def create(self, context, member):
"""
Create a loadbalancer_member object.
"""
m = member['member']
try:
pool = self._api.loadbalancer_pool_read(id=m['pool_id'])
except NoIdError:
raise loadbalancer.PoolNotFound(pool_id=m['pool_id'])
tenant_id = self._get_tenant_id_for_create(context, m)
if str(uuid.UUID(tenant_id)) != pool.parent_uuid:
raise n_exc.NotAuthorized()
obj_uuid = uuidutils.generate_uuid()
props = self.make_properties(m)
id_perms = IdPermsType(enable=True)
member_db = LoadbalancerMember(obj_uuid,
pool,
loadbalancer_member_properties=props,
id_perms=id_perms)
member_db.uuid = obj_uuid
self._api.loadbalancer_member_create(member_db)
return self.make_dict(member_db)
def create(self, context, loadbalancer):
"""
Create a loadbalancer.
"""
l = loadbalancer['loadbalancer']
tenant_id = self._get_tenant_id_for_create(context, l)
project = self._project_read(project_id=tenant_id)
obj_uuid = uuidutils.generate_uuid()
name = self._get_resource_name('loadbalancer', project,
l['name'], obj_uuid)
id_perms = IdPermsType(enable=True, description=l['description'])
lb = Loadbalancer(name, project, id_perms=id_perms,
display_name=l['name'])
lb.uuid = obj_uuid
vmi, vip_address = self._create_virtual_interface(project,
obj_uuid, l['vip_subnet_id'], l.get('vip_address'))
lb.set_virtual_machine_interface(vmi)
props = self.make_properties(l)
props.set_vip_address(vip_address)
lb.set_loadbalancer_properties(props)
self._api.loadbalancer_create(lb)
return self.make_dict(lb)
def test_vip_get(self):
def get_vip(*args, **kwargs):
return self.loadbalancer.get_vip(*args, **kwargs)
self.plugin.return_value.get_vip.side_effect = get_vip
vip_id = _uuid()
id_perms = IdPermsType(uuid=vip_id, enable=True)
props = self._virtual_ip_properties_build()
vip = VirtualIp(virtual_ip_properties=props,
id_perms=id_perms,
display_name='vip1')
vip.parent_uuid = _uuid()
vip.uuid = vip_id
instance = self.api_server
instance.virtual_ip_read.return_value = vip
return_value = {
'name': 'vip1',
'admin_state_up': True,
'tenant_id': vip.parent_uuid,
'status': "ACTIVE",
'id': vip_id
}
res = self.api.get(_get_path('lb/vips', id=vip_id, fmt=self.fmt))
self.assertEqual(res.status_int, exc.HTTPOk.code)
res = self.deserialize(res)
self.assertIn('vip', res)
self.assertDictContainsSubset(return_value, res['vip'])
def create(self, context, loadbalancer):
"""
Create a loadbalancer.
"""
l = loadbalancer['loadbalancer']
if (l['provider'] == ATTR_NOT_SPECIFIED):
l['provider'] = "opencontrail"
sas_obj = self.check_provider_exists(l['provider'])
tenant_id = self._get_tenant_id_for_create(context, l)
project = self._project_read(project_id=tenant_id)
obj_uuid = uuidutils.generate_uuid()
name = self._get_resource_name('loadbalancer', project, l['name'],
obj_uuid)
id_perms = IdPermsType(enable=True, description=l['description'])
lb = Loadbalancer(name,
project,
uuid=obj_uuid,
loadbalancer_provider=l['provider'],
id_perms=id_perms,
display_name=l['name'])
lb.set_service_appliance_set(sas_obj)
vmi, vip_address = self._create_virtual_interface(
project, obj_uuid, l['vip_subnet_id'], l.get('vip_address'))
lb.set_virtual_machine_interface(vmi)
l['provisioning_status'] = 'ACTIVE'
l['operating_status'] = 'ONLINE'
props = self.make_properties(l)
props.set_vip_address(vip_address)
lb.set_loadbalancer_properties(props)
self._api.loadbalancer_create(lb)
return self.make_dict(lb)
def create(self, context, healthmonitor):
"""
Create a loadbalancer_healtmonitor object.
