B ?F[_9@s`dZddlmZddlmZGdddeZGdddeZGdd d eZ Gd d d eZ d S) z" Represents an EC2 Security Group )TaggedEC2Object)BotoClientErrorcseZdZdfdd ZddZfddZdd Zdd d Zdd dZdddZ dddZ dddZ dddZ d ddZ ZS)! SecurityGroupNcsBtt||||_||_||_||_d|_t|_ t|_ dS)N) superr__init__idowner_idname descriptionvpc_idIPPermissionsListrules rules_egress)self connectionrr r r) __class__5lib/python3.7/site-packages/boto/ec2/securitygroup.pyr szSecurityGroup.__init__cCs d|jS)NzSecurityGroup:%s)r )rrrr__repr__+szSecurityGroup.__repr__csDtt||||}|dk r |S|dkr.|jS|dkr<|jSdSdS)NZ ipPermissionsZipPermissionsEgress)rr startElementr r)rr attrsrZretval)rrrr.szSecurityGroup.startElementcCs|dkr||_n|dkr ||_n|dkr0||_nr|dkr@||_nb|dkrP||_nR|dkrZnH|dkr|dkrrd |_q|d krd |_qtd ||jfn t|||dS) NZownerIdgroupId groupNameZvpcIdZgroupDescriptionZipRangesreturnZfalseFtrueTz*Unexpected value of status %s for group %s)rrr r r status Exceptionsetattr)rr valuerrrr endElement9s,zSecurityGroup.endElementFcCs.|jr|jj|j|dS|jj|j|dSdS)N)group_iddry_run)r!)r rZdelete_security_grouprr )rr!rrrdeleteUszSecurityGroup.deletec Cs>t|} || _|| _|| _|j| | j|||||ddS)z Add a rule to the SecurityGroup object. Note that this method only changes the local version of the object. No information is sent to EC2. )r!N) IPPermissions ip_protocol from_portto_portr append add_grant) rr$r%r&src_group_namesrc_group_owner_idcidr_ipsrc_group_group_idr!rulerrradd_ruleas zSecurityGroup.add_rulec Cs|jstdd} x|jD]} | j|kr| j|kr| j|kr| } d} x:| jD]0} | j|ksd| j|krL| j|krL| j |krL| } qLW| r| j | t | jdkr|j | qWdS)z Remove a rule to the SecurityGroup object. Note that this method only changes the local version of the object. No information is sent to EC2. zThe security group has no rulesNr) r ValueErrorr$r%r&grantsr r rr+removelen) rr$r%r&r)r*r+r,r!Z target_ruler-Z target_grantgrantrrr remove_rulevs$        zSecurityGroup.remove_rulec Csd}|js|j}d}|jr |j}d} d} d} |r`d}|j} |jsH|j} nt|drZ|j} n|j} |jj|| | |||||| |d } | rt|t s|g}x&|D]} |j |||| | | | |dqW| S)a Add a new rule to this security group. You need to pass in either src_group_name OR ip_protocol, from_port, to_port, and cidr_ip. In other words, either you are authorizing another group or you are authorizing some ip-based rule. :type ip_protocol: string :param ip_protocol: Either tcp | udp | icmp :type from_port: int :param from_port: The beginning port number you are enabling :type to_port: int :param to_port: The ending port number you are enabling :type cidr_ip: string or list of strings :param cidr_ip: The CIDR block you are providing access to. See http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing :type src_group: :class:`boto.ec2.securitygroup.SecurityGroup` or :class:`boto.ec2.securitygroup.GroupOrCIDR` :param src_group: The Security Group you are granting access to. :rtype: bool :return: True if