def parse_rule(rule):
"""
Given a RULE specifier of the form (TARGET, SOURCES, SPEC), return a
dictionary representing that rule, with SPEC expanded according to the
rules detailed in parse_spec().
"""
target, sources, spec = rule
sources = parse_sources(sources)
protocol, spec = parse_spec(spec)
return rule_dict(sources, target, protocol, spec)
def expand_spec(rule):
"""
Given a RULE (as a dict) that specifies a list of ports/types, return a
list of rules, one for each port/type.
"""
if type(rule['port/type']) in [int, tuple]:
return [rule]
return [rule_dict(rule['source'],
rule['target'],
rule['protocol'],
port) for port in rule['port/type']]
def expand_rule(group, rule):
"""
Given a group and a rule, return a list of expanded rules, with a rule for
each distinct source or port in a list of ports.
"""
if rule.from_port == rule.to_port:
ports_or_types = int(rule.from_port)
else:
ports_or_types = (int(rule.from_port), int(rule.to_port))
return expand_sources(rule_dict(parse_grants(rule.grants),
group.name,
rule.ip_protocol,
ports_or_types))