deltacloud-core 0.3.0 → 0.4.0

data/lib/deltacloud/drivers/condor/condor_driver.rb

@@ -0,0 +1,236 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.  The
+# ASF licenses this file to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance with the
+# License.  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'deltacloud/base_driver'
+
+
+class Instance
+  def self.convert_condor_state(state_id)
+    case state_id
+      when 0,1,5 then 'PENDING'
+      when 2     then 'RUNNING'
+      when 3,4   then 'SHUTTING_DOWN'
+      else raise "Unknown Condor state (#{state_id})"
+    end
+  end
+end
+
+require 'deltacloud/drivers/condor/condor_client'
+
+module Deltacloud
+
+  module Drivers
+    module Condor
+
+      require 'base64'
+      require 'uuid'
+      require 'fileutils'
+
+      class CondorDriver < Deltacloud::BaseDriver
+
+        feature :instances, :user_data
+        feature :instances, :authentication_password
+
+        def supported_collections
+          DEFAULT_COLLECTIONS - [ :storage_volumes, :storage_snapshots ]
+        end
+
+        CONDOR_MAPPER_DIR = ENV['CONDOR_MAPPER_DIR'] || '/var/tmp'
+
+        def hardware_profiles(credentials, opts={})
+          results = []
+          new_client(credentials) do |condor|
+            results = condor.hardware_profiles.collect do |hwp|
+              HardwareProfile::new(hwp[:name]) do
+                architecture 'x86_64'
+                memory  hwp[:memory]
+                cpu     hwp[:cpus]
+                storage 100
+              end
+            end
+          end
+          filter_hardware_profiles(results, opts)
+        end
+
+        def realms(credentials, opts={})
+          [
+            Realm::new(
+              :id => 'default',
+              :name => 'Default Condor Realm',
+              :limit => :unlimited,
+              :state => 'AVAILABLE'
+            )
+          ]
+        end
+
+        def images(credentials, opts={})
+          results = []
+          new_client(credentials) do |condor|
+            results = condor.images.collect do |image|
+              Image::new(
+                :id => Digest::SHA1.hexdigest(image.name).to_s,
+                :name => image.name.split(':').first,
+                :state => image.state || 'AVAILABLE',
+                :architecture => 'x86_64',
+                :owner_id => image.owner_id || 'unknown',
+                :description => image.description
+              )
+            end
+          end
+          filter_on( results, :id, opts )
+        end
+
+        def instances(credentials, opts={})
+          results = []
+          new_client(credentials) do |condor|
+            results = condor.instances.collect do |instance|
+              vm_uuid = get_value(:uuid, instance.id)
+              ip_address = condor.ip_agent.find_ip_by_mac(vm_uuid)
+              Instance::new(
+                :id => instance.id,
+                :name => instance.name,
+                :realm_id => 'default',
+                :instance_profile => InstanceProfile::new(instance.instance_profile.name),
+                :image_id => instance.image_id,
+                :public_addresses => [ ip_address ],
+                :owner_id => instance.owner_id,
+                :description => instance.name,
+                :architecture => 'x86_64',
+                :actions => instance_actions_for(instance.state),
+                :launch_time => instance.launch_time,
+                :username => 'root',
+                :password => opts[:password],
+                :state => instance.state
+              )
+            end
+          end
+          results = filter_on( results, :state, opts )
+          filter_on( results, :id, opts )
+        end
+
+        def create_instance(credentials, image_id, opts={})
+          # User data should contain this Base64 encoded configuration:
+          #
+          # $config_server_ip:[$uuid]
+          #
+          # $config_server - IP address of Configuration Server to use (eg. 192.168.1.1)
