def create(self, req, body):
"""Creates a new security group."""
context = req.environ['nova.context']
if not body:
raise exc.HTTPUnprocessableEntity()
security_group = body.get('security_group', None)
if security_group is None:
raise exc.HTTPUnprocessableEntity()
group_name = security_group.get('name', None)
group_description = security_group.get('description', None)
self._validate_security_group_property(group_name, "name")
self._validate_security_group_property(group_description,
"description")
group_name = group_name.strip()
group_description = group_description.strip()
LOG.audit(_("Create Security Group %s"), group_name, context=context)
self.compute_api.ensure_default_security_group(context)
if db.security_group_exists(context, context.project_id, group_name):
msg = _('Security group %s already exists') % group_name
raise exc.HTTPBadRequest(explanation=msg)
group = {'user_id': context.user_id,
'project_id': context.project_id,
'name': group_name,
'description': group_description}
group_ref = db.security_group_create(context, group)
return {'security_group': self._format_security_group(context,
group_ref)}
def setup_security_group(self, context):
group_name = '%s%s' % (context.project_id, CONF.vpn_key_suffix)
if db.security_group_exists(context, context.project_id, group_name):
return group_name
group = {
'user_id': context.user_id,
'project_id': context.project_id,
'name': group_name,
'description': 'Group for vpn'
}
group_ref = db.security_group_create(context, group)
rule = {
'parent_group_id': group_ref['id'],
'cidr': '0.0.0.0/0',
'protocol': 'udp',
'from_port': 1194,
'to_port': 1194
}
db.security_group_rule_create(context, rule)
rule = {
'parent_group_id': group_ref['id'],
'cidr': '0.0.0.0/0',
'protocol': 'icmp',
'from_port': -1,
'to_port': -1
}
db.security_group_rule_create(context, rule)
# NOTE(vish): No need to trigger the group since the instance
# has not been run yet.
return group_name
def create(self, req, body):
"""Creates a new security group."""
context = req.environ['nova.context']
if not body:
return exc.HTTPUnprocessableEntity()
security_group = body.get('security_group', None)
if security_group is None:
return exc.HTTPUnprocessableEntity()
group_name = security_group.get('name', None)
group_description = security_group.get('description', None)
self._validate_security_group_property(group_name, "name")
self._validate_security_group_property(group_description,
"description")
group_name = group_name.strip()
group_description = group_description.strip()
LOG.audit(_("Create Security Group %s"), group_name, context=context)
self.compute_api.ensure_default_security_group(context)
if db.security_group_exists(context, context.project_id, group_name):
msg = _('Security group %s already exists') % group_name
raise exc.HTTPBadRequest(explanation=msg)
group = {'user_id': context.user_id,
'project_id': context.project_id,
'name': group_name,
'description': group_description}
group_ref = db.security_group_create(context, group)
return {'security_group': self._format_security_group(context,
group_ref)}
def create(self, req, body):
"""Creates a new security group."""
context = req.environ['nova.context']
authorize(context)
if not body:
raise exc.HTTPUnprocessableEntity()
security_group = body.get('security_group', None)
if security_group is None:
raise exc.HTTPUnprocessableEntity()
group_name = security_group.get('name', None)
group_description = security_group.get('description', None)
self._validate_security_group_property(group_name, "name")
self._validate_security_group_property(group_description,
"description")
group_name = group_name.strip()
group_description = group_description.strip()
try:
reservations = QUOTAS.reserve(context, security_groups=1)
except exception.OverQuota:
msg = _("Quota exceeded, too many security groups.")
raise exc.HTTPBadRequest(explanation=msg)
try:
LOG.audit(_("Create Security Group %s"),
group_name,
context=context)
self.compute_api.ensure_default_security_group(context)
if db.security_group_exists(context, context.project_id,
group_name):
msg = _('Security group %s already exists') % group_name
raise exc.HTTPBadRequest(explanation=msg)
group = {
'user_id': context.user_id,
'project_id': context.project_id,
'name': group_name,
'description': group_description
}
group_ref = db.security_group_create(context, group)
self.sgh.trigger_security_group_create_refresh(context, group)
# Commit the reservation
QUOTAS.commit(context, reservations)
except Exception:
with excutils.save_and_reraise_exception():
QUOTAS.rollback(context, reservations)
return {
'security_group': self._format_security_group(context, group_ref)
}
def create(self, req, body):
context = req.environ["nova.context"]
self.compute_api.ensure_default_security_group(context)
name = body["security_group"].get("name")
description = body["security_group"].get("description")
if db.security_group_exists(context, context.project_id, name):
raise exception.ApiError(_("group %s already exists") % name)
group = {"user_id": context.user_id, "project_id": context.project_id, "name": name, "description": description}
group_ref = db.security_group_create(context, group)
return {"security_group": self._format_security_group(context, group_ref)}
def create(self, req, body):
"""Creates a new security group."""
