X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fopenstack%2Fsecurity_group.py;h=6aced8c68802e22d65f4aae3fa3ffa97ca891c1c;hb=a0ef6e7c91c3c8fa376943d28fec8c5c204a78cd;hp=33c627433f4f582086382585bfdf37e2ffe70cf7;hpb=105f1324113d365966f72e7217a0a9bce403aba7;p=sfa.git

diff --git a/sfa/openstack/security_group.py b/sfa/openstack/security_group.py
index 33c62743..6aced8c6 100644
--- a/sfa/openstack/security_group.py
+++ b/sfa/openstack/security_group.py
@@ -3,35 +3,33 @@ from sfa.util.sfalogging import logger
 class SecurityGroup:
 
     def __init__(self, driver):
-        self.driver = driver
+        self.client = driver.shell.nova_manager
 
         
     def create_security_group(self, name):
-        conn = self.driver.euca_shell.get_euca_connection()
         try:
-            conn.create_security_group(name=name, description="")
-        except Exception, ex:
+            self.client.security_groups.create(name=name, description=name)
+        except Exception as ex:
             logger.log_exc("Failed to add security group")
+            raise
 
     def delete_security_group(self, name):
-        conn = self.driver.euca_shell.get_euca_connection()
         try:
-            conn.delete_security_group(name=name)
-        except Exception, ex:
+            security_group = self.client.security_groups.find(name=name)
+            self.client.security_groups.delete(security_group.id)
+        except Exception as ex:
             logger.log_exc("Failed to delete security group")
 
 
     def _validate_port_range(self, port_range):
         from_port = to_port = None
         if isinstance(port_range, str):
-            ports = port_range.split('-')
+            ports = port_range.split(':')
             if len(ports) > 1:
                 from_port = int(ports[0])
                 to_port = int(ports[1])
             else:
                 from_port = to_port = int(ports[0])
-        else:
-            from_port = to_port = None
         return (from_port, to_port)
 
     def _validate_icmp_type_code(self, icmp_type_code):
@@ -51,48 +49,38 @@ class SecurityGroup:
                           port_range=None, icmp_type_code=None,
                           source_group_name=None, source_group_owner_id=None):
 
-        from_port, to_port = self._validate_port_range(port_range)
-        icmp_type = self._validate_icmp_type_code(icmp_type_code)
-        if icmp_type:
-            from_port, to_port = icmp_type[0], icmp_type[1]
+        try:
+            from_port, to_port = self._validate_port_range(port_range)
+            icmp_type = self._validate_icmp_type_code(icmp_type_code)
+            if icmp_type and icmp_type[0] and icmp_type[1]:
+                from_port, to_port = icmp_type[0], icmp_type[1]
 
-        if group_name:
-            conn = self.driver.euca_shell.get_euca_connection()
-            try:
-                conn.authorize_security_group(
-                    group_name=group_name,
-                    src_security_group_name=source_group_name,
-                    src_security_group_owner_id=source_group_owner_id,
-                    ip_protocol=protocol,
-                    from_port=from_port,
-                    to_port=to_port,
-                    cidr_ip=cidr_ip,
-                    )
-            except Exception, ex:
-                logger.log_exc("Failed to add rule to group %s" % group_name)
+            group = self.client.security_groups.find(name=group_name)
+            self.client.security_group_rules.create(group.id, \
+                                protocol, from_port, to_port,cidr_ip)
+        except Exception as ex:
+            logger.log_exc("Failed to add rule to group %s" % group_name)
 
 
     def remove_rule_from_group(self, group_name=None, protocol='tcp', cidr_ip='0.0.0.0/0',
                           port_range=None, icmp_type_code=None,
                           source_group_name=None, source_group_owner_id=None):
-
-        from_port, to_port = self._validate_port_range(port_range)
-        icmp_type = self._validate_icmp_type_code(icmp_type_code)
-        if icmp_type:
-            from_port, to_port = icmp_type[0], icmp_type[1]
-
-        if group_name:
-            conn = self.driver.euca_shell.get_euca_connection()
-            try:
-                conn.revoke_security_group(
-                    group_name=group_name,
-                    src_security_group_name=source_group_name,
-                    src_security_group_owner_id=source_group_owner_id,
-                    ip_protocol=protocol,
-                    from_port=from_port,
-                    to_port=to_port,
-                    cidr_ip=ip,
-                    )
-            except Exception, ex:
-                logger.log_exc("Failed to remove rule from group %s" % group_name) 
+        try:
+            from_port, to_port = self._validate_port_range(port_range)
+            icmp_type = self._validate_icmp_type_code(icmp_type_code)
+            if icmp_type:
+                from_port, to_port = icmp_type[0], icmp_type[1]
+            group = self.client.security_groups.find(name=group_name)
+            filter = {
+                'id': group.id,   
+                'from_port': from_port,
+                'to_port': to_port,
+                'cidr_ip': ip,
+                'ip_protocol':protocol,
+            }
+            rule = self.client.security_group_rules.find(**filter)
+            if rule:
+                self.client.security_group_rules.delete(rule)
+        except Exception as ex:
+            logger.log_exc("Failed to remove rule from group %s" % group_name)