/** * Loads IpPermissionList from simple xml object * * @param \SimpleXMLElement $sxml * @return IpPermissionList Returns IpPermissionList */ protected function _loadIpPermissionList(\SimpleXMLElement $sxml) { $list = new IpPermissionList(); $list->setEc2($this->ec2); if (!empty($sxml->item)) { foreach ($sxml->item as $v) { $item = new IpPermissionData(); $item->setEc2($this->ec2); $item->ipProtocol = $this->exist($v->ipProtocol) ? (string) $v->ipProtocol : null; $item->fromPort = $this->exist($v->fromPort) ? (int) $v->fromPort : null; $item->toPort = $this->exist($v->toPort) ? (int) $v->toPort : null; $item->setGroups($this->_loadUserIdGroupPairList($v->groups)); $item->setIpRanges($this->_loadIpRangeList($v->ipRanges)); $list->append($item); unset($item); } } return $list; }
private function saveGroupRulesEc2($platform, $cloudLocation, $securityGroupId, $rules, $action) { $sgService = $this->getPlatformService($platform, $cloudLocation); $ipPermissionList = new IpPermissionList(); foreach ($rules['rules'] as $rule) { $ipPermissionList->append(new IpPermissionData($rule['ipProtocol'], $rule['fromPort'], $rule['toPort'], new IpRangeList(new IpRangeData($rule['cidrIp'])), null)); } foreach ($rules['sgRules'] as $rule) { $chunks = explode("/", $rule['sg']); $userId = $chunks[0]; $name = $chunks[1]; $sgId = null; if (substr($name, 0, 3) == 'sg-') { $sgId = $name; $name = null; } $ipPermissionList->append(new IpPermissionData($rule['ipProtocol'], $rule['fromPort'], $rule['toPort'], null, new UserIdGroupPairList(new UserIdGroupPairData($userId, $sgId, $name)))); } if ($action == 'add') { $sgService->authorizeIngress($ipPermissionList, $securityGroupId); } else { $sgService->revokeIngress($ipPermissionList, $securityGroupId); } }
private function updateRules($platform, $cloudLocation, $securityGroupId, $rules, $method) { $cloudInstance = $this->getCloudInstance($platform, $cloudLocation); $ipPermissionList = new IpPermissionList(); foreach ($rules['rules'] as $rule) { $ipPermissionList->append(new IpPermissionData($rule['ipProtocol'], $rule['fromPort'], $rule['toPort'], new IpRangeList(new IpRangeData($rule['cidrIp'])), null)); } foreach ($rules['sgRules'] as $rule) { $chunks = explode("/", $rule['sg']); $userId = $chunks[0]; $name = $chunks[1]; $ipPermissionList->append(new IpPermissionData($rule['ipProtocol'], $rule['fromPort'], $rule['toPort'], null, new UserIdGroupPairList(new UserIdGroupPairData($userId, null, $name)))); } if ($method == 'add') { $cloudInstance->ec2->securityGroup->authorizeIngress($ipPermissionList, $securityGroupId); } else { $cloudInstance->ec2->securityGroup->revokeIngress($ipPermissionList, $securityGroupId); } }
private function saveGroupRulesEc2($platform, $cloudLocation, $groupData, $rules, $action) { $securityGroupId = $groupData['id']; $sgService = $this->getPlatformService($platform, $cloudLocation); $ipPermissionListIngress = new IpPermissionList(); $ipPermissionListEgress = new IpPermissionList(); foreach ($rules['rules'] as $rule) { $item = new IpPermissionData($rule['ipProtocol'] == 'ANY' ? '-1' : $rule['ipProtocol'], $rule['fromPort'], $rule['toPort'], new IpRangeList(new IpRangeData($rule['cidrIp'])), null); if ($rule['type'] == self::OUTBOUND_RULE) { $ipPermissionListEgress->append($item); } else { $ipPermissionListIngress->append($item); } } foreach ($rules['sgRules'] as $rule) { $chunks = explode("/", $rule['sg']); $userId = $chunks[0]; $name = $chunks[1]; $sgId = null; if (substr($name, 0, 3) == 'sg-') { $sgId = $name; $name = null; } $item = new IpPermissionData($rule['ipProtocol'] == 'ANY' ? '-1' : $rule['ipProtocol'], $rule['fromPort'], $rule['toPort'], null, new UserIdGroupPairList(new UserIdGroupPairData($userId, $sgId, $name))); if ($rule['type'] == self::OUTBOUND_RULE) { $ipPermissionListEgress->append($item); } else { $ipPermissionListIngress->append($item); } } if ($action == 'add') { if (count($ipPermissionListIngress)) { $sgService->authorizeIngress($ipPermissionListIngress, $securityGroupId); } if (count($ipPermissionListEgress)) { $sgService->authorizeEgress($ipPermissionListEgress, $securityGroupId); } } else { if (count($ipPermissionListIngress)) { $sgService->revokeIngress($ipPermissionListIngress, $securityGroupId); } if (count($ipPermissionListEgress)) { $sgService->revokeEgress($ipPermissionListEgress, $securityGroupId); } } }