def get_security_group_rule(context, id, fields=None):
LOG.info("get_security_group_rule %s for tenant %s" %
(id, context.tenant_id))
rule = db_api.security_group_rule_find(context, id=id, scope=db_api.ONE)
if not rule:
raise sg_ext.SecurityGroupRuleNotFound(rule_id=id)
return v._make_security_group_rule_dict(rule, fields)
def update_security_group_rule(context, id, security_group_rule):
'''Updates a rule and updates the ports'''
LOG.info("update_security_group_rule for tenant %s" % (context.tenant_id))
new_rule = security_group_rule["security_group_rule"]
# Only allow updatable fields
new_rule = _filter_update_security_group_rule(new_rule)
with context.session.begin():
rule = db_api.security_group_rule_find(context,
id=id,
scope=db_api.ONE)
if not rule:
raise sg_ext.SecurityGroupRuleNotFound(id=id)
db_rule = db_api.security_group_rule_update(context, rule, **new_rule)
group_id = db_rule.group_id
group = db_api.security_group_find(context,
id=group_id,
scope=db_api.ONE)
if not group:
raise sg_ext.SecurityGroupNotFound(id=group_id)
if group:
_perform_async_update_rule(context, group_id, group, rule.id,
RULE_UPDATE)
return v._make_security_group_rule_dict(db_rule)
def create_security_group_rule(context, security_group_rule):
"""Creates a rule and updates the ports (async) if enabled."""
LOG.info("create_security_group for tenant %s" % (context.tenant_id))
with context.session.begin():
rule = _validate_security_group_rule(
context, security_group_rule["security_group_rule"])
rule["id"] = uuidutils.generate_uuid()
group_id = rule["security_group_id"]
group = db_api.security_group_find(context,
id=group_id,
scope=db_api.ONE)
if not group:
raise sg_ext.SecurityGroupNotFound(id=group_id)
quota.QUOTAS.limit_check(
context,
context.tenant_id,
security_rules_per_group=len(group.get("rules", [])) + 1)
new_rule = db_api.security_group_rule_create(context, **rule)
if group:
_perform_async_update_rule(context, group_id, group, new_rule.id,
RULE_CREATE)
return v._make_security_group_rule_dict(new_rule)
def get_security_group_rules(context,
filters=None,
fields=None,
sorts=None,
limit=None,
marker=None,
page_reverse=False):
LOG.info("get_security_group_rules for tenant %s" % (context.tenant_id))
rules = db_api.security_group_rule_find(context, **filters)
return [v._make_security_group_rule_dict(rule) for rule in rules]
def delete_security_group_rule(context, id):
LOG.info("delete_security_group %s for tenant %s" %
(id, context.tenant_id))
rule = db_api.security_group_rule_find(context, id=id, scope=db_api.ONE)
if not rule:
raise sg_ext.SecurityGroupRuleNotFound(group_id=id)
group = db_api.security_group_find(context,
id=rule["group_id"],
scope=db_api.ONE)
if not group:
raise sg_ext.SecurityGroupNotFound(id=id)
net_driver.delete_security_group_rule(
context, group.id, v._make_security_group_rule_dict(rule))
rule["id"] = id
db_api.security_group_rule_delete(context, rule)
def create_security_group_rule(context, security_group_rule):
LOG.info("create_security_group for tenant %s" % (context.tenant_id))
rule = _validate_security_group_rule(
context, security_group_rule["security_group_rule"])
rule["id"] = uuidutils.generate_uuid()
group_id = rule["security_group_id"]
group = db_api.security_group_find(context, id=group_id, scope=db_api.ONE)
if not group:
raise sg_ext.SecurityGroupNotFound(group_id=group_id)
quota.QUOTAS.limit_check(
context,
context.tenant_id,
security_rules_per_group=len(group.get("rules", [])) + 1)
net_driver.create_security_group_rule(context, group_id, rule)
return v._make_security_group_rule_dict(
db_api.security_group_rule_create(context, **rule))
