git://git.onelab.eu / sfa.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
2to3 -f except
[sfa.git] / sfa / openstack / security_group.py
1 from sfa.util.sfalogging import logger
2
3 class SecurityGroup:
4
5     def __init__(self, driver):
6         self.client = driver.shell.nova_manager
7
8         
9     def create_security_group(self, name):
10         try:
11             self.client.security_groups.create(name=name, description=name)
12         except Exception as ex:
13             logger.log_exc("Failed to add security group")
14             raise
15
16     def delete_security_group(self, name):
17         try:
18             security_group = self.client.security_groups.find(name=name)
19             self.client.security_groups.delete(security_group.id)
20         except Exception as ex:
21             logger.log_exc("Failed to delete security group")
22
23
24     def _validate_port_range(self, port_range):
25         from_port = to_port = None
26         if isinstance(port_range, str):
27             ports = port_range.split(':')
28             if len(ports) > 1:
29                 from_port = int(ports[0])
30                 to_port = int(ports[1])
31             else:
32                 from_port = to_port = int(ports[0])
33         return (from_port, to_port)
34
35     def _validate_icmp_type_code(self, icmp_type_code):
36         from_port = to_port = None
37         if isinstance(icmp_type_code, str):
38             code_parts = icmp_type_code.split(':')
39             if len(code_parts) > 1:
40                 try:
41                     from_port = int(code_parts[0])
42                     to_port = int(code_parts[1])
43                 except ValueError:
44                     logger.error('port must be an integer.')
45         return (from_port, to_port)
46
47
48     def add_rule_to_group(self, group_name=None, protocol='tcp', cidr_ip='0.0.0.0/0',
49                           port_range=None, icmp_type_code=None,
50                           source_group_name=None, source_group_owner_id=None):
51
52         try:
53             from_port, to_port = self._validate_port_range(port_range)
54             icmp_type = self._validate_icmp_type_code(icmp_type_code)
55             if icmp_type and icmp_type[0] and icmp_type[1]:
56                 from_port, to_port = icmp_type[0], icmp_type[1]
57
58             group = self.client.security_groups.find(name=group_name)
59             self.client.security_group_rules.create(group.id, \
60                                 protocol, from_port, to_port,cidr_ip)
61         except Exception as ex:
62             logger.log_exc("Failed to add rule to group %s" % group_name)
63
64
65     def remove_rule_from_group(self, group_name=None, protocol='tcp', cidr_ip='0.0.0.0/0',
66                           port_range=None, icmp_type_code=None,
67                           source_group_name=None, source_group_owner_id=None):
68         try:
69             from_port, to_port = self._validate_port_range(port_range)
70             icmp_type = self._validate_icmp_type_code(icmp_type_code)
71             if icmp_type:
72                 from_port, to_port = icmp_type[0], icmp_type[1]
73             group = self.client.security_groups.find(name=group_name)
74             filter = {
75                 'id': group.id,   
76                 'from_port': from_port,
77                 'to_port': to_port,
78                 'cidr_ip': ip,
79                 'ip_protocol':protocol,
80             }
81             rule = self.client.security_group_rules.find(**filter)
82             if rule:
83                 self.client.security_group_rules.delete(rule)
84         except Exception as ex:
85             logger.log_exc("Failed to remove rule from group %s" % group_name) 
86              
sfa