Add security group rules implemenation

cloudbridge/providers/aws/resources.py

@@ -12,6 +12,7 @@ from cloudbridge.providers.base import BaseInstanceType
 from cloudbridge.providers.base import BaseKeyPair
 from cloudbridge.providers.base import BaseMachineImage
 from cloudbridge.providers.base import BaseSecurityGroup
+from cloudbridge.providers.base import BaseSecurityGroupRule
 from cloudbridge.providers.base import BaseSnapshot
 from cloudbridge.providers.base import BaseVolume
 from cloudbridge.providers.interfaces import Container
@@ -489,6 +490,11 @@ class AWSSecurityGroup(BaseSecurityGroup):
     def __init__(self, provider, security_group):
         super(AWSSecurityGroup, self).__init__(provider, security_group)
 
+    @property
+    def rules(self):
+        return [AWSSecurityGroupRule(self._provider, r, self)
+                for r in self._security_group.rules]
+
     def add_rule(self, ip_protocol=None, from_port=None, to_port=None,
                  cidr_ip=None, src_group=None):
         """
@@ -525,6 +531,39 @@ class AWSSecurityGroup(BaseSecurityGroup):
             src_group=src_group._security_group)
 
 
+class AWSSecurityGroupRule(BaseSecurityGroupRule):
+
+    def __init__(self, provider, rule, parent):
+        super(AWSSecurityGroupRule, self).__init__(provider, rule, parent)
+
+    @property
+    def ip_protocol(self):
+        return self._rule.ip_protocol
+
+    @property
+    def from_port(self):
+        return self._rule.from_port
+
+    @property
+    def to_port(self):
+        return self._rule.to_port
+
+    @property
+    def cidr_ip(self):
+        if len(self._rule.grants) > 0:
+            return self._rule.grants[0].cidr_ip
+        return None
+
+    @property
+    def group(self):
+        if len(self._rule.grants) > 0:
+            if self._rule.grants[0].group_id:
+                cg = self.parent._provider.ec2_conn.get_all_security_groups(
+                    group_ids=[self._rule.grants[0].group_id])[0]
+                return AWSSecurityGroup(self.parent._provider, cg)
+        return None
+
+
 class AWSContainerObject(ContainerObject):
 
     def __init__(self, provider, key):

cloudbridge/providers/aws/services.py

@@ -464,7 +464,7 @@ class AWSInstanceTypesService(InstanceTypesService):
         """
         TODO: Neeeds a caching function with timeout
         """
-        print "###########################", self._provider
+        print("###########################", self._provider)
         r = requests.get(self._provider.config.get(
             "aws_instance_info_url",
             "https://raw.githubusercontent.com/powdahound/ec2instances.info"

cloudbridge/providers/base.py

@@ -14,6 +14,7 @@ from cloudbridge.providers.interfaces import MachineImage
 from cloudbridge.providers.interfaces import MachineImageState
 from cloudbridge.providers.interfaces import ObjectLifeCycleMixin
 from cloudbridge.providers.interfaces import SecurityGroup
+from cloudbridge.providers.interfaces import SecurityGroupRule
 from cloudbridge.providers.interfaces import Snapshot
 from cloudbridge.providers.interfaces import SnapshotState
 from cloudbridge.providers.interfaces import Volume
@@ -262,3 +263,15 @@ class BaseSecurityGroup(SecurityGroup):
 
     def __repr__(self):
         return "<CBSecurityGroup: {0}>".format(self.name)
+
+
+class BaseSecurityGroupRule(SecurityGroupRule):
+
+    def __init__(self, provider, rule, parent):
+        self._provider = provider
+        self._rule = rule
+        self.parent = parent
+
+    def __repr__(self):
+        return "<CBSecurityGroupRule: IP: {0}; from: {1}; to: {2}".format(
+            self.ip_protocol, self.from_port, self.to_port)

cloudbridge/providers/interfaces/__init__.py

@@ -15,6 +15,7 @@ from .resources import ObjectLifeCycleMixin
 from .resources import PlacementZone
 from .resources import Region
 from .resources import SecurityGroup
+from .resources import SecurityGroupRule
 from .resources import Snapshot
 from .resources import SnapshotState
 from .resources import Volume

cloudbridge/providers/interfaces/resources.py

@@ -741,6 +741,17 @@ class SecurityGroup(object):
         raise NotImplementedError(
             'id not implemented by this provider')
 
+    @property
+    def rules(self):
+        """
+        Get the list of rules for this security group.
+
+        :rtype: list of :class:``.SecurityGroupRule``
+        :return: A list of security group rule objects
+        """
+        raise NotImplementedError(
+            'rules not implemented by this provider')
+
     def delete(self):
         """
         Delete this security group.
@@ -783,6 +794,56 @@ class SecurityGroup(object):
             'add_rule not implemented by this provider')
 
