Esempio n. 1
0
    def create_security_group(self, context, group_name, **group):
        tenant_id = context.tenant_id
        with self.get_connection() as connection:
            group_id = group.get('group_id')
            profile = connection.securityprofile()
            if group_name:
                profile.display_name(group_name)
            ingress_rules = group.get('port_ingress_rules', [])
            egress_rules = group.get('port_egress_rules', [])

            if (len(ingress_rules) + len(egress_rules) >
                    self.limits['max_rules_per_group']):
                raise exceptions.DriverLimitReached(limit="rules per group")

            if egress_rules:
                profile.port_egress_rules(egress_rules)
            if ingress_rules:
                profile.port_ingress_rules(ingress_rules)
            tags = [
                dict(tag=group_id, scope="neutron_group_id"),
                dict(tag=tenant_id, scope="os_tid")
            ]
            LOG.debug("Creating security profile %s" % group_name)
            profile.tags(tags)
            return profile.create()
Esempio n. 2
0
 def create_security_group_rule(self, context, group_id, rule):
     return self._update_security_group_rules(
         context, group_id, rule, 'append', {
             (lambda x, y: x not in y):
             sg_ext.SecurityGroupRuleExists(id=group_id),
             (lambda x, y: self._check_rule_count_per_port(
                 context, group_id) < self.limits['max_rules_per_port']):
             exceptions.DriverLimitReached(limit="rules per port")
         })
Esempio n. 3
0
    def _get_security_groups_for_port(self, context, groups):
        if (self._check_rule_count_for_groups(
                context,
            (self._get_security_group(context, g)
             for g in groups)) > self.limits['max_rules_per_port']):
            raise exceptions.DriverLimitReached(limit="rules per port")

        return [
            self._get_security_group(context, group)['uuid']
            for group in groups
        ]
Esempio n. 4
0
    def update_security_group(self, context, group_id, **group):
        query = self._get_security_group(context, group_id)
        with self.get_connection() as connection:
            profile = connection.securityprofile(query.get('uuid'))

            ingress_rules = group.get('port_ingress_rules',
                                      query.get('logical_port_ingress_rules'))
            egress_rules = group.get('port_egress_rules',
                                     query.get('logical_port_egress_rules'))

            if (len(ingress_rules) + len(egress_rules) >
                    self.limits['max_rules_per_group']):
                raise exceptions.DriverLimitReached(limit="rules per group")

            if group.get('name', None):
                profile.display_name(group['name'])
            if group.get('port_ingress_rules', None) is not None:
                profile.port_ingress_rules(ingress_rules)
            if group.get('port_egress_rules', None) is not None:
                profile.port_egress_rules(egress_rules)
            return profile.update()