def _create_default_security_group(context, net_driver):
default_group = {
"name": "default",
"description": "",
"group_id": DEFAULT_SG_UUID,
"port_egress_rules": [],
"port_ingress_rules": [
{"ethertype": "IPv4", "protocol": 1},
{"ethertype": "IPv4", "protocol": 6},
{"ethertype": "IPv4", "protocol": 17},
{"ethertype": "IPv6", "protocol": 1},
{"ethertype": "IPv6", "protocol": 6},
{"ethertype": "IPv6", "protocol": 17},
],
}
net_driver.create_security_group(context, "default", **default_group)
default_group["id"] = DEFAULT_SG_UUID
default_group["tenant_id"] = context.tenant_id
for rule in default_group.pop("port_ingress_rules"):
db_api.security_group_rule_create(
context, security_group_id=default_group["id"], tenant_id=context.tenant_id, direction="ingress", **rule
)
db_api.security_group_create(context, **default_group)
def _create_default_security_group(context):
default_group = {
"name":
"default",
"description":
"",
"group_id":
DEFAULT_SG_UUID,
"port_egress_rules": [],
"port_ingress_rules": [
{
"ethertype": "IPv4",
"protocol": 1
},
{
"ethertype": "IPv4",
"protocol": 6
},
{
"ethertype": "IPv4",
"protocol": 17
},
{
"ethertype": "IPv6",
"protocol": 1
},
{
"ethertype": "IPv6",
"protocol": 6
},
{
"ethertype": "IPv6",
"protocol": 17
},
]
}
net_driver.create_security_group(context, "default", **default_group)
default_group["id"] = DEFAULT_SG_UUID
default_group["tenant_id"] = context.tenant_id
for rule in default_group.pop("port_ingress_rules"):
db_api.security_group_rule_create(
context,
security_group_id=default_group["id"],
tenant_id=context.tenant_id,
direction="ingress",
**rule)
db_api.security_group_create(context, **default_group)
def create_security_group_rule(context, security_group_rule):
"""Creates a rule and updates the ports (async) if enabled."""
LOG.info("create_security_group for tenant %s" % (context.tenant_id))
with context.session.begin():
rule = _validate_security_group_rule(
context, security_group_rule["security_group_rule"])
rule["id"] = uuidutils.generate_uuid()
group_id = rule["security_group_id"]
group = db_api.security_group_find(context,
id=group_id,
scope=db_api.ONE)
if not group:
raise sg_ext.SecurityGroupNotFound(id=group_id)
quota.QUOTAS.limit_check(
context,
context.tenant_id,
security_rules_per_group=len(group.get("rules", [])) + 1)
new_rule = db_api.security_group_rule_create(context, **rule)
if group:
_perform_async_update_rule(context, group_id, group, new_rule.id,
RULE_CREATE)
return v._make_security_group_rule_dict(new_rule)
def create_security_group_rule(context, security_group_rule):
LOG.info("create_security_group for tenant %s" % (context.tenant_id))
with context.session.begin():
rule = _validate_security_group_rule(context, security_group_rule["security_group_rule"])
rule["id"] = uuidutils.generate_uuid()
group_id = rule["security_group_id"]
group = db_api.security_group_find(context, id=group_id, scope=db_api.ONE)
if not group:
raise sg_ext.SecurityGroupNotFound(id=group_id)
quota.QUOTAS.limit_check(context, context.tenant_id, security_rules_per_group=len(group.get("rules", [])) + 1)
new_rule = db_api.security_group_rule_create(context, **rule)
return v._make_security_group_rule_dict(new_rule)
def create_security_group_rule(context, security_group_rule):
LOG.info("create_security_group for tenant %s" % (context.tenant_id))
rule = _validate_security_group_rule(
context, security_group_rule["security_group_rule"])
rule["id"] = uuidutils.generate_uuid()
group_id = rule["security_group_id"]
group = db_api.security_group_find(context, id=group_id, scope=db_api.ONE)
if not group:
raise sg_ext.SecurityGroupNotFound(group_id=group_id)
quota.QUOTAS.limit_check(
context,
context.tenant_id,
security_rules_per_group=len(group.get("rules", [])) + 1)
net_driver.create_security_group_rule(context, group_id, rule)
return v._make_security_group_rule_dict(
db_api.security_group_rule_create(context, **rule))
def create_security_group_rule(context, security_group_rule):
"""Creates a rule and updates the ports (async) if enabled."""
LOG.info("create_security_group for tenant %s" %
(context.tenant_id))
with context.session.begin():
rule = _validate_security_group_rule(
context, security_group_rule["security_group_rule"])
rule["id"] = uuidutils.generate_uuid()
group_id = rule["security_group_id"]
group = db_api.security_group_find(context, id=group_id,
scope=db_api.ONE)
if not group:
raise sg_ext.SecurityGroupNotFound(id=group_id)
quota.QUOTAS.limit_check(
context, context.tenant_id,
security_rules_per_group=len(group.get("rules", [])) + 1)
new_rule = db_api.security_group_rule_create(context, **rule)
if group:
_perform_async_update_rule(context, group_id, group, new_rule.id,
RULE_CREATE)
return v._make_security_group_rule_dict(new_rule)