def _create_default_security_group(context, net_driver): default_group = { "name": "default", "description": "", "group_id": DEFAULT_SG_UUID, "port_egress_rules": [], "port_ingress_rules": [ {"ethertype": "IPv4", "protocol": 1}, {"ethertype": "IPv4", "protocol": 6}, {"ethertype": "IPv4", "protocol": 17}, {"ethertype": "IPv6", "protocol": 1}, {"ethertype": "IPv6", "protocol": 6}, {"ethertype": "IPv6", "protocol": 17}, ], } net_driver.create_security_group(context, "default", **default_group) default_group["id"] = DEFAULT_SG_UUID default_group["tenant_id"] = context.tenant_id for rule in default_group.pop("port_ingress_rules"): db_api.security_group_rule_create( context, security_group_id=default_group["id"], tenant_id=context.tenant_id, direction="ingress", **rule ) db_api.security_group_create(context, **default_group)
def _create_default_security_group(context): default_group = { "name": "default", "description": "", "group_id": DEFAULT_SG_UUID, "port_egress_rules": [], "port_ingress_rules": [ { "ethertype": "IPv4", "protocol": 1 }, { "ethertype": "IPv4", "protocol": 6 }, { "ethertype": "IPv4", "protocol": 17 }, { "ethertype": "IPv6", "protocol": 1 }, { "ethertype": "IPv6", "protocol": 6 }, { "ethertype": "IPv6", "protocol": 17 }, ] } net_driver.create_security_group(context, "default", **default_group) default_group["id"] = DEFAULT_SG_UUID default_group["tenant_id"] = context.tenant_id for rule in default_group.pop("port_ingress_rules"): db_api.security_group_rule_create( context, security_group_id=default_group["id"], tenant_id=context.tenant_id, direction="ingress", **rule) db_api.security_group_create(context, **default_group)
def create_security_group_rule(context, security_group_rule): """Creates a rule and updates the ports (async) if enabled.""" LOG.info("create_security_group for tenant %s" % (context.tenant_id)) with context.session.begin(): rule = _validate_security_group_rule( context, security_group_rule["security_group_rule"]) rule["id"] = uuidutils.generate_uuid() group_id = rule["security_group_id"] group = db_api.security_group_find(context, id=group_id, scope=db_api.ONE) if not group: raise sg_ext.SecurityGroupNotFound(id=group_id) quota.QUOTAS.limit_check( context, context.tenant_id, security_rules_per_group=len(group.get("rules", [])) + 1) new_rule = db_api.security_group_rule_create(context, **rule) if group: _perform_async_update_rule(context, group_id, group, new_rule.id, RULE_CREATE) return v._make_security_group_rule_dict(new_rule)
def create_security_group_rule(context, security_group_rule): LOG.info("create_security_group for tenant %s" % (context.tenant_id)) with context.session.begin(): rule = _validate_security_group_rule(context, security_group_rule["security_group_rule"]) rule["id"] = uuidutils.generate_uuid() group_id = rule["security_group_id"] group = db_api.security_group_find(context, id=group_id, scope=db_api.ONE) if not group: raise sg_ext.SecurityGroupNotFound(id=group_id) quota.QUOTAS.limit_check(context, context.tenant_id, security_rules_per_group=len(group.get("rules", [])) + 1) new_rule = db_api.security_group_rule_create(context, **rule) return v._make_security_group_rule_dict(new_rule)
def create_security_group_rule(context, security_group_rule): LOG.info("create_security_group for tenant %s" % (context.tenant_id)) rule = _validate_security_group_rule( context, security_group_rule["security_group_rule"]) rule["id"] = uuidutils.generate_uuid() group_id = rule["security_group_id"] group = db_api.security_group_find(context, id=group_id, scope=db_api.ONE) if not group: raise sg_ext.SecurityGroupNotFound(group_id=group_id) quota.QUOTAS.limit_check( context, context.tenant_id, security_rules_per_group=len(group.get("rules", [])) + 1) net_driver.create_security_group_rule(context, group_id, rule) return v._make_security_group_rule_dict( db_api.security_group_rule_create(context, **rule))