VMFirewallService refactored

cloudbridge/cloud/base/resources.py

@@ -579,7 +579,7 @@ class BaseVMFirewall(BaseCloudResource, VMFirewall):
         """
         Delete this VM firewall.
         """
-        return self._vm_firewall.delete()
+        return self._provider.security.vm_firewalls.delete(self.id)
 
 
 class BaseVMFirewallRuleContainer(BasePageableObjectMixin,

cloudbridge/cloud/base/services.py

@@ -10,6 +10,7 @@ from cloudbridge.cloud.base.resources import BaseKeyPair
 from cloudbridge.cloud.base.resources import BaseNetwork
 from cloudbridge.cloud.base.resources import BaseRouter
 from cloudbridge.cloud.base.resources import BaseSubnet
+from cloudbridge.cloud.base.resources import BaseVMFirewall
 from cloudbridge.cloud.interfaces.exceptions import \
     InvalidConfigurationException
 from cloudbridge.cloud.interfaces.resources import Network
@@ -115,7 +116,7 @@ class BaseKeyPairService(
                   the key pair's provider-specific CloudBridge object is
                   returned if the key pair is found.
         """
-        return self.dispatch(self, "provider.storage.key_pairs.get",
+        return self.dispatch(self, "provider.security.key_pairs.get",
                              key_pair_id)
 
     def find(self, **kwargs):
@@ -123,13 +124,14 @@ class BaseKeyPairService(
         Returns a list of key pairs filtered by the given keyword arguments.
         Accepted search arguments are: 'name'
         """
-        return self.dispatch(self, "provider.storage.key_pairs.find", **kwargs)
+        return self.dispatch(self, "provider.security.key_pairs.find",
+                             **kwargs)
 
     def list(self, limit=None, marker=None):
         """
         List all key pairs.
         """
-        return self.dispatch(self, "provider.storage.key_pairs.list",
+        return self.dispatch(self, "provider.security.key_pairs.list",
                              limit=limit, marker=marker)
 
     def create(self, name, location=None):
@@ -144,7 +146,7 @@ class BaseKeyPairService(
         :return:  The created key pair's provider-specific CloudBridge object.
         """
         BaseKeyPair.assert_valid_resource_name(name)
-        return self.dispatch(self, "provider.storage.key_pairs.create",
+        return self.dispatch(self, "provider.security.key_pairs.create",
                              name, location=location)
 
     def delete(self, key_pair_id):
@@ -154,7 +156,7 @@ class BaseKeyPairService(
         :type key_pair_id: str
         :param key_pair_id: The ID of the key pair to be deleted.
         """
-        return self.dispatch(self, "provider.storage.key_pairs.delete",
+        return self.dispatch(self, "provider.security.key_pairs.delete",
                              key_pair_id)
 
 
@@ -165,7 +167,65 @@ class BaseVMFirewallService(
         super(BaseVMFirewallService, self).__init__(provider)
         self._service_event_pattern += ".security.vm_firewalls"
 
+    def get(self, vm_firewall_id):
+        """
+        Returns a vm_firewall given its ID. Returns ``None`` if the vm_firewall
+        does not exist.
+
+        :type vm_firewall_id: str
+        :param vm_firewall_id: The id of the desired firewall.
+
+        :rtype: ``VMFirewall``
+        :return:  ``None`` is returned if the firewall does not exist, and
+                  the firewall's provider-specific CloudBridge object is
+                  returned if the firewall is found.
+        """
+        return self.dispatch(self, "provider.security.vm_firewalls.get",
+                             vm_firewall_id)
+
     def find(self, **kwargs):
+        """
+        Returns a list of firewalls filtered by the given keyword arguments.
+        Accepted search arguments are: 'label'
+        """
+        return self.dispatch(self, "provider.security.vm_firewalls.find",
+                             **kwargs)
+
+    def list(self, limit=None, marker=None):
+        """
+        List all firewalls.
+        """
+        return self.dispatch(self, "provider.security.vm_firewalls.list",
+                             limit=limit, marker=marker)
+
+    def create(self, label, network, description=None):
+        """
+        Create a new firewall.
+
+        :type label: str
+        :param label: The label of the firewall to be created. Note that labels
+                     do not have to be unique, and are changeable.
+
+        :rtype: ``VMFirewall``
+        :return:  The created firewall's provider-specific CloudBridge object.
+        """
+        BaseVMFirewall.assert_valid_resource_label(label)
+        return self.dispatch(self, "provider.security.vm_firewalls.create",
+                             label, self, label, network, description)
+
+    def delete(self, vm_firewall_id):
+        """
+        Delete an existing firewall.
+
+        :type vm_firewall_id: str
+        :param vm_firewall_id: The ID of the firewall to be deleted.
+        """
+        return self.dispatch(self, "provider.security.vm_firewalls.delete",
+                             vm_firewall_id)
+
+    @implement(event_pattern="provider.security.vm_firewalls.find",
+               priority=BaseCloudService.STANDARD_EVENT_PRIORITY)
+    def _find(self, **kwargs):
         obj_list = self
         filters = ['label']
         matches = cb_helpers.generic_find(filters, kwargs, obj_list)

