From 8c7ff1c17f33ee636c00925d152b8fb8e8272bba Mon Sep 17 00:00:00 2001
From: Sebastien Goasguen <runseb@gmail.com>
Date: Sun, 23 Jun 2013 23:51:15 -0400
Subject: [PATCH] LIBCLOUD-347: add egress rules and revoke ingress/egress

---
 libcloud/compute/drivers/cloudstack.py | 111 ++++++++++++++++++++++++++++++---
 1 file changed, 102 insertions(+), 9 deletions(-)

diff --git a/libcloud/compute/drivers/cloudstack.py b/libcloud/compute/drivers/cloudstack.py
index 74799c6..340e0c8 100644
--- a/libcloud/compute/drivers/cloudstack.py
+++ b/libcloud/compute/drivers/cloudstack.py
@@ -740,7 +740,7 @@ class CloudStackNodeDriver(CloudStackDriverMixIn, NodeDriver):
 
     def ex_authorize_security_group_ingress(self, securitygroupname,
                                             protocol, cidrlist, startport,
-                                            endport=None):
+                                            endport=None, **kwargs):
         """
         Creates a new Security Group Ingress rule
 
@@ -790,21 +790,114 @@ class CloudStackNodeDriver(CloudStackDriverMixIn, NodeDriver):
         @rtype: C{list}
         """
 
+        extra_args = kwargs.copy()
+
         protocol = protocol.upper()
         if protocol not in ('TCP', 'ICMP'):
             raise LibcloudError('Only TCP and ICMP are allowed')
 
-        args = {
-            'securitygroupname': securitygroupname,
-            'protocol': protocol,
-            'startport': int(startport),
-            'cidrlist': cidrlist
-        }
         if endport is None:
-            args['endport'] = int(startport)
+            endport = int(startport)
+        else:
+            endport = int(endport)
 
         return self._async_request('authorizeSecurityGroupIngress',
-                                   **args)['securitygroup']
+                                   securitygroupname = securitygroupname,
+                                   protocol = protocol,
+                                   startport = int(startport),
+                                   endport = endport,
+                                   cidrlist = cidrlist,
+                                   **extra_args)['securitygroup']
+
+    def ex_revoke_security_group_ingress(self, id):
+        """
+        Revoke Security Group Ingress rule
+
+        @param id: The id of the ingress rule
+        @type  id: C{uuid}
+
+        @return:   True or False based on success of ingress rule deletion
+        @rtype:    C{bool}
+        """
+
+        return self._async_request('revokeSecurityGroupIngress', id=id)['success']
+
+    def ex_authorize_security_group_egress(self, securitygroupname,
+                                            protocol, cidrlist, startport,
+                                            endport=None, **kwargs):
+        """
+        Authorize Security Group Egress rule
+
+        @param account: An optional account for the security group. Must be used with domainId.
+        @type  account: C{str}
+
+        @param securitygroupname: The name of the security group. Mutually exclusive with securityGroupName parameter
+        @type  securitygroupname: C{str}
+
+        @param domainid: An optional domainId for the security group. If the account parameter is used, domainId must also be used.
+        @type  domainid: C{uuid}
+
+        @param icmpcode: Error code for this icmp message
+        @type  icmpcode: C{int}
+
+        @param securitygroupid: The ID of the security group. Mutually exclusive with securityGroupName parameter
+        @type  securitygroupid: C{uuid}
+
+        @param icmptype : Type of the icmp message being sent
+        @type  icmptype: C{int}
+
+        @param protocol: TCP is default. UDP is the other supported protocol
+        @type  protocol: C{str}
+
+        @param projectid: An optional project of the security group
+        @type  projectid: C{uuid}
+
+        @param endport: End port for this egress rule
+        @type  endport: C{int}
+
+        @param usersecuritygrouplist: User to security group mapping
+        @type  usersecuritygrouplist: C{list}
+
+        @param startport: Start port for this egress rule
+        @type  startport: C{int}
+
+        @param cidrlist: The cidr list associated
+        @type  cidrlist: C{list}
+
+        @rtype
+        """
+
+        extra_args = kwargs.copy()
+
+        protocol = protocol.upper()
+        if protocol not in ('TCP', 'ICMP'):
+            raise LibcloudError('Only TCP and ICMP are allowed')
+
+        if endport is None:
+            endport = int(startport)
+        else:
+            endport = int(endport)
+
+        return self._async_request('authorizeSecurityGroupEgress',
+                                   securitygroupname = securitygroupname,
+                                   protocol = protocol,
+                                   startport = int(startport),
+                                   endport = endport,
+                                   cidrlist = cidrlist,
+                                   **extra_args)['securitygroup']
+
+    def ex_revoke_security_group_egress(self, id):
+        """
+        Revoke Security Group Egress rule
+
+        @param id: The id of the egree rule
+        @type  id: C{uuid}
+
+        @return:   True or False based on success of egress rule deletion
+        @rtype:    C{bool}
+        """
+
+        return self._async_request('revokeSecurityGroupEgress', id=id)['success']
 
     def ex_register_iso(self, name, url, location=None, **kwargs):
         """
-- 
1.8.2.3