sfa/openstack/security_group.py

   1 from sfa.util.sfalogging import logger
   2
   3 class SecurityGroup:
   4
   5     def __init__(self, driver):
   6         self.client = driver.shell.nova_manager
   7
   8
   9     def create_security_group(self, name):
  10         try:
  11             self.client.security_groups.create(name=name, description="")
  12         except Exception, ex:
  13             logger.log_exc("Failed to add security group")
  14
  15     def delete_security_group(self, name):
  16         try:
  17             self.client.security_groups(name=name)
  18         except Exception, ex:
  19             logger.log_exc("Failed to delete security group")
  20
  21
  22     def _validate_port_range(self, port_range):
  23         from_port = to_port = None
  24         if isinstance(port_range, str):
  25             ports = port_range.split(':')
  26             if len(ports) > 1:
  27                 from_port = int(ports[0])
  28                 to_port = int(ports[1])
  29             else:
  30                 from_port = to_port = int(ports[0])
  31         return (from_port, to_port)
  32
  33     def _validate_icmp_type_code(self, icmp_type_code):
  34         from_port = to_port = None
  35         if isinstance(icmp_type_code, str):
  36             code_parts = icmp_type_code.split(':')
  37             if len(code_parts) > 1:
  38                 try:
  39                     from_port = int(code_parts[0])
  40                     to_port = int(code_parts[1])
  41                 except ValueError:
  42                     logger.error('port must be an integer.')
  43         return (from_port, to_port)
  44
  45
  46     def add_rule_to_group(self, group_name=None, protocol='tcp', cidr_ip='0.0.0.0/0',
  47                           port_range=None, icmp_type_code=None,
  48                           source_group_name=None, source_group_owner_id=None):
  49
  50         try:
  51             from_port, to_port = self._validate_port_range(port_range)
  52             icmp_type = self._validate_icmp_type_code(icmp_type_code)
  53             if icmp_type and icmp_type[0] and icmp_type[1]:
  54                 from_port, to_port = icmp_type[0], icmp_type[1]
  55
  56             group = self.client.security_groups.find(name=group_name)
  57             self.client.security_group_rules.create(
  58                     group_id=group.id,
  59                     ip_protocol=protocol,
  60                     from_port=from_port,
  61                     to_port=to_port,
  62                     cidr_ip=cidr_ip,
  63                     )
  64         except Exception, ex:
  65             logger.log_exc("Failed to add rule to group %s" % group_name)
  66
  67
  68     def remove_rule_from_group(self, group_name=None, protocol='tcp', cidr_ip='0.0.0.0/0',
  69                           port_range=None, icmp_type_code=None,
  70                           source_group_name=None, source_group_owner_id=None):
  71         try:
  72             from_port, to_port = self._validate_port_range(port_range)
  73             icmp_type = self._validate_icmp_type_code(icmp_type_code)
  74             if icmp_type:
  75                 from_port, to_port = icmp_type[0], icmp_type[1]
  76             group = self.client.security_groups.find(name=group_name)
  77             filter = {
  78                 'id': group.id,
  79                 'from_port': from_port,
  80                 'to_port': to_port,
  81                 'cird_ip': ip,
  82                 'ip_protocol':protocol,
  83             }
  84             rule = self.client.security_group_rules.find(**filter)
  85             if rule:
  86                 self.client.security_group_rules.delete(rule)
  87         except Exception, ex:
  88             logger.log_exc("Failed to remove rule from group %s" % group_name)
  89