googlecloud 0.0.2 → 0.0.4

data/packages/gcutil-1.7.1/lib/google_compute_engine/gcutil/firewall_cmds.py

@@ -0,0 +1,344 @@
+# Copyright 2012 Google Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Commands for interacting with Google Compute Engine firewalls."""
+
+
+
+import socket
+
+from google.apputils import appcommands
+import gflags as flags
+
+from gcutil import command_base
+from gcutil import utils
+
+
+FLAGS = flags.FLAGS
+
+
+class FirewallCommand(command_base.GoogleComputeCommand):
+  """Base command for working with the firewalls collection."""
+
+  default_sort_field = 'name'
+  summary_fields = (('name', 'name'),
+                    ('description', 'description'),
+                    ('network', 'network'),
+                    ('source-ips', 'sourceRanges'),
+                    ('source-tags', 'sourceTags'),
+                    ('target-tags', 'targetTags'))
+
+  # The remaining complex fields are filled in via CustomizePrintResult
+  detail_fields = (('name', 'name'),
+                   ('description', 'description'),
+                   ('creation-time', 'creationTimestamp'),
+                   ('network', 'network'),
+                   ('source-ips', 'sourceRanges'),
+                   ('source-tags', 'sourceTags'),
+                   ('target-tags', 'targetTags'))
+
+  resource_collection_name = 'firewalls'
+
+  def __init__(self, name, flag_values):
+    super(FirewallCommand, self).__init__(name, flag_values)
+
+  def SetApi(self, api):
+    """Set the Google Compute Engine API for the command.
+
+    Args:
+      api: The Google Compute Engine API used by this command.
+
+    Returns:
+      None.
+
+    """
+    self._firewalls_api = api.firewalls()
+
+  def CustomizePrintResult(self, result, table):
+    """Customized result printing for this type.
+
+    Args:
+      result: json dictionary returned by the server
+      table: the pretty printing table to be customized
+
+    Returns:
+      None.
+
+    """
+    # Add the rules
+    for allowed in result.get('allowed', []):
+      as_string = str(allowed['IPProtocol'])
+      if allowed.get('ports'):
+        as_string += ': %s' % ', '.join(allowed['ports'])
+      table.AddRow(('allowed', as_string))
+
+
+class FirewallRules(object):
+  """Class representing the list of a firewall's rules.
+
+  This class is only used for parsing a firewall from command-line flags,
+  for printing the firewall, we simply dump the JSON.
+  """
+
+  @staticmethod
+  def ParsePortSpecs(port_spec_strings):
+    """Parse the port-specification portion of firewall rules.
+
+    This takes the value of the 'allowed' flag and builds the
+    corresponding firewall rules, excluding the 'source' fields.
+
+    Args:
+      port_spec_strings: A list of strings specifying the port-specific
+      components of a firewall rule. These are of the form
+      "(<protocol>)?(:<port>('-'<port>)?)?"
+
+    Returns:
+      A list of dict values containing a protocol string and a list
+      of port range strings. This is a substructure of the firewall
+      rule dictionaries, which additionally contain a 'source' field.
+
+    Raises:
+      ValueError: If any of the input strings are malformed.
+    """
+
+    def _AddToPortSpecs(protocol, port_string, port_specs):
+      """Ensure the specified rule for this protocol allows the given port(s).
+
+      If there is no port_string specified it implies all ports are allowed,
+      and whatever is in the port_specs map for that protocol get clobbered.
+      This method also makes sure that any protocol entry without a ports
+      member does not get further restricted.
+
+      Args:
+        protocol: The protocol under which the given port range is allowed.
+        port_string: The string specification of what ports are allowed.
+        port_specs: The mapping from protocols to firewall rules.
+      """
+      port_spec_entry = port_specs.setdefault(protocol,
+                                              {'IPProtocol': str(protocol),
+                                               'ports': []})
+      if 'ports' in port_spec_entry:
+        # We only handle the 'then' case because in the other case the
+        # existing entry already allows all ports.
+        if not port_string:
+          # A missing 'ports' field indicates all ports are allowed.
