o ckF[_9@s`dZddlmZddlmZGdddeZGdddeZGdd d eZ Gd d d eZ d S) z" Represents an EC2 Security Group )TaggedEC2Object)BotoClientErrorcseZdZ  dfdd ZddZfddZdd Zdd d Z dd dZ dddZ  dddZ  dddZ dddZ dddZ ZS) SecurityGroupNcsBtt||||_||_||_||_d|_t|_ t|_ dSN) superr__init__idowner_idname descriptionvpc_idIPPermissionsListrules rules_egress)self connectionr r r r __class__8/usr/lib/python3/dist-packages/boto/ec2/securitygroup.pyr s zSecurityGroup.__init__cCs d|jS)NzSecurityGroup:%s)r rrrr__repr__+s zSecurityGroup.__repr__cs@tt||||}|dur|S|dkr|jS|dkr|jSdS)N ipPermissionsipPermissionsEgress)rr startElementrr)rr attrsrretvalrrrr.szSecurityGroup.startElementcCs|dkr ||_dS|dkr||_dS|dkr||_dS|dkr$||_dS|dkr-||_dS|dkr3dS|dkrR|dkr@d |_dS|d krId |_dStd ||jft|||dS) NownerIdgroupId groupNamevpcIdgroupDescriptionipRangesreturnfalseFtrueTz*Unexpected value of status %s for group %s)r rr r r status Exceptionsetattrrr valuerrrr endElement9s0       zSecurityGroup.endElementFcCs*|jr |jj|j|dS|jj|j|dS)N)group_iddry_runr-)r rdelete_security_grouprr )rr-rrrdeleteUszSecurityGroup.deletec Cs>t|} || _|| _|| _|j| | j|||||ddS)z Add a rule to the SecurityGroup object. Note that this method only changes the local version of the object. No information is sent to EC2. r.N) IPPermissions ip_protocol from_portto_portrappend add_grant) rr2r3r4src_group_namesrc_group_owner_idcidr_ipsrc_group_group_idr-rulerrradd_ruleas  zSecurityGroup.add_rulec Cs|jstdd} |jD]F} | j|krE| j|krE| j|krE| } d} | jD]} | j|ks0| j|kr<| j|kr<| j |kr<| } q$| rE| j | t | jdkrR|j | q dS)z Remove a rule to the SecurityGroup object. Note that this method only changes the local version of the object. No information is sent to EC2. zThe security group has no rulesNr) r ValueErrorr2r3r4grantsr r,r r9removelen) rr2r3r4r7r8r9r:r- target_ruler; target_grantgrantrrr remove_rulevs*         zSecurityGroup.remove_rulec Csd}|js|j}d}|jr|j}d} d} d} |r0d}|j} |js$|j} n t|dr-|j} n|j} |jj|| | |||||| |d } | r\t|t sJ|g}|D]} |j |||| | | | |dqL| S)a Add a new rule to this security group. You need to pass in either src_group_name OR ip_protocol, from_port, to_port, and cidr_ip. In other words, either you are authorizing another group or you are authorizing some ip-based rule. :type ip_protocol: string :param ip_protocol: Either tcp | udp | icmp :type from_port: int :param from_port: The beginning port number you are enabling :type to_port: int :param to_port: The ending port number you are enabling :type cidr_ip: string or list of strings :param cidr_ip: The CIDR block you are providing access to. See http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing :type src_group: :class:`boto.ec2.securitygroup.SecurityGroup` or :class:`boto.ec2.securitygroup.GroupOrCIDR` :param src_group: The Security Group you are granting access