def create(nova_client, **kwargs):
security_group = build_sg_data()
security_group['description'] = ctx.node.properties['description']
sgr_default_values = {
'ip_protocol': 'tcp',
'from_port': 1,
'to_port': 65535,
'cidr': '0.0.0.0/0',
# 'group_id': None,
# 'parent_group_id': None,
}
sg_rules = process_rules(nova_client, sgr_default_values, 'cidr',
'group_id', 'from_port', 'to_port')
if use_external_sg(nova_client):
return
transform_resource_name(ctx, security_group)
sg = nova_client.security_groups.create(security_group['name'],
security_group['description'])
set_sg_runtime_properties(sg, nova_client)
try:
for sgr in sg_rules:
sgr['parent_group_id'] = sg.id
nova_client.security_group_rules.create(**sgr)
except Exception:
delete_resource_and_runtime_properties(ctx, nova_client,
RUNTIME_PROPERTIES_KEYS)
raise
def create(neutron_client, args, **kwargs):
security_group = build_sg_data(args)
sg_rules = process_rules(neutron_client, DEFAULT_RULE_VALUES,
'remote_ip_prefix', 'remote_group_id',
'port_range_min', 'port_range_max')
disable_default_egress_rules = ctx.node.properties.get(
'disable_default_egress_rules')
if use_external_sg(neutron_client):
return
transform_resource_name(ctx, security_group)
sg = neutron_client.create_security_group(
{'security_group': security_group})['security_group']
set_sg_runtime_properties(sg, neutron_client)
try:
if disable_default_egress_rules:
for er in _egress_rules(_rules_for_sg_id(neutron_client,
sg['id'])):
neutron_client.delete_security_group_rule(er['id'])
for sgr in sg_rules:
sgr['security_group_id'] = sg['id']
neutron_client.create_security_group_rule(
{'security_group_rule': sgr})
except Exception:
delete_resource_and_runtime_properties(ctx, neutron_client,
RUNTIME_PROPERTIES_KEYS)
raise
def create(nova_client, **kwargs):
security_group = build_sg_data()
security_group['description'] = ctx.node.properties['description']
sgr_default_values = {
'ip_protocol': 'tcp',
'from_port': 1,
'to_port': 65535,
'cidr': '0.0.0.0/0',
# 'group_id': None,
# 'parent_group_id': None,
}
sg_rules = process_rules(nova_client, sgr_default_values,
'cidr', 'group_id', 'from_port', 'to_port')
if use_external_sg(nova_client):
return
transform_resource_name(ctx, security_group)
sg = nova_client.security_groups.create(
security_group['name'], security_group['description'])
set_sg_runtime_properties(sg, nova_client)
try:
for sgr in sg_rules:
sgr['parent_group_id'] = sg.id
nova_client.security_group_rules.create(**sgr)
except Exception:
delete_resource_and_runtime_properties(ctx, nova_client,
RUNTIME_PROPERTIES_KEYS)
raise
def create(neutron_client, args, **kwargs):
security_group = build_sg_data(args)
sg_rules = process_rules(neutron_client, DEFAULT_RULE_VALUES,
'remote_ip_prefix', 'remote_group_id',
'port_range_min', 'port_range_max')
disable_default_egress_rules = ctx.node.properties.get(
'disable_default_egress_rules')
if use_external_sg(neutron_client):
return
transform_resource_name(ctx, security_group)
sg = neutron_client.create_security_group(
{'security_group': security_group})['security_group']
set_sg_runtime_properties(sg, neutron_client)
try:
if disable_default_egress_rules:
for er in _egress_rules(_rules_for_sg_id(neutron_client,
sg['id'])):
neutron_client.delete_security_group_rule(er['id'])
for sgr in sg_rules:
sgr['security_group_id'] = sg['id']
neutron_client.create_security_group_rule(
{'security_group_rule': sgr})
except Exception:
delete_resource_and_runtime_properties(ctx, neutron_client,
RUNTIME_PROPERTIES_KEYS)
raise
def create(neutron_client,
args,
status_attempts=10,
status_timeout=2,
**kwargs):
security_group = build_sg_data(args)
if not security_group['description']:
security_group['description'] = ctx.node.properties['description']
sg_rules = process_rules(neutron_client, DEFAULT_RULE_VALUES,
'remote_ip_prefix', 'remote_group_id',
'port_range_min', 'port_range_max')
disable_default_egress_rules = ctx.node.properties.get(
'disable_default_egress_rules')
if use_external_sg(neutron_client):
return
transform_resource_name(ctx, security_group)
sg = neutron_client.create_security_group(
{'security_group': security_group})['security_group']
for attempt in range(max(status_attempts, 1)):
sleep(status_timeout)
try:
neutron_client.show_security_group(sg['id'])
except RequestException as e:
ctx.logger.debug(
"Waiting for SG to be visible. Attempt {}".format(attempt))
else:
break
else:
raise NonRecoverableError(
"Timed out waiting for security_group to exist", e)
set_sg_runtime_properties(sg, neutron_client)
try:
if disable_default_egress_rules:
for er in _egress_rules(_rules_for_sg_id(neutron_client,
sg['id'])):
neutron_client.delete_security_group_rule(er['id'])
for sgr in sg_rules:
sgr['security_group_id'] = sg['id']
neutron_client.create_security_group_rule(
{'security_group_rule': sgr})
except Exception:
try:
delete_resource_and_runtime_properties(ctx, neutron_client,
RUNTIME_PROPERTIES_KEYS)
except Exception as e:
raise NonRecoverableError('Exception while tearing down for retry',
e)
raise
def create(
neutron_client, args,
status_attempts=10, status_timeout=2, **kwargs
):
security_group = build_sg_data(args)
if not security_group['description']:
security_group['description'] = ctx.node.properties['description']
sg_rules = process_rules(neutron_client, DEFAULT_RULE_VALUES,
'remote_ip_prefix', 'remote_group_id',
'port_range_min', 'port_range_max')
disable_default_egress_rules = ctx.node.properties.get(
'disable_default_egress_rules')
if use_external_sg(neutron_client):
return
transform_resource_name(ctx, security_group)
sg = neutron_client.create_security_group(
{'security_group': security_group})['security_group']
for attempt in range(max(status_attempts, 1)):
sleep(status_timeout)
try:
neutron_client.show_security_group(sg['id'])
except RequestException as e:
ctx.logger.debug("Waiting for SG to be visible. Attempt {}".format(
attempt))
else:
break
else:
raise NonRecoverableError(
"Timed out waiting for security_group to exist", e)
set_sg_runtime_properties(sg, neutron_client)
try:
if disable_default_egress_rules:
for er in _egress_rules(_rules_for_sg_id(neutron_client,
sg['id'])):
neutron_client.delete_security_group_rule(er['id'])
for sgr in sg_rules:
sgr['security_group_id'] = sg['id']
neutron_client.create_security_group_rule(
{'security_group_rule': sgr})
except Exception:
try:
delete_resource_and_runtime_properties(
ctx, neutron_client,
RUNTIME_PROPERTIES_KEYS)
except Exception as e:
raise NonRecoverableError(
'Exception while tearing down for retry', e)
raise