Renamed security groups to firewall

cloudbridge/cloud/interfaces/resources.py

@@ -1761,7 +1761,7 @@ class VMFirewallRuleContainer(PageableObjectMixin):
             fw.rules.create(TrafficDirection.OUTBOUND, src_dest_fw=fw)
 
         You need to pass in either ``src_dest_fw`` OR ``protocol`` AND
-        ``from_port``, ``to_port``, ``cidr_ip``. In other words, either
+        ``from_port``, ``to_port``, ``cidr``. In other words, either
         you are authorizing another group or you are authorizing some
         IP-based rule.
 

cloudbridge/cloud/providers/azure/azure_client.py

@@ -139,36 +139,36 @@ class AzureClient(object):
         return self.subscription_client.subscriptions. \
             list_locations(self.subscription_id)
 
-    def list_security_group(self):
+    def list_vm_firewall(self):
         return self.network_management_client.network_security_groups. \
             list(self.resource_group)
 
-    def create_security_group(self, name, parameters):
+    def create_vm_firewall(self, name, parameters):
         return self.network_management_client.network_security_groups. \
             create_or_update(self.resource_group, name,
                              parameters).result()
 
-    def update_security_group_tags(self, name, tags):
+    def update_vm_firewall_tags(self, name, tags):
         return self.network_management_client.network_security_groups. \
             create_or_update(self.resource_group, name,
                              {'tags': tags,
                               'location': self.region_name}).result()
 
-    def create_security_group_rule(self, security_group,
-                                   rule_name, parameters):
+    def create_vm_firewall_rule(self, vm_firewall,
+                                rule_name, parameters):
         return self.network_management_client.security_rules. \
-            create_or_update(self.resource_group, security_group,
+            create_or_update(self.resource_group, vm_firewall,
                              rule_name, parameters).result()
 
-    def delete_security_group_rule(self, name, security_group):
+    def delete_vm_firewall_rule(self, name, vm_firewall):
         return self.network_management_client.security_rules. \
-            delete(self.resource_group, security_group, name).result()
+            delete(self.resource_group, vm_firewall, name).result()
 
-    def get_security_group(self, name):
+    def get_vm_firewall(self, name):
         return self.network_management_client.network_security_groups. \
             get(self.resource_group, name)
 
-    def delete_security_group(self, name):
+    def delete_vm_firewall(self, name):
         delete_async = self.network_management_client \
             .network_security_groups. \
             delete(self.resource_group, name)

cloudbridge/cloud/providers/azure/helpers.py

@@ -3,7 +3,7 @@ from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric import rsa
 
 
-def filter(list_items, filters):
+def filter_by_tag(list_items, filters):
     """
     This function filter items on the tags
     :param list_items:
@@ -35,12 +35,12 @@ def parse_url(template_url, original_url):
     original_url_parts = original_url.split('/')
     if len(template_url_parts) != len(original_url_parts):
         raise Exception('Invalid url parameter passed')
-    dict = {}
+    resource_param = {}
     for key, value in zip(template_url_parts, original_url_parts):
         if key.startswith('{') and key.endswith('}'):
-            dict.update({key[1:-1]: value})
+            resource_param.update({key[1:-1]: value})
 
-    return dict
+    return resource_param
 
 
 def gen_key_pair():

cloudbridge/cloud/providers/azure/resources.py

@@ -11,22 +11,22 @@ from azure.common import AzureException
 from azure.mgmt.network.models import NetworkSecurityGroup
 
