[pkg-eucalyptus-commits] [SCM] managing cloud instances for Eucalyptus branch, master, updated. 3.0.0-alpha3-257-g1da8e3a

Garrett Holmstrom gholms at fedoraproject.org
Sun Jun 16 02:29:42 UTC 2013


The following commit has been merged in the master branch:
commit 6c590ce92ad9ec3c4363c3abb6acbba92c329551
Author: Garrett Holmstrom <gholms at fedoraproject.org>
Date:   Sat Apr 14 18:46:47 2012 -0700

    Rewrite Authorize and Revoke

diff --git a/bin/euca-authorize b/bin/euca-authorize
index bd2f91c..f016b12 100755
--- a/bin/euca-authorize
+++ b/bin/euca-authorize
@@ -1,42 +1,6 @@
-#!/usr/bin/python
-# -*- coding: utf-8 -*-
-
-# Software License Agreement (BSD License)
-#
-# Copyright (c) 2009-2011, Eucalyptus Systems, Inc.
-# All rights reserved.
-#
-# Redistribution and use of this software in source and binary forms, with or
-# without modification, are permitted provided that the following conditions
-# are met:
-#
-#   Redistributions of source code must retain the above
-#   copyright notice, this list of conditions and the
-#   following disclaimer.
-#
-#   Redistributions in binary form must reproduce the above
-#   copyright notice, this list of conditions and the
-#   following disclaimer in the documentation and/or other
-#   materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
-# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-#
-# Author: Neil Soman neil at eucalyptus.com
-#         Mitch Garnaat mgarnaat at eucalyptus.com
+#!/usr/bin/python -tt
 
 import euca2ools.commands.euca.authorize
 
 if __name__ == '__main__':
-    cmd = euca2ools.commands.euca.authorize.Authorize()
-    cmd.main_cli()
-
+    euca2ools.commands.euca.authorize.Authorize().do_cli()
diff --git a/bin/euca-revoke b/bin/euca-revoke
index dcb4949..1a98057 100755
--- a/bin/euca-revoke
+++ b/bin/euca-revoke
@@ -1,42 +1,6 @@
-#!/usr/bin/python
-# -*- coding: utf-8 -*-
-
-# Software License Agreement (BSD License)
-#
-# Copyright (c) 2009-2011, Eucalyptus Systems, Inc.
-# All rights reserved.
-#
-# Redistribution and use of this software in source and binary forms, with or
-# without modification, are permitted provided that the following conditions
-# are met:
-#
-#   Redistributions of source code must retain the above
-#   copyright notice, this list of conditions and the
-#   following disclaimer.
-#
-#   Redistributions in binary form must reproduce the above
-#   copyright notice, this list of conditions and the
-#   following disclaimer in the documentation and/or other
-#   materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
-# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-#
-# Author: Neil Soman neil at eucalyptus.com
-#         Mitch Garnaat mgarnaat at eucalyptus.com
+#!/usr/bin/python -tt
 
