def create_sec_group_rule(cls, sec_group, protocol, from_port,
to_port, cidr, context):
try:
remote_rule_id = RemoteSecurityGroup.add_rule(
sec_group_id=sec_group['id'],
protocol=protocol,
from_port=from_port,
to_port=to_port,
cidr=cidr,
context=context)
if not remote_rule_id:
raise exception.SecurityGroupRuleCreationError(
"Failed to create Security Group Rule")
else:
# Create db record
return cls.create(
id=remote_rule_id,
protocol=protocol,
from_port=from_port,
to_port=to_port,
cidr=cidr,
group_id=sec_group['id'])
except exception.SecurityGroupRuleCreationError as e:
LOG.exception(_("Failed to create remote security group."))
raise e
def add_security_group_rule(self, sec_group_id, protocol,
from_port, to_port, cidr,
direction=CONST['INGRESS'],
ethertype=CONST['IPv4']):
try:
secgroup_rule_body = {"security_group_rule":
{"security_group_id": sec_group_id,
"protocol": protocol,
"port_range_min": from_port,
"port_range_max": to_port,
"remote_ip_prefix": cidr,
"direction": direction, # ingress | egress
"ethertype": ethertype, # IPv4 | IPv6
}}
secgroup_rule = self.client.create_security_group_rule(
secgroup_rule_body)
return self._convert_to_nova_security_group_rule_format(
secgroup_rule.get('security_group_rule', secgroup_rule))
except neutron_exceptions.NeutronClientException as e:
# ignore error if rule already exists
if e.status_code == 409:
LOG.exception("secgroup rule already exists")
else:
LOG.exception('Failed to add rule to remote security group')
raise exception.SecurityGroupRuleCreationError(str(e))
def _validate_create_body(self, body):
try:
body['security_group_rule']
body['security_group_rule']['group_id']
body['security_group_rule']['cidr']
except KeyError as e:
LOG.error(_("Create Security Group Rules Required field(s) "
"- %s") % e)
raise exception.SecurityGroupRuleCreationError(
"Required element/key - %s was not specified" % e)
def _validate_create_body(self, body):
try:
# TODO(slicknik): Add some better validation here around ports,
# protocol, and cidr values.
body['security_group_rule']
body['security_group_rule']['group_id']
body['security_group_rule']['cidr']
except KeyError as e:
LOG.error(
_("Create Security Group Rules Required field(s) "
"- %s") % e)
raise exception.SecurityGroupRuleCreationError(
"Required element/key - %s was not specified" % e)
def add_security_group_rule(self, sec_group_id, protocol, from_port,
to_port, cidr):
try:
sec_group_rule = self.client.security_group_rules.create(
parent_group_id=sec_group_id,
ip_protocol=protocol,
from_port=from_port,
to_port=to_port,
cidr=cidr)
return sec_group_rule
except nova_exceptions.ClientException as e:
LOG.exception('Failed to add rule to remote security group')
raise exception.SecurityGroupRuleCreationError(str(e))
def add_rule(cls, sec_group_id, protocol, from_port, to_port, cidr,
context):
client = trove.common.remote.create_nova_client(context)
try:
sec_group_rule = client.security_group_rules.create(
parent_group_id=sec_group_id,
ip_protocol=protocol,
from_port=from_port,
to_port=to_port,
cidr=cidr)
return sec_group_rule.id
except nova_exceptions.ClientException as e:
LOG.exception('Failed to add rule to remote security group')
raise exception.SecurityGroupRuleCreationError(str(e))
