[pkg-eucalyptus-commits] [SCM] managing cloud instances for Eucalyptus branch, master, updated. 3.0.0-alpha3-257-g1da8e3a
Garrett Holmstrom
gholms at fedoraproject.org
Sun Jun 16 02:29:42 UTC 2013
The following commit has been merged in the master branch:
commit 6c590ce92ad9ec3c4363c3abb6acbba92c329551
Author: Garrett Holmstrom <gholms at fedoraproject.org>
Date: Sat Apr 14 18:46:47 2012 -0700
Rewrite Authorize and Revoke
diff --git a/bin/euca-authorize b/bin/euca-authorize
index bd2f91c..f016b12 100755
--- a/bin/euca-authorize
+++ b/bin/euca-authorize
@@ -1,42 +1,6 @@
-#!/usr/bin/python
-# -*- coding: utf-8 -*-
-
-# Software License Agreement (BSD License)
-#
-# Copyright (c) 2009-2011, Eucalyptus Systems, Inc.
-# All rights reserved.
-#
-# Redistribution and use of this software in source and binary forms, with or
-# without modification, are permitted provided that the following conditions
-# are met:
-#
-# Redistributions of source code must retain the above
-# copyright notice, this list of conditions and the
-# following disclaimer.
-#
-# Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the
-# following disclaimer in the documentation and/or other
-# materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
-# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-#
-# Author: Neil Soman neil at eucalyptus.com
-# Mitch Garnaat mgarnaat at eucalyptus.com
+#!/usr/bin/python -tt
import euca2ools.commands.euca.authorize
if __name__ == '__main__':
- cmd = euca2ools.commands.euca.authorize.Authorize()
- cmd.main_cli()
-
+ euca2ools.commands.euca.authorize.Authorize().do_cli()
diff --git a/bin/euca-revoke b/bin/euca-revoke
index dcb4949..1a98057 100755
--- a/bin/euca-revoke
+++ b/bin/euca-revoke
@@ -1,42 +1,6 @@
-#!/usr/bin/python
-# -*- coding: utf-8 -*-
-
-# Software License Agreement (BSD License)
-#
-# Copyright (c) 2009-2011, Eucalyptus Systems, Inc.
-# All rights reserved.
-#
-# Redistribution and use of this software in source and binary forms, with or
-# without modification, are permitted provided that the following conditions
-# are met:
-#
-# Redistributions of source code must retain the above
-# copyright notice, this list of conditions and the
-# following disclaimer.
-#
-# Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the
-# following disclaimer in the documentation and/or other
-# materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
-# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-#
-# Author: Neil Soman neil at eucalyptus.com
-# Mitch Garnaat mgarnaat at eucalyptus.com
+#!/usr/bin/python -tt
import euca2ools.commands.euca.revoke
if __name__ == '__main__':
- cmd = euca2ools.commands.euca.revoke.Revoke()
- cmd.main_cli()
-
+ euca2ools.commands.euca.revoke.Revoke().do_cli()
diff --git a/euca2ools/commands/euca/authorize.py b/euca2ools/commands/euca/authorize.py
index 23fbad0..74d90bc 100644
--- a/euca2ools/commands/euca/authorize.py
+++ b/euca2ools/commands/euca/authorize.py
@@ -1,6 +1,6 @@
# Software License Agreement (BSD License)
#
-# Copyright (c) 20092011, Eucalyptus Systems, Inc.
+# Copyright (c) 2009-2012, Eucalyptus Systems, Inc.
# All rights reserved.
#
# Redistribution and use of this software in source and binary forms, with or
@@ -27,97 +27,9 @@
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
-#
-# Author: Neil Soman neil at eucalyptus.com
-# Mitch Garnaat mgarnaat at eucalyptus.com
-
-import euca2ools.commands.eucacommand
-from boto.roboto.param import Param
-
-class Authorize(euca2ools.commands.eucacommand.EucaCommand):
-
- Description = 'Authorize a rule for a security group.'
