc-fixes] fix whitespace in test [vpc-fixes] testing nil name and id [vpc-fixes] get sec group revoke working [vpc-fixes] name_specified & group_id_specified to catch where GroupId key exists but is nil 2012-03-29 03:52:14 -04:00			`requires_one :name, :group_id`
nicer error messages for missing required params on models 2009-11-21 16:56:39 -05:00
Changes to the security group handling: * CreateSecurityGroup now includes the group id in the reply, this patch makes the code store this * The patch also changes the delete call to use the group id if present (since you must use the id when deleting VPC groups) 2012-03-20 03:49:49 -04:00			`if group_id.nil?`
[aws\|compute] Updates reference to service 2012-12-22 18:31:31 -05:00			`service.delete_security_group(name)`
Changes to the security group handling: * CreateSecurityGroup now includes the group id in the reply, this patch makes the code store this * The patch also changes the delete call to use the group id if present (since you must use the id when deleting VPC groups) 2012-03-20 03:49:49 -04:00			`else`
[aws\|compute] Updates reference to service 2012-12-22 18:31:31 -05:00			`service.delete_security_group(nil, group_id)`
Changes to the security group handling: * CreateSecurityGroup now includes the group id in the reply, this patch makes the code store this * The patch also changes the delete call to use the group id if present (since you must use the id when deleting VPC groups) 2012-03-20 03:49:49 -04:00			`end`
first pass at security group models 2009-09-18 11:56:42 -04:00			`true`
			`end`

[aws\|compute] Add better security group documentation. 2010-12-27 19:07:39 -05:00			`# Revoke access by another security group`
			`#`
			`# >> g = AWS.security_groups.all(:description => "something").first`
			`# >> g.revoke_group_and_owner("some_group_name", "1234567890")`
			`#`
			`# == Parameters:`
			`# group::`
			`# The name of the security group you're revoking access to.`
			`#`
			`# owner::`
			`# The owner id for security group you're revoking access access to.`
			`#`
			`# == Returns:`
			`#`
			`# An excon response object representing the result`
			`#`
			`# <Excon::Response:0x101fc2ae0`
			`# @status=200,`
			`# @body={"requestId"=>"some-id-string",`
			`# "return"=>true},`
			`# headers{"Transfer-Encoding"=>"chunked",`
			`# "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",`
			`# "Content-Type"=>"text/xml;charset=UTF-8",`
			`# "Server"=>"AmazonEC2"}`
			`#`

[compute\|aws] Since this is really proving the use of nil, let's just not pretend there's a value for owner_id. 2011-08-23 19:19:49 -04:00			`def revoke_group_and_owner(group, owner = nil)`
add authorize and revoke port range for security group 2012-06-15 22:12:59 -04:00			`Fog::Logger.deprecation("revoke_group_and_owner is deprecated, use revoke_port_range with :group option instead")`

[vpc-fixes] AWS security group model + VPC [vpc-fixes] drop sec group name when id is provided [vpc-fixes] must use IpPermissions in order to apply [vpc-fixes] adjust sec group tests since group id can be provided instead of group name [vpc-fixes] update other methods to allow for name or id [vpc-fixes] fix whitespace in test [vpc-fixes] testing nil name and id [vpc-fixes] get sec group revoke working [vpc-fixes] name_specified & group_id_specified to catch where GroupId key exists but is nil 2012-03-29 03:52:14 -04:00			`requires_one :name, :group_id`
expanding on bootstrap and adding to aws 2010-09-15 20:31:45 -04:00
[aws\|compute] Updates reference to service 2012-12-22 18:31:31 -05:00			`service.revoke_security_group_ingress(`
[aws\|compute] authorize/revoke security group requests name should be required param 2011-02-21 19:34:43 -05:00			`name,`
[vpc-fixes] AWS security group model + VPC [vpc-fixes] drop sec group name when id is provided [vpc-fixes] must use IpPermissions in order to apply [vpc-fixes] adjust sec group tests since group id can be provided instead of group name [vpc-fixes] update other methods to allow for name or id [vpc-fixes] fix whitespace in test [vpc-fixes] testing nil name and id [vpc-fixes] get sec group revoke working [vpc-fixes] name_specified & group_id_specified to catch where GroupId key exists but is nil 2012-03-29 03:52:14 -04:00			`'GroupId' => group_id,`
			`'SourceSecurityGroupName' => group,`
			`'SourceSecurityGroupOwnerId' => owner`
expanding on bootstrap and adding to aws 2010-09-15 20:31:45 -04:00			`)`
			`end`

[aws\|compute] Add better security group documentation. 2010-12-27 19:07:39 -05:00			`# Revoke an existing port range for a security group`
			`#`
			`# >> g = AWS.security_groups.all(:description => "something").first`
			`# >> g.revoke_port_range(20..21)`
			`#`
			`# == Parameters:`
			`# range::`
			`# A Range object representing the port range you want to open up. E.g., 20..21`
			`#`
			`# options::`
			`# A hash that can contain any of the following keys:`
			`# :cidr_ip (defaults to "0.0.0.0/0")`
add authorize and revoke port range for security group 2012-06-15 22:12:59 -04:00			`# :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip`
[aws\|compute] Add better security group documentation. 2010-12-27 19:07:39 -05:00			`# :ip_protocol (defaults to "tcp")`
			`#`
			`# == Returns:`
			`#`
			`# An excon response object representing the result`
			`#`
			`# <Excon::Response:0x101fc2ae0`
			`# @status=200,`
			`# @body={"requestId"=>"some-id-string",`
			`# "return"=>true},`
			`# headers{"Transfer-Encoding"=>"chunked",`
			`# "Date"=>"Mon, 27 Dec 2010 22:12:57 GMT",`
			`# "Content-Type"=>"text/xml;charset=UTF-8",`
			`# "Server"=>"AmazonEC2"}`
			`#`

