1 files changed, 148 insertions, 0 deletions
diff --git a/aria/multivim-plugin/openstack_plugin_common/security_group.py b/aria/multivim-plugin/openstack_plugin_common/security_group.py
new file mode 100644
index 0000000000..0fa21aa149
--- /dev/null
+++ b/aria/multivim-plugin/openstack_plugin_common/security_group.py
@@ -0,0 +1,148 @@
+#########
+# Copyright (c) 2014 GigaSpaces Technologies Ltd. All rights reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+#  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  * See the License for the specific language governing permissions and
+#  * limitations under the License.
+
+import copy
+import re
+
+from cloudify import ctx
+from cloudify.exceptions import NonRecoverableError
+
+from openstack_plugin_common import (
+    get_resource_id,
+    use_external_resource,
+    delete_resource_and_runtime_properties,
+    validate_resource,
+    validate_ip_or_range_syntax,
+    OPENSTACK_ID_PROPERTY,
+    OPENSTACK_TYPE_PROPERTY,
+    OPENSTACK_NAME_PROPERTY,
+    COMMON_RUNTIME_PROPERTIES_KEYS
+)
+
+SECURITY_GROUP_OPENSTACK_TYPE = 'security_group'
+
+# Runtime properties
+RUNTIME_PROPERTIES_KEYS = COMMON_RUNTIME_PROPERTIES_KEYS
+
+NODE_NAME_RE = re.compile('^(.*)_.*$')  # Anything before last underscore
+
+
+def build_sg_data(args=None):
+    security_group = {
+        'description': None,
+        'name': get_resource_id(ctx, SECURITY_GROUP_OPENSTACK_TYPE),
+    }
+
+    args = args or {}
+    security_group.update(ctx.node.properties['security_group'], **args)
+
+    return security_group
+
+
+def process_rules(client, sgr_default_values, cidr_field_name,
+                  remote_group_field_name, min_port_field_name,
+                  max_port_field_name):
+    rules_to_apply = ctx.node.properties['rules']
+    security_group_rules = []
+    for rule in rules_to_apply:
+        security_group_rules.append(
+            _process_rule(rule, client, sgr_default_values, cidr_field_name,
+                          remote_group_field_name, min_port_field_name,
+                          max_port_field_name))
+
+    return security_group_rules
+
+
+def use_external_sg(client):
+    return use_external_resource(ctx, client,
+                                 SECURITY_GROUP_OPENSTACK_TYPE)
+
+
+def set_sg_runtime_properties(sg, client):
+    ctx.instance.runtime_properties[OPENSTACK_ID_PROPERTY] =\
+        client.get_id_from_resource(sg)
+    ctx.instance.runtime_properties[OPENSTACK_TYPE_PROPERTY] =\
+        SECURITY_GROUP_OPENSTACK_TYPE
+    ctx.instance.runtime_properties[OPENSTACK_NAME_PROPERTY] = \
+        client.get_name_from_resource(sg)
+
+
+def delete_sg(client, **kwargs):
+    delete_resource_and_runtime_properties(ctx, client,
+                                           RUNTIME_PROPERTIES_KEYS)
+
+
+def sg_creation_validation(client, cidr_field_name, **kwargs):
+    validate_resource(ctx, client, SECURITY_GROUP_OPENSTACK_TYPE)
+
+    ctx.logger.debug('validating CIDR for rules with a {0} field'.format(
+        cidr_field_name))
+    for rule in ctx.node.properties['rules']:
+        if cidr_field_name in rule:
+            validate_ip_or_range_syntax(ctx, rule[cidr_field_name])
+
+
+def _process_rule(rule, client, sgr_default_values, cidr_field_name,
+                  remote_group_field_name, min_port_field_name,
+                  max_port_field_name):
+    ctx.logger.debug(
+        "Security group rule before transformations: {0}".format(rule))
+
+    sgr = copy.deepcopy(sgr_default_values)
+    if 'port' in rule:
+        rule[min_port_field_name] = rule['port']
+        rule[max_port_field_name] = rule['port']
+        del rule['port']
+    sgr.update(rule)
+
+    if (remote_group_field_name in sgr) and sgr[remote_group_field_name]:
+        sgr[cidr_field_name] = None
+    elif ('remote_group_node' in sgr) and sgr['remote_group_node']:
+        _, remote_group_node = _capabilities_of_node_named(
+            sgr['remote_group_node'])
+        sgr[remote_group_field_name] = remote_group_node[OPENSTACK_ID_PROPERTY]
+        del sgr['remote_group_node']
+        sgr[cidr_field_name] = None
+    elif ('remote_group_name' in sgr) and sgr['remote_group_name']:
+        sgr[remote_group_field_name] = \
+            client.get_id_from_resource(
+                client.cosmo_get_named(
+                    SECURITY_GROUP_OPENSTACK_TYPE, sgr['remote_group_name']))
+        del sgr['remote_group_name']
+        sgr[cidr_field_name] = None
+
+    ctx.logger.debug(
+        "Security group rule after transformations: {0}".format(sgr))
+    return sgr
+
+
+def _capabilities_of_node_named(node_name):
+    result = None
+    caps = ctx.capabilities.get_all()
+    for node_id in caps:
+        match = NODE_NAME_RE.match(node_id)
+        if match:
+            candidate_node_name = match.group(1)
+            if candidate_node_name == node_name:
+                if result:
+                    raise NonRecoverableError(
+                        "More than one node named '{0}' "
+                        "in capabilities".format(node_name))
+                result = (node_id, caps[node_id])
+    if not result:
+        raise NonRecoverableError(
+            "Could not find node named '{0}' "
+            "in capabilities".format(node_name))
+    return result