- Options = [Param(name='protocol', short_name='P', long_name='protocol',
- optional=True, ptype='string', default='tcp',
- choices=['tcp', 'udp', 'icmp', '6', '17', '1'],
- doc='The protocol.'),
- Param(name='port_range', short_name='p', long_name='port-range',
- optional=True, ptype='string',
- doc='Range of ports for the rule (specified as "from-to").'),
- Param(name='icmp_type_code',
- short_name='t', long_name='icmp-type-code',
- optional=True, ptype='string',
- doc='ICMP type and code specified as "type:code"'),
- Param(name='source_group',
- short_name='o', long_name='source-group',
- optional=True, ptype='string',
- doc="""Group from which traffic is authorized
- by the rule."""),
- Param(name='source_group_user',
- short_name='u', long_name='source-group-user',
- optional=True, ptype='string',
- doc='User ID for the source group.'),
- Param(name='source_subnet',
- short_name='s', long_name='source-subnet',
- optional=True, ptype='string', default='0.0.0.0/0',
- doc="""The source subnet for the rule.
- Defaults to 0.0.0.0/0.""")]
-
- Args = [Param(name='group_name', ptype='string',
- doc='Name of the group to add the rule to.',
- cardinality=1, optional=False)]
- def main(self):
- self.from_port = None
- self.to_port = None
- if self.port_range:
- ports = self.port_range.split('-')
- try:
- if len(ports) > 1:
- self.from_port = int(ports[0])
- self.to_port = int(ports[1])
- else:
- self.from_port = self.to_port = int(ports[0])
- except ValueError:
- self.display_error_and_exit('port must be an integer.')
- if self.icmp_type_code:
- code_parts = self.icmp_type_code.split(':')
- if len(code_parts) > 1:
- try:
- self.from_port = int(code_parts[0])
- self.to_port = int(code_parts[1])
- except ValueError:
- self.display_error_and_exit('port must be an integer.')
-
- conn = self.make_connection_cli()
- return self.make_request_cli(conn,
- 'authorize_security_group_deprecated',
- group_name=self.group_name,
- src_security_group_name=self.source_group,
- src_security_group_owner_id=self.source_group_user,
- ip_protocol=self.protocol,
- from_port=self.from_port,
- to_port=self.to_port,
- cidr_ip=self.source_subnet)
+from .modgroup import ModifySecurityGroupRequest
- def main_cli(self):
- status = self.main()
- if status:
- print 'GROUP\t%s' % self.group_name
- permission_string = 'PERMISSION\t%s\tALLOWS' % self.group_name
- if self.protocol:
- permission_string += '\t%s' % self.protocol
- if self.from_port:
- permission_string += '\t%s' % self.from_port
- if self.to_port:
- permission_string += '\t%s' % self.to_port
- if self.source_group_user:
- permission_string += '\tUSER\t%s' \
- % self.source_group_user
- if self.source_group:
- permission_string += '\tGRPNAME\t%s' % self.source_group
- if self.source_subnet:
- permission_string += '\tFROM\tCIDR\t%s' % self.source_subnet
- print permission_string
- else:
- self.error_exit()
+class Authorize(ModifySecurityGroupRequest):
+ Description = 'Authorize a rule for a security group'
+ Action = 'AuthorizeSecurityGroupIngress'
diff --git a/euca2ools/commands/euca/modgroup.py b/euca2ools/commands/euca/modgroup.py
new file mode 100644
index 0000000..b789148
--- /dev/null
+++ b/euca2ools/commands/euca/modgroup.py
@@ -0,0 +1,181 @@
+# Software License Agreement (BSD License)
+#
+# Copyright (c) 2012, Eucalyptus Systems, Inc.
+# All rights reserved.