 from cloudbridge.cloud.base.resources import BaseAttachmentInfo, \
-    BaseBucket, BaseBucketObject, BaseFloatingIP, \
-    BaseInstance, BaseInternetGateway, \
-    BaseKeyPair, BaseLaunchConfig, BaseMachineImage, BaseNetwork, \
-    BasePlacementZone, BaseRegion, BaseRouter, BaseSecurityGroup, \
-    BaseSecurityGroupRule, BaseSnapshot, BaseSubnet, \
-    BaseVMType, BaseVolume, ClientPagedResultList
+    BaseBucket, BaseBucketObject, BaseFloatingIP, BaseInstance, \
+    BaseInternetGateway, BaseKeyPair, BaseLaunchConfig, BaseMachineImage, \
+    BaseNetwork, BasePlacementZone, BaseRegion, BaseRouter, BaseSnapshot, \
+    BaseSubnet, BaseVMFirewall, BaseVMFirewallRule, BaseVMType, BaseVolume, \
+    ClientPagedResultList
 from cloudbridge.cloud.interfaces import InstanceState, VolumeState
 from cloudbridge.cloud.interfaces.resources import Instance, \
     MachineImageState, NetworkState, RouterState, \
     SnapshotState, SubnetState
-from cloudbridge.cloud.providers.azure import helpers as azure_helpers
 
 from msrestazure.azure_exceptions import CloudError
 
 import pysftp
 
+from . import helpers as azure_helpers
+
 log = logging.getLogger(__name__)
 
 NETWORK_INTERFACE_RESOURCE_ID = '/subscriptions/{subscriptionId}/' \
@@ -43,7 +43,7 @@ SUBNET_RESOURCE_ID = '/subscriptions/{subscriptionId}/resourceGroups/' \
 VOLUME_RESOURCE_ID = '/subscriptions/{subscriptionId}/resourceGroups/' \
                      '{resourceGroupName}/providers/Microsoft.Compute/' \
                      'disks/{diskName}'
-SECURITY_GROUP_RESOURCE_ID = '/subscriptions/{subscriptionId}/' \
+VM_FIREWALL_RESOURCE_ID = '/subscriptions/{subscriptionId}/' \
                              'resourceGroups/{resourceGroupName}/' \
                              'providers/Microsoft.Network/' \
                              'networkSecurityGroups/' \
@@ -64,16 +64,16 @@ PUBLIC_IP_NAME = 'publicIpAddressName'
 IMAGE_NAME = 'imageName'
 VM_NAME = 'vmName'
 VOLUME_NAME = 'diskName'
-SECURITY_GROUP_NAME = 'networkSecurityGroupName'
+VM_FIREWALL_NAME = 'networkSecurityGroupName'
 SNAPSHOT_NAME = 'snapshotName'
 
 
-class AzureSecurityGroup(BaseSecurityGroup):
-    def __init__(self, provider, security_group):
-        super(AzureSecurityGroup, self).__init__(provider, security_group)
-        self._security_group = security_group
-        if not self._security_group.tags:
-            self._security_group.tags = {}
+class AzureVMFirewall(BaseVMFirewall):
+    def __init__(self, provider, vm_firewall):
+        super(AzureVMFirewall, self).__init__(provider, vm_firewall)
+        self._vm_firewall = vm_firewall
+        if not self._vm_firewall.tags:
+            self._vm_firewall.tags = {}
 
     @property
     def network_id(self):
@@ -81,51 +81,51 @@ class AzureSecurityGroup(BaseSecurityGroup):
 
     @property
     def resource_id(self):
-        return self._security_group.id
+        return self._vm_firewall.id
 
     @property
     def id(self):
-        return self._security_group.name
+        return self._vm_firewall.name
 
     @property
     def name(self):
-        return self._security_group.tags.get('Name', self._security_group.name)
+        return self._vm_firewall.tags.get('Name', self._vm_firewall.name)
 
     @name.setter
     def name(self, value):
         self.assert_valid_resource_name(value)
-        self._security_group.tags.update(Name=value)
+        self._vm_firewall.tags.update(Name=value)
         self._provider.azure_client. \
-            update_security_group_tags(self.id,
-                                       self._security_group.tags)
+            update_vm_firewall_tags(self.id,
+                                    self._vm_firewall.tags)
 
     @property
     def description(self):
-        return self._security_group.tags.get('Description', None)
+        return self._vm_firewall.tags.get('Description', None)
 
