class SecurityGroupRule(base.NeutronDbObject):
# Version 1.0: Initial version
VERSION = '1.0'
db_model = sg_models.SecurityGroupRule
fields = {
'id': common_types.UUIDField(),
'project_id': obj_fields.StringField(nullable=True),
'security_group_id': common_types.UUIDField(),
'remote_group_id': common_types.UUIDField(nullable=True),
'direction': common_types.FlowDirectionEnumField(nullable=True),
'ethertype': common_types.EtherTypeEnumField(nullable=True),
'protocol': common_types.IpProtocolEnumField(nullable=True),
'port_range_min': common_types.PortRangeWith0Field(nullable=True),
'port_range_max': common_types.PortRangeWith0Field(nullable=True),
'remote_ip_prefix': common_types.IPNetworkField(nullable=True),
}
foreign_keys = {'SecurityGroup': {'security_group_id': 'id'}}
fields_no_update = ['project_id', 'security_group_id', 'remote_group_id']
# TODO(sayalilunkad): get rid of it once we switch the db model to using
# custom types.
@classmethod
def modify_fields_to_db(cls, fields):
result = super(SecurityGroupRule, cls).modify_fields_to_db(fields)
remote_ip_prefix = result.get('remote_ip_prefix')
if remote_ip_prefix:
result['remote_ip_prefix'] = cls.filter_to_str(remote_ip_prefix)
return result
# TODO(sayalilunkad): get rid of it once we switch the db model to using
# custom types.
@classmethod
def modify_fields_from_db(cls, db_obj):
fields = super(SecurityGroupRule, cls).modify_fields_from_db(db_obj)
if 'remote_ip_prefix' in fields:
fields['remote_ip_prefix'] = (net_utils.AuthenticIPNetwork(
fields['remote_ip_prefix']))
return fields
@classmethod
def get_security_group_rule_ids(cls, project_id):
"""Retrieve all SG rules related to this project_id
This method returns the SG rule IDs that meet these conditions:
- The rule belongs to this project_id
- The rule belongs to a security group that belongs to the project_id
"""
context = context_lib.get_admin_context()
query = context.session.query(cls.db_model.id)
query = query.join(
SecurityGroup.db_model,
cls.db_model.security_group_id == SecurityGroup.db_model.id)
clauses = or_(SecurityGroup.db_model.project_id == project_id,
cls.db_model.project_id == project_id)
rule_ids = query.filter(clauses).all()
return [rule_id[0] for rule_id in rule_ids]
class MeteringLabelRule(base.NeutronDbObject):
# Version 1.0: Initial version
VERSION = '1.0'
db_model = metering_models.MeteringLabelRule
foreign_keys = {'MeteringLabel': {'metering_label_id': 'id'}}
fields = {
'id': common_types.UUIDField(),
'direction': common_types.FlowDirectionEnumField(nullable=True),
'remote_ip_prefix': common_types.IPNetworkField(nullable=True),
'metering_label_id': common_types.UUIDField(),
'excluded': obj_fields.BooleanField(default=False),
}
fields_no_update = ['metering_label_id']
@classmethod
def modify_fields_from_db(cls, db_obj):
result = super(MeteringLabelRule, cls).modify_fields_from_db(db_obj)
if 'remote_ip_prefix' in result:
result['remote_ip_prefix'] = net_utils.AuthenticIPNetwork(
result['remote_ip_prefix'])
return result
@classmethod
def modify_fields_to_db(cls, fields):
result = super(MeteringLabelRule, cls).modify_fields_to_db(fields)
if 'remote_ip_prefix' in result:
result['remote_ip_prefix'] = cls.filter_to_str(
result['remote_ip_prefix'])
return result
def setUp(self):
super(FlowDirectionEnumFieldTest, self).setUp()
self.field = common_types.FlowDirectionEnumField()
self.coerce_good_values = [(val, val)
for val in const.VALID_DIRECTIONS]
self.coerce_bad_values = ['test', '8', 10, []]
self.to_primitive_values = self.coerce_good_values
self.from_primitive_values = self.coerce_good_values
class QosMinimumBandwidthRule(QosRule):
db_model = qos_db_model.QosMinimumBandwidthRule
fields = {
'min_kbps': obj_fields.IntegerField(nullable=True),
'direction': common_types.FlowDirectionEnumField(),
}
