| #!/usr/bin/env python |
| # encoding: utf-8 |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| |
| import json |
| |
| from flask import jsonify, request, url_for |
| |
| from gstack import app |
| from gstack import authentication |
| from gstack import controllers |
| from gstack import helpers |
| from gstack.services import requester |
| from gstack.controllers import errors |
| |
| |
| def _cloudstack_securitygroup_to_gce(cloudstack_response): |
| if 'ingressrule' in cloudstack_response: |
| rules = cloudstack_response['ingressrule'] |
| allowed = [] |
| sourceranges = [] |
| for rule in rules: |
| ports = [] |
| if 'startport' in rule: |
| for i in range(rule['startport'], rule['endport'] + 1): |
| ports.append(str(i)) |
| allowed.append({ |
| "IPProtocol": rule['protocol'], |
| "ports": ports |
| }) |
| if 'cidr' in rule.keys(): |
| sourceranges.append(rule['cidr']) |
| return ({ |
| "kind": "compute#firewall", |
| "selfLink": '', |
| "id": cloudstack_response['id'], |
| "creationTimestamp": '', |
| "name": cloudstack_response['name'], |
| "description": cloudstack_response['description'], |
| "network": '', |
| "sourceRanges": sourceranges, |
| "sourceTags": [ |
| '' |
| ], |
| "targetTags": cloudstack_response['tags'], |
| "allowed": allowed |
| }) |
| |
| |
| @app.route('/compute/v1/projects/<projectid>/global/firewalls', methods=['GET']) |
| @authentication.required |
| def listsecuritygroups(projectid, authorization): |
| args = {'command': 'listSecurityGroups'} |
| items = controllers.describe_items( |
| authorization, args, 'securitygroup', |
| _cloudstack_securitygroup_to_gce, **{}) |
| |
| populated_response = { |
| 'kind': 'compute#firewallList', |
| 'id': 'projects/' + projectid + '/global/firewalls', |
| 'selfLink': request.base_url, |
| 'items': items |
| } |
| |
| return helpers.create_response(data=populated_response) |
| |
| |
| @app.route('/compute/v1/projects/<projectid>/global/firewalls/<firewall>', methods=['GET']) |
| @authentication.required |
| def getsecuritygroup(projectid, authorization, firewall): |
| command = 'listSecurityGroups' |
| args = { |
| 'securitygroupname': firewall |
| } |
| cloudstack_response = requester.make_request( |
| command, |
| args, |
| authorization.client_id, |
| authorization.client_secret |
| ) |
| cloudstack_response = cloudstack_response |
| |
| if cloudstack_response['listsecuritygroupsresponse']['securitygroup']: |
| response_item = cloudstack_response[ |
| 'listsecuritygroupsresponse']['securitygroup'][0] |
| firewall = _cloudstack_securitygroup_to_gce(response_item) |
| res = jsonify(firewall) |
| res.status_code = 200 |
| |
| else: |
| func_route = url_for('getsecuritygroup', projectid=projectid, |
| firewall=firewall) |
| res = errors.resource_not_found(func_route) |
| |
| return res |
| |
| |
| @app.route('/compute/v1/projects/<projectid>/global/firewalls/<firewall>', methods=['DELETE']) |
| @authentication.required |
| def deletesecuritygroup(projectid, authorization, firewall): |
| command = 'deleteSecurityGroup' |
| args = {'name': firewall} |
| cloudstack_response = requester.make_request( |
| command, |
| args, |
| authorization.client_id, |
| authorization.client_secret |
| ) |
| |
| cloudstack_response = cloudstack_response |
| |
| app.logger.debug( |
| 'Processing request for deleting a Firewall \n' |
| 'Project: ' + projectid + '\n' + |
| 'Firewall: ' + firewall + '\n' + |
| json.dumps(cloudstack_response, indent=4, separators=(',', ': ')) |
| ) |
| |
| populated_response = {} |
| |
| res = jsonify(populated_response) |
| res.status_code = 200 |
| return res |
| |
| |
| @app.route('/compute/v1/projects/<projectid>/global/firewalls', methods=['POST']) |
| @authentication.required |
| def createsecuritygroup(projectid, authorization): |
| command = 'createSecurityGroup' |
| res = json.loads(request.data) |
| args = {'name': res['name'], |
| 'description': res['description']} |
| cloudstack_response = requester.make_request( |
| command, |
| args, |
| authorization.client_id, |
| authorization.client_secret |
| ) |
| |
| cloudstack_response = cloudstack_response |
| |
| app.logger.debug( |
| 'Processing request for creating a Firewall \n' |
| 'Project: ' + projectid + '\n' + |
| 'Firewall: ' + res['name'] + '\n' + |
| json.dumps(cloudstack_response, indent=4, separators=(',', ': ')) |
| ) |
| |
| net_protocol_codes = {'1': 'icmp', '6': 'tcp', '17': 'udp'} |
| |
| rules = res['allowed'] |
| if rules is not []: |
| for rule in rules: |
| command = 'authorizeSecurityGroupIngress' |
| args = {'securitygroupname': res['name'], |
| 'protocol': net_protocol_codes[str(rule['IPProtocol'])], |
| 'startport': rule['ports'][0], |
| 'endport': rule['ports'][0], |
| 'cidrlist': ','.join([cidr for cidr in |
| res['sourceRanges']])} |
| cloudstack_response = requester.make_request( |
| command, |
| args, |
| authorization.client_id, |
| authorization.client_secret |
| ) |
| |
| cloudstack_response = cloudstack_response |
| |
| app.logger.debug( |
| 'Processing request for adding a rule to a Firewall \n' |
| 'Project: ' + projectid + '\n' + |
| 'Firewall: ' + res['name'] + '\n' + |
| json.dumps(cloudstack_response, |
| indent=4, separators=(',', ': ')) |
| ) |
| |
| # return Global Operations |
| populated_response = {} |
| res = jsonify(populated_response) |
| res.status_code = 200 |
| return res |