X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fopenstack%2Fsecurity_group.py;h=ca0e26614b4f5e8f31a81dd7e7cb9946a4f81112;hb=04a3f20dc71bf8b3f96b1e3172623aa346a638a7;hp=4af0e581c85fa59a5213a8f813a99923a42d74a3;hpb=6e46a2373bcda1c1793d18936cc40fb39beb149a;p=sfa.git

diff --git a/sfa/openstack/security_group.py b/sfa/openstack/security_group.py
index 4af0e581..ca0e2661 100644
--- a/sfa/openstack/security_group.py
+++ b/sfa/openstack/security_group.py
@@ -1,26 +1,25 @@
 from sfa.util.sfalogging import logger
 
+
 class SecurityGroup:
 
     def __init__(self, driver):
-        self.driver = driver
+        self.client = driver.shell.nova_manager
 
-        
     def create_security_group(self, name):
-        conn = self.driver.euca_shell.get_euca_connection()
         try:
-            conn.create_security_group(name=name, description="")
-        except Exception, ex:
+            self.client.security_groups.create(name=name, description=name)
+        except Exception as ex:
             logger.log_exc("Failed to add security group")
+            raise
 
     def delete_security_group(self, name):
-        conn = self.driver.euca_shell.get_euca_connection()
         try:
-            conn.delete_security_group(name=name)
-        except Exception, ex:
+            security_group = self.client.security_groups.find(name=name)
+            self.client.security_groups.delete(security_group.id)
+        except Exception as ex:
             logger.log_exc("Failed to delete security group")
 
-
     def _validate_port_range(self, port_range):
         from_port = to_port = None
         if isinstance(port_range, str):
@@ -44,53 +43,40 @@ class SecurityGroup:
                     logger.error('port must be an integer.')
         return (from_port, to_port)
 
-
     def add_rule_to_group(self, group_name=None, protocol='tcp', cidr_ip='0.0.0.0/0',
                           port_range=None, icmp_type_code=None,
                           source_group_name=None, source_group_owner_id=None):
 
-        from_port, to_port = self._validate_port_range(port_range)
-        icmp_type = self._validate_icmp_type_code(icmp_type_code)
-        if icmp_type and icmp_type[0] and icmp_type[1]:
-            from_port, to_port = icmp_type[0], icmp_type[1]
-
-        if group_name:
-            conn = self.driver.euca_shell.get_euca_connection()
-            try:
-                conn.authorize_security_group(
-                    group_name=group_name,
-                    src_security_group_name=source_group_name,
-                    src_security_group_owner_id=source_group_owner_id,
-                    ip_protocol=protocol,
-                    from_port=from_port,
-                    to_port=to_port,
-                    cidr_ip=cidr_ip,
-                    )
-            except Exception, ex:
-                logger.log_exc("Failed to add rule to group %s" % group_name)
+        try:
+            from_port, to_port = self._validate_port_range(port_range)
+            icmp_type = self._validate_icmp_type_code(icmp_type_code)
+            if icmp_type and icmp_type[0] and icmp_type[1]:
+                from_port, to_port = icmp_type[0], icmp_type[1]
 
+            group = self.client.security_groups.find(name=group_name)
+            self.client.security_group_rules.create(group.id,
+                                                    protocol, from_port, to_port, cidr_ip)
+        except Exception as ex:
+            logger.log_exc("Failed to add rule to group %s" % group_name)
 
     def remove_rule_from_group(self, group_name=None, protocol='tcp', cidr_ip='0.0.0.0/0',
-                          port_range=None, icmp_type_code=None,
-                          source_group_name=None, source_group_owner_id=None):
-
-        from_port, to_port = self._validate_port_range(port_range)
-        icmp_type = self._validate_icmp_type_code(icmp_type_code)
-        if icmp_type:
-            from_port, to_port = icmp_type[0], icmp_type[1]
-
-        if group_name:
-            conn = self.driver.euca_shell.get_euca_connection()
-            try:
-                conn.revoke_security_group(
-                    group_name=group_name,
-                    src_security_group_name=source_group_name,
-                    src_security_group_owner_id=source_group_owner_id,
-                    ip_protocol=protocol,
-                    from_port=from_port,
-                    to_port=to_port,
-                    cidr_ip=ip,
-                    )
-            except Exception, ex:
-                logger.log_exc("Failed to remove rule from group %s" % group_name) 
-             
+                               port_range=None, icmp_type_code=None,
+                               source_group_name=None, source_group_owner_id=None):
+        try:
+            from_port, to_port = self._validate_port_range(port_range)
+            icmp_type = self._validate_icmp_type_code(icmp_type_code)
+            if icmp_type:
+                from_port, to_port = icmp_type[0], icmp_type[1]
+            group = self.client.security_groups.find(name=group_name)
+            filter = {
+                'id': group.id,
+                'from_port': from_port,
+                'to_port': to_port,
+                'cidr_ip': ip,
+                'ip_protocol': protocol,
+            }
+            rule = self.client.security_group_rules.find(**filter)
+            if rule:
+                self.client.security_group_rules.delete(rule)
+        except Exception as ex:
+            logger.log_exc("Failed to remove rule from group %s" % group_name)