[EC2 Query API] RevokeSecurityGroupIngress fails with 'EC2ResponseError'. https://reviews.apache.org/r/8466/
[EC2 Query API] Provide DescribeKeyPairs Query API support in CS AWSAPI. https://reviews.apache.org/r/8465/ Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/bea669d0 Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/bea669d0 Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/bea669d0 Branch: refs/heads/master Commit: bea669d0913207743d08dd2e56767fe716ea6e80 Parents: 6a6d93c Author: Likitha Shetty <[email protected]> Authored: Wed Jan 16 17:39:02 2013 -0800 Committer: Prachi Damle <[email protected]> Committed: Thu Jan 31 12:00:25 2013 -0800 ---------------------------------------------------------------------- .../com/cloud/bridge/service/EC2RestServlet.java | 95 +++++++++------ .../cloud/bridge/service/core/ec2/EC2Engine.java | 93 +++++++------- .../service/core/ec2/EC2KeyPairFilterSet.java | 6 +- 3 files changed, 106 insertions(+), 88 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/bea669d0/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java ---------------------------------------------------------------------- diff --git a/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java b/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java index 4f74873..f5b7cba 100644 --- a/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java +++ b/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java @@ -676,48 +676,65 @@ public class EC2RestServlet extends HttpServlet { String[] groupName = request.getParameterValues( "GroupName" ); if ( null != groupName && 0 < groupName.length ) EC2request.setName( groupName[0] ); - else { response.sendError(530, "Missing GroupName parameter" ); return; } + else { response.sendError(530, "Missing GroupName parameter" ); return; } - EC2IpPermission perm = new EC2IpPermission(); + // -> not clear how many parameters there are until we fail to get IpPermissions.n.IpProtocol + int nCount = 1, mCount; + do { + EC2IpPermission perm = new EC2IpPermission(); - String[] protocol = request.getParameterValues( "IpProtocol" ); - if ( null != protocol && 0 < protocol.length ) - perm.setProtocol( protocol[0] ); - else { response.sendError(530, "Missing IpProtocol parameter" ); return; } + String[] protocol = request.getParameterValues( "IpPermissions." + nCount + ".IpProtocol" ); + if ( null != protocol && 0 < protocol.length ) + perm.setProtocol( protocol[0]); + else break; - String[] fromPort = request.getParameterValues( "FromPort" ); - if ( null != fromPort && 0 < fromPort.length ) - perm.setProtocol( fromPort[0] ); - else { response.sendError(530, "Missing FromPort parameter" ); return; } + String[] fromPort = request.getParameterValues( "IpPermissions." + nCount + ".FromPort" ); + if ( null != fromPort && 0 < fromPort.length) + perm.setFromPort( Integer.parseInt( fromPort[0])); - String[] toPort = request.getParameterValues( "ToPort" ); - if ( null != toPort && 0 < toPort.length ) - perm.setProtocol( toPort[0] ); - else { response.sendError(530, "Missing ToPort parameter" ); return; } - - String[] ranges = request.getParameterValues( "CidrIp" ); - if ( null != ranges && 0 < ranges.length) - perm.addIpRange( ranges[0] ); - else { response.sendError(530, "Missing CidrIp parameter" ); return; } - - String[] user = request.getParameterValues( "SourceSecurityGroupOwnerId" ); - if ( null == user || 0 == user.length) { - response.sendError(530, "Missing SourceSecurityGroupOwnerId parameter" ); - return; - } - - String[] name = request.getParameterValues( "SourceSecurityGroupName" ); - if ( null == name || 0 == name.length) { - response.sendError(530, "Missing SourceSecurityGroupName parameter" ); - return; - } + String[] toPort = request.getParameterValues( "IpPermissions." + nCount + ".ToPort" ); + if ( null != toPort && 0 < toPort.length) + perm.setToPort( Integer.parseInt( toPort[0])); + + // -> list: IpPermissions.n.IpRanges.m.CidrIp + mCount = 1; + do { + String[] ranges = request.getParameterValues( "IpPermissions." + nCount + ".IpRanges." + mCount + ".CidrIp" ); + if ( null != ranges && 0 < ranges.length) + perm.addIpRange( ranges[0]); + else break; + mCount++; + } while( true ); + + // -> list: IpPermissions.n.Groups.m.UserId and IpPermissions.n.Groups.m.GroupName + mCount = 1; + do { + EC2SecurityGroup group = new EC2SecurityGroup(); + + String[] user = request.getParameterValues( "IpPermissions." + nCount + ".Groups." + mCount + ".UserId" ); + if ( null != user && 0 < user.length) + group.setAccount( user[0]); + else break; + + String[] name = request.getParameterValues( "IpPermissions." + nCount + ".Groups." + mCount + ".GroupName" ); + if ( null != name && 0 < name.length) + group.setName( name[0]); + else break; + + perm.addUser( group); + mCount++; + } while( true ); + + // -> multiple IP permissions can be specified per group name + EC2request.addIpPermission( perm); + nCount++; + } while( true ); + + if (1 == nCount) { + response.sendError(530, "At least one IpPermissions required" ); + return; + } - EC2SecurityGroup group = new EC2SecurityGroup(); - group.setAccount( user[0] ); - group.setName( name[0] ); - perm.addUser( group ); - EC2request.addIpPermission( perm ); - // -> execute the request RevokeSecurityGroupIngressResponse EC2response = EC2SoapServiceImpl.toRevokeSecurityGroupIngressResponse( ServiceProvider.getInstance().getEC2Engine().revokeSecurityGroup( EC2request )); @@ -732,7 +749,7 @@ public class EC2RestServlet extends HttpServlet { String[] groupName = request.getParameterValues( "GroupName" ); if ( null != groupName && 0 < groupName.length ) EC2request.setName( groupName[0] ); - else { response.sendError(530, "Missing GroupName parameter" ); return; } + else { response.sendError(530, "Missing GroupName parameter" ); return; } // -> not clear how many parameters there are until we fail to get IpPermissions.n.IpProtocol int nCount = 1; @@ -754,7 +771,7 @@ public class EC2RestServlet extends HttpServlet { int mCount = 1; do { String[] ranges = request.getParameterValues( "IpPermissions." + nCount + ".IpRanges." + mCount + ".CidrIp" ); - if ( null != ranges && 0 < ranges.length) + if ( null != ranges && 0 < ranges.length) perm.addIpRange( ranges[0] ); else break; mCount++; http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/bea669d0/awsapi/src/com/cloud/bridge/service/core/ec2/EC2Engine.java ---------------------------------------------------------------------- diff --git a/awsapi/src/com/cloud/bridge/service/core/ec2/EC2Engine.java b/awsapi/src/com/cloud/bridge/service/core/ec2/EC2Engine.java index eb25249..cd187a4 100644 --- a/awsapi/src/com/cloud/bridge/service/core/ec2/EC2Engine.java +++ b/awsapi/src/com/cloud/bridge/service/core/ec2/EC2Engine.java @@ -709,58 +709,27 @@ public class EC2Engine { throw new EC2ServiceException(ServerError.InternalError, e.getMessage()); } } + /** - * Lists SSH KeyPairs on the systme + * Lists SSH KeyPairs on the system * * @param request * @return */ public EC2DescribeKeyPairsResponse describeKeyPairs( EC2DescribeKeyPairs request ) { - try { - EC2KeyPairFilterSet filterSet = request.getKeyFilterSet(); - String[] keyNames = request.getKeyNames(); - List<CloudStackKeyPair> keyPairs = getApi().listSSHKeyPairs(null, null, null); - List<EC2SSHKeyPair> keyPairsList = new ArrayList<EC2SSHKeyPair>(); - - if (keyPairs != null) { - // Let's trim the list of keypairs to only the ones listed in keyNames - List<CloudStackKeyPair> matchedKeyPairs = new ArrayList<CloudStackKeyPair>(); - if (keyNames != null && keyNames.length > 0) { - for (CloudStackKeyPair