def create(self, req, body): context = req.environ['engine.context'] group_id = body['security_group_rule']['parent_group_id'] self.compute_api.ensure_default_security_group(context) security_group = db.security_group_get(context, group_id) if not security_group: raise exception.SecurityGroupNotFound(security_group_id=group_id) msg = "Authorize security group ingress %s" LOG.audit(_(msg), security_group['name'], context=context) values = self._revoke_rule_args_to_dict(context, **body['security_group_rule']) if values is None: raise exception.ApiError( _("Not enough parameters to build a " "valid rule.")) values['parent_group_id'] = security_group.id if self._security_group_rule_exists(security_group, values): raise exception.ApiError( _('This rule already exists in group %s') % group_id) security_group_rule = db.security_group_rule_create(context, values) self.compute_api.trigger_security_group_rules_refresh( context, security_group_id=security_group['id']) return { 'security_group_rule': self._format_security_group_rule(context, security_group_rule) }
def create(self, req, body): context = req.environ['engine.context'] if not body: raise exc.HTTPUnprocessableEntity() if not 'security_group_rule' in body: raise exc.HTTPUnprocessableEntity() self.compute_api.ensure_default_security_group(context) sg_rule = body['security_group_rule'] parent_group_id = sg_rule.get('parent_group_id', None) try: parent_group_id = int(parent_group_id) security_group = db.security_group_get(context, parent_group_id) except ValueError: msg = _("Parent group id is not integer") raise exc.HTTPBadRequest(explanation=msg) except exception.NotFound as exp: msg = _("Security group (%s) not found") % parent_group_id raise exc.HTTPNotFound(explanation=msg) msg = _("Authorize security group ingress %s") LOG.audit(msg, security_group['name'], context=context) try: values = self._rule_args_to_dict(context, to_port=sg_rule.get('to_port'), from_port=sg_rule.get('from_port'), parent_group_id=sg_rule.get('parent_group_id'), ip_protocol=sg_rule.get('ip_protocol'), cidr=sg_rule.get('cidr'), group_id=sg_rule.get('group_id')) except Exception as exp: raise exc.HTTPBadRequest(explanation=unicode(exp)) if values is None: msg = _("Not enough parameters to build a " "valid rule.") raise exc.HTTPBadRequest(explanation=msg) values['parent_group_id'] = security_group.id if self._security_group_rule_exists(security_group, values): msg = _('This rule already exists in group %s') % parent_group_id raise exc.HTTPBadRequest(explanation=msg) security_group_rule = db.security_group_rule_create(context, values) self.compute_api.trigger_security_group_rules_refresh(context, security_group_id=security_group['id']) return {"security_group_rule": self._format_security_group_rule( context, security_group_rule)}
def setup_security_group(self, context): group_name = '%s%s' % (context.project_id, FLAGS.vpn_key_suffix) if db.security_group_exists(context, context.project_id, group_name): return group_name group = {'user_id': context.user_id, 'project_id': context.project_id, 'name': group_name, 'description': 'Group for vpn'} group_ref = db.security_group_create(context, group) rule = {'parent_group_id': group_ref['id'], 'cidr': '0.0.0.0/0', 'protocol': 'udp', 'from_port': 1194, 'to_port': 1194} db.security_group_rule_create(context, rule) rule = {'parent_group_id': group_ref['id'], 'cidr': '0.0.0.0/0', 'protocol': 'icmp', 'from_port': -1, 'to_port': -1} db.security_group_rule_create(context, rule) # NOTE(vish): No need to trigger the group since the instance # has not been run yet. return group_name
def create(self, req, body): context = req.environ["engine.context"] group_id = body["security_group_rule"]["parent_group_id"] self.compute_api.ensure_default_security_group(context) security_group = db.security_group_get(context, group_id) if not security_group: raise exception.SecurityGroupNotFound(security_group_id=group_id) msg = "Authorize security group ingress %s" LOG.audit(_(msg), security_group["name"], context=context) values = self._revoke_rule_args_to_dict(context, **body["security_group_rule"]) if values is None: raise exception.ApiError(_("Not enough parameters to build a " "valid rule.")) values["parent_group_id"] = security_group.id if self._security_group_rule_exists(security_group, values): raise exception.ApiError(_("This rule already exists in group %s") % group_id) security_group_rule = db.security_group_rule_create(context, values) self.compute_api.trigger_security_group_rules_refresh(context, security_group_id=security_group["id"]) return {"security_group_rule": self._format_security_group_rule(context, security_group_rule)}