lib/security.rb in forj-0.0.34 vs lib/security.rb in forj-0.0.35
- old
+ new
@@ -16,103 +16,122 @@
# limitations under the License.
require 'rubygems'
require 'require_relative'
-require_relative 'connection.rb'
-include Connection
-require_relative 'log.rb'
-include Logging
-
#
# SecurityGroup module
#
module SecurityGroup
- def get_or_create_security_group(name)
- Logging.info('getting or creating security group for %s' % [name])
- security_group = get_security_group(name)
- if security_group == nil
- security_group = create_security_group(name)
- end
+ def get_or_create_security_group(oFC, name)
+ Logging.state("Searching for security group '%s'..." % [name])
+ security_group = get_security_group(oFC, name)
+ security_group = create_security_group(oFC, name) if not security_group
security_group
end
- def create_security_group(name)
- sec_group = nil
+ def create_security_group(oFC, name)
+ Logging.debug("creating security group '%s'" % [name])
begin
- sec_groups = get_security_group(name)
- if sec_groups.length >= 1
- sec_group = sec_groups[0]
- else
- description = 'Security group for blueprint %s' % [name]
- Logging.info(description)
- sec_group = Connection.network.security_groups.create(
+ description = "Security group for blueprint '%s'" % [name]
+ oFC.oNetwork.security_groups.create(
:name => name,
:description => description
)
- end
rescue => e
- Logging.error(e.message)
+ Logging.error("%s\n%s" % [e.message, e.backtrace.join("\n")])
end
- sec_group
end
- def get_security_group(name)
+ def get_security_group(oFC, name)
+ Logging.state("Searching for security group '%s'" % [name])
+ oSSLError=SSLErrorMgt.new
begin
- Connection.network.security_groups.all({:name => name})[0]
+ sgroups = oFC.oNetwork.security_groups.all({:name => name})
rescue => e
- Logging.error(e.message)
+ if not oSSLError.ErrorDetected(e.message,e.backtrace)
+ retry
+ end
end
+ case sgroups.length()
+ when 0
+ Logging.debug("No security group '%s' found" % [name] )
+ nil
+ when 1
+ Logging.debug("Found security group '%s'" % [sgroups[0].name])
+ sgroups[0]
+ end
end
- def delete_security_group(security_group)
+ def delete_security_group(oFC, security_group)
+ oSSLError=SSLErrorMgt.new
begin
- sec_group = get_security_group(security_group)
- Connection.network.security_groups.get(sec_group.id).destroy
+ sec_group = get_security_group(oFC, security_group)
+ oFC.oNetwork.security_groups.get(sec_group.id).destroy
rescue => e
- Logging.error(e.message)
+ if not oSSLError.ErrorDetected(e.message,e.backtrace)
+ retry
+ end
end
end
- def create_security_group_rule(security_group_id, protocol, port_min, port_max)
+ def create_security_group_rule(oFC, security_group_id, protocol, port_min, port_max)
+ Logging.debug("Creating ingress rule '%s:%s - %s to 0.0.0.0/0'" % [protocol, port_min, port_max])
+ oSSLError=SSLErrorMgt.new
begin
- Connection.network.security_group_rules.create(
+ oFC.oNetwork.security_group_rules.create(
:security_group_id => security_group_id,
:direction => 'ingress',
:protocol => protocol,
:port_range_min => port_min,
:port_range_max => port_max,
:remote_ip_prefix => '0.0.0.0/0'
)
rescue StandardError => e
+ if not oSSLError.ErrorDetected(e.message,e.backtrace)
+ retry
+ end
msg = 'error creating the rule for port %s' % [port_min]
- puts msg
- Logging.error(e.message)
+ Logging.error msg
end
end
- def delete_security_group_rule(rule_id)
+ def delete_security_group_rule(oFC, rule_id)
+ oSSLError=SSLErrorMgt.new
begin
- Connection.network.security_group_rules.get(rule_id).destroy
+ oFC.oNetwork.security_group_rules.get(rule_id).destroy
rescue => e
- Logging.error(e.message)
+ if not oSSLError.ErrorDetected(e.message,e.backtrace)
+ retry
+ end
end
end
- def get_security_group_rule(port)
+ def get_security_group_rule(oFC, security_group_id, port_min, port_max)
+ Logging.state("Searching for rule '%s - %s'" % [ port_min, port_max])
+ oSSLError = SSLErrorMgt.new
begin
- Connection.network.security_group_rules.all({:port_range_min => port, :port_range_max => port})[0]
- rescue => e
- Logging.error(e.message)
+ sgroups = oFC.oNetwork.security_group_rules.all({:port_range_min => port_min, :port_range_max => port_max, :security_group_id => security_group_id})
+ case sgroups.length()
+ when 0
+ Logging.debug("No security rule '%s - %s' found" % [ port_min, port_max ] )
+ nil
+ else
+ Logging.debug("Found security rule '%s - %s'." % [ port_min, port_max ])
+ sgroups
+ end
+ rescue => e
+ if not oSSLError.ErrorDetected(e.message,e.backtrace)
+ retry
+ end
end
end
- def get_or_create_rule(security_group_id, protocol, port_min, port_max)
- Logging.info('getting or creating rule %s' % [port_min])
- rule = get_security_group_rule(port_min)
- if rule == nil
- rule = create_security_group_rule(security_group_id, protocol, port_min, port_max)
+ def get_or_create_rule(oFC, security_group_id, protocol, port_min, port_max)
+ rule = get_security_group_rule(oFC, security_group_id, port_min, port_max)
+ if not rule
+ rule = create_security_group_rule(oFC, security_group_id, protocol, port_min, port_max)
end
rule
end
def upload_existing_key(key_name, key_path)