[EC2 Query API] RevokeSecurityGroupIngress fails with 'EC2ResponseError'.

https://reviews.apache.org/r/8466/

[EC2 Query API] Provide DescribeKeyPairs Query API support in CS AWSAPI.
https://reviews.apache.org/r/8465/

awsapi/src/com/cloud/bridge/service/EC2RestServlet.java

@@ -676,48 +676,65 @@ public class EC2RestServlet extends HttpServlet {
         String[] groupName = request.getParameterValues( "GroupName" );
 		if ( null != groupName && 0 < groupName.length ) 
 			 EC2request.setName( groupName[0] );
-		else { response.sendError(530, "Missing GroupName parameter" ); return; }
+        else { response.sendError(530, "Missing GroupName parameter" ); return; }
 
-		EC2IpPermission perm = new EC2IpPermission();       	
+        // -> not clear how many parameters there are until we fail to get IpPermissions.n.IpProtocol
+        int nCount = 1, mCount;
+        do  {
+            EC2IpPermission perm = new EC2IpPermission();
 
-        String[] protocol = request.getParameterValues( "IpProtocol" );
-		if ( null != protocol && 0 < protocol.length ) 
-		     perm.setProtocol( protocol[0] );
-		else { response.sendError(530, "Missing IpProtocol parameter" ); return; }
+            String[] protocol = request.getParameterValues( "IpPermissions." + nCount + ".IpProtocol" );
+            if ( null != protocol && 0 < protocol.length )
+                perm.setProtocol( protocol[0]);
+            else break;
 
-        String[] fromPort = request.getParameterValues( "FromPort" );
-	    if ( null != fromPort && 0 < fromPort.length ) 
-	    	 perm.setProtocol( fromPort[0] );
-		else { response.sendError(530, "Missing FromPort parameter" ); return; }
+            String[] fromPort = request.getParameterValues( "IpPermissions." + nCount + ".FromPort" );
+            if ( null != fromPort && 0 < fromPort.length)
+                perm.setFromPort( Integer.parseInt( fromPort[0]));
 
-        String[] toPort = request.getParameterValues( "ToPort" );
-		if ( null != toPort && 0 < toPort.length ) 
-			 perm.setProtocol( toPort[0] );
-		else { response.sendError(530, "Missing ToPort parameter" ); return; }
-		    		    
-	    String[] ranges = request.getParameterValues( "CidrIp" );
-		if ( null != ranges && 0 < ranges.length) 
-		 	 perm.addIpRange( ranges[0] );
-		else { response.sendError(530, "Missing CidrIp parameter" ); return; }
-		
-	    String[] user = request.getParameterValues( "SourceSecurityGroupOwnerId" );
-		if ( null == user || 0 == user.length) { 
-		     response.sendError(530, "Missing SourceSecurityGroupOwnerId parameter" ); 
-		     return; 
-		}
-	
-		String[] name = request.getParameterValues( "SourceSecurityGroupName" );
-		if ( null == name || 0 == name.length) {
-		     response.sendError(530, "Missing SourceSecurityGroupName parameter" ); 
-		     return; 		
-		}
+            String[] toPort = request.getParameterValues( "IpPermissions." + nCount + ".ToPort" );
+            if ( null != toPort && 0 < toPort.length)
+                perm.setToPort( Integer.parseInt( toPort[0]));
+
+            // -> list: IpPermissions.n.IpRanges.m.CidrIp
+            mCount = 1;
+            do {
+                String[] ranges = request.getParameterValues( "IpPermissions." + nCount + ".IpRanges." + mCount + ".CidrIp" );
+                if ( null != ranges && 0 < ranges.length)
+                    perm.addIpRange( ranges[0]);
+                else break;
+                mCount++;
+            } while( true );
+
+            // -> list: IpPermissions.n.Groups.m.UserId and IpPermissions.n.Groups.m.GroupName
+            mCount = 1;
+            do {
+                EC2SecurityGroup group = new EC2SecurityGroup();
+
+                String[] user = request.getParameterValues( "IpPermissions." + nCount + ".Groups." + mCount + ".UserId" );
+                if ( null != user && 0 < user.length)
+                    group.setAccount( user[0]);
+                else break;
+
+                String[] name = request.getParameterValues( "IpPermissions." + nCount + ".Groups." + mCount + ".GroupName" );
+                if ( null != name && 0 < name.length)
+                    group.setName( name[0]);
+                else break;
+
+                perm.addUser( group);
+                mCount++;
+            } while( true );
+
+            // -> multiple IP permissions can be specified per group name
+            EC2request.addIpPermission( perm);
+            nCount++;
+        } while( true );
+
+        if (1 == nCount) {
+            response.sendError(530, "At least one IpPermissions required" );
+            return;
+        }
 
