sfa/openstack/security_group.py

   1 from sfa.util.sfalogging import logger
   2
   3 class SecurityGroup:
   4
   5     def __init__(self, driver):
   6         self.client = driver.shell.nova_manager
   7
   8
   9     def create_security_group(self, name):
  10         try:
  11             self.client.security_groups.create(name=name, description=name)
  12         except Exception, ex:
  13             logger.log_exc("Failed to add security group")
  14
  15     def delete_security_group(self, name):
  16         try:
  17             security_group = self.client.security_groups.find(name=name)
  18             self.client.security_groups.delete(security_group.id)
  19         except Exception, ex:
  20             logger.log_exc("Failed to delete security group")
  21
  22
  23     def _validate_port_range(self, port_range):
  24         from_port = to_port = None
  25         if isinstance(port_range, str):
  26             ports = port_range.split(':')
  27             if len(ports) > 1:
  28                 from_port = int(ports[0])
  29                 to_port = int(ports[1])
  30             else:
  31                 from_port = to_port = int(ports[0])
  32         return (from_port, to_port)
  33
  34     def _validate_icmp_type_code(self, icmp_type_code):
  35         from_port = to_port = None
  36         if isinstance(icmp_type_code, str):
  37             code_parts = icmp_type_code.split(':')
  38             if len(code_parts) > 1:
  39                 try:
  40                     from_port = int(code_parts[0])
  41                     to_port = int(code_parts[1])
  42                 except ValueError:
  43                     logger.error('port must be an integer.')
  44         return (from_port, to_port)
  45
  46
  47     def add_rule_to_group(self, group_name=None, protocol='tcp', cidr_ip='0.0.0.0/0',
  48                           port_range=None, icmp_type_code=None,
  49                           source_group_name=None, source_group_owner_id=None):
  50
  51         try:
  52             from_port, to_port = self._validate_port_range(port_range)
  53             icmp_type = self._validate_icmp_type_code(icmp_type_code)
  54             if icmp_type and icmp_type[0] and icmp_type[1]:
  55                 from_port, to_port = icmp_type[0], icmp_type[1]
  56
  57             group = self.client.security_groups.find(name=group_name)
  58             self.client.security_group_rules.create(group.id, \
  59                                 protocol, from_port, to_port,cidr_ip)
  60         except Exception, ex:
  61             logger.log_exc("Failed to add rule to group %s" % group_name)
  62
  63
  64     def remove_rule_from_group(self, group_name=None, protocol='tcp', cidr_ip='0.0.0.0/0',
  65                           port_range=None, icmp_type_code=None,
  66                           source_group_name=None, source_group_owner_id=None):
  67         try:
  68             from_port, to_port = self._validate_port_range(port_range)
  69             icmp_type = self._validate_icmp_type_code(icmp_type_code)
  70             if icmp_type:
  71                 from_port, to_port = icmp_type[0], icmp_type[1]
  72             group = self.client.security_groups.find(name=group_name)
  73             filter = {
  74                 'id': group.id,
  75                 'from_port': from_port,
  76                 'to_port': to_port,
  77                 'cidr_ip': ip,
  78                 'ip_protocol':protocol,
  79             }
  80             rule = self.client.security_group_rules.find(**filter)
  81             if rule:
  82                 self.client.security_group_rules.delete(rule)
  83         except Exception, ex:
  84             logger.log_exc("Failed to remove rule from group %s" % group_name)
  85