     @description.setter
     def description(self, value):
-        self._security_group.tags.update(Description=value)
+        self._vm_firewall.tags.update(Description=value)
         self._provider.azure_client.\
-            update_security_group_tags(self.id,
-                                       self._security_group.tags)
+            update_vm_firewall_tags(self.id,
+                                    self._vm_firewall.tags)
 
     @property
     def rules(self):
         """
         The default rules are not returned, only custom rules.
         """
-        security_group_rules = []
-        for custom_rule in self._security_group.security_rules:
-            sg_custom_rule = AzureSecurityGroupRule(self._provider,
-                                                    custom_rule, self)
-            security_group_rules.append(sg_custom_rule)
-        return security_group_rules
+        vm_firewall_rules = []
+        for custom_rule in self._vm_firewall.security_rules:
+            fw_custom_rule = AzureVMFirewallRule(self._provider,
+                                                 custom_rule, self)
+            vm_firewall_rules.append(fw_custom_rule)
+        return vm_firewall_rules
 
     def delete(self):
         try:
             self._provider.azure_client.\
-                delete_security_group(self.id)
+                delete_vm_firewall(self.id)
             return True
         except CloudError as cloudError:
             log.exception(cloudError.message)
@@ -136,64 +136,38 @@ class AzureSecurityGroup(BaseSecurityGroup):
         Refreshes the security group with tags if required.
         """
         try:
-            self._security_group = self._provider.azure_client. \
-                get_security_group(self.id)
-            if not self._security_group.tags:
-                self._security_group.tags = {}
+            self._vm_firewall = self._provider.azure_client. \
+                get_vm_firewall(self.id)
+            if not self._vm_firewall.tags:
+                self._vm_firewall.tags = {}
         except (CloudError, ValueError) as cloudError:
             log.exception(cloudError.message)
             # The security group no longer exists and cannot be refreshed.
 
     def add_rule(self, ip_protocol=None, from_port=None, to_port=None,
-                 cidr_ip=None, src_group=None):
-        """
-        Create a security group rule.
-
-        You need to pass in either ``src_group`` OR ``ip_protocol``,
-        ``from_port``, ``to_port``, and ``cidr_ip``.  In other words, either
-        you are authorizing another group or you are authorizing some
-        ip-based rule.
-
-        :type ip_protocol: str
-        :param ip_protocol: Either ``tcp`` | ``udp`` | ``icmp``
-
-        :type from_port: int
-        :param from_port: The beginning port number you are enabling
-
-        :type to_port: int
-        :param to_port: The ending port number you are enabling
-
-        :type cidr_ip: str or list of strings
-        :param cidr_ip: The CIDR block you are providing access to.
-
-        :type src_group: ``object`` of :class:`.SecurityGroup`
-        :param src_group: The Security Group you are granting access to.
-
-        :rtype: :class:``.SecurityGroupRule``
-        :return: Rule object if successful or ``None``.
-        """
+                 cidr=None, src_dest_fw=None):
         if ip_protocol and from_port and to_port:
-            return self._create_rule(ip_protocol, from_port, to_port, cidr_ip)
-        elif src_group:
+            return self._create_rule(ip_protocol, from_port, to_port, cidr)
+        elif src_dest_fw:
             result = None
-            sg = (self._provider.security.security_groups.get(src_group)
-                  if isinstance(src_group, str) else src_group)
-            for rule in sg.rules:
+            fw = (self._provider.security.vm_firewalls.get(src_dest_fw)
+                  if isinstance(src_dest_fw, str) else src_dest_fw)
+            for rule in fw.rules:
                 result = self._create_rule(rule.ip_protocol, rule.from_port,
-                                           rule.to_port, rule.cidr_ip)
+                                           rule.to_port, rule.cidr)
             return result
         else:
             return None
 
-    def _create_rule(self, ip_protocol, from_port, to_port, cidr_ip):
+    def _create_rule(self, ip_protocol, from_port, to_port, cidr):
 
