You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltacloud.apache.org by sp...@apache.org on 2011/07/13 20:03:44 UTC

svn commit: r1146174 - /incubator/deltacloud/trunk/server/lib/deltacloud/drivers/eucalyptus/eucalyptus_driver.rb

Author: spark
Date: Wed Jul 13 18:03:43 2011
New Revision: 1146174

URL: http://svn.apache.org/viewvc?rev=1146174&view=rev
Log:
firewall implementation for eucalyptus driver

Modified:
    incubator/deltacloud/trunk/server/lib/deltacloud/drivers/eucalyptus/eucalyptus_driver.rb

Modified: incubator/deltacloud/trunk/server/lib/deltacloud/drivers/eucalyptus/eucalyptus_driver.rb
URL: http://svn.apache.org/viewvc/incubator/deltacloud/trunk/server/lib/deltacloud/drivers/eucalyptus/eucalyptus_driver.rb?rev=1146174&r1=1146173&r2=1146174&view=diff
==============================================================================
--- incubator/deltacloud/trunk/server/lib/deltacloud/drivers/eucalyptus/eucalyptus_driver.rb (original)
+++ incubator/deltacloud/trunk/server/lib/deltacloud/drivers/eucalyptus/eucalyptus_driver.rb Wed Jul 13 18:03:43 2011
@@ -22,7 +22,7 @@ module Deltacloud
       class EucalyptusDriver < EC2::EC2Driver
 
         def supported_collections
-          DEFAULT_COLLECTIONS + [ :keys, :buckets, :addresses ]
+          DEFAULT_COLLECTIONS + [ :keys, :buckets, :addresses, :firewalls ]
         end
 
         feature :instances, :user_data
@@ -122,6 +122,42 @@ module Deltacloud
                   "Loadbalancer not supported in Eucalyptus", "")
         end
 
+	# override EC2 implementation; Eucalyptus implements the older definition of EC2 security group;
+	# http://docs.amazonwebservices.com/AWSEC2/2009-07-15/APIReference/index.html?ApiReference-query-AuthorizeSecurityGroupIngress.html
+        # if the rule specifies a source group, port&protocol will be ignored. And source group and cidr range can't be mixed in a request
+        def create_firewall_rule(credentials, opts={})
+        # only either source groups or cidr IP range can be given, not both;
+          if !(opts['groups'].nil?) && opts['groups'].length>0
+            ec2 = new_client(credentials)
+            opts['groups'].each do |group,owner|
+              safely do
+                ec2.authorize_security_group_named_ingress(opts['id'], owner, group)
+              end
+            end
+          elsif !(opts['addresses'].nil?) && opts['addresses'].length>0
+            ec2 = new_client(credentials)
+            opts['addresses'].each do |ip|
+              ec2.authorize_security_group_IP_ingress(opts['id'], opts['from_port'], opts['to_port'], opts['protocol'], ip)
+            end
+          end
+        end
+
+        def delete_firewall_rule(credentials, opts={})
+          ec2 = new_client(credentials)
+          firewall = opts[:id]
+          protocol, from_port, to_port, addresses, groups = firewall_rule_params(opts[:rule_id])
+          unless groups.nil?
+            groups.each_index do |i|
+              ec2.revoke_security_group_named_ingress(firewall, groups[i]['owner'], groups[i]['group_name'])
+            end
+          end
+          unless addresses.nil?
+            addresses.each do |ip|
+              ec2.revoke_security_group_IP_ingress(firewall, from_port, to_port, protocol, ip )
+            end
+          end
+        end
+
         def new_client(credentials, type = :ec2)
           klass = case type
                   when :ec2 then Aws::Ec2