cloudbridge/cloud/providers/aws/services.py

@@ -147,19 +147,21 @@ class AWSVMFirewallService(BaseVMFirewallService):
                                   cb_resource=AWSVMFirewall,
                                   boto_collection_name='security_groups')
 
-    def get(self, firewall_id):
-        log.debug("Getting Firewall Service with the id: %s", firewall_id)
-        return self.svc.get(firewall_id)
-
-    def list(self, limit=None, marker=None):
+    @implement(event_pattern="provider.security.vm_firewalls.get",
+               priority=BaseVMFirewallService.STANDARD_EVENT_PRIORITY)
+    def _get(self, vm_firewall_id):
+        log.debug("Getting Firewall Service with the id: %s", vm_firewall_id)
+        return self.svc.get(vm_firewall_id)
+
+    @implement(event_pattern="provider.security.vm_firewalls.list",
+               priority=BaseVMFirewallService.STANDARD_EVENT_PRIORITY)
+    def _list(self, limit=None, marker=None):
         return self.svc.list(limit=limit, marker=marker)
 
     @cb_helpers.deprecated_alias(network_id='network')
-    def create(self, label, network, description=None):
-        log.debug("Creating Firewall Service with the parameters "
-                  "[label: %s id: %s description: %s]", label, network,
-                  description)
-        AWSVMFirewall.assert_valid_resource_label(label)
+    @implement(event_pattern="provider.security.vm_firewalls.create",
+               priority=BaseVMFirewallService.STANDARD_EVENT_PRIORITY)
+    def _create(self, label, network, description=None):
         name = AWSVMFirewall._generate_name_from_label(label, 'cb-fw')
         network_id = network.id if isinstance(network, Network) else network
         obj = self.svc.create('create_security_group', GroupName=name,
@@ -168,7 +170,9 @@ class AWSVMFirewallService(BaseVMFirewallService):
         obj.label = label
         return obj
 
-    def find(self, **kwargs):
+    @implement(event_pattern="provider.security.vm_firewalls.find",
+               priority=BaseVMFirewallService.STANDARD_EVENT_PRIORITY)
+    def _find(self, **kwargs):
         # Filter by name or label
         label = kwargs.pop('label', None)
         log.debug("Searching for Firewall Service %s", label)
@@ -179,11 +183,11 @@ class AWSVMFirewallService(BaseVMFirewallService):
         return self.svc.find(filter_name='tag:Name',
                              filter_value=label)
 
-    def delete(self, firewall_id):
-        log.info("Deleting Firewall Service with the id %s", firewall_id)
-        firewall = self.svc.get(firewall_id)
-        if firewall:
-            firewall.delete()
+    @implement(event_pattern="provider.security.vm_firewalls.delete",
+               priority=BaseVMFirewallService.STANDARD_EVENT_PRIORITY)
+    def _delete(self, vm_firewall_id):
+        aws_fw = self.svc.get_raw(vm_firewall_id)
+        aws_fw.delete()
 
 
 class AWSStorageService(BaseStorageService):

cloudbridge/cloud/providers/azure/resources.py

@@ -101,9 +101,6 @@ class AzureVMFirewall(BaseVMFirewall):
     def rules(self):
         return self._rule_container
 
-    def delete(self):
-        self._provider.azure_client.delete_vm_firewall(self.id)
-
     def refresh(self):
         """
         Refreshes the security group with tags if required.

cloudbridge/cloud/providers/azure/services.py

@@ -78,23 +78,28 @@ class AzureVMFirewallService(BaseVMFirewallService):
     def __init__(self, provider):
         super(AzureVMFirewallService, self).__init__(provider)
 
-    def get(self, fw_id):
+    @implement(event_pattern="provider.security.vm_firewalls.get",
+               priority=BaseVMFirewallService.STANDARD_EVENT_PRIORITY)
+    def _get(self, vm_firewall_id):
         try:
-            fws = self.provider.azure_client.get_vm_firewall(fw_id)
+            fws = self.provider.azure_client.get_vm_firewall(vm_firewall_id)
             return AzureVMFirewall(self.provider, fws)
         except (CloudError, InvalidValueException) as cloud_error:
             # Azure raises the cloud error if the resource not available
             log.exception(cloud_error)
             return None
 