-        # If cidr_ip is None, default values is set as 0.0.0.0/0
-        if not cidr_ip:
-            cidr_ip = '0.0.0.0/0'
+        # If cidr is None, default values is set as 0.0.0.0/0
+        if not cidr:
+            cidr = '0.0.0.0/0'
 
-        # If the SG with same parameters exist already,
+        # If the fw with same parameters exist already,
         # then, it is returned instead of creating a new one.
-        rule = self.get_rule(ip_protocol, from_port, to_port, cidr_ip)
+        rule = self.get_rule(ip_protocol, from_port, to_port, cidr)
 
         if rule:
             return rule
@@ -210,23 +184,23 @@ class AzureSecurityGroup(BaseSecurityGroup):
                       "source_port_range": source_port_range,
                       "destination_port_range": destination_port_range,
                       "priority": priority,
-                      "source_address_prefix": cidr_ip,
+                      "source_address_prefix": cidr,
                       "destination_address_prefix":
                           destination_address_prefix,
                       "access": access, "direction": direction}
         result = self._provider.azure_client. \
-            create_security_group_rule(self.id,
-                                       rule_name, parameters)
-        self._security_group.security_rules.append(result)
-        return AzureSecurityGroupRule(self._provider, result, self)
+            create_vm_firewall_rule(self.id,
+                                    rule_name, parameters)
+        self._vm_firewall.security_rules.append(result)
+        return AzureVMFirewallRule(self._provider, result, self)
 
     def get_rule(self, ip_protocol=None, from_port=None, to_port=None,
-                 cidr_ip=None, src_group=None):
+                 cidr=None, src_dest_fw=None):
         for rule in self.rules:
             if (rule.ip_protocol == ip_protocol and
                 rule.from_port == str(from_port) and
                 rule.to_port == str(to_port) and
-                    rule.cidr_ip == cidr_ip):
+                    rule.cidr == cidr):
                 return rule
         return None
 
@@ -240,9 +214,9 @@ class AzureSecurityGroup(BaseSecurityGroup):
         return js
 
 
-class AzureSecurityGroupRule(BaseSecurityGroupRule):
+class AzureVMFirewallRule(BaseVMFirewallRule):
     def __init__(self, provider, rule, parent):
-        super(AzureSecurityGroupRule, self).__init__(provider, rule, parent)
+        super(AzureVMFirewallRule, self).__init__(provider, rule, parent)
 
     @property
     def id(self):
@@ -273,7 +247,7 @@ class AzureSecurityGroupRule(BaseSecurityGroupRule):
         return port_range_split[1]
 
     @property
-    def cidr_ip(self):
+    def cidr(self):
         return self._rule.source_address_prefix
 
     @property
@@ -288,12 +262,12 @@ class AzureSecurityGroupRule(BaseSecurityGroupRule):
         return json.dumps(js, sort_keys=True)
 
     def delete(self):
-        security_group = self.parent.name
+        vm_firewall = self.parent.name
         self._provider.azure_client. \
-            delete_security_group_rule(self.id, security_group)
-        for i, o in enumerate(self.parent._security_group.security_rules):
+            delete_vm_firewall_rule(self.id, vm_firewall)
+        for i, o in enumerate(self.parent._vm_firewall.security_rules):
             if o.name == self.name:
-                del self.parent._security_group.security_rules[i]
+                del self.parent._vm_firewall.security_rules[i]
                 break
 
