Uploaded image for project: 'Libcloud'
  1. Libcloud
  2. LIBCLOUD-332

CloudStack driver does not deal with security groups

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.12.3
    • Fix Version/s: 0.13.0
    • Component/s: Compute
    • Labels:
      None
    • Environment:

      trunk

      Description

      There are no extension functions to deal with security groups in the CloudStack driver.

      1. acs332.patch
        7 kB
        sebastien goasguen

        Activity

        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 1490082 from Tomaz Muraus
        [ https://svn.apache.org/r1490082 ]

        Add extension methods for managing security groups to the CloudStack
        driver.

        Contributed by sebastien goasgue, part of LIBCLOUD-332.

        Show
        jira-bot ASF subversion and git services added a comment - Commit 1490082 from Tomaz Muraus [ https://svn.apache.org/r1490082 ] Add extension methods for managing security groups to the CloudStack driver. Contributed by sebastien goasgue, part of LIBCLOUD-332 .
        Hide
        sebgoa sebastien goasguen added a comment -

        Ok patch attached, might conflict with the patch for 333. The 333 patch fixes some pep8 issues of the existing driver.

        Show
        sebgoa sebastien goasguen added a comment - Ok patch attached, might conflict with the patch for 333. The 333 patch fixes some pep8 issues of the existing driver.
        Hide
        sebgoa sebastien goasguen added a comment -

        Hi, yes sorry I got side tracked. Hopefully I will work on this tomorrow.

        Show
        sebgoa sebastien goasguen added a comment - Hi, yes sorry I got side tracked. Hopefully I will work on this tomorrow.
        Hide
        kami Tomaz Muraus added a comment -

        sebastien goasguen ping, I would love have this thing address and this patch merged

        Show
        kami Tomaz Muraus added a comment - sebastien goasguen ping, I would love have this thing address and this patch merged
        Hide
        kami Tomaz Muraus added a comment -

        sebastien goasguen For conventions and style guide please have a look at http://libcloud.apache.org/contributing.html. Information on how to format docstrings is at http://libcloud.apache.org/docstring-conventions.html.

        Also please attach a patch file to the ticket instead of directly pasting the code in the description.

        Show
        kami Tomaz Muraus added a comment - sebastien goasguen For conventions and style guide please have a look at http://libcloud.apache.org/contributing.html . Information on how to format docstrings is at http://libcloud.apache.org/docstring-conventions.html . Also please attach a patch file to the ticket instead of directly pasting the code in the description.
        Hide
        sebgoa sebastien goasguen added a comment -

        Hi, find below a basic fix for this. I am aware that there are no tests for this, I only tested it with a production cloud.
        I am interested by your code convention and how you prefer to deal with optional arguments. Note that optional arguments do not have a default value. Let me know:

        From 372346b849a8c7e712fdd2243c38bfab5269da4c Mon Sep 17 00:00:00 2001
        From: Sebastien Goasguen <runseb@gmail.com>
        Date: Tue, 28 May 2013 06:09:26 -0400
        Subject: [PATCH] LIBCLOUD-332: Proposed fix for SG in CloudStack driver


        libcloud/compute/drivers/cloudstack.py | 82 ++++++++++++++++++++++++++++++++++
        1 file changed, 82 insertions

        diff --git libcloud/compute/drivers/cloudstack.py libcloud/compute/drivers/cloudstack.py
        index e2c85dd..855e618 100644
        — libcloud/compute/drivers/cloudstack.py
        +++ libcloud/compute/drivers/cloudstack.py
        @@ -463,6 +463,88 @@ class CloudStackNodeDriver(CloudStackDriverMixIn, NodeDriver):
        self._async_request('deleteIpForwardingRule', id=rule.id)
        return True

        + def ex_list_security_groups(self, **kwargs):
        + """
        + Lists Security Groups
        + Optional parameters:
        + Parameters
        + ==========
        + domainid = (uuid) list only resources belonging to the domain specified
        + account = (string) list resources by account. Must be used with the domainId parameter.
        + listall = (boolean) If set to false, list only resources belonging to the command's caller; if set to true - list resources that the caller is authorized to see. Default value is false
        + pagesize = (integer)
        + keyword = (string) List by keyword
        + tags = (map) List resources by tags (key/value pairs)
        + id = (uuid) list the security group by the id provided
        + securitygroupname = (string) lists security groups by name
        + virtualmachineid = (uuid) lists security groups by virtual machine id
        + projectid = (uuid) list objects by project
        + isrecursive = (boolean) defaults to false, but if true, lists all resources from the parent specified by the domainId till leaves.
        + page = (integer)
        + """
        +
        + extra_args = kwargs
        +
        + return self._sync_request('listSecurityGroups',**extra_args)
        +
        + def ex_create_security_group(self, name, **kwargs):
        + """
        + Creates a new Security Group
        + Parameters
        + ==========
        + account = (string) an optional account for the security group. Must be used with domainId.
        + domainid = (uuid) an optional domainId for the security group. If the account parameter is used, domainId must also be used.
        + name = (string) name of the security group
        + description = (string) the description of the security group
        + projectid = (uuid) Deploy vm for the project
        + """
        +
        + extra_args = {}
        + for key in kwargs.keys():
        + extra_args[key] = kwargs.pop(key)
        +
        + 'Check that the security group name does not already exists'
        + list_sg = self.ex_list_security_groups()
        + for sg in list_sg['securitygroup']:
        + if name in sg['name']:
        + raise LibcloudError('This Security Group name already exists.')
        +
        + return self._sync_request('createSecurityGroup',name=name,**extra_args)
        +
        + def ex_authorize_security_group_ingress(self,securitygroupname,protocol,cidrlist,startport,endport=None):
        + """
        + Creates a new Security Group Ingress rule
        + Parameters
        + ==========
        + domainid = (uuid) an optional domainId for the security group. If the account parameter is used, domainId must also be used.
        + startport = (integer) start port for this ingress rule
        + securitygroupid = (uuid) The ID of the security group. Mutually exclusive with securityGroupName parameter
        + cidrlist = (list) the cidr list associated
        + usersecuritygrouplist = (map) user to security group mapping
        + securitygroupname = (string) The name of the security group. Mutually exclusive with securityGroupName parameter
        + account = (string) an optional account for the security group. Must be used with domainId.
        + icmpcode = (integer) error code for this icmp message
        + protocol = (string) TCP is default. UDP is the other supported protocol
        + icmptype = (integer) type of the icmp message being sent
        + projectid = (uuid) an optional project of the security group
        + endport = (integer) end port for this ingress rule
        + """
        +
        + protocol = protocol.upper()
        + if protocol not in ('TCP', 'ICMP'):
        + raise LibcloudError('Only TCP and ICMP are allowed')
        +
        + args =

        { + 'securitygroupname': securitygroupname, + 'protocol': protocol, + 'startport': int(startport), + 'cidrlist': cidrlist + }

        + if endport is None:
        + args['endport'] = int(startport)
        +
        + return self._async_request('authorizeSecurityGroupIngress', **args)
        +
        def ex_register_iso(self, name, url, location=None, **kwargs):
        """
        Registers an existing ISO by URL.

