Exemplo n.º 1
0
    def test_unlimited_security_group_rules(self):
        def fake_security_group_rule_count_by_group(context, sec_group_id):
            return 0

        self.stubs.Set(db, 'security_group_rule_count_by_group',
                       fake_security_group_rule_count_by_group)

        self.flags(quota_security_group_rules=20)
        rules = quota.allowed_security_group_rules(self.context, 1234, 100)
        self.assertEqual(rules, 20)
        db.quota_create(self.context, self.project_id, 'security_group_rules',
                        None)
        rules = quota.allowed_security_group_rules(self.context, 1234, 100)
        self.assertEqual(rules, 100)
        rules = quota.allowed_security_group_rules(self.context, 1234, 101)
        self.assertEqual(rules, 101)
    def test_unlimited_security_group_rules(self):

        def fake_security_group_rule_count_by_group(context, sec_group_id):
            return 0

        self.stubs.Set(db, 'security_group_rule_count_by_group',
                       fake_security_group_rule_count_by_group)

        self.flags(quota_security_group_rules=20)
        rules = quota.allowed_security_group_rules(self.context, 1234, 100)
        self.assertEqual(rules, 20)
        db.quota_create(self.context, self.project_id, 'security_group_rules',
                        None)
        rules = quota.allowed_security_group_rules(self.context, 1234, 100)
        self.assertEqual(rules, 100)
        rules = quota.allowed_security_group_rules(self.context, 1234, 101)
        self.assertEqual(rules, 101)
Exemplo n.º 3
0
    def create(self, req, body):
        context = req.environ['nova.context']
        authorize(context)

        if not body:
            raise exc.HTTPUnprocessableEntity()

        if not 'security_group_rule' in body:
            raise exc.HTTPUnprocessableEntity()

        self.compute_api.ensure_default_security_group(context)

        sg_rule = body['security_group_rule']
        parent_group_id = sg_rule.get('parent_group_id', None)
        try:
            parent_group_id = int(parent_group_id)
            security_group = db.security_group_get(context, parent_group_id)
        except ValueError:
            msg = _("Parent group id is not integer")
            raise exc.HTTPBadRequest(explanation=msg)
        except exception.NotFound as exp:
            msg = _("Security group (%s) not found") % parent_group_id
            raise exc.HTTPNotFound(explanation=msg)

        msg = _("Authorize security group ingress %s")
        LOG.audit(msg, security_group['name'], context=context)

        try:
            values = self._rule_args_to_dict(context,
                              to_port=sg_rule.get('to_port'),
                              from_port=sg_rule.get('from_port'),
                              parent_group_id=sg_rule.get('parent_group_id'),
                              ip_protocol=sg_rule.get('ip_protocol'),
                              cidr=sg_rule.get('cidr'),
                              group_id=sg_rule.get('group_id'))
        except Exception as exp:
            raise exc.HTTPBadRequest(explanation=unicode(exp))

        if values is None:
            msg = _("Not enough parameters to build a "
                                       "valid rule.")
            raise exc.HTTPBadRequest(explanation=msg)

        values['parent_group_id'] = security_group.id

        if self._security_group_rule_exists(security_group, values):
            msg = _('This rule already exists in group %s') % parent_group_id
            raise exc.HTTPBadRequest(explanation=msg)

        allowed = quota.allowed_security_group_rules(context,
                                                   parent_group_id,
                                                   1)
        if allowed < 1:
            msg = _("Quota exceeded, too many security group rules.")
            raise exc.HTTPBadRequest(explanation=msg)

        security_group_rule = db.security_group_rule_create(context, values)
        self.sgh.trigger_security_group_rule_create_refresh(
            context, [security_group_rule['id']])
        self.compute_api.trigger_security_group_rules_refresh(context,
                                    security_group_id=security_group['id'])

        return {"security_group_rule": self._format_security_group_rule(
                                                        context,
                                                        security_group_rule)}
Exemplo n.º 4
0
    def create(self, req, body):
        context = req.environ['nova.context']
        authorize(context)

        if not body:
            raise exc.HTTPUnprocessableEntity()

        if not 'security_group_rule' in body:
            raise exc.HTTPUnprocessableEntity()

        self.compute_api.ensure_default_security_group(context)

        sg_rule = body['security_group_rule']
        parent_group_id = sg_rule.get('parent_group_id', None)
        try:
            parent_group_id = int(parent_group_id)
            security_group = db.security_group_get(context, parent_group_id)
        except ValueError:
            msg = _("Parent group id is not integer")
            raise exc.HTTPBadRequest(explanation=msg)
        except exception.NotFound as exp:
            msg = _("Security group (%s) not found") % parent_group_id
            raise exc.HTTPNotFound(explanation=msg)

        msg = _("Authorize security group ingress %s")
        LOG.audit(msg, security_group['name'], context=context)

        try:
            values = self._rule_args_to_dict(
                context,
                to_port=sg_rule.get('to_port'),
                from_port=sg_rule.get('from_port'),
                parent_group_id=sg_rule.get('parent_group_id'),
                ip_protocol=sg_rule.get('ip_protocol'),
                cidr=sg_rule.get('cidr'),
                group_id=sg_rule.get('group_id'))
        except Exception as exp:
            raise exc.HTTPBadRequest(explanation=unicode(exp))

        if values is None:
            msg = _("Not enough parameters to build a " "valid rule.")
            raise exc.HTTPBadRequest(explanation=msg)

        values['parent_group_id'] = security_group.id

        if self._security_group_rule_exists(security_group, values):
            msg = _('This rule already exists in group %s') % parent_group_id
            raise exc.HTTPBadRequest(explanation=msg)

        allowed = quota.allowed_security_group_rules(context, parent_group_id,
                                                     1)
        if allowed < 1:
            msg = _("Quota exceeded, too many security group rules.")
            raise exc.HTTPBadRequest(explanation=msg)

        security_group_rule = db.security_group_rule_create(context, values)
        self.sgh.trigger_security_group_rule_create_refresh(
            context, [security_group_rule['id']])
        self.compute_api.trigger_security_group_rules_refresh(
            context, security_group_id=security_group['id'])

        return {
            "security_group_rule":
            self._format_security_group_rule(context, security_group_rule)
        }