Merge branch 'master' of https://github.com/gvlproject/cloudbridge

CloudVE · Oct 12, 2015 · 74206f8 · 74206f8
2 parents 9726a4c + 8a80ae3
commit 74206f8
Show file tree

Hide file tree

Showing 3 changed files with 88 additions and 4 deletions.
diff --git a/cloudbridge/providers/aws/resources.py b/cloudbridge/providers/aws/resources.py
@@ -461,6 +461,41 @@ class AWSSecurityGroup(BaseSecurityGroup):
     def __init__(self, provider, security_group):
         super(AWSSecurityGroup, self).__init__(provider, security_group)
 
+    def add_rule(self, ip_protocol=None, from_port=None, to_port=None,
+                 cidr_ip=None, src_group=None):
+        """
+        Create a security group rule.
+
+        You need to pass in either ``src_group`` OR ``ip_protocol``,
+        ``from_port``, ``to_port``, and ``cidr_ip``.  In other words, either
+        you are authorizing another group or you are authorizing some
+        ip-based rule.
+
+        :type ip_protocol: str
+        :param ip_protocol: Either ``tcp`` | ``udp`` | ``icmp``
+
+        :type from_port: int
+        :param from_port: The beginning port number you are enabling
+
+        :type to_port: int
+        :param to_port: The ending port number you are enabling
+
+        :type cidr_ip: str or list of strings
+        :param cidr_ip: The CIDR block you are providing access to.
+
+        :type src_group: ``object`` of :class:`.SecurityGroup`
+        :param src_group: The Security Group you are granting access to.
+
+        :rtype: bool
+        :return: True if successful.
+        """
+        return self._security_group.authorize(
+            ip_protocol=ip_protocol,
+            from_port=from_port,
+            to_port=to_port,
+            cidr_ip=cidr_ip,
+            src_group=src_group._security_group)
+
 
 class AWSContainerObject(ContainerObject):
 

diff --git a/cloudbridge/providers/interfaces/resources.py b/cloudbridge/providers/interfaces/resources.py
@@ -671,9 +671,14 @@ def delete(self):
             'delete not implemented by this provider')
 
     def add_rule(self, ip_protocol=None, from_port=None, to_port=None,
-                 cidr_ip=None, group_id=None):
+                 cidr_ip=None, src_group=None):
         """
-        Create a security group rule
+        Create a security group rule.
+
+        You need to pass in either ``src_group`` OR ``ip_protocol``,
+        ``from_port``, ``to_port``, and ``cidr_ip``.  In other words, either
+        you are authorizing another group or you are authorizing some
+        ip-based rule.
 
         :type ip_protocol: str
         :param ip_protocol: Either ``tcp`` | ``udp`` | ``icmp``
@@ -687,8 +692,8 @@ def add_rule(self, ip_protocol=None, from_port=None, to_port=None,
         :type cidr_ip: str or list of strings
         :param cidr_ip: The CIDR block you are providing access to.
 
-        :type group_id: ``object`` of :class:`.SecurityGroup`
-        :param group_id: The Security Group you are granting access to.
+        :type src_group: ``object`` of :class:`.SecurityGroup`
+        :param src_group: The Security Group you are granting access to.
 
         :rtype: bool
         :return: True if successful.

diff --git a/cloudbridge/providers/openstack/resources.py b/cloudbridge/providers/openstack/resources.py
@@ -505,6 +505,50 @@ class OpenStackSecurityGroup(BaseSecurityGroup):
     def __init__(self, provider, security_group):
         super(OpenStackSecurityGroup, self).__init__(provider, security_group)
 
+    def add_rule(self, ip_protocol=None, from_port=None, to_port=None,
+                 cidr_ip=None, src_group=None):
+        """
+        Create a security group rule.
+
+        You need to pass in either ``src_group`` OR ``ip_protocol``,
+        ``from_port``, ``to_port``, and ``cidr_ip``.  In other words, either
+        you are authorizing another group or you are authorizing some
+        ip-based rule.
+
+        :type ip_protocol: str
+        :param ip_protocol: Either ``tcp`` | ``udp`` | ``icmp``
+
+        :type from_port: int
+        :param from_port: The beginning port number you are enabling
+
+        :type to_port: int
+        :param to_port: The ending port number you are enabling
+
+        :type cidr_ip: str or list of strings
+        :param cidr_ip: The CIDR block you are providing access to.
+
+        :type src_group: ``object`` of :class:`.SecurityGroup`
+        :param src_group: The Security Group you are granting access to.
+
+        :rtype: bool
+        :return: True if successful.
+        """
+        if src_group:
+            for protocol in ['tcp', 'udp']:
+                self.provider.nova.security_group_rules.create(
+                    parent_group_id=self._security_group.id,
+                    ip_protocol=protocol,
+                    from_port=1,
+                    to_port=65535,
+                    group_id=src_group.id)
+        else:
+            return self.provider.nova.security_group_rules.create(
+                parent_group_id=self._security_group.id,
+                ip_protocol=ip_protocol,
+                from_port=from_port,
+                to_port=to_port,
+                cidr=cidr_ip)
+
 
 class OpenStackContainerObject(ContainerObject):