+          # $uuid          - UUID to use for instance (will be used for ConfServer <-> DC
+          #                  API communication)
+          # $otp           - One-time-password
+          #
+          user_data = opts[:user_data] ? Base64.decode64(opts[:user_data]) : nil
+          if user_data
+            config_server_address, vm_uuid, vm_otp = opts[:user_data].strip.split(';')
+            if vm_uuid.nil? and vm_otp.nil?
+              vm_uuid = config_server_address
+              config_server_address = nil
+            end
+          end
+          vm_uuid ||= UUID::new.generate
+          vm_otp ||= vm_uuid[0..7]
+          new_client(credentials) do |condor|
+            config_server_address ||= condor.ip_agent.address
+            image = images(credentials, :id => image_id).first
+            hardware_profile = hardware_profiles(credentials, :id => opts[:hwp_id] || 'small').first
+            instance = condor.launch_instance(image, hardware_profile, {
+              :name => opts[:name] || "i-#{Time.now.to_i}",
+              :config_server_address => config_server_address,
+              :uuid => vm_uuid,
+              :otp => vm_otp,
+            }).first
+            store(:uuid, vm_uuid, instance.id)
+            raise "Error: VM not launched" unless instance
+            instance(credentials, { :id => instance.id, :password => vm_otp })
+          end
+        end
+
+        def destroy_instance(credentials, instance_id)
+          old_instance = instance(credentials, :id => instance_id)
+          new_client(credentials) do |condor|
+            condor.destroy_instance(instance_id)
+            remove_key(:uuid, instance_id)
+            remove_key(:mac, instance_id)
+          end
+          old_instance.state = 'PENDING'
+          old_instance.actions = instance_actions_for(old_instance.state),
+          old_instance
+        end
+
+        define_instance_states do
+          start.to( :pending )          .automatically
+          pending.to( :running )        .automatically
+          pending.to( :finish )         .on(:destroy)
+          running.to( :running )        .on( :reboot )
+          running.to( :shutting_down )  .on( :destroy )
+          pending.to( :finish )         .automatically
+        end
+
+        def valid_credentials?(credentials)
+          if ( credentials.user != @config[:username] ) or ( credentials.password != @config[:password] )
+            return false
+          end
+          return true
+        end
+
+        exceptions do
+          on /AuthException/ do
+            status 401
+          end
+          on /ERROR/ do
+            status 502
+          end
+        end
+
+        private
+
+        def new_client(credentials)
+          if ( credentials.user != 'condor' ) or ( credentials.password != 'deltacloud' )
+            raise Deltacloud::ExceptionHandler::AuthenticationFailure.new
+          end
+          safely do
+            yield CondorCloud::DefaultExecutor.new
+          end
+        end
+
+        def store(item, key, value)
+          FileUtils.mkdir_p(File.join(CONDOR_MAPPER_DIR, item.to_s))
+          File.open(File.join(CONDOR_MAPPER_DIR, item.to_s, key), 'w') do |f|
+            f.puts(value)
+          end
+        end
+
+        def get_value(key, id)
+          begin
+            File.open(File.join(CONDOR_MAPPER_DIR, key.to_s, id)).read.strip
+          rescue Errno::ENOENT
+            puts "Warning: Could not find entry for #{key} #{id} (#{File.join(CONDOR_MAPPER_DIR, key.to_s, id)})"
+            nil
+          end
+        end
+
+        def remove_key(key, id)
+          begin
+            FileUtils::rm(File.join(CONDOR_MAPPER_DIR, key.to_s, id))
+          rescue
+            # We should probably check for specific error conditions here.  Some we will want to log or throw an error for.
+            puts "Warning: Cannot remove #{key} mapping for instance #{id} (#{File.join(CONDOR_MAPPER_DIR, key.to_s, id)})"
+            nil
+          end
+        end
+      end
+    end
+  end
+end

