def _update_secgrp_rule(self, context, rule_id):
compute, project = self.gce_svc, self.gce_project
name = self._gce_secgrp_id(rule_id)
try:
gce_firewall_info = gceutils.get_firewall_rule(
compute, project, name)
except gce_errors.HttpError:
return
try:
core_plugin = NeutronManager.get_plugin()
except AttributeError:
core_plugin = directory.get_plugin()
rule = core_plugin.get_security_group_rule(context, rule_id)
network_link = gce_firewall_info['network']
try:
gce_rule = self._convert_secgrp_rule_to_gce(rule, network_link)
LOG.info("Update GCE firewall rule %s" % name)
operation = gceutils.update_firewall_rule(compute, project, name,
gce_rule)
gceutils.wait_for_operation(compute, project, operation)
except Exception as e:
LOG.exception("An error occurred while updating security "
"group: %s" % e)
LOG.error("Deleting existing GCE firewall rule %s" % name)
operation = gceutils.delete_firewall_rule(compute, project, name)
gceutils.wait_for_operation(compute, project, operation)
def delete_subnet_postcommit(self, context):
compute, project, region = self.gce_svc, self.gce_project, self.gce_region
cidr = context.current['cidr']
if self.is_private_network(cidr):
name = self._gce_subnet_name(context)
operation = gceutils.delete_subnet(compute, project, region, name)
gceutils.wait_for_operation(compute, project, operation)
LOG.info(
_LI("Deleted subnet %s in region %s on GCE") % (name, region))
def _delete_secgrp_rule(self, context, rule_id):
name = self._gce_secgrp_id(rule_id)
compute, project = self.gce_svc, self.gce_project
try:
LOG.warn("Delete existing GCE firewall rule %s,"
"as firewall rule update not GCE compatible." % name)
operation = gceutils.delete_firewall_rule(compute, project, name)
gceutils.wait_for_operation(compute, project, operation)
except gce_errors.HttpError:
pass
def create_subnet_postcommit(self, context):
compute, project, region = self.gce_svc, self.gce_project, self.gce_region
network_name = self._gce_subnet_network_name(context)
name = self._gce_subnet_name(context)
cidr = context.current['cidr']
if self.is_private_network(cidr):
network = gceutils.get_network(compute, project, network_name)
network_link = network['selfLink']
operation = gceutils.create_subnet(compute, project, region, name,
cidr, network_link)
gceutils.wait_for_operation(compute, project, operation)
LOG.info(
_LI("Created subnet %s in region %s on GCE") % (name, region))
def _create_secgrp_rule(self, context, rule, network_link):
compute, project = self.gce_svc, self.gce_project
try:
gce_rule = self._convert_secgrp_rule_to_gce(rule, network_link)
except SecurityGroupInvalidDirection:
LOG.warn("Egress rules are not supported on GCE.")
return
except Exception as e:
LOG.exception(
"An error occurred while creating security group: %s" % e)
raise e
LOG.info("Create GCE firewall rule %s" % gce_rule)
operation = gceutils.create_firewall_rule(compute, project, gce_rule)
gceutils.wait_for_operation(compute, project, operation)
def create_network_postcommit(self, context):
compute, project = self.gce_svc, self.gce_project
name = self._gce_network_name(context)
operation = gceutils.create_network(compute, project, name)
gceutils.wait_for_operation(compute, project, operation)
LOG.info('Created network on GCE %s' % name)