"""
m = healthmonitor['healthmonitor']
tenant_id = self._get_tenant_id_for_create(context, m)
project = self._project_read(project_id=tenant_id)
uuid = uuidutils.generate_uuid()
props = self.make_properties(m)
id_perms = IdPermsType(enable=True)
monitor_db = LoadbalancerHealthmonitor(
uuid,
project,
loadbalancer_healthmonitor_properties=props,
id_perms=id_perms,
display_name=m['name'])
monitor_db.uuid = uuid
try:
pool = self._api.loadbalancer_pool_read(id=m['pool_id'])
except NoIdError:
raise loadbalancerv2.EntityNotFound(name='Pool', id=m['pool_id'])
exist_hm_refs = pool.get_loadbalancer_healthmonitor_refs()
if exist_hm_refs is not None:
raise loadbalancerv2.OneHealthMonitorPerPool(
pool_id=m['pool_id'], hm_id=exist_hm_refs[0]['uuid'])
self._api.loadbalancer_healthmonitor_create(monitor_db)
self._api.ref_update('loadbalancer-pool', m['pool_id'],
'loadbalancer-healthmonitor', uuid, None, 'ADD')
return self.make_dict(monitor_db)
def create(self, context, pool):
"""
Create a loadbalancer_pool object.
"""
p = pool['pool']
tenant_id = self._get_tenant_id_for_create(context, p)
project = self._project_read(project_id=tenant_id)
uuid = uuidutils.generate_uuid()
name = self._get_resource_name('loadbalancer-pool', project, p['name'],
uuid)
props = self.make_properties(p)
id_perms = IdPermsType(uuid=uuid,
enable=True,
description=p['description'])
pool = LoadbalancerPool(name,
project,
loadbalancer_pool_properties=props,
loadbalancer_pool_provider=p['provider'],
id_perms=id_perms,
display_name=p['name'])
pool.uuid = uuid
if p['health_monitors']:
for hm in p['health_monitors']:
try:
mon = self._api.loadbalancer_healthmonitor_read(id=hm)
except NoIdError:
raise loadbalancer.HealthMonitorNotFound(monitor_id=hm)
pool.add_loadbalancer_healthmonitor(mon)
self._api.loadbalancer_pool_create(pool)
return self.make_dict(pool)
def create(self, context, listener):
l = listener['listener']
tenant_id = self._get_tenant_id_for_create(context, l)
project = self._project_read(project_id=tenant_id)
if l['loadbalancer_id']:
try:
lb = self._api.loadbalancer_read(id=l['loadbalancer_id'])
except NoIdError:
raise loadbalancer.EntityNotFound(id=v['loadbalancer_id'])
project_id = lb.parent_uuid
if str(uuid.UUID(tenant_id)) != project_id:
raise n_exc.NotAuthorized()
else:
lb = None
obj_uuid = uuidutils.generate_uuid()
name = self._get_resource_name('listener', project, l['name'],
obj_uuid)
id_perms = IdPermsType(enable=True, description=l['description'])
ll = LoadbalancerListener(name,
project,
id_perms=id_perms,
display_name=l['name'])
ll.uuid = obj_uuid
if lb:
ll.set_loadbalancer(lb)
props = self.make_properties(l)
ll.set_loadbalancer_listener_properties(props)
self._api.loadbalancer_listener_create(ll)
return self.make_dict(ll)
def _create_member(self, member_id, pool_id):
id_perms = IdPermsType(uuid=member_id, enable=True)
props = self._loadbalancer_member_properties_build()
member = LoadbalancerMember(loadbalancer_member_properties=props,
id_perms=id_perms)
member.uuid = member_id
member.parent_uuid = pool_id
return member
def _create_monitor(self, health_monitor_id, tenant_id):
id_perms = IdPermsType(uuid=health_monitor_id, enable=True)
props = self._loadbalancer_healthmonitor_properties_build()
monitor = LoadbalancerHealthmonitor(
health_monitor_id,
loadbalancer_healthmonitor_properties=props,
id_perms=id_perms)
monitor.parent_uuid = tenant_id
monitor.uuid = health_monitor_id
return monitor
def _create_pool(self, pool_id, tenant_id=None):
if tenant_id is None:
tenant_id = _uuid()
id_perms = IdPermsType(uuid=pool_id, enable=True)
props = self._loadbalancer_pool_properties_build()
pool = LoadbalancerPool(loadbalancer_pool_properties=props,
id_perms=id_perms,
display_name='pool1')
pool.parent_uuid = tenant_id
pool.uuid = pool_id
return pool
def create(self, context, vip):
"""
Create a VIP.