duplicates_compare_fields = ['direction']
rule_type = qos_consts.RULE_TYPE_MINIMUM_BANDWIDTH
class MeteringLabelRule(base.NeutronDbObject):
# Version 1.0: Initial version
# Version 2.0: Source and destination field for the metering label rule
VERSION = '2.0'
db_model = metering_models.MeteringLabelRule
foreign_keys = {'MeteringLabel': {'metering_label_id': 'id'}}
fields = {
'id': common_types.UUIDField(),
'direction': common_types.FlowDirectionEnumField(nullable=True),
'remote_ip_prefix': common_types.IPNetworkField(nullable=True),
'source_ip_prefix': common_types.IPNetworkField(nullable=True),
'destination_ip_prefix': common_types.IPNetworkField(nullable=True),
'metering_label_id': common_types.UUIDField(),
'excluded': obj_fields.BooleanField(default=False),
}
fields_no_update = ['metering_label_id']
@classmethod
def modify_fields_from_db(cls, db_obj):
result = super(MeteringLabelRule, cls).modify_fields_from_db(db_obj)
cls.ip_field_from_db(result, "remote_ip_prefix")
cls.ip_field_from_db(result, "source_ip_prefix")
cls.ip_field_from_db(result, "destination_ip_prefix")
return result
@classmethod
def ip_field_from_db(cls, result, attribute_name):
if attribute_name in result:
result[attribute_name] = net_utils.AuthenticIPNetwork(
result[attribute_name])
@classmethod
def modify_fields_to_db(cls, fields):
result = super(MeteringLabelRule, cls).modify_fields_to_db(fields)
cls.ip_field_to_db(result, "remote_ip_prefix")
cls.ip_field_to_db(result, "source_ip_prefix")
cls.ip_field_to_db(result, "destination_ip_prefix")
return result
@classmethod
def ip_field_to_db(cls, result, attribute_name):
if attribute_name in result:
result[attribute_name] = cls.filter_to_str(result[attribute_name])
class QosMinimumBandwidthRule(QosRule):
LOG.info('%s(): caller(): %s', log_utils.get_fname(1),
log_utils.get_fname(2))
db_model = qos_db_model.QosMinimumBandwidthRule
fields = {
'min_kbps': obj_fields.IntegerField(nullable=True),
'direction': common_types.FlowDirectionEnumField(),
}
duplicates_compare_fields = ['direction']
rule_type = qos_consts.RULE_TYPE_MINIMUM_BANDWIDTH
class QosPacketRateLimitRule(QosRule):
db_model = qos_db_model.QosPacketRateLimitRule
fields = {
'max_kpps':
obj_fields.IntegerField(nullable=True),
'max_burst_kpps':
obj_fields.IntegerField(nullable=True),
'direction':
common_types.FlowDirectionEnumField(default=constants.EGRESS_DIRECTION)
}
duplicates_compare_fields = ['direction']
rule_type = qos_constants.RULE_TYPE_PACKET_RATE_LIMIT
class QosBandwidthLimitRule(QosRule):
LOG.info('%s(): caller(): %s', log_utils.get_fname(1),
log_utils.get_fname(2))
db_model = qos_db_model.QosBandwidthLimitRule
fields = {
'max_kbps':
obj_fields.IntegerField(nullable=True),
'max_burst_kbps':
obj_fields.IntegerField(nullable=True),
'direction':
common_types.FlowDirectionEnumField(default=constants.EGRESS_DIRECTION)
}
duplicates_compare_fields = ['direction']
rule_type = qos_consts.RULE_TYPE_BANDWIDTH_LIMIT
class SecurityGroupRule(base.NeutronDbObject):
# Version 1.0: Initial version
VERSION = '1.0'
db_model = sg_models.SecurityGroupRule
fields = {
'id': common_types.UUIDField(),
'project_id': obj_fields.StringField(nullable=True),
'security_group_id': common_types.UUIDField(),
'remote_group_id': common_types.UUIDField(nullable=True),
'direction': common_types.FlowDirectionEnumField(nullable=True),
'ethertype': common_types.EtherTypeEnumField(nullable=True),
'protocol': common_types.IpProtocolEnumField(nullable=True),
'port_range_min': common_types.PortRangeWith0Field(nullable=True),
'port_range_max': common_types.PortRangeWith0Field(nullable=True),
'remote_ip_prefix': common_types.IPNetworkField(nullable=True),
}
foreign_keys = {'SecurityGroup': {'security_group_id': 'id'}}
fields_no_update = ['project_id', 'security_group_id', 'remote_group_id']