 
@@ -1212,7 +1186,7 @@ class AzureInstance(BaseInstance):
         """
         self._private_ips = []
         self._public_ips = []
-        self._security_group_ids = []
+        self._vm_firewall_ids = []
         self._public_ip_ids = []
         self._nic_ids = []
         for nic in self._vm.network_profile.network_interfaces:
@@ -1222,11 +1196,11 @@ class AzureInstance(BaseInstance):
             self._nic_ids.append(nic_name)
             nic = self._provider.azure_client.get_nic(nic_name)
             if nic.network_security_group:
-                sg_params = azure_helpers. \
-                    parse_url(SECURITY_GROUP_RESOURCE_ID,
+                fw_params = azure_helpers. \
+                    parse_url(VM_FIREWALL_RESOURCE_ID,
                               nic.network_security_group.id)
-                self._security_group_ids.\
-                    append(sg_params.get(SECURITY_GROUP_NAME))
+                self._vm_firewall_ids.\
+                    append(fw_params.get(VM_FIREWALL_NAME))
             if nic.ip_configurations:
                 for ip_config in nic.ip_configurations:
                     self._private_ips.append(ip_config.private_ip_address)
@@ -1360,19 +1334,13 @@ class AzureInstance(BaseInstance):
         return self._vm.location
 
     @property
-    def security_groups(self):
-        """
-        Get the security groups associated with this instance.
-        """
-        return [self._provider.security.security_groups.get(group_id)
-                for group_id in self._security_group_ids]
+    def vm_firewalls(self):
+        return [self._provider.security.vm_firewalls.get(group_id)
+                for group_id in self._vm_firewall_ids]
 
     @property
-    def security_group_ids(self):
-        """
-        Get the security groups IDs associated with this instance.
-        """
-        return self._security_group_ids
+    def vm_firewall_ids(self):
+        return self._vm_firewall_ids
 
     @property
     def key_pair_name(self):
@@ -1473,9 +1441,9 @@ class AzureInstance(BaseInstance):
             log.exception(cloudError.message)
             return False
 
-    def add_security_group(self, sg):
+    def add_vm_firewall(self, fw):
         '''
-        :param sg:
+        :param fw:
         :return: None
 
         This method adds the security group to VM instance.
@@ -1485,33 +1453,33 @@ class AzureInstance(BaseInstance):
         if not associated any security group to NIC
         else replacing the existing security group.
         '''
-        sg = (self._provicer.security.security_groups.get(sg)
-              if isinstance(sg, str) else sg)
+        fw = (self._provicer.security.vm_firewalls.get(fw)
+              if isinstance(fw, str) else fw)
         nic = self._provider.azure_client.get_nic(self._nic_ids[0])
         if not nic.network_security_group:
             nic.network_security_group = NetworkSecurityGroup()
-            nic.network_security_group.id = sg.resource_id
+            nic.network_security_group.id = fw.resource_id
         else:
-            sg_url_params = azure_helpers.\
-                parse_url(SECURITY_GROUP_RESOURCE_ID,
+            fw_url_params = azure_helpers.\
+                parse_url(VM_FIREWALL_RESOURCE_ID,
                           nic.network_security_group.id)
-            existing_sg = self._provider.security.\
-                security_groups.get(sg_url_params.get(SECURITY_GROUP_NAME))
+            existing_fw = self._provider.security.\
+                vm_firewalls.get(fw_url_params.get(VM_FIREWALL_NAME))
 
-            new_sg = self._provider.security.security_groups.\
-                create('{0}-{1}'.format(sg.name, existing_sg.name),
+            new_fw = self._provider.security.vm_firewalls.\
+                create('{0}-{1}'.format(fw.name, existing_fw.name),
                        'Merged security groups {0} and {1}'.
-                       format(sg.name, existing_sg.name))
-            new_sg.add_rule(src_group=sg)
-            new_sg.add_rule(src_group=existing_sg)
-            nic.network_security_group.id = new_sg.resource_id
+                       format(fw.name, existing_fw.name))
+            new_fw.add_rule(src_dest_fw=fw)
+            new_fw.add_rule(src_dest_fw=existing_fw)
+            nic.network_security_group.id = new_fw.resource_id
 
         self._provider.azure_client.create_nic(self._nic_ids[0], nic)
 
-    def remove_security_group(self, sg):
+    def remove_vm_firewall(self, fw):
 
