def create(nova_client, **kwargs):

    security_group = build_sg_data()
    security_group['description'] = ctx.node.properties['description']

    sgr_default_values = {
        'ip_protocol': 'tcp',
        'from_port': 1,
        'to_port': 65535,
        'cidr': '0.0.0.0/0',
        # 'group_id': None,
        # 'parent_group_id': None,
    }
    sg_rules = process_rules(nova_client, sgr_default_values, 'cidr',
                             'group_id', 'from_port', 'to_port')

    if use_external_sg(nova_client):
        return

    transform_resource_name(ctx, security_group)

    sg = nova_client.security_groups.create(security_group['name'],
                                            security_group['description'])

    set_sg_runtime_properties(sg, nova_client)

    try:
        for sgr in sg_rules:
            sgr['parent_group_id'] = sg.id
            nova_client.security_group_rules.create(**sgr)
    except Exception:
        delete_resource_and_runtime_properties(ctx, nova_client,
                                               RUNTIME_PROPERTIES_KEYS)
        raise
def create(neutron_client, args, **kwargs):

    security_group = build_sg_data(args)

    sg_rules = process_rules(neutron_client, DEFAULT_RULE_VALUES,
                             'remote_ip_prefix', 'remote_group_id',
                             'port_range_min', 'port_range_max')

    disable_default_egress_rules = ctx.node.properties.get(
        'disable_default_egress_rules')

    if use_external_sg(neutron_client):
        return

    transform_resource_name(ctx, security_group)

    sg = neutron_client.create_security_group(
        {'security_group': security_group})['security_group']

    set_sg_runtime_properties(sg, neutron_client)

    try:
        if disable_default_egress_rules:
            for er in _egress_rules(_rules_for_sg_id(neutron_client,
                                                     sg['id'])):
                neutron_client.delete_security_group_rule(er['id'])

        for sgr in sg_rules:
            sgr['security_group_id'] = sg['id']
            neutron_client.create_security_group_rule(
                {'security_group_rule': sgr})
    except Exception:
        delete_resource_and_runtime_properties(ctx, neutron_client,
                                               RUNTIME_PROPERTIES_KEYS)
        raise
def create(nova_client, **kwargs):

    security_group = build_sg_data()
    security_group['description'] = ctx.node.properties['description']

    sgr_default_values = {
        'ip_protocol': 'tcp',
        'from_port': 1,
        'to_port': 65535,
        'cidr': '0.0.0.0/0',
        # 'group_id': None,
        # 'parent_group_id': None,
    }
    sg_rules = process_rules(nova_client, sgr_default_values,
                             'cidr', 'group_id', 'from_port', 'to_port')

    if use_external_sg(nova_client):
        return

    transform_resource_name(ctx, security_group)

    sg = nova_client.security_groups.create(
        security_group['name'], security_group['description'])

    set_sg_runtime_properties(sg, nova_client)

    try:
        for sgr in sg_rules:
            sgr['parent_group_id'] = sg.id
            nova_client.security_group_rules.create(**sgr)
    except Exception:
        delete_resource_and_runtime_properties(ctx, nova_client,
                                               RUNTIME_PROPERTIES_KEYS)
        raise
def create(neutron_client, args, **kwargs):

    security_group = build_sg_data(args)

    sg_rules = process_rules(neutron_client, DEFAULT_RULE_VALUES,
                             'remote_ip_prefix', 'remote_group_id',
                             'port_range_min', 'port_range_max')

    disable_default_egress_rules = ctx.node.properties.get(
        'disable_default_egress_rules')

    if use_external_sg(neutron_client):
        return

    transform_resource_name(ctx, security_group)

    sg = neutron_client.create_security_group(
        {'security_group': security_group})['security_group']

    set_sg_runtime_properties(sg, neutron_client)

    try:
        if disable_default_egress_rules:
            for er in _egress_rules(_rules_for_sg_id(neutron_client,
                                                     sg['id'])):
                neutron_client.delete_security_group_rule(er['id'])