expanding on bootstrap and adding to aws 2010-09-15 20:31:45 -04:00			`def revoke_port_range(range, options = {})`
[vpc-fixes] AWS security group model + VPC [vpc-fixes] drop sec group name when id is provided [vpc-fixes] must use IpPermissions in order to apply [vpc-fixes] adjust sec group tests since group id can be provided instead of group name [vpc-fixes] update other methods to allow for name or id [vpc-fixes] fix whitespace in test [vpc-fixes] testing nil name and id [vpc-fixes] get sec group revoke working [vpc-fixes] name_specified & group_id_specified to catch where GroupId key exists but is nil 2012-03-29 03:52:14 -04:00			`requires_one :name, :group_id`
expanding on bootstrap and adding to aws 2010-09-15 20:31:45 -04:00
add authorize and revoke port range for security group 2012-06-15 22:12:59 -04:00			`ip_permission = {`
			`'FromPort' => range.min,`
			`'ToPort' => range.max,`
			`'IpProtocol' => options[:ip_protocol] \|\| 'tcp'`
			`}`

			`if options[:group].nil?`
			`ip_permission['IpRanges'] = [`
			`{ 'CidrIp' => options[:cidr_ip] \|\| '0.0.0.0/0' }`
			`]`
			`else`
			`ip_permission['Groups'] = [`
			`group_info(options[:group])`
			`]`
			`end`

[aws\|compute] Updates reference to service 2012-12-22 18:31:31 -05:00			`service.revoke_security_group_ingress(`
[aws\|compute] authorize/revoke security group requests name should be required param 2011-02-21 19:34:43 -05:00			`name,`
[vpc-fixes] AWS security group model + VPC [vpc-fixes] drop sec group name when id is provided [vpc-fixes] must use IpPermissions in order to apply [vpc-fixes] adjust sec group tests since group id can be provided instead of group name [vpc-fixes] update other methods to allow for name or id [vpc-fixes] fix whitespace in test [vpc-fixes] testing nil name and id [vpc-fixes] get sec group revoke working [vpc-fixes] name_specified & group_id_specified to catch where GroupId key exists but is nil 2012-03-29 03:52:14 -04:00			`'GroupId' => group_id,`
add authorize and revoke port range for security group 2012-06-15 22:12:59 -04:00			`'IpPermissions' => [ ip_permission ]`
expanding on bootstrap and adding to aws 2010-09-15 20:31:45 -04:00			`)`
			`end`

[aws\|compute] Add better security group documentation. 2010-12-27 19:07:39 -05:00			`# Create a security group`
			`#`
			`# >> g = AWS.security_groups.new(:name => "some_name", :description => "something")`
			`# >> g.save`
			`#`
			`# == Returns:`
			`#`
			`# True or an exception depending on the result. Keep in mind that this creates a new security group.`
			`# As such, it yields an InvalidGroup.Duplicate exception if you attempt to save an existing group.`
			`#`

first pass at security group models 2009-09-18 11:56:42 -04:00			`def save`
description is required for new security groups 2010-01-21 22:23:46 -05:00			`requires :description, :name`
[aws\|compute] Updates reference to service 2012-12-22 18:31:31 -05:00			`data = service.create_security_group(name, description, vpc_id).body`
Changes to the security group handling: * CreateSecurityGroup now includes the group id in the reply, this patch makes the code store this * The patch also changes the delete call to use the group id if present (since you must use the id when deleting VPC groups) 2012-03-20 03:49:49 -04:00			`new_attributes = data.reject {\|key,value\| key == 'requestId'}`
			`merge_attributes(new_attributes)`
first pass at security group models 2009-09-18 11:56:42 -04:00			`true`
			`end`

add authorize and revoke port range for security group 2012-06-15 22:12:59 -04:00			`private`

[aws\|compute] Nicer interface for security group authorizations Don't use a specially formatted string for passing two arguments. Use a hash instead. This changes the interface introduced in pull #986. Default to using self.owner_id as the account if not specified. 2012-08-02 11:38:05 -04:00			`#`
			`# +group_arg+ may be a string or a hash with one key & value.`
			`#`
			`# If group_arg is a string, it is assumed to be the group name,`
			`# and the UserId is assumed to be self.owner_id.`
			`#`
			`# The "account:group" form is deprecated.`
			`#`
			`# If group_arg is a hash, the key is the UserId and value is the group.`
			`def group_info(group_arg)`
			`if Hash === group_arg`
			`account = group_arg.keys.first`
			`group = group_arg.values.first`
			`elsif group_arg.match(/:/)`
			`account, group = group_arg.split(':')`
			`Fog::Logger.deprecation("'account:group' argument is deprecated. Use {account => group} or just group instead")`
			`else`
			`requires :owner_id`
			`account = owner_id`
			`group = group_arg`
add authorize and revoke port range for security group 2012-06-15 22:12:59 -04:00			`end`

			`info = { 'UserId' => account }`

			`if group.start_with?("sg-")`
			`# we're dealing with a security group id`
			`info['GroupId'] = group`
			`else`
			`# this has to be a security group name`
			`info['GroupName'] = group`
			`end`

			`info`
			`end`
first pass at security group models 2009-09-18 11:56:42 -04:00			`end`
			`end`
			`end`
			`end`