Merge pull request #130 from cloudbuilders/security_groups_cli

Security groups cli

README.rst

@@ -109,6 +109,17 @@ You'll find complete documentation on the shell by running
         resize-revert       Revert a previous resize (and return to the previous
                             VM).
         root-password       Change the root password for a server.
+        secgroup-add-group-rule
+                            Add a source group rule to a security group.
+        secgroup-add-rule   Add a rule to a security group.
+        secgroup-create     Create a new security group.
+        secgroup-delete     Delete a security group.
+        secgroup-delete-group-rule
+                            Delete a source group rule from a security group.
+        secgroup-delete-rule
+                            Delete a rule from a security group.
+        secgroup-list       List security groups for the curent tenant.
+        secgroup-list-rules List rules for a security group.
         show                Show details about the given server.
         unrescue            Unrescue a server.
         zone                Show or edit a Child Zone

novaclient/v1_1/shell.py

@@ -743,3 +743,156 @@ def do_floating_ip_delete(cs, args):
 def do_floating_ip_list(cs, args):
     """List floating ips for this tenant."""
     _print_floating_ip_list(cs.floating_ips.list())
+
+
+def _print_secgroup_rules(rules):
+    class FormattedRule:
+        def __init__(self, obj):
+            items = (obj if isinstance(obj, dict) else obj._info).items()
+            for k, v in items:
+                if k == 'ip_range':
+                    v = v.get('cidr')
+                elif k == 'group':
+                    k = 'source_group'
+                    v = v.get('name')
+                if v == None:
+                    v = ''
+
+                setattr(self, k, v)
+
+    rules = [FormattedRule(rule) for rule in rules]
+    utils.print_list(rules, ['IP Protocol', 'From Port', 'To Port',
+                             'IP Range', 'Source Group'])
+
+
+def _print_secgroups(secgroups):
+    utils.print_list(secgroups, ['Name', 'Description'])
+
+
+def _get_secgroup(cs, secgroup):
+    for s in cs.security_groups.list():
+        if secgroup == s.name:
+            return s
+    raise exceptions.CommandError("Secgroup %s not found" % secgroup)
+
+
+@utils.arg('secgroup', metavar='<secgroup>', help='ID of security group.')
+@utils.arg('ip_proto', metavar='<ip_proto>', help='ip_proto (icmp, tcp, udp).')
+@utils.arg('from_port', metavar='<from_port>', help='Port at start of range.')
+@utils.arg('to_port', metavar='<to_port>', help='Port at end of range.')
+@utils.arg('cidr', metavar='<cidr>', help='CIDR for address range.')
+def do_secgroup_add_rule(cs, args):
+    """Add a rule to a security group."""
+    secgroup = _get_secgroup(cs, args.secgroup)
+    rule = cs.security_group_rules.create(secgroup.id,
+                                          args.ip_proto,
+                                          args.from_port,
+                                          args.to_port,
+                                          args.cidr)
+    _print_secgroup_rules([rule])
+
+
+@utils.arg('secgroup', metavar='<secgroup>', help='ID of security group.')
+@utils.arg('ip_proto', metavar='<ip_proto>', help='ip_proto (icmp, tcp, udp).')
+@utils.arg('from_port', metavar='<from_port>', help='Port at start of range.')
+@utils.arg('to_port', metavar='<to_port>', help='Port at end of range.')
+@utils.arg('cidr', metavar='<cidr>', help='CIDR for address range.')
+def do_secgroup_delete_rule(cs, args):
+    """Delete a rule from a security group."""
+
+    secgroup = _get_secgroup(cs, args.secgroup)
+    for rule in secgroup.rules:
+        if (rule['ip_protocol'] == args.ip_proto and
+            rule['from_port'] == int(args.from_port) and
+            rule['to_port'] == int(args.to_port) and
