Python SecurityGroupRemoteGroupAndRemoteIpPrefix 예제들

예제 #1

파일: securitygroups_db.py 프로젝트: Passengerss/neutron

    def _validate_security_group_rule(self, context, security_group_rule):
        rule = security_group_rule['security_group_rule']
        self._make_canonical_ipv6_icmp_protocol(rule)
        self._make_canonical_port_range(rule)
        self._validate_port_range(rule)
        self._validate_ip_prefix(rule)
        self._validate_ethertype_and_protocol(rule)

        if rule['remote_ip_prefix'] and rule['remote_group_id']:
            raise ext_sg.SecurityGroupRemoteGroupAndRemoteIpPrefix()

        remote_group_id = rule['remote_group_id']
        # Check that remote_group_id exists for tenant
        if remote_group_id:
            self._check_security_group(context,
                                       remote_group_id,
                                       tenant_id=rule['tenant_id'])

        security_group_id = rule['security_group_id']

        # Confirm that the tenant has permission
        # to add rules to this security group.
        self._check_security_group(context,
                                   security_group_id,
                                   tenant_id=rule['tenant_id'])
        return security_group_id

예제 #2

def _validate_security_group_rule(context, rule):
    PROTOCOLS = {"icmp": 1, "tcp": 6, "udp": 17}
    ALLOWED_WITH_RANGE = [6, 17]

    if rule.get("remote_ip_prefix") and rule.get("remote_group_id"):
        raise sg_ext.SecurityGroupRemoteGroupAndRemoteIpPrefix()

    protocol = rule.pop('protocol')
    port_range_min = rule['port_range_min']
    port_range_max = rule['port_range_max']

    if protocol:
        if isinstance(protocol, str):
            protocol = protocol.lower()
            protocol = PROTOCOLS.get(protocol)

        if not protocol:
            raise sg_ext.SecurityGroupRuleInvalidProtocol()

        if protocol in ALLOWED_WITH_RANGE:
            if (port_range_min is None) != (port_range_max is None):
                raise exceptions.InvalidInput(
                    error_message="For TCP/UDP rules, cannot wildcard "
                    "only one end of port range.")
            if port_range_min is not None and port_range_max is not None:
                if port_range_min > port_range_max:
                    raise sg_ext.SecurityGroupInvalidPortRange()

        rule['protocol'] = protocol
    else:
        if port_range_min is not None or port_range_max is not None:
            raise sg_ext.SecurityGroupProtocolRequiredWithPorts()

    return rule

예제 #3

파일: securitygroups_db.py 프로젝트: Stavitsky/neutron-fwaas

    def _validate_security_group_rules(self, context, security_group_rule):
        """Check that rules being installed.

        Check that all rules belong to the same security
        group, remote_group_id/security_group_id belong to the same tenant,
        and rules are valid.
        """
        new_rules = set()
        tenant_ids = set()
        for rules in security_group_rule['security_group_rules']:
            rule = rules.get('security_group_rule')
            new_rules.add(rule['security_group_id'])

            self._validate_port_range(rule)
            self._validate_ip_prefix(rule)

            if rule['remote_ip_prefix'] and rule['remote_group_id']:
                raise ext_sg.SecurityGroupRemoteGroupAndRemoteIpPrefix()

            if rule['tenant_id'] not in tenant_ids:
                tenant_ids.add(rule['tenant_id'])
            remote_group_id = rule.get('remote_group_id')
            # Check that remote_group_id exists for tenant
            if remote_group_id:
                self.get_security_group(context,
                                        remote_group_id,
                                        tenant_id=rule['tenant_id'])
        if len(new_rules) > 1:
            raise ext_sg.SecurityGroupNotSingleGroupRules()
        security_group_id = new_rules.pop()

        # Confirm single tenant and that the tenant has permission
        # to add rules to this security group.
        if len(tenant_ids) > 1:
            raise ext_sg.SecurityGroupRulesNotSingleTenant()
        for tenant_id in tenant_ids:
            self.get_security_group(context,
                                    security_group_id,
                                    tenant_id=tenant_id)
        return security_group_id

예제 #4

파일: security_groups.py 프로젝트: thomasem/quark

def _validate_security_group_rule(context, rule):
    PROTOCOLS = {"icmp": 1, "tcp": 6, "udp": 17}
    ALLOWED_WITH_RANGE = [6, 17]

    if rule.get("remote_ip_prefix") and rule.get("remote_group_id"):
        raise sg_ext.SecurityGroupRemoteGroupAndRemoteIpPrefix()

    protocol = rule.pop('protocol')
    port_range_min = rule['port_range_min']
    port_range_max = rule['port_range_max']

    if protocol:
        try:
            proto = int(protocol)
        except ValueError:
            proto = str(protocol).lower()
            proto = PROTOCOLS.get(proto, -1)

        # Please see http://en.wikipedia.org/wiki/List_of_IP_protocol_numbers
        # The field is always 8 bits, and 255 is a reserved value
        if not (0 <= proto <= 254):
            raise sg_ext.SecurityGroupRuleInvalidProtocol(
                protocol=protocol, values=PROTOCOLS.keys())

        if protocol in ALLOWED_WITH_RANGE:
            if (port_range_min is None) != (port_range_max is None):
                raise exceptions.InvalidInput(
                    error_message="For TCP/UDP rules, cannot wildcard "
                    "only one end of port range.")
            if port_range_min is not None and port_range_max is not None:
                if port_range_min > port_range_max:
                    raise sg_ext.SecurityGroupInvalidPortRange()

        rule['protocol'] = protocol
    else:
        if port_range_min is not None or port_range_max is not None:
            raise sg_ext.SecurityGroupProtocolRequiredWithPorts()

    return rule