private function GetServerSecurityGroupsList(DBServer $DBServer, \Scalr\Service\CloudStack\CloudStack $csClient, Scalr_Governance $governance = null)
{
$retval = array();
$checkGroups = array();
$sgGovernance = false;
$allowAdditionalSgs = true;
if ($governance) {
$sgs = $governance->getValue($DBServer->platform, Scalr_Governance::CLOUDSTACK_SECURITY_GROUPS);
if ($sgs !== null) {
$governanceSecurityGroups = @explode(",", $sgs);
if (!empty($governanceSecurityGroups)) {
foreach ($governanceSecurityGroups as $sg) {
if ($sg != '') {
array_push($checkGroups, trim($sg));
}
}
}
if (!empty($checkGroups)) {
$sgGovernance = true;
}
$allowAdditionalSgs = $governance->getValue($DBServer->platform, Scalr_Governance::CLOUDSTACK_SECURITY_GROUPS, 'allow_additional_sec_groups');
}
}
if (!$sgGovernance || $allowAdditionalSgs) {
if ($DBServer->farmRoleId != 0) {
$dbFarmRole = $DBServer->GetFarmRoleObject();
if ($dbFarmRole->GetSetting(Entity\FarmRoleSetting::CLOUDSTACK_SECURITY_GROUPS_LIST) !== null) {
// New SG management
$sgs = @json_decode($dbFarmRole->GetSetting(Entity\FarmRoleSetting::CLOUDSTACK_SECURITY_GROUPS_LIST));
if (!empty($sgs)) {
foreach ($sgs as $sg) {
array_push($checkGroups, $sg);
}
}
}
} else {
array_push($checkGroups, 'scalr-rb-system');
}
}
try {
$sgroups = array();
$sgroupIds = array();
$list = $csClient->securityGroup->describe();
foreach ($list as $sg) {
/* @var $sg SecurityGroupData */
$sgroups[strtolower($sg->name)] = $sg;
$sgroupIds[strtolower($sg->id)] = $sg;
}
} catch (Exception $e) {
throw new Exception("GetServerSecurityGroupsList failed: {$e->getMessage()}");
}
foreach ($checkGroups as $groupName) {
// || !in_array($groupName, array('scalr-rb-system', 'default', \Scalr::config('scalr.aws.security_group_name')))
if (preg_match('/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/si', $groupName)) {
if (isset($sgroupIds[strtolower($groupName)])) {
$groupName = $sgroupIds[$groupName]->name;
} else {
throw new Exception(sprintf(_("Security group '%s' is not found (1)"), $groupName));
}
}
// Check default SG
if ($groupName == 'default') {
array_push($retval, $sgroups[$groupName]->id);
// Check Roles builder SG
} elseif ($groupName == 'scalr-rb-system' || $groupName == \Scalr::config('scalr.aws.security_group_name')) {
if (!isset($sgroups[strtolower($groupName)])) {
$request = new CreateSecurityGroupData($groupName);
$request->description = _("Scalr system security group");
$sg = $csClient->securityGroup->create($request);
$sgroups[strtolower($groupName)] = $sg;
$sgroupIds[strtolower($sg->id)] = $sg;
}
array_push($retval, $sgroups[$groupName]->id);
} else {
if (!isset($sgroups[strtolower($groupName)])) {
throw new Exception(sprintf(_("Security group '%s' is not found (2)"), $groupName));
} else {
array_push($retval, $sgroups[strtolower($groupName)]->id);
}
}
}
return $retval;
}