 
+class SecurityGroupRule(object):
+
+    """
+    Represents a security group rule.
+    """
+
+    @property
+    def ip_protocol(self):
+        """
+        IP protocol used. Either ``tcp`` | ``udp`` | ``icmp``.
+        """
+        raise NotImplementedError(
+            'ip_protocol not implemented by this provider')
+
+    @property
+    def from_port(self):
+        """
+        Lowest port number opened as part of this rule.
+        """
+        raise NotImplementedError(
+            'from_port not implemented by this provider')
+
+    @property
+    def to_port(self):
+        """
+        Highest port number opened as part of this rule.
+        """
+        raise NotImplementedError(
+            'to_port not implemented by this provider')
+
+    @property
+    def cidr_ip(self):
+        """
+        CIDR block this security group is providing access to.
+        """
+        raise NotImplementedError(
+            'cidr_ip not implemented by this provider')
+
+    @property
+    def group(self):
+        """
+        Security group given access permissions by this rule.
+
+        :rtype: ``object`` of :class:`.SecurityGroup`
+        :return: The Security Group with granting access.
+        """
+        raise NotImplementedError(
+            'group not implemented by this provider')
+
+
 class ContainerObject(object):
 
     """

cloudbridge/providers/openstack/resources.py

@@ -11,6 +11,7 @@ from cloudbridge.providers.base import BaseInstanceType
 from cloudbridge.providers.base import BaseKeyPair
 from cloudbridge.providers.base import BaseMachineImage
 from cloudbridge.providers.base import BaseSecurityGroup
+from cloudbridge.providers.base import BaseSecurityGroupRule
 from cloudbridge.providers.base import BaseSnapshot
 from cloudbridge.providers.base import BaseVolume
 from cloudbridge.providers.interfaces import Container
@@ -526,6 +527,13 @@ class OpenStackSecurityGroup(BaseSecurityGroup):
     def __init__(self, provider, security_group):
         super(OpenStackSecurityGroup, self).__init__(provider, security_group)
 
+    @property
+    def rules(self):
+        # Update SG object; otherwise, recenlty added rules do now show
+        self._security_group = self._provider.nova.security_groups.get(self._security_group)
+        return [OpenStackSecurityGroupRule(self._provider, r, self)
+                for r in self._security_group.rules]
+
     def add_rule(self, ip_protocol=None, from_port=None, to_port=None,
                  cidr_ip=None, src_group=None):
         """
@@ -563,12 +571,47 @@ class OpenStackSecurityGroup(BaseSecurityGroup):
                     to_port=65535,
                     group_id=src_group.id)
         else:
-            return self._provider.nova.security_group_rules.create(
-                parent_group_id=self._security_group.id,
-                ip_protocol=ip_protocol,
-                from_port=from_port,
-                to_port=to_port,
-                cidr=cidr_ip)
+            if self._provider.nova.security_group_rules.create(
+               parent_group_id=self._security_group.id,
+               ip_protocol=ip_protocol,
+               from_port=from_port,
+               to_port=to_port,
+               cidr=cidr_ip):
+                return True
+            else:
+                return False
+
+
+class OpenStackSecurityGroupRule(BaseSecurityGroupRule):
+
+    def __init__(self, provider, rule, parent):
+        super(OpenStackSecurityGroupRule, self).__init__(provider, rule, parent)
+
+    @property
+    def ip_protocol(self):
+        return self._rule.get('ip_protocol')
+
+    @property
+    def from_port(self):
+        return self._rule.get('from_port')
+
+    @property
+    def to_port(self):
+        return self._rule.get('to_port')
+
+    @property
+    def cidr_ip(self):
+        return self._rule.get('cidr_ip', {}).get('cidr')
+
+    @property
+    def group(self):
+        cg = self._rule.get('group', {}).get('name')
+        if cg:
+            security_groups = self.parent._provider.nova.security_groups.list()
+            for sg in security_groups:
+                if sg.name == cg:
+                    return OpenStackSecurityGroup(self.parent._provider, sg)
+        return None
 
 
 class OpenStackContainerObject(ContainerObject):

cloudbridge/providers/openstack/services.py

@@ -149,12 +149,12 @@ class OpenStackSecurityGroupService(SecurityGroupService):
         Get all security groups associated with your account.
 
         :type group_names: list
-        :param group_names: A list of the names of security groups to retrieve.
-                           If not provided, all security groups will be
-                           returned.
+        :param group_names: A list of strings of the names of security groups
+                           to retrieve. If not provided, all security groups
+                           will be returned.
 
         :type group_ids: list
-        :param group_ids: A list of IDs of security groups to retrieve.
+        :param group_ids: A list of string IDs of security groups to retrieve.
                           If not provided, all security groups will be
                           returned.