         '''
-        :param sg:
+        :param fw:
         :return: None
 
         This method removes the security group to VM instance.
@@ -1523,10 +1491,10 @@ class AzureInstance(BaseInstance):
         '''
 
         nic = self._provider.azure_client.get_nic(self._nic_ids[0])
-        sg = (self._provicer.security.security_groups.get(sg)
-              if isinstance(sg, str) else sg)
+        fw = (self._provicer.security.vm_firewalls.get(fw)
+              if isinstance(fw, str) else fw)
         if nic.network_security_group and \
-                nic.network_security_group.id == sg.resource_id:
+                nic.network_security_group.id == fw.resource_id:
             nic.network_security_group = None
             self._provider.azure_client.create_nic(self._nic_ids[0], nic)
 

cloudbridge/cloud/providers/azure/services.py

@@ -9,21 +9,21 @@ from cloudbridge.cloud.base.services import BaseBucketService, \
     BaseComputeService, BaseGatewayService, BaseImageService, \
     BaseInstanceService, BaseKeyPairService, BaseNetworkService, \
     BaseNetworkingService, BaseRegionService, BaseRouterService, \
-    BaseSecurityGroupService, BaseSecurityService, BaseSnapshotService, \
-    BaseStorageService, BaseSubnetService, BaseVMTypeService, BaseVolumeService
+    BaseSecurityService, BaseSnapshotService, BaseStorageService, \
+    BaseSubnetService, BaseVMFirewallService, BaseVMTypeService, \
+    BaseVolumeService
 from cloudbridge.cloud.interfaces import InvalidConfigurationException
 from cloudbridge.cloud.interfaces.resources import MachineImage, \
-    Network, PlacementZone, SecurityGroup, Snapshot, Subnet, \
-    VMType, Volume
-from cloudbridge.cloud.providers.azure import helpers as azure_helpers
+    Network, PlacementZone, Snapshot, Subnet, VMFirewall, VMType, Volume
 
 from msrestazure.azure_exceptions import CloudError
 
+from . import helpers as azure_helpers
 from .resources import AzureBucket, AzureFloatingIP, \
     AzureInstance, AzureInternetGateway, AzureKeyPair, \
     AzureLaunchConfig, AzureMachineImage, AzureNetwork, \
-    AzureRegion, AzureRouter, AzureSecurityGroup, AzureSnapshot, \
-    AzureSubnet, AzureVMType, AzureVolume
+    AzureRegion, AzureRouter, AzureSnapshot, AzureSubnet, \
+    AzureVMFirewall, AzureVMType, AzureVolume
 
 log = logging.getLogger(__name__)
 
@@ -34,40 +34,25 @@ class AzureSecurityService(BaseSecurityService):
 
         # Initialize provider services
         self._key_pairs = AzureKeyPairService(provider)
-        self._security_groups = AzureSecurityGroupService(provider)
+        self._vm_firewalls = AzureVMFirewallService(provider)
 
     @property
     def key_pairs(self):
-        """
-        Provides access to key pairs for this provider.
-
-        :rtype: ``object`` of :class:`.KeyPairService`
-        :return: a KeyPairService object
-        """
         return self._key_pairs
 
     @property
-    def security_groups(self):
-        """
-        Provides access to security groups for this provider.
-
-        :rtype: ``object`` of :class:`.SecurityGroupService`
-        :return: a SecurityGroupService object
-        """
-        return self._security_groups
+    def vm_firewalls(self):
+        return self._vm_firewalls
 
 
-class AzureSecurityGroupService(BaseSecurityGroupService):
+class AzureVMFirewallService(BaseVMFirewallService):
     def __init__(self, provider):
-        super(AzureSecurityGroupService, self).__init__(provider)
+        super(AzureVMFirewallService, self).__init__(provider)
 