"""
v = vip['vip']
tenant_id = self._get_tenant_id_for_create(context, v)
project = self._project_read(project_id=tenant_id)
if v['pool_id']:
try:
pool = self._api.loadbalancer_pool_read(id=v['pool_id'])
except NoIdError:
raise loadbalancer.PoolNotFound(pool_id=v['pool_id'])
project_id = pool.parent_uuid
if str(uuid.UUID(tenant_id)) != project_id:
raise n_exc.NotAuthorized()
protocol = pool.get_loadbalancer_pool_properties().get_protocol()
if protocol != v['protocol']:
raise loadbalancer.ProtocolMismatch(vip_proto=v['protocol'],
pool_proto=protocol)
if pool.get_virtual_ip_back_refs():
raise loadbalancer.VipExists(pool_id=v['pool_id'])
else:
pool = None
obj_uuid = uuidutils.generate_uuid()
name = self._get_resource_name('virtual-ip', project, v['name'],
obj_uuid)
id_perms = IdPermsType(enable=True, description=v['description'])
vip = VirtualIp(name,
project,
id_perms=id_perms,
display_name=v['name'])
vip.uuid = obj_uuid
if pool:
vip.set_loadbalancer_pool(pool)
vmi, vip_address = self._create_virtual_interface(
project, obj_uuid, v['subnet_id'], v.get('address'))
vip.set_virtual_machine_interface(vmi)
props = self.make_properties(v)
props.set_address(vip_address)
vip.set_virtual_ip_properties(props)
self._api.virtual_ip_create(vip)
return self.make_dict(vip)
def create(self, context, pool):
"""
Create a loadbalancer_pool object.
"""
p = pool['pool']
tenant_id = self._get_tenant_id_for_create(context, p)
project = self._project_read(project_id=tenant_id)
if p['listener_id']:
try:
ll = self._api.loadbalancer_listener_read(id=p['listener_id'])
except NoIdError:
raise loadbalancerv2.EntityNotFound(name='Listener',
id=p['listener_id'])
project_id = ll.parent_uuid
if str(uuid.UUID(tenant_id)) != project_id:
raise NotAuthorized()
else:
ll = None
pool_uuid = uuidutils.generate_uuid()
name = self._get_resource_name('loadbalancer-pool', project,
p['name'], pool_uuid)
props = self.make_properties(p)
id_perms = IdPermsType(enable=True,
description=p['description'])
pool = LoadbalancerPool(name, project, uuid=pool_uuid,
loadbalancer_pool_properties=props,
id_perms=id_perms, display_name=p['name'])
if ll:
pool_exists = ll.get_loadbalancer_pool_back_refs()
if pool_exists is not None:
raise loadbalancerv2.OnePoolPerListener(
listener_id=p['listener_id'],
pool_id=pool_exists[0]['uuid'])
pool.set_loadbalancer_listener(ll)
# Custom attributes
if p['custom_attributes'] != ATTR_NOT_SPECIFIED:
custom_attributes = KeyValuePairs()
self.create_update_custom_attributes(p['custom_attributes'],
custom_attributes)
pool.set_loadbalancer_pool_custom_attributes(custom_attributes)
self._api.loadbalancer_pool_create(pool)
return self.make_dict(pool)
def create(self, context, vip):
"""
Create a VIP.
"""
v = vip['vip']
tenant_id = self._get_tenant_id_for_create(context, v)
project = self._project_read(project_id=tenant_id)
if v['pool_id']:
try:
pool = self._api.loadbalancer_pool_read(id=v['pool_id'])
except NoIdError:
raise loadbalancer.PoolNotFound(pool_id=v['pool_id'])
project_id = pool.parent_uuid
if tenant_id != project_id:
raise n_exc.NotAuthorized()
# TODO: check that the pool has no vip configured
# if pool.protocol != v['protocol']:
# raise loadbalancer.ProtocolMismatch(
# vip_proto=v['protocol'], pool_proto=pool.protocol)
else:
pool = None
uuid = uuidutils.generate_uuid()
name = self._get_resource_name('virtual-ip', project, v['name'], uuid)
props = self.make_properties(v)
id_perms = IdPermsType(uuid=uuid,
enable=True,
description=v['description'])
vip = VirtualIp(name,
project,
virtual_ip_properties=props,
id_perms=id_perms,
display_name=v['name'])
vip.uuid = uuid
if pool:
vip.set_loadbalancer_pool(pool)
vmi = self._create_virtual_interface(project, uuid, v['subnet_id'],
v.get('address'))
vip.set_virtual_machine_interface(vmi)
self._api.virtual_ip_create(vip)
return self.make_dict(vip)
def create(self, context, health_monitor):
"""
Create a loadbalancer_healtmonitor object.
