|
1 <?php |
|
2 /** |
|
3 * Zend Framework |
|
4 * |
|
5 * LICENSE |
|
6 * |
|
7 * This source file is subject to the new BSD license that is bundled |
|
8 * with this package in the file LICENSE.txt. |
|
9 * It is also available through the world-wide-web at this URL: |
|
10 * http://framework.zend.com/license/new-bsd |
|
11 * If you did not receive a copy of the license and are unable to |
|
12 * obtain it through the world-wide-web, please send an email |
|
13 * to license@zend.com so we can send you a copy immediately. |
|
14 * |
|
15 * @category Zend |
|
16 * @package Zend_Service_Amazon |
|
17 * @subpackage Ec2 |
|
18 * @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com) |
|
19 * @license http://framework.zend.com/license/new-bsd New BSD License |
|
20 * @version $Id: Securitygroups.php 20096 2010-01-06 02:05:09Z bkarwin $ |
|
21 */ |
|
22 |
|
23 /** |
|
24 * @see Zend_Service_Amazon_Ec2_Abstract |
|
25 */ |
|
26 require_once 'Zend/Service/Amazon/Ec2/Abstract.php'; |
|
27 |
|
28 /** |
|
29 * An Amazon EC2 interface to create, delete, describe, grand and revoke sercurity permissions. |
|
30 * |
|
31 * @category Zend |
|
32 * @package Zend_Service_Amazon |
|
33 * @subpackage Ec2 |
|
34 * @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com) |
|
35 * @license http://framework.zend.com/license/new-bsd New BSD License |
|
36 */ |
|
37 class Zend_Service_Amazon_Ec2_Securitygroups extends Zend_Service_Amazon_Ec2_Abstract |
|
38 { |
|
39 /** |
|
40 * Creates a new security group. |
|
41 * |
|
42 * Every instance is launched in a security group. If no security group is specified |
|
43 * during launch, the instances are launched in the default security group. Instances |
|
44 * within the same security group have unrestricted network access to each other. |
|
45 * Instances will reject network access attempts from other instances in a different |
|
46 * security group. As the owner of instances you can grant or revoke specific permissions |
|
47 * using the {@link authorizeIp}, {@link authorizeGroup}, {@link revokeGroup} and |
|
48 * {$link revokeIp} operations. |
|
49 * |
|
50 * @param string $name Name of the new security group. |
|
51 * @param string $description Description of the new security group. |
|
52 * @return boolean |
|
53 */ |
|
54 public function create($name, $description) |
|
55 { |
|
56 $params = array(); |
|
57 $params['Action'] = 'CreateSecurityGroup'; |
|
58 $params['GroupName'] = $name; |
|
59 $params['GroupDescription'] = $description; |
|
60 |
|
61 $response = $this->sendRequest($params); |
|
62 $xpath = $response->getXPath(); |
|
63 $success = $xpath->evaluate('string(//ec2:return/text())'); |
|
64 |
|
65 return ($success === "true"); |
|
66 } |
|
67 |
|
68 /** |
|
69 * Returns information about security groups that you own. |
|
70 * |
|
71 * If you specify security group names, information about those security group is returned. |
|
72 * Otherwise, information for all security group is returned. If you specify a group |
|
73 * that does not exist, a fault is returned. |
|
74 * |
|
75 * @param string|array $name List of security groups to describe |
|
76 * @return array |
|
77 */ |
|
78 public function describe($name = null) |
|
79 { |
|
80 $params = array(); |
|
81 $params['Action'] = 'DescribeSecurityGroups'; |
|
82 if(is_array($name) && !empty($name)) { |
|
83 foreach($name as $k=>$name) { |
|
84 $params['GroupName.' . ($k+1)] = $name; |
|
85 } |
|
86 } elseif($name) { |
|
87 $params['GroupName.1'] = $name; |
|
88 } |
|
89 |
|
90 $response = $this->sendRequest($params); |
|
91 $xpath = $response->getXPath(); |
|
92 |
|
93 $return = array(); |
|
94 |
|
95 $nodes = $xpath->query('//ec2:securityGroupInfo/ec2:item'); |
|
96 |
|
97 foreach($nodes as $node) { |
|
98 $item = array(); |
|
99 |
|
100 $item['ownerId'] = $xpath->evaluate('string(ec2:ownerId/text())', $node); |
|
101 $item['groupName'] = $xpath->evaluate('string(ec2:groupName/text())', $node); |
|
102 $item['groupDescription'] = $xpath->evaluate('string(ec2:groupDescription/text())', $node); |
|
103 |
|
104 $ip_nodes = $xpath->query('ec2:ipPermissions/ec2:item', $node); |
|
105 |
|
106 foreach($ip_nodes as $ip_node) { |
|
107 $sItem = array(); |
