/**
* Loads IpPermissionList from simple xml object
*
* @param \SimpleXMLElement $sxml
* @return IpPermissionList Returns IpPermissionList
*/
protected function _loadIpPermissionList(\SimpleXMLElement $sxml)
{
$list = new IpPermissionList();
$list->setEc2($this->ec2);
if (!empty($sxml->item)) {
foreach ($sxml->item as $v) {
$item = new IpPermissionData();
$item->setEc2($this->ec2);
$item->ipProtocol = $this->exist($v->ipProtocol) ? (string) $v->ipProtocol : null;
$item->fromPort = $this->exist($v->fromPort) ? (int) $v->fromPort : null;
$item->toPort = $this->exist($v->toPort) ? (int) $v->toPort : null;
$item->setGroups($this->_loadUserIdGroupPairList($v->groups));
$item->setIpRanges($this->_loadIpRangeList($v->ipRanges));
$list->append($item);
unset($item);
}
}
return $list;
}
private function saveGroupRulesEc2($platform, $cloudLocation, $securityGroupId, $rules, $action)
{
$sgService = $this->getPlatformService($platform, $cloudLocation);
$ipPermissionList = new IpPermissionList();
foreach ($rules['rules'] as $rule) {
$ipPermissionList->append(new IpPermissionData($rule['ipProtocol'], $rule['fromPort'], $rule['toPort'], new IpRangeList(new IpRangeData($rule['cidrIp'])), null));
}
foreach ($rules['sgRules'] as $rule) {
$chunks = explode("/", $rule['sg']);
$userId = $chunks[0];
$name = $chunks[1];
$sgId = null;
if (substr($name, 0, 3) == 'sg-') {
$sgId = $name;
$name = null;
}
$ipPermissionList->append(new IpPermissionData($rule['ipProtocol'], $rule['fromPort'], $rule['toPort'], null, new UserIdGroupPairList(new UserIdGroupPairData($userId, $sgId, $name))));
}
if ($action == 'add') {
$sgService->authorizeIngress($ipPermissionList, $securityGroupId);
} else {
$sgService->revokeIngress($ipPermissionList, $securityGroupId);
}
}
private function updateRules($platform, $cloudLocation, $securityGroupId, $rules, $method)
{
$cloudInstance = $this->getCloudInstance($platform, $cloudLocation);
$ipPermissionList = new IpPermissionList();
foreach ($rules['rules'] as $rule) {
$ipPermissionList->append(new IpPermissionData($rule['ipProtocol'], $rule['fromPort'], $rule['toPort'], new IpRangeList(new IpRangeData($rule['cidrIp'])), null));
}
foreach ($rules['sgRules'] as $rule) {
$chunks = explode("/", $rule['sg']);
$userId = $chunks[0];
$name = $chunks[1];
$ipPermissionList->append(new IpPermissionData($rule['ipProtocol'], $rule['fromPort'], $rule['toPort'], null, new UserIdGroupPairList(new UserIdGroupPairData($userId, null, $name))));
}
if ($method == 'add') {
$cloudInstance->ec2->securityGroup->authorizeIngress($ipPermissionList, $securityGroupId);
} else {
$cloudInstance->ec2->securityGroup->revokeIngress($ipPermissionList, $securityGroupId);
}
}
private function saveGroupRulesEc2($platform, $cloudLocation, $groupData, $rules, $action)
{
$securityGroupId = $groupData['id'];
$sgService = $this->getPlatformService($platform, $cloudLocation);
$ipPermissionListIngress = new IpPermissionList();
$ipPermissionListEgress = new IpPermissionList();
foreach ($rules['rules'] as $rule) {
$item = new IpPermissionData($rule['ipProtocol'] == 'ANY' ? '-1' : $rule['ipProtocol'], $rule['fromPort'], $rule['toPort'], new IpRangeList(new IpRangeData($rule['cidrIp'])), null);
if ($rule['type'] == self::OUTBOUND_RULE) {
$ipPermissionListEgress->append($item);
} else {
$ipPermissionListIngress->append($item);
}
}
foreach ($rules['sgRules'] as $rule) {
$chunks = explode("/", $rule['sg']);
$userId = $chunks[0];
$name = $chunks[1];
$sgId = null;
if (substr($name, 0, 3) == 'sg-') {
$sgId = $name;
$name = null;
}
$item = new IpPermissionData($rule['ipProtocol'] == 'ANY' ? '-1' : $rule['ipProtocol'], $rule['fromPort'], $rule['toPort'], null, new UserIdGroupPairList(new UserIdGroupPairData($userId, $sgId, $name)));
if ($rule['type'] == self::OUTBOUND_RULE) {
$ipPermissionListEgress->append($item);
} else {
$ipPermissionListIngress->append($item);
}
}
if ($action == 'add') {
if (count($ipPermissionListIngress)) {
$sgService->authorizeIngress($ipPermissionListIngress, $securityGroupId);
}
if (count($ipPermissionListEgress)) {
$sgService->authorizeEgress($ipPermissionListEgress, $securityGroupId);
}
} else {
if (count($ipPermissionListIngress)) {
$sgService->revokeIngress($ipPermissionListIngress, $securityGroupId);
}
if (count($ipPermissionListEgress)) {
$sgService->revokeEgress($ipPermissionListEgress, $securityGroupId);
}
}
}
