예제 #1
0
    def create(self, req, body):
        """Creates a new security group."""
        context = req.environ['nova.context']
        if not body:
            raise exc.HTTPUnprocessableEntity()

        security_group = body.get('security_group', None)

        if security_group is None:
            raise exc.HTTPUnprocessableEntity()

        group_name = security_group.get('name', None)
        group_description = security_group.get('description', None)

        self._validate_security_group_property(group_name, "name")
        self._validate_security_group_property(group_description,
                                               "description")
        group_name = group_name.strip()
        group_description = group_description.strip()

        LOG.audit(_("Create Security Group %s"), group_name, context=context)
        self.compute_api.ensure_default_security_group(context)
        if db.security_group_exists(context, context.project_id, group_name):
            msg = _('Security group %s already exists') % group_name
            raise exc.HTTPBadRequest(explanation=msg)

        group = {'user_id': context.user_id,
                 'project_id': context.project_id,
                 'name': group_name,
                 'description': group_description}
        group_ref = db.security_group_create(context, group)

        return {'security_group': self._format_security_group(context,
                                                                 group_ref)}
예제 #2
0
 def setup_security_group(self, context):
     group_name = '%s%s' % (context.project_id, CONF.vpn_key_suffix)
     if db.security_group_exists(context, context.project_id, group_name):
         return group_name
     group = {
         'user_id': context.user_id,
         'project_id': context.project_id,
         'name': group_name,
         'description': 'Group for vpn'
     }
     group_ref = db.security_group_create(context, group)
     rule = {
         'parent_group_id': group_ref['id'],
         'cidr': '0.0.0.0/0',
         'protocol': 'udp',
         'from_port': 1194,
         'to_port': 1194
     }
     db.security_group_rule_create(context, rule)
     rule = {
         'parent_group_id': group_ref['id'],
         'cidr': '0.0.0.0/0',
         'protocol': 'icmp',
         'from_port': -1,
         'to_port': -1
     }
     db.security_group_rule_create(context, rule)
     # NOTE(vish): No need to trigger the group since the instance
     #             has not been run yet.
     return group_name
예제 #3
0
    def create(self, req, body):
        """Creates a new security group."""
        context = req.environ['nova.context']
        if not body:
            return exc.HTTPUnprocessableEntity()

        security_group = body.get('security_group', None)

        if security_group is None:
            return exc.HTTPUnprocessableEntity()

        group_name = security_group.get('name', None)
        group_description = security_group.get('description', None)

        self._validate_security_group_property(group_name, "name")
        self._validate_security_group_property(group_description,
                                               "description")
        group_name = group_name.strip()
        group_description = group_description.strip()

        LOG.audit(_("Create Security Group %s"), group_name, context=context)
        self.compute_api.ensure_default_security_group(context)
        if db.security_group_exists(context, context.project_id, group_name):
            msg = _('Security group %s already exists') % group_name
            raise exc.HTTPBadRequest(explanation=msg)

        group = {'user_id': context.user_id,
                 'project_id': context.project_id,
                 'name': group_name,
                 'description': group_description}
        group_ref = db.security_group_create(context, group)

        return {'security_group': self._format_security_group(context,
                                                                 group_ref)}
예제 #4
0
    def create(self, req, body):
        """Creates a new security group."""
        context = req.environ['nova.context']
        authorize(context)
        if not body:
            raise exc.HTTPUnprocessableEntity()

        security_group = body.get('security_group', None)

        if security_group is None:
            raise exc.HTTPUnprocessableEntity()

        group_name = security_group.get('name', None)
        group_description = security_group.get('description', None)

        self._validate_security_group_property(group_name, "name")
        self._validate_security_group_property(group_description,
                                               "description")
        group_name = group_name.strip()
        group_description = group_description.strip()

        try:
            reservations = QUOTAS.reserve(context, security_groups=1)
        except exception.OverQuota:
            msg = _("Quota exceeded, too many security groups.")
            raise exc.HTTPBadRequest(explanation=msg)

        try:
            LOG.audit(_("Create Security Group %s"),
                      group_name,
                      context=context)
            self.compute_api.ensure_default_security_group(context)
            if db.security_group_exists(context, context.project_id,
                                        group_name):
                msg = _('Security group %s already exists') % group_name
                raise exc.HTTPBadRequest(explanation=msg)

            group = {
                'user_id': context.user_id,
                'project_id': context.project_id,
                'name': group_name,
                'description': group_description
            }
            group_ref = db.security_group_create(context, group)
            self.sgh.trigger_security_group_create_refresh(context, group)

