135 lines
3.7 KiB
Python
135 lines
3.7 KiB
Python
# coding=utf-8
|
|
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
|
|
|
#
|
|
# Copyright (c) 2012, Intel Performance Learning Solutions Ltd.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
"""
|
|
Security related 'glue'
|
|
"""
|
|
|
|
# L8R: Check exception handling of this routines!
|
|
|
|
from nova import compute
|
|
from nova import db
|
|
from nova.flags import FLAGS
|
|
from nova.openstack.common import importutils
|
|
|
|
from occi import exceptions
|
|
|
|
# connect to nova
|
|
COMPUTE_API = compute.API()
|
|
|
|
SEC_HANDLER = importutils.import_object(FLAGS.security_group_handler)
|
|
|
|
|
|
def create_group(name, description, context):
|
|
"""
|
|
Create a OS security group.
|
|
|
|
name -- Name of the group.
|
|
description -- Description.
|
|
context -- The os context.
|
|
"""
|
|
if db.security_group_exists(context, context.project_id, name):
|
|
raise AttributeError('Security group already exists: ' + name)
|
|
|
|
group = {'user_id': context.user_id,
|
|
'project_id': context.project_id,
|
|
'name': name,
|
|
'description': description}
|
|
db.security_group_create(context, group)
|
|
SEC_HANDLER.trigger_security_group_create_refresh(context, group)
|
|
|
|
|
|
def remove_group(group_id, context):
|
|
"""
|
|
Remove a security group.
|
|
|
|
group_id -- the group.
|
|
context -- The os context.
|
|
"""
|
|
try:
|
|
#if db.security_group_in_use(context, group_id):
|
|
# raise AttributeError('Security group is still in use')
|
|
|
|
db.security_group_destroy(context, group_id)
|
|
SEC_HANDLER.trigger_security_group_destroy_refresh(
|
|
context, group_id)
|
|
|
|
except Exception as error:
|
|
raise AttributeError(error)
|
|
|
|
|
|
def retrieve_group(mixin_term, context):
|
|
"""
|
|
Retrieve the security group associated with the security mixin.
|
|
|
|
mixin_term -- The term of the mixin representing the group.
|
|
context -- The os context.
|
|
"""
|
|
try:
|
|
sec_group = db.security_group_get_by_name(context, context.project_id,
|
|
mixin_term)
|
|
except Exception as err:
|
|
msg = err.message
|
|
raise AttributeError(msg)
|
|
|
|
return sec_group
|
|
|
|
|
|
def create_rule(rule, context):
|
|
"""
|
|
Create a security rule.
|
|
|
|
rule -- The rule.
|
|
context -- The os context.
|
|
"""
|
|
try:
|
|
db.security_group_rule_create(context, rule)
|
|
except Exception as err:
|
|
raise AttributeError('Unable to create rule: ' + str(err))
|
|
|
|
|
|
def remove_rule(rule, context):
|
|
"""
|
|
Remove a security rule.
|
|
|
|
rule -- The rule
|
|
context -- The os context.
|
|
"""
|
|
group_id = rule['parent_group_id']
|
|
|
|
try:
|
|
db.security_group_rule_destroy(context, rule['id'])
|
|
SEC_HANDLER.trigger_security_group_rule_destroy_refresh(context,
|
|
[rule['id']])
|
|
except Exception as err:
|
|
raise AttributeError('Unable to remove rule: ' + str(err))
|
|
|
|
|
|
def retrieve_rule(uid, context):
|
|
"""
|
|
Retrieve a rule.
|
|
|
|
uid -- Id of the rule (entity.attributes['occi.core.id'])
|
|
context -- The os context.
|
|
"""
|
|
try:
|
|
return db.security_group_rule_get(context,
|
|
int(uid))
|
|
except Exception:
|
|
raise exceptions.HTTPError(404, 'Rule not found!')
|