def create_sec_group_rule(cls, sec_group, protocol, from_port, to_port, cidr, context): try: remote_rule_id = RemoteSecurityGroup.add_rule( sec_group_id=sec_group['id'], protocol=protocol, from_port=from_port, to_port=to_port, cidr=cidr, context=context) if not remote_rule_id: raise exception.SecurityGroupRuleCreationError( "Failed to create Security Group Rule") else: # Create db record return cls.create( id=remote_rule_id, protocol=protocol, from_port=from_port, to_port=to_port, cidr=cidr, group_id=sec_group['id']) except exception.SecurityGroupRuleCreationError as e: LOG.exception(_("Failed to create remote security group.")) raise e
def add_security_group_rule(self, sec_group_id, protocol, from_port, to_port, cidr, direction=CONST['INGRESS'], ethertype=CONST['IPv4']): try: secgroup_rule_body = {"security_group_rule": {"security_group_id": sec_group_id, "protocol": protocol, "port_range_min": from_port, "port_range_max": to_port, "remote_ip_prefix": cidr, "direction": direction, # ingress | egress "ethertype": ethertype, # IPv4 | IPv6 }} secgroup_rule = self.client.create_security_group_rule( secgroup_rule_body) return self._convert_to_nova_security_group_rule_format( secgroup_rule.get('security_group_rule', secgroup_rule)) except neutron_exceptions.NeutronClientException as e: # ignore error if rule already exists if e.status_code == 409: LOG.exception("secgroup rule already exists") else: LOG.exception('Failed to add rule to remote security group') raise exception.SecurityGroupRuleCreationError(str(e))
def _validate_create_body(self, body): try: body['security_group_rule'] body['security_group_rule']['group_id'] body['security_group_rule']['cidr'] except KeyError as e: LOG.error(_("Create Security Group Rules Required field(s) " "- %s") % e) raise exception.SecurityGroupRuleCreationError( "Required element/key - %s was not specified" % e)
def _validate_create_body(self, body): try: # TODO(slicknik): Add some better validation here around ports, # protocol, and cidr values. body['security_group_rule'] body['security_group_rule']['group_id'] body['security_group_rule']['cidr'] except KeyError as e: LOG.error( _("Create Security Group Rules Required field(s) " "- %s") % e) raise exception.SecurityGroupRuleCreationError( "Required element/key - %s was not specified" % e)
def add_security_group_rule(self, sec_group_id, protocol, from_port, to_port, cidr): try: sec_group_rule = self.client.security_group_rules.create( parent_group_id=sec_group_id, ip_protocol=protocol, from_port=from_port, to_port=to_port, cidr=cidr) return sec_group_rule except nova_exceptions.ClientException as e: LOG.exception('Failed to add rule to remote security group') raise exception.SecurityGroupRuleCreationError(str(e))
def add_rule(cls, sec_group_id, protocol, from_port, to_port, cidr, context): client = trove.common.remote.create_nova_client(context) try: sec_group_rule = client.security_group_rules.create( parent_group_id=sec_group_id, ip_protocol=protocol, from_port=from_port, to_port=to_port, cidr=cidr) return sec_group_rule.id except nova_exceptions.ClientException as e: LOG.exception('Failed to add rule to remote security group') raise exception.SecurityGroupRuleCreationError(str(e))