saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #27581 from tkwilliams/boto_secgroup_add_vpc_name

Browse source 
Add support for 'vpc_name' tag in boto_secgroup module and state
This commit is contained in:
Nicole Thomas 2015-10-02 09:40:40 -06:00
commit ce4c64a2e3
2 changed files with 94 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

86
salt/modules/boto_secgroup.py
View file

@ -51,6 +51,7 @@ import logging
import re
from distutils.version import LooseVersion as _LooseVersion # pylint: disable=import-error,no-name-in-module
import salt.ext.six as six
from salt.exceptions import SaltInvocationError
log = logging.getLogger(__name__)
@ -89,9 +90,9 @@ def __virtual__():
def exists(name=None, region=None, key=None, keyid=None, profile=None,
vpc_id=None, group_id=None):
vpc_id=None, vpc_name=None, group_id=None):
'''
Check to see if an security group exists.
Check to see if a security group exists.
CLI example::
@ -99,13 +100,24 @@ def exists(name=None, region=None, key=None, keyid=None, profile=None,
'''
conn = _get_conn(region=region, key=key, keyid=keyid, profile=profile)
group = _get_group(conn, name, vpc_id, group_id, region)
group = _get_group(conn, name, vpc_id, vpc_name, group_id, region, key, keyid, profile)
if group:
return True
else:
return False
def _check_vpc(vpc_id, vpc_name, region, key, keyid, profile):
data = __salt__['boto_vpc.get_id'](name=vpc_name, region=region,
key=key, keyid=keyid, profile=profile)
try:
return data.get('id')
except TypeError:
return None
except KeyError:
return None
def _split_rules(rules):
'''
Split rules with combined grants into individual rules.
@ -131,12 +143,24 @@ def _split_rules(rules):
return split
def _get_group(conn, name=None, vpc_id=None, group_id=None, region=None): # pylint: disable=W0613
def _get_group(conn=None, name=None, vpc_id=None, vpc_name=None, group_id=None,
region=None, key=None, keyid=None, profile=None): # pylint: disable=W0613
'''
Get a group object given a name, name and vpc_id or group_id. Return a
boto.ec2.securitygroup.SecurityGroup object if the group is found, else
Get a group object given a name, name and vpc_id/vpc_name or group_id. Return
a boto.ec2.securitygroup.SecurityGroup object if the group is found, else
return None.
'''
if vpc_name and vpc_id:
raise SaltInvocationError('The params \'vpc_id\' and \'vpc_name\' '
'are mutually exclusive.')
if not vpc_id and vpc_name:
try:
vpc_id = _check_vpc(vpc_id, vpc_name, region, key, keyid, profile)
except boto.exception.BotoServerError as e:
log.debug(e)
return None
if name:
if vpc_id is None:
log.debug('getting group for {0}'.format(name))
@ -211,7 +235,8 @@ def _parse_rules(sg, rules):
return _rules
def get_group_id(name, vpc_id=None, region=None, key=None, keyid=None, profile=None):
def get_group_id(name, vpc_id=None, vpc_name=None, region=None, key=None,
keyid=None, profile=None):
'''
Get a Group ID given a Group Name or Group Name and VPC ID
@ -221,15 +246,15 @@ def get_group_id(name, vpc_id=None, region=None, key=None, keyid=None, profile=N
'''
conn = _get_conn(region=region, key=key, keyid=keyid, profile=profile)
group = _get_group(conn, name, vpc_id, region)
group = _get_group(conn, name, vpc_id, vpc_name, region, key, keyid, profile)
if group:
return group.id
else:
return False
def convert_to_group_ids(groups, vpc_id, region=None, key=None, keyid=None,
profile=None):
def convert_to_group_ids(groups, vpc_id, vpc_name=None, region=None, key=None,
keyid=None, profile=None):
'''
Given a list of security groups and a vpc_id, convert_to_group_ids will
convert all list items in the given list to security group ids.
