Juniper · yatinkumbhare · Feb 4, 2015 · Feb 13, 2015
diff --git a/nova/api/ec2/vpc.py b/nova/api/ec2/vpc.py
@@ -1128,16 +1128,16 @@ def _populate_default_rule(self, direction, rule_idx, action):
 
         port_range = {'start_port': 0, 'end_port': 65535}
         rule = {'direction': '>', 'protocol': 'any',
-                'dst_addresses': [dst], 'action_list': None,
-                'rule_uuid': rule_uuid, 'dst_ports': [port_range],
-                'application': [], 'action_list': {'simple_action': action},
+                'dst_addresses': [dst], 'rule_uuid': rule_uuid,
+                'dst_ports': [port_range], 'application': [],
+                'action_list': {'simple_action': action},
                 'rule_sequence': None, 'src_addresses': [src],
                 'src_ports': [port_range]}
 
         return rule
 
     def create_network_acl(self, context, **kwargs):
-        vpc_id = kwargs.get('vpc_id')[0]
+        vpc_id = kwargs.get('vpc_id')
 
         # get project id
         tenant_id = self._get_tenantid_from_vpcid(vpc_id, context)
@@ -1252,8 +1252,13 @@ def delete_network_acl(self, context, **kwargs):
         return {'return': 'true'}
 
     def describe_network_acls(self, context, **kwargs):
-        if 'acl_id' in kwargs:
-            acl_id = kwargs.get('acl_id')
+        if 'filter' in kwargs:
+            filters = kwargs['filter']
+        else:
+            filters = []
+
+        if 'network_acl_id' in kwargs:
+            acl_id = kwargs.get('network_acl_id')[0]
         acls = []
 
         neutron = neutronv2.get_client(context)
@@ -1264,16 +1269,16 @@ def describe_network_acls(self, context, **kwargs):
 
         for pol in policys['policys']:
             acl = {}
-            if 'acl_id' in kwargs and pol['name'] != acl_id:
+            if 'network_acl_id' in kwargs and pol['name'] != acl_id:
                 continue
             if not pol['name'].startswith('acl-'):
                 continue
 
             acl['vpc_id'] = pol['fq_name'][1]
-            acl['default'] = 'false'
+            acl['default'] = 'False'
             acl['network_acl_id'] = pol['name']
             if pol['name'] == 'acl-default':
-                acl['default'] = 'true'
+                acl['default'] = 'True'
             acl['entrySet'] = []
 
             if pol['entries'] and 'policy_rule' in pol['entries']:
@@ -1291,7 +1296,7 @@ def describe_network_acls(self, context, **kwargs):
                         entry['ruleAction'] = 'allow'
 
                     if rule['rule_uuid'].startswith('egress-'):
-                        entry['egress'] = 'true'
+                        entry['egress'] = True
                         entry['portRange'] = {
                             'from': rule['dst_ports'][0]['start_port'],
                             'to': rule['dst_ports'][0]['end_port']}
@@ -1300,7 +1305,7 @@ def describe_network_acls(self, context, **kwargs):
                             str(cidr['ip_prefix_len'])
                         entry['cidrBlock'] = cidr_str
                     else:
-                        entry['egress'] = 'false'
+                        entry['egress'] = False
                         cidr = rule['src_addresses'][0]['subnet']
                         cidr_str = cidr['ip_prefix'] + '/' + \
                             str(cidr['ip_prefix_len'])
@@ -1329,6 +1334,80 @@ def describe_network_acls(self, context, **kwargs):
                         acl['associationSet'].append(assoc)
 
             acls.append(acl)
+        # check for passed filters
+        idx_to_delete = []
+        for idx, entry in enumerate(acls):
+            for filter_entry in filters:
+                if filter_entry['name'] == 'vpc-id':
+                    vpc_id = filter_entry['value']['1']
+                    if entry['vpc_id'] != vpc_id:
+                        idx_to_delete.append(idx)
+                if filter_entry['name'] == 'network-acl-ids':
+                    acl_id = filter_entry['value']['1']
+                    if entry['network_acl_id'] != acl_id:
+                        idx_to_delete.append(idx)
+                if filter_entry['name'] == 'association.subnet-id':
+                    subnet_id = filter_entry['value']['1']
+                    if ('associationSet' not in entry or
+                        entry['associationSet'][0]['subnetId'] != subnet_id):
+                        idx_to_delete.append(idx)
+                if filter_entry['name'] == 'association.association-id':
+                    assoc_id = filter_entry['value']['1']
+                    if ('associationSet' not in entry or
+                        entry['associationSet'][0]['networkAclAssociationId']
+                        != assoc_id):
+                        idx_to_delete.append(idx)
+                if filter_entry['name'] == 'default':
+                    default = filter_entry['value']['1']
+                    if str(default) not in entry['default']:
+                        idx_to_delete.append(idx)
+                if filter_entry['name'] == 'entry.protocol':
+                    protocol = filter_entry['value']['1']
+                    result = [ True for rule in entry['entrySet']
+                              if protocol == rule['protocol']]
+                    if not result:
+                        idx_to_delete.append(idx)
+                if filter_entry['name'] == 'entry.cidr':
+                    cidr = filter_entry['value']['1']
+                    result = [ True for rule in entry['entrySet']
+                              if cidr == rule['cidrBlock']]
+                    if not result:
+                        idx_to_delete.append(idx)
+                if filter_entry['name'] == 'entry.rule-number':
+                    rule_number = filter_entry['value']['1']
+                    result = [ True for rule in entry['entrySet']
+                              if rule_number == int(rule['ruleNumber'])]
+                    if not result:
+                        idx_to_delete.append(idx)
+                if filter_entry['name'] == 'entry.rule-action':
+                    rule_action = filter_entry['value']['1']
+                    result = [ True for rule in entry['entrySet']
+                              if rule_action == rule['ruleAction']]
+                    if not result:
+                        idx_to_delete.append(idx)
+                if filter_entry['name'] == 'entry.port-range.from':
+                    port_range_from = filter_entry['value']['1']
+                    result = [ True for rule in entry['entrySet']
+                              if port_range_from == int(rule['portRange']['from'])]
+                    if not result:
+                        idx_to_delete.append(idx)
+                if filter_entry['name'] == 'entry.port-range.to':
+                    port_range_to = filter_entry['value']['1']
+                    result = [ True for rule in entry['entrySet']
+                              if port_range_to == int(rule['portRange']['to'])]
+                    if not result:
+                        idx_to_delete.append(idx)
+                if filter_entry['name'] == 'entry.egress':
+                    egress = filter_entry['value']['1']
+                    result = [ True for rule in entry['entrySet']
+                              if egress == rule['egress']]
+                    if not result:
+                        idx_to_delete.append(idx)
+
+        # removing records, not matching filters
+        idx_to_delete = list(set(idx_to_delete))
+        for idx in idx_to_delete[::-1]:
+            del acls[idx]
 
         return {'networkAclSet': acls}