def delete_security_group_rule(self, q_context, _id): rule = self.get_security_group_rule(q_context, _id) if rule['remote_group_id']: raise n_exceptions.RemoteGroupNotSupported() sg_id = rule['security_group_id'] sg = self.get_security_group(q_context, sg_id) if sg['name'] == 'default': raise n_exceptions.DefaultGroupUpdateNotSupported() t_context = context.get_context_from_neutron_context(q_context) mappings = db_api.get_bottom_mappings_by_top_id( t_context, sg_id, constants.RT_SG) try: for pod, b_sg_id in mappings: client = self._get_client(pod['pod_name']) rule['security_group_id'] = b_sg_id b_sg = client.get_security_groups(t_context, b_sg_id) for b_rule in b_sg['security_group_rules']: if not self._compare_rule(b_rule, rule): continue self._safe_delete_security_group_rule(t_context, client, b_rule['id']) break except Exception: raise n_exceptions.BottomPodOperationFailure( resource='security group rule', pod_name=pod['pod_name']) super(TricircleSecurityGroupMixin, self).delete_security_group_rule(q_context, _id)
def create_security_group_rule(self, q_context, security_group_rule): rule = security_group_rule['security_group_rule'] if rule['remote_group_id']: raise n_exceptions.RemoteGroupNotSupported() sg_id = rule['security_group_id'] sg = self.get_security_group(q_context, sg_id) if sg['name'] == 'default': raise n_exceptions.DefaultGroupUpdateNotSupported() new_rule = super(TricircleSecurityGroupMixin, self).create_security_group_rule(q_context, security_group_rule) t_context = context.get_context_from_neutron_context(q_context) mappings = db_api.get_bottom_mappings_by_top_id( t_context, sg_id, constants.RT_SG) try: for pod, b_sg_id in mappings: client = self._get_client(pod['pod_name']) rule['security_group_id'] = b_sg_id self._safe_create_security_group_rule( t_context, client, {'security_group_rule': rule}) except Exception: super(TricircleSecurityGroupMixin, self).delete_security_group_rule(q_context, new_rule['id']) raise n_exceptions.BottomPodOperationFailure( resource='security group rule', pod_name=pod['pod_name']) return new_rule
def _safe_create_bottom_floatingip(t_ctx, pod, client, fip_net_id, fip_address, port_id): try: client.create_floatingips( t_ctx, {'floatingip': {'floating_network_id': fip_net_id, 'floating_ip_address': fip_address, 'port_id': port_id}}) except q_cli_exceptions.IpAddressInUseClient: fips = client.list_floatingips(t_ctx, [{'key': 'floating_ip_address', 'comparator': 'eq', 'value': fip_address}]) if not fips: # this is rare case that we got IpAddressInUseClient exception # a second ago but now the floating ip is missing raise t_network_exc.BottomPodOperationFailure( resource='floating ip', region_name=pod['region_name']) associated_port_id = fips[0].get('port_id') if associated_port_id == port_id: # the internal port associated with the existing fip is what # we expect, just ignore this exception pass elif not associated_port_id: # the existing fip is not associated with any internal port, # update the fip to add association client.update_floatingips(t_ctx, fips[0]['id'], {'floatingip': {'port_id': port_id}}) else: raise
def create_security_group_rule(self, q_context, security_group_rule): rule = security_group_rule['security_group_rule'] if rule['remote_group_id']: raise n_exceptions.RemoteGroupNotSupported() sg_id = rule['security_group_id'] sg = self.get_security_group(q_context, sg_id) if not sg: raise n_exceptions.SecurityGroupNotFound(sg_id=sg_id) new_rule = super(TricircleSecurityGroupMixin, self).create_security_group_rule( q_context, security_group_rule) t_context = context.get_context_from_neutron_context(q_context) try: self.xjob_handler.configure_security_group_rules( t_context, rule['project_id']) except Exception: raise n_exceptions.BottomPodOperationFailure( resource='security group rule', region_name='') return new_rule