File indexing completed on 2025-03-02 05:29:46
0001 <?php 0002 /** 0003 * Zend Framework 0004 * 0005 * LICENSE 0006 * 0007 * This source file is subject to the new BSD license that is bundled 0008 * with this package in the file LICENSE.txt. 0009 * It is also available through the world-wide-web at this URL: 0010 * http://framework.zend.com/license/new-bsd 0011 * If you did not receive a copy of the license and are unable to 0012 * obtain it through the world-wide-web, please send an email 0013 * to license@zend.com so we can send you a copy immediately. 0014 * 0015 * @category Zend 0016 * @package Zend_Service_Amazon 0017 * @subpackage Ec2 0018 * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) 0019 * @license http://framework.zend.com/license/new-bsd New BSD License 0020 * @version $Id$ 0021 */ 0022 0023 /** 0024 * @see Zend_Service_Amazon_Ec2_Abstract 0025 */ 0026 // require_once 'Zend/Service/Amazon/Ec2/Abstract.php'; 0027 0028 /** 0029 * An Amazon EC2 interface to create, delete, describe, grand and revoke sercurity permissions. 0030 * 0031 * @category Zend 0032 * @package Zend_Service_Amazon 0033 * @subpackage Ec2 0034 * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) 0035 * @license http://framework.zend.com/license/new-bsd New BSD License 0036 */ 0037 class Zend_Service_Amazon_Ec2_Securitygroups extends Zend_Service_Amazon_Ec2_Abstract 0038 { 0039 /** 0040 * Creates a new security group. 0041 * 0042 * Every instance is launched in a security group. If no security group is specified 0043 * during launch, the instances are launched in the default security group. Instances 0044 * within the same security group have unrestricted network access to each other. 0045 * Instances will reject network access attempts from other instances in a different 0046 * security group. As the owner of instances you can grant or revoke specific permissions 0047 * using the {@link authorizeIp}, {@link authorizeGroup}, {@link revokeGroup} and 0048 * {$link revokeIp} operations. 0049 * 0050 * @param string $name Name of the new security group. 0051 * @param string $description Description of the new security group. 0052 * @return boolean 0053 */ 0054 public function create($name, $description) 0055 { 0056 $params = array(); 0057 $params['Action'] = 'CreateSecurityGroup'; 0058 $params['GroupName'] = $name; 0059 $params['GroupDescription'] = $description; 0060 0061 $response = $this->sendRequest($params); 0062 $xpath = $response->getXPath(); 0063 $success = $xpath->evaluate('string(//ec2:return/text())'); 0064 0065 return ($success === "true"); 0066 } 0067 0068 /** 0069 * Returns information about security groups that you own. 0070 * 0071 * If you specify security group names, information about those security group is returned. 0072 * Otherwise, information for all security group is returned. If you specify a group 0073 * that does not exist, a fault is returned. 0074 * 0075 * @param string|array $name List of security groups to describe 0076 * @return array 0077 */ 0078 public function describe($name = null) 0079 { 0080 $params = array(); 0081 $params['Action'] = 'DescribeSecurityGroups'; 0082 if(is_array($name) && !empty($name)) { 0083 foreach($name as $k=>$name) { 0084 $params['GroupName.' . ($k+1)] = $name; 0085 } 0086 } elseif($name) { 0087 $params['GroupName.1'] = $name; 0088 } 0089 0090 $response = $this->sendRequest($params); 0091 $xpath = $response->getXPath(); 0092 0093 $return = array(); 0094 0095 $nodes = $xpath->query('//ec2:securityGroupInfo/ec2:item'); 0096 0097 foreach($nodes as $node) { 0098 $item = array(); 0099 0100 $item['ownerId'] = $xpath->evaluate('string(ec2:ownerId/text())', $node); 0101 $item['groupName'] = $xpath->evaluate('string(ec2:groupName/text())', $node); 0102 $item['groupDescription'] = $xpath->evaluate('string(ec2:groupDescription/text())', $node); 0103 0104 $ip_nodes = $xpath->query('ec2:ipPermissions/ec2:item', $node); 0105 0106 foreach($ip_nodes