File: entry.rb

package info (click to toggle)
ruby-aws-sdk 1.67.0-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 6,840 kB
  • sloc: ruby: 28,436; makefile: 7
file content (147 lines) | stat: -rw-r--r-- 5,199 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
 
# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"). You
# may not use this file except in compliance with the License. A copy of
# the License is located at
#
#     http://aws.amazon.com/apache2.0/
#
# or in the "license" file accompanying this file. This file is
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
# ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.

module AWS
  class EC2
    class NetworkACL < Resource

      # Represents a single entry (rule) for an EC2 network ACL.
      class Entry

        def initialize network_acl, details
          @network_acl = network_acl
          @rule_number = details[:rule_number]
          @protocol = details[:protocol].to_i
          @action = details[:rule_action].to_sym
          @egress = details[:egress]
          @ingress = !@egress
          @cidr_block = details[:cidr_block]
          if type_code = details[:icmp_type_code]
            @icmp_type = type_code[:type]
            @icmp_code = type_code[:code]
          end
          if range = details[:port_range]
            @port_range = (range[:from]..range[:to])
          end
        end

        # @return [NetworkACL]
        attr_reader :network_acl

        # @return [Integer]
        attr_reader :rule_number

        # @return [Integer] Returns the protocol number.  A value of -1
        #   means all protocols.  See
        #   http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml
        #   for a list of protocol numbers to names.
        attr_reader :protocol

        # @return [:allow,:deny] Whether to allow or deny the traffic that
        #   matches the rule.
        attr_reader :action

        # @return [Boolean] Indicate the rule is an egress rule (rule is
        #   applied to traffic leaving the subnet).
        attr_reader :egress

        # @return [Boolean] Indicate the rule is an ingress rule (rule is
        #   applied to traffic entering the subnet).
        attr_reader :ingress

        # @return [String] The network range to allow or deny, in CIDR notation.
        attr_reader :cidr_block

        # @return [nil,Range<Integer>] For the TCP or UDP protocols, the range
        #   of ports the rule applies to.
        attr_reader :port_range

        # @return [nil,Integer] A value of -1 means all codes for the given
        #  ICMP type.  Returns nil unless the protocol is ICMP.
        attr_reader :icmp_code

        # @return [nil,Integer] A value of -1 means all codes for the given
        #  ICMP type.  Returns nil unless the protocol is ICMP.
        attr_reader :icmp_type

        # @return [Boolean] Returns true if traffic matching this rule
        #   is allowed.
        def allow?
          @action == :allow
        end

        # @return [Boolean] Returns true if traffic matching this rule
        #   is denied.
        def deny?
          @action == :deny
        end

        # @return [Boolean] Returns true if the rule is applied to traffic
        #   entering the subnet.
        def ingress?
          @ingress
        end

        # @return [Boolean] Returns true if the rule is applied to traffic
        #   leaving the subnet.
        def egress?
          @egress
        end

        # Replaces the current network ACL entry with the options passed.
        #
        # @param [Hash] options
        #
        # @option options [required,:allow,:deny] :rule_action Whether to
        #   allow or deny traffic that matches the rule.
        #
        # @option options [required,Integer] :protocol IP protocol the rule
        #   applies to. You can use -1 to mean all protocols. You can see a
        #   list of #   supported protocol numbers here:
        #   http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml
        #
        # @option options [required,String] :cidr_block The CIDR range to
        #   allow or deny, in CIDR notation (e.g., 172.16.0.0/24).
        #
        # @option options [Boolean] :egress (false)
        #   Whether this rule applies to egress traffic from the subnet (true)
        #   or ingress traffic to the subnet (false).
        #
        # @option options [Range<Integer>] :port_range A numeric range
        #   of ports. Required if specifying TCP (6) or UDP (17) for the
        #   :protocol.
        #
        # @option options [Integer] :icmp_code For the ICMP protocol, the
        #   ICMP code. You can use -1 to specify all ICMP codes for the given
        #   ICMP type.
        #
        # @option options [Integer] :icmp_type For the ICMP protocol,
        #   the ICMP type. You can use -1 to specify all ICMP types.
        #
        # @return [nil]
        #
        def replace options = {}
          network_acl.replace_entry(options.merge(:rule_number => rule_number))
        end

        # Deletes the current network ACL entry.
        # @return [nil]
        def delete
          network_acl.delete_entry(egress? ? :egress : :ingress, rule_number)
        end

      end

    end
  end
end