+            rule['ip_range']['cidr'] == args.cidr):
+            return cs.security_group_rules.delete(rule['id'])
+
+    raise exceptions.CommandError("Rule not found")
+
+
+@utils.arg('name', metavar='<name>', help='Name of security group.')
+@utils.arg('description', metavar='<description>',
+           help='Description of security group.')
+def do_secgroup_create(cs, args):
+    """Create a security group."""
+    _print_secgroups([cs.security_groups.create(args.name, args.description)])
+
+
+@utils.arg('secgroup', metavar='<secgroup>', help='Name of security group.')
+def do_secgroup_delete(cs, args):
+    """Delete a security group."""
+    cs.security_groups.delete(_get_secgroup(cs, args.secgroup))
+
+
+def do_secgroup_list(cs, args):
+    """List security groups for the curent tenant."""
+    _print_secgroups(cs.security_groups.list())
+
+
+@utils.arg('secgroup', metavar='<secgroup>', help='Name of security group.')
+def do_secgroup_list_rules(cs, args):
+    """List rules for a security group."""
+    secgroup = _get_secgroup(cs, args.secgroup)
+    _print_secgroup_rules(secgroup.rules)
+
+
+@utils.arg('secgroup', metavar='<secgroup>', help='ID of security group.')
+@utils.arg('source_group', metavar='<source_group>',
+           help='ID of source group.')
+@utils.arg('--ip_proto', metavar='<ip_proto>',
+           help='ip_proto (icmp, tcp, udp).')
+@utils.arg('--from_port', metavar='<from_port>',
+           help='Port at start of range.')
+@utils.arg('--to_port', metavar='<to_port>', help='Port at end of range.')
+def do_secgroup_add_group_rule(cs, args):
+    """Add a source group rule to a security group."""
+    secgroup = _get_secgroup(cs, args.secgroup)
+    source_group = _get_secgroup(cs, args.source_group)
+    params = {}
+    params['group_id'] = source_group.id
+
+    if args.ip_proto or args.from_port or args.to_port:
+        if not (args.ip_proto and args.from_port and args.to_port):
+            raise exceptions.CommandError("ip_proto, from_port, and to_port"
+                                           " must be specified together")
+        params['ip_protocol'] = args.ip_proto
+        params['from_port'] = args.from_port
+        params['to_port'] = args.to_port
+
+    rule = cs.security_group_rules.create(secgroup.id, **params)
+    _print_secgroup_rules([rule])
+
+
+@utils.arg('secgroup', metavar='<secgroup>', help='ID of security group.')
+@utils.arg('source_group', metavar='<source_group>',
+           help='ID of source group.')
+@utils.arg('--ip_proto', metavar='<ip_proto>',
+           help='ip_proto (icmp, tcp, udp).')
+@utils.arg('--from_port', metavar='<from_port>',
+           help='Port at start of range.')
+@utils.arg('--to_port', metavar='<to_port>', help='Port at end of range.')
+def do_secgroup_delete_group_rule(cs, args):
+    """Delete a source group rule from a security group."""
+    secgroup = _get_secgroup(cs, args.secgroup)
+    source_group = _get_secgroup(cs, args.source_group)
+    params = {}
+    params['group_name'] = source_group.name
+
+    if args.ip_proto or args.from_port or args.to_port:
+        if not (args.ip_proto and args.from_port and args.to_port):
+            raise exceptions.CommandError("ip_proto, from_port, and to_port"
+                                           " must be specified together")
+        params['ip_protocol'] = args.ip_proto
+        params['from_port'] = int(args.from_port)
+        params['to_port'] = int(args.to_port)
+
+    for rule in secgroup.rules:
+        if (rule.get('ip_protocol') == params.get('ip_protocol') and
+            rule.get('from_port') == params.get('from_port') and
+            rule.get('to_port') == params.get('to_port') and
+            rule.get('group', {}).get('name') ==\
+                     params.get('group_name')):
+            return cs.security_group_rules.delete(rule['id'])
+
+    raise exceptions.CommandError("Rule not found")