data/lib/deltacloud/drivers/condor/ip_agents/confserver.rb

@@ -0,0 +1,75 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.  The
+# ASF licenses this file to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance with the
+# License.  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+
+module CondorCloud
+
+  require 'nokogiri'
+  require 'rest-client'
+
+  class ConfServerIPAgent < IPAgent
+
+    def initialize(opts={})
+      @config = opts[:config]
+      self.CondorAddress = ENV['CONFIG_SERVER_CondorAddress'] || @config[:ip_agent_CondorAddress] || "10.34.32.181:4444"
+      @version = @config[:ip_agent_version] || '0.0.1'
+      @client = RestClient::Resource::new(self.CondorAddress)
+      # TODO: Manage MAC CondorAddresses through ConfServer
+      @mappings = Nokogiri::XML(File.open(opts[:file] || File.join('config', 'CondorAddresses.xml')))
+    end
+
+    def find_ip_by_mac(uuid)
+      begin
+        @client["/ip/%s/%s" % [@version, uuid]].get(:accept => 'text/plain').body.strip
+      rescue RestClient::ResourceNotFound
+        '127.0.0.1'
+      rescue
+        puts 'ERROR: Could not query ConfServer for an IP'
+      end
+    end
+
+    def find_mac_by_ip(ip)
+    end
+
+    def find_free_mac
+      addr_hash = {}
+      DefaultExecutor::new do |executor|
+
+        # Make an CondorAddress hash to speed up the inner loop.
+        CondorAddresses.each do |address|
+          addr_hash[address.mac] = address.ip
+        end
+
+        executor.instances.each do |instance|
+          instance.public_CondorAddresses.each do |public_CondorAddress|
+            if addr_hash.key?(public_CondorAddress.mac)
+              addr_hash.delete(public_CondorAddress.mac)
+            end
+          end
+        end
+      end
+
+      raise "No available MACs to assign to instance." if addr_hash.empty?
+
+      return addr_hash.keys.first
+    end
+
+    def CondorAddresses
+      (@mappings/'/CondorAddresses/CondorAddress').collect { |a| CondorAddress.new(:ip => a.text.strip, :mac => a[:mac]) }
+    end
+
+  end
+end

data/lib/deltacloud/drivers/condor/ip_agents/default.rb

@@ -0,0 +1,84 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.  The
+# ASF licenses this file to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance with the
+# License.  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'nokogiri'
+
+module CondorCloud
+
+  class IPAgent
+
+    attr_accessor :address
+
+    def find_mac_by_ip(ip); end
+    def find_ip_by_mac(mac); end
+    def find_free_mac
+      return nil
+    end
+
+    # This method must return an Array of 'CondorAddress' objects
+    # [ CondorAddress.new, CondorAddress.new ]
+    def addresses; end
+  end
+
+
+  # Default IP agent will lookup addresses from XML
+  # files stored in config directory.
+  # You can overide default directory using { :file => 'path' }
+  #
+  class DefaultIPAgent < IPAgent
+
+    def initialize(opts={})
+      @mappings = Nokogiri::XML(File.open(opts[:file] || File.join('config', 'addresses.xml')))
+    end
+
+    def find_free_mac
+      addr_hash = {}
+      DefaultExecutor::new do |executor|
+        addresses = (@mappings/'/addresses/address').collect { |a| CondorAddress.new(:ip => a.text.strip, :mac => a[:mac]) }
+
+        # Make an address hash to speed up the inner loop.
+        addresses.each do |address|
+          addr_hash[address.mac] = address.ip
+        end
+
+        executor.instances.each do |instance|
+          instance.public_addresses.each do |public_address|
+            if addr_hash.key?(public_address.mac)
+              addr_hash.delete(public_address.mac)
+            end
+          end
+        end
+      end
+
+      raise "No available MACs to assign to instance." if addr_hash.empty?
+
+      return addr_hash.keys.first
+    end
+
+    def find_ip_by_mac(mac)
+      t = (@mappings/"/addresses/address[@mac='#{mac}']").text
+      t.empty? ? nil : t
+    end
+
+    def find_mac_by_ip(ip)
+      (@mappings/"/addresses/address[.='#{ip}']").first[:mac] rescue nil
+    end
+
+    def addresses
+      (@mappings/'/addresses/address').collect { |a| CondorAddress.new(:ip => a.text.strip, :mac => a[:mac]) }
+    end
+  end
+end

data/lib/deltacloud/drivers/ec2/ec2_driver.rb

@@ -33,16 +33,17 @@ module Deltacloud
       class EC2Driver < Deltacloud::BaseDriver
 
         def supported_collections
-          DEFAULT_COLLECTIONS + [ :keys, :buckets, :load_balancers ]
+
+          DEFAULT_COLLECTIONS + [ :keys, :buckets, :load_balancers, :addresses, :firewalls ]
         end
 
         feature :instances, :user_data
         feature :instances, :authentication_key
-        feature :instances, :security_group
+        feature :instances, :firewalls
         feature :instances, :instance_count
         feature :images, :owner_id
         feature :buckets, :bucket_location
-        feature :instances, :register_to_load_balancer
+        feature :instances, :attach_snapshot
 
         DEFAULT_REGION = 'us-east-1'
 