+#
+# Redistribution and use of this software in source and binary forms, with or
+# without modification, are permitted provided that the following conditions
+# are met:
+#
+# Redistributions of source code must retain the above
+# copyright notice, this list of conditions and the
+# following disclaimer.
+#
+# Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the
+# following disclaimer in the documentation and/or other
+# materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+from . import EucalyptusRequest
+from requestbuilder import Arg, MutuallyExclusiveArgList
+import sys
+
+class ModifySecurityGroupRequest(EucalyptusRequest):
+ '''
+ The basis for security group-editing commands
+ '''
+
+ Args = [Arg('GroupName', metavar='GROUP',
+ help='name of the security group to modify'),
+ Arg('-P', '--protocol', dest='IpPermissions.1.IpProtocol',
+ choices=['tcp', 'udp', 'icmp', '6', '17', '1'], default='tcp',
+ help='protocol to affect (default: tcp)'),
+ Arg('-p', '--port-range', dest='port_range', route_to=None,
+ help='''range of ports (specified as "from-to") or a single
+ port'''),
+ # ^ required for tcp and udp
+ Arg('-t', '--icmp-type-code', dest='icmp_type_code',
+ metavar='TYPE:CODE', route_to=None,
+ help='ICMP type and code (specified as "type:code")'),
+ # ^ required for icmp
+ MutuallyExclusiveArgList(
+ Arg('-s', '--cidr', metavar='CIDR',
+ dest='IpPermissions.1.IpRanges.1.CidrIp',
+ help='''IP range (default: 0.0.0.0/0)'''),
+ # ^ default is added by main()
+ Arg('-o', metavar='GROUP',
+ dest='IpPermissions.1.Groups.1.GroupName',
+ help='''name of a security group with which to authorize
+ network communication''')),
+ Arg('-u', metavar='GROUP_USER',
+ dest='IpPermissions.1.Groups.1.UserId',
+ help='''ID of the account that owns the security group
+ specified with -o''')]
+ # ^ required if -o is used
+
+ def __init__(self, **kwargs):
+ EucalyptusRequest.__init__(self, **kwargs)
+ self.icmp_opt = None
+ self.port_opt = None
+
+ def parse_ports(self):
+ from_port = None
+ to_port = None
+ protocol = self.args.get('IpPermissions.1.IpProtocol')
+ if protocol in ['icmp', '1']:
+ if not self.args.get('icmp_type_code'):
+ self._cli_parser.error('argument -t/--icmp-type-code is '
+ 'required for ICMP')
+ types = self.args['icmp_type_code'].split(':')
+ if len(types) == 2:
+ try:
+ from_port = int(types[0])
+ to_port = int(types[1])
+ except ValueError:
+ self._cli_parser.error('argument -t/--icmp-type-code: '
+ 'value must have format "1:2"')
+ else:
+ self._cli_parser.error('argument -t/--icmp-type-code: value '
+ 'must have format "1:2"')
+ if from_port < -1 or to_port < -1:
+ self._cli_parser.error('argument -t/--icmp-type-code: type, '
+ 'code must be at least -1')
+
+ elif protocol in ['tcp', 'udp', '6', '17']:
+ if not self.args.get('port_range'):
+ self._cli_parser.error('argument -p/--port-range is required '
+ 'for protocol ' + protocol)
+ if ':' in self.args['port_range']:
+ # Be extra helpful in the event of this common typo
+ self._cli_parser.error('argument -p/--port-range: multi-port '
+ 'range must be separated by "-", not ":"')
+ if self.args['port_range'].startswith('-'):
+ ports = self.args['port_range'][1:].split('-')
+ ports[0] = '-' + ports[0]
+ else:
+ ports = self.args['port_range'].split('-')
+ if len(ports) == 2:
+ try:
+ from_port = int(ports[0])
+ to_port = int(ports[1])
+ except ValueError:
+ self._cli_parser.error('argument -p/--port-range: '
+ 'multi-port value must be comprised of integers')
+ elif len(ports) == 1:
+ try:
+ from_port = to_port = int(ports[0])
+ except ValueError:
+ self._cli_parser.error('argument -p/--port-range: single '
+ 'port value must be an integer')
+ else:
+ self._cli_parser.error('argument -p/--port-range: value must '
+ 'have format "1" or "1-2"')
+ if from_port < -1 or to_port < -1:
+ self._cli_parser.error('argument -p/--port-range: port '
+ 'number(s) must be at least -1')
+
+ self.params = {'IpPermissions.1.FromPort': from_port,
+ 'IpPermissions.1.ToPort': to_port}
+
+ def main(self):
+ if self.icmp_opt:
+ self.args['icmp_type_code'] = self.icmp_opt
+ if self.port_opt:
+ self.args['port_range'] = self.port_opt
+ self.parse_ports()
+ if not self.args.get('IpPermissions.1.IpRanges.1.GroupName'):
+ self.args.setdefault('IpPermissions.1.IpRanges.1.CidrIp',
+ '0.0.0.0/0')
+ if (self.args.get('IpPermissions.1.Groups.1.GroupName') and
+ not self.args.get('IpPermissions.1.Groups.1.UserId')):
+ self._cli_parser.error('argument -u is required when -o is '
+ 'specified')
+ return self.send()
+
+ def print_result(self, result):
+ print self.tabify(['GROUP', self.args.get('GroupName')])
+ perm_str = ['PERMISSION', self.args.get('GroupName'), 'ALLOWS',
+ self.args.get('IpPermissions.1.IpProtocol'),
+ self.args.get('IpPermissions.1.FromPort'),
+ self.args.get('IpPermissions.1.ToPort')]
+ if self.args.get('IpPermissions.1.Groups.1.UserId'):
+ perm_str.append('USER')
+ perm_str.append(self.args.get('IpPermissions.1.Groups.1.UserId'))
+ if self.args.get('IpPermissions.1.Groups.1.GroupName'):
+ perm_str.append('GRPNAME')
+ perm_str.append(self.args.get(
+ 'IpPermissions.1.Groups.1.GroupName'))
+ if self.args.get('IpPermissions.1.IpRanges.1.CidrIp'):
+ perm_str.extend(['FROM', 'CIDR'])
+ perm_str.append(self.args.get('IpPermissions.1.IpRanges.1.CidrIp'))
+ print self.tabify(perm_str)
+
+ def do_cli(self):
+ # We need to parse out -t and -p *before* argparse can see it because
+ # of Python bug 9334, which prevents argparse from recognizing '-1:-1'
+ # as an option value and not a (nonexistent) option name.
+ def parse_neg_one_value(opt_name):
+ if opt_name in sys.argv:
+ index = sys.argv.index(opt_name)
+ if (index < len(sys.argv) - 1 and
+ sys.argv[index + 1].startswith('-1')):
+ opt_val = sys.argv[index + 1]
+ del sys.argv[index:index + 2]
+ return opt_val
+ self.icmp_opt = parse_neg_one_value('-t') or self.icmp_opt
+ self.icmp_opt = parse_neg_one_value('--icmp-type-code') or self.icmp_opt
+ self.port_opt = parse_neg_one_value('-p') or self.port_opt
+ self.port_opt = parse_neg_one_value('--port-range') or self.port_opt
+ EucalyptusRequest.do_cli(self)
diff --git a/euca2ools/commands/euca/revoke.py b/euca2ools/commands/euca/revoke.py
index 3b49204..e8981cd 100644
--- a/euca2ools/commands/euca/revoke.py
+++ b/euca2ools/commands/euca/revoke.py
@@ -1,6 +1,6 @@
# Software License Agreement (BSD License)
#
-# Copyright (c) 20092011, Eucalyptus Systems, Inc.
+# Copyright (c) 2009-2012, Eucalyptus Systems, Inc.