            # Commit the reservation
            QUOTAS.commit(context, reservations)
        except Exception:
            with excutils.save_and_reraise_exception():
                QUOTAS.rollback(context, reservations)

        return {
            'security_group': self._format_security_group(context, group_ref)
        }
예제 #5
0
    def create(self, req, body):
        context = req.environ["nova.context"]
        self.compute_api.ensure_default_security_group(context)
        name = body["security_group"].get("name")
        description = body["security_group"].get("description")
        if db.security_group_exists(context, context.project_id, name):
            raise exception.ApiError(_("group %s already exists") % name)

        group = {"user_id": context.user_id, "project_id": context.project_id, "name": name, "description": description}
        group_ref = db.security_group_create(context, group)

        return {"security_group": self._format_security_group(context, group_ref)}
예제 #6
0
    def create(self, req, body):
        """Creates a new security group."""
        context = req.environ['nova.context']
        authorize(context)
        if not body:
            raise exc.HTTPUnprocessableEntity()

        security_group = body.get('security_group', None)

        if security_group is None:
            raise exc.HTTPUnprocessableEntity()

        group_name = security_group.get('name', None)
        group_description = security_group.get('description', None)

        self._validate_security_group_property(group_name, "name")
        self._validate_security_group_property(group_description,
                                               "description")
        group_name = group_name.strip()
        group_description = group_description.strip()

        try:
            reservations = QUOTAS.reserve(context, security_groups=1)
        except exception.OverQuota:
            msg = _("Quota exceeded, too many security groups.")
            raise exc.HTTPBadRequest(explanation=msg)

        try:
            LOG.audit(_("Create Security Group %s"), group_name,
                      context=context)
            self.compute_api.ensure_default_security_group(context)
            if db.security_group_exists(context, context.project_id,
                                        group_name):
                msg = _('Security group %s already exists') % group_name
                raise exc.HTTPBadRequest(explanation=msg)

            group = {'user_id': context.user_id,
                     'project_id': context.project_id,
                     'name': group_name,
                     'description': group_description}
            group_ref = db.security_group_create(context, group)
            self.sgh.trigger_security_group_create_refresh(context, group)

            # Commit the reservation
            QUOTAS.commit(context, reservations)
        except Exception:
            with excutils.save_and_reraise_exception():
                QUOTAS.rollback(context, reservations)

        return {'security_group': self._format_security_group(context,
                                                                 group_ref)}
예제 #7
0
파일: cloud.py 프로젝트: yosh/nova
    def create_security_group(self, context, group_name, group_description):
        LOG.audit(_("Create Security Group %s"), group_name, context=context)
        self.compute_api.ensure_default_security_group(context)
        if db.security_group_exists(context, context.project_id, group_name):
            raise exception.ApiError(_('group %s already exists') % group_name)

        group = {'user_id': context.user_id,
                 'project_id': context.project_id,
                 'name': group_name,
                 'description': group_description}
        group_ref = db.security_group_create(context, group)

        return {'securityGroupSet': [self._format_security_group(context,
                                                                 group_ref)]}
예제 #8
0
    def create(self, req, body):
        context = req.environ['nova.context']
        self.compute_api.ensure_default_security_group(context)
        name = body['security_group'].get('name')
        description = body['security_group'].get('description')
        if db.security_group_exists(context, context.project_id, name):
            raise exception.ApiError(_('group %s already exists') % name)

        group = {'user_id': context.user_id,
                 'project_id': context.project_id,
                 'name': name,
                 'description': description}
        group_ref = db.security_group_create(context, group)

        return {'security_group': self._format_security_group(context,
                                                                 group_ref)}
예제 #9
0
파일: security.py 프로젝트: dizz/occi-os
def create_group(name, description, context):
    """
    Create a OS security group.

    name -- Name of the group.
    description -- Description.
    context -- The os context.
    """
    if db.security_group_exists(context, context.project_id, name):
        raise AttributeError('Security group %s already exists.')

    group = {'user_id': context.user_id,
             'project_id': context.project_id,
             'name': name,
             'description': description}
    db.security_group_create(context, group)
    SEC_HANDLER.trigger_security_group_create_refresh(context, group)
예제 #10
0
def create_group(name, description, context):
    """
    Create a OS security group.

    name -- Name of the group.
    description -- Description.
    context -- The os context.
    """
    if db.security_group_exists(context, context.project_id, name):
        raise AttributeError('Security group already exists: ' + name)

    group = {'user_id': context.user_id,
             'project_id': context.project_id,
             'name': name,
             'description': description}
    db.security_group_create(context, group)
    SEC_HANDLER.trigger_security_group_create_refresh(context, group)
예제 #11
0
    def create_security_group(self, context, group_name, group_description):
        LOG.audit(_("Create Security Group %s"), group_name, context=context)
        self.compute_api.ensure_default_security_group(context)
        if db.security_group_exists(context, context.project_id, group_name):
            raise exception.ApiError(_('group %s already exists') % group_name)

        group = {
            'user_id': context.user_id,
            'project_id': context.project_id,
            'name': group_name,
            'description': group_description
        }
        group_ref = db.security_group_create(context, group)