 import euca2ools.commands.euca.revoke
 
 if __name__ == '__main__':
-    cmd = euca2ools.commands.euca.revoke.Revoke()
-    cmd.main_cli()
-
+    euca2ools.commands.euca.revoke.Revoke().do_cli()
diff --git a/euca2ools/commands/euca/authorize.py b/euca2ools/commands/euca/authorize.py
index 23fbad0..74d90bc 100644
--- a/euca2ools/commands/euca/authorize.py
+++ b/euca2ools/commands/euca/authorize.py
@@ -1,6 +1,6 @@
 # Software License Agreement (BSD License)
 #
-# Copyright (c) 20092011, Eucalyptus Systems, Inc.
+# Copyright (c) 2009-2012, Eucalyptus Systems, Inc.
 # All rights reserved.
 #
 # Redistribution and use of this software in source and binary forms, with or
@@ -27,97 +27,9 @@
 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 # POSSIBILITY OF SUCH DAMAGE.
-#
-# Author: Neil Soman neil at eucalyptus.com
-#         Mitch Garnaat mgarnaat at eucalyptus.com
-
-import euca2ools.commands.eucacommand
-from boto.roboto.param import Param
-
-class Authorize(euca2ools.commands.eucacommand.EucaCommand):
-
-    Description = 'Authorize a rule for a security group.'
-    Options = [Param(name='protocol', short_name='P', long_name='protocol',
-                     optional=True, ptype='string', default='tcp',
-                     choices=['tcp', 'udp', 'icmp', '6', '17', '1'],
-                     doc='The protocol.'),
-               Param(name='port_range', short_name='p', long_name='port-range',
-                     optional=True, ptype='string',
-                     doc='Range of ports for the rule (specified as "from-to").'),
-               Param(name='icmp_type_code',
-                     short_name='t', long_name='icmp-type-code',
-                     optional=True, ptype='string',
-                     doc='ICMP type and code specified as "type:code"'),
-               Param(name='source_group',
-                     short_name='o', long_name='source-group',
-                     optional=True, ptype='string',
-                     doc="""Group from which traffic is authorized
-                     by the rule."""),
-               Param(name='source_group_user',
-                     short_name='u', long_name='source-group-user',
-                     optional=True, ptype='string',
-                     doc='User ID for the source group.'),
-               Param(name='source_subnet',
-                     short_name='s', long_name='source-subnet',
-                     optional=True, ptype='string', default='0.0.0.0/0',
-                     doc="""The source subnet for the rule.
-                     Defaults to 0.0.0.0/0.""")]
-               
-    Args = [Param(name='group_name', ptype='string',
-                  doc='Name of the group to add the rule to.',
-                  cardinality=1, optional=False)]
 
-    def main(self):
-        self.from_port = None
-        self.to_port = None
-        if self.port_range:
-            ports = self.port_range.split('-')
-            try:
-                if len(ports) > 1:
-                    self.from_port = int(ports[0])
-                    self.to_port = int(ports[1])
-                else:
-                    self.from_port = self.to_port = int(ports[0])
-            except ValueError:
-                self.display_error_and_exit('port must be an integer.')
-        if self.icmp_type_code:
-            code_parts = self.icmp_type_code.split(':')
-            if len(code_parts) > 1:
-                try:
-                    self.from_port = int(code_parts[0])
-                    self.to_port = int(code_parts[1])
-                except ValueError:
-                    self.display_error_and_exit('port must be an integer.')
-        
-        conn = self.make_connection_cli()
-        return self.make_request_cli(conn,
-                                     'authorize_security_group_deprecated',
-                                     group_name=self.group_name,
-                                     src_security_group_name=self.source_group,
-                                     src_security_group_owner_id=self.source_group_user,
-                                     ip_protocol=self.protocol,
-                                     from_port=self.from_port,
-                                     to_port=self.to_port,
-                                     cidr_ip=self.source_subnet)
+from .modgroup import ModifySecurityGroupRequest
 
