You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@libcloud.apache.org by to...@apache.org on 2012/08/21 22:48:20 UTC
svn commit: r1375779 - in /libcloud/trunk: CHANGES
libcloud/compute/drivers/ec2.py
libcloud/test/compute/fixtures/ec2/authorize_security_group_ingress.xml
libcloud/test/compute/fixtures/ec2/describe_security_groups.xml
libcloud/test/compute/test_ec2.py
Author: tomaz
Date: Tue Aug 21 20:48:20 2012
New Revision: 1375779
URL: http://svn.apache.org/viewvc?rev=1375779&view=rev
Log:
Add ex_list_security_groups and ex_authorize_security_group methods to
the EC2 driver. Contributed by Nick Bailey, part of LIBCLOUD-241.
Added:
libcloud/trunk/libcloud/test/compute/fixtures/ec2/authorize_security_group_ingress.xml
libcloud/trunk/libcloud/test/compute/fixtures/ec2/describe_security_groups.xml
Modified:
libcloud/trunk/CHANGES
libcloud/trunk/libcloud/compute/drivers/ec2.py
libcloud/trunk/libcloud/test/compute/test_ec2.py
Modified: libcloud/trunk/CHANGES
URL: http://svn.apache.org/viewvc/libcloud/trunk/CHANGES?rev=1375779&r1=1375778&r2=1375779&view=diff
==============================================================================
--- libcloud/trunk/CHANGES (original)
+++ libcloud/trunk/CHANGES Tue Aug 21 20:48:20 2012
@@ -14,6 +14,10 @@ Changes with Apache Libcloud in developm
- Allow user to pass 'timeout' argument to the 'deploy_node' method.
[Tomaz Muraus]
+ - Add ex_list_security_groups and ex_authorize_security_group methods to
+ the EC2 driver.
+ [Nick Bailey]
+
*) Storage
- Add the following new methods to the CloudFiles driver:
Modified: libcloud/trunk/libcloud/compute/drivers/ec2.py
URL: http://svn.apache.org/viewvc/libcloud/trunk/libcloud/compute/drivers/ec2.py?rev=1375779&r1=1375778&r2=1375779&view=diff
==============================================================================
--- libcloud/trunk/libcloud/compute/drivers/ec2.py (original)
+++ libcloud/trunk/libcloud/compute/drivers/ec2.py Tue Aug 21 20:48:20 2012
@@ -653,7 +653,6 @@ class EC2NodeDriver(NodeDriver):
@type name: C{str}
@rtype: C{dict}
-
"""
params = {
@@ -668,13 +667,34 @@ class EC2NodeDriver(NodeDriver):
'keyName': key_name
}
+ def ex_list_security_groups(self):
+ """
+ List existing Security Groups.
+
+ @note: This is a non-standard extension API, and only works for EC2.
+
+ @rtype: C{list} of C{str}
+ """
+ params = {'Action': 'DescribeSecurityGroups'}
+ response = self.connection.request(self.path, params=params).object
+
+ groups = []
+ for group in findall(element=response, xpath='securityGroupInfo/item',
+ namespace=NAMESPACE):
+ name = findtext(element=group, xpath='groupName',
+ namespace=NAMESPACE)
+ groups.append(name)
+
+ return groups
+
def ex_create_security_group(self, name, description):
- """Creates a new Security Group
+ """
+ Creates a new Security Group
@note: This is a non-standard extension API, and only works for EC2.
@param name: The name of the security group to Create.
- This must be unique.
+ This must be unique.
@type name: C{str}
@param description: Human readable description of a Security
@@ -688,6 +708,46 @@ class EC2NodeDriver(NodeDriver):
'GroupDescription': description}
return self.connection.request(self.path, params=params).object
+ def ex_authorize_security_group(self, name, from_port, to_port, cidr_ip,
+ protocol='tcp'):
+ """
+ Edit a Security Group to allow specific traffic.
+
+ @note: This is a non-standard extension API, and only works for EC2.
+
+ @param name: The name of the security group to edit
+ @type name: C{str}
+
+ @param from_port: The beginning of the port range to open
+ @type from_port: C{str}
+
+ @param end_port: The end of the port range to open
+ @type end_port: C{str}
+
+ @param cidr_ip: The ip to allow traffic for.
+ @type cidr_ip: C{str}
+
+ @param protocol: tcp/udp/icmp
+ @type protocol: C{str}
+
+ @rtype: C{boolean}
+ """
+
+ params = {'Action': 'AuthorizeSecurityGroupIngress',
+ 'GroupName': name,
+ 'IpProtocol': protocol,
+ 'FromPort': str(from_port),
+ 'ToPort': str(to_port),
+ 'CidrIp': cidr_ip}
+ try:
+ resp = self.connection.request(self.path, params=params.copy()).object
+ return bool(findtext(element=resp, xpath='return',
+ namespace=NAMESPACE))
+ except Exception:
+ e = sys.exc_info()[1]
+ if e.args[0].find('InvalidPermission.Duplicate') == -1:
+ raise e
+
def ex_authorize_security_group_permissive(self, name):
"""
Edit a Security Group to allow all traffic.
