OLD | NEW |
1 # Copyright (c) 2006,2007 Mitch Garnaat http://garnaat.org/ | 1 # Copyright (c) 2006-2011 Mitch Garnaat http://garnaat.org/ |
| 2 # Copyright (c) 2011, Eucalyptus Systems, Inc. |
2 # | 3 # |
3 # Permission is hereby granted, free of charge, to any person obtaining a | 4 # Permission is hereby granted, free of charge, to any person obtaining a |
4 # copy of this software and associated documentation files (the | 5 # copy of this software and associated documentation files (the |
5 # "Software"), to deal in the Software without restriction, including | 6 # "Software"), to deal in the Software without restriction, including |
6 # without limitation the rights to use, copy, modify, merge, publish, dis- | 7 # without limitation the rights to use, copy, modify, merge, publish, dis- |
7 # tribute, sublicense, and/or sell copies of the Software, and to permit | 8 # tribute, sublicense, and/or sell copies of the Software, and to permit |
8 # persons to whom the Software is furnished to do so, subject to the fol- | 9 # persons to whom the Software is furnished to do so, subject to the fol- |
9 # lowing conditions: | 10 # lowing conditions: |
10 # | 11 # |
11 # The above copyright notice and this permission notice shall be included | 12 # The above copyright notice and this permission notice shall be included |
12 # in all copies or substantial portions of the Software. | 13 # in all copies or substantial portions of the Software. |
13 # | 14 # |
14 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS | 15 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
15 # OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL- | 16 # OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL- |
16 # ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT | 17 # ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT |
17 # SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, | 18 # SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, |
18 # WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | 19 # WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
19 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS | 20 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS |
20 # IN THE SOFTWARE. | 21 # IN THE SOFTWARE. |
21 | 22 |
22 """ | 23 """ |
23 Represents an EC2 Security Group | 24 Represents an EC2 Security Group |
24 """ | 25 """ |
25 from boto.ec2.ec2object import EC2Object | 26 from boto.ec2.ec2object import TaggedEC2Object |
26 from boto.exception import BotoClientError | 27 from boto.exception import BotoClientError |
27 | 28 |
28 class SecurityGroup(EC2Object): | 29 class SecurityGroup(TaggedEC2Object): |
29 | 30 |
30 def __init__(self, connection=None, owner_id=None, | 31 def __init__(self, connection=None, owner_id=None, |
31 name=None, description=None): | 32 name=None, description=None, id=None): |
32 EC2Object.__init__(self, connection) | 33 TaggedEC2Object.__init__(self, connection) |
| 34 self.id = id |
33 self.owner_id = owner_id | 35 self.owner_id = owner_id |
34 self.name = name | 36 self.name = name |
35 self.description = description | 37 self.description = description |
36 self.rules = [] | 38 self.vpc_id = None |
| 39 self.rules = IPPermissionsList() |
| 40 self.rules_egress = IPPermissionsList() |
37 | 41 |
38 def __repr__(self): | 42 def __repr__(self): |
39 return 'SecurityGroup:%s' % self.name | 43 return 'SecurityGroup:%s' % self.name |
40 | 44 |
41 def startElement(self, name, attrs, connection): | 45 def startElement(self, name, attrs, connection): |
42 if name == 'item': | 46 retval = TaggedEC2Object.startElement(self, name, attrs, connection) |
43 self.rules.append(IPPermissions(self)) | 47 if retval is not None: |
44 return self.rules[-1] | 48 return retval |
| 49 if name == 'ipPermissions': |
| 50 return self.rules |
| 51 elif name == 'ipPermissionsEgress': |
| 52 return self.rules_egress |
45 else: | 53 else: |
46 return None | 54 return None |
47 | 55 |