to. :rtype: bool :return: True if successful. Nr,r.) r r rr hasattrr,rauthorize_security_group isinstancelistr<)rr2r3r4r9 src_groupr- group_namer,r7r8r:r&single_cidr_iprrr authorizesJ   zSecurityGroup.authorizec Csd}|js|j}d}|jr|j}d} d} d} |r0d}|j} |js$|j} n t|dr-|j} n|j} |jj|| | |||||| |d } | rO|j|||| | || |d| S)Nr,r.) r r rr rEr,rrevoke_security_grouprD) rr2r3r4r9rIr-rJr,r7r8r:r&rrrrevokesD  zSecurityGroup.revokec Cs|j|jkr td|j}|jdi|}|j|p|j|j|d}g}|jD]3}|j D]-} | jp4| j } | rL| |vrK| | |j dddd| |dq-|j |j |j|j| j|dq-q(|S)a{ Create a copy of this security group in another region. Note that the new security group will be a separate entity and will not stay in sync automatically after the copy operation. :type region: :class:`boto.ec2.regioninfo.RegionInfo` :param region: The region to which this security group will be copied. :type name: string :param name: The name of the copy. If not supplied, the copy will have the same name as this security group. :rtype: :class:`boto.ec2.securitygroup.SecurityGroup` :return: The new security group. z!Unable to copy to the same Regionr.Nr)r regionrr get_paramsconnectcreate_security_groupr rr>r,r5rLr2r3r4r9) rrOr r- conn_paramsrconnsg source_groupsr;rC grant_nomrrrcopy_to_regions2       zSecurityGroup.copy_to_regioncCsVg}|jr||jjd|ji|dn||jjd|ji|ddd|D}|S)z Find all of the current instances that are running within this security group. :rtype: list of :class:`boto.ec2.instance.Instance` :return: A list of Instance objects zinstance.group-id)filtersr-zgroup-idcSsg|] }|jD]}|qqSr) instances).0rirrr 5sz+SecurityGroup.instances..)r extendrget_all_reservationsr)rr-rsrZrrrrZ"s  zSecurityGroup.instances)NNNNN)F)NNNNNF)NF)__name__ __module__ __qualname__rrrr+r0r<rDrLrNrXrZ __classcell__rrrrrs(     C %(rc@seZdZddZddZdS)r cCs"|dkr|t||dSdSNitem)r5r1rr rrrrrr;szIPPermissionsList.startElementcCdSrrr)rrrr+AzIPPermissionsList.endElementN)rbrcrdrr+rrrrr 9s r c@s<eZdZd ddZddZddZdd Z  dd d ZdS)r1NcCs"||_d|_d|_d|_g|_dSr)parentr2r3r4r>rrlrrrrGs  zIPPermissions.__init__cCsd|j|j|jfS)NzIPPermissions:%s(%s-%s))r2r3r4rrrrrNszIPPermissions.__repr__cCs&|dkr|jt||jdSdSrf)r>r5 GroupOrCIDRrirrrrRs zIPPermissions.startElementcCsF|dkr ||_dS|dkr||_dS|dkr||_dSt|||dS)N ipProtocolfromPorttoPort)r2r3r4r(r)rrrr+Xs   zIPPermissions.endElementFcCs0t|}||_||_||_||_|j||Sr)rnr r,r r9r>r5)rr r r9r,r-rCrrrr6bs zIPPermissions.add_grantr)NNNNF)rbrcrdrrrr+r6rrrrr1Es  r1c@s.eZdZd ddZddZddZdd ZdS) rnNcCsd|_d|_d|_d|_dSr)r r,r r9rmrrrros zGroupOrCIDR.__init__cCs&|jrd|jSd|jp|j|jfS)Nz%sz%s-%s)r9r r,r rrrrrus zGroupOrCIDR.__repr__cCrjrrrirrrr{rkzGroupOrCIDR.startElementcCsP|dkr||_n|dkr||_n|dkr||_|dkr ||_dSt|||dS)NuserIdrrcidrIp)r r,r r9r(r)rrrr+~s zGroupOrCIDR.endElementr)rbrcrdrrrr+rrrrrnms   rnN) __doc__boto.ec2.ec2objectrboto.exceptionrrrHr objectr1rnrrrrs   (