@@ -168,26 +169,41 @@ module Deltacloud
           end
         end
 
+        def destroy_image(credentials, image_id)
+          ec2 = new_client(credentials)
+          safely do
+            unless ec2.deregister_image(image_id)
+              raise "ERROR: Unable to deregister AMI"
+            end
+          end
+        end
+
+        def instance(credentials, opts={})
+          ec2 = new_client(credentials)
+          inst_arr = []
+          safely do
+            ec2_inst = ec2.describe_instances([opts[:id]]).first
+            instance = convert_instance(ec2_inst)
+            return nil unless instance
+            if ec2_inst[:aws_platform] == 'windows'
+              console_output = ec2.get_console_output(instance.id)
+              windows_password = console_output[:aws_output][%r{<Password>(.+)</Password>}m] && $1
+              if windows_password
+                instance.username = 'Administrator'
+                instance.password = windows_password
+              end
+            end
+            instance
+          end
+        end
+
         def instances(credentials, opts={})
           ec2 = new_client(credentials)
           inst_arr = []
           safely do
-            inst_arr = ec2.describe_instances.collect do |instance| 
+            inst_arr = ec2.describe_instances.collect do |instance|
               convert_instance(instance) if instance
             end.flatten
-            if tagging?
-              tags = ec2.describe_tags('Filter.1.Name' => 'resource-type',
-                                       'Filter.1.Value' => 'instance')
-              inst_arr.each do |inst|
-                name_tag = tags.select do |t|
-                  (t[:aws_resource_id] == inst.id) and t[:aws_key] == 'name'
-                end
-                unless name_tag.empty?
-                  inst.name = name_tag.first[:aws_value]
-                end
-              end
-              delete_unused_tags(credentials, inst_arr.collect {|inst| inst.id})
-            end
           end
           inst_arr = filter_on( inst_arr, :id, opts )
           filter_on( inst_arr, :state, opts )
@@ -200,23 +216,20 @@ module Deltacloud
           instance_options.merge!(:key_name => opts[:keyname]) if opts[:keyname]
           instance_options.merge!(:availability_zone => opts[:realm_id]) if opts[:realm_id]
           instance_options.merge!(:instance_type => opts[:hwp_id]) if opts[:hwp_id] && opts[:hwp_id].length > 0
-          instance_options.merge!(:group_ids => opts[:security_group]) if opts[:security_group]
+          firewalls = opts.inject([]){|res, (k,v)| res << v if k =~ /firewalls\d+$/; res}
+          instance_options.merge!(:group_ids => firewalls ) unless firewalls.empty?
           instance_options.merge!(
             :min_count => opts[:instance_count],
             :max_count => opts[:instance_count]
           ) if opts[:instance_count] and opts[:instance_count].length!=0
+          if opts[:snapshot_id] and opts[:device_name]
+            instance_options.merge!(:block_device_mappings => [{
+              :snapshot_id => opts[:snapshot_id],
+              :device_name => opts[:device_name]
+            }])
+          end
           safely do
             new_instance = convert_instance(ec2.launch_instances(image_id, instance_options).first)
-            # TODO: Rework this to use client_id for name instead of tag
-            #       Tags should be keept as an optional feature
-            tag_instance(credentials, new_instance, opts[:name])
-            # Register Instance to Load Balancer if load_balancer_id is set.
-            # This parameter is a feature parameter
-            if opts[:load_balancer_id]
-              lb = lb_register_instance(credentials,
-                                        {'id' => opts[:load_balancer_id],
-                                         'instance_id' => new_instance.id})
-            end
             new_instance
           end
         end
@@ -234,11 +247,11 @@ module Deltacloud
             Deltacloud::Runner.execute(opts[:cmd], param)
           end
         end
-    
+
         def reboot_instance(credentials, instance_id)
           ec2 = new_client(credentials)
           if ec2.reboot_instances([instance_id])
-            instance(credentials, instance_id)
+            instance(credentials, :id => instance_id)
           else
             raise Deltacloud::BackendError.new(500, "Instance", "Instance reboot failed", "")
           end
@@ -246,10 +259,8 @@ module Deltacloud
 
         def destroy_instance(credentials, instance_id)
           ec2 = new_client(credentials)
-          instance_id = instance_id
           if ec2.terminate_instances([instance_id])
-            untag_instance(credentials, instance_id)
-            instance(credentials, instance_id)
+            instance(credentials, :id => instance_id)
           else
             raise Deltacloud::BackendError.new(500, "Instance", "Instance cannot be terminated", "")
           end
@@ -348,9 +359,9 @@ module Deltacloud
               bucket_list = s3_client.buckets
               bucket_list.each do |current|
                 buckets << Bucket.new({:name => current.name, :id => current.name})
-              end #bucket_list.each
-            end #if
-          end #safely
+              end
+            end
+          end
           filter_on(buckets, :id, opts)
         end
 
