def load_local_groups(self, config):
"""
Load local groups from config file
Save and return SecurityGroups object
:param config:
:rtype : object
"""
lg.debug("Loading local configuragion")
self.config = config
yaml.add_constructor('!include', self._yaml_include)
try:
with open(config, 'r') as fp:
conf = yaml.load(fp)
except IOError as e:
# Error while loading file
raise InvalidConfiguration("Can't read config file %s: %s" %
(config, e))
except yaml.YAMLError as e:
# Error while parsing YAML
if hasattr(e, 'problem_mark'):
mark = e.problem_mark
raise InvalidConfiguration(
"Can't parse config file %s: error at line %s, column %s" %
(config, mark.line + 1, mark.column + 1))
else:
raise InvalidConfiguration("Can't parse config file %s: %s" %
(config, e))
# Remove include keys
conf = self._fix_include(conf)
lg.debug("Loading local groups")
for name, group in conf.iteritems():
# Initialize SGroup object
sgroup = SGroup(
name, None
if not group.has_key('description') else group['description'])
if group.has_key('rules'):
for rule in group['rules']:
if rule.has_key('groups'):
# For each group, create separate rule
# multiple groups are used only to simplify configuration
for group in rule['groups']:
rule['groups'] = [group]
srule = SRule(owner_id=self.owner_id, **rule)
sgroup.add_rule(srule)
else:
# No groups, initialize SRule object
srule = SRule(**rule)
# Add it into group
sgroup.add_rule(srule)
self.groups[name] = sgroup
return self.groups
def load_remote_groups(self):
"""
Load security groups from EC2
Convert boto.ec2.securitygroup objects into unified structure
:rtype : list
"""
lg.debug("Loading remote groups")
groups = ec2.get_all_security_groups()
for group in groups:
# Initialize SGroup object
sgroup = SGroup(str(group.name),
str(group.description),
sgroup_object=group)
# For each rule in group
for rule in group.rules:
rule_info = {
'protocol': str(rule.ip_protocol),
'srule_object': rule,
}
if rule.from_port != rule.to_port:
# We have port range, use port_from and port_to parameters
rule_info['port_from'] = int(rule.from_port)
rule_info['port_to'] = int(rule.to_port)
else:
# We have single port, use port parameter
rule_info['port'] = int(rule.to_port)
if rule.grants:
for grant in rule.grants:
# For each granted permission, add new SRule
try:
srule = SRule(
groups={
'name':
str(grant.groupName),
'owner':
str(grant.owner_id),
# OpenStack doesn't support group IDs, use None if this attr isn't present
'id':
None
if getattr(grant, 'groupId', None) is None
else str(getattr(grant, 'groupId'))
},
**rule_info)
except AttributeError:
srule = SRule(cidr=[str(grant.cidr_ip)],
**rule_info)
sgroup.add_rule(srule)
self.groups[sgroup.name] = sgroup
return self.groups
def load_local_groups(self, config):
"""
Load local groups from config file
Save and return SecurityGroups object
:param config:
:rtype : object
"""
self.config = config
yaml.add_constructor('!include', self._yaml_include)
try:
with open(config, 'r') as fp:
conf = yaml.load(fp)
except IOError as e:
# Error while loading file
raise InvalidConfiguration("Can't read config file %s: %s" % (config, e))
except yaml.YAMLError as e:
# Error while parsing YAML
if hasattr(e, 'problem_mark'):
mark = e.problem_mark
raise InvalidConfiguration("Can't parse config file %s: error at line %s, column %s" % (config, mark.line+1, mark.column+1))
else:
raise InvalidConfiguration("Can't parse config file %s: %s" % (config, e))
lg.debug("Loading local groups")
for name, group in conf.iteritems():
# Initialize SGroup object
sgroup = SGroup(name, None if not group.has_key('description') else group['description'])
if group.has_key('rules'):
for rule in group['rules']:
if rule.has_key('groups'):
# For each group, create separate rule
# multiple groups are used only to simplify configuration
for group in rule['groups']:
rule['groups'] = [ group ]
srule = SRule(**rule)
sgroup.add_rule(srule)
else:
# No groups, initialize SRule object
srule = SRule(**rule)
# Add it into group
sgroup.add_rule(srule)
self.groups[name] = sgroup
return self.groups
def load_remote_groups(self):
"""
Load security groups from EC2
Convert boto.ec2.securitygroup objects into unified structure
:rtype : list
"""
lg.debug("Loading remote groups")
groups = ec2.get_all_security_groups()
for group in groups:
# Initialize SGroup object
sgroup = SGroup(str(group.name), str(group.description), sgroup_object=group)
# For each rule in group
for rule in group.rules:
rule_info = {
'protocol' : str(rule.ip_protocol),
'srule_object' : rule,
}
if rule.from_port != rule.to_port:
# We have port range, use port_from and port_to parameters
rule_info['port_from'] = int(rule.from_port)
rule_info['port_to'] = int(rule.to_port)
else:
# We have single port, use port parameter
rule_info['port'] = int(rule.to_port)
if rule.grants:
for grant in rule.grants:
# For each granted permission, add new SRule
try:
srule = SRule(groups={
'name' : str(grant.groupName),
'owner' : str(grant.owner_id),
# OpenStack doesn't support group IDs, use None if this attr isn't present
'id' : None if getattr(grant, 'groupId', None) is None else str(getattr(grant, 'groupId'))
}, **rule_info)
except AttributeError:
srule = SRule(cidr=[ str(grant.cidr_ip) ], **rule_info)
sgroup.add_rule(srule)
self.groups[sgroup.name] = sgroup
return self.groups