context = req.environ['nova.context']
authorize(context)
if not body:
raise exc.HTTPUnprocessableEntity()
security_group = body.get('security_group', None)
if security_group is None:
raise exc.HTTPUnprocessableEntity()
group_name = security_group.get('name', None)
group_description = security_group.get('description', None)
self._validate_security_group_property(group_name, "name")
self._validate_security_group_property(group_description,
"description")
group_name = group_name.strip()
group_description = group_description.strip()
try:
reservations = QUOTAS.reserve(context, security_groups=1)
except exception.OverQuota:
msg = _("Quota exceeded, too many security groups.")
raise exc.HTTPBadRequest(explanation=msg)
try:
LOG.audit(_("Create Security Group %s"), group_name,
context=context)
self.compute_api.ensure_default_security_group(context)
if db.security_group_exists(context, context.project_id,
group_name):
msg = _('Security group %s already exists') % group_name
raise exc.HTTPBadRequest(explanation=msg)
group = {'user_id': context.user_id,
'project_id': context.project_id,
'name': group_name,
'description': group_description}
group_ref = db.security_group_create(context, group)
self.sgh.trigger_security_group_create_refresh(context, group)
# Commit the reservation
QUOTAS.commit(context, reservations)
except Exception:
with excutils.save_and_reraise_exception():
QUOTAS.rollback(context, reservations)
return {'security_group': self._format_security_group(context,
group_ref)}
def create_security_group(self, context, group_name, group_description):
LOG.audit(_("Create Security Group %s"), group_name, context=context)
self.compute_api.ensure_default_security_group(context)
if db.security_group_exists(context, context.project_id, group_name):
raise exception.ApiError(_('group %s already exists') % group_name)
group = {'user_id': context.user_id,
'project_id': context.project_id,
'name': group_name,
'description': group_description}
group_ref = db.security_group_create(context, group)
return {'securityGroupSet': [self._format_security_group(context,
group_ref)]}
def create(self, req, body):
context = req.environ['nova.context']
self.compute_api.ensure_default_security_group(context)
name = body['security_group'].get('name')
description = body['security_group'].get('description')
if db.security_group_exists(context, context.project_id, name):
raise exception.ApiError(_('group %s already exists') % name)
group = {'user_id': context.user_id,
'project_id': context.project_id,
'name': name,
'description': description}
group_ref = db.security_group_create(context, group)
return {'security_group': self._format_security_group(context,
group_ref)}
def create_group(name, description, context):
"""
Create a OS security group.
name -- Name of the group.
description -- Description.
context -- The os context.
"""
if db.security_group_exists(context, context.project_id, name):
raise AttributeError('Security group %s already exists.')
group = {'user_id': context.user_id,
'project_id': context.project_id,
'name': name,
'description': description}
db.security_group_create(context, group)
SEC_HANDLER.trigger_security_group_create_refresh(context, group)
def create_group(name, description, context):
"""
Create a OS security group.
name -- Name of the group.
description -- Description.
context -- The os context.
