renamed priv method arg_to_dict since it's not just used for revoke. modified to conform to latest AWS EC2 API spec for authorize & revoke ingress params using the IpPermissions data structure, which nests lists of CIDR blocks (IpRanges) as well as lists of Group data

author: John Tran <jtran@attinteractive.com> 2011-07-15 22:56:16 +0000
committer: John Tran <jtran@attinteractive.com> 2011-07-15 22:56:16 +0000
commit: 7498fa608def9613552cf0e26dcb03fddf7b298d (patch)
tree: 07a9e7dc437c87c8f0890c0de5448384504bb347 /nova/api
parent: 3a11738f517999ed1fd3a2c0a7ca452c7191b50f (diff)
1 files changed, 69 insertions, 14 deletions
diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py
index acfd1361c..5c0c79429 100644
--- a/nova/api/ec2/cloud.py
+++ b/nova/api/ec2/cloud.py
@@ -441,7 +441,52 @@ class CloudController(object):
             g['ipPermissions'] += [r]
         return g
 
-    def _revoke_rule_args_to_dict(self, context, to_port=None, from_port=None,
+    def _rule_args_to_dict(self, context, kwargs):
+        rules = []
+        if not kwargs.has_key('groups') and not kwargs.has_key('ip_ranges'):
+            rule = self._rule_dict_last_step(context, **kwargs)
+            if rule:
+                rules.append(rule)
+            return rules
+        if kwargs.has_key('ip_ranges'):
+            rules = self._cidr_args_split(kwargs)
+        finalset = []
+        for rule in rules:
+            if rule.has_key('groups'):
+                groups_values = self._groups_args_split(rule)
+                for groups_value in groups_values:
+                    finalset.append(groups_value)
+            else:
+                if rule:
+                    finalset.append(rule)
+        return finalset
+
+    def _cidr_args_split(self, kwargs):
+        cidr_args_split= []
+        cidrs = kwargs['ip_ranges']
+        for key, cidr in cidrs.iteritems():
+            mykwargs = kwargs.copy()
+            del mykwargs['ip_ranges']
+            mykwargs['cidr_ip'] = cidr['cidr_ip']
+            cidr_args_split.append(mykwargs)
+        return cidr_args_split
+
+    def _groups_args_split(self, kwargs):
+        groups_args_split= []
+        groups = kwargs['groups']
+        for key, group in groups.iteritems():
+            mykwargs = kwargs.copy()
+            del mykwargs['groups']
+            if group.has_key('group_name'):
+                mykwargs['source_security_group_name'] = group['group_name']
+            if group.has_key('user_id'):
+                mykwargs['source_security_group_owner_id'] = group['user_id']
+            if group.has_key('group_id'):
+                mykwargs['source_security_group_id'] = group['group_id']
+            groups_args_split.append(mykwargs)
+        return groups_args_split
+
+    def _rule_dict_last_step(self, context, to_port=None, from_port=None,
                                   ip_protocol=None, cidr_ip=None, user_id=None,
                                   source_security_group_name=None,
                                   source_security_group_owner_id=None):
@@ -526,7 +571,7 @@ class CloudController(object):
         msg = "Revoke security group ingress %s"
         LOG.audit(_(msg), security_group['name'], context=context)
 
-        criteria = self._revoke_rule_args_to_dict(context, **kwargs)
+        criteria = self._rule_args_to_dict(context, kwargs)[0]
         if criteria is None:
             raise exception.ApiError(_("Not enough parameters to build a "
                                        "valid rule."))
@@ -567,21 +612,31 @@ class CloudController(object):
 
         msg = "Authorize security group ingress %s"
         LOG.audit(_(msg), security_group['name'], context=context)
-        values = self._revoke_rule_args_to_dict(context, **kwargs)
-        if values is None:
-            raise exception.ApiError(_("Not enough parameters to build a "
-                                       "valid rule."))
-        values['parent_group_id'] = security_group.id
-
-        if self._security_group_rule_exists(security_group, values):
-            raise exception.ApiError(_('This rule already exists in group %s')
-                                     % group_name)
-
-        security_group_rule = db.security_group_rule_create(context, values)
+        prevalues = []
+        try:
+            prevalues = kwargs['ip_permissions']
+        except KeyError:
+            prevalues.append(kwargs)
+        postvalues = []
+        for values in prevalues:
+            rulesvalues = self._rule_args_to_dict(context, values)
+            if not rulesvalues:
+                raise exception.ApiError(_("%s Not enough parameters to build a "
+                                           "valid rule." % rulesvalues))
+            for values_for_rule in rulesvalues:
+                values_for_rule['parent_group_id'] = security_group.id
+                if self._security_group_rule_exists(security_group, values_for_rule):
+                    raise exception.ApiError(_('%s - This rule already exists in group %s')
+                                                % (values_for_rule, group_name))
+                postvalues.append(values_for_rule)
+
+        for values_for_rule in postvalues:
+            security_group_rule = db.security_group_rule_create(context, values_for_rule)
 
         self.compute_api.trigger_security_group_rules_refresh(context,
-                                      security_group_id=security_group['id'])
+                                  security_group_id=security_group['id'])
 
+        group = db.security_group_get_by_name(context, context.project_id, security_group['name'])
         return True
 
     def _get_source_project_id(self, context, source_security_group_owner_id):
author	John Tran <jtran@attinteractive.com>	2011-07-15 22:56:16 +0000
committer	John Tran <jtran@attinteractive.com>	2011-07-15 22:56:16 +0000
commit	7498fa608def9613552cf0e26dcb03fddf7b298d (patch)
tree	07a9e7dc437c87c8f0890c0de5448384504bb347 /nova/api
parent	3a11738f517999ed1fd3a2c0a7ca452c7191b50f (diff)