Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

update authorize, revoke, and delete convenience methods to support VPC-linked groups #740

Merged
merged 5 commits into from

2 participants

Justin Riley Mitch Garnaat
Justin Riley

These changes allow the authorize, revoke, and delete convenience methods to be used on VPC-linked security groups while maintaining functionality for non-VPC groups.

Closes gh-561

Justin Riley

It turns out this PR will break eucalyptus/openstack given that they don't currently support the new auto-generated security group ids. Updating this now to use group id only when using VPC.

jtriley added some commits
Justin Riley jtriley only use group id on VPC-linked security groups
This allows authorize(), revoke(), and delete() to be used with
VPC-linked groups without breaking systems using older AWS APIs such as
Eucalyptus, Openstack, etc.
72d4f5f
Justin Riley jtriley add vpc_id to VPC-linked group obj before returning
This commit fixes a bug where vpc_id attribute is not set on a newly
created group object when using vpc_id kwarg of create_security_group().
This breaks all of the authorize, revoke, and delete security group
convenience methods for VPC-linked groups. A separate call to
get_all_security_groups() to re-fetch the group correctly includes the
vpc_id but this fix ensures that the object immediately returned after
creating a VPC-linked group has the proper vpc_id attribute.
6c7c864
Justin Riley

@garnaat @gholms @gtaylor I believe this PR is ready to go and will not break Euclayptus, Openstack, and other systems that do not currently support the new group id API. I've tested this by creating both VPC-linked and non-VPC security groups and confirmed, using pudb debugger, that only the group id is used for VPC-linked groups and that only group name is used for everything else when calling authorize, revoke, and delete convenience methods. I also fixed a bug in create_security_group where vpc_id attribute was not set on the newly created group object (6c7c864)

Mitch Garnaat garnaat merged commit 6c7c864 into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on May 9, 2012
  1. Justin Riley
  2. Justin Riley
  3. Justin Riley
Commits on May 14, 2012
  1. Justin Riley

    only use group id on VPC-linked security groups

    jtriley authored
    This allows authorize(), revoke(), and delete() to be used with
    VPC-linked groups without breaking systems using older AWS APIs such as
    Eucalyptus, Openstack, etc.
  2. Justin Riley

    add vpc_id to VPC-linked group obj before returning

    jtriley authored
    This commit fixes a bug where vpc_id attribute is not set on a newly
    created group object when using vpc_id kwarg of create_security_group().
    This breaks all of the authorize, revoke, and delete security group
    convenience methods for VPC-linked groups. A separate call to
    get_all_security_groups() to re-fetch the group correctly includes the
    vpc_id but this fix ensures that the object immediately returned after
    creating a VPC-linked group has the proper vpc_id attribute.
This page is out of date. Refresh to see the latest.
Showing with 43 additions and 19 deletions.
  1. +2 −0  boto/ec2/connection.py
  2. +41 −19 boto/ec2/securitygroup.py
2  boto/ec2/connection.py
View
@@ -2002,6 +2002,8 @@ def create_security_group(self, name, description, vpc_id=None):
SecurityGroup, verb='POST')
group.name = name
group.description = description
+ if vpc_id is not None:
+ group.vpc_id = vpc_id
return group
def delete_security_group(self, name=None, group_id=None):
60 boto/ec2/securitygroup.py
View
@@ -82,7 +82,10 @@ def endElement(self, name, value, connection):
setattr(self, name, value)
def delete(self):
- return self.connection.delete_security_group(self.name)
+ if self.vpc_id:
+ return self.connection.delete_security_group(group_id=self.id)
+ else:
+ return self.connection.delete_security_group(self.name)
def add_rule(self, ip_protocol, from_port, to_port,
src_group_name, src_group_owner_id, cidr_ip, src_group_group_id):
@@ -151,23 +154,33 @@ def authorize(self, ip_protocol=None, from_port=None, to_port=None,
:rtype: bool
:return: True if successful.
"""
+ group_name = None
+ if not self.vpc_id:
+ group_name = self.name
+ group_id = None
+ if self.vpc_id:
+ group_id = self.id
+ src_group_name = None
+ src_group_owner_id = None
+ src_group_group_id = None
if src_group:
cidr_ip = None
- src_group_name = src_group.name
src_group_owner_id = src_group.owner_id
- src_group_group_id = src_group.group_id
- else:
- src_group_name = None
- src_group_owner_id = None
- src_group_group_id = None
- status = self.connection.authorize_security_group(self.name,
+ if not self.vpc_id:
+ src_group_name = src_group.name
+ else:
+ if hasattr(src_group, 'group_id'):
+ src_group_group_id = src_group.group_id
+ else:
+ src_group_group_id = src_group.id
+ status = self.connection.authorize_security_group(group_name,
src_group_name,
src_group_owner_id,
ip_protocol,
from_port,
to_port,
cidr_ip,
- None,
+ group_id,
src_group_group_id)
if status:
if type(cidr_ip) != list:
@@ -175,28 +188,37 @@ def authorize(self, ip_protocol=None, from_port=None, to_port=None,
for single_cidr_ip in cidr_ip:
self.add_rule(ip_protocol, from_port, to_port, src_group_name,
src_group_owner_id, single_cidr_ip, src_group_group_id)
-
return status
def revoke(self, ip_protocol=None, from_port=None, to_port=None,
cidr_ip=None, src_group=None):
+ group_name = None
+ if not self.vpc_id:
+ group_name = self.name
+ group_id = None
+ if self.vpc_id:
+ group_id = self.id
+ src_group_name = None
+ src_group_owner_id = None
+ src_group_group_id = None
if src_group:
- cidr_ip=None
- src_group_name = src_group.name
+ cidr_ip = None
src_group_owner_id = src_group.owner_id
- src_group_group_id = src_group.group_id
- else:
- src_group_name = None
- src_group_owner_id = None
- src_group_group_id = None
- status = self.connection.revoke_security_group(self.name,
+ if not self.vpc_id:
+ src_group_name = src_group.name
+ else:
+ if hasattr(src_group, 'group_id'):
+ src_group_group_id = src_group.group_id
+ else:
+ src_group_group_id = src_group.id
+ status = self.connection.revoke_security_group(group_name,
src_group_name,
src_group_owner_id,
ip_protocol,
from_port,
to_port,
cidr_ip,
- None,
+ group_id,
src_group_group_id)
if status:
self.remove_rule(ip_protocol, from_port, to_port, src_group_name,
Something went wrong with that request. Please try again.