+          port_spec_entry.pop('ports')
+        else:
+          port_spec_entry['ports'].append(port_string)
+
+    port_specs = {}
+    for port_spec_string in port_spec_strings:
+      protocol = None
+      port_string = None
+      parts = port_spec_string.split(':')
+
+      if len(parts) > 2:
+        raise ValueError('Invalid allowed entry: %s' %
+                         port_spec_string)
+      elif len(parts) == 2:
+        if parts[0]:
+          protocol = utils.ParseProtocol(parts[0])
+        port_string = utils.ReplacePortNames(parts[1])
+      else:
+        protocol = utils.ParseProtocol(parts[0])
+
+      if protocol:
+        _AddToPortSpecs(protocol, port_string, port_specs)
+      else:
+        # Add entries for both UPD and TCP
+        _AddToPortSpecs(socket.getprotobyname('tcp'), port_string, port_specs)
+        _AddToPortSpecs(socket.getprotobyname('udp'), port_string, port_specs)
+
+    return port_specs.values()
+
+  def __init__(self, allowed, allowed_ip_sources):
+    self.port_specs = FirewallRules.ParsePortSpecs(allowed)
+    self.source_ranges = allowed_ip_sources
+    self.source_tags = []
+    self.target_tags = []
+
+  def SetTags(self, source_tags, target_tags):
+    self.source_tags = sorted(set(source_tags))
+    self.target_tags = sorted(set(target_tags))
+
+  def AddToFirewall(self, firewall):
+    if self.source_ranges:
+      firewall['sourceRanges'] = self.source_ranges
+    if self.source_tags:
+      firewall['sourceTags'] = self.source_tags
+    if self.target_tags:
+      firewall['targetTags'] = self.target_tags
+    firewall['allowed'] = self.port_specs
+
+
+class AddFirewall(FirewallCommand):
+  """Create a new firewall rule to allow incoming traffic for
+  instances on a given network.
+  """
+
+  positional_args = '<firewall-name>'
+
+  def __init__(self, name, flag_values):
+    super(AddFirewall, self).__init__(name, flag_values)
+    flags.DEFINE_string('description',
+                        '',
+                        'Firewall description',
+                        flag_values=flag_values)
+    flags.DEFINE_string('network',
+                        'default',
+                        'Which network to apply the firewall to.',
+                        flag_values=flag_values)
+    flags.DEFINE_list('allowed',
+                      None,
+                      'The set of allowed ports for this firewall. A list of '
+                      'specifications of the form '
+                      '"(<protocol>)?(\':\'<port>(\'-\'<port>)?)?" for allowing'
+                      ' packets through the firewall. Examples: '
+                      '"tcp:ssh", "udp:5000-6000", "tcp:80", or "icmp".',
+                      flag_values=flag_values)
+    flags.DEFINE_list('allowed_ip_sources',
+                      [],
+                      'The set of addresses allowed to talk to the '
+                      'protocols:ports listed in allowed (comma separated). '
+                      'If no ip or tag sources are listed, all sources '
+                      'will be allowed.',
+                      flag_values=flag_values)
+    flags.DEFINE_list('allowed_tag_sources',
+                      [],
+                      'The set of tagged instances allowed to talk to the '
+                      'protocols:ports listed in allowed (comma separated). '
+                      'If no tag or ip sources are listed, all sources will '
+                      'be allowed.',
+                      flag_values=flag_values)
+    flags.DEFINE_list('target_tags',
+                      [],
+                      'The set of tagged instances to apply the firewall to '
+                      '(comma separated).',
+                      flag_values=flag_values)
+
+  def Handle(self, firewall_name):
+    """Add the specified firewall.
+
+    Args:
+      firewall_name: The name of the firewall to add.
+
+    Returns:
+      The result of inserting the firewall.
+
+    Raises:
+      command_base.CommandError: If the passed flag values cannot be
+          interpreted.
+    """
+    if not self._flags.allowed:
+      raise command_base.CommandError(
+          'You must specify at least one rule through --allowed.')
