Exemple #1
0
    def create(self, req, body):
        context = req.environ['engine.context']
        group_id = body['security_group_rule']['parent_group_id']

        self.compute_api.ensure_default_security_group(context)
        security_group = db.security_group_get(context, group_id)
        if not security_group:
            raise exception.SecurityGroupNotFound(security_group_id=group_id)

        msg = "Authorize security group ingress %s"
        LOG.audit(_(msg), security_group['name'], context=context)
        values = self._revoke_rule_args_to_dict(context,
                                                **body['security_group_rule'])
        if values is None:
            raise exception.ApiError(
                _("Not enough parameters to build a "
                  "valid rule."))
        values['parent_group_id'] = security_group.id

        if self._security_group_rule_exists(security_group, values):
            raise exception.ApiError(
                _('This rule already exists in group %s') % group_id)

        security_group_rule = db.security_group_rule_create(context, values)

        self.compute_api.trigger_security_group_rules_refresh(
            context, security_group_id=security_group['id'])

        return {
            'security_group_rule':
            self._format_security_group_rule(context, security_group_rule)
        }
Exemple #2
0
    def create(self, req, body):
        context = req.environ['engine.context']

        if not body:
            raise exc.HTTPUnprocessableEntity()

        if not 'security_group_rule' in body:
            raise exc.HTTPUnprocessableEntity()

        self.compute_api.ensure_default_security_group(context)

        sg_rule = body['security_group_rule']
        parent_group_id = sg_rule.get('parent_group_id', None)
        try:
            parent_group_id = int(parent_group_id)
            security_group = db.security_group_get(context, parent_group_id)
        except ValueError:
            msg = _("Parent group id is not integer")
            raise exc.HTTPBadRequest(explanation=msg)
        except exception.NotFound as exp:
            msg = _("Security group (%s) not found") % parent_group_id
            raise exc.HTTPNotFound(explanation=msg)

        msg = _("Authorize security group ingress %s")
        LOG.audit(msg, security_group['name'], context=context)

        try:
            values = self._rule_args_to_dict(context,
                              to_port=sg_rule.get('to_port'),
                              from_port=sg_rule.get('from_port'),
                              parent_group_id=sg_rule.get('parent_group_id'),
                              ip_protocol=sg_rule.get('ip_protocol'),
                              cidr=sg_rule.get('cidr'),
                              group_id=sg_rule.get('group_id'))
        except Exception as exp:
            raise exc.HTTPBadRequest(explanation=unicode(exp))

        if values is None:
            msg = _("Not enough parameters to build a "
                                       "valid rule.")
            raise exc.HTTPBadRequest(explanation=msg)

        values['parent_group_id'] = security_group.id

        if self._security_group_rule_exists(security_group, values):
            msg = _('This rule already exists in group %s') % parent_group_id
            raise exc.HTTPBadRequest(explanation=msg)

        security_group_rule = db.security_group_rule_create(context, values)

        self.compute_api.trigger_security_group_rules_refresh(context,
                                    security_group_id=security_group['id'])

        return {"security_group_rule": self._format_security_group_rule(
                                                        context,
                                                        security_group_rule)}
Exemple #3
0
 def setup_security_group(self, context):
     group_name = '%s%s' % (context.project_id, FLAGS.vpn_key_suffix)
     if db.security_group_exists(context, context.project_id, group_name):
         return group_name
     group = {'user_id': context.user_id,
              'project_id': context.project_id,
              'name': group_name,
              'description': 'Group for vpn'}
     group_ref = db.security_group_create(context, group)
     rule = {'parent_group_id': group_ref['id'],
             'cidr': '0.0.0.0/0',
             'protocol': 'udp',
             'from_port': 1194,
             'to_port': 1194}
     db.security_group_rule_create(context, rule)
     rule = {'parent_group_id': group_ref['id'],
             'cidr': '0.0.0.0/0',
             'protocol': 'icmp',
             'from_port': -1,
             'to_port': -1}
     db.security_group_rule_create(context, rule)
     # NOTE(vish): No need to trigger the group since the instance
     #             has not been run yet.
     return group_name
Exemple #4
0
    def create(self, req, body):
        context = req.environ["engine.context"]
        group_id = body["security_group_rule"]["parent_group_id"]

        self.compute_api.ensure_default_security_group(context)
        security_group = db.security_group_get(context, group_id)
        if not security_group:
            raise exception.SecurityGroupNotFound(security_group_id=group_id)

        msg = "Authorize security group ingress %s"
        LOG.audit(_(msg), security_group["name"], context=context)
        values = self._revoke_rule_args_to_dict(context, **body["security_group_rule"])
        if values is None:
            raise exception.ApiError(_("Not enough parameters to build a " "valid rule."))
        values["parent_group_id"] = security_group.id

        if self._security_group_rule_exists(security_group, values):
            raise exception.ApiError(_("This rule already exists in group %s") % group_id)

        security_group_rule = db.security_group_rule_create(context, values)

        self.compute_api.trigger_security_group_rules_refresh(context, security_group_id=security_group["id"])

        return {"security_group_rule": self._format_security_group_rule(context, security_group_rule)}