def _make_neutron_security_group_rules_list(self, rules): new_rules = [] for rule in rules: new_rule = {} # nova only supports ingress rules so all rules are ingress. new_rule['direction'] = "ingress" new_rule['protocol'] = rule.get('protocol') # FIXME(arosen) Nova does not expose ethertype on security group # rules. Therefore, in the case of self referential rules we # should probably assume they want to allow both IPv4 and IPv6. # Unfortunately, this would require adding two rules in neutron. # The reason we do not do this is because when the user using the # nova api wants to remove the rule we'd have to have some way to # know that we should delete both of these rules in neutron. # For now, self referential rules only support IPv4. if not rule.get('cidr'): new_rule['ethertype'] = 'IPv4' else: new_rule['ethertype'] = utils.get_ip_version(rule.get('cidr')) new_rule['remote_ip_prefix'] = rule.get('cidr') new_rule['security_group_id'] = rule.get('parent_group_id') new_rule['remote_group_id'] = rule.get('group_id') if 'from_port' in rule and rule['from_port'] != -1: new_rule['port_range_min'] = rule['from_port'] if 'to_port' in rule and rule['to_port'] != -1: new_rule['port_range_max'] = rule['to_port'] new_rules.append(new_rule) return {'security_group_rules': new_rules}
def _make_neutron_security_group_rules_list(self, rules): new_rules = [] for rule in rules: new_rule = {} # nova only supports ingress rules so all rules are ingress. new_rule["direction"] = "ingress" new_rule["protocol"] = rule.get("protocol") # FIXME(arosen) Nova does not expose ethertype on security group # rules. Therefore, in the case of self referential rules we # should probably assume they want to allow both IPv4 and IPv6. # Unfortunately, this would require adding two rules in neutron. # The reason we do not do this is because when the user using the # nova api wants to remove the rule we'd have to have some way to # know that we should delete both of these rules in neutron. # For now, self referential rules only support IPv4. if not rule.get("cidr"): new_rule["ethertype"] = "IPv4" else: new_rule["ethertype"] = utils.get_ip_version(rule.get("cidr")) new_rule["remote_ip_prefix"] = rule.get("cidr") new_rule["security_group_id"] = rule.get("parent_group_id") new_rule["remote_group_id"] = rule.get("group_id") if "from_port" in rule and rule["from_port"] != -1: new_rule["port_range_min"] = rule["from_port"] if "to_port" in rule and rule["to_port"] != -1: new_rule["port_range_max"] = rule["to_port"] new_rules.append(new_rule) return {"security_group_rules": new_rules}