[
https://issues.apache.org/jira/browse/LIBCLOUD-332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13668219#comment-13668219
]
sebastien goasguen commented on LIBCLOUD-332:
---------------------------------------------
Hi, find below a basic fix for this. I am aware that there are no tests for
this, I only tested it with a production cloud.
I am interested by your code convention and how you prefer to deal with
optional arguments. Note that optional arguments do not have a default value.
Let me know:
>From 372346b849a8c7e712fdd2243c38bfab5269da4c Mon Sep 17 00:00:00 2001
From: Sebastien Goasguen <[email protected]>
Date: Tue, 28 May 2013 06:09:26 -0400
Subject: [PATCH] LIBCLOUD-332: Proposed fix for SG in CloudStack driver
---
libcloud/compute/drivers/cloudstack.py | 82 ++++++++++++++++++++++++++++++++++
1 file changed, 82 insertions(+)
diff --git libcloud/compute/drivers/cloudstack.py
libcloud/compute/drivers/cloudstack.py
index e2c85dd..855e618 100644
--- libcloud/compute/drivers/cloudstack.py
+++ libcloud/compute/drivers/cloudstack.py
@@ -463,6 +463,88 @@ class CloudStackNodeDriver(CloudStackDriverMixIn,
NodeDriver):
self._async_request('deleteIpForwardingRule', id=rule.id)
return True
+ def ex_list_security_groups(self, **kwargs):
+ """
+ Lists Security Groups
+ Optional parameters:
+ Parameters
+ ==========
+ domainid = (uuid) list only resources belonging to the domain
specified
+ account = (string) list resources by account. Must be used with
the domainId parameter.
+ listall = (boolean) If set to false, list only resources
belonging to the command's caller; if set to true - list resources that the
caller is authorized to see. Default value is false
+ pagesize = (integer)
+ keyword = (string) List by keyword
+ tags = (map) List resources by tags (key/value pairs)
+ id = (uuid) list the security group by the id provided
+ securitygroupname = (string) lists security groups by name
+ virtualmachineid = (uuid) lists security groups by virtual
machine id
+ projectid = (uuid) list objects by project
+ isrecursive = (boolean) defaults to false, but if true, lists
all resources from the parent specified by the domainId till leaves.
+ page = (integer)
+ """
+
+ extra_args = kwargs
+
+ return self._sync_request('listSecurityGroups',**extra_args)
+
+ def ex_create_security_group(self, name, **kwargs):
+ """
+ Creates a new Security Group
+ Parameters
+ ==========
+ account = (string) an optional account for the security group.
Must be used with domainId.
+ domainid = (uuid) an optional domainId for the security group.
If the account parameter is used, domainId must also be used.
+ name = (string) name of the security group
+ description = (string) the description of the security group
+ projectid = (uuid) Deploy vm for the project
+ """
+
+ extra_args = {}
+ for key in kwargs.keys():
+ extra_args[key] = kwargs.pop(key)
+
+ 'Check that the security group name does not already exists'
+ list_sg = self.ex_list_security_groups()
+ for sg in list_sg['securitygroup']:
+ if name in sg['name']:
+ raise LibcloudError('This Security Group name already exists.')
+
+ return self._sync_request('createSecurityGroup',name=name,**extra_args)
+
+ def
ex_authorize_security_group_ingress(self,securitygroupname,protocol,cidrlist,startport,endport=None):
+ """
+ Creates a new Security Group Ingress rule
+ Parameters
+ ==========
+ domainid = (uuid) an optional domainId for the security group.
If the account parameter is used, domainId must also be used.
+ startport = (integer) start port for this ingress rule
+ securitygroupid = (uuid) The ID of the security group. Mutually
exclusive with securityGroupName parameter
+ cidrlist = (list) the cidr list associated
+ usersecuritygrouplist = (map) user to security group mapping
+ securitygroupname = (string) The name of the security group.
Mutually exclusive with securityGroupName parameter
+ account = (string) an optional account for the security group.
Must be used with domainId.
+ icmpcode = (integer) error code for this icmp message
+ protocol = (string) TCP is default. UDP is the other supported
protocol
+ icmptype = (integer) type of the icmp message being sent
+ projectid = (uuid) an optional project of the security group
+ endport = (integer) end port for this ingress rule
+ """
+
+ protocol = protocol.upper()
+ if protocol not in ('TCP', 'ICMP'):
+ raise LibcloudError('Only TCP and ICMP are allowed')
+
+ args = {
+ 'securitygroupname': securitygroupname,
+ 'protocol': protocol,
+ 'startport': int(startport),
+ 'cidrlist': cidrlist
+ }
+ if endport is None:
+ args['endport'] = int(startport)
+
+ return self._async_request('authorizeSecurityGroupIngress', **args)
+
def ex_register_iso(self, name, url, location=None, **kwargs):
"""
Registers an existing ISO by URL.
--
1.8.1.3
> CloudStack driver does not deal with security groups
> ----------------------------------------------------
>
> Key: LIBCLOUD-332
> URL: https://issues.apache.org/jira/browse/LIBCLOUD-332
> Project: Libcloud
> Issue Type: Bug
> Components: Compute
> Affects Versions: 0.12.3
> Environment: trunk
> Reporter: sebastien goasguen
>
> There are no extension functions to deal with security groups in the
> CloudStack driver.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
