src/tashi/aws/impl/security.py - tashi - Git at Google

 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.

 from tashi.aws.wsdl.AmazonEC2_services_server import *
 from tashi.aws.util import *
 from tashi.rpycservices.rpyctypes import *

 def CreateSecurityGroup(groupName, groupDescription):
 	res = CreateSecurityGroupResponseMsg()
 	res.requestId = genRequestId()
 	res.__dict__['return'] = True
 	userId = userNameToId(tashi.aws.util.authorizedUser)
 	try:
 		awsdata.registerGroup(Group({'userId':userId,'groupName':groupName,'groupDescription':groupDescription}))
 	except Exception, e:
 		res.__dict__['return'] = False
 	return res

 def DeleteSecurityGroup(groupName):
 	res = DeleteSecurityGroupResponseMsg()
 	res.requestId = genRequestId()
 	userId = userNameToId(tashi.aws.util.authorizedUser)
 	res.__dict__['return'] = True
 	try:
 		awsdata.removeGroup(userId, groupName)
 	except:
 		res.__dict__['return'] = False
 	return res

 def DescribeSecurityGroups(securityGroupSet = None):
 	res = DescribeSecurityGroupsResponseMsg()
 	res.requestId = genRequestId()
 	res.securityGroupInfo = res.new_securityGroupInfo()
 	res.securityGroupInfo.item = []
 	userId = userNameToId(tashi.aws.util.authorizedUser)
 	for group in awsdata.getGroups(userId):
 		item = res.securityGroupInfo.new_item()
 		item.ownerId = group.userId
 		item.groupName = group.groupName
 		item.groupDescription = group.groupDescription
 		item.ipPermissions = item.new_ipPermissions()
 		item.ipPermissions.item = []
 		for ipPermission in group.ipPermissions:
 			ipPermissionsItem = item.ipPermissions.new_item()
 			ipPermissionsItem.ipProtocol = ipPermission.ipProtocol
 			ipPermissionsItem.fromPort = int(ipPermission.fromPort)
 			ipPermissionsItem.toPort = int(ipPermission.toPort)
 			ipPermissionsItem.groups = ipPermissionsItem.new_groups()
 			ipPermissionsItem.groups.item = []
 			for groupPermission in ipPermission.groupPermissions:
 				groupPermissionsItem = ipPermissionsItem.groups.new_item()
 				groupPermissionsItem.groupName = groupPermission.groupName
 				groupPermissionsItem.userId = groupPermission.targetUserId
 				ipPermissionsItem.groups.item.append(groupPermissionsItem)
 			ipPermissionsItem.ipRanges = ipPermissionsItem.new_ipRanges()
 			ipPermissionsItem.ipRanges.item = []
 			ipRangesItem = ipPermissionsItem.ipRanges.new_item()
 			ipRangesItem.cidrIp = ipPermission.cidrIp
 			if ipRangesItem.cidrIp != None:
 				ipPermissionsItem.ipRanges.item.append(ipRangesItem)
 			item.ipPermissions.item.append(ipPermissionsItem)
 		res.securityGroupInfo.item.append(item)
 	return res

 def AuthorizeSecurityGroupIngress(userId, groupName, ipPermissions):
 	res = AuthorizeSecurityGroupIngressResponseMsg()
 	res.requestId = genRequestId()
 	_userId = userNameToId(tashi.aws.util.authorizedUser)
 	res.__dict__['return'] = True
 	if userId != None and userId != _userId:
 		raise TashiException({'msg':'You do not own that security group'})
 	ipProtocol = ipPermissions['item']['ipProtocol']
 	toPort = ipPermissions['item']['toPort']
 	fromPort = ipPermissions['item']['fromPort']
 	cidrIp = None
 	if ipPermissions['item']['ipRanges']:
 		cidrIp = ipPermissions['item']['ipRanges']['item']['cidrIp']
 	groupPermissions = []
 	if ipPermissions['item']['groups']:
 		# Only one userId/groupName seems to get through even if you put multiple userId/groupNames on the command line.
 		groupPermissions.append(GroupPermission({'targetUserId':ipPermissions['item']['groups']['item']['userId'],'groupName':ipPermissions['item']['groups']['item']['groupName']}))
 	try:
 		awsdata.addIpPermission(IpPermission({'userId':_userId,'groupName':groupName,'ipProtocol':ipProtocol,'toPort':toPort,'fromPort':fromPort,'cidrIp':cidrIp,'groupPermissions':groupPermissions}))
 		#To Do: change permission.
 		#client.changePermission()
 	except:
 		res.__dict__['return'] = False
 	return res