@ -248,7 +273,7 @@ def convert_to_group_ids(groups, vpc_id, region=None, key=None, keyid=None,
else:
log.debug('calling boto_secgroup.get_group_id for'
' group name {0}'.format(group))
group_id = get_group_id(group, vpc_id, region, key, keyid, profile)
group_id = get_group_id(group, vpc_id, vpc_name, region, key, keyid, profile)
log.debug('group name {0} has group id {1}'.format(
group, group_id)
)
@ -258,7 +283,7 @@ def convert_to_group_ids(groups, vpc_id, region=None, key=None, keyid=None,
def get_config(name=None, group_id=None, region=None, key=None, keyid=None,
profile=None, vpc_id=None):
profile=None, vpc_id=None, vpc_name=None):
'''
Get the configuration for a security group.
@ -268,7 +293,7 @@ def get_config(name=None, group_id=None, region=None, key=None, keyid=None,
'''
conn = _get_conn(region=region, key=key, keyid=keyid, profile=profile)
sg = _get_group(conn, name, vpc_id, group_id, region)
sg = _get_group(conn, name, vpc_id, vpc_name, group_id, region, key, keyid, profile)
if sg:
ret = odict.OrderedDict()
ret['name'] = sg.name
@ -287,8 +312,8 @@ def get_config(name=None, group_id=None, region=None, key=None, keyid=None,
return None
def create(name, description, vpc_id=None, region=None, key=None, keyid=None,
profile=None):
def create(name, description, vpc_id=None, vpc_name=None, region=None, key=None,
keyid=None, profile=None):
'''
Create a security group.
@ -298,6 +323,13 @@ def create(name, description, vpc_id=None, region=None, key=None, keyid=None,
'''
conn = _get_conn(region=region, key=key, keyid=keyid, profile=profile)
if not vpc_id and vpc_name:
try:
vpc_id = _check_vpc(vpc_id, vpc_name, region, key, keyid, profile)
except boto.exception.BotoServerError as e:
log.debug(e)
return False
created = conn.create_security_group(name, description, vpc_id)
if created:
log.info('Created security group {0}.'.format(name))
@ -309,7 +341,7 @@ def create(name, description, vpc_id=None, region=None, key=None, keyid=None,
def delete(name=None, group_id=None, region=None, key=None, keyid=None,
profile=None, vpc_id=None):
profile=None, vpc_id=None, vpc_name=None):
'''
Delete a security group.
@ -319,7 +351,7 @@ def delete(name=None, group_id=None, region=None, key=None, keyid=None,
'''
conn = _get_conn(region=region, key=key, keyid=keyid, profile=profile)
group = _get_group(conn, name, vpc_id, group_id, region)
group = _get_group(conn, name, vpc_id, vpc_name, group_id, region, key, keyid, profile)
if group:
deleted = conn.delete_security_group(group_id=group.id)
if deleted:
@ -338,8 +370,8 @@ def delete(name=None, group_id=None, region=None, key=None, keyid=None,
def authorize(name=None, source_group_name=None,
source_group_owner_id=None, ip_protocol=None,
from_port=None, to_port=None, cidr_ip=None, group_id=None,
source_group_group_id=None, region=None, key=None,
keyid=None, profile=None, vpc_id=None, egress=False):
source_group_group_id=None, region=None, key=None, keyid=None,
profile=None, vpc_id=None, vpc_name=None, egress=False):
'''
Add a new rule to an existing security group.
@ -349,7 +381,7 @@ def authorize(name=None, source_group_name=None,
'''
conn = _get_conn(region=region, key=key, keyid=keyid, profile=profile)
group = _get_group(conn, name, vpc_id, group_id, region)
group = _get_group(conn, name, vpc_id, vpc_name, group_id, region, key, keyid, profile)
if group:
try:
added = None
@ -375,21 +407,21 @@ def authorize(name=None, source_group_name=None,
log.error(msg)
return False
except boto.exception.EC2ResponseError as e:
log.debug(e)
msg = ('Failed to add rule to security group {0} with id {1}.'
.format(group.name, group.id))
log.error(msg)
log.error(e)
return False
else:
log.debug('Failed to add rule to security group.')
log.error('Failed to add rule to security group.')
return False
def revoke(name=None, source_group_name=None,
source_group_owner_id=None, ip_protocol=None,
from_port=None, to_port=None, cidr_ip=None, group_id=None,
source_group_group_id=None, region=None, key=None,
keyid=None, profile=None, vpc_id=None, egress=False):
source_group_group_id=None, region=None, key=None, keyid=None,
profile=None, vpc_id=None, vpc_name=None, egress=False):
'''
Remove a rule from an existing security group.
