def add_rules(context, id, name, vals):
"""Add security group rule(s) to security group.
Note: the Nova security group API doesn't support adding multiple
security group rules at once but the EC2 one does. Therefore,
this function is written to support both. Multiple rules are
installed to a security group in neutron using bulk support.
"""
neutron = neutronapi.get_client(context)
body = _make_neutron_security_group_rules_list(vals)
try:
rules = neutron.create_security_group_rule(body).get(
'security_group_rules')
except n_exc.NeutronClientException as e:
exc_info = sys.exc_info()
if e.status_code == 404:
LOG.exception("Neutron Error getting security group %s", name)
raise exception.SecurityGroupNotFound(six.text_type(e))
elif e.status_code == 409:
LOG.exception("Neutron Error adding rules to security "
"group %s", name)
raise exception.SecurityGroupLimitExceeded(six.text_type(e))
elif e.status_code == 400:
LOG.exception("Neutron Error: %s", e)
raise exception.Invalid(six.text_type(e))
else:
six.reraise(*exc_info)
converted_rules = []
for rule in rules:
converted_rules.append(
_convert_to_nova_security_group_rule_format(rule))
return converted_rules
def create_security_group(context, name, description):
neutron = neutronapi.get_client(context)
body = _make_neutron_security_group_dict(name, description)
try:
security_group = neutron.create_security_group(body).get(
'security_group')
except n_exc.BadRequest as e:
raise exception.Invalid(str(e))
except n_exc.NeutronClientException as e:
LOG.exception("Neutron Error creating security group %s", name)
if e.status_code == 401:
# TODO(arosen) Cannot raise generic response from neutron here
# as this error code could be related to bad input or over
# quota
raise exc.HTTPBadRequest()
elif e.status_code == 409:
raise exception.SecurityGroupLimitExceeded(str(e))
raise e
return _convert_to_nova_security_group_format(security_group)
def raise_over_quota(msg):
raise exception.SecurityGroupLimitExceeded(msg)
