def create(self, req, body): context = _authorize_context(req) sg_rule = self._from_body(body, 'security_group_rule') group_id = sg_rule.get('group_id') source_group = {} try: parent_group_id = security_group_api.validate_id( sg_rule.get('parent_group_id')) security_group = security_group_api.get( context, None, parent_group_id, map_exception=True) if group_id is not None: group_id = security_group_api.validate_id(group_id) source_group = security_group_api.get( context, id=group_id) new_rule = self._rule_args_to_dict(context, to_port=sg_rule.get('to_port'), from_port=sg_rule.get('from_port'), ip_protocol=sg_rule.get('ip_protocol'), cidr=sg_rule.get('cidr'), group_id=group_id) except (exception.Invalid, exception.InvalidCidr) as exp: raise exc.HTTPBadRequest(explanation=exp.format_message()) except exception.SecurityGroupNotFound as exp: raise exc.HTTPNotFound(explanation=exp.format_message()) if new_rule is None: msg = _("Not enough parameters to build a valid rule.") raise exc.HTTPBadRequest(explanation=msg) new_rule['parent_group_id'] = security_group['id'] if 'cidr' in new_rule: net, prefixlen = netutils.get_net_and_prefixlen(new_rule['cidr']) if net not in ('0.0.0.0', '::') and prefixlen == '0': msg = _("Bad prefix for network in cidr %s") % new_rule['cidr'] raise exc.HTTPBadRequest(explanation=msg) group_rule_data = None try: if group_id: group_rule_data = {'name': source_group.get('name'), 'tenant_id': source_group.get('project_id')} security_group_rule = ( security_group_api.create_security_group_rule( context, security_group, new_rule)) except exception.Invalid as exp: raise exc.HTTPBadRequest(explanation=exp.format_message()) except exception.SecurityGroupNotFound as exp: raise exc.HTTPNotFound(explanation=exp.format_message()) except exception.SecurityGroupLimitExceeded as exp: raise exc.HTTPForbidden(explanation=exp.format_message()) formatted_rule = self._format_security_group_rule(context, security_group_rule, group_rule_data) return {"security_group_rule": formatted_rule}
def update(self, req, id, body): """Update a security group.""" context = _authorize_context(req) try: id = security_group_api.validate_id(id) security_group = security_group_api.get( context, None, id, map_exception=True) except exception.SecurityGroupNotFound as exp: raise exc.HTTPNotFound(explanation=exp.format_message()) except exception.Invalid as exp: raise exc.HTTPBadRequest(explanation=exp.format_message()) security_group_data = self._from_body(body, 'security_group') group_name = security_group_data.get('name', None) group_description = security_group_data.get('description', None) try: security_group_api.validate_property(group_name, 'name', None) security_group_api.validate_property( group_description, 'description', None) group_ref = security_group_api.update_security_group( context, security_group, group_name, group_description) except exception.SecurityGroupNotFound as exp: raise exc.HTTPNotFound(explanation=exp.format_message()) except exception.Invalid as exp: raise exc.HTTPBadRequest(explanation=exp.format_message()) return {'security_group': self._format_security_group(context, group_ref)}
def update(self, req, id, body): """Update a security group.""" context = req.environ['nova.context'] context.can(sg_policies.POLICY_NAME % 'update', target={'project_id': context.project_id}) try: id = security_group_api.validate_id(id) security_group = security_group_api.get(context, id) except exception.SecurityGroupNotFound as exp: raise exc.HTTPNotFound(explanation=exp.format_message()) except exception.Invalid as exp: raise exc.HTTPBadRequest(explanation=exp.format_message()) security_group_data = self._from_body(body, 'security_group') group_name = security_group_data.get('name', None) group_description = security_group_data.get('description', None) try: security_group_api.validate_property(group_name, 'name', None) security_group_api.validate_property(group_description, 'description', None) group_ref = security_group_api.update_security_group( context, security_group, group_name, group_description) except exception.SecurityGroupNotFound as exp: raise exc.HTTPNotFound(explanation=exp.format_message()) except exception.Invalid as exp: raise exc.HTTPBadRequest(explanation=exp.format_message()) return { 'security_group': self._format_security_group(context, group_ref) }
def delete(self, req, id): """Delete a security group.""" context = _authorize_context(req) try: id = security_group_api.validate_id(id) security_group = security_group_api.get(context, id) security_group_api.destroy(context, security_group) except exception.SecurityGroupNotFound as exp: raise exc.HTTPNotFound(explanation=exp.format_message()) except exception.Invalid as exp: raise exc.HTTPBadRequest(explanation=exp.format_message())
def delete(self, req, id): """Delete a security group.""" context = req.environ['nova.context'] context.can(sg_policies.POLICY_NAME % 'delete', target={'project_id': context.project_id}) try: id = security_group_api.validate_id(id) security_group = security_group_api.get(context, id) security_group_api.destroy(context, security_group) except exception.SecurityGroupNotFound as exp: raise exc.HTTPNotFound(explanation=exp.format_message()) except exception.Invalid as exp: raise exc.HTTPBadRequest(explanation=exp.format_message())
def show(self, req, id): """Return data about the given security group.""" context = _authorize_context(req) try: id = security_group_api.validate_id(id) security_group = security_group_api.get( context, None, id, map_exception=True) except exception.SecurityGroupNotFound as exp: raise exc.HTTPNotFound(explanation=exp.format_message()) except exception.Invalid as exp: raise exc.HTTPBadRequest(explanation=exp.format_message()) return {'security_group': self._format_security_group(context, security_group)}
def delete(self, req, id): context = _authorize_context(req) try: id = security_group_api.validate_id(id) rule = security_group_api.get_rule(context, id) group_id = rule['parent_group_id'] security_group = security_group_api.get(context, group_id) security_group_api.remove_rules(context, security_group, [rule['id']]) except exception.SecurityGroupNotFound as exp: raise exc.HTTPNotFound(explanation=exp.format_message()) except exception.NoUniqueMatch as exp: raise exc.HTTPConflict(explanation=exp.format_message()) except exception.Invalid as exp: raise exc.HTTPBadRequest(explanation=exp.format_message())
def delete(self, req, id): context = req.environ['nova.context'] context.can(sg_policies.POLICY_NAME % 'rule:delete', target={'project_id': context.project_id}) try: id = security_group_api.validate_id(id) rule = security_group_api.get_rule(context, id) group_id = rule['parent_group_id'] security_group = security_group_api.get(context, group_id) security_group_api.remove_rules(context, security_group, [rule['id']]) except exception.SecurityGroupNotFound as exp: raise exc.HTTPNotFound(explanation=exp.format_message()) except exception.NoUniqueMatch as exp: raise exc.HTTPConflict(explanation=exp.format_message()) except exception.Invalid as exp: raise exc.HTTPBadRequest(explanation=exp.format_message())
def show(self, req, id): """Return data about the given security group.""" context = req.environ['nova.context'] context.can(sg_policies.POLICY_NAME % 'show', target={'project_id': context.project_id}) try: id = security_group_api.validate_id(id) security_group = security_group_api.get(context, id) except exception.SecurityGroupNotFound as exp: raise exc.HTTPNotFound(explanation=exp.format_message()) except exception.Invalid as exp: raise exc.HTTPBadRequest(explanation=exp.format_message()) return { 'security_group': self._format_security_group(context, security_group) }