def check_security_groups(self): """ For security reasons, every edxapp AppServer should be in a security group that only allows access to a few ports, like 443 and 22. The security group with the name specified by settings.OPENEDX_APPSERVER_SECURITY_GROUP_NAME is created and managed by this code. """ self.logger.info('Checking security groups (OpenStack firewall settings)') network = get_openstack_connection(self.instance.openstack_region).network main_security_group = network.find_security_group(settings.OPENEDX_APPSERVER_SECURITY_GROUP_NAME) if not main_security_group: # We need to create this security group: main_security_group = network.create_security_group(name=settings.OPENEDX_APPSERVER_SECURITY_GROUP_NAME) description = 'Security group for Open EdX AppServers. Managed automatically by OpenCraft IM.' if main_security_group.description != description: network.update_security_group(main_security_group, description=description) # We manage this security group - update its rules to match the configured list of rules sync_security_group_rules(main_security_group, OPENEDX_APPSERVER_SECURITY_GROUP_RULES, network=network) # For any additional security groups, just verify that the group exists: groups = self.security_groups groups.remove(main_security_group.name) # We already checked this group for group_name in groups: if network.find_security_group(group_name) is None: raise Exception("Unable to find the OpenStack network security group called '{}'.".format(group_name))
def test_get_openstack_connection(self): """ Test get_openstack_connection() """ conn = openstack_utils.get_openstack_connection("some_region") self.assertEqual(conn.profile.get_services()[0]['region_name'], "some_region") self.assertTrue(conn.session.user_agent.startswith('opencraft-im'))
def test_get_openstack_connection(self): """ Test get_openstack_connection() """ conn = openstack_utils.get_openstack_connection("some_region") self.assertEqual(conn.config.get_region_name(), "some_region") self.assertTrue(conn.session.user_agent.startswith('opencraft-im'))