U W+d_9@s`dZddlmZddlmZGdddeZGdddeZGdd d eZ Gd d d eZ d S) z" Represents an EC2 Security Group )TaggedEC2Object)BotoClientErrorcseZdZdfdd ZddZfddZdd Zdd d Zdd dZdddZ dddZ dddZ dddZ d ddZ ZS)! SecurityGroupNcsBtt||||_||_||_||_d|_t|_ t|_ dSN) superr__init__idowner_idname descriptionvpc_idIPPermissionsListrules rules_egress)self connectionr r r r __class__:/tmp/pip-unpacked-wheel-dlxw5sjy/boto/ec2/securitygroup.pyr szSecurityGroup.__init__cCs d|jS)NzSecurityGroup:%s)r rrrr__repr__+szSecurityGroup.__repr__csDtt||||}|dk r |S|dkr.|jS|dkr<|jSdSdS)NZ ipPermissionsZipPermissionsEgress)rr startElementrr)rr attrsrretvalrrrr.szSecurityGroup.startElementcCs|dkr||_n|dkr ||_n|dkr0||_nr|dkr@||_nb|dkrP||_nR|dkrZnH|dkr|dkrrd |_q|d krd |_qtd ||jfn t|||dS) NZownerIdgroupId groupNameZvpcIdZgroupDescriptionZipRangesreturnfalseFtrueTz*Unexpected value of status %s for group %s)r rr r r status Exceptionsetattrrr valuerrrr endElement9s0zSecurityGroup.endElementFcCs.|jr|jj|j|dS|jj|j|dSdS)N)group_iddry_runr')r rZdelete_security_grouprr )rr'rrrdeleteUszSecurityGroup.deletec Cs>t|} || _|| _|| _|j| | j|||||ddS)z Add a rule to the SecurityGroup object. Note that this method only changes the local version of the object. No information is sent to EC2. r(N) IPPermissions ip_protocol from_portto_portrappend add_grant) rr+r,r-src_group_namesrc_group_owner_idcidr_ipsrc_group_group_idr'rulerrradd_ruleas zSecurityGroup.add_rulec Cs|jstdd} |jD]} | j|kr| j|kr| j|kr| } d} | jD]0} | j|ks`| j|krH| j|krH| j |krH| } qH| r| j | t | jdkr|j | qdS)z Remove a rule to the SecurityGroup object. Note that this method only changes the local version of the object. No information is sent to EC2. zThe security group has no rulesNr) r ValueErrorr+r,r-grantsr r&r r2removelen) rr+r,r-r0r1r2r3r'Z target_ruler4Z target_grantgrantrrr remove_rulevs$        zSecurityGroup.remove_rulec Csd}|js|j}d}|jr |j}d} d} d} |r`d}|j} |jsH|j} nt|drZ|j} n|j} |jj|| | |||||| |d } | rt|t s|g}|D]} |j |||| | | | |dq| S)a Add a new rule to this security group. You need to pass in either src_group_name OR ip_protocol, from_port, to_port, and cidr_ip. In other words, either you are authorizing another group or you are authorizing some ip-based rule. :type ip_protocol: string :param ip_protocol: Either tcp | udp | icmp :type from_port: int :param from_port: The beginning port number you are enabling :type to_port: int :param to_port: The ending port number you are enabling :type cidr_ip: string or list of strings :param cidr_ip: The CIDR block you are providing access to. See http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing :type src_group: :class:`boto.ec2.securitygroup.SecurityGroup` or :class:`boto.ec2.securitygroup.GroupOrCIDR` :param src_group: The Security Group you are granting access to. :rtype: bool :return: True if successful. Nr&r() r r rr hasattrr&rZauthorize_security_group isinstancelistr5)rr+r,r-r2 src_groupr' group_namer&r0r1r3r Zsingle_cidr_iprrr authorizesN    zSecurityGroup.authorizec Csd}|js|j}d}|jr |j}d} d} d} |r`d}|j} |jsH|j} nt|drZ|j} n|j} |jj|| | |||||| |d } | r|j|||| | || |d| S)Nr&r() r r rr r<r&rZrevoke_security_groupr;) rr+r,r-r2r?r'r@r&r0r1r3r rrrrevokesH   zSecurityGroup.revokec Cs|j|jkrtd|j}|jf|}|j|p6|j|j|d}g}|jD]f}|j D]Z} | jpd| j } | r| |kr| | |j dddd| |dqV|j |j |j|j| j|dqVqL|S)a{ Create a copy of this security group in another region. Note that the new security group will be a separate entity and will not stay in sync automatically after the copy operation. :type region: :class:`boto.ec2.regioninfo.RegionInfo` :param region: The region to which this security group will be copied. :type name: string :param name: The name of the copy. If not supplied, the copy will have the same name as this security group. :rtype: :class:`boto.ec2.securitygroup.SecurityGroup` :return: The new security group. z!Unable to copy to the same Regionr(N)r regionrr get_paramsconnectZcreate_security_groupr rr7r&r.rAr+r,r-r2) rrCr r'Z conn_paramsZrconnZsgZ source_groupsr4r:Z grant_nomrrrcopy_to_regions0        zSecurityGroup.copy_to_regioncCsVg}|jr(||jjd|ji|dn||jjd|ji|ddd|D}|S)z Find all of the current instances that are running within this security group. :rtype: list of :class:`boto.ec2.instance.Instance` :return: A list of Instance objects zinstance.group-id)filtersr'zgroup-idcSsg|]}|jD]}|qqSr) instances).0rirrr 5sz+SecurityGroup.instances..)r extendrZget_all_reservationsr)rr'rsrHrrrrH"s   zSecurityGroup.instances)NNNNN)F)F)F)NNNNNF)NNNNNF)NF)F)__name__ __module__ __qualname__rrrr%r)r5r;rArBrFrH __classcell__rrrrrs2      C % (rc@seZdZddZddZdS)r cCs"|dkr|t||dSdSNitem)r.r*rr rrrrrr;szIPPermissionsList.startElementcCsdSrrr#rrrr%AszIPPermissionsList.endElementN)rOrPrQrr%rrrrr 9sr c@s8eZdZd ddZddZddZdd Zdd d ZdS)r*NcCs"||_d|_d|_d|_g|_dSr)parentr+r,r-r7rrWrrrrGs zIPPermissions.__init__cCsd|j|j|jfS)NzIPPermissions:%s(%s-%s))r+r,r-rrrrrNszIPPermissions.__repr__cCs&|dkr"|jt||jdSdSrS)r7r. GroupOrCIDRrVrrrrRs zIPPermissions.startElementcCs@|dkr||_n,|dkr ||_n|dkr0||_n t|||dS)NZ ipProtocolZfromPortZtoPort)r+r,r-r"r#rrrr%XszIPPermissions.endElementFcCs0t|}||_||_||_||_|j||Sr)rYr r&r r2r7r.)rr r r2r&r'r:rrrr/bs zIPPermissions.add_grant)N)NNNNF)rOrPrQrrrr%r/rrrrr*Es  r*c@s.eZdZd ddZddZddZdd ZdS) rYNcCsd|_d|_d|_d|_dSr)r r&r r2rXrrrroszGroupOrCIDR.__init__cCs*|jrd|jSd|jp|j|jfSdS)Nz%sz%s-%s)r2r r&r rrrrrus zGroupOrCIDR.__repr__cCsdSrrrVrrrr{szGroupOrCIDR.startElementcCsN|dkr||_n|dkr ||_n|dkr.||_|dkr>||_n t|||dS)NZuserIdrrZcidrIp)r r&r r2r"r#rrrr%~szGroupOrCIDR.endElement)N)rOrPrQrrrr%rrrrrYms rYN) __doc__Zboto.ec2.ec2objectrZboto.exceptionrrr>r objectr*rYrrrrs   (