@@ -359,7 +370,7 @@ module Deltacloud
           safely do
             s3_client = new_client(credentials, :s3)
             bucket_location = opts['location']
-            if bucket_location
+            if (bucket_location && bucket_location.size >0)
               bucket = Aws::S3::Bucket.create(s3_client, name, true, nil, :location => bucket_location)
             else
               bucket = Aws::S3::Bucket.create(s3_client, name, true)
@@ -380,8 +391,12 @@ module Deltacloud
           blobs = []
           safely do
             s3_bucket = s3_client.bucket(opts['bucket'])
-            s3_bucket.keys({}, true).each do |s3_object|
-              blobs << convert_object(s3_object)
+            if(opts[:id])
+              blobs << convert_object(s3_bucket.key(opts[:id], true))
+            else
+              s3_bucket.keys({}, true).each do |s3_object|
+                blobs << convert_object(s3_object)
+              end
             end
           end
           blobs = filter_on(blobs, :id, opts)
@@ -389,7 +404,7 @@ module Deltacloud
         end
 
         #--
-        # Create Blob
+        # Create Blob - NON Streaming way (i.e. was called with POST html multipart form data)
         #--
         def create_blob(credentials, bucket_id, blob_id, data = nil, opts = {})
           s3_client = new_client(credentials, :s3)
@@ -399,12 +414,12 @@ module Deltacloud
           # File stream needs to be reopened in binary mode for whatever reason
           file = File::open(data[:tempfile].path, 'rb')
           #insert ec2-specific header for user metadata ... x-amz-meta-KEY = VALUE
-          opts.gsub_keys('HTTP_X_Deltacloud_Blobmeta_', 'x-amz-meta-')
+          BlobHelper::rename_metadata_headers(opts, 'x-amz-meta-')
           opts["Content-Type"] = data[:type]
           safely do
-            res = s3_client.interface.put(bucket_id, 
-                                        blob_id, 
-                                        file, 
+            res = s3_client.interface.put(bucket_id,
+                                        blob_id,
+                                        file,
                                         opts)
           end
           #create a new Blob object and return that
@@ -420,7 +435,7 @@ module Deltacloud
 
         #--
         # Delete Blob
-        #--  
+        #--
         def delete_blob(credentials, bucket_id, blob_id, opts={})
           s3_client = new_client(credentials, :s3)
           safely do
@@ -428,6 +443,23 @@ module Deltacloud
           end
         end
 
+        def blob_metadata(credentials, opts={})
+          s3_client = new_client(credentials, :s3)
+          blob_meta = {}
+          safely do
+            the_blob = s3_client.bucket(opts['bucket']).key(opts[:id], true)
+            blob_meta = the_blob.meta_headers
+          end
+        end
+
+        def update_blob_metadata(credentials, opts={})
+          s3_client = new_client(credentials, :s3)
+          meta_hash = BlobHelper::rename_metadata_headers(opts['meta_hash'], '')
+          safely do
+            the_blob = s3_client.bucket(opts['bucket']).key(opts[:id])
+            the_blob.save_meta(meta_hash)
+          end
+        end
 
         def blob_data(credentials, bucket_id, blob_id, opts={})
           s3_client = new_client(credentials, :s3)
@@ -438,6 +470,35 @@ module Deltacloud
           end
         end
 
