From 4ef8f35577ced445cf813bd06afcd89f1067ac84 Mon Sep 17 00:00:00 2001
From: Nick Bailey <nickmbailey@gmail.com>
Date: Mon, 20 Aug 2012 09:30:46 -0400
Subject: [PATCH] Add security group functionality.

---
 libcloud/compute/drivers/ec2.py |   59 +++++++++++++++++++++++++++++++++++++++
 1 files changed, 59 insertions(+), 0 deletions(-)

diff --git a/libcloud/compute/drivers/ec2.py b/libcloud/compute/drivers/ec2.py
index 27354c2..27a4ea3 100644
--- a/libcloud/compute/drivers/ec2.py
+++ b/libcloud/compute/drivers/ec2.py
@@ -668,6 +668,24 @@ class EC2NodeDriver(NodeDriver):
             'keyName': key_name
         }
 
+    def ex_list_security_groups(self):
+        """List existing Security Groups
+
+        @note: This is a non-standard extension API, and only works for EC2.
+
+        @rtype: C{list} of C{str}
+        """
+        params = {'Action': 'DescribeSecurityGroups'}
+        response = self.connection.request(self.path, params=params).object
+
+        groups = []
+        for group in findall(element=response, xpath='securityGroupInfo/item',
+                             namespace=NAMESPACE):
+            name = findtext(element=group, xpath='groupName',
+                            namespace=NAMESPACE)
+            groups.append(name)
+        return groups
+
     def ex_create_security_group(self, name, description):
         """Creates a new Security Group
 
@@ -688,6 +706,47 @@ class EC2NodeDriver(NodeDriver):
                   'GroupDescription': description}
         return self.connection.request(self.path, params=params).object
 
+    def ex_authorize_security_group(self, name, from_port, to_port, cidr_ip, protocol="tcp"):
+        """
+        Edit a Security Group to allow specific traffic.
+
+        @note: This is a non-standard extension API, and only works for EC2.
+
+        @param      name: The name of the security group to edit
+        @type       name: C{str}
+
+        @param      from_port: The beginning of the port range to open
+        @type       from_port: C{str}
+
+        @param      end_port: The end of the port range to open
+        @type       end_port: C{str}
+
+        @param      cidr_ip: The ip to allow traffic for.
+        @type       cidr_ip: C{str}
+
+        @param      protocol: tcp/udp/icmp
+        @type       protocol: C{str}
+
+        @rtype: C{list} of C{str}
+        """
+
+        results = []
+        params = {'Action': 'AuthorizeSecurityGroupIngress',
+                  'GroupName': name,
+                  'IpProtocol': protocol,
+                  'FromPort': str(from_port),
+                  'ToPort': str(to_port),
+                  'CidrIp': cidr_ip}
+        try:
+            results.append(
+                self.connection.request(self.path, params=params.copy()).object
+            )
+        except Exception:
+            e = sys.exc_info()[1]
+            if e.args[0].find("InvalidPermission.Duplicate") == -1:
+                raise e
+        return results
+
     def ex_authorize_security_group_permissive(self, name):
         """
         Edit a Security Group to allow all traffic.
-- 
1.7.5.4