X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fopenstack%2Fsecurity_group.py;fp=sfa%2Fopenstack%2Fsecurity_group.py;h=f7233129cdda9e7c125dcbe224a90e227e8bee0e;hb=84a122f7286f913429754d8a1f5e4c320ba7e9ec;hp=0000000000000000000000000000000000000000;hpb=8d4066ef87acbece44e9dcdbd57a8ea0ba225d4f;p=sfa.git diff --git a/sfa/openstack/security_group.py b/sfa/openstack/security_group.py new file mode 100644 index 00000000..f7233129 --- /dev/null +++ b/sfa/openstack/security_group.py @@ -0,0 +1,107 @@ +from sfa.util.sfalogging import logger + +class SecurityGroup: + + def __init__(self, driver): + self.driver = driver + + + def create_security_group(self, name): + conn = self.driver.euca_shell.get_euca_connection() + try: + conn.create_security_group(name=group_name) + except Exception, ex: + logger.log_exc("Failed to add security group") + + def delete_security_group(self, name): + conn = self.driver.euca_shell.get_euca_connection() + try: + conn.delete_security_group(name=group_name) + except Exception, ex: + logger.log_exc("Failed to delete security group") + + + def _validate_port_range(self, port_range): + from_port = to_port = None + if isinstance(port_range, str): + ports = port_range.split('-') + if len(ports) > 1: + from_port = int(ports[0]) + to_port = int(ports[1]) + else: + from_port = to_port = int(ports[0]) + else: + from_port = to_port = None + return (from_port, to_port) + + def _validate_icmp_type_code(self, icmp_type_code): + from_port = to_port = None + if isinstance(icmp_type_code, str): + code_parts = icmp_type_code.split(':') + if len(code_parts) > 1: + try: + from_port = int(code_parts[0]) + to_port = int(code_parts[1]) + except ValueError: + logger.error('port must be an integer.') + return (from_port, to_port) + + + def add_rule_to_group(self, group_name=None, protocol='tcp', cidr_ip='0.0.0.0/0', + port_range=None, icmp_type_code=None, + source_group_name=None, source_group_owner_id=None): + + + from_port, to_port = self._validate_port_range(port_range) + icmp_type = self._validate_icmp_type_code(icmp_type_code) + if icmp_type: + from_port, to_port = icmp_type[0], icmp_type[1] + + if group_name: + if cidr_ip: + euca.validate_address(cidr_ip) + if protocol: + euca.validate_protocol(protocol) + conn = self.driver.euca_shell.get_euca_connection() + try: + conn.authorize_security_group( + group_name=group_name, + src_security_group_name=source_group_name, + src_security_group_owner_id=source_group_owner_id, + ip_protocol=protocol, + from_port=from_port, + to_port=to_port, + cidr_ip=ip, + ) + except Exception, ex: + logger.log_exc("Failed to add rule to group %s" % group_name) + + + def remove_rule_from_group(self, group_name=None, protocol='tcp', cidr_ip='0.0.0.0/0', + port_range=None, icmp_type_code=None, + source_group_name=None, source_group_owner_id=None): + + from_port, to_port = self._validate_port_range(port_range) + icmp_type = self._validate_icmp_type_code(icmp_type_code) + if icmp_type: + from_port, to_port = icmp_type[0], icmp_type[1] + + if group_name: + if cidr_ip: + euca.validate_address(cidr_ip) + if protocol: + euca.validate_protocol(protocol) + conn = self.driver.euca_shell.get_euca_connection() + try: + conn.revoke_security_group( + group_name=group_name, + src_security_group_name=source_group_name, + src_security_group_owner_id=source_group_owner_id, + ip_protocol=protocol, + from_port=from_port, + to_port=to_port, + cidr_ip=ip, + ) + except Exception, ex: + logger.log_exc("Failed to remove rule from group %s" % group_name) +