def create_security_group_rule(context, security_group_rule):
    """Creates a rule and updates the ports (async) if enabled."""
    LOG.info("create_security_group for tenant %s" % (context.tenant_id))
    with context.session.begin():
        rule = _validate_security_group_rule(
            context, security_group_rule["security_group_rule"])
        rule["id"] = uuidutils.generate_uuid()

        group_id = rule["security_group_id"]
        group = db_api.security_group_find(context,
                                           id=group_id,
                                           scope=db_api.ONE)
        if not group:
            raise sg_ext.SecurityGroupNotFound(id=group_id)

        quota.QUOTAS.limit_check(
            context,
            context.tenant_id,
            security_rules_per_group=len(group.get("rules", [])) + 1)

        new_rule = db_api.security_group_rule_create(context, **rule)
    if group:
        _perform_async_update_rule(context, group_id, group, new_rule.id,
                                   RULE_CREATE)
    return v._make_security_group_rule_dict(new_rule)
Exemple #2
0
def get_security_groups(context, filters=None, fields=None,
                        sorts=None, limit=None, marker=None,
                        page_reverse=False):
    LOG.info("get_security_groups for tenant %s" %
             (context.tenant_id))
    groups = db_api.security_group_find(context, **filters)
    return [v._make_security_group_dict(group) for group in groups]
def update_security_group_rule(context, id, security_group_rule):
    '''Updates a rule and updates the ports'''
    LOG.info("update_security_group_rule for tenant %s" % (context.tenant_id))
    new_rule = security_group_rule["security_group_rule"]
    # Only allow updatable fields
    new_rule = _filter_update_security_group_rule(new_rule)

    with context.session.begin():
        rule = db_api.security_group_rule_find(context,
                                               id=id,
                                               scope=db_api.ONE)
        if not rule:
            raise sg_ext.SecurityGroupRuleNotFound(id=id)

        db_rule = db_api.security_group_rule_update(context, rule, **new_rule)

        group_id = db_rule.group_id
        group = db_api.security_group_find(context,
                                           id=group_id,
                                           scope=db_api.ONE)
        if not group:
            raise sg_ext.SecurityGroupNotFound(id=group_id)

    if group:
        _perform_async_update_rule(context, group_id, group, rule.id,
                                   RULE_UPDATE)

    return v._make_security_group_rule_dict(db_rule)
Exemple #4
0
def get_security_group(context, id, fields=None):
    LOG.info("get_security_group %s for tenant %s" %
             (id, context.tenant_id))
    group = db_api.security_group_find(context, id=id, scope=db_api.ONE)
    if not group:
        raise sg_ext.SecurityGroupNotFound(id=id)
    return v._make_security_group_dict(group, fields)
def update_security_group(context, id, security_group):
    if id == DEFAULT_SG_UUID:
        raise sg_ext.SecurityGroupCannotUpdateDefault()
    new_group = security_group["security_group"]
    with context.session.begin():
        group = db_api.security_group_find(context, id=id, scope=db_api.ONE)
        db_group = db_api.security_group_update(context, group, **new_group)
    return v._make_security_group_dict(db_group)
Exemple #6
0
def update_security_group(context, id, security_group):
    if id == DEFAULT_SG_UUID:
        raise sg_ext.SecurityGroupCannotUpdateDefault()
    new_group = security_group["security_group"]
    with context.session.begin():
        group = db_api.security_group_find(context, id=id, scope=db_api.ONE)
        db_group = db_api.security_group_update(context, group, **new_group)
    return v._make_security_group_dict(db_group)
Exemple #7
0
def get_security_groups(context,
                        filters=None,
                        fields=None,
                        sorts=None,
                        limit=None,
                        marker=None,
                        page_reverse=False):
    LOG.info("get_security_groups for tenant %s" % (context.tenant_id))
    groups = db_api.security_group_find(context, **filters)
    return [v._make_security_group_dict(group) for group in groups]
Exemple #8
0
def make_security_group_list(context, group_ids):
    if not group_ids or not utils.attr_specified(group_ids):
        return ([], [])
    group_ids = list(set(group_ids))
    groups = []
    for gid in group_ids:
        group = db_api.security_group_find(context, id=gid, scope=db_api.ONE)
        if not group:
            raise sg_ext.SecurityGroupNotFound(id=gid)
        groups.append(group)
    return (group_ids, groups)
Exemple #9
0
def make_security_group_list(context, group_ids):
    if not group_ids or not utils.attr_specified(group_ids):
        return ([], [])
    group_ids = list(set(group_ids))
    groups = []
    for gid in group_ids:
        group = db_api.security_group_find(context, id=gid, scope=db_api.ONE)
        if not group:
            raise sg_ext.SecurityGroupNotFound(id=gid)
        groups.append(group)
    return (group_ids, groups)
def delete_security_group_rule(context, id):
    LOG.info("delete_security_group %s for tenant %s" % (id, context.tenant_id))
    with context.session.begin():
        rule = db_api.security_group_rule_find(context, id=id, scope=db_api.ONE)
        if not rule:
            raise sg_ext.SecurityGroupRuleNotFound(id=id)

