On Mon, 2011-05-30 at 17:33 +0300, [email protected] wrote: > second revision of firewalls including suggestions by Michal: > > * moves create/destroy firewall rules to firewall collection block (rabbit) > * renames Firewall_Rule to FirewallRule > > Also, this version tidies up the json support for firewalls (and also > blobs). I copy/paste notes from original message here for convenience > (amended for the above changes):
Excellent. Great stuff. > ======================================================================= > > * XML looks like: > [snip] > * OPERATIONS: implemented GET/POST/DELETE [list, create, destroy] for > firewalls (both html and xml interfaces), GET/POST/DELETE for firewall rules. > You can also use curl rather than html interface if you prefer: > [snip] This needs to go into the docs, i.e. as a new collection on the page http://incubator.apache.org/deltacloud/api.html (note: make sure you edit stuff in site/content, not site/output) > * Firewall rule ids... amazon doesn't have any notion of an 'id' for a > single firewall rule, rather each firewall rule is identified by its > constituent parts (protocol, from&to ports, and sources [groups and > ipaddress ranges]). In order to allow for a > 'delete /api/firewalls/:firewall/:rule' type operation I use > Base64.encode to encode a unique UID for each rule using 'aws_owner_id > protocol from_port to_port sources' - but this results in rather ugly > looking uids... discussion/suggestions welcome, How about taking a hash (md5, sha1 or whatnot) of the base64 string, and using only the first 8 or 16 chars of that hash ? It would require that delete_firewall_rule loops over all the rules in a security group to find the one being talked about. Another way to shorten the id would be to not do base64 encoding, and encode the constituent parts more directly into the id, e.g. using PROTO:FROM_PORT:TO_PORT@group1@group2!iprange1!iprange2 or similar. David