48 def endElement(self, name, value, connection): | 56 def endElement(self, name, value, connection): |
49 if name == 'ownerId': | 57 if name == 'ownerId': |
50 self.owner_id = value | 58 self.owner_id = value |
| 59 elif name == 'groupId': |
| 60 self.id = value |
51 elif name == 'groupName': | 61 elif name == 'groupName': |
52 self.name = value | 62 self.name = value |
| 63 elif name == 'vpcId': |
| 64 self.vpc_id = value |
53 elif name == 'groupDescription': | 65 elif name == 'groupDescription': |
54 self.description = value | 66 self.description = value |
55 elif name == 'ipRanges': | 67 elif name == 'ipRanges': |
56 pass | 68 pass |
57 elif name == 'return': | 69 elif name == 'return': |
58 if value == 'false': | 70 if value == 'false': |
59 self.status = False | 71 self.status = False |
60 elif value == 'true': | 72 elif value == 'true': |
61 self.status = True | 73 self.status = True |
62 else: | 74 else: |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
121 | 133 |
122 :type ip_protocol: string | 134 :type ip_protocol: string |
123 :param ip_protocol: Either tcp | udp | icmp | 135 :param ip_protocol: Either tcp | udp | icmp |
124 | 136 |
125 :type from_port: int | 137 :type from_port: int |
126 :param from_port: The beginning port number you are enabling | 138 :param from_port: The beginning port number you are enabling |
127 | 139 |
128 :type to_port: int | 140 :type to_port: int |
129 :param to_port: The ending port number you are enabling | 141 :param to_port: The ending port number you are enabling |
130 | 142 |
131 :type to_port: string | 143 :type cidr_ip: string |
132 :param to_port: The CIDR block you are providing access to. | 144 :param cidr_ip: The CIDR block you are providing access to. |
133 See http://en.wikipedia.org/wiki/Classless_Inter-Domain_
Routing | 145 See http://en.wikipedia.org/wiki/Classless_Inter-Domain_
Routing |
134 | 146 |
135 :type src_group: :class:`boto.ec2.securitygroup.SecurityGroup` or | 147 :type src_group: :class:`boto.ec2.securitygroup.SecurityGroup` or |
136 :class:`boto.ec2.securitygroup.GroupOrCIDR` | 148 :class:`boto.ec2.securitygroup.GroupOrCIDR` |
| 149 :param src_group: The Security Group you are granting access to. |
137 | 150 |
138 :rtype: bool | 151 :rtype: bool |
139 :return: True if successful. | 152 :return: True if successful. |
140 """ | 153 """ |
141 if src_group: | 154 if src_group: |
142 cidr_ip = None | 155 cidr_ip = None |
143 src_group_name = src_group.name | 156 src_group_name = src_group.name |
144 src_group_owner_id = src_group.owner_id | 157 src_group_owner_id = src_group.owner_id |
145 else: | 158 else: |
146 src_group_name = None | 159 src_group_name = None |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
196 :return: The new security group. | 209 :return: The new security group. |
197 """ | 210 """ |
198 if region.name == self.region: | 211 if region.name == self.region: |
199 raise BotoClientError('Unable to copy to the same Region') | 212 raise BotoClientError('Unable to copy to the same Region') |
200 conn_params = self.connection.get_params() | 213 conn_params = self.connection.get_params() |
201 rconn = region.connect(**conn_params) | 214 rconn = region.connect(**conn_params) |
202 sg = rconn.create_security_group(name or self.name, self.description) | 215 sg = rconn.create_security_group(name or self.name, self.description) |
203 source_groups = [] | 216 source_groups = [] |
204 for rule in self.rules: | 217 for rule in self.rules: |
205 grant = rule.grants[0] | 218 grant = rule.grants[0] |
206 if grant.name: | 219 for grant in rule.grants: |
207 if grant.name not in source_groups: | 220 if grant.name: |
208 source_groups.append(grant.name) | 221 if grant.name not in source_groups: |
209 sg.authorize(None, None, None, None, grant) | 222 source_groups.append(grant.name) |
210 else: | 223 sg.authorize(None, None, None, None, grant) |
211 sg.authorize(rule.ip_protocol, rule.from_port, rule.to_port, | 224 else: |