-    def main_cli(self):
-        status = self.main()
-        if status:
-            print 'GROUP\t%s' % self.group_name
-            permission_string = 'PERMISSION\t%s\tALLOWS' % self.group_name
-            if self.protocol:
-                permission_string += '\t%s' % self.protocol
-            if self.from_port:
-                permission_string += '\t%s' % self.from_port
-            if self.to_port:
-                permission_string += '\t%s' % self.to_port
-            if self.source_group_user:
-                permission_string += '\tUSER\t%s' \
-                    % self.source_group_user
-            if self.source_group:
-                permission_string += '\tGRPNAME\t%s' % self.source_group
-            if self.source_subnet:
-                permission_string += '\tFROM\tCIDR\t%s' % self.source_subnet
-            print permission_string
-        else:
-            self.error_exit()
+class Authorize(ModifySecurityGroupRequest):
+    Description = 'Authorize a rule for a security group'
+    Action = 'AuthorizeSecurityGroupIngress'
diff --git a/euca2ools/commands/euca/modgroup.py b/euca2ools/commands/euca/modgroup.py
new file mode 100644
index 0000000..b789148
--- /dev/null
+++ b/euca2ools/commands/euca/modgroup.py
@@ -0,0 +1,181 @@
+# Software License Agreement (BSD License)
+#
+# Copyright (c) 2012, Eucalyptus Systems, Inc.
+# All rights reserved.
+#
+# Redistribution and use of this software in source and binary forms, with or
+# without modification, are permitted provided that the following conditions
+# are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer in the documentation and/or other
+#   materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+from . import EucalyptusRequest
+from requestbuilder import Arg, MutuallyExclusiveArgList
+import sys
+
+class ModifySecurityGroupRequest(EucalyptusRequest):
+    '''
+    The basis for security group-editing commands
+    '''
+
+    Args = [Arg('GroupName', metavar='GROUP',
+                help='name of the security group to modify'),
+            Arg('-P', '--protocol', dest='IpPermissions.1.IpProtocol',
+                choices=['tcp', 'udp', 'icmp', '6', '17', '1'], default='tcp',
+                help='protocol to affect (default: tcp)'),
+            Arg('-p', '--port-range', dest='port_range', route_to=None,
+                help='''range of ports (specified as "from-to") or a single
+                        port'''),
+                # ^ required for tcp and udp
+            Arg('-t', '--icmp-type-code', dest='icmp_type_code',
+                metavar='TYPE:CODE', route_to=None,
+                help='ICMP type and code (specified as "type:code")'),
+                # ^ required for icmp
+            MutuallyExclusiveArgList(
+                Arg('-s', '--cidr', metavar='CIDR',
+                    dest='IpPermissions.1.IpRanges.1.CidrIp',
+                    help='''IP range (default: 0.0.0.0/0)'''),
+                    # ^ default is added by main()
+                Arg('-o', metavar='GROUP',
+                    dest='IpPermissions.1.Groups.1.GroupName',
+                    help='''name of a security group with which to authorize
+                            network communication''')),
+            Arg('-u', metavar='GROUP_USER',
+                dest='IpPermissions.1.Groups.1.UserId',
+                help='''ID of the account that owns the security group
+                        specified with -o''')]
+                # ^ required if -o is used
+
+    def __init__(self, **kwargs):
+        EucalyptusRequest.__init__(self, **kwargs)
+        self.icmp_opt = None
+        self.port_opt = None
+
+    def parse_ports(self):
+        from_port = None
+        to_port   = None
+        protocol = self.args.get('IpPermissions.1.IpProtocol')
+        if protocol in ['icmp', '1']:
+            if not self.args.get('icmp_type_code'):
+                self._cli_parser.error('argument -t/--icmp-type-code is '
+                                       'required for ICMP')
+            types = self.args['icmp_type_code'].split(':')
+            if len(types) == 2:
+                try:
+                    from_port = int(types[0])
+                    to_port   = int(types[1])
+                except ValueError:
+                    self._cli_parser.error('argument -t/--icmp-type-code: '
+                                           'value must have format "1:2"')
+            else:
+                self._cli_parser.error('argument -t/--icmp-type-code: value '
+                                       'must have format "1:2"')
+            if from_port < -1 or to_port < -1:
+                self._cli_parser.error('argument -t/--icmp-type-code: type, '
+                                       'code must be at least -1')
+
+        elif protocol in ['tcp', 'udp', '6', '17']:
+            if not self.args.get('port_range'):
+                self._cli_parser.error('argument -p/--port-range is required '
+                                       'for protocol ' + protocol)
+            if ':' in self.args['port_range']:
+                # Be extra helpful in the event of this common typo
+                self._cli_parser.error('argument -p/--port-range: multi-port '
+                        'range must be separated by "-", not ":"')
+            if self.args['port_range'].startswith('-'):
+                ports = self.args['port_range'][1:].split('-')
+                ports[0] = '-' + ports[0]
+            else:
+                ports = self.args['port_range'].split('-')
+            if len(ports) == 2:
+                try:
+                    from_port = int(ports[0])
+                    to_port   = int(ports[1])
+                except ValueError:
+                    self._cli_parser.error('argument -p/--port-range: '
+                            'multi-port value must be comprised of integers')
+            elif len(ports) == 1:
+                try:
+                    from_port = to_port = int(ports[0])
+                except ValueError:
+                    self._cli_parser.error('argument -p/--port-range: single '
+                                           'port value must be an integer')
+            else:
+                self._cli_parser.error('argument -p/--port-range: value must '
+                                       'have format "1" or "1-2"')
+            if from_port < -1 or to_port < -1:
+                self._cli_parser.error('argument -p/--port-range: port '
+                                       'number(s) must be at least -1')
+
+        self.params = {'IpPermissions.1.FromPort': from_port,
+                       'IpPermissions.1.ToPort':   to_port}
+
+    def main(self):
+        if self.icmp_opt:
+            self.args['icmp_type_code'] = self.icmp_opt
+        if self.port_opt:
+            self.args['port_range'] = self.port_opt
+        self.parse_ports()
+        if not self.args.get('IpPermissions.1.IpRanges.1.GroupName'):
+            self.args.setdefault('IpPermissions.1.IpRanges.1.CidrIp',
+                                 '0.0.0.0/0')
+        if (self.args.get('IpPermissions.1.Groups.1.GroupName') and
+            not self.args.get('IpPermissions.1.Groups.1.UserId')):
+            self._cli_parser.error('argument -u is required when -o is '
+                                   'specified')
+        return self.send()
+
+    def print_result(self, result):
+        print self.tabify(['GROUP', self.args.get('GroupName')])
+        perm_str = ['PERMISSION', self.args.get('GroupName'), 'ALLOWS',
+                    self.args.get('IpPermissions.1.IpProtocol'),
+                    self.args.get('IpPermissions.1.FromPort'),
+                    self.args.get('IpPermissions.1.ToPort')]
+        if self.args.get('IpPermissions.1.Groups.1.UserId'):
+            perm_str.append('USER')
+            perm_str.append(self.args.get('IpPermissions.1.Groups.1.UserId'))
+        if self.args.get('IpPermissions.1.Groups.1.GroupName'):
+            perm_str.append('GRPNAME')
+            perm_str.append(self.args.get(
+                    'IpPermissions.1.Groups.1.GroupName'))
+        if self.args.get('IpPermissions.1.IpRanges.1.CidrIp'):
+            perm_str.extend(['FROM', 'CIDR'])
+            perm_str.append(self.args.get('IpPermissions.1.IpRanges.1.CidrIp'))
+        print self.tabify(perm_str)
+
+    def do_cli(self):
+        # We need to parse out -t and -p *before* argparse can see it because
+        # of Python bug 9334, which prevents argparse from recognizing '-1:-1'
+        # as an option value and not a (nonexistent) option name.
+        def parse_neg_one_value(opt_name):
+            if opt_name in sys.argv:
+                index = sys.argv.index(opt_name)
+                if (index < len(sys.argv) - 1 and
+                    sys.argv[index + 1].startswith('-1')):
+                    opt_val = sys.argv[index + 1]
+                    del sys.argv[index:index + 2]
+                    return opt_val
+        self.icmp_opt = parse_neg_one_value('-t') or self.icmp_opt
+        self.icmp_opt = parse_neg_one_value('--icmp-type-code') or self.icmp_opt
+        self.port_opt = parse_neg_one_value('-p') or self.port_opt
+        self.port_opt = parse_neg_one_value('--port-range') or self.port_opt
+        EucalyptusRequest.do_cli(self)
diff --git a/euca2ools/commands/euca/revoke.py b/euca2ools/commands/euca/revoke.py
index 3b49204..e8981cd 100644
--- a/euca2ools/commands/euca/revoke.py
+++ b/euca2ools/commands/euca/revoke.py
@@ -1,6 +1,6 @@
 # Software License Agreement (BSD License)
 #
-# Copyright (c) 20092011, Eucalyptus Systems, Inc.
+# Copyright (c) 2009-2012, Eucalyptus Systems, Inc.
 # All rights reserved.
 #
 # Redistribution and use of this software in source and binary forms, with or
@@ -27,97 +27,9 @@
 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 # POSSIBILITY OF SUCH DAMAGE.
-#
-# Author: Neil Soman neil at eucalyptus.com
-#         Mitch Garnaat mgarnaat at eucalyptus.com
-
-import euca2ools.commands.eucacommand
-from boto.roboto.param import Param
-
-class Revoke(euca2ools.commands.eucacommand.EucaCommand):
-
-    Description = 'Revoke a rule for a security group.'
-    Options = [Param(name='protocol', short_name='P', long_name='protocol',
-                     optional=True, ptype='string', default='tcp',
-                     choices=['tcp', 'udp', 'icmp', '6', '17', '1'],
-                     doc='The protocol.'),
-               Param(name='port_range', short_name='p', long_name='port-range',
-                     optional=True, ptype='string',
-                     doc='Range of ports for the rule (specified as "from-to").'),
-               Param(name='icmp_type_code',
-                     short_name='t', long_name='icmp-type-code',
-                     optional=True, ptype='string',
-                     doc='ICMP type and code specified as "type:code"'),
-               Param(name='source_group',
-                     short_name='o', long_name='source-group',
-                     optional=True, ptype='string',
-                     doc="""Group from which traffic is authorized
-                     by the rule."""),
-               Param(name='source_group_user',
-                     short_name='u', long_name='source-group-user',
-                     optional=True, ptype='string',
-                     doc='User ID for the source group.'),
-               Param(name='source_subnet',
-                     short_name='s', long_name='source-subnet',
-                     optional=True, ptype='string', default='0.0.0.0/0',
-                     doc="""The source subnet for the rule.
-                     Defaults to 0.0.0.0/0.""")]
-    Args = [Param(name='group_name', ptype='string',
-                  doc='Name of the group to remove the rule from.',
-                  cardinality=1, optional=False)]
 