as $ip_node) { 0107 $sItem = array(); 0108 0109 $sItem['ipProtocol'] = $xpath->evaluate('string(ec2:ipProtocol/text())', $ip_node); 0110 $sItem['fromPort'] = $xpath->evaluate('string(ec2:fromPort/text())', $ip_node); 0111 $sItem['toPort'] = $xpath->evaluate('string(ec2:toPort/text())', $ip_node); 0112 0113 $ips = $xpath->query('ec2:ipRanges/ec2:item', $ip_node); 0114 0115 $sItem['ipRanges'] = array(); 0116 foreach($ips as $ip) { 0117 $sItem['ipRanges'][] = $xpath->evaluate('string(ec2:cidrIp/text())', $ip); 0118 } 0119 0120 if(count($sItem['ipRanges']) == 1) { 0121 $sItem['ipRanges'] = $sItem['ipRanges'][0]; 0122 } 0123 0124 $item['ipPermissions'][] = $sItem; 0125 unset($ip_node, $sItem); 0126 } 0127 0128 $return[] = $item; 0129 0130 unset($item, $node); 0131 } 0132 0133 0134 return $return; 0135 } 0136 0137 /** 0138 * Deletes a security group. 0139 * 0140 * If you attempt to delete a security group that contains instances, a fault is returned. 0141 * If you attempt to delete a security group that is referenced by another security group, 0142 * a fault is returned. For example, if security group B has a rule that allows access 0143 * from security group A, security group A cannot be deleted until the allow rule is removed. 0144 * 0145 * @param string $name Name of the security group to delete. 0146 * @return boolean 0147 */ 0148 public function delete($name) 0149 { 0150 $params = array(); 0151 $params['Action'] = 'DeleteSecurityGroup'; 0152 $params['GroupName'] = $name; 0153 0154 $response = $this->sendRequest($params); 0155 $xpath = $response->getXPath(); 0156 $success = $xpath->evaluate('string(//ec2:return/text())'); 0157 0158 return ($success === "true"); 0159 } 0160 0161 /** 0162 * Adds permissions to a security group 0163 * 0164 * Permissions are specified by the IP protocol (TCP, UDP or ICMP), the source of the request 0165 * (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges 0166 * (for TCP and UDP), and the ICMP codes and types (for ICMP). When authorizing ICMP, -1 0167 * can be used as a wildcard in the type and code fields. 0168 * 0169 * Permission changes are propagated to instances within the security group as quickly as 0170 * possible. However, depending on the number of instances, a small delay might occur. 0171 * 0172 * 0173 * @param string $name Name of the group to modify. 0174 * @param string $ipProtocol IP protocol to authorize access to when operating on a CIDR IP. 0175 * @param integer $fromPort Bottom of port range to authorize access to when operating on a CIDR IP. 0176 * This contains the ICMP type if ICMP is being authorized. 0177 * @param integer $toPort Top of port range to authorize access to when operating on a CIDR IP. 0178 * This contains the ICMP code if ICMP is being authorized. 0179 * @param string $cidrIp CIDR IP range to authorize access to when operating on a CIDR IP. 0180 * @return boolean 0181 */ 0182 public function authorizeIp($name, $ipProtocol, $fromPort, $toPort, $cidrIp) 0183 { 0184 $params = array(); 0185 $params['Action'] = 'AuthorizeSecurityGroupIngress'; 0186 $params['GroupName'] = $name; 0187 $params['IpProtocol'] = $ipProtocol; 0188 $params['FromPort'] = $fromPort; 0189 $params['ToPort'] = $toPort; 0190 $params['CidrIp'] = $cidrIp; 0191 0192 $response = $this->sendRequest($params); 0193 $xpath = $response->getXPath(); 0194 $success = $xpath->evaluate('string(//ec2:return/text())'); 0195 0196 return ($success === "true"); 0197 0198 } 0199 0200 /** 0201 * Adds permissions to a security group 0202 * 0203 * When authorizing a user/group pair permission, GroupName, SourceSecurityGroupName and 0204 * SourceSecurityGroupOwnerId must be specified. 0205 * 0206 * Permission changes are propagated to instances within the security group as quickly as 0207 * possible. However, depending on the number of instances, a small delay might occur. 0208 * 0209 * @param string $name Name of the group to modify. 