# All rights reserved.
#
# Redistribution and use of this software in source and binary forms, with or
@@ -27,97 +27,9 @@
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
-#
-# Author: Neil Soman neil at eucalyptus.com
-# Mitch Garnaat mgarnaat at eucalyptus.com
-
-import euca2ools.commands.eucacommand
-from boto.roboto.param import Param
-
-class Revoke(euca2ools.commands.eucacommand.EucaCommand):
-
- Description = 'Revoke a rule for a security group.'
- Options = [Param(name='protocol', short_name='P', long_name='protocol',
- optional=True, ptype='string', default='tcp',
- choices=['tcp', 'udp', 'icmp', '6', '17', '1'],
- doc='The protocol.'),
- Param(name='port_range', short_name='p', long_name='port-range',
- optional=True, ptype='string',
- doc='Range of ports for the rule (specified as "from-to").'),
- Param(name='icmp_type_code',
- short_name='t', long_name='icmp-type-code',
- optional=True, ptype='string',
- doc='ICMP type and code specified as "type:code"'),
- Param(name='source_group',
- short_name='o', long_name='source-group',
- optional=True, ptype='string',
- doc="""Group from which traffic is authorized
- by the rule."""),
- Param(name='source_group_user',
- short_name='u', long_name='source-group-user',
- optional=True, ptype='string',
- doc='User ID for the source group.'),
- Param(name='source_subnet',
- short_name='s', long_name='source-subnet',
- optional=True, ptype='string', default='0.0.0.0/0',
- doc="""The source subnet for the rule.
- Defaults to 0.0.0.0/0.""")]
- Args = [Param(name='group_name', ptype='string',
- doc='Name of the group to remove the rule from.',
- cardinality=1, optional=False)]
- def main(self):
- self.from_port = None
- self.to_port = None
- if self.port_range:
- ports = self.port_range.split('-')
- try:
- if len(ports) > 1:
- self.from_port = int(ports[0])
- self.to_port = int(ports[1])
- else:
- self.from_port = self.to_port = int(ports[0])
- except ValueError:
- self.display_error_and_exit('port must be an integer.')
- if self.icmp_type_code:
- code_parts = self.icmp_type_code.split(':')
- if len(code_parts) > 1:
- try:
- self.from_port = int(code_parts[0])
- self.to_port = int(code_parts[1])
- except ValueError:
- self.display_error_and_exit('port must be an integer.')
-
- conn = self.make_connection_cli()
- return self.make_request_cli(conn,
- 'revoke_security_group_deprecated',
- group_name=self.group_name,
- src_security_group_name=self.source_group,
- src_security_group_owner_id=self.source_group_user,
- ip_protocol=self.protocol,
- from_port=self.from_port,
- to_port=self.to_port,
- cidr_ip=self.source_subnet)
+from .modgroup import ModifySecurityGroupRequest
- def main_cli(self):
- status = self.main()
- if status:
- print 'GROUP\t%s' % self.group_name
- permission_string = 'PERMISSION\t%s\tALLOWS' % self.group_name
- if self.protocol:
- permission_string += '\t%s' % self.protocol
- if self.from_port:
- permission_string += '\t%s' % self.from_port
- if self.to_port:
- permission_string += '\t%s' % self.to_port
- if self.source_group_user:
- permission_string += '\tUSER\t%s' \
- % self.source_group_user
- if self.source_group:
- permission_string += '\tGRPNAME\t%s' % self.source_group
- if self.source_subnet:
- permission_string += '\tFROM\tCIDR\t%s' % self.source_subnet
- print permission_string
- else:
- self.error_exit()
-
+class Revoke(ModifySecurityGroupRequest):
+ Description = 'Revoke an existing rule from a security group'
+ Action = 'RevokeSecurityGroupIngress'
--
managing cloud instances for Eucalyptus
More information about the pkg-eucalyptus-commits
mailing list