@ -399,7 +431,7 @@ def revoke(name=None, source_group_name=None,
'''
conn = _get_conn(region=region, key=key, keyid=keyid, profile=profile)
group = _get_group(conn, name, vpc_id, group_id, region)
group = _get_group(conn, name, vpc_id, vpc_name, group_id, region, key, keyid, profile)
if group:
try:
revoked = None
@ -426,11 +458,11 @@ def revoke(name=None, source_group_name=None,
log.error(msg)
return False
except boto.exception.EC2ResponseError as e:
log.debug(e)
msg = ('Failed to remove rule from security group {0} with id {1}.'
.format(group.name, group.id))
log.error(msg)
log.error(e)
return False
else:
log.debug('Failed to remove rule from security group.')
log.error('Failed to remove rule from security group.')
return False

57
salt/states/boto_secgroup.py
View file

@ -104,6 +104,7 @@ def present(
name,
description,
vpc_id=None,
vpc_name=None,
rules=None,
rules_egress=None,
region=None,
@ -120,7 +121,10 @@ def present(
A description of this security group.
vpc_id
The ID of the VPC to create the security group in, if any.
The ID of the VPC to create the security group in, if any. Exclusive with vpc_name.
vpc_name
The name of the VPC wherein to create the security group, if any. Exclusive with vpc_id.
rules
A list of ingress rule dicts.
@ -142,7 +146,7 @@ def present(
that contains a dict with region, key and keyid.
'''
ret = {'name': name, 'result': True, 'comment': '', 'changes': {}}
_ret = _security_group_present(name, description, vpc_id, region, key,
_ret = _security_group_present(name, description, vpc_id, vpc_name, region, key,
keyid, profile)
ret['changes'] = _ret['changes']
ret['comment'] = ' '.join([ret['comment'], _ret['comment']])
@ -154,7 +158,8 @@ def present(
rules = []
if not rules_egress:
rules_egress = []
_ret = _rules_present(name, rules, rules_egress, vpc_id, region, key, keyid, profile)
_ret = _rules_present(name, rules, rules_egress, vpc_id, vpc_name, region, key,
keyid, profile)
ret['changes'] = dictupdate.update(ret['changes'], _ret['changes'])
ret['comment'] = ' '.join([ret['comment'], _ret['comment']])
if not _ret['result']:
@ -166,6 +171,7 @@ def _security_group_present(
name,
description,
vpc_id,
vpc_name,
region,
key,
keyid,
@ -178,7 +184,7 @@ def _security_group_present(
'''
ret = {'result': True, 'comment': '', 'changes': {}}
exists = __salt__['boto_secgroup.exists'](name, region, key, keyid,
profile, vpc_id)
profile, vpc_id, vpc_name)
if not exists:
if __opts__['test']:
msg = 'Security group {0} is set to be created.'.format(name)
@ -186,11 +192,13 @@ def _security_group_present(
ret['result'] = None
return ret
created = __salt__['boto_secgroup.create'](name, description, vpc_id,
region, key, keyid, profile)
vpc_name, region, key, keyid,
profile)
if created:
ret['changes']['old'] = {'secgroup': None}
sg = __salt__['boto_secgroup.get_config'](name, None, region, key,
keyid, profile, vpc_id)
keyid, profile, vpc_id,
vpc_name)
ret['changes']['new'] = {'secgroup': sg}
ret['comment'] = 'Security group {0} created.'.format(name)
else:
@ -340,12 +348,13 @@ def _rules_present(
rules,
rules_egress,
vpc_id,
vpc_name,
region,
key,
keyid,
profile):
'''
given a group name or group name and vpc_id:
given a group name or group name and vpc_id/vpc_name:
1. get lists of desired rule changes (using _get_rule_changes)
2. delete/revoke or authorize/create rules
3. return 'old' and 'new' group rules
@ -354,7 +363,7 @@ def _rules_present(
ret = {'result': True, 'comment': '', 'changes': {}}
sg = __salt__['boto_secgroup.get_config'](name, None, region, key, keyid,
profile, vpc_id)
profile, vpc_id, vpc_name)
if not sg:
msg = '{0} security group configuration could not be retrieved.'