        1.8.1.3

        Show
        sebgoa sebastien goasguen added a comment - Hi, find below a basic fix for this. I am aware that there are no tests for this, I only tested it with a production cloud. I am interested by your code convention and how you prefer to deal with optional arguments. Note that optional arguments do not have a default value. Let me know: From 372346b849a8c7e712fdd2243c38bfab5269da4c Mon Sep 17 00:00:00 2001 From: Sebastien Goasguen <runseb@gmail.com> Date: Tue, 28 May 2013 06:09:26 -0400 Subject: [PATCH] LIBCLOUD-332 : Proposed fix for SG in CloudStack driver — libcloud/compute/drivers/cloudstack.py | 82 ++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions diff --git libcloud/compute/drivers/cloudstack.py libcloud/compute/drivers/cloudstack.py index e2c85dd..855e618 100644 — libcloud/compute/drivers/cloudstack.py +++ libcloud/compute/drivers/cloudstack.py @@ -463,6 +463,88 @@ class CloudStackNodeDriver(CloudStackDriverMixIn, NodeDriver): self._async_request('deleteIpForwardingRule', id=rule.id) return True + def ex_list_security_groups(self, **kwargs): + """ + Lists Security Groups + Optional parameters: + Parameters + ========== + domainid = (uuid) list only resources belonging to the domain specified + account = (string) list resources by account. Must be used with the domainId parameter. + listall = (boolean) If set to false, list only resources belonging to the command's caller; if set to true - list resources that the caller is authorized to see. Default value is false + pagesize = (integer) + keyword = (string) List by keyword + tags = (map) List resources by tags (key/value pairs) + id = (uuid) list the security group by the id provided + securitygroupname = (string) lists security groups by name + virtualmachineid = (uuid) lists security groups by virtual machine id + projectid = (uuid) list objects by project + isrecursive = (boolean) defaults to false, but if true, lists all resources from the parent specified by the domainId till leaves. + page = (integer) + """ + + extra_args = kwargs + + return self._sync_request('listSecurityGroups',**extra_args) + + def ex_create_security_group(self, name, **kwargs): + """ + Creates a new Security Group + Parameters + ========== + account = (string) an optional account for the security group. Must be used with domainId. + domainid = (uuid) an optional domainId for the security group. If the account parameter is used, domainId must also be used. + name = (string) name of the security group + description = (string) the description of the security group + projectid = (uuid) Deploy vm for the project + """ + + extra_args = {} + for key in kwargs.keys(): + extra_args [key] = kwargs.pop(key) + + 'Check that the security group name does not already exists' + list_sg = self.ex_list_security_groups() + for sg in list_sg ['securitygroup'] : + if name in sg ['name'] : + raise LibcloudError('This Security Group name already exists.') + + return self._sync_request('createSecurityGroup',name=name,**extra_args) + + def ex_authorize_security_group_ingress(self,securitygroupname,protocol,cidrlist,startport,endport=None): + """ + Creates a new Security Group Ingress rule + Parameters + ========== + domainid = (uuid) an optional domainId for the security group. If the account parameter is used, domainId must also be used. + startport = (integer) start port for this ingress rule + securitygroupid = (uuid) The ID of the security group. Mutually exclusive with securityGroupName parameter + cidrlist = (list) the cidr list associated + usersecuritygrouplist = (map) user to security group mapping + securitygroupname = (string) The name of the security group. Mutually exclusive with securityGroupName parameter + account = (string) an optional account for the security group. Must be used with domainId. + icmpcode = (integer) error code for this icmp message + protocol = (string) TCP is default. UDP is the other supported protocol + icmptype = (integer) type of the icmp message being sent + projectid = (uuid) an optional project of the security group + endport = (integer) end port for this ingress rule + """ + + protocol = protocol.upper() + if protocol not in ('TCP', 'ICMP'): + raise LibcloudError('Only TCP and ICMP are allowed') + + args = { + 'securitygroupname': securitygroupname, + 'protocol': protocol, + 'startport': int(startport), + 'cidrlist': cidrlist + } + if endport is None: + args ['endport'] = int(startport) + + return self._async_request('authorizeSecurityGroupIngress', **args) + def ex_register_iso(self, name, url, location=None, **kwargs): """ Registers an existing ISO by URL. – 1.8.1.3

          People

          • Assignee:
            Unassigned
            Reporter:
            sebgoa sebastien goasguen
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development