def test_unlimited_security_group_rules(self): def fake_security_group_rule_count_by_group(context, sec_group_id): return 0 self.stubs.Set(db, 'security_group_rule_count_by_group', fake_security_group_rule_count_by_group) self.flags(quota_security_group_rules=20) rules = quota.allowed_security_group_rules(self.context, 1234, 100) self.assertEqual(rules, 20) db.quota_create(self.context, self.project_id, 'security_group_rules', None) rules = quota.allowed_security_group_rules(self.context, 1234, 100) self.assertEqual(rules, 100) rules = quota.allowed_security_group_rules(self.context, 1234, 101) self.assertEqual(rules, 101)
def create(self, req, body): context = req.environ['nova.context'] authorize(context) if not body: raise exc.HTTPUnprocessableEntity() if not 'security_group_rule' in body: raise exc.HTTPUnprocessableEntity() self.compute_api.ensure_default_security_group(context) sg_rule = body['security_group_rule'] parent_group_id = sg_rule.get('parent_group_id', None) try: parent_group_id = int(parent_group_id) security_group = db.security_group_get(context, parent_group_id) except ValueError: msg = _("Parent group id is not integer") raise exc.HTTPBadRequest(explanation=msg) except exception.NotFound as exp: msg = _("Security group (%s) not found") % parent_group_id raise exc.HTTPNotFound(explanation=msg) msg = _("Authorize security group ingress %s") LOG.audit(msg, security_group['name'], context=context) try: values = self._rule_args_to_dict(context, to_port=sg_rule.get('to_port'), from_port=sg_rule.get('from_port'), parent_group_id=sg_rule.get('parent_group_id'), ip_protocol=sg_rule.get('ip_protocol'), cidr=sg_rule.get('cidr'), group_id=sg_rule.get('group_id')) except Exception as exp: raise exc.HTTPBadRequest(explanation=unicode(exp)) if values is None: msg = _("Not enough parameters to build a " "valid rule.") raise exc.HTTPBadRequest(explanation=msg) values['parent_group_id'] = security_group.id if self._security_group_rule_exists(security_group, values): msg = _('This rule already exists in group %s') % parent_group_id raise exc.HTTPBadRequest(explanation=msg) allowed = quota.allowed_security_group_rules(context, parent_group_id, 1) if allowed < 1: msg = _("Quota exceeded, too many security group rules.") raise exc.HTTPBadRequest(explanation=msg) security_group_rule = db.security_group_rule_create(context, values) self.sgh.trigger_security_group_rule_create_refresh( context, [security_group_rule['id']]) self.compute_api.trigger_security_group_rules_refresh(context, security_group_id=security_group['id']) return {"security_group_rule": self._format_security_group_rule( context, security_group_rule)}
def create(self, req, body): context = req.environ['nova.context'] authorize(context) if not body: raise exc.HTTPUnprocessableEntity() if not 'security_group_rule' in body: raise exc.HTTPUnprocessableEntity() self.compute_api.ensure_default_security_group(context) sg_rule = body['security_group_rule'] parent_group_id = sg_rule.get('parent_group_id', None) try: parent_group_id = int(parent_group_id) security_group = db.security_group_get(context, parent_group_id) except ValueError: msg = _("Parent group id is not integer") raise exc.HTTPBadRequest(explanation=msg) except exception.NotFound as exp: msg = _("Security group (%s) not found") % parent_group_id raise exc.HTTPNotFound(explanation=msg) msg = _("Authorize security group ingress %s") LOG.audit(msg, security_group['name'], context=context) try: values = self._rule_args_to_dict( context, to_port=sg_rule.get('to_port'), from_port=sg_rule.get('from_port'), parent_group_id=sg_rule.get('parent_group_id'), ip_protocol=sg_rule.get('ip_protocol'), cidr=sg_rule.get('cidr'), group_id=sg_rule.get('group_id')) except Exception as exp: raise exc.HTTPBadRequest(explanation=unicode(exp)) if values is None: msg = _("Not enough parameters to build a " "valid rule.") raise exc.HTTPBadRequest(explanation=msg) values['parent_group_id'] = security_group.id if self._security_group_rule_exists(security_group, values): msg = _('This rule already exists in group %s') % parent_group_id raise exc.HTTPBadRequest(explanation=msg) allowed = quota.allowed_security_group_rules(context, parent_group_id, 1) if allowed < 1: msg = _("Quota exceeded, too many security group rules.") raise exc.HTTPBadRequest(explanation=msg) security_group_rule = db.security_group_rule_create(context, values) self.sgh.trigger_security_group_rule_create_refresh( context, [security_group_rule['id']]) self.compute_api.trigger_security_group_rules_refresh( context, security_group_id=security_group['id']) return { "security_group_rule": self._format_security_group_rule(context, security_group_rule) }