        group = db_api.security_group_find(context, id=rule["group_id"], scope=db_api.ONE)
        if not group:
            raise sg_ext.SecurityGroupNotFound(id=id)

        rule["id"] = id
        db_api.security_group_rule_delete(context, rule)
def delete_security_group(context, id):
    LOG.info("delete_security_group %s for tenant %s" % (id, context.tenant_id))

    with context.session.begin():
        group = db_api.security_group_find(context, id=id, scope=db_api.ONE)

        # TODO(anyone): name and ports are lazy-loaded. Could be good op later
        if not group:
            raise sg_ext.SecurityGroupNotFound(id=id)
        if id == DEFAULT_SG_UUID or group.name == "default":
            raise sg_ext.SecurityGroupCannotRemoveDefault()
        if group.ports:
            raise sg_ext.SecurityGroupInUse(id=id)
        db_api.security_group_delete(context, group)
Exemple #12
0
def delete_security_group(context, id):
    LOG.info("delete_security_group %s for tenant %s" %
             (id, context.tenant_id))

    with context.session.begin():
        group = db_api.security_group_find(context, id=id, scope=db_api.ONE)

        # TODO(anyone): name and ports are lazy-loaded. Could be good op later
        if not group:
            raise sg_ext.SecurityGroupNotFound(group_id=id)
        if id == DEFAULT_SG_UUID or group.name == "default":
            raise sg_ext.SecurityGroupCannotRemoveDefault()
        if group.ports:
            raise sg_ext.SecurityGroupInUse(id=id)
        db_api.security_group_delete(context, group)
def create_security_group_rule(context, security_group_rule):
    LOG.info("create_security_group for tenant %s" % (context.tenant_id))
    with context.session.begin():
        rule = _validate_security_group_rule(context, security_group_rule["security_group_rule"])
        rule["id"] = uuidutils.generate_uuid()

        group_id = rule["security_group_id"]
        group = db_api.security_group_find(context, id=group_id, scope=db_api.ONE)
        if not group:
            raise sg_ext.SecurityGroupNotFound(id=group_id)

        quota.QUOTAS.limit_check(context, context.tenant_id, security_rules_per_group=len(group.get("rules", [])) + 1)

