Esempi in Python per SRule, esempi in Python per sgmanager.securitygroups.srule.SRule

Esempio n. 1

0

Mostra file

File: __init__.py Progetto: scenek/sgmanager

    def _load_rule(self, sgroup, rule):
        if not rule.has_key('groups') and not rule.has_key('cidr'):
            # No groups or cidr, initialize SRule object
            srule = SRule(**rule)
            # Add it into group
            sgroup.add_rule(srule)
        else:
            # We need to create more separate rules from this single
            # definition
            if rule.has_key('groups'):
                # For each group, create separate rule
                # multiple groups are used only to simplify configuration
                for rule_group in rule['groups']:
                    rule_new = rule.copy()
                    rule_new['groups'] = [rule_group]
                    # Ignore cidr here, these defines another rules
                    if rule_new.has_key('cidr'):
                        rule_new.pop('cidr')

                    srule = SRule(owner_id=self.owner_id, **rule_new)
                    sgroup.add_rule(srule)

            if rule.has_key('cidr'):
                # For each cidr, create separate rule
                # multiple cidrs are used only to simplify configuration
                for rule_cidr in rule['cidr']:
                    rule_new = rule.copy()
                    rule_new['cidr'] = [rule_cidr]
                    # Ignore groups here, these were managed above
                    if rule_new.has_key('groups'):
                        rule_new.pop('groups')

                    srule = SRule(**rule_new)
                    sgroup.add_rule(srule)

Esempio n. 2

0

Mostra file

    def load_local_groups(self, config):
        """
        Load local groups from config file
        Save and return SecurityGroups object

        :param config:
        :rtype : object
        """
        lg.debug("Loading local configuragion")
        self.config = config
        yaml.add_constructor('!include', self._yaml_include)

        try:
            with open(config, 'r') as fp:
                conf = yaml.load(fp)
        except IOError as e:
            # Error while loading file
            raise InvalidConfiguration("Can't read config file %s: %s" %
                                       (config, e))
        except yaml.YAMLError as e:
            # Error while parsing YAML
            if hasattr(e, 'problem_mark'):
                mark = e.problem_mark
                raise InvalidConfiguration(
                    "Can't parse config file %s: error at line %s, column %s" %
                    (config, mark.line + 1, mark.column + 1))
            else:
                raise InvalidConfiguration("Can't parse config file %s: %s" %
                                           (config, e))

        # Remove include keys
        conf = self._fix_include(conf)

        lg.debug("Loading local groups")
        for name, group in conf.iteritems():
            # Initialize SGroup object
            sgroup = SGroup(
                name, None
                if not group.has_key('description') else group['description'])

            if group.has_key('rules'):
                for rule in group['rules']:
                    if rule.has_key('groups'):
                        # For each group, create separate rule
                        # multiple groups are used only to simplify configuration
                        for group in rule['groups']:
                            rule['groups'] = [group]

                            srule = SRule(owner_id=self.owner_id, **rule)
                            sgroup.add_rule(srule)
                    else:
                        # No groups, initialize SRule object
                        srule = SRule(**rule)
                        # Add it into group
                        sgroup.add_rule(srule)

            self.groups[name] = sgroup

        return self.groups

Esempio n. 3

0

Mostra file

    def load_remote_groups(self):
        """
        Load security groups from EC2
        Convert boto.ec2.securitygroup objects into unified structure
        :rtype : list
        """
        lg.debug("Loading remote groups")
        groups = ec2.get_all_security_groups()
        for group in groups:
            # Initialize SGroup object
            sgroup = SGroup(str(group.name),
                            str(group.description),
                            sgroup_object=group)

            # For each rule in group
            for rule in group.rules:
                rule_info = {
                    'protocol': str(rule.ip_protocol),
                    'srule_object': rule,
                }

                if rule.from_port != rule.to_port:
                    # We have port range, use port_from and port_to parameters
                    rule_info['port_from'] = int(rule.from_port)
                    rule_info['port_to'] = int(rule.to_port)
                else:
                    # We have single port, use port parameter
                    rule_info['port'] = int(rule.to_port)

                if rule.grants:
                    for grant in rule.grants:
                        # For each granted permission, add new SRule
                        try:
                            srule = SRule(
                                groups={
                                    'name':
                                    str(grant.groupName),
                                    'owner':
                                    str(grant.owner_id),
                                    # OpenStack doesn't support group IDs, use None if this attr isn't present
                                    'id':
                                    None
                                    if getattr(grant, 'groupId', None) is None
                                    else str(getattr(grant, 'groupId'))
                                },
                                **rule_info)
                        except AttributeError:
                            srule = SRule(cidr=[str(grant.cidr_ip)],
                                          **rule_info)

                        sgroup.add_rule(srule)

            self.groups[sgroup.name] = sgroup

        return self.groups

Esempio n. 4

0

Mostra file

File: __init__.py Progetto: vonsch/sgmanager

 def _expand_to_and_load(sgroup, r):
     if 'to' in r:
         # expand also "to:" section
         for proto_port in r['to']:
             new_r = r.copy()
             new_r.pop('to')
             new_r.update(proto_port)
             srule = SRule(owner_id=self.owner_id, **new_r)
             sgroup.add_rule(srule)
     else:
         srule = SRule(owner_id=self.owner_id, **r)
         sgroup.add_rule(srule)

Esempio n. 5

0

Mostra file

File: __init__.py Progetto: vonsch/sgmanager

    def _load_remote_rule(self, rule, sgroup, egress=False):
        """
        Create SRule objects from single remote rule and add them to sgroup
        """
        rule_info = {
            'protocol': str(rule.ip_protocol),
            'srule_object': rule,
        }

        if egress:
            rule_info['egress'] = egress

        if sgroup.vpc_id and not rule.to_port:
            # We are VPC rule without port (probably icmp), it's fine..
            pass
        else:
            # Non-VPC rule requires port
            if rule.from_port != rule.to_port:
                # We have port range, use port_from and port_to parameters
                rule_info['port_from'] = int(rule.from_port)
                rule_info['port_to'] = int(rule.to_port)
            else:
                # We have single port, use port parameter
                rule_info['port'] = int(rule.to_port)

        if rule.grants:
            for grant in rule.grants:
                # For each granted permission, add new SRule
                try:
                    srule = SRule(
                        owner_id=self.owner_id,
                        groups={
                            'name':
                            str(grant.groupName),
                            'owner':
                            str(grant.owner_id),
                            # OpenStack doesn't support group IDs, use None if this attr isn't present
                            'id':
                            None if getattr(grant, 'groupId', None) is None
                            else str(getattr(grant, 'groupId'))
                        },
                        **rule_info)
                except AttributeError:
                    srule = SRule(cidr=[str(grant.cidr_ip)], **rule_info)

                sgroup.add_rule(srule)