0210 * @param string $groupName Name of security group to authorize access to when operating on a user/group pair. 0211 * @param string $ownerId Owner of security group to authorize access to when operating on a user/group pair. 0212 * @return boolean 0213 */ 0214 public function authorizeGroup($name, $groupName, $ownerId) 0215 { 0216 $params = array(); 0217 $params['Action'] = 'AuthorizeSecurityGroupIngress'; 0218 $params['GroupName'] = $name; 0219 $params['SourceSecurityGroupName'] = $groupName; 0220 $params['SourceSecurityGroupOwnerId'] = $ownerId; 0221 0222 0223 $response = $this->sendRequest($params); 0224 $xpath = $response->getXPath(); 0225 $success = $xpath->evaluate('string(//ec2:return/text())'); 0226 0227 0228 return ($success === "true"); 0229 } 0230 0231 /** 0232 * Revokes permissions from a security group. The permissions used to revoke must be specified 0233 * using the same values used to grant the permissions. 0234 * 0235 * Permissions are specified by the IP protocol (TCP, UDP or ICMP), the source of the request 0236 * (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges 0237 * (for TCP and UDP), and the ICMP codes and types (for ICMP). When authorizing ICMP, -1 0238 * can be used as a wildcard in the type and code fields. 0239 * 0240 * Permission changes are propagated to instances within the security group as quickly as 0241 * possible. However, depending on the number of instances, a small delay might occur. 0242 * 0243 * 0244 * @param string $name Name of the group to modify. 0245 * @param string $ipProtocol IP protocol to revoke access to when operating on a CIDR IP. 0246 * @param integer $fromPort Bottom of port range to revoke access to when operating on a CIDR IP. 0247 * This contains the ICMP type if ICMP is being revoked. 0248 * @param integer $toPort Top of port range to revoked access to when operating on a CIDR IP. 0249 * This contains the ICMP code if ICMP is being revoked. 0250 * @param string $cidrIp CIDR IP range to revoke access to when operating on a CIDR IP. 0251 * @return boolean 0252 */ 0253 public function revokeIp($name, $ipProtocol, $fromPort, $toPort, $cidrIp) 0254 { 0255 $params = array(); 0256 $params['Action'] = 'RevokeSecurityGroupIngress'; 0257 $params['GroupName'] = $name; 0258 $params['IpProtocol'] = $ipProtocol; 0259 $params['FromPort'] = $fromPort; 0260 $params['ToPort'] = $toPort; 0261 $params['CidrIp'] = $cidrIp; 0262 0263 $response = $this->sendRequest($params); 0264 $xpath = $response->getXPath(); 0265 $success = $xpath->evaluate('string(//ec2:return/text())'); 0266 0267 return ($success === "true"); 0268 } 0269 0270 /** 0271 * Revokes permissions from a security group. The permissions used to revoke must be specified 0272 * using the same values used to grant the permissions. 0273 * 0274 * Permission changes are propagated to instances within the security group as quickly as 0275 * possible. However, depending on the number of instances, a small delay might occur. 0276 * 0277 * When revoking a user/group pair permission, GroupName, SourceSecurityGroupName and 0278 * SourceSecurityGroupOwnerId must be specified. 0279 * 0280 * @param string $name Name of the group to modify. 0281 * @param string $groupName Name of security group to revoke access to when operating on a user/group pair. 0282 * @param string $ownerId Owner of security group to revoke access to when operating on a user/group pair. 0283 * @return boolean 0284 */ 0285 public function revokeGroup($name, $groupName, $ownerId) 0286 { 0287 $params = array(); 0288 $params['Action'] = 'RevokeSecurityGroupIngress'; 0289 $params['GroupName'] = $name; 0290 $params['SourceSecurityGroupName'] = $groupName; 0291 $params['SourceSecurityGroupOwnerId'] = $ownerId; 0292 0293 0294 $response = $this->sendRequest($params); 0295 $xpath = $response->getXPath(); 0296 $success = $xpath->evaluate('string(//ec2:return/text())'); 0297 0298 0299 return ($success === "true"); 0300 } 0301 }