def create(self, req, body):
context = req.environ['engine.context']
group_id = body['security_group_rule']['parent_group_id']
self.compute_api.ensure_default_security_group(context)
security_group = db.security_group_get(context, group_id)
if not security_group:
raise exception.SecurityGroupNotFound(security_group_id=group_id)
msg = "Authorize security group ingress %s"
LOG.audit(_(msg), security_group['name'], context=context)
values = self._revoke_rule_args_to_dict(context,
**body['security_group_rule'])
if values is None:
raise exception.ApiError(
_("Not enough parameters to build a "
"valid rule."))
values['parent_group_id'] = security_group.id
if self._security_group_rule_exists(security_group, values):
raise exception.ApiError(
_('This rule already exists in group %s') % group_id)
security_group_rule = db.security_group_rule_create(context, values)
self.compute_api.trigger_security_group_rules_refresh(
context, security_group_id=security_group['id'])
return {
'security_group_rule':
self._format_security_group_rule(context, security_group_rule)
}
def create(self, req, body):
context = req.environ['engine.context']
if not body:
raise exc.HTTPUnprocessableEntity()
if not 'security_group_rule' in body:
raise exc.HTTPUnprocessableEntity()
self.compute_api.ensure_default_security_group(context)
sg_rule = body['security_group_rule']
parent_group_id = sg_rule.get('parent_group_id', None)
try:
parent_group_id = int(parent_group_id)
security_group = db.security_group_get(context, parent_group_id)
except ValueError:
msg = _("Parent group id is not integer")
raise exc.HTTPBadRequest(explanation=msg)
except exception.NotFound as exp:
msg = _("Security group (%s) not found") % parent_group_id
raise exc.HTTPNotFound(explanation=msg)
msg = _("Authorize security group ingress %s")
LOG.audit(msg, security_group['name'], context=context)
try:
values = self._rule_args_to_dict(context,
to_port=sg_rule.get('to_port'),
from_port=sg_rule.get('from_port'),
parent_group_id=sg_rule.get('parent_group_id'),
ip_protocol=sg_rule.get('ip_protocol'),
cidr=sg_rule.get('cidr'),
group_id=sg_rule.get('group_id'))
except Exception as exp:
raise exc.HTTPBadRequest(explanation=unicode(exp))
if values is None:
msg = _("Not enough parameters to build a "
"valid rule.")
raise exc.HTTPBadRequest(explanation=msg)
values['parent_group_id'] = security_group.id
if self._security_group_rule_exists(security_group, values):
msg = _('This rule already exists in group %s') % parent_group_id
raise exc.HTTPBadRequest(explanation=msg)
security_group_rule = db.security_group_rule_create(context, values)
self.compute_api.trigger_security_group_rules_refresh(context,
security_group_id=security_group['id'])
return {"security_group_rule": self._format_security_group_rule(
context,
security_group_rule)}
def setup_security_group(self, context):
group_name = '%s%s' % (context.project_id, FLAGS.vpn_key_suffix)
if db.security_group_exists(context, context.project_id, group_name):
return group_name
group = {'user_id': context.user_id,
'project_id': context.project_id,
'name': group_name,
'description': 'Group for vpn'}
group_ref = db.security_group_create(context, group)
rule = {'parent_group_id': group_ref['id'],
'cidr': '0.0.0.0/0',
'protocol': 'udp',
'from_port': 1194,
'to_port': 1194}
db.security_group_rule_create(context, rule)
rule = {'parent_group_id': group_ref['id'],
'cidr': '0.0.0.0/0',
'protocol': 'icmp',
'from_port': -1,
'to_port': -1}
db.security_group_rule_create(context, rule)
# NOTE(vish): No need to trigger the group since the instance
# has not been run yet.
return group_name
def create(self, req, body):
context = req.environ["engine.context"]
group_id = body["security_group_rule"]["parent_group_id"]
self.compute_api.ensure_default_security_group(context)
security_group = db.security_group_get(context, group_id)
if not security_group:
raise exception.SecurityGroupNotFound(security_group_id=group_id)
msg = "Authorize security group ingress %s"
LOG.audit(_(msg), security_group["name"], context=context)
values = self._revoke_rule_args_to_dict(context, **body["security_group_rule"])
if values is None:
raise exception.ApiError(_("Not enough parameters to build a " "valid rule."))
values["parent_group_id"] = security_group.id
if self._security_group_rule_exists(security_group, values):
raise exception.ApiError(_("This rule already exists in group %s") % group_id)
security_group_rule = db.security_group_rule_create(context, values)
self.compute_api.trigger_security_group_rules_refresh(context, security_group_id=security_group["id"])
return {"security_group_rule": self._format_security_group_rule(context, security_group_rule)}