-		EC2SecurityGroup group = new EC2SecurityGroup();
-		group.setAccount( user[0] );
-		group.setName( name[0] );
-		perm.addUser( group );
-	    EC2request.addIpPermission( perm );	
-		
 	    // -> execute the request
         RevokeSecurityGroupIngressResponse EC2response = EC2SoapServiceImpl.toRevokeSecurityGroupIngressResponse( 
         		ServiceProvider.getInstance().getEC2Engine().revokeSecurityGroup( EC2request ));
@@ -732,7 +749,7 @@ public class EC2RestServlet extends HttpServlet {
         String[] groupName = request.getParameterValues( "GroupName" );
 		if ( null != groupName && 0 < groupName.length ) 
 			 EC2request.setName( groupName[0] );
-		else { response.sendError(530, "Missing GroupName parameter" ); return; }
+        else { response.sendError(530, "Missing GroupName parameter" ); return; }
 
 		// -> not clear how many parameters there are until we fail to get IpPermissions.n.IpProtocol
 		int nCount = 1;
@@ -754,7 +771,7 @@ public class EC2RestServlet extends HttpServlet {
 			int mCount = 1;
 	        do 
 	        {  String[] ranges = request.getParameterValues( "IpPermissions." + nCount + ".IpRanges." + mCount + ".CidrIp" );
-		       if ( null != ranges && 0 < ranges.length) 
+               if ( null != ranges && 0 < ranges.length)
 		    	    perm.addIpRange( ranges[0] );
 		       else break;
 		       mCount++;

awsapi/src/com/cloud/bridge/service/core/ec2/EC2Engine.java

@@ -709,58 +709,27 @@ public class EC2Engine {
 			throw new EC2ServiceException(ServerError.InternalError, e.getMessage());
 		}
 	}
+
 	/**
-	 * Lists SSH KeyPairs on the systme
+     * Lists SSH KeyPairs on the system
 	 * 
 	 * @param request
 	 * @return
 	 */
 	public EC2DescribeKeyPairsResponse describeKeyPairs( EC2DescribeKeyPairs request ) {
-		try {
-			EC2KeyPairFilterSet filterSet = request.getKeyFilterSet();
-			String[] keyNames = request.getKeyNames();
-			List<CloudStackKeyPair> keyPairs = getApi().listSSHKeyPairs(null, null, null);
-			List<EC2SSHKeyPair> keyPairsList = new ArrayList<EC2SSHKeyPair>();
-	
-			if (keyPairs != null) {
-				// Let's trim the list of keypairs to only the ones listed in keyNames
-			    List<CloudStackKeyPair> matchedKeyPairs = new ArrayList<CloudStackKeyPair>();
-				if (keyNames != null && keyNames.length > 0) {
-					for (CloudStackKeyPair keyPair : keyPairs) {
-						boolean matched = false;
-						for (String keyName : keyNames) {
-							if (keyPair.getName().equalsIgnoreCase(keyName)) {
-								matched = true;
-								break;
-							}
-						}
-						if (matched) {
-						    matchedKeyPairs.add(keyPair);
-						}
-					}
-	                if (matchedKeyPairs.isEmpty()) {
-	                    throw new EC2ServiceException(ServerError.InternalError, "No matching keypairs found");
-	                }
-				}else{
-				    matchedKeyPairs = keyPairs;
-				}
-	
-	
-				// this should be reworked... converting from CloudStackKeyPairResponse to EC2SSHKeyPair is dumb
-				for (CloudStackKeyPair respKeyPair: matchedKeyPairs) {
-					EC2SSHKeyPair ec2KeyPair = new EC2SSHKeyPair();
-					ec2KeyPair.setFingerprint(respKeyPair.getFingerprint());
-					ec2KeyPair.setKeyName(respKeyPair.getName());
-					ec2KeyPair.setPrivateKey(respKeyPair.getPrivatekey());
-					keyPairsList.add(ec2KeyPair);
-				}
-			}
-			return filterSet.evaluate(keyPairsList);
-		} catch(Exception e) {
-			logger.error("EC2 DescribeKeyPairs - ", e);
-			throw new EC2ServiceException(ServerError.InternalError, e.getMessage());
-		}
-	}
+        try {
+            EC2DescribeKeyPairsResponse response = listKeyPairs(request.getKeyNames());
+            EC2KeyPairFilterSet kfs = request.getKeyFilterSet();
+
+            if (kfs == null)
+                return response;
+            else
+                return kfs.evaluate(response);
+        } catch(Exception e) {
+            logger.error("EC2 DescribeKeyPairs - ", e);
+            throw new EC2ServiceException(ServerError.InternalError, e.getMessage());
+        }
+    }
 
