You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@deltacloud.apache.org by sa...@eucalyptus.com on 2011/07/10 19:30:19 UTC
[PATCH 2/2] firewall implementation for eucalyptus driver
This patch implements the firewall support in Eucalyptus driver. It's tested against eucalyptus-2.0.3.
Note the implementation supports the older definition of EC2 security group (http://docs.amazonwebservices.com/AWSEC2/2009-07-15/APIReference/index.html?ApiReference-query-AuthorizeSecurityGroupIngress.html
).
[PATCH 2/2] firewall implementation for eucalyptus driver
Posted by sa...@eucalyptus.com.
From: Sang-Min Park <sp...@eucalyptus.com>
---
.../drivers/eucalyptus/eucalyptus_driver.rb | 38 +++++++++++++++++++-
1 files changed, 37 insertions(+), 1 deletions(-)
diff --git a/server/lib/deltacloud/drivers/eucalyptus/eucalyptus_driver.rb b/server/lib/deltacloud/drivers/eucalyptus/eucalyptus_driver.rb
index 4413f6b..ec93e87 100644
--- a/server/lib/deltacloud/drivers/eucalyptus/eucalyptus_driver.rb
+++ b/server/lib/deltacloud/drivers/eucalyptus/eucalyptus_driver.rb
@@ -22,7 +22,7 @@ module Deltacloud
class EucalyptusDriver < EC2::EC2Driver
def supported_collections
- DEFAULT_COLLECTIONS + [ :keys, :buckets, :addresses ]
+ DEFAULT_COLLECTIONS + [ :keys, :buckets, :addresses, :firewalls ]
end
feature :instances, :user_data
@@ -122,6 +122,42 @@ module Deltacloud
"Loadbalancer not supported in Eucalyptus", "")
end
+ # override EC2 implementation; Eucalyptus implements the older definition of EC2 security group;
+ # http://docs.amazonwebservices.com/AWSEC2/2009-07-15/APIReference/index.html?ApiReference-query-AuthorizeSecurityGroupIngress.html
+ # if the rule specifies a source group, port&protocol will be ignored. And source group and cidr range can't be mixed in a request
+ def create_firewall_rule(credentials, opts={})
+ # only either source groups or cidr IP range can be given, not both;
+ if !(opts['groups'].nil?) && opts['groups'].length>0
+ ec2 = new_client(credentials)
+ opts['groups'].each do |group,owner|
+ safely do
+ ec2.authorize_security_group_named_ingress(opts['id'], owner, group)
+ end
+ end
+ elsif !(opts['addresses'].nil?) && opts['addresses'].length>0
+ ec2 = new_client(credentials)
+ opts['addresses'].each do |ip|
+ ec2.authorize_security_group_IP_ingress(opts['id'], opts['from_port'], opts['to_port'], opts['protocol'], ip)
+ end
+ end
+ end
+
+ def delete_firewall_rule(credentials, opts={})
+ ec2 = new_client(credentials)
+ firewall = opts[:id]
+ protocol, from_port, to_port, addresses, groups = firewall_rule_params(opts[:rule_id])
+ unless groups.nil?
+ groups.each_index do |i|
+ ec2.revoke_security_group_named_ingress(firewall, groups[i]['owner'], groups[i]['group_name'])
+ end
+ end
+ unless addresses.nil?
+ addresses.each do |ip|
+ ec2.revoke_security_group_IP_ingress(firewall, from_port, to_port, protocol, ip )
+ end
+ end
+ end
+
def new_client(credentials, type = :ec2)
klass = case type
when :ec2 then Aws::Ec2
--
1.7.4.1
Re: [PATCH 2/2] firewall implementation for eucalyptus driver
Posted by "marios@redhat.com" <ma...@redhat.com>.
ACK - I don't have a euca setup to test but visual inspection of the
code seems sane - if you're happy it works fine then go ahead and commit
- please remove the extraneous trailing whitespace before you do so (as
per ACK on patch 1/2)
marios
On 10/07/11 20:30, sang-min.park@eucalyptus.com wrote:
> This patch implements the firewall support in Eucalyptus driver. It's tested against eucalyptus-2.0.3.
> Note the implementation supports the older definition of EC2 security group (http://docs.amazonwebservices.com/AWSEC2/2009-07-15/APIReference/index.html?ApiReference-query-AuthorizeSecurityGroupIngress.html
> ).