-    def get(self, sg_id):
-        """
-        Returns a SecurityGroup given its id.
-        """
+    def get(self, fw_id):
         try:
-            sgs = self.provider.azure_client.get_security_group(sg_id)
-            return AzureSecurityGroup(self.provider, sgs)
+            fws = self.provider.azure_client.get_vm_firewall(fw_id)
+            return AzureVMFirewall(self.provider, fws)
 
         except CloudError as cloudError:
             # Azure raises the cloud error if the resource not available
@@ -75,74 +60,38 @@ class AzureSecurityGroupService(BaseSecurityGroupService):
             return None
 
     def list(self, limit=None, marker=None):
-        """
-        List all security groups associated with this account.
-
-        :rtype: ``list`` of :class:`.SecurityGroup`
-        :return:  list of SecurityGroup objects
-        """
-        sgs = [AzureSecurityGroup(self.provider, sg)
-               for sg in self.provider.azure_client.list_security_group()]
-        return ClientPagedResultList(self.provider, sgs, limit, marker)
+        fws = [AzureVMFirewall(self.provider, fw)
+               for fw in self.provider.azure_client.list_vm_firewall()]
+        return ClientPagedResultList(self.provider, fws, limit, marker)
 
     def create(self, name, description, network_id=None):
-        """
-        Create a new SecurityGroup.
-
-        :type name: str
-        :param name: The name of the new security group.
-
-        :type description: str
-        :param description: The description of the new security group.
-
-        :type  network_id: ``str``
-        :param network_id: The ID of the virtual network under which to
-                            create the security group. But we are not using
-                            this in azure as security group associated with
-                            subnet or network interface
-
-        :rtype: ``object`` of :class:`.SecurityGroup`
-        :return:  A SecurityGroup instance or ``None`` if one was not created.
-        """
-        AzureSecurityGroup.assert_valid_resource_name(name)
+        AzureVMFirewall.assert_valid_resource_name(name)
         parameters = {"location": self.provider.region_name,
                       'tags': {'Name': name}}
 
         if description:
             parameters['tags'].update(Description=description)
 
-        sg = self.provider.azure_client.create_security_group(name, parameters)
-        cb_sg = AzureSecurityGroup(self.provider, sg)
+        fw = self.provider.azure_client.create_vm_firewall(name, parameters)
+        cb_fw = AzureVMFirewall(self.provider, fw)
 
-        return cb_sg
+        return cb_fw
 
     def find(self, name, limit=None, marker=None):
         """
         Searches for a security group by a given list of attributes.
         """
         filters = {'Name': name}
-        sgs = [AzureSecurityGroup(self.provider, security_group)
-               for security_group in azure_helpers.filter(
-                self.provider.azure_client.list_security_group(), filters)]
+        fws = [AzureVMFirewall(self.provider, vm_firewall)
+               for vm_firewall in azure_helpers.filter(
+                self.provider.azure_client.list_vm_firewall(), filters)]
 
-        return ClientPagedResultList(self.provider, sgs,
+        return ClientPagedResultList(self.provider, fws,
                                      limit=limit, marker=marker)
 
     def delete(self, group_id):
-        """
-       Delete an existing SecurityGroup.
-
-       :type group_id: str
-       :param group_id: The security group ID to be deleted.
-
-       :rtype: ``bool``
-       :return:  ``True`` if the security group deleted, ``False``
-                 otherwise. Note that this implies that the group may not have
-                 been deleted by this method but instead has not existed in
-                 the first place.
-       """
         try:
-            self.provider.azure_client.delete_security_group(group_id)
+            self.provider.azure_client.delete_vm_firewall(group_id)
             return True
         except CloudError as cloudError:
             # Azure raises the cloud error if the resource not available
@@ -451,7 +400,7 @@ class AzureInstanceService(BaseInstanceService):
         super(AzureInstanceService, self).__init__(provider)
 
     def create(self, name, image, instance_type, subnet=None, zone=None,
-               key_pair=None, security_groups=None, user_data=None,
+               key_pair=None, vm_firewalls=None, user_data=None,
                launch_config=None, **kwargs):
 
         instance_name = name.replace("_", "-") if name \
@@ -481,9 +430,9 @@ class AzureInstanceService(BaseInstanceService):
 
         zone_id = zone.id if isinstance(zone, PlacementZone) else zone
 
-        subnet_id, zone_id, security_group_id = \
+        subnet_id, zone_id, vm_firewall_id = \
             self._resolve_launch_options(instance_name,
-                                         subnet, zone_id, security_groups)
+                                         subnet, zone_id, vm_firewalls)
 
         if launch_config:
             disks, root_disk_size = \
@@ -504,9 +453,9 @@ class AzureInstanceService(BaseInstanceService):
                 }]
             }
 
-        if security_group_id:
+        if vm_firewall_id:
             nic_params['network_security_group'] = {
-                'id': security_group_id
+                'id': vm_firewall_id
             }
         nic_info = self.provider.azure_client.create_nic(
             instance_name + '_nic',
@@ -571,54 +520,34 @@ class AzureInstanceService(BaseInstanceService):
         return AzureInstance(self.provider, vm)
 
     def _resolve_launch_options(self, name, subnet=None, zone_id=None,
-                                security_groups=None):
-        """
-        Work out interdependent launch options.
-
-        Some launch options are required and interdependent so make sure
-        they conform to the interface contract.
-
-        :type subnet: ``Subnet``
-        :param subnet: Subnet object within which to launch.
-
-        :type zone_id: ``str``
-        :param zone_id: ID of the zone where the launch should happen.
-
-        :type security_groups: ``list`` of ``id``
-        :param zone_id: List of security group IDs.
-
-        :rtype: triplet of ``str``
-        :return: Subnet ID, zone ID and security group IDs for launch.
-
-        :raise ValueError: In case a conflicting combination is found.
-        """
+                                vm_firewalls=None):
         if subnet:
             # subnet's zone takes precedence
             zone_id = subnet.zone.id
-        security_group_id = None
+        vm_firewall_id = None
 
-        if isinstance(security_groups, list) and len(security_groups) > 0:
+        if isinstance(vm_firewalls, list) and len(vm_firewalls) > 0:
 
-            if isinstance(security_groups[0], SecurityGroup):
-                security_groups_ids = [sg.id for sg in security_groups]
-                security_group_id = security_groups[0].resource_id
+            if isinstance(vm_firewalls[0], VMFirewall):
+                vm_firewalls_ids = [fw.id for fw in vm_firewalls]
+                vm_firewall_id = vm_firewalls[0].resource_id
             else:
-                security_groups_ids = security_groups
-                seuciry_group = self.provider.security.\
-                    security_groups.get(security_groups[0])
-                security_group_id = seuciry_group.resource_id
+                vm_firewalls_ids = vm_firewalls
+                vm_firewall = self.provider.security.\
+                    vm_firewalls.get(vm_firewalls[0])
+                vm_firewall_id = vm_firewall.resource_id
 
-            if len(security_groups) > 1:
-                new_sg = self.provider.security.security_groups.\
-                    create('{0}-sg'.format(name), 'Merge security groups {0}'.
-                           format(','.join(security_groups_ids)))
+            if len(vm_firewalls) > 1:
+                new_fw = self.provider.security.vm_firewalls.\
+                    create('{0}-fw'.format(name), 'Merge vm firewall {0}'.
+                           format(','.join(vm_firewalls_ids)))
 
-                for sg in security_groups:
-                    new_sg.add_rule(src_group=sg)
+                for fw in vm_firewalls:
+                    new_fw.add_rule(src_dest_fw=fw)
 
-                security_group_id = new_sg.resource_id
+                vm_firewall_id = new_fw.resource_id
 
-        return subnet.resource_id, zone_id, security_group_id
+        return subnet.resource_id, zone_id, vm_firewall_id
 
     def _process_block_device_mappings(self, launch_config,
                                        vm_name, zone=None):