Hi, find below a basic fix for this. I am aware that there are no tests for this, I only tested it with a production cloud.
I am interested by your code convention and how you prefer to deal with optional arguments. Note that optional arguments do not have a default value. Let me know:

From 372346b849a8c7e712fdd2243c38bfab5269da4c Mon Sep 17 00:00:00 2001
From: Sebastien Goasguen <runseb@gmail.com>
Date: Tue, 28 May 2013 06:09:26 -0400
Subject: [PATCH] LIBCLOUD-332: Proposed fix for SG in CloudStack driver

—
libcloud/compute/drivers/cloudstack.py | 82 ++++++++++++++++++++++++++++++++++
1 file changed, 82 insertions

diff --git libcloud/compute/drivers/cloudstack.py libcloud/compute/drivers/cloudstack.py
index e2c85dd..855e618 100644
— libcloud/compute/drivers/cloudstack.py
+++ libcloud/compute/drivers/cloudstack.py
@@ -463,6 +463,88 @@ class CloudStackNodeDriver(CloudStackDriverMixIn, NodeDriver):
self._async_request('deleteIpForwardingRule', id=rule.id)
return True

+ def ex_list_security_groups(self, **kwargs):
+ """
+ Lists Security Groups
+ Optional parameters:
+ Parameters
+ ==========
+ domainid = (uuid) list only resources belonging to the domain specified
+ account = (string) list resources by account. Must be used with the domainId parameter.
+ listall = (boolean) If set to false, list only resources belonging to the command's caller; if set to true - list resources that the caller is authorized to see. Default value is false
+ pagesize = (integer)
+ keyword = (string) List by keyword
+ tags = (map) List resources by tags (key/value pairs)
+ id = (uuid) list the security group by the id provided
+ securitygroupname = (string) lists security groups by name
+ virtualmachineid = (uuid) lists security groups by virtual machine id
+ projectid = (uuid) list objects by project
+ isrecursive = (boolean) defaults to false, but if true, lists all resources from the parent specified by the domainId till leaves.
+ page = (integer)
+ """
+
+ extra_args = kwargs
+
+ return self._sync_request('listSecurityGroups',**extra_args)
+
+ def ex_create_security_group(self, name, **kwargs):
+ """
+ Creates a new Security Group
+ Parameters
+ ==========
+ account = (string) an optional account for the security group. Must be used with domainId.
+ domainid = (uuid) an optional domainId for the security group. If the account parameter is used, domainId must also be used.
+ name = (string) name of the security group
+ description = (string) the description of the security group
+ projectid = (uuid) Deploy vm for the project
+ """
+
+ extra_args = {}
+ for key in kwargs.keys():
+ extra_args[key] = kwargs.pop(key)
+
+ 'Check that the security group name does not already exists'
+ list_sg = self.ex_list_security_groups()
+ for sg in list_sg['securitygroup']:
+ if name in sg['name']:
+ raise LibcloudError('This Security Group name already exists.')
+
+ return self._sync_request('createSecurityGroup',name=name,**extra_args)
+
+ def ex_authorize_security_group_ingress(self,securitygroupname,protocol,cidrlist,startport,endport=None):
+ """
+ Creates a new Security Group Ingress rule
+ Parameters
+ ==========
+ domainid = (uuid) an optional domainId for the security group. If the account parameter is used, domainId must also be used.
+ startport = (integer) start port for this ingress rule
+ securitygroupid = (uuid) The ID of the security group. Mutually exclusive with securityGroupName parameter
+ cidrlist = (list) the cidr list associated
+ usersecuritygrouplist = (map) user to security group mapping
+ securitygroupname = (string) The name of the security group. Mutually exclusive with securityGroupName parameter
+ account = (string) an optional account for the security group. Must be used with domainId.
+ icmpcode = (integer) error code for this icmp message
+ protocol = (string) TCP is default. UDP is the other supported protocol
+ icmptype = (integer) type of the icmp message being sent
+ projectid = (uuid) an optional project of the security group
+ endport = (integer) end port for this ingress rule
+ """
+
+ protocol = protocol.upper()
+ if protocol not in ('TCP', 'ICMP'):
+ raise LibcloudError('Only TCP and ICMP are allowed')
+
+ args =

+ if endport is None:
+ args['endport'] = int(startport)
+
+ return self._async_request('authorizeSecurityGroupIngress', **args)
+
def ex_register_iso(self, name, url, location=None, **kwargs):
"""
Registers an existing ISO by URL.
–
1.8.1.3

sebastien goasguen For conventions and style guide please have a look at http://libcloud.apache.org/contributing.html. Information on how to format docstrings is at http://libcloud.apache.org/docstring-conventions.html.

Also please attach a patch file to the ticket instead of directly pasting the code in the description.

sebastien goasguen ping, I would love have this thing address and this patch merged

Hi, yes sorry I got side tracked. Hopefully I will work on this tomorrow.

Ok patch attached, might conflict with the patch for 333. The 333 patch fixes some pep8 issues of the existing driver.

Commit 1490082 from Tomaz Muraus
[ https://svn.apache.org/r1490082 ]

Add extension methods for managing security groups to the CloudStack
driver.

Contributed by sebastien goasgue, part of LIBCLOUD-332.