|
108 |
|
109 $sItem['ipProtocol'] = $xpath->evaluate('string(ec2:ipProtocol/text())', $ip_node); |
|
110 $sItem['fromPort'] = $xpath->evaluate('string(ec2:fromPort/text())', $ip_node); |
|
111 $sItem['toPort'] = $xpath->evaluate('string(ec2:toPort/text())', $ip_node); |
|
112 |
|
113 $ips = $xpath->query('ec2:ipRanges/ec2:item', $ip_node); |
|
114 |
|
115 $sItem['ipRanges'] = array(); |
|
116 foreach($ips as $ip) { |
|
117 $sItem['ipRanges'][] = $xpath->evaluate('string(ec2:cidrIp/text())', $ip); |
|
118 } |
|
119 |
|
120 if(count($sItem['ipRanges']) == 1) { |
|
121 $sItem['ipRanges'] = $sItem['ipRanges'][0]; |
|
122 } |
|
123 |
|
124 $item['ipPermissions'][] = $sItem; |
|
125 unset($ip_node, $sItem); |
|
126 } |
|
127 |
|
128 $return[] = $item; |
|
129 |
|
130 unset($item, $node); |
|
131 } |
|
132 |
|
133 |
|
134 return $return; |
|
135 } |
|
136 |
|
137 /** |
|
138 * Deletes a security group. |
|
139 * |
|
140 * If you attempt to delete a security group that contains instances, a fault is returned. |
|
141 * If you attempt to delete a security group that is referenced by another security group, |
|
142 * a fault is returned. For example, if security group B has a rule that allows access |
|
143 * from security group A, security group A cannot be deleted until the allow rule is removed. |
|
144 * |
|
145 * @param string $name Name of the security group to delete. |
|
146 * @return boolean |
|
147 */ |
|
148 public function delete($name) |
|
149 { |
|
150 $params = array(); |
|
151 $params['Action'] = 'DeleteSecurityGroup'; |
|
152 $params['GroupName'] = $name; |
|
153 |
|
154 $response = $this->sendRequest($params); |
|
155 $xpath = $response->getXPath(); |
|
156 $success = $xpath->evaluate('string(//ec2:return/text())'); |
|
157 |
|
158 return ($success === "true"); |
|
159 } |
|
160 |
|
161 /** |
|
162 * Adds permissions to a security group |
|
163 * |
|
164 * Permissions are specified by the IP protocol (TCP, UDP or ICMP), the source of the request |
|
165 * (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges |
|
166 * (for TCP and UDP), and the ICMP codes and types (for ICMP). When authorizing ICMP, -1 |
|
167 * can be used as a wildcard in the type and code fields. |
|
168 * |
|
169 * Permission changes are propagated to instances within the security group as quickly as |
|
170 * possible. However, depending on the number of instances, a small delay might occur. |
|
171 * |
|
172 * |
|
173 * @param string $name Name of the group to modify. |
|
174 * @param string $ipProtocol IP protocol to authorize access to when operating on a CIDR IP. |
|
175 * @param integer $fromPort Bottom of port range to authorize access to when operating on a CIDR IP. |
|
176 * This contains the ICMP type if ICMP is being authorized. |
|
177 * @param integer $toPort Top of port range to authorize access to when operating on a CIDR IP. |
|
178 * This contains the ICMP code if ICMP is being authorized. |
|
179 * @param string $cidrIp CIDR IP range to authorize access to when operating on a CIDR IP. |
|
180 * @return boolean |
|
181 */ |
|
182 public function authorizeIp($name, $ipProtocol, $fromPort, $toPort, $cidrIp) |
|
183 { |
|
184 $params = array(); |
|
185 $params['Action'] = 'AuthorizeSecurityGroupIngress'; |
|
186 $params['GroupName'] = $name; |
|
187 $params['IpProtocol'] = $ipProtocol; |
|
188 $params['FromPort'] = $fromPort; |
|
189 $params['ToPort'] = $toPort; |
|
190 $params['CidrIp'] = $cidrIp; |
|
191 |
|
192 $response = $this->sendRequest($params); |
|
193 $xpath = $response->getXPath(); |
|
194 $success = $xpath->evaluate('string(//ec2:return/text())'); |
|
195 |
|
196 return ($success === "true"); |
|
197 |
|
198 } |
|
199 |
|
200 /** |
|
201 * Adds permissions to a security group |
|
202 * |
|
203 * When authorizing a user/group pair permission, GroupName, SourceSecurityGroupName and |
|
204 * SourceSecurityGroupOwnerId must be specified. |
|
205 * |
|
206 * Permission changes are propagated to instances within the security group as quickly as |
|
207 * possible. However, depending on the number of instances, a small delay might occur. |
|
208 * |
|
209 * @param string $name Name of the group to modify. |
|
