def _build_rules(context, group_id, group_name, ip_permissions, direction):
if group_name is None and group_id is None:
raise exception.MissingParameter(param='group id or name')
if ip_permissions is None:
raise exception.MissingParameter(param='source group or cidr')
os_security_group_id = security_group_engine.get_group_os_id(context,
group_id,
group_name)
os_security_group_rule_bodies = []
if ip_permissions is None:
ip_permissions = []
for rule in ip_permissions:
os_security_group_rule_body = (
{'security_group_id': os_security_group_id,
'direction': direction,
'ethertype': 'IPv4'})
protocol = rule.get('ip_protocol', -1)
from_port = rule.get('from_port', -1)
to_port = rule.get('to_port', -1)
_validate_parameters(protocol, from_port, to_port)
if protocol != -1:
os_security_group_rule_body['protocol'] = rule['ip_protocol']
if from_port != -1:
os_security_group_rule_body['port_range_min'] = rule['from_port']
if to_port != -1:
os_security_group_rule_body['port_range_max'] = rule['to_port']
# TODO(Alex) AWS protocol claims support of multiple groups and cidrs,
# however, neutron doesn't support it at the moment.
# It's possible in the future to convert list values incoming from
# REST API into several neutron rules and squeeze them back into one
# for describing.
# For now only 1 value is supported for either.
if rule.get('groups'):
os_security_group_rule_body['remote_group_id'] = (
security_group_engine.get_group_os_id(
context,
rule['groups'][0].get('group_id'),
rule['groups'][0].get('group_name')))
elif rule.get('ip_ranges'):
os_security_group_rule_body['remote_ip_prefix'] = (
rule['ip_ranges'][0]['cidr_ip'])
validator.validate_cidr_with_ipv6(
os_security_group_rule_body['remote_ip_prefix'], 'cidr_ip')
else:
raise exception.MissingParameter(param='source group or cidr')
os_security_group_rule_bodies.append(os_security_group_rule_body)
return os_security_group_rule_bodies
def _build_rules(context, group_id, group_name, ip_permissions, direction):
if group_name is None and group_id is None:
raise exception.MissingParameter(param='group id or name')
if ip_permissions is None:
raise exception.MissingParameter(param='source group or cidr')
os_security_group_id = security_group_engine.get_group_os_id(context,
group_id,
group_name)
os_security_group_rule_bodies = []
if ip_permissions is None:
ip_permissions = []
for rule in ip_permissions:
os_security_group_rule_body = (
{'security_group_id': os_security_group_id,
'direction': direction,
'ethertype': 'IPv4'})
protocol = rule.get('ip_protocol', -1)
from_port = rule.get('from_port', -1)
to_port = rule.get('to_port', -1)
_validate_parameters(protocol, from_port, to_port)
if protocol != -1:
os_security_group_rule_body['protocol'] = rule['ip_protocol']
if from_port != -1:
os_security_group_rule_body['port_range_min'] = rule['from_port']
if to_port != -1:
os_security_group_rule_body['port_range_max'] = rule['to_port']
# TODO(Alex) AWS protocol claims support of multiple groups and cidrs,
# however, neutron doesn't support it at the moment.
# It's possible in the future to convert list values incoming from
# REST API into several neutron rules and squeeze them back into one
# for describing.
# For now only 1 value is supported for either.
if rule.get('groups'):
os_security_group_rule_body['remote_group_id'] = (
security_group_engine.get_group_os_id(
context,
rule['groups'][0].get('group_id'),
rule['groups'][0].get('group_name')))
elif rule.get('ip_ranges'):
os_security_group_rule_body['remote_ip_prefix'] = (
rule['ip_ranges'][0]['cidr_ip'])
validator.validate_cidr_with_ipv6(
os_security_group_rule_body['remote_ip_prefix'], 'cidr_ip')
else:
raise exception.MissingParameter(param='source group or cidr')
os_security_group_rule_bodies.append(os_security_group_rule_body)
return os_security_group_rule_bodies