"""
m = health_monitor['health_monitor']
tenant_id = self._get_tenant_id_for_create(context, m)
project = self._project_read(project_id=tenant_id)
uuid = uuidutils.generate_uuid()
props = self.make_properties(m)
id_perms = IdPermsType(enable=True)
monitor_db = LoadbalancerHealthmonitor(
uuid, project, loadbalancer_healthmonitor_properties=props,
id_perms=id_perms)
monitor_db.uuid = uuid
self._api.loadbalancer_healthmonitor_create(monitor_db)
return self.make_dict(monitor_db)
def create_security_group(self, proj_obj):
def _get_rule(ingress, sg, prefix, ethertype):
sgr_uuid = str(uuid.uuid4())
if sg:
addr = AddressType(security_group=proj_obj.get_fq_name_str() +
':' + sg)
elif prefix:
addr = AddressType(subnet=SubnetType(prefix, 0))
local_addr = AddressType(security_group='local')
if ingress:
src_addr = addr
dst_addr = local_addr
else:
src_addr = local_addr
dst_addr = addr
rule = PolicyRuleType(rule_uuid=sgr_uuid,
direction='>',
protocol='any',
src_addresses=[src_addr],
src_ports=[PortType(0, 65535)],
dst_addresses=[dst_addr],
dst_ports=[PortType(0, 65535)],
ethertype=ethertype)
return rule
rules = []
rules.append(_get_rule(True, 'default', None, 'IPv4'))
rules.append(_get_rule(True, 'default', None, 'IPv6'))
sg_rules = PolicyEntriesType(rules)
# create security group
id_perms = IdPermsType(
enable=True, description=KMTestCase.DEFAULT_SECGROUP_DESCRIPTION)
sg_obj = SecurityGroup(name='default',
parent_obj=proj_obj,
id_perms=id_perms,
security_group_entries=sg_rules)
self._vnc_lib.security_group_create(sg_obj)
self._vnc_lib.chown(sg_obj.get_uuid(), proj_obj.get_uuid())
return sg_obj
def create(self, context, pool):
"""
Create a loadbalancer_pool object.
"""
p = pool['pool']
try:
sas_fq_name = ["default-global-system-config"]
sas_fq_name.append(p['provider'])
sas_obj = self._api.service_appliance_set_read(fq_name=sas_fq_name)
except NoIdError:
raise pconf.ServiceProviderNotFound(
provider=p['provider'], service_type=constants.LOADBALANCER)
tenant_id = self._get_tenant_id_for_create(context, p)
project = self._project_read(project_id=tenant_id)
uuid = uuidutils.generate_uuid()
name = self._get_resource_name('loadbalancer-pool', project, p['name'],
uuid)
props = self.make_properties(p)
id_perms = IdPermsType(enable=True, description=p['description'])
pool = LoadbalancerPool(name,
project,
loadbalancer_pool_properties=props,
loadbalancer_pool_provider=p['provider'],
id_perms=id_perms,
display_name=p['name'])
pool.uuid = uuid
if p['health_monitors']:
for hm in p['health_monitors']:
try:
mon = self._api.loadbalancer_healthmonitor_read(id=hm)
except NoIdError:
raise loadbalancer.HealthMonitorNotFound(monitor_id=hm)
pool.add_loadbalancer_healthmonitor(mon)
pool.set_service_appliance_set(sas_obj)
self._api.loadbalancer_pool_create(pool)
return self.make_dict(pool)
def update_object(self, member_db, id, m):
if 'pool_id' in m and self._get_member_pool_id(
member_db) != m['pool_id']:
try:
pool = self._api.loadbalancer_pool_read(id=m['pool_id'])
except NoIdError:
raise loadbalancer.PoolNotFound(pool_id=m['pool_id'])
db_props = member_db.get_loadbalancer_member_properties()
members = pool.get_loadbalancer_members()
for member in members or []:
member_obj = self._api.loadbalancer_member_read(
id=member['uuid'])
props = member_obj.get_loadbalancer_member_properties()
if ((props.get_address() == db_props.get_address())