"""
if db.security_group_exists(context, context.project_id, name):
raise AttributeError('Security group already exists: ' + name)
group = {'user_id': context.user_id,
'project_id': context.project_id,
'name': name,
'description': description}
db.security_group_create(context, group)
SEC_HANDLER.trigger_security_group_create_refresh(context, group)
def create_security_group(self, context, group_name, group_description):
LOG.audit(_("Create Security Group %s"), group_name, context=context)
self.compute_api.ensure_default_security_group(context)
if db.security_group_exists(context, context.project_id, group_name):
raise exception.ApiError(_('group %s already exists') % group_name)
group = {
'user_id': context.user_id,
'project_id': context.project_id,
'name': group_name,
'description': group_description
}
group_ref = db.security_group_create(context, group)
return {
'securityGroupSet':
[self._format_security_group(context, group_ref)]
}
def setup_security_group(self, context):
group_name = '%s%s' % (context.project_id, FLAGS.vpn_key_suffix)
if db.security_group_exists(context, context.project_id, group_name):
return group_name
group = {'user_id': context.user_id,
'project_id': context.project_id,
'name': group_name,
'description': 'Group for vpn'}
group_ref = db.security_group_create(context, group)
rule = {'parent_group_id': group_ref['id'],
'cidr': '0.0.0.0/0',
'protocol': 'udp',
'from_port': 1194,
'to_port': 1194}
db.security_group_rule_create(context, rule)
rule = {'parent_group_id': group_ref['id'],
'cidr': '0.0.0.0/0',
'protocol': 'icmp',
'from_port': -1,
'to_port': -1}
db.security_group_rule_create(context, rule)
# NOTE(vish): No need to trigger the group since the instance
# has not been run yet.
return group_name
def test_security_groups_created(self):
if WHITE_BOX:
if not db.security_group_exists(context.get_admin_context(),
instance_info.user.tenant, "tcp_3306"):
assert_false(True, "Security groups did not get created")
class OverrideHelper(create_instance_helper.CreateInstanceHelper):
"""Allows keypair name to be passed in request."""
def create_instance(self, req, body, create_method):
if not body:
raise faults.Fault(exc.HTTPUnprocessableEntity())
context = req.environ['nova.context']
password = self.controller._get_server_admin_password(body['server'])
key_name = body['server'].get('key_name')
key_data = None
if key_name:
try:
key_pair = db.key_pair_get(context, context.user_id, key_name)
key_name = key_pair['name']
key_data = key_pair['public_key']
except:
msg = _("Can not load the requested key %s" % key_name)
return faults.Fault(exc.HTTPBadRequest(msg))
else:
key_name = None
key_data = None
key_pairs = db.key_pair_get_all_by_user(context, context.user_id)
if key_pairs:
key_pair = key_pairs[0]
key_name = key_pair['name']
key_data = key_pair['public_key']
image_href = self.controller._image_ref_from_req_data(body)
try:
image_service, image_id = nova.image.get_image_service(image_href)
kernel_id, ramdisk_id = self._get_kernel_ramdisk_from_image(req,
image_service,
image_id)
images = set([str(x['id']) for x in image_service.index(context)])
assert str(image_id) in images
except Exception, e:
msg = _("Cannot find requested image %(image_href)s: %(e)s" %
locals())
raise faults.Fault(exc.HTTPBadRequest(explanation=msg))
personality = body['server'].get('personality')
injected_files = []
if personality:
injected_files = self._get_injected_files(personality)
flavor_id = self.controller._flavor_id_from_req_data(body)
if not 'name' in body['server']:
msg = _("Server name is not defined")
raise exc.HTTPBadRequest(explanation=msg)
zone_blob = body['server'].get('blob')
name = body['server']['name']
self._validate_server_name(name)
name = name.strip()
reservation_id = body['server'].get('reservation_id')
security_groups = filter(bool, body['server']
.get('security_groups', '')
.split(',')) + ['default']
for group_name in security_groups:
if not db.security_group_exists(context,
context.project_id,
group_name):
group = {'user_id': context.user_id,
'project_id': context.project_id,
'name': group_name,
'description': ''}
db.security_group_create(context, group)
try:
inst_type = \
instance_types.get_instance_type_by_flavor_id(flavor_id)
extra_values = {
'instance_type': inst_type,
'image_ref': image_href,
'password': password}
return (extra_values,
create_method(context,
inst_type,
image_id,
kernel_id=kernel_id,
ramdisk_id=ramdisk_id,
display_name=name,
display_description=name,
key_name=key_name,
key_data=key_data,
metadata=body['server'].get('metadata', {}),
injected_files=injected_files,
admin_password=password,
zone_blob=zone_blob,
user_data=body['server'].get('user_data', None),
security_group=security_groups,
reservation_id=reservation_id))
except quota.QuotaError as error:
self._handle_quota_error(error)
except exception.ImageNotFound as error:
msg = _("Can not find requested image")
raise faults.Fault(exc.HTTPBadRequest(explanation=msg))
def test_security_groups_created(self):
if WHITE_BOX:
if not db.security_group_exists(context.get_admin_context(),
instance_info.user.tenant,
"tcp_3306"):
assert_false(True, "Security groups did not get created")