 def RevokeSecurityGroupIngress(userId, groupName, ipPermissions):
 	res = RevokeSecurityGroupIngressResponseMsg()
 	res.requestId = genRequestId()
 	_userId = userNameToId(tashi.aws.util.authorizedUser)
 	res.__dict__['return'] = True
 	if userId != None and userId != _userId:
 		raise TashiException({'msg':'You do not own that security group'})
 	ipProtocol = ipPermissions['item']['ipProtocol']
 	toPort = ipPermissions['item']['toPort']
 	fromPort = ipPermissions['item']['fromPort']
 	cidrIp = None
 	if ipPermissions['item']['ipRanges']:
 		cidrIp = ipPermissions['item']['ipRanges']['item']['cidrIp']
 	groupPermissions = []
 	if ipPermissions['item']['groups']:
 		# Only one userId/groupName seems to get through even if you put multiple userId/groupNames on the command line.
 		groupPermissions.append(GroupPermission({'targetUserId':ipPermissions['item']['groups']['item']['userId'],'groupName':ipPermissions['item']['groups']['item']['groupName']}))
 	try:
 		awsdata.removeIpPermission(IpPermission({'userId':_userId,'groupName':groupName,'ipProtocol':ipProtocol,'toPort':toPort,'fromPort':fromPort,'cidrIp':cidrIp,'groupPermissions':groupPermissions}))
 		#To Do: change permission.
 		#client.changePermission()
 	except:
 		res.__dict__['return'] = False
 	return res

 functions = ['CreateSecurityGroup', 'DeleteSecurityGroup', 'DescribeSecurityGroups', 'AuthorizeSecurityGroupIngress', 'RevokeSecurityGroupIngress']
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.

	from tashi.aws.wsdl.AmazonEC2_services_server import *
	from tashi.aws.util import *
	from tashi.rpycservices.rpyctypes import *

	def CreateSecurityGroup(groupName, groupDescription):
	res = CreateSecurityGroupResponseMsg()
	res.requestId = genRequestId()
	res.__dict__['return'] = True
	userId = userNameToId(tashi.aws.util.authorizedUser)
	try:
	awsdata.registerGroup(Group({'userId':userId,'groupName':groupName,'groupDescription':groupDescription}))
	except Exception, e:
	res.__dict__['return'] = False
	return res

	def DeleteSecurityGroup(groupName):
	res = DeleteSecurityGroupResponseMsg()
	res.requestId = genRequestId()
	userId = userNameToId(tashi.aws.util.authorizedUser)
	res.__dict__['return'] = True
	try:
	awsdata.removeGroup(userId, groupName)
	except:
	res.__dict__['return'] = False
	return res