and (props.get_protocol_port()
== db_props.get_protocol_port())):
raise loadbalancer.MemberExists(
address=props.get_address(),
port=props.get_protocol_port(),
pool=m['pool_id'])
# delete member from old pool
props = member_db.get_loadbalancer_member_properties()
obj_uuid = member_db.uuid
self._api.loadbalancer_member_delete(id=member_db.uuid)
# create member for the new pool with same uuid and props
id_perms = IdPermsType(enable=True)
member_obj = LoadbalancerMember(
obj_uuid,
pool,
loadbalancer_member_properties=props,
id_perms=id_perms)
member_obj.uuid = obj_uuid
self._api.loadbalancer_member_create(member_obj)
return True
return False
"VmRenamedEvent",
"VmReconfiguredEvent",
"VmRegisteredEvent",
"VmRemovedEvent",
"DVPortgroupCreatedEvent",
"DVPortgroupReconfiguredEvent",
"DVPortgroupRenamedEvent",
"DVPortgroupDestroyedEvent",
]
VM_UPDATE_FILTERS = ["runtime.host"]
WAIT_FOR_UPDATE_TIMEOUT = 20
SUPERVISOR_TIMEOUT = 25
WAIT_FOR_VM_RETRY = 10
TEMP_VM_RENAME_PHRASES = ["vmfs", "volumes"]
HISTORY_COLLECTOR_PAGE_SIZE = 1000
VNC_PROJECT_DOMAIN = "default-domain"
VNC_PROJECT_NAME = "admin"
ID_PERMS = IdPermsType(creator="vcenter-fabric-manager", enable=True)
VNC_TOPOLOGY_OBJECTS = [
"node",
"port",
"physical_interface",
"physical_router",
]
TOPOLOGY_UPDATE_MESSAGE_TIMEOUT = 5
'guest.toolsRunningStatus',
'guest.net',
'runtime.powerState',
]
VNC_ROOT_DOMAIN = 'default-domain'
VNC_VCENTER_PROJECT = 'vCenter'
VNC_VCENTER_IPAM = 'vCenter-ipam'
VNC_VCENTER_IPAM_FQN = [VNC_ROOT_DOMAIN, VNC_VCENTER_PROJECT, VNC_VCENTER_IPAM]
VNC_VCENTER_DEFAULT_SG = 'default'
VNC_VCENTER_DEFAULT_SG_FQN = [VNC_ROOT_DOMAIN, VNC_VCENTER_PROJECT, VNC_VCENTER_DEFAULT_SG]
CONTRAIL_VM_NAME = 'ContrailVM'
CONTRAIL_NETWORK = 'VM-PG'
VLAN_ID_RANGE_START = 1
VLAN_ID_RANGE_END = 4095
ID_PERMS_CREATOR = 'vcenter-manager'
ID_PERMS = IdPermsType(creator=ID_PERMS_CREATOR, enable=True)
SET_VLAN_ID_RETRY_LIMIT = 2
WAIT_FOR_PORT_RETRY_TIME = 1 # 1s
WAIT_FOR_PORT_RETRY_LIMIT = int(old_div(30,WAIT_FOR_PORT_RETRY_TIME)) # Timeout after 30s
WAIT_FOR_UPDATE_TIMEOUT = 60
SUPERVISOR_TIMEOUT = 80
HISTORY_COLLECTOR_PAGE_SIZE = 1000
VMFS = 'vmfs'
def _update_security_groups(self, ns_name, proj_obj, network_policy):
def _get_rule(ingress, sg, prefix, ethertype):
sgr_uuid = str(uuid.uuid4())
if sg:
if ':' not in sg:
sg_fq_name = proj_obj.get_fq_name_str() + ':' + sg
else:
sg_fq_name = sg
addr = AddressType(security_group=sg_fq_name)
elif prefix:
addr = AddressType(subnet=SubnetType(prefix, 0))
local_addr = AddressType(security_group='local')
if ingress:
src_addr = addr
dst_addr = local_addr
else:
src_addr = local_addr
dst_addr = addr
rule = PolicyRuleType(rule_uuid=sgr_uuid,
direction='>',
protocol='any',
src_addresses=[src_addr],
src_ports=[PortType(0, 65535)],
dst_addresses=[dst_addr],
dst_ports=[PortType(0, 65535)],
ethertype=ethertype)
return rule
sg_dict = {}
# create default security group
sg_name = "-".join(
[vnc_kube_config.cluster_name(), ns_name, 'default'])
DEFAULT_SECGROUP_DESCRIPTION = "Default security group"
id_perms = IdPermsType(enable=True,
description=DEFAULT_SECGROUP_DESCRIPTION)
rules = []
ingress = True
egress = True
if network_policy and 'ingress' in network_policy:
ingress_policy = network_policy['ingress']
if ingress_policy and 'isolation' in ingress_policy:
isolation = ingress_policy['isolation']