+        #params: {:user,:password,:bucket,:blob,:content_type,:content_length,:metadata}
+        def blob_stream_connection(params)
+          #canonicalise metadata:
+          #http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?RESTAuthentication.html
+          metadata = params[:metadata] || {}
+          signature_meta_string = ""
+          BlobHelper::rename_metadata_headers(metadata, 'x-amz-meta-')
+          keys_array = metadata.keys.sort!
+          keys_array.each {|k| signature_meta_string << "#{k}:#{metadata[k]}\n"}
+          provider = "https://#{endpoint_for_service(:s3)}"
+          uri = URI.parse(provider)
+          http = Net::HTTP.new("#{params[:bucket]}.#{uri.host}", uri.port )
+          http.use_ssl = true
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          timestamp = Time.now.httpdate
+          string_to_sign =
+            "PUT\n\n#{params[:content_type]}\n#{timestamp}\n#{signature_meta_string}/#{params[:bucket]}/#{params[:blob]}"
+          auth_string = Aws::Utils::sign(params[:password], string_to_sign)
+          request = Net::HTTP::Put.new("/#{params[:blob]}")
+          request['Host'] = "#{params[:bucket]}.#{uri.host}"
+          request['Date'] = timestamp
+          request['Content-Type'] = params[:content_type]
+          request['Content-Length'] = params[:content_length]
+          request['Authorization'] = "AWS #{params[:user]}:#{auth_string}"
+          request['Expect'] = "100-continue"
+          metadata.each{|k,v| request[k] = v}
+          return http, request
+        end
+
         def storage_volumes(credentials, opts={})
           ec2 = new_client( credentials )
           volume_list = (opts and opts[:id]) ? opts[:id] : nil
@@ -462,7 +523,7 @@ module Deltacloud
         def destroy_storage_volume(credentials, opts={})
           ec2 = new_client(credentials)
           safely do
-            unless ec2.delete_volume(opts[:id]) 
+            unless ec2.delete_volume(opts[:id])
               raise Deltacloud::BackendError.new(500, "StorageVolume", "Cannot delete storage volume")
             end
             storage_volume(credentials, opts[:id])
@@ -509,18 +570,139 @@ module Deltacloud
           end
         end
 
+        def addresses(credentials, opts={})
+          ec2 = new_client(credentials)
+          address_id = (opts and opts[:id]) ? [opts[:id]] : []
+          safely do
+            begin
+              ec2.describe_addresses(address_id).collect do |address|
+                Address.new(:id => address[:public_ip], :instance_id => address[:instance_id])
+              end
+            rescue Exception => e
+              return [] if e.message =~ /InvalidAddress\.NotFound:/
+              raise e
+            end
+          end
+        end
+
+        def address(credentials, opts={})
+          addresses(credentials, :id => opts[:id]).first
+        end
+
+        def create_address(credentials, opts={})
+          ec2 = new_client(credentials)
+          safely do
+            Address.new(:id => ec2.allocate_address)
+          end
+        end
+
+        def destroy_address(credentials, opts={})
+          ec2 = new_client(credentials)
+          safely do
+            ec2.release_address(opts[:id])
+          end
+        end
+
+        def associate_address(credentials, opts={})
+          ec2 = new_client(credentials)
+          safely do
+            if ec2.associate_address(opts[:instance_id], opts[:id])
+              Address.new(:id => opts[:id], :instance_id => opts[:instance_id])
+            else
+              raise "ERROR: Cannot associate IP address to an Instance"
+            end
+          end
+        end
+
+        def disassociate_address(credentials, opts={})
+          ec2 = new_client(credentials)
+          safely do
+            if ec2.disassociate_address(opts[:id])
+              Address.new(:id => opts[:id])
+            else
+              raise "ERROR: Cannot disassociate an IP address from the Instance"
+            end
+          end
+        end
+
+#--
+#FIREWALLS - ec2 security groups
+#--
+        def firewalls(credentials, opts={})
+          ec2 = new_client(credentials)
+          the_firewalls = []
+          groups = []
+          safely do
+            if opts[:id]
+              groups = ec2.describe_security_groups([opts[:id]])
+            else
+              groups = ec2.describe_security_groups()
+            end
+          end
+          groups.each do |security_group|
+            the_firewalls << convert_security_group(security_group)
+          end
+          the_firewalls
+        end
+
+#--
+#Create firewall
+#--
+        def create_firewall(credentials, opts={})
+          ec2 = new_client(credentials)
+          safely do
+            ec2.create_security_group(opts["name"], opts["description"])
+          end
+          Firewall.new( { :id=>opts["name"], :name=>opts["name"],
+                          :description => opts["description"], :owner_id => "", :rules => [] } )
+        end
+
+#--
+#Delete firewall
+#--
+        def delete_firewall(credentials, opts={})
+          ec2 = new_client(credentials)
+          safely do
+            ec2.delete_security_group(opts["id"])
+          end
+        end
+#--
+#Create firewall rule
+#--
+        def create_firewall_rule(credentials, opts={})
+          ec2 = new_client(credentials)
+          groups = []
+          opts['groups'].each do |k,v|
+            groups << {"group_name" => k, "owner" =>v}
+          end
+          safely do
+            ec2.manage_security_group_ingress(opts['id'], opts['port_from'], opts['port_to'], opts['protocol'],
+              "authorize", opts['addresses'], groups)
+          end
+        end
+#--
+#Delete firewall rule
+#--
+        def delete_firewall_rule(credentials, opts={})
+          ec2 = new_client(credentials)
+          firewall = opts[:firewall]
+          protocol, from_port, to_port, addresses, groups = firewall_rule_params(opts[:rule_id])
+          safely do
+            ec2.manage_security_group_ingress(firewall, from_port, to_port, protocol, "revoke", addresses, groups)
+          end
+        end
+
         def valid_credentials?(credentials)
           retval = true
           begin
             realms(credentials)
-          rescue Deltacloud::BackendError
+          rescue
             retval = false
           end
           retval
         end
 