keyPair : keyPairs) { - boolean matched = false; - for (String keyName : keyNames) { - if (keyPair.getName().equalsIgnoreCase(keyName)) { - matched = true; - break; - } - } - if (matched) { - matchedKeyPairs.add(keyPair); - } - } - if (matchedKeyPairs.isEmpty()) { - throw new EC2ServiceException(ServerError.InternalError, "No matching keypairs found"); - } - }else{ - matchedKeyPairs = keyPairs; - } - - - // this should be reworked... converting from CloudStackKeyPairResponse to EC2SSHKeyPair is dumb - for (CloudStackKeyPair respKeyPair: matchedKeyPairs) { - EC2SSHKeyPair ec2KeyPair = new EC2SSHKeyPair(); - ec2KeyPair.setFingerprint(respKeyPair.getFingerprint()); - ec2KeyPair.setKeyName(respKeyPair.getName()); - ec2KeyPair.setPrivateKey(respKeyPair.getPrivatekey()); - keyPairsList.add(ec2KeyPair); - } - } - return filterSet.evaluate(keyPairsList); - } catch(Exception e) { - logger.error("EC2 DescribeKeyPairs - ", e); - throw new EC2ServiceException(ServerError.InternalError, e.getMessage()); - } - } + try { + EC2DescribeKeyPairsResponse response = listKeyPairs(request.getKeyNames()); + EC2KeyPairFilterSet kfs = request.getKeyFilterSet(); + + if (kfs == null) + return response; + else + return kfs.evaluate(response); + } catch(Exception e) { + logger.error("EC2 DescribeKeyPairs - ", e); + throw new EC2ServiceException(ServerError.InternalError, e.getMessage()); + } + } /** * Delete SSHKeyPair @@ -2075,6 +2044,38 @@ public class EC2Engine { } } + private EC2DescribeKeyPairsResponse listKeyPairs( String[] keyNames ) throws Exception { + try { + EC2DescribeKeyPairsResponse keyPairSet = new EC2DescribeKeyPairsResponse(); + + List<CloudStackKeyPair> keyPairs = getApi().listSSHKeyPairs(null, null, null); + if (keyPairs != null && keyPairs.size() > 0) { + for (CloudStackKeyPair keyPair : keyPairs) { + boolean matched = false; + if (keyNames.length > 0) { + for (String keyName : keyNames) { + if (keyName.equalsIgnoreCase(keyPair.getName())) { + matched = true; + break; + } + } + } else matched = true; + if (!matched) continue; + EC2SSHKeyPair ec2KeyPair = new EC2SSHKeyPair(); + ec2KeyPair.setFingerprint(keyPair.getFingerprint()); + ec2KeyPair.setKeyName(keyPair.getName()); + ec2KeyPair.setPrivateKey(keyPair.getPrivatekey()); + + keyPairSet.addKeyPair(ec2KeyPair); + } + } + return keyPairSet; + } catch(Exception e) { + logger.error( "List Keypairs - ", e); + throw new EC2ServiceException(ServerError.InternalError, e.getMessage()); + } + } + /** * Convert ingress rule to EC2IpPermission records * http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/bea669d0/awsapi/src/com/cloud/bridge/service/core/ec2/EC2KeyPairFilterSet.java ---------------------------------------------------------------------- diff --git a/awsapi/src/com/cloud/bridge/service/core/ec2/EC2KeyPairFilterSet.java b/awsapi/src/com/cloud/bridge/service/core/ec2/EC2KeyPairFilterSet.java index 021487c..2ad005b 100644 --- a/awsapi/src/com/cloud/bridge/service/core/ec2/EC2KeyPairFilterSet.java +++ b/awsapi/src/com/cloud/bridge/service/core/ec2/EC2KeyPairFilterSet.java @@ -62,14 +62,14 @@ public class EC2KeyPairFilterSet { } - public EC2DescribeKeyPairsResponse evaluate( List<EC2SSHKeyPair> sampleList) throws ParseException { + public EC2DescribeKeyPairsResponse evaluate( EC2DescribeKeyPairsResponse response ) throws ParseException { EC2DescribeKeyPairsResponse resultList = new EC2DescribeKeyPairsResponse(); boolean matched; - EC2SSHKeyPair[] keypairSet = sampleList.toArray(new EC2SSHKeyPair[0]); + EC2SSHKeyPair[] keyPairSet = response.getKeyPairSet(); EC2Filter[] filterSet = getFilterSet(); - for (EC2SSHKeyPair keyPair : keypairSet) { + for (EC2SSHKeyPair keyPair : keyPairSet) { matched = true; for (EC2Filter filter : filterSet) { if (!filterMatched(keyPair, filter)) {