        return {
            'securityGroupSet':
            [self._format_security_group(context, group_ref)]
        }
예제 #12
0
파일: pipelib.py 프로젝트: acomisario/nova
 def setup_security_group(self, context):
     group_name = '%s%s' % (context.project_id, FLAGS.vpn_key_suffix)
     if db.security_group_exists(context, context.project_id, group_name):
         return group_name
     group = {'user_id': context.user_id,
              'project_id': context.project_id,
              'name': group_name,
              'description': 'Group for vpn'}
     group_ref = db.security_group_create(context, group)
     rule = {'parent_group_id': group_ref['id'],
             'cidr': '0.0.0.0/0',
             'protocol': 'udp',
             'from_port': 1194,
             'to_port': 1194}
     db.security_group_rule_create(context, rule)
     rule = {'parent_group_id': group_ref['id'],
             'cidr': '0.0.0.0/0',
             'protocol': 'icmp',
             'from_port': -1,
             'to_port': -1}
     db.security_group_rule_create(context, rule)
     # NOTE(vish): No need to trigger the group since the instance
     #             has not been run yet.
     return group_name
 def test_security_groups_created(self):
     if WHITE_BOX:
         if not db.security_group_exists(context.get_admin_context(),
             instance_info.user.tenant, "tcp_3306"):
             assert_false(True, "Security groups did not get created")
예제 #14
0
class OverrideHelper(create_instance_helper.CreateInstanceHelper):
    """Allows keypair name to be passed in request."""
    def create_instance(self, req, body, create_method):
        if not body:
            raise faults.Fault(exc.HTTPUnprocessableEntity())

        context = req.environ['nova.context']

        password = self.controller._get_server_admin_password(body['server'])

        key_name = body['server'].get('key_name')
        key_data = None

        if key_name:
            try:
                key_pair = db.key_pair_get(context, context.user_id, key_name)
                key_name = key_pair['name']
                key_data = key_pair['public_key']
            except:
                msg = _("Can not load the requested key %s" % key_name)
                return faults.Fault(exc.HTTPBadRequest(msg))
        else:
            key_name = None
            key_data = None
            key_pairs = db.key_pair_get_all_by_user(context, context.user_id)
            if key_pairs:
                key_pair = key_pairs[0]
                key_name = key_pair['name']
                key_data = key_pair['public_key']

        image_href = self.controller._image_ref_from_req_data(body)
        try:
            image_service, image_id = nova.image.get_image_service(image_href)
            kernel_id, ramdisk_id = self._get_kernel_ramdisk_from_image(req,
                                                                        image_service,
                                                                        image_id)
            images = set([str(x['id']) for x in image_service.index(context)])
            assert str(image_id) in images
        except Exception, e:
            msg = _("Cannot find requested image %(image_href)s: %(e)s" %
                                                                    locals())
            raise faults.Fault(exc.HTTPBadRequest(explanation=msg))

        personality = body['server'].get('personality')

        injected_files = []
        if personality:
            injected_files = self._get_injected_files(personality)

        flavor_id = self.controller._flavor_id_from_req_data(body)

        if not 'name' in body['server']:
            msg = _("Server name is not defined")
            raise exc.HTTPBadRequest(explanation=msg)

        zone_blob = body['server'].get('blob')
        name = body['server']['name']
        self._validate_server_name(name)
        name = name.strip()

        reservation_id = body['server'].get('reservation_id')

        security_groups = filter(bool, body['server']
                                       .get('security_groups', '')
                                       .split(',')) + ['default']

        for group_name in security_groups:
            if not db.security_group_exists(context,
                                            context.project_id,
                                            group_name):
                group = {'user_id': context.user_id,
                         'project_id': context.project_id,
                         'name': group_name,
                         'description': ''}
                db.security_group_create(context, group)

        try:
            inst_type = \
                    instance_types.get_instance_type_by_flavor_id(flavor_id)
            extra_values = {
                'instance_type': inst_type,
                'image_ref': image_href,
                'password': password}

            return (extra_values,
                    create_method(context,
                                  inst_type,
                                  image_id,
                                  kernel_id=kernel_id,
                                  ramdisk_id=ramdisk_id,
                                  display_name=name,
                                  display_description=name,
                                  key_name=key_name,
                                  key_data=key_data,
                                  metadata=body['server'].get('metadata', {}),
                                  injected_files=injected_files,
                                  admin_password=password,
                                  zone_blob=zone_blob,
                                  user_data=body['server'].get('user_data', None),
                                  security_group=security_groups,
                                  reservation_id=reservation_id))
        except quota.QuotaError as error:
            self._handle_quota_error(error)
        except exception.ImageNotFound as error:
            msg = _("Can not find requested image")
            raise faults.Fault(exc.HTTPBadRequest(explanation=msg))
예제 #15
0
 def test_security_groups_created(self):
     if WHITE_BOX:
         if not db.security_group_exists(context.get_admin_context(),
                                         instance_info.user.tenant,
                                         "tcp_3306"):
             assert_false(True, "Security groups did not get created")