         private
-
         def new_client(credentials, type = :ec2)
           klass = case type
                     when :elb then Aws::Elb
@@ -538,47 +720,13 @@ module Deltacloud
           "machine"
         end
 
-        def tagging?
-          true
-        end
-
         def endpoint_for_service(service)
-          endpoint = (Thread.current[:provider] || ENV['API_PROVIDER'] || DEFAULT_REGION)
+          endpoint = (api_provider || DEFAULT_REGION)
           # return the endpoint if it does not map to a default endpoint, allowing
           # the endpoint to be a full hostname instead of a region.
           Deltacloud::Drivers::driver_config[:ec2][:entrypoints][service.to_s][endpoint] || endpoint
         end
 
-        def tag_instance(credentials, instance, name)
-          if name
-            ec2 = new_client(credentials)
-            safely do
-              ec2.create_tag(instance.id, 'name', name)
-            end
-          end
-        end
-
-        def untag_instance(credentials, instance_id)
-          ec2 = new_client(credentials)
-          safely do
-            ec2.delete_tag(instance_id, 'name')
-          end
-        end
-
-        def delete_unused_tags(credentials, inst_ids)
-          ec2 = new_client(credentials)
-          tags = []
-          safely do
-            tags = ec2.describe_tags('Filter.1.Name' => 'resource-type', 'Filter.1.Value' => 'instance')
-            tags.collect! { |t| t[:aws_resource_id] }
-            inst_ids.each do |inst_id|
-              unless tags.include?(inst_id)
-                ec2.delete_tag(inst_id, 'name')
-              end
-            end
-          end
-        end
-        
         def convert_bucket(s3_bucket)
           #get blob list:
           blob_list = []
@@ -602,7 +750,7 @@ module Deltacloud
             :content_type => s3_object.headers['content-type'],
             :last_modified => s3_object.last_modified,
             :user_metadata => s3_object.meta_headers
-          )  
+          )
         end
 
         def convert_realm(realm)
@@ -622,7 +770,7 @@ module Deltacloud
             :description => image[:aws_description] || image[:aws_location],
             :owner_id => image[:aws_owner],
             :architecture => image[:aws_architecture],
-            :state => image[:state]
+            :state => image[:aws_state]
           )
         end
 
@@ -635,12 +783,13 @@ module Deltacloud
             :image_id => instance[:aws_image_id],
             :owner_id => instance[:aws_owner],
             :actions => instance_actions_for(convert_state(instance[:aws_state])),
-            :key_name => instance[:ssh_key_name],
+            :keyname => instance[:ssh_key_name],
             :launch_time => instance[:aws_launch_time],
             :instance_profile => InstanceProfile.new(instance[:aws_instance_type]),
             :realm_id => instance[:aws_availability_zone],
             :private_addresses => instance[:private_dns_name],
             :public_addresses => instance[:dns_name],
+            :firewalls => instance[:aws_groups],
             :create_image => can_create_image
           )
         end
@@ -665,8 +814,8 @@ module Deltacloud
             :realm_id => volume[:zone],
             :device => volume[:aws_device],
             # TODO: the available actions should be tied to the current
-            # volume state                
-            :actions => [:attach, :detach, :destroy] 
+            # volume state
+            :actions => [:attach, :detach, :destroy]
           )
         end
 