+
+    firewall_resource = {
+        'kind': self._GetResourceApiKind('firewall'),
+        'name': self.DenormalizeResourceName(firewall_name),
+        'description': self._flags.description,
+        'rules': []
+        }
+
+    if self._flags.network is not None:
+      firewall_resource['network'] = (self.NormalizeGlobalResourceName(
+          self._project,
+          'networks',
+          self._flags.network))
+
+    if (not self._flags.allowed_ip_sources and
+        not self._flags.allowed_tag_sources):
+      self._flags.allowed_ip_sources.append('0.0.0.0/0')
+
+    try:
+      firewall_rules = FirewallRules(self._flags.allowed,
+                                     self._flags.allowed_ip_sources)
+      firewall_rules.SetTags(self._flags.allowed_tag_sources,
+                             self._flags.target_tags)
+      firewall_rules.AddToFirewall(firewall_resource)
+      firewall_request = self._firewalls_api.insert(project=self._project,
+                                                    body=firewall_resource)
+      return firewall_request.execute()
+    except ValueError, e:
+      raise command_base.CommandError(e)
+
+
+class GetFirewall(FirewallCommand):
+  """Get a firewall."""
+
+  positional_args = '<firewall-name>'
+
+  def __init__(self, name, flag_values):
+    super(GetFirewall, self).__init__(name, flag_values)
+
+  def Handle(self, firewall_name):
+    """Get the specified firewall.
+
+    Args:
+      firewall_name: The name of the firewall to get.
+
+    Returns:
+      The result of getting the firewall.
+    """
+    firewall_request = self._firewalls_api.get(
+        project=self._project,
+        firewall=self.DenormalizeResourceName(firewall_name))
+
+    return firewall_request.execute()
+
+
+class DeleteFirewall(FirewallCommand):
+  """Delete one or more firewall rules.
+
+  If multiple firewall names are specified, the firewalls will be deleted in
+  parallel.
+  """
+
+  positional_args = '<firewall-name-1> ... <firewall-name-n>'
+  safety_prompt = 'Delete firewall'
+
+  def __init__(self, name, flag_values):
+    super(DeleteFirewall, self).__init__(name, flag_values)
+
+  def Handle(self, *firewall_names):
+    """Delete the specified firewall.
+
+    Args:
+      *firewall_names: The names of the firewalls to delete.
+
+    Returns:
+      Tuple (results, exceptions) - results of deleting the firewalls.
+    """
+    requests = []
+    for name in firewall_names:
+      requests.append(self._firewalls_api.delete(
+          project=self._project,
+          firewall=self.DenormalizeResourceName(name)))
+    results, exceptions = self.ExecuteRequests(requests)
+    return (self.MakeListResult(results, 'operationList'), exceptions)
+
+
+class ListFirewalls(FirewallCommand, command_base.GoogleComputeListCommand):
+  """List the firewall rules for a project."""
+
+  def ListFunc(self):
+    """Returns the function for listing firewalls."""
+    return self._firewalls_api.list
+
+
+def AddCommands():
+  appcommands.AddCmd('addfirewall', AddFirewall)
+  appcommands.AddCmd('getfirewall', GetFirewall)
+  appcommands.AddCmd('deletefirewall', DeleteFirewall)
+  appcommands.AddCmd('listfirewalls', ListFirewalls)

data/packages/gcutil-1.7.1/lib/google_compute_engine/gcutil/firewall_cmds_test.py

@@ -0,0 +1,231 @@
+#!/usr/bin/python
+#
+# Copyright 2012 Google Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Unit tests for the firewall commands."""