212 grant.cidr_ip) | 225 sg.authorize(rule.ip_protocol, rule.from_port, rule.to_port, |
| 226 grant.cidr_ip) |
213 return sg | 227 return sg |
214 | 228 |
215 def instances(self): | 229 def instances(self): |
| 230 """ |
| 231 Find all of the current instances that are running within this |
| 232 security group. |
| 233 |
| 234 :rtype: list of :class:`boto.ec2.instance.Instance` |
| 235 :return: A list of Instance objects |
| 236 """ |
| 237 # It would be more efficient to do this with filters now |
| 238 # but not all services that implement EC2 API support filters. |
216 instances = [] | 239 instances = [] |
217 rs = self.connection.get_all_instances() | 240 rs = self.connection.get_all_instances() |
218 for reservation in rs: | 241 for reservation in rs: |
219 uses_group = [g.id for g in reservation.groups if g.id == self.name] | 242 uses_group = [g.name for g in reservation.groups if g.name == self.n
ame] |
220 if uses_group: | 243 if uses_group: |
221 instances.extend(reservation.instances) | 244 instances.extend(reservation.instances) |
222 return instances | 245 return instances |
223 | 246 |
224 class IPPermissions: | 247 class IPPermissionsList(list): |
| 248 |
| 249 def startElement(self, name, attrs, connection): |
| 250 if name == 'item': |
| 251 self.append(IPPermissions(self)) |
| 252 return self[-1] |
| 253 return None |
| 254 |
| 255 def endElement(self, name, value, connection): |
| 256 pass |
| 257 |
| 258 class IPPermissions(object): |
225 | 259 |
226 def __init__(self, parent=None): | 260 def __init__(self, parent=None): |
227 self.parent = parent | 261 self.parent = parent |
228 self.ip_protocol = None | 262 self.ip_protocol = None |
229 self.from_port = None | 263 self.from_port = None |
230 self.to_port = None | 264 self.to_port = None |
231 self.grants = [] | 265 self.grants = [] |
232 | 266 |
233 def __repr__(self): | 267 def __repr__(self): |
234 return 'IPPermissions:%s(%s-%s)' % (self.ip_protocol, | 268 return 'IPPermissions:%s(%s-%s)' % (self.ip_protocol, |
(...skipping 16 matching lines...) Expand all Loading... |
251 setattr(self, name, value) | 285 setattr(self, name, value) |
252 | 286 |
253 def add_grant(self, name=None, owner_id=None, cidr_ip=None): | 287 def add_grant(self, name=None, owner_id=None, cidr_ip=None): |
254 grant = GroupOrCIDR(self) | 288 grant = GroupOrCIDR(self) |
255 grant.owner_id = owner_id | 289 grant.owner_id = owner_id |
256 grant.name = name | 290 grant.name = name |
257 grant.cidr_ip = cidr_ip | 291 grant.cidr_ip = cidr_ip |
258 self.grants.append(grant) | 292 self.grants.append(grant) |
259 return grant | 293 return grant |
260 | 294 |
261 class GroupOrCIDR: | 295 class GroupOrCIDR(object): |
262 | 296 |
263 def __init__(self, parent=None): | 297 def __init__(self, parent=None): |
264 self.owner_id = None | 298 self.owner_id = None |
265 self.name = None | 299 self.name = None |
266 self.cidr_ip = None | 300 self.cidr_ip = None |
267 | 301 |
268 def __repr__(self): | 302 def __repr__(self): |
269 if self.cidr_ip: | 303 if self.cidr_ip: |
270 return '%s' % self.cidr_ip | 304 return '%s' % self.cidr_ip |
271 else: | 305 else: |
272 return '%s-%s' % (self.name, self.owner_id) | 306 return '%s-%s' % (self.name, self.owner_id) |
273 | 307 |
274 def startElement(self, name, attrs, connection): | 308 def startElement(self, name, attrs, connection): |
275 return None | 309 return None |
276 | 310 |
277 def endElement(self, name, value, connection): | 311 def endElement(self, name, value, connection): |
278 if name == 'userId': | 312 if name == 'userId': |
279 self.owner_id = value | 313 self.owner_id = value |
280 elif name == 'groupName': | 314 elif name == 'groupName': |
281 self.name = value | 315 self.name = value |
282 if name == 'cidrIp': | 316 if name == 'cidrIp': |
283 self.cidr_ip = value | 317 self.cidr_ip = value |
284 else: | 318 else: |
285 setattr(self, name, value) | 319 setattr(self, name, value) |
286 | 320 |
OLD | NEW |