@@ -697,11 +846,87 @@ module Deltacloud
             balancer.add_listener(listener)
           end
           loadbalancer[:instances].each do |instance|
-            balancer.instances << instance(credentials, :id => instance[:id])
+            balancer.instances << instance(credentials, :id => instance[:instance_id])
           end
           balancer
         end
 
+        #generate uid from firewall rule parameters (amazon doesn't do this for us
+        def firewall_rule_id(user_id, protocol, from_port, to_port, sources)
+          sources_string = ""
+          sources.each do |source|
+          if source[:type].to_s == "group"
+            sources_string << "@#{source[:type]},#{source[:owner]},#{source[:name]},"
+          else
+            sources_string << "@#{source[:type]},#{source[:family]},#{source[:address]},#{source[:prefix]},"
+          end
+        end
+         #sources_string is @group,297467797945,test@address,ipv4,10.1.1.1,24 etc
+         id_string = "#{user_id}~#{protocol}~#{from_port}~#{to_port}~#{sources_string.chomp!(",")}"
+#sources_string.slice(0,sources_string.length-1)}"
+        end
+
+        #extract params from uid
+        def firewall_rule_params(id)
+          #user_id~protocol~from_port~to_port~sources_string
+          params = id.split("~")
+          protocol = params[1]
+          from_port = params[2]
+          to_port = params[3]
+          sources = params[4].split("@")
+          sources.shift #first match is ""
+          addresses = []
+          groups = []
+          #@group,297467797945,test@address,ipv4,10.1.1.1,24@address,ipv4,192.168.1.1,24
+          sources.each do |source|
+            current = source.split(",")
+            type = current[0]
+            case type
+              when 'group'
+                #group,297467797945,test
+                owner = current[1]
+                name = current[2]
+                groups << {'group_name' => name, 'owner' => owner}
+              when 'address'
+                #address,ipv4,10.1.1.1,24
+                address = current[2]
+                address<<"/#{current[3]}"
+                addresses << address
+            end
+          end
+          return protocol, from_port, to_port, addresses, groups
+        end
+
+        #Convert ec2 security group to server/lib/deltacloud/models/firewall
+        def convert_security_group(security_group)
+          rules = []
+          security_group[:aws_perms].each do |perm|
+            sources = []
+            perm[:groups].each do |group|
+              sources << {:type => "group", :name => group[:group_name], :owner => group[:owner]}
+            end
+            perm[:ip_ranges].each do |ip|
+              sources << {:type => "address", :family=>"ipv4",
+                          :address=>ip[:cidr_ip].split("/").first,
+                          :prefix=>ip[:cidr_ip].split("/").last}
+            end
+            rule_id = firewall_rule_id(security_group[:aws_owner], perm[:protocol],
+                                       perm[:from_port] , perm[:to_port], sources)
+            rules << FirewallRule.new({:id => rule_id,
+                                        :allow_protocol => perm[:protocol],
+                                        :port_from => perm[:from_port],
+                                        :port_to => perm[:to_port],
+                                        :direction => 'ingress',
+                                        :sources => sources})
+          end
+          Firewall.new(  {  :id => security_group[:aws_group_name],
+                            :name => security_group[:aws_group_name],
+                            :description => security_group[:aws_description],
+                            :owner_id => security_group[:aws_owner],
+                            :rules => rules
+                      }  )
+        end
+
         def convert_state(ec2_state)
           case ec2_state
             when "terminated"
@@ -717,12 +942,18 @@ module Deltacloud
           end
         end
 
-        def catched_exceptions_list
-          {
-            :auth => [ /AuthFailure/ ],
-            :error => [ /Aws::AwsError/, /Error/ ],
-            :glob => [ /AWS::(\w+)/, /Deltacloud::Runner::(\w+)/ ]
-          }
+        exceptions do
+          on /(AuthFailure|InvalidAccessKeyId)/ do
+            status 401
+          end
+
+          on /Error/ do
+            status 502
+          end
+
+          on /Deltacloud::Runner::(\w+)/ do
+            status 500
+          end
         end
 
       end