Skip to content
Snippets Groups Projects
Commit 28d9cd7d authored by Abdallah El-Gammal's avatar Abdallah El-Gammal Committed by baldwinlouie
Browse files

Issue #1870284 by aelgammal: Fixed Security Groups to support Nova api

parent 66d9a5c0
No related branches found
No related tags found
No related merge requests found
......@@ -37,7 +37,6 @@ function aws_cloud_sdk_ec2_init($cloud_context) {
// instantiate and set the region
$ec2 = new AmazonEC2();
$ec2->set_region($host_uri);
return $ec2;
}
else {
......@@ -330,30 +329,44 @@ function aws_cloud_sdk_authorize_security_group_ingress($cloud_context, $group_n
$ec2 = aws_cloud_sdk_ec2_init($cloud_context);
if ($ec2) {
$opt = array();
$perm = array();
if (isset($group_name)) {
$opt['GroupName'] = $group_name;
}
// preseving the older method of assigning security groups
// by using SourceSecurityGroupName/SecurityGroupOwnerId
$perm['Groups'] = array();
$group = array();
if (!empty($src_name) && !empty($src_owner)) {
$opt['SourceSecurityGroupName'] = $src_name;
$opt['SourceSecurityGroupOwnerId'] = $src_owner;
$group['GroupName'] = $src_name;
$group['UserId'] = $src_owner;
}
else {
$opt['IpPermissions'] = array();
if (!empty($protocol)) {
$opt['IpPermissions']['IpProtocol'] = $protocol;
}
if (isset($from_port) && strlen($from_port)) {
$opt['IpPermissions']['FromPort'] = $from_port;
}
if (isset($to_port) && strlen($to_port)) {
$opt['IpPermissions']['ToPort'] = $to_port;
}
if (!empty($src_ip)) {
$opt['IpPermissions']['IpRanges']['CidrIp'] = $src_ip;
}
if (count($group)) {
$perm['Groups'][] = $group;
}
// OpenStack's Nova-api requires a more
// complicated array data structure with IpPermissions
// and IpRanges. The extra
// array encapsulation is for nova support.
// The extra array encapsulation works well for EC2
if (!empty($protocol)) {
$perm['IpProtocol'] = $protocol;
}
if (isset($from_port) && strlen($from_port)) {
$perm['FromPort'] = $from_port;
}
if (isset($to_port) && strlen($to_port)) {
$perm['ToPort'] = $to_port;
}
if (!empty($src_ip)) {
$perm['IpRanges'] = array(
array('CidrIp' => $src_ip)
);
}
if (count($perm)) {
$opt['IpPermissions'] = array($perm);
}
$response = $ec2->authorize_security_group_ingress($opt);
return aws_cloud_sdk_check_response($response, 'Add Permissions to Security Group');
}
......@@ -382,31 +395,49 @@ function aws_cloud_sdk_revoke_security_group_ingress($cloud_context, $group_name
if ($ec2) {
$opt = array();
$opt['GroupName'] = $group_name;
$opt['IpPermissions'] = array();
$perm = array();
$perm['Groups'] = array();
$group = array();
if (!empty($src_name) && !empty($src_owner)) {
$group['GroupName'] = $src_name;
$group['UserId'] = $src_owner;
}
if (count($group)) {
$perm['Groups'][] = $group;
}
// OpenStack's Nova-api requires a more
// complicated array data structure with IpPermissions
// and IpRanges. The extra
// array encapsulation is for nova support.