210 * @param string $groupName Name of security group to authorize access to when operating on a user/group pair. |
|
211 * @param string $ownerId Owner of security group to authorize access to when operating on a user/group pair. |
|
212 * @return boolean |
|
213 */ |
|
214 public function authorizeGroup($name, $groupName, $ownerId) |
|
215 { |
|
216 $params = array(); |
|
217 $params['Action'] = 'AuthorizeSecurityGroupIngress'; |
|
218 $params['GroupName'] = $name; |
|
219 $params['SourceSecurityGroupName'] = $groupName; |
|
220 $params['SourceSecurityGroupOwnerId'] = $ownerId; |
|
221 |
|
222 |
|
223 $response = $this->sendRequest($params); |
|
224 $xpath = $response->getXPath(); |
|
225 $success = $xpath->evaluate('string(//ec2:return/text())'); |
|
226 |
|
227 |
|
228 return ($success === "true"); |
|
229 } |
|
230 |
|
231 /** |
|
232 * Revokes permissions from a security group. The permissions used to revoke must be specified |
|
233 * using the same values used to grant the permissions. |
|
234 * |
|
235 * Permissions are specified by the IP protocol (TCP, UDP or ICMP), the source of the request |
|
236 * (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges |
|
237 * (for TCP and UDP), and the ICMP codes and types (for ICMP). When authorizing ICMP, -1 |
|
238 * can be used as a wildcard in the type and code fields. |
|
239 * |
|
240 * Permission changes are propagated to instances within the security group as quickly as |
|
241 * possible. However, depending on the number of instances, a small delay might occur. |
|
242 * |
|
243 * |
|
244 * @param string $name Name of the group to modify. |
|
245 * @param string $ipProtocol IP protocol to revoke access to when operating on a CIDR IP. |
|
246 * @param integer $fromPort Bottom of port range to revoke access to when operating on a CIDR IP. |
|
247 * This contains the ICMP type if ICMP is being revoked. |
|
248 * @param integer $toPort Top of port range to revoked access to when operating on a CIDR IP. |
|
249 * This contains the ICMP code if ICMP is being revoked. |
|
250 * @param string $cidrIp CIDR IP range to revoke access to when operating on a CIDR IP. |
|
251 * @return boolean |
|
252 */ |
|
253 public function revokeIp($name, $ipProtocol, $fromPort, $toPort, $cidrIp) |
|
254 { |
|
255 $params = array(); |
|
256 $params['Action'] = 'RevokeSecurityGroupIngress'; |
|
257 $params['GroupName'] = $name; |
|
258 $params['IpProtocol'] = $ipProtocol; |
|
259 $params['FromPort'] = $fromPort; |
|
260 $params['ToPort'] = $toPort; |
|
261 $params['CidrIp'] = $cidrIp; |
|
262 |
|
263 $response = $this->sendRequest($params); |
|
264 $xpath = $response->getXPath(); |
|
265 $success = $xpath->evaluate('string(//ec2:return/text())'); |
|
266 |
|
267 return ($success === "true"); |
|
268 } |
|
269 |
|
270 /** |
|
271 * Revokes permissions from a security group. The permissions used to revoke must be specified |
|
272 * using the same values used to grant the permissions. |
|
273 * |
|
274 * Permission changes are propagated to instances within the security group as quickly as |
|
275 * possible. However, depending on the number of instances, a small delay might occur. |
|
276 * |
|
277 * When revoking a user/group pair permission, GroupName, SourceSecurityGroupName and |
|
278 * SourceSecurityGroupOwnerId must be specified. |
|
279 * |
|
280 * @param string $name Name of the group to modify. |
|
281 * @param string $groupName Name of security group to revoke access to when operating on a user/group pair. |
|
282 * @param string $ownerId Owner of security group to revoke access to when operating on a user/group pair. |
|
283 * @return boolean |
|
284 */ |
|
285 public function revokeGroup($name, $groupName, $ownerId) |
|
286 { |
|
287 $params = array(); |
|
288 $params['Action'] = 'RevokeSecurityGroupIngress'; |
|
289 $params['GroupName'] = $name; |
|
290 $params['SourceSecurityGroupName'] = $groupName; |
|
291 $params['SourceSecurityGroupOwnerId'] = $ownerId; |
|
292 |
|
293 |
|
294 $response = $this->sendRequest($params); |
|
295 $xpath = $response->getXPath(); |
|
296 $success = $xpath->evaluate('string(//ec2:return/text())'); |
|
297 |
|
298 |
|
299 return ($success === "true"); |
|
300 } |
|
301 } |