ret['comment'] = msg.format(name)
@ -362,12 +371,12 @@ def _rules_present(
return ret
rules = _split_rules(rules)
rules_egress = _split_rules(rules_egress)
if vpc_id:
if vpc_id or vpc_name:
for rule in itertools.chain(rules, rules_egress):
_source_group_name = rule.get('source_group_name', None)
if _source_group_name:
_group_id = __salt__['boto_secgroup.get_group_id'](
_source_group_name, vpc_id, region, key, keyid, profile
_source_group_name, vpc_id, vpc_name, region, key, keyid, profile
)
if not _group_id:
msg = ('source_group_name {0} does not map to a valid'
@ -389,8 +398,8 @@ def _rules_present(
deleted = True
for rule in to_delete:
_deleted = __salt__['boto_secgroup.revoke'](
name, vpc_id=vpc_id, region=region, key=key, keyid=keyid,
profile=profile, **rule)
name, vpc_id=vpc_id, vpc_name=vpc_name, region=region, key=key,
keyid=keyid, profile=profile, **rule)
if not _deleted:
deleted = False
if deleted:
@ -404,8 +413,8 @@ def _rules_present(
created = True
for rule in to_create:
_created = __salt__['boto_secgroup.authorize'](
name, vpc_id=vpc_id, region=region, key=key, keyid=keyid,
profile=profile, **rule)
name, vpc_id=vpc_id, vpc_name=vpc_name, region=region, key=key,
keyid=keyid, profile=profile, **rule)
if not _created:
created = False
if created:
@ -420,8 +429,8 @@ def _rules_present(
deleted = True
for rule in to_delete_egress:
_deleted = __salt__['boto_secgroup.revoke'](
name, vpc_id=vpc_id, region=region, key=key, keyid=keyid,
profile=profile, egress=True, **rule)
name, vpc_id=vpc_id, vpc_name=vpc_name, region=region, key=key,
keyid=keyid, profile=profile, egress=True, **rule)
if not _deleted:
deleted = False
if deleted:
@ -436,8 +445,8 @@ def _rules_present(
created = True
for rule in to_create_egress:
_created = __salt__['boto_secgroup.authorize'](
name, vpc_id=vpc_id, region=region, key=key, keyid=keyid,
profile=profile, egress=True, **rule)
name, vpc_id=vpc_id, vpc_name=vpc_name, region=region, key=key,
keyid=keyid, profile=profile, egress=True, **rule)
if not _created:
created = False
if created:
@ -450,7 +459,7 @@ def _rules_present(
ret['changes']['old'] = {'rules': sg['rules'], 'rules_egress': sg['rules_egress']}
sg = __salt__['boto_secgroup.get_config'](name, None, region, key,
keyid, profile, vpc_id)
keyid, profile, vpc_id, vpc_name)
ret['changes']['new'] = {'rules': sg['rules'], 'rules_egress': sg['rules_egress']}
return ret
@ -458,6 +467,7 @@ def _rules_present(
def absent(
name,
vpc_id=None,
vpc_name=None,
region=None,
key=None,
keyid=None,
@ -469,7 +479,10 @@ def absent(
Name of the security group.
vpc_id
The ID of the VPC to create the security group in, if any.
The ID of the VPC to remove the security group from, if any. Exclusive with vpc_name.
vpc_name
The name of the VPC wherefrom to delete the security group, if any. Exclusive with vpc_id.
region
Region to connect to.
@ -487,7 +500,7 @@ def absent(
ret = {'name': name, 'result': None, 'comment': '', 'changes': {}}
sg = __salt__['boto_secgroup.get_config'](name, True, region, key, keyid,
profile, vpc_id)
profile, vpc_id, vpc_name)
if sg:
if __opts__['test']:
msg = 'Security group {0} is set to be removed.'.format(name)
@ -495,7 +508,7 @@ def absent(
ret['result'] = None
return ret
deleted = __salt__['boto_secgroup.delete'](name, None, region, key,
keyid, profile, vpc_id)
keyid, profile, vpc_id, vpc_name)
if deleted:
ret['changes']['old'] = {'secgroup': sg}
ret['changes']['new'] = {'secgroup': None}