successful. Nr )r!) r r rrhasattrr rZauthorize_security_group isinstancelistr.)rr$r%r&r+ src_groupr! group_namer r)r*r,rZsingle_cidr_iprrr authorizesF    zSecurityGroup.authorizec Csd}|js|j}d}|jr |j}d} d} d} |r`d}|j} |jsH|j} nt|drZ|j} n|j} |jj|| | |||||| |d } | r|j|||| | || |d| S)Nr )r!) r r rrr5r rZrevoke_security_groupr4) rr$r%r&r+r8r!r9r r)r*r,rrrrrevokes@  zSecurityGroup.revokec Cs|j|jkrtd|j}|jf|}|j|p6|j|j|d}g}xt|jD]j}xd|j D]Z} | jph| j } | r| |kr| | |j dddd| |dqZ|j |j |j|j| j|dqZWqNW|S)a{ Create a copy of this security group in another region. Note that the new security group will be a separate entity and will not stay in sync automatically after the copy operation. :type region: :class:`boto.ec2.regioninfo.RegionInfo` :param region: The region to which this security group will be copied. :type name: string :param name: The name of the copy. If not supplied, the copy will have the same name as this security group. :rtype: :class:`boto.ec2.securitygroup.SecurityGroup` :return: The new security group. z!Unable to copy to the same Region)r!N)r regionrrZ get_paramsZconnectZcreate_security_groupr r r0r r'r:r$r%r&r+) rr<r r!Z conn_paramsZrconnZsgZ source_groupsr-r3Z grant_nomrrrcopy_to_regions(        zSecurityGroup.copy_to_regioncCsVg}|jr(||jjd|ji|dn||jjd|ji|ddd|D}|S)z Find all of the current instances that are running within this security group. :rtype: list of :class:`boto.ec2.instance.Instance` :return: A list of Instance objects zinstance.group-id)filtersr!zgroup-idcSsg|]}|jD]}|qqSr) instances).0rirrr 5sz+SecurityGroup.instances..)r extendrZget_all_reservationsr)rr!Zrsr?rrrr?"s    zSecurityGroup.instances)NNNNN)F)F)F)NNNNNF)NNNNNF)NF)F)__name__ __module__ __qualname__rrrrr"r.r4r:r;r=r? __classcell__rr)rrrs      B $ (rc@seZdZddZddZdS)r cCs"|dkr|t||dSdS)Nitem)r'r#)rr rrrrrr;szIPPermissionsList.startElementcCsdS)Nr)rr rrrrrrAszIPPermissionsList.endElementN)rErFrGrrrrrrr 9sr c@s8eZdZd ddZddZddZdd Zdd d ZdS)r#NcCs"||_d|_d|_d|_g|_dS)N)parentr$r%r&r0)rrKrrrrGs zIPPermissions.__init__cCsd|j|j|jfS)NzIPPermissions:%s(%s-%s))r$r%r&)rrrrrNszIPPermissions.__repr__cCs&|dkr"|jt||jdSdS)NrIrJ)r0r' GroupOrCIDR)rr rrrrrrRs zIPPermissions.startElementcCs@|dkr||_n,|dkr ||_n|dkr0||_n t|||dS)NZ ipProtocolZfromPortZtoPort)r$r%r&r)rr rrrrrrXszIPPermissions.endElementFcCs0t|}||_||_||_||_|j||S)N)rLrr r r+r0r')rr rr+r r!r3rrrr(bs zIPPermissions.add_grant)N)NNNNF)rErFrGrrrrr(rrrrr#Es   r#c@s.eZdZd ddZddZddZdd ZdS) rLNcCsd|_d|_d|_d|_dS)N)rr r r+)rrKrrrroszGroupOrCIDR.__init__cCs*|jrd|jSd|jp|j|jfSdS)Nz%sz%s-%s)r+r r r)rrrrrus zGroupOrCIDR.__repr__cCsdS)Nr)rr rrrrrr{szGroupOrCIDR.startElementcCsN|dkr||_n|dkr ||_n|dkr.||_|dkr>||_n t|||dS)NZuserIdrrZcidrIp)rr r r+r)rr rrrrrr~szGroupOrCIDR.endElement)N)rErFrGrrrrrrrrrLms rLN) __doc__Zboto.ec2.ec2objectrZboto.exceptionrrr7r objectr#rLrrrrs   (