 	/**
 	 * Delete SSHKeyPair
@@ -2075,6 +2044,38 @@ public class EC2Engine {
 		}
 			}
 
+    private EC2DescribeKeyPairsResponse listKeyPairs( String[] keyNames ) throws Exception {
+        try {
+            EC2DescribeKeyPairsResponse keyPairSet = new EC2DescribeKeyPairsResponse();
+
+            List<CloudStackKeyPair> keyPairs = getApi().listSSHKeyPairs(null, null, null);
+            if (keyPairs != null && keyPairs.size() > 0) {
+                for (CloudStackKeyPair keyPair : keyPairs) {
+                    boolean matched = false;
+                    if (keyNames.length > 0) {
+                        for (String keyName : keyNames) {
+                            if (keyName.equalsIgnoreCase(keyPair.getName())) {
+                                matched = true;
+                                break;
+                            }
+                        }
+                    } else matched = true;
+                    if (!matched) continue;
+                    EC2SSHKeyPair ec2KeyPair = new EC2SSHKeyPair();
+                    ec2KeyPair.setFingerprint(keyPair.getFingerprint());
+                    ec2KeyPair.setKeyName(keyPair.getName());
+                    ec2KeyPair.setPrivateKey(keyPair.getPrivatekey());
+
+                    keyPairSet.addKeyPair(ec2KeyPair);
+                }
+            }
+            return keyPairSet;
+        } catch(Exception e) {
+            logger.error( "List Keypairs - ", e);
+            throw new EC2ServiceException(ServerError.InternalError, e.getMessage());
+        }
+    }
+
 	/**
 	 * Convert ingress rule to EC2IpPermission records
 	 * 

awsapi/src/com/cloud/bridge/service/core/ec2/EC2KeyPairFilterSet.java

@@ -62,14 +62,14 @@ public class EC2KeyPairFilterSet {
 	}
 
 
-	public EC2DescribeKeyPairsResponse evaluate( List<EC2SSHKeyPair> sampleList) throws ParseException	{
+    public EC2DescribeKeyPairsResponse evaluate( EC2DescribeKeyPairsResponse response ) throws ParseException {
 		EC2DescribeKeyPairsResponse resultList = new EC2DescribeKeyPairsResponse();
 		
 		boolean matched;
 		
-		EC2SSHKeyPair[] keypairSet = sampleList.toArray(new EC2SSHKeyPair[0]);
+        EC2SSHKeyPair[] keyPairSet = response.getKeyPairSet();
 		EC2Filter[] filterSet = getFilterSet();
-		for (EC2SSHKeyPair keyPair : keypairSet) {
+        for (EC2SSHKeyPair keyPair : keyPairSet) {
 			matched = true;
 			for (EC2Filter filter : filterSet) {
 				if (!filterMatched(keyPair, filter)) {