        new_rule = db_api.security_group_rule_create(context, **rule)
    return v._make_security_group_rule_dict(new_rule)
Exemple #14
0
 def update_sg(self, context, sg, rule_id, action):
     """Begins the async update process."""
     db_sg = db_api.security_group_find(context, id=sg, scope=db_api.ONE)
     if not db_sg:
         return None
     with context.session.begin():
         job_body = dict(action="%s sg rule %s" % (action, rule_id),
                         resource_id=rule_id,
                         tenant_id=db_sg['tenant_id'])
         job_body = dict(job=job_body)
         job = job_api.create_job(context.elevated(), job_body)
         rpc_client = QuarkSGAsyncProducerClient()
         try:
             rpc_client.populate_subtasks(context, sg, job['id'])
         except om_exc.MessagingTimeout:
             LOG.error("Failed to create subtasks. Rabbit running?")
             return None
     return {"job_id": job['id']}
Exemple #15
0
def delete_security_group_rule(context, id):
    LOG.info("delete_security_group %s for tenant %s" %
             (id, context.tenant_id))
    rule = db_api.security_group_rule_find(context, id=id, scope=db_api.ONE)
    if not rule:
        raise sg_ext.SecurityGroupRuleNotFound(group_id=id)

    group = db_api.security_group_find(context,
                                       id=rule["group_id"],
                                       scope=db_api.ONE)
    if not group:
        raise sg_ext.SecurityGroupNotFound(id=id)

    net_driver.delete_security_group_rule(
        context, group.id, v._make_security_group_rule_dict(rule))

    rule["id"] = id
    db_api.security_group_rule_delete(context, rule)
Exemple #16
0
def delete_security_group_rule(context, id):
    LOG.info("delete_security_group %s for tenant %s" %
            (id, context.tenant_id))
    rule = db_api.security_group_rule_find(context, id=id,
                                           scope=db_api.ONE)
    if not rule:
        raise sg_ext.SecurityGroupRuleNotFound(group_id=id)

    group = db_api.security_group_find(context, id=rule["group_id"],
                                       scope=db_api.ONE)
    if not group:
        raise sg_ext.SecurityGroupNotFound(id=id)

    net_driver.delete_security_group_rule(
        context, group.id, v._make_security_group_rule_dict(rule))

    rule["id"] = id
    db_api.security_group_rule_delete(context, rule)
Exemple #17
0
def delete_security_group_rule(context, id):
    LOG.info("delete_security_group %s for tenant %s" %
             (id, context.tenant_id))
    with context.session.begin():
        rule = db_api.security_group_rule_find(context,
                                               id=id,
                                               scope=db_api.ONE)
        if not rule:
            raise sg_ext.SecurityGroupRuleNotFound(group_id=id)

        group = db_api.security_group_find(context,
                                           id=rule["group_id"],
                                           scope=db_api.ONE)
        if not group:
            raise sg_ext.SecurityGroupNotFound(id=id)

        rule["id"] = id
        db_api.security_group_rule_delete(context, rule)
Exemple #18
0
def delete_security_group_rule(context, id):
    """Deletes a rule and updates the ports (async) if enabled."""
    LOG.info("delete_security_group %s for tenant %s" %
             (id, context.tenant_id))
    with context.session.begin():
        rule = db_api.security_group_rule_find(context, id=id,
                                               scope=db_api.ONE)
        if not rule:
            raise sg_ext.SecurityGroupRuleNotFound(id=id)

        group = db_api.security_group_find(context, id=rule["group_id"],
                                           scope=db_api.ONE)
        if not group:
            raise sg_ext.SecurityGroupNotFound(id=id)

        rule["id"] = id
        db_api.security_group_rule_delete(context, rule)
    if group:
        _perform_async_update_rule(context, group.id, group, id, RULE_DELETE)
Exemple #19
0
def create_security_group_rule(context, security_group_rule):
    LOG.info("create_security_group for tenant %s" % (context.tenant_id))
    rule = _validate_security_group_rule(
        context, security_group_rule["security_group_rule"])
    rule["id"] = uuidutils.generate_uuid()

    group_id = rule["security_group_id"]
    group = db_api.security_group_find(context, id=group_id, scope=db_api.ONE)
    if not group:
        raise sg_ext.SecurityGroupNotFound(group_id=group_id)

    quota.QUOTAS.limit_check(
        context,
        context.tenant_id,
        security_rules_per_group=len(group.get("rules", [])) + 1)