// The extra array encapsulation works well for EC2
if (!empty($protocol)) {
$opt['IpPermissions']['IpProtocol'] = $protocol;
$perm['IpProtocol'] = $protocol;
}
if (isset($from_port) && strlen($from_port)) {
$opt['IpPermissions']['FromPort'] = $from_port;
$perm['FromPort'] = $from_port;
}
if (isset($to_port) && strlen($to_port)) {
$opt['IpPermissions']['ToPort'] = $to_port;
$perm['ToPort'] = $to_port;
}
if (!empty($src_ip)) {
$opt['IpPermissions']['IpRanges']['CidrIp'] = $src_ip;
}
if (!empty($src_name)) {
$opt['IpPermissions']['Groups']['GroupName'] = $src_name;
$perm['IpRanges'] = array(
array('CidrIp' => $src_ip)
);
}
if (!empty($src_owner)) {
$opt['IpPermissions']['Groups']['UserId'] = $src_owner;
if (count($perm)) {
$opt['IpPermissions'] = array($perm);
}
$response = $ec2->revoke_security_group_ingress($opt);
return aws_cloud_sdk_check_response($response, 'Revoke Permissions to Security Group');
}
return FALSE;
}
/**
* The DescribeAvailabilityZones operation describes availability zones
* that are currently available to the account and their states.
......
......@@ -364,6 +364,70 @@ function aws_cloud_display_security_group($form_submit = '', $form_state, $cloud
$grp['grp_owner']['#default_value'] = ($owner_id)
? $owner_id
: '';
$grp_protocol = !empty($form_state['values']['grp_protocol']) ? $form_state['values']['grp_protocol'] : 'tcp';
// add in select for better user experience
$grp['grp_protocol'] = array(
'#type' => 'select',
'#options' => array('tcp' => t('TCP'), 'udp' => t('UDP'), 'icmp' => t('ICMP')),
'#disabled' => $txt_disabled,
'#default_value' => $grp_protocol,
'#ajax' => array(
'callback' => 'aws_cloud_group_select_callback',
'wrapper' => 'group-configuration',
'method' => 'replace',
'effect' => 'fade',
),
);
$grp['grp_wrapper'] = array(
'#prefix' => '<div id="group-configuration">',
'#suffix' => '</div>',
);
if ($grp_protocol == 'icmp') {
$grp['grp_wrapper']['config']['grp_icmp_IPs'] = array(
'#type' => 'textfield',
'#size' => '14',
'#title' => t('IPs'),
'#default_value' => !empty($form_state['values']['grp_icmp_IPs']) ? $form_state['values']['grp_icmp_IPs'] : '0.0.0.0/32',
);
$grp['grp_wrapper']['config']['grp_icmp_Ports_start'] = array(
'#type' => 'textfield',
'#size' => '4',
'#title' => t('Type'),
'#default_value' => !empty($form_state['values']['grp_icmp_Ports_start']) ? $form_state['values']['grp_icmp_Ports_start'] : '-1',
);
$grp['grp_wrapper']['config']['grp_icmp_Ports_end'] = array(
'#type' => 'textfield',
'#size' => '4',
'#title' => t('Code'),
'#default_value' => !empty($form_state['values']['grp_icmp_Ports_end']) ? $form_state['values']['grp_icmp_Ports_end'] : '-1',
);
}
else {
$grp['grp_wrapper']['config']['grp_ips'] = array(
'#type' => 'textfield',
'#size' => '14',
'#title' => t('IPs'),
'#default_value' => !empty($form_state['values']['grp_ips']) ? $form_state['values']['grp_ips'] : '0.0.0.0/32',
'#disabled' => $txt_disabled,
);
$grp['grp_wrapper']['config']['grp_tcp_Ports_start'] = array(
'#type' => 'textfield',
'#size' => '4',
'#title' => t('Ports'),
'#default_value' => !empty($form_state['values']['grp_tcp_Ports_start']) ? $form_state['values']['grp_tcp_Ports_start'] : '0',
'#disabled' => $txt_disabled,
);
$grp['grp_wrapper']['config']['grp_tcp_Ports_end' ] = array(
'#type' => 'textfield',
'#size' => '4',
'#field_prefix' => ' .. ' ,
'#default_value' => !empty($form_state['values']['grp_tcp_Ports_end']) ? $form_state['values']['grp_tcp_Ports_end'] : '0',
'#disabled' => $txt_disabled,
);
}
$form['SG_details']['AddIPs_Grp_Content'] = $grp ;
if (user_access($cloud_context . ' setup security group') ) {
......@@ -407,6 +471,7 @@ function aws_cloud_display_security_group($form_submit = '', $form_state, $cloud
}
/**
* Theme security group form