-    def list(self, limit=None, marker=None):
+    @implement(event_pattern="provider.security.vm_firewalls.list",
+               priority=BaseVMFirewallService.STANDARD_EVENT_PRIORITY)
+    def _list(self, limit=None, marker=None):
         fws = [AzureVMFirewall(self.provider, fw)
                for fw in self.provider.azure_client.list_vm_firewall()]
         return ClientPagedResultList(self.provider, fws, limit, marker)
 
     @cb_helpers.deprecated_alias(network_id='network')
-    def create(self, label, network, description=None):
-        AzureVMFirewall.assert_valid_resource_label(label)
+    @implement(event_pattern="provider.security.vm_firewalls.create",
+               priority=BaseVMFirewallService.STANDARD_EVENT_PRIORITY)
+    def _create(self, label, network, description=None):
         name = AzureVMFirewall._generate_name_from_label(label, "cb-fw")
         net = network.id if isinstance(network, Network) else network
         parameters = {"location": self.provider.region_name,
@@ -135,7 +140,9 @@ class AzureVMFirewallService(BaseVMFirewallService):
         cb_fw = AzureVMFirewall(self.provider, fw)
         return cb_fw
 
-    def delete(self, group_id):
+    @implement(event_pattern="provider.security.vm_firewalls.delete",
+               priority=BaseVMFirewallService.STANDARD_EVENT_PRIORITY)
+    def _delete(self, group_id):
         self.provider.azure_client.delete_vm_firewall(group_id)
 
 

cloudbridge/cloud/providers/gce/resources.py

@@ -416,6 +416,10 @@ class GCEFirewallsDelegate(object):
                         .execute())
         self._provider.wait_for_operation(response)
         # TODO: process the response and handle errors.
+        tag_name = "_".join(["firewall", self.name, "label"])
+        if not helpers.remove_metadata_item(self._provider, tag_name):
+            log.warning('No label was found associated with this firewall '
+                        '"{}" when deleted.'.format(self.name))
         return True
 
     def _update_list_response(self):
@@ -506,16 +510,6 @@ class GCEVMFirewall(BaseVMFirewall):
     def rules(self):
         return self._rule_container
 
-    def delete(self):
-        for rule in self._rule_container:
-            rule.delete()
-        self._rule_container.dummy_rule.force_delete()
-        # Remove label
-        tag_name = "_".join(["firewall", self.name, "label"])
-        if not helpers.remove_metadata_item(self._provider, tag_name):
-            log.warning('No label was found associated with this firewall '
-                        '"{}" when deleted.'.format(self.name))
-
     def to_json(self):
         attr = inspect.getmembers(self, lambda a: not(inspect.isroutine(a)))
         js = {k: v for(k, v) in attr if not k.startswith('_')}

cloudbridge/cloud/providers/gce/services.py

@@ -162,14 +162,19 @@ class GCEVMFirewallService(BaseVMFirewallService):
         super(GCEVMFirewallService, self).__init__(provider)
         self._delegate = GCEFirewallsDelegate(provider)
 
-    def get(self, group_id):
-        tag, network_name = self._delegate.get_tag_network_from_id(group_id)
+    @implement(event_pattern="provider.security.vm_firewalls.get",
+               priority=BaseVMFirewallService.STANDARD_EVENT_PRIORITY)
+    def _get(self, vm_firewall_id):
+        tag, network_name = \
+            self._delegate.get_tag_network_from_id(vm_firewall_id)
         if tag is None:
             return None
         network = self.provider.networking.networks.get(network_name)
         return GCEVMFirewall(self._delegate, tag, network)
 
-    def list(self, limit=None, marker=None):
+    @implement(event_pattern="provider.security.vm_firewalls.list",
+               priority=BaseVMFirewallService.STANDARD_EVENT_PRIORITY)
+    def _list(self, limit=None, marker=None):
         vm_firewalls = []
         for tag, network_name in self._delegate.tag_networks:
             network = self.provider.networking.networks.get(
@@ -179,8 +184,9 @@ class GCEVMFirewallService(BaseVMFirewallService):
         return ClientPagedResultList(self.provider, vm_firewalls,
                                      limit=limit, marker=marker)
 
-    def create(self, label, description, network=None):
-        GCEVMFirewall.assert_valid_resource_label(label)
+    @implement(event_pattern="provider.security.vm_firewalls.create",
+               priority=BaseVMFirewallService.STANDARD_EVENT_PRIORITY)
+    def _create(self, label, network, description=None):
         network = (network if isinstance(network, GCENetwork)
                    else self.provider.networking.networks.get(network))
         fw = GCEVMFirewall(self._delegate, label, network, description)
@@ -192,8 +198,10 @@ class GCEVMFirewallService(BaseVMFirewallService):
         fw.label = label
         return fw
 
-    def delete(self, group_id):
-        return self._delegate.delete_tag_network_with_id(group_id)
+    @implement(event_pattern="provider.security.vm_firewalls.delete",
+               priority=BaseVMFirewallService.STANDARD_EVENT_PRIORITY)
+    def _delete(self, vm_firewall_id):
+        return self._delegate.delete_tag_network_with_id(vm_firewall_id)
 
     def find_by_network_and_tags(self, network_name, tags):
         """

cloudbridge/cloud/providers/openstack/resources.py

@@ -1249,9 +1249,6 @@ class OpenStackVMFirewall(BaseVMFirewall):
     def rules(self):
         return self._rule_svc
 
-    def delete(self):
-        return self._vm_firewall.delete(self._provider.os_conn.session)
-
     def refresh(self):
         self._vm_firewall = self._provider.os_conn.network.get_security_group(
             self.id)

cloudbridge/cloud/providers/openstack/services.py

@@ -211,17 +211,21 @@ class OpenStackVMFirewallService(BaseVMFirewallService):
     def __init__(self, provider):
         super(OpenStackVMFirewallService, self).__init__(provider)
 
-    def get(self, firewall_id):
-        log.debug("Getting OpenStack VM Firewall with the id: %s", firewall_id)
+    @implement(event_pattern="provider.security.vm_firewalls.get",
+               priority=BaseVMFirewallService.STANDARD_EVENT_PRIORITY)
+    def _get(self, vm_firewall_id):
         try:
             return OpenStackVMFirewall(
                 self.provider,
-                self.provider.os_conn.network.get_security_group(firewall_id))
+                self.provider.os_conn.network
+                    .get_security_group(vm_firewall_id))
         except (ResourceNotFound, NotFoundException):
-            log.debug("Firewall %s not found.", firewall_id)
+            log.debug("Firewall %s not found.", vm_firewall_id)
             return None
 
-    def list(self, limit=None, marker=None):
+    @implement(event_pattern="provider.security.vm_firewalls.list",
+               priority=BaseVMFirewallService.STANDARD_EVENT_PRIORITY)
+    def _list(self, limit=None, marker=None):
         firewalls = [
             OpenStackVMFirewall(self.provider, fw)
             for fw in self.provider.os_conn.network.security_groups()]
@@ -230,11 +234,9 @@ class OpenStackVMFirewallService(BaseVMFirewallService):
                                      limit=limit, marker=marker)
 
     @cb_helpers.deprecated_alias(network_id='network')
-    def create(self, label, network, description=None):
-        OpenStackVMFirewall.assert_valid_resource_label(label)
-        log.debug("Creating OpenStack VM Firewall with the params: "
-                  "[label: %s network id: %s description: %s]", label,
-                  network, description)
+    @implement(event_pattern="provider.security.vm_firewalls.create",
+               priority=BaseVMFirewallService.STANDARD_EVENT_PRIORITY)
+    def _create(self, label, network, description=None):
         net = network.id if isinstance(network, Network) else network
         # We generally simulate a network being associated with a firewall
         # by storing the supplied value in the firewall description field that
@@ -252,12 +254,17 @@ class OpenStackVMFirewallService(BaseVMFirewallService):
             return OpenStackVMFirewall(self.provider, sg)
         return None
 
-    def delete(self, group_id):
-        log.debug("Deleting OpenStack Firewall with the id: %s", group_id)
-        firewall = self.get(group_id)
-        if firewall:
-            firewall.delete()
-        return True
+    @implement(event_pattern="provider.security.vm_firewalls.delete",
+               priority=BaseVMFirewallService.STANDARD_EVENT_PRIORITY)
+    def _delete(self, vm_firewall_id):
+        try:
+            os_fw = self.provider.os_conn.network.get_security_group(
+                vm_firewall_id)
+            os_fw.delete(self.provider.os_conn.session)
+            return True
+        except (ResourceNotFound, NotFoundException):
+            log.debug("Firewall %s not found.", vm_firewall_id)
+            return True
 
 
 class OpenStackStorageService(BaseStorageService):