1# Copyright (c) 2009 Mitch Garnaat http://garnaat.org/ 2# 3# Permission is hereby granted, free of charge, to any person obtaining a 4# copy of this software and associated documentation files (the 5# "Software"), to deal in the Software without restriction, including 6# without limitation the rights to use, copy, modify, merge, publish, dis- 7# tribute, sublicense, and/or sell copies of the Software, and to permit 8# persons to whom the Software is furnished to do so, subject to the fol- 9# lowing conditions: 10# 11# The above copyright notice and this permission notice shall be included 12# in all copies or substantial portions of the Software. 13# 14# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL- 16# ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT 17# SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 18# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 20# IN THE SOFTWARE. 21 22""" 23Represents an DBSecurityGroup 24""" 25from boto.ec2.securitygroup import SecurityGroup 26 27class DBSecurityGroup(object): 28 """ 29 Represents an RDS database security group 30 31 Properties reference available from the AWS documentation at 32 http://docs.amazonwebservices.com/AmazonRDS/latest/APIReference/API_DeleteDBSecurityGroup.html 33 34 :ivar Status: The current status of the security group. Possible values are 35 [ active, ? ]. Reference documentation lacks specifics of possibilities 36 :ivar connection: :py:class:`boto.rds.RDSConnection` associated with the current object 37 :ivar description: The description of the security group 38 :ivar ec2_groups: List of :py:class:`EC2 Security Group 39 <boto.ec2.securitygroup.SecurityGroup>` objects that this security 40 group PERMITS 41 :ivar ip_ranges: List of :py:class:`boto.rds.dbsecuritygroup.IPRange` 42 objects (containing CIDR addresses) that this security group PERMITS 43 :ivar name: Name of the security group 44 :ivar owner_id: ID of the owner of the security group. Can be 'None' 45 """ 46 def __init__(self, connection=None, owner_id=None, 47 name=None, description=None): 48 self.connection = connection 49 self.owner_id = owner_id 50 self.name = name 51 self.description = description 52 self.ec2_groups = [] 53 self.ip_ranges = [] 54 55 def __repr__(self): 56 return 'DBSecurityGroup:%s' % self.name 57 58 def startElement(self, name, attrs, connection): 59 if name == 'IPRange': 60 cidr = IPRange(self) 61 self.ip_ranges.append(cidr) 62 return cidr 63 elif name == 'EC2SecurityGroup': 64 ec2_grp = EC2SecurityGroup(self) 65 self.ec2_groups.append(ec2_grp) 66 return ec2_grp 67 else: 68 return None 69 70 def endElement(self, name, value, connection): 71 if name == 'OwnerId': 72 self.owner_id = value 73 elif name == 'DBSecurityGroupName': 74 self.name = value 75 elif name == 'DBSecurityGroupDescription': 76 self.description = value 77 elif name == 'IPRanges': 78 pass 79 else: 80 setattr(self, name, value) 81 82 def delete(self): 83 return self.connection.delete_dbsecurity_group(self.name) 84 85 def authorize(self, cidr_ip=None, ec2_group=None): 86 """ 87 Add a new rule to this DBSecurity group. 88 You need to pass in either a CIDR block to authorize or 89 and EC2 SecurityGroup. 90 91 :type cidr_ip: string 92 :param cidr_ip: A valid CIDR IP range to authorize 93 94 :type ec2_group: :class:`boto.ec2.securitygroup.SecurityGroup` 95 :param ec2_group: An EC2 security group to authorize 96 97 :rtype: bool 98 :return: True if successful. 99 """ 100 if isinstance(ec2_group, SecurityGroup): 101 group_name = ec2_group.name 102 group_owner_id = ec2_group.owner_id 103 else: 104 group_name = None 105 group_owner_id = None 106 return self.connection.authorize_dbsecurity_group(self.name, 107 cidr_ip, 108 group_name, 109 group_owner_id) 110 111 def revoke(self, cidr_ip=None, ec2_group=None): 112 """ 113 Revoke access to a CIDR range or EC2 SecurityGroup. 114 You need to pass in either a CIDR block or 115 an EC2 SecurityGroup from which to revoke access. 116 117 :type cidr_ip: string 118 :param cidr_ip: A valid CIDR IP range to revoke 119 120 :type ec2_group: :class:`boto.ec2.securitygroup.SecurityGroup` 121 :param ec2_group: An EC2 security group to revoke 122 123 :rtype: bool 124 :return: True if successful. 125 """ 126 if isinstance(ec2_group, SecurityGroup): 127 group_name = ec2_group.name 128 group_owner_id = ec2_group.owner_id 129 return self.connection.revoke_dbsecurity_group( 130 self.name, 131 ec2_security_group_name=group_name, 132 ec2_security_group_owner_id=group_owner_id) 133 134 # Revoking by CIDR IP range 135 return self.connection.revoke_dbsecurity_group( 136 self.name, cidr_ip=cidr_ip) 137 138class IPRange(object): 139 """ 140 Describes a CIDR address range for use in a DBSecurityGroup 141 142 :ivar cidr_ip: IP Address range 143 """ 144 145 def __init__(self, parent=None): 146 self.parent = parent 147 self.cidr_ip = None 148 self.status = None 149 150 def __repr__(self): 151 return 'IPRange:%s' % self.cidr_ip 152 153 def startElement(self, name, attrs, connection): 154 pass 155 156 def endElement(self, name, value, connection): 157 if name == 'CIDRIP': 158 self.cidr_ip = value 159 elif name == 'Status': 160 self.status = value 161 else: 162 setattr(self, name, value) 163 164class EC2SecurityGroup(object): 165 """ 166 Describes an EC2 security group for use in a DBSecurityGroup 167 """ 168 169 def __init__(self, parent=None): 170 self.parent = parent 171 self.name = None 172 self.owner_id = None 173 174 def __repr__(self): 175 return 'EC2SecurityGroup:%s' % self.name 176 177 def startElement(self, name, attrs, connection): 178 pass 179 180 def endElement(self, name, value, connection): 181 if name == 'EC2SecurityGroupName': 182 self.name = value 183 elif name == 'EC2SecurityGroupOwnerId': 184 self.owner_id = value 185 else: 186 setattr(self, name, value) 187