* @param $form
......@@ -510,6 +575,13 @@ function theme_aws_cloud_display_security_group($form) {
return $output;
}
/**
* Ajax callback to set the appropriate fields for the "Add Group"
*/
function aws_cloud_group_select_callback($form, $form_state) {
return $form['SG_details']['AddIPs_Grp_Content']['grp_wrapper'];
}
/**
* Submit function to update security groups
* @param $form_id
......@@ -523,7 +595,7 @@ function aws_cloud_display_security_group_submit($form_id, &$form_state) {
$cloud_menu_path = cloud_get_menu_path($cloud_context);
$result = TRUE;
if ($form_values['operation_type'] == 'AddIPs_TCP_Button') {
if ($form_state['triggering_element']['#name'] == 'AddIPs_TCP_Button') {
// User Activity Log
cloud_audit_user_activity(
array(
......@@ -533,8 +605,9 @@ function aws_cloud_display_security_group_submit($form_id, &$form_state) {
)
);
$result = aws_cloud_authorize_security_group($cloud_context, $form_values['group_name'], '', '', $form_values['protocol'], $form_values['tcp_Ports_start'], $form_values['tcp_Ports_end'], $form_values['tcp_IPs']);
}
elseif ($form_values['operation_type'] == 'AddIPs_ICMP_Button') {
elseif ($form_state['triggering_element']['#name'] == 'AddIPs_ICMP_Button') {
// User Activity Log
cloud_audit_user_activity(
array(
......@@ -546,8 +619,14 @@ function aws_cloud_display_security_group_submit($form_id, &$form_state) {
$result = aws_cloud_authorize_security_group($cloud_context, $form_values['group_name'], '', '', 'icmp', $form_values['icmp_Ports_start'], $form_values['icmp_Ports_end'], $form_values['icmp_IPs']);
}
elseif ($form_values['operation_type'] == 'Add_Grp_Button') {
$result = aws_cloud_authorize_security_group($cloud_context, $form_values['group_name'], $form_values['grp'], $form_values['grp_owner']);
elseif ($form_state['triggering_element']['#name'] == 'Add_Grp_Button') {
// Takes the values (IP & Port Range) from the AddIPs_TCP
if ($form_values['grp_protocol'] == 'icmp') {
$result = aws_cloud_authorize_security_group($cloud_context, $form_values['group_name'], $form_values['grp'], $form_values['grp_owner'], 'icmp', $form_values['grp_icmp_Ports_start'], $form_values['grp_icmp_Ports_end'], $form_values['grp_icmp_IPs']);
}
else {
$result = aws_cloud_authorize_security_group($cloud_context, $form_values['group_name'], $form_values['grp'], $form_values['grp_owner'], $form_values['grp_protocol'], $form_values['grp_tcp_Ports_start'], $form_values['grp_tcp_Ports_end'], $form_values['grp_ips']);
}
}
elseif ($form_values['op'] == t('List Security Groups')) {
$form_state['redirect'] = $cloud_menu_path . '/security_groups';
......@@ -961,8 +1040,9 @@ function theme_aws_cloud_display_security_group_list($form) {
function aws_cloud_get_security_action($cloud_context, $security_info) {
$cloud_menu_path = cloud_get_menu_path($cloud_context);
$action_data = array();
$prop['onclick'] = cloud_get_messagebox('Are you sure you want to delete the Security Group "' . $security_info['group_name'] . '" ?');
if (user_access($cloud_context . ' delete security group') ) {
$prop['onclick'] = cloud_get_messagebox('Are you sure you want to delete the Security Group "' . $security_info['group_name'] . '" ?');
$action_data[] = cloud_display_action('images/icon_delete.png', t('Delete'), $cloud_menu_path . '/security_groups/delete', array('query' => array('sg_name' => $security_info['group_name']), 'html' => TRUE), $prop['onclick']);
}
......@@ -973,6 +1053,7 @@ function aws_cloud_get_security_action($cloud_context, $security_info) {
$user_actions = module_invoke_all('aws_cloud_security_action_data', $security_info);
$action_data = array_merge($action_data, $user_actions);
return implode($action_data);
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment