initial checkin
[sfa.git] / sfa / openstack / security_group.py
1 from sfa.util.sfalogging import logger
2
3 class SecurityGroup:
4
5     def __init__(self, driver):
6         self.driver = driver
7
8         
9     def create_security_group(self, name):
10         conn = self.driver.euca_shell.get_euca_connection()
11         try:
12             conn.create_security_group(name=group_name)
13         except Exception, ex:
14             logger.log_exc("Failed to add security group")
15
16     def delete_security_group(self, name):
17         conn = self.driver.euca_shell.get_euca_connection()
18         try:
19             conn.delete_security_group(name=group_name)
20         except Exception, ex:
21             logger.log_exc("Failed to delete security group")
22
23
24     def _validate_port_range(self, port_range):
25         from_port = to_port = None
26         if isinstance(port_range, str):
27             ports = port_range.split('-')
28             if len(ports) > 1:
29                 from_port = int(ports[0])
30                 to_port = int(ports[1])
31             else:
32                 from_port = to_port = int(ports[0])
33         else:
34             from_port = to_port = None
35         return (from_port, to_port)
36
37     def _validate_icmp_type_code(self, icmp_type_code):
38         from_port = to_port = None
39         if isinstance(icmp_type_code, str):
40             code_parts = icmp_type_code.split(':')
41             if len(code_parts) > 1:
42                 try:
43                     from_port = int(code_parts[0])
44                     to_port = int(code_parts[1])
45                 except ValueError:
46                     logger.error('port must be an integer.')
47         return (from_port, to_port)
48
49
50     def add_rule_to_group(self, group_name=None, protocol='tcp', cidr_ip='0.0.0.0/0',
51                           port_range=None, icmp_type_code=None,
52                           source_group_name=None, source_group_owner_id=None):
53
54
55         from_port, to_port = self._validate_port_range(port_range)
56         icmp_type = self._validate_icmp_type_code(icmp_type_code)
57         if icmp_type:
58             from_port, to_port = icmp_type[0], icmp_type[1]
59
60         if group_name:
61             if cidr_ip:
62                 euca.validate_address(cidr_ip)
63             if protocol:
64                euca.validate_protocol(protocol)
65             conn = self.driver.euca_shell.get_euca_connection()
66             try:
67                 conn.authorize_security_group(
68                     group_name=group_name,
69                     src_security_group_name=source_group_name,
70                     src_security_group_owner_id=source_group_owner_id,
71                     ip_protocol=protocol,
72                     from_port=from_port,
73                     to_port=to_port,
74                     cidr_ip=ip,
75                     )
76             except Exception, ex:
77                 logger.log_exc("Failed to add rule to group %s" % group_name)
78
79
80     def remove_rule_from_group(self, group_name=None, protocol='tcp', cidr_ip='0.0.0.0/0',
81                           port_range=None, icmp_type_code=None,
82                           source_group_name=None, source_group_owner_id=None):
83
84         from_port, to_port = self._validate_port_range(port_range)
85         icmp_type = self._validate_icmp_type_code(icmp_type_code)
86         if icmp_type:
87             from_port, to_port = icmp_type[0], icmp_type[1]
88
89         if group_name:
90             if cidr_ip:
91                 euca.validate_address(cidr_ip)
92             if protocol:
93                euca.validate_protocol(protocol)
94             conn = self.driver.euca_shell.get_euca_connection()
95             try:
96                 conn.revoke_security_group(
97                     group_name=group_name,
98                     src_security_group_name=source_group_name,
99                     src_security_group_owner_id=source_group_owner_id,
100                     ip_protocol=protocol,
101                     from_port=from_port,
102                     to_port=to_port,
103                     cidr_ip=ip,
104                     )
105             except Exception, ex:
106                 logger.log_exc("Failed to remove rule from group %s" % group_name) 
107