	def DescribeSecurityGroups(securityGroupSet = None):
	res = DescribeSecurityGroupsResponseMsg()
	res.requestId = genRequestId()
	res.securityGroupInfo = res.new_securityGroupInfo()
	res.securityGroupInfo.item = []
	userId = userNameToId(tashi.aws.util.authorizedUser)
	for group in awsdata.getGroups(userId):
	item = res.securityGroupInfo.new_item()
	item.ownerId = group.userId
	item.groupName = group.groupName
	item.groupDescription = group.groupDescription
	item.ipPermissions = item.new_ipPermissions()
	item.ipPermissions.item = []
	for ipPermission in group.ipPermissions:
	ipPermissionsItem = item.ipPermissions.new_item()
	ipPermissionsItem.ipProtocol = ipPermission.ipProtocol
	ipPermissionsItem.fromPort = int(ipPermission.fromPort)
	ipPermissionsItem.toPort = int(ipPermission.toPort)
	ipPermissionsItem.groups = ipPermissionsItem.new_groups()
	ipPermissionsItem.groups.item = []
	for groupPermission in ipPermission.groupPermissions:
	groupPermissionsItem = ipPermissionsItem.groups.new_item()
	groupPermissionsItem.groupName = groupPermission.groupName
	groupPermissionsItem.userId = groupPermission.targetUserId
	ipPermissionsItem.groups.item.append(groupPermissionsItem)
	ipPermissionsItem.ipRanges = ipPermissionsItem.new_ipRanges()
	ipPermissionsItem.ipRanges.item = []
	ipRangesItem = ipPermissionsItem.ipRanges.new_item()
	ipRangesItem.cidrIp = ipPermission.cidrIp
	if ipRangesItem.cidrIp != None:
	ipPermissionsItem.ipRanges.item.append(ipRangesItem)
	item.ipPermissions.item.append(ipPermissionsItem)
	res.securityGroupInfo.item.append(item)
	return res

	def AuthorizeSecurityGroupIngress(userId, groupName, ipPermissions):
	res = AuthorizeSecurityGroupIngressResponseMsg()
	res.requestId = genRequestId()
	_userId = userNameToId(tashi.aws.util.authorizedUser)
	res.__dict__['return'] = True
	if userId != None and userId != _userId:
	raise TashiException({'msg':'You do not own that security group'})
	ipProtocol = ipPermissions['item']['ipProtocol']
	toPort = ipPermissions['item']['toPort']
	fromPort = ipPermissions['item']['fromPort']
	cidrIp = None
	if ipPermissions['item']['ipRanges']:
	cidrIp = ipPermissions['item']['ipRanges']['item']['cidrIp']
	groupPermissions = []
	if ipPermissions['item']['groups']:
	# Only one userId/groupName seems to get through even if you put multiple userId/groupNames on the command line.
	groupPermissions.append(GroupPermission({'targetUserId':ipPermissions['item']['groups']['item']['userId'],'groupName':ipPermissions['item']['groups']['item']['groupName']}))
	try:
	awsdata.addIpPermission(IpPermission({'userId':_userId,'groupName':groupName,'ipProtocol':ipProtocol,'toPort':toPort,'fromPort':fromPort,'cidrIp':cidrIp,'groupPermissions':groupPermissions}))
	#To Do: change permission.
	#client.changePermission()
	except:
	res.__dict__['return'] = False
	return res

	def RevokeSecurityGroupIngress(userId, groupName, ipPermissions):
	res = RevokeSecurityGroupIngressResponseMsg()
	res.requestId = genRequestId()
	_userId = userNameToId(tashi.aws.util.authorizedUser)
	res.__dict__['return'] = True
	if userId != None and userId != _userId:
	raise TashiException({'msg':'You do not own that security group'})
	ipProtocol = ipPermissions['item']['ipProtocol']
	toPort = ipPermissions['item']['toPort']
	fromPort = ipPermissions['item']['fromPort']
	cidrIp = None
	if ipPermissions['item']['ipRanges']:
	cidrIp = ipPermissions['item']['ipRanges']['item']['cidrIp']
	groupPermissions = []
	if ipPermissions['item']['groups']:
	# Only one userId/groupName seems to get through even if you put multiple userId/groupNames on the command line.
	groupPermissions.append(GroupPermission({'targetUserId':ipPermissions['item']['groups']['item']['userId'],'groupName':ipPermissions['item']['groups']['item']['groupName']}))
	try:
	awsdata.removeIpPermission(IpPermission({'userId':_userId,'groupName':groupName,'ipProtocol':ipProtocol,'toPort':toPort,'fromPort':fromPort,'cidrIp':cidrIp,'groupPermissions':groupPermissions}))
	#To Do: change permission.
	#client.changePermission()
	except:
	res.__dict__['return'] = False
	return res

	functions = ['CreateSecurityGroup', 'DeleteSecurityGroup', 'DescribeSecurityGroups', 'AuthorizeSecurityGroupIngress', 'RevokeSecurityGroupIngress']