ec2-driver/group_rule_refresher.py

# Copyright (c) 2014 ThoughtWorks
# All Rights Reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

class GroupRuleRefresher:

    def __init__(self, ec2_connection, openstack_rule_service, ec2_rule_service):
        self.ec2_conn = ec2_connection
        self.openstack_rule_service = openstack_rule_service
        self.ec2_rule_service = ec2_rule_service

    def refresh(self, group_name):
        openstack_rules = self.openstack_rule_service.get_rules_for_group(group_name)
        ec2_rules = self.ec2_rule_service.get_rules_for_group(group_name)

        self._add_rules_to_ec2(ec2_rules, group_name, openstack_rules)
        self._remove_rules_from_ec2(ec2_rules, group_name, openstack_rules)

    def _add_rules_to_ec2(self, ec2_rules, group_name, openstack_rules):
        for rule in openstack_rules - ec2_rules:
            self._add_rule_on_ec2(group_name, rule)

    def _remove_rules_from_ec2(self, ec2_rules, group_name, openstack_rules):
        for rule in ec2_rules - openstack_rules:
            self._remove_rule_from_ec2(group_name, rule)

    def _remove_rule_from_ec2(self, group_name, rule):
        self.ec2_conn.revoke_security_group(
            group_name=group_name,
            ip_protocol=rule.ip_protocol,
            from_port=rule.from_port,
            to_port=rule.to_port,
            cidr_ip=rule.ip_range
        )

    def _add_rule_on_ec2(self, group_name, rule):
        self.ec2_conn.authorize_security_group(
            group_name=group_name,
            ip_protocol=rule.ip_protocol,
            from_port=rule.from_port,
            to_port=rule.to_port,
            cidr_ip=rule.ip_range
        )