    net_driver.create_security_group_rule(context, group_id, rule)

    return v._make_security_group_rule_dict(
        db_api.security_group_rule_create(context, **rule))
def delete_security_group_rule(context, id):
    """Deletes a rule and updates the ports (async) if enabled."""
    LOG.info("delete_security_group %s for tenant %s" %
             (id, context.tenant_id))
    with context.session.begin():
        rule = db_api.security_group_rule_find(context,
                                               id=id,
                                               scope=db_api.ONE)
        if not rule:
            raise sg_ext.SecurityGroupRuleNotFound(id=id)

        group = db_api.security_group_find(context,
                                           id=rule["group_id"],
                                           scope=db_api.ONE)
        if not group:
            raise sg_ext.SecurityGroupNotFound(id=id)

        rule["id"] = id
        db_api.security_group_rule_delete(context, rule)
    if group:
        _perform_async_update_rule(context, group.id, group, id, RULE_DELETE)
Exemple #21
0
 def populate_subtasks(self, context, sg, parent_job_id):
     """Produces a list of ports to be updated async."""
     db_sg = db_api.security_group_find(context, id=sg, scope=db_api.ONE)
     if not db_sg:
         return None
     ports = db_api.sg_gather_associated_ports(context, db_sg)
     if len(ports) == 0:
         return {"ports": 0}
     for port in ports:
         job_body = dict(action="update port %s" % port['id'],
                         tenant_id=db_sg['tenant_id'],
                         resource_id=port['id'],
                         parent_id=parent_job_id)
         job_body = dict(job=job_body)
         job = job_api.create_job(context.elevated(), job_body)
         rpc_consumer = QuarkSGAsyncConsumerClient()
         try:
             rpc_consumer.update_port(context, port['id'], job['id'])
         except om_exc.MessagingTimeout:
             # TODO(roaet): Not too sure what can be done here other than
             # updating the job as a failure?
             LOG.error("Failed to update port. Rabbit running?")
     return None
Exemple #22
0
def create_security_group_rule(context, security_group_rule):
    """Creates a rule and updates the ports (async) if enabled."""
    LOG.info("create_security_group for tenant %s" %
             (context.tenant_id))
    with context.session.begin():
        rule = _validate_security_group_rule(
            context, security_group_rule["security_group_rule"])
        rule["id"] = uuidutils.generate_uuid()

        group_id = rule["security_group_id"]
        group = db_api.security_group_find(context, id=group_id,
                                           scope=db_api.ONE)
        if not group:
            raise sg_ext.SecurityGroupNotFound(id=group_id)

        quota.QUOTAS.limit_check(
            context, context.tenant_id,
            security_rules_per_group=len(group.get("rules", [])) + 1)

        new_rule = db_api.security_group_rule_create(context, **rule)
    if group:
        _perform_async_update_rule(context, group_id, group, new_rule.id,
                                   RULE_CREATE)
    return v._make_security_group_rule_dict(new_rule)
 def _get_assoc_ports(self, sgid):
     db_sg = db_api.security_group_find(
         self.context, id=sgid, scope=db_api.ONE)
     self.assertIsNotNone(db_sg)
     return db_api.sg_gather_associated_ports(self.context, db_sg)
Exemple #24
0
def get_security_group(context, id, fields=None):
    LOG.info("get_security_group %s for tenant %s" % (id, context.tenant_id))
    group = db_api.security_group_find(context, id=id, scope=db_api.ONE)
    if not group:
        raise sg_ext.SecurityGroupNotFound(group_id=id)
    return v._make_security_group_dict(group, fields)
Exemple #25
0
 def _get_assoc_ports(self, sgid):
     db_sg = db_api.security_group_find(self.context,
                                        id=sgid,
                                        scope=db_api.ONE)
     self.assertIsNotNone(db_sg)
     return db_api.sg_gather_associated_ports(self.context, db_sg)