# TODO(sayalilunkad): get rid of it once we switch the db model to using
# custom types.
@classmethod
def modify_fields_to_db(cls, fields):
result = super(SecurityGroupRule, cls).modify_fields_to_db(fields)
remote_ip_prefix = result.get('remote_ip_prefix')
if remote_ip_prefix:
result['remote_ip_prefix'] = cls.filter_to_str(remote_ip_prefix)
return result
# TODO(sayalilunkad): get rid of it once we switch the db model to using
# custom types.
@classmethod
def modify_fields_from_db(cls, db_obj):
fields = super(SecurityGroupRule, cls).modify_fields_from_db(db_obj)
if 'remote_ip_prefix' in fields:
fields['remote_ip_prefix'] = (
net_utils.AuthenticIPNetwork(fields['remote_ip_prefix']))
return fields
class SecurityGroupRule(base.NeutronDbObject):
# Version 1.0: Initial version
# Version 1.1: Add remote address group support
# Version 1.2: Added normalized cidr column
VERSION = '1.2'
db_model = sg_models.SecurityGroupRule
fields = {
'id': common_types.UUIDField(),
'project_id': obj_fields.StringField(nullable=True),
'security_group_id': common_types.UUIDField(),
'remote_group_id': common_types.UUIDField(nullable=True),
'direction': common_types.FlowDirectionEnumField(nullable=True),
'ethertype': common_types.EtherTypeEnumField(nullable=True),
'protocol': common_types.IpProtocolEnumField(nullable=True),
'port_range_min': common_types.PortRangeWith0Field(nullable=True),
'port_range_max': common_types.PortRangeWith0Field(nullable=True),
'remote_ip_prefix': common_types.IPNetworkField(nullable=True),
'remote_address_group_id': common_types.UUIDField(nullable=True),
'normalized_cidr': common_types.IPNetworkField(nullable=True),
}
synthetic_fields = ['normalized_cidr']
foreign_keys = {'SecurityGroup': {'security_group_id': 'id'}}
fields_no_update = [
'project_id', 'security_group_id', 'remote_group_id',
'remote_address_group_id'
]
def obj_make_compatible(self, primitive, target_version):
_target_version = versionutils.convert_version_to_tuple(target_version)
if _target_version < (1, 1):
primitive.pop('remote_address_group_id', None)
if _target_version < (1, 2):
primitive.pop('normalized_cidr', None)
# TODO(sayalilunkad): get rid of it once we switch the db model to using
# custom types.
@classmethod
def modify_fields_to_db(cls, fields):
result = super(SecurityGroupRule, cls).modify_fields_to_db(fields)
remote_ip_prefix = result.get('remote_ip_prefix')
if remote_ip_prefix:
result['remote_ip_prefix'] = cls.filter_to_str(remote_ip_prefix)
return result
def _load_normalized_cidr(self, db_obj=None):
db_obj = db_obj or SecurityGroupRule.get_object(self.obj_context,
id=self.id)
if not db_obj:
return
cidr = None
if db_obj.remote_ip_prefix:
cidr = net_utils.AuthenticIPNetwork(db_obj.remote_ip_prefix).cidr
setattr(self, 'normalized_cidr', cidr)
self.obj_reset_changes(['normalized_cidr'])
def from_db_object(self, db_obj):
super(SecurityGroupRule, self).from_db_object(db_obj)
self._load_normalized_cidr(db_obj)
def obj_load_attr(self, attrname):
if attrname == 'normalized_cidr':
return self._load_normalized_cidr()
super(SecurityGroupRule, self).obj_load_attr(attrname)
# TODO(sayalilunkad): get rid of it once we switch the db model to using
# custom types.
@classmethod
def modify_fields_from_db(cls, db_obj):
fields = super(SecurityGroupRule, cls).modify_fields_from_db(db_obj)
if 'remote_ip_prefix' in fields:
fields['remote_ip_prefix'] = (net_utils.AuthenticIPNetwork(
fields['remote_ip_prefix']))
return fields
@classmethod
def get_security_group_rule_ids(cls, project_id):
"""Retrieve all SG rules related to this project_id
This method returns the SG rule IDs that meet these conditions:
- The rule belongs to this project_id
- The rule belongs to a security group that belongs to the project_id
"""
context = context_lib.get_admin_context()
# NOTE(ralonsoh): do no use a READER decorator in this method. Elevated
# permissions are needed here.
with db_api.CONTEXT_READER.using(context):
query = context.session.query(cls.db_model.id)
query = query.join(
SecurityGroup.db_model,
cls.db_model.security_group_id == SecurityGroup.db_model.id)
clauses = or_(SecurityGroup.db_model.project_id == project_id,
cls.db_model.project_id == project_id)
rule_ids = query.filter(clauses).all()
return [rule_id[0] for rule_id in rule_ids]