+
+
+
+import path_initializer
+path_initializer.InitializeSysPath()
+
+import copy
+
+import gflags as flags
+import unittest
+
+from gcutil import command_base
+from gcutil import firewall_cmds
+from gcutil import mock_api
+
+FLAGS = flags.FLAGS
+
+
+class FirewallRulesTest(unittest.TestCase):
+  def testParsePortSpecs(self):
+    parse_port_specs = firewall_cmds.FirewallRules.ParsePortSpecs
+    self.assertRaises(ValueError, parse_port_specs, [''])
+    self.assertRaises(ValueError, parse_port_specs, ['foo'])
+    self.assertRaises(ValueError, parse_port_specs, ['foo:'])
+    self.assertRaises(ValueError, parse_port_specs, ['tcp:foo-bar'])
+    self.assertRaises(ValueError, parse_port_specs, ['tcp:http:https'])
+
+    self.assertEqual(parse_port_specs([]), [])
+    self.assertEqual(parse_port_specs(['tcp']),
+                     [{'IPProtocol': '6'}])
+    self.assertEqual(parse_port_specs(['6']),
+                     [{'IPProtocol': '6'}])
+    self.assertEqual(parse_port_specs(['tcp:80', 'tcp', 'tcp:ssh']),
+                     [{'IPProtocol': '6'}])
+    self.assertEqual(parse_port_specs(['tcp:ssh']),
+                     [{'IPProtocol': '6',
+                       'ports': ['22']}])
+    self.assertEqual(parse_port_specs([':ssh']),
+                     [{'IPProtocol': '17',
+                       'ports': ['22']},
+                      {'IPProtocol': '6',
+                       'ports': ['22']}])
+    self.assertEqual(parse_port_specs([':ssh']),
+                     parse_port_specs(['udp:ssh', 'tcp:ssh']))
+    self.assertEqual(parse_port_specs([':ssh', 'tcp:80']),
+                     [{'IPProtocol': '17',
+                       'ports': ['22']},
+                      {'IPProtocol': '6',
+                       'ports': ['22', '80']}])
+
+
+class FirewallCmdsTest(unittest.TestCase):
+
+  def _doAddFirewallGeneratesCorrectRequest(self, service_version,
+                                            allowed_ip_source):
+    flag_values = copy.deepcopy(FLAGS)
+
+    command = firewall_cmds.AddFirewall('addfirewall', flag_values)
+
+    expected_project = 'test_project'
+    expected_firewall = 'test_firewall'
+    submitted_network = 'test_network'
+    expected_description = 'test firewall'
+    flag_values.service_version = service_version
+    flag_values.project = expected_project
+    flag_values.description = expected_description
+    flag_values.network = submitted_network
+    flag_values.allowed = [':22']
+    if allowed_ip_source:
+      flag_values.allowed_ip_sources.append(allowed_ip_source)
+
+    command.SetFlags(flag_values)
+    command.SetApi(mock_api.MockApi())
+
+    expected_network = command.NormalizeGlobalResourceName(expected_project,
+                                                           'networks',
+                                                           submitted_network)
+
+    result = command.Handle(expected_firewall)
+
+    self.assertEqual(result['project'], expected_project)
+
+    response_body = result['body']
+    self.assertEqual(response_body['name'], expected_firewall)
+    self.assertEqual(response_body['network'], expected_network)
+    self.assertEqual(response_body['description'], expected_description)
+
+    self.assertEqual(response_body['sourceRanges'],
+                     [allowed_ip_source or '0.0.0.0/0'])
+    allowed = response_body['allowed']
+    self.assertEqual(len(allowed), 2)
+    used_protocols = set([x['IPProtocol'] for x in allowed])
+    self.assertEqual(used_protocols, set(['6', '17']))
+    self.assertEqual(allowed[0]['ports'], allowed[1]['ports'])
+    self.assertFalse('sourceTags' in response_body, response_body)
+    self.assertFalse('targetTags' in response_body, response_body)
+
+  def testAddFirewallGeneratesCorrectRequest(self):
+    for version in command_base.SUPPORTED_VERSIONS:
+      self._doAddFirewallGeneratesCorrectRequest(version, '10.10.10.10/0')
+
+  def testAddFirewallGeneratesCorrectRequestWithNoAllowedIpSource(self):
+    for version in command_base.SUPPORTED_VERSIONS:
+      self._doAddFirewallGeneratesCorrectRequest(version,
+                                                 allowed_ip_source=None)
+