-    def main(self):
-        self.from_port = None
-        self.to_port = None
-        if self.port_range:
-            ports = self.port_range.split('-')
-            try:
-                if len(ports) > 1:
-                    self.from_port = int(ports[0])
-                    self.to_port = int(ports[1])
-                else:
-                    self.from_port = self.to_port = int(ports[0])
-            except ValueError:
-                self.display_error_and_exit('port must be an integer.')
-        if self.icmp_type_code:
-            code_parts = self.icmp_type_code.split(':')
-            if len(code_parts) > 1:
-                try:
-                    self.from_port = int(code_parts[0])
-                    self.to_port = int(code_parts[1])
-                except ValueError:
-                    self.display_error_and_exit('port must be an integer.')
-        
-        conn = self.make_connection_cli()
-        return self.make_request_cli(conn,
-                                     'revoke_security_group_deprecated',
-                                     group_name=self.group_name,
-                                     src_security_group_name=self.source_group,
-                                     src_security_group_owner_id=self.source_group_user,
-                                     ip_protocol=self.protocol,
-                                     from_port=self.from_port,
-                                     to_port=self.to_port,
-                                     cidr_ip=self.source_subnet)
+from .modgroup import ModifySecurityGroupRequest
 
-    def main_cli(self):
-        status = self.main()
-        if status:
-            print 'GROUP\t%s' % self.group_name
-            permission_string = 'PERMISSION\t%s\tALLOWS' % self.group_name
-            if self.protocol:
-                permission_string += '\t%s' % self.protocol
-            if self.from_port:
-                permission_string += '\t%s' % self.from_port
-            if self.to_port:
-                permission_string += '\t%s' % self.to_port
-            if self.source_group_user:
-                permission_string += '\tUSER\t%s' \
-                    % self.source_group_user
-            if self.source_group:
-                permission_string += '\tGRPNAME\t%s' % self.source_group
-            if self.source_subnet:
-                permission_string += '\tFROM\tCIDR\t%s' % self.source_subnet
-            print permission_string
-        else:
-            self.error_exit()
-            
+class Revoke(ModifySecurityGroupRequest):
+    Description = 'Revoke an existing rule from a security group'
+    Action = 'RevokeSecurityGroupIngress'

-- 
managing cloud instances for Eucalyptus



More information about the pkg-eucalyptus-commits mailing list