Merge branch 'senslab2' of ssh://git.f-lab.fr/git/sfa into senslab2
[sfa.git] / sfa / openstack / security_group.py
1 from sfa.util.sfalogging import logger
2
3 class SecurityGroup:
4
5     def __init__(self, driver):
6         self.driver = driver
7
8         
9     def create_security_group(self, name):
10         conn = self.driver.euca_shell.get_euca_connection()
11         try:
12             conn.create_security_group(name=name, description="")
13         except Exception, ex:
14             logger.log_exc("Failed to add security group")
15
16     def delete_security_group(self, name):
17         conn = self.driver.euca_shell.get_euca_connection()
18         try:
19             conn.delete_security_group(name=name)
20         except Exception, ex:
21             logger.log_exc("Failed to delete security group")
22
23
24     def _validate_port_range(self, port_range):
25         from_port = to_port = None
26         if isinstance(port_range, str):
27             ports = port_range.split(':')
28             if len(ports) > 1:
29                 from_port = int(ports[0])
30                 to_port = int(ports[1])
31             else:
32                 from_port = to_port = int(ports[0])
33         return (from_port, to_port)
34
35     def _validate_icmp_type_code(self, icmp_type_code):
36         from_port = to_port = None
37         if isinstance(icmp_type_code, str):
38             code_parts = icmp_type_code.split(':')
39             if len(code_parts) > 1:
40                 try:
41                     from_port = int(code_parts[0])
42                     to_port = int(code_parts[1])
43                 except ValueError:
44                     logger.error('port must be an integer.')
45         return (from_port, to_port)
46
47
48     def add_rule_to_group(self, group_name=None, protocol='tcp', cidr_ip='0.0.0.0/0',
49                           port_range=None, icmp_type_code=None,
50                           source_group_name=None, source_group_owner_id=None):
51
52         from_port, to_port = self._validate_port_range(port_range)
53         icmp_type = self._validate_icmp_type_code(icmp_type_code)
54         if icmp_type and icmp_type[0] and icmp_type[1]:
55             from_port, to_port = icmp_type[0], icmp_type[1]
56
57         if group_name:
58             conn = self.driver.euca_shell.get_euca_connection()
59             try:
60                 conn.authorize_security_group(
61                     group_name=group_name,
62                     src_security_group_name=source_group_name,
63                     src_security_group_owner_id=source_group_owner_id,
64                     ip_protocol=protocol,
65                     from_port=from_port,
66                     to_port=to_port,
67                     cidr_ip=cidr_ip,
68                     )
69             except Exception, ex:
70                 logger.log_exc("Failed to add rule to group %s" % group_name)
71
72
73     def remove_rule_from_group(self, group_name=None, protocol='tcp', cidr_ip='0.0.0.0/0',
74                           port_range=None, icmp_type_code=None,
75                           source_group_name=None, source_group_owner_id=None):
76
77         from_port, to_port = self._validate_port_range(port_range)
78         icmp_type = self._validate_icmp_type_code(icmp_type_code)
79         if icmp_type:
80             from_port, to_port = icmp_type[0], icmp_type[1]
81
82         if group_name:
83             conn = self.driver.euca_shell.get_euca_connection()
84             try:
85                 conn.revoke_security_group(
86                     group_name=group_name,
87                     src_security_group_name=source_group_name,
88                     src_security_group_owner_id=source_group_owner_id,
89                     ip_protocol=protocol,
90                     from_port=from_port,
91                     to_port=to_port,
92                     cidr_ip=ip,
93                     )
94             except Exception, ex:
95                 logger.log_exc("Failed to remove rule from group %s" % group_name) 
96