Added: libcloud/trunk/libcloud/test/compute/fixtures/ec2/authorize_security_group_ingress.xml
URL: http://svn.apache.org/viewvc/libcloud/trunk/libcloud/test/compute/fixtures/ec2/authorize_security_group_ingress.xml?rev=1375779&view=auto
==============================================================================
--- libcloud/trunk/libcloud/test/compute/fixtures/ec2/authorize_security_group_ingress.xml (added)
+++ libcloud/trunk/libcloud/test/compute/fixtures/ec2/authorize_security_group_ingress.xml Tue Aug 21 20:48:20 2012
@@ -0,0 +1,4 @@
+<AuthorizeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2010-08-31/">
+ <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
+ <return>true</return>
+</AuthorizeSecurityGroupIngressResponse>
Added: libcloud/trunk/libcloud/test/compute/fixtures/ec2/describe_security_groups.xml
URL: http://svn.apache.org/viewvc/libcloud/trunk/libcloud/test/compute/fixtures/ec2/describe_security_groups.xml?rev=1375779&view=auto
==============================================================================
--- libcloud/trunk/libcloud/test/compute/fixtures/ec2/describe_security_groups.xml (added)
+++ libcloud/trunk/libcloud/test/compute/fixtures/ec2/describe_security_groups.xml Tue Aug 21 20:48:20 2012
@@ -0,0 +1,50 @@
+<DescribeSecurityGroupsResponse xmlns="http://ec2.amazonaws.com/doc/2010-08-31/">
+ <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
+ <securityGroupInfo>
+ <item>
+ <ownerId>111122223333</ownerId>
+ <groupId>sg-443d0a12</groupId>
+ <groupName>WebServers</groupName>
+ <groupDescription>Web Servers</groupDescription>
+ <vpcId/>
+ <ipPermissions>
+ <item>
+ <ipProtocol>tcp</ipProtocol>
+ <fromPort>80</fromPort>
+ <toPort>80</toPort>
+ <groups/>
+ <ipRanges>
+ <item>
+ <cidrIp>0.0.0.0/0</cidrIp>
+ </item>
+ </ipRanges>
+ </item>
+ </ipPermissions>
+ <ipPermissionsEgress/>
+ <tagSet/>
+ </item>
+ <item>
+ <ownerId>111122223333</ownerId>
+ <groupId>sg-5ff8a023</groupId>
+ <groupName>RangedPortsBySource</groupName>
+ <groupDescription>Group A</groupDescription>
+ <ipPermissions>
+ <item>
+ <ipProtocol>tcp</ipProtocol>
+ <fromPort>6000</fromPort>
+ <toPort>7000</toPort>
+ <groups>
+ <item>
+ <userId>111122223333</userId>
+ <groupId>sg-99gh4012</groupId>
+ <groupName>Group B</groupName>
+ </item>
+ </groups>
+ <ipRanges/>
+ </item>
+ </ipPermissions>
+ <ipPermissionsEgress/>
+ <tagSet/>
+ </item>
+ </securityGroupInfo>
+</DescribeSecurityGroupsResponse>
Modified: libcloud/trunk/libcloud/test/compute/test_ec2.py
URL: http://svn.apache.org/viewvc/libcloud/trunk/libcloud/test/compute/test_ec2.py?rev=1375779&r1=1375778&r2=1375779&view=diff
==============================================================================
--- libcloud/trunk/libcloud/test/compute/test_ec2.py (original)
+++ libcloud/trunk/libcloud/test/compute/test_ec2.py Tue Aug 21 20:48:20 2012
@@ -139,6 +139,15 @@ class EC2Tests(LibcloudTestCase, TestCas
self.assertTrue(len(locations) > 0)
self.assertTrue(locations[0].availability_zone != None)
+ def test_list_security_groups(self):
+ groups = self.driver.ex_list_security_groups()
+ self.assertEqual(groups, ['WebServers', 'RangedPortsBySource'])
+
+ def test_authorize_security_group(self):
+ resp = self.driver.ex_authorize_security_group('TestGroup', '22', '22',
+ '0.0.0.0/0')
+ self.assertTrue(resp)
+
def test_reboot_node(self):
node = Node('i-4382922a', None, None, None, None, self.driver)
ret = self.driver.reboot_node(node)
@@ -358,6 +367,14 @@ class EC2MockHttp(MockHttp):
body = self.fixtures.load('stop_instances.xml')
return (httplib.OK, body, {}, httplib.responses[httplib.OK])
+ def _DescribeSecurityGroups(self, method, url, body, headers):
+ body = self.fixtures.load('describe_security_groups.xml')
+ return (httplib.OK, body, {}, httplib.responses[httplib.OK])
+
+ def _AuthorizeSecurityGroupIngress(self, method, url, body, headers):
+ body = self.fixtures.load('authorize_security_group_ingress.xml')
+ return (httplib.OK, body, {}, httplib.responses[httplib.OK])
+
def _DescribeImages(self, method, url, body, headers):
body = self.fixtures.load('describe_images.xml')
return (httplib.OK, body, {}, httplib.responses[httplib.OK])