From d1b6ebb4009e13ac2cf2309275a66a634e4f9171 Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Sat, 11 Jun 2011 16:42:58 -0400
Subject: Add ability to list ip blocks.

---
 nova/api/ec2/admin.py | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'nova/api')

diff --git a/nova/api/ec2/admin.py b/nova/api/ec2/admin.py
index fcf7f674c..37ae2e648 100644
--- a/nova/api/ec2/admin.py
+++ b/nova/api/ec2/admin.py
@@ -369,3 +369,11 @@ class AdminController(object):
             raise exception.ApiError(_('Duplicate rule'))
         self.compute_api.trigger_provider_fw_rules_refresh(context)
         return {'status': 'OK', 'message': 'Added %s rules' % rules_added}
+
+    def describe_external_address_blocks(self, context):
+        blocks = db.provider_fw_rule_get_all(context)
+        # NOTE(todd): use a set since we have icmp/udp/tcp rules with same cidr
+        blocks = set([b.cidr for b in blocks])
+        blocks = [{'cidr': b} for b in blocks]
+        return {'externalIpBlockInfo':
+                list(sorted(blocks, key=lambda k: k['cidr']))}
-- 
cgit 


From ed3914eafa7d076fdcc03ee958f77528bcf20603 Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Sat, 11 Jun 2011 18:03:45 -0400
Subject: Add a method to delete provider firewall rules.

---
 nova/api/ec2/admin.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'nova/api')

diff --git a/nova/api/ec2/admin.py b/nova/api/ec2/admin.py
index 37ae2e648..da982d8dc 100644
--- a/nova/api/ec2/admin.py
+++ b/nova/api/ec2/admin.py
@@ -377,3 +377,15 @@ class AdminController(object):
         blocks = [{'cidr': b} for b in blocks]
         return {'externalIpBlockInfo':
                 list(sorted(blocks, key=lambda k: k['cidr']))}
+
+    def remove_external_address_block(self, context, cidr):
+        LOG.audit(_('Removing ip block from %s'), cidr, context=context)
+        cidr = urllib.unquote(cidr).decode()
+        # raise if invalid
+        IPy.IP(cidr)
+        rules = db.provider_fw_rule_get_all_by_cidr(context, cidr)
+        for rule in rules:
+            db.provider_fw_rule_destroy(context, rule['id'])
+        if rules:
+            self.compute_api.trigger_provider_fw_rules_refresh(context)
+        return {'status': 'OK', 'message': 'Deleted %s rules' % len(rules)}
-- 
cgit 


From 9a6e9a1af9359fb4a9261f59f57113f252f0d6e9 Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Thu, 23 Jun 2011 14:45:37 -0400
Subject: Make firewall rules tests idempotent, move IPy=>netaddr, add deltete
 test.

---
 nova/api/ec2/admin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'nova/api')

diff --git a/nova/api/ec2/admin.py b/nova/api/ec2/admin.py
index b8fc8f114..df7876b9d 100644
--- a/nova/api/ec2/admin.py
+++ b/nova/api/ec2/admin.py
@@ -382,7 +382,7 @@ class AdminController(object):
         LOG.audit(_('Removing ip block from %s'), cidr, context=context)
         cidr = urllib.unquote(cidr).decode()
         # raise if invalid
-        IPy.IP(cidr)
+        netaddr.IPNetwork(cidr)
         rules = db.provider_fw_rule_get_all_by_cidr(context, cidr)
         for rule in rules:
             db.provider_fw_rule_destroy(context, rule['id'])
-- 
cgit