def test_unlimited_security_group_rules(self):
def fake_security_group_rule_count_by_group(context, sec_group_id):
return 0
self.stubs.Set(db, 'security_group_rule_count_by_group',
fake_security_group_rule_count_by_group)
self.flags(quota_security_group_rules=20)
rules = quota.allowed_security_group_rules(self.context, 1234, 100)
self.assertEqual(rules, 20)
db.quota_create(self.context, self.project_id, 'security_group_rules',
None)
rules = quota.allowed_security_group_rules(self.context, 1234, 100)
self.assertEqual(rules, 100)
rules = quota.allowed_security_group_rules(self.context, 1234, 101)
self.assertEqual(rules, 101)
def test_unlimited_security_group_rules(self):
def fake_security_group_rule_count_by_group(context, sec_group_id):
return 0
self.stubs.Set(db, 'security_group_rule_count_by_group',
fake_security_group_rule_count_by_group)
self.flags(quota_security_group_rules=20)
rules = quota.allowed_security_group_rules(self.context, 1234, 100)
self.assertEqual(rules, 20)
db.quota_create(self.context, self.project_id, 'security_group_rules',
None)
rules = quota.allowed_security_group_rules(self.context, 1234, 100)
self.assertEqual(rules, 100)
rules = quota.allowed_security_group_rules(self.context, 1234, 101)
self.assertEqual(rules, 101)
def create(self, req, body):
context = req.environ['nova.context']
authorize(context)
if not body:
raise exc.HTTPUnprocessableEntity()
if not 'security_group_rule' in body:
raise exc.HTTPUnprocessableEntity()
self.compute_api.ensure_default_security_group(context)
sg_rule = body['security_group_rule']
parent_group_id = sg_rule.get('parent_group_id', None)
try:
parent_group_id = int(parent_group_id)
security_group = db.security_group_get(context, parent_group_id)
except ValueError:
msg = _("Parent group id is not integer")
raise exc.HTTPBadRequest(explanation=msg)
except exception.NotFound as exp:
msg = _("Security group (%s) not found") % parent_group_id
raise exc.HTTPNotFound(explanation=msg)
msg = _("Authorize security group ingress %s")
LOG.audit(msg, security_group['name'], context=context)
try:
values = self._rule_args_to_dict(context,
to_port=sg_rule.get('to_port'),
from_port=sg_rule.get('from_port'),
parent_group_id=sg_rule.get('parent_group_id'),
ip_protocol=sg_rule.get('ip_protocol'),
cidr=sg_rule.get('cidr'),
group_id=sg_rule.get('group_id'))
except Exception as exp:
raise exc.HTTPBadRequest(explanation=unicode(exp))
if values is None:
msg = _("Not enough parameters to build a "
"valid rule.")
raise exc.HTTPBadRequest(explanation=msg)
values['parent_group_id'] = security_group.id
if self._security_group_rule_exists(security_group, values):
msg = _('This rule already exists in group %s') % parent_group_id
raise exc.HTTPBadRequest(explanation=msg)
allowed = quota.allowed_security_group_rules(context,
parent_group_id,
1)
if allowed < 1:
msg = _("Quota exceeded, too many security group rules.")
raise exc.HTTPBadRequest(explanation=msg)
security_group_rule = db.security_group_rule_create(context, values)
self.sgh.trigger_security_group_rule_create_refresh(
context, [security_group_rule['id']])
self.compute_api.trigger_security_group_rules_refresh(context,
security_group_id=security_group['id'])
return {"security_group_rule": self._format_security_group_rule(
context,
security_group_rule)}
def create(self, req, body):
context = req.environ['nova.context']
authorize(context)
if not body:
raise exc.HTTPUnprocessableEntity()
if not 'security_group_rule' in body:
raise exc.HTTPUnprocessableEntity()
self.compute_api.ensure_default_security_group(context)
sg_rule = body['security_group_rule']
parent_group_id = sg_rule.get('parent_group_id', None)
try:
parent_group_id = int(parent_group_id)
security_group = db.security_group_get(context, parent_group_id)
except ValueError:
msg = _("Parent group id is not integer")
raise exc.HTTPBadRequest(explanation=msg)
except exception.NotFound as exp:
msg = _("Security group (%s) not found") % parent_group_id
raise exc.HTTPNotFound(explanation=msg)
msg = _("Authorize security group ingress %s")
LOG.audit(msg, security_group['name'], context=context)
try:
values = self._rule_args_to_dict(
context,
to_port=sg_rule.get('to_port'),
from_port=sg_rule.get('from_port'),
parent_group_id=sg_rule.get('parent_group_id'),
ip_protocol=sg_rule.get('ip_protocol'),
cidr=sg_rule.get('cidr'),
group_id=sg_rule.get('group_id'))
except Exception as exp:
raise exc.HTTPBadRequest(explanation=unicode(exp))
if values is None:
msg = _("Not enough parameters to build a " "valid rule.")
raise exc.HTTPBadRequest(explanation=msg)
values['parent_group_id'] = security_group.id
if self._security_group_rule_exists(security_group, values):
msg = _('This rule already exists in group %s') % parent_group_id
raise exc.HTTPBadRequest(explanation=msg)
allowed = quota.allowed_security_group_rules(context, parent_group_id,
1)
if allowed < 1:
msg = _("Quota exceeded, too many security group rules.")
raise exc.HTTPBadRequest(explanation=msg)
security_group_rule = db.security_group_rule_create(context, values)
self.sgh.trigger_security_group_rule_create_refresh(
context, [security_group_rule['id']])
self.compute_api.trigger_security_group_rules_refresh(
context, security_group_id=security_group['id'])
return {
"security_group_rule":
self._format_security_group_rule(context, security_group_rule)
}