if isolation == 'DefaultDeny':
ingress = False
if ingress:
rules.append(_get_rule(True, None, '0.0.0.0', 'IPv4'))
rules.append(_get_rule(True, None, '::', 'IPv6'))
if egress:
rules.append(_get_rule(False, None, '0.0.0.0', 'IPv4'))
rules.append(_get_rule(False, None, '::', 'IPv6'))
sg_rules = PolicyEntriesType(rules)
sg_obj = SecurityGroup(name=sg_name,
parent_obj=proj_obj,
id_perms=id_perms,
security_group_entries=sg_rules)
SecurityGroupKM.add_annotations(self,
sg_obj,
namespace=ns_name,
name=sg_obj.name,
k8s_type=self._k8s_event_type)
try:
self._vnc_lib.security_group_create(sg_obj)
self._vnc_lib.chown(sg_obj.get_uuid(), proj_obj.get_uuid())
except RefsExistError:
self._vnc_lib.security_group_update(sg_obj)
sg_obj = self._vnc_lib.security_group_read(sg_obj.fq_name)
sg_uuid = sg_obj.get_uuid()
SecurityGroupKM.locate(sg_uuid)
sg_dict[sg_name] = sg_uuid
# create namespace security group
ns_sg_name = "-".join([vnc_kube_config.cluster_name(), ns_name, 'sg'])
NAMESPACE_SECGROUP_DESCRIPTION = "Namespace security group"
id_perms = IdPermsType(enable=True,
description=NAMESPACE_SECGROUP_DESCRIPTION)
sg_obj = SecurityGroup(name=ns_sg_name,
parent_obj=proj_obj,
id_perms=id_perms,
security_group_entries=None)
SecurityGroupKM.add_annotations(self,
sg_obj,
namespace=ns_name,
name=sg_obj.name,
k8s_type=self._k8s_event_type)
try:
self._vnc_lib.security_group_create(sg_obj)
self._vnc_lib.chown(sg_obj.get_uuid(), proj_obj.get_uuid())
except RefsExistError:
pass
sg_obj = self._vnc_lib.security_group_read(sg_obj.fq_name)
sg_uuid = sg_obj.get_uuid()
SecurityGroupKM.locate(sg_uuid)
sg_dict[ns_sg_name] = sg_uuid
return sg_dict
def _update_security_groups(self, ns_name, proj_obj):
def _get_rule(ingress, sg, prefix, ethertype):
sgr_uuid = str(uuid.uuid4())
if sg:
if ':' not in sg:
sg_fq_name = proj_obj.get_fq_name_str() + ':' + sg
else:
sg_fq_name = sg
addr = AddressType(security_group=sg_fq_name)
elif prefix:
addr = AddressType(subnet=SubnetType(prefix, 0))
local_addr = AddressType(security_group='local')
if ingress:
src_addr = addr
dst_addr = local_addr
else:
src_addr = local_addr
dst_addr = addr
rule = PolicyRuleType(rule_uuid=sgr_uuid,
direction='>',
protocol='any',
src_addresses=[src_addr],
src_ports=[PortType(0, 65535)],
dst_addresses=[dst_addr],
dst_ports=[PortType(0, 65535)],
ethertype=ethertype)
return rule
# create default security group
sg_name = vnc_kube_config.get_default_sg_name(ns_name)
DEFAULT_SECGROUP_DESCRIPTION = "Default security group"
id_perms = IdPermsType(enable=True,
description=DEFAULT_SECGROUP_DESCRIPTION)
rules = []
ingress = True
egress = True
if ingress:
rules.append(_get_rule(True, None, '0.0.0.0', 'IPv4'))
rules.append(_get_rule(True, None, '::', 'IPv6'))
if egress:
rules.append(_get_rule(False, None, '0.0.0.0', 'IPv4'))
rules.append(_get_rule(False, None, '::', 'IPv6'))
sg_rules = PolicyEntriesType(rules)
sg_obj = SecurityGroup(name=sg_name,
parent_obj=proj_obj,
id_perms=id_perms,
security_group_entries=sg_rules)
SecurityGroupKM.add_annotations(self,
sg_obj,
namespace=ns_name,
name=sg_obj.name,
k8s_type=self._k8s_event_type)
try:
self._vnc_lib.security_group_create(sg_obj)
self._vnc_lib.chown(sg_obj.get_uuid(), proj_obj.get_uuid())
except RefsExistError:
self._vnc_lib.security_group_update(sg_obj)
sg = SecurityGroupKM.locate(sg_obj.get_uuid())
return sg