        for sgr in sg_rules:
            sgr['security_group_id'] = sg['id']
            neutron_client.create_security_group_rule(
                {'security_group_rule': sgr})
    except Exception:
        delete_resource_and_runtime_properties(ctx, neutron_client,
                                               RUNTIME_PROPERTIES_KEYS)
        raise
Esempio n. 5
0
def create(neutron_client,
           args,
           status_attempts=10,
           status_timeout=2,
           **kwargs):

    security_group = build_sg_data(args)
    if not security_group['description']:
        security_group['description'] = ctx.node.properties['description']

    sg_rules = process_rules(neutron_client, DEFAULT_RULE_VALUES,
                             'remote_ip_prefix', 'remote_group_id',
                             'port_range_min', 'port_range_max')

    disable_default_egress_rules = ctx.node.properties.get(
        'disable_default_egress_rules')

    if use_external_sg(neutron_client):
        return

    transform_resource_name(ctx, security_group)

    sg = neutron_client.create_security_group(
        {'security_group': security_group})['security_group']

    for attempt in range(max(status_attempts, 1)):
        sleep(status_timeout)
        try:
            neutron_client.show_security_group(sg['id'])
        except RequestException as e:
            ctx.logger.debug(
                "Waiting for SG to be visible. Attempt {}".format(attempt))
        else:
            break
    else:
        raise NonRecoverableError(
            "Timed out waiting for security_group to exist", e)

    set_sg_runtime_properties(sg, neutron_client)

    try:
        if disable_default_egress_rules:
            for er in _egress_rules(_rules_for_sg_id(neutron_client,
                                                     sg['id'])):
                neutron_client.delete_security_group_rule(er['id'])

        for sgr in sg_rules:
            sgr['security_group_id'] = sg['id']
            neutron_client.create_security_group_rule(
                {'security_group_rule': sgr})
    except Exception:
        try:
            delete_resource_and_runtime_properties(ctx, neutron_client,
                                                   RUNTIME_PROPERTIES_KEYS)
        except Exception as e:
            raise NonRecoverableError('Exception while tearing down for retry',
                                      e)
        raise
def create(
    neutron_client, args,
    status_attempts=10, status_timeout=2, **kwargs
):

    security_group = build_sg_data(args)
    if not security_group['description']:
        security_group['description'] = ctx.node.properties['description']

    sg_rules = process_rules(neutron_client, DEFAULT_RULE_VALUES,
                             'remote_ip_prefix', 'remote_group_id',
                             'port_range_min', 'port_range_max')

    disable_default_egress_rules = ctx.node.properties.get(
        'disable_default_egress_rules')

    if use_external_sg(neutron_client):
        return

    transform_resource_name(ctx, security_group)

    sg = neutron_client.create_security_group(
        {'security_group': security_group})['security_group']

    for attempt in range(max(status_attempts, 1)):
        sleep(status_timeout)
        try:
            neutron_client.show_security_group(sg['id'])
        except RequestException as e:
            ctx.logger.debug("Waiting for SG to be visible. Attempt {}".format(
                attempt))
        else:
            break
    else:
        raise NonRecoverableError(
            "Timed out waiting for security_group to exist", e)

    set_sg_runtime_properties(sg, neutron_client)

    try:
        if disable_default_egress_rules:
            for er in _egress_rules(_rules_for_sg_id(neutron_client,
                                                     sg['id'])):
                neutron_client.delete_security_group_rule(er['id'])

        for sgr in sg_rules:
            sgr['security_group_id'] = sg['id']
            neutron_client.create_security_group_rule(
                {'security_group_rule': sgr})
    except Exception:
        try:
            delete_resource_and_runtime_properties(
                ctx, neutron_client,
                RUNTIME_PROPERTIES_KEYS)
        except Exception as e:
            raise NonRecoverableError(
                'Exception while tearing down for retry', e)
        raise