+  def testGetFirewallGeneratesCorrectRequest(self):
+    flag_values = copy.deepcopy(FLAGS)
+
+    command = firewall_cmds.GetFirewall('getfirewall', flag_values)
+
+    expected_project = 'test_project'
+    expected_firewall = 'test_firewall'
+    flag_values.project = expected_project
+
+    command.SetFlags(flag_values)
+    command.SetApi(mock_api.MockApi())
+
+    result = command.Handle(expected_firewall)
+
+    self.assertEqual(result['project'], expected_project)
+    self.assertEqual(result['firewall'], expected_firewall)
+
+  def testDeleteFirewallGeneratesCorrectRequest(self):
+    flag_values = copy.deepcopy(FLAGS)
+
+    command = firewall_cmds.DeleteFirewall('deletefirewall', flag_values)
+
+    expected_project = 'test_project'
+    expected_firewall = 'test_firewall'
+    flag_values.project = expected_project
+
+    command.SetFlags(flag_values)
+    command.SetApi(mock_api.MockApi())
+    command._credential = mock_api.MockCredential()
+
+    results, exceptions = command.Handle(expected_firewall)
+    self.assertEqual(exceptions, [])
+    self.assertEqual(len(results['items']), 1)
+    result = results['items'][0]
+
+    self.assertEqual(result['project'], expected_project)
+    self.assertEqual(result['firewall'], expected_firewall)
+
+  def testDeleteMultipleFirewalls(self):
+    flag_values = copy.deepcopy(FLAGS)
+    command = firewall_cmds.DeleteFirewall('deletefirewall', flag_values)
+
+    expected_project = 'test_project'
+    expected_firewalls = ['test-firewalls-%02d' % x for x in xrange(100)]
+    flag_values.project = expected_project
+
+    command.SetFlags(flag_values)
+    command.SetApi(mock_api.MockApi())
+    command._credential = mock_api.MockCredential()
+
+    results, exceptions = command.Handle(*expected_firewalls)
+    self.assertEqual(exceptions, [])
+    results = results['items']
+    self.assertEqual(len(results), len(expected_firewalls))
+
+    for expected_firewall, result in zip(expected_firewalls, results):
+      self.assertEqual(result['project'], expected_project)
+      self.assertEqual(result['firewall'], expected_firewall)
+
+  def testAddtFirewallsWithTagsGeneratesCorrectRequest(self):
+    flag_values = copy.deepcopy(FLAGS)
+
+    command = firewall_cmds.AddFirewall('addfirewall', flag_values)
+
+    expected_project = 'test_project'
+    expected_firewall = 'test_firewall'
+    submitted_network = 'test_network'
+    expected_description = 'test firewall'
+    expected_source_tags = ['a', 'b']
+    expected_target_tags = ['c', 'd']
+    flag_values.service_version = 'v1beta13'
+    flag_values.project = expected_project
+    flag_values.description = expected_description
+    flag_values.network = submitted_network
+    flag_values.allowed = [':22']
+    flag_values.allowed_tag_sources = expected_source_tags
+    flag_values.target_tags = expected_target_tags * 2  # Create duplicates
+
+    command.SetFlags(flag_values)
+    command.SetApi(mock_api.MockApi())
+
+    expected_network = command.NormalizeGlobalResourceName(expected_project,
+                                                           'networks',
+                                                           submitted_network)
+
+    result = command.Handle(expected_firewall)
+
+    self.assertEqual(result['project'], expected_project)
+
+    response_body = result['body']
+    self.assertEqual(response_body['name'], expected_firewall)
+    self.assertEqual(response_body['network'], expected_network)
+    self.assertEqual(response_body['description'], expected_description)
+
+    allowed = response_body['allowed']
+    self.assertEqual(len(allowed), 2)
+    used_protocols = set([allowed[0]['IPProtocol'], allowed[1]['IPProtocol']])
+    self.assertEqual(used_protocols, set(['6', '17']))
+    self.assertEqual(allowed[0]['ports'], allowed[1]['ports'])
+    self.assertEqual(allowed[0]['ports'], ['22'])
+    self.assertTrue('sourceTags' in response_body)
+    self.assertTrue('targetTags' in response_body)
+    self.assertEqual(response_body['sourceTags'], expected_source_tags)
+    self.assertEqual(response_body['targetTags'], expected_target_tags)
+
+
+if __name__ == '__main__':
+  unittest.main()