Strona główna Odkrywaj Pomoc
Zaloguj się
akillibulut
/
cloudbridge
kopia lustrzana https://github.com/CloudVE/cloudbridge
2
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

Update OpenStack impl for adding security group's group rules

Respect protocol and to/from ports for security group's group rules.
Enis Afgan 9 lat temu
rodzic
1245cebfe4
commit
5929a8c203
3 zmienionych plików z 23 dodań i 24 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 3 3
      cloudbridge/cloud/interfaces/resources.py
  2. 1 1
      cloudbridge/cloud/interfaces/services.py
  3. 19 20
      cloudbridge/cloud/providers/openstack/resources.py

+ 3 - 3
cloudbridge/cloud/interfaces/resources.py
Wyświetl plik 

@@ -1826,8 +1826,8 @@ class SecurityGroup(CloudResource):
 
         Create a security group rule. If the rule already exists, simply
 
         returns it.
 
 
-        You need to pass in either ``src_group`` OR ``ip_protocol``,
 
-        ``from_port``, ``to_port``, and ``cidr_ip``. In other words, either
 
+        You need to pass in either ``src_group`` OR ``ip_protocol`` AND
 
+        ``from_port``, ``to_port``, ``cidr_ip``. In other words, either
 
         you are authorizing another group or you are authorizing some
 
         ip-based rule.
 
 
@@ -1856,7 +1856,7 @@ class SecurityGroup(CloudResource):
 
         """
 
         Get a security group rule with the specified parameters.
 
 
-        You need to pass in either ``src_group`` OR ``ip_protocol``,
 
+        You need to pass in either ``src_group`` OR ``ip_protocol`` AND
 
         ``from_port``, ``to_port``, and ``cidr_ip``. Note that when retrieving
 
         a group rule, this method will return only one rule although possibly
 
         several rules exist for the group rule. In that case, use the

+ 1 - 1
cloudbridge/cloud/interfaces/services.py
Wyświetl plik 

@@ -970,7 +970,7 @@ class SecurityGroupService(PageableObjectMixin, CloudService):
 
     @abstractmethod
 
     def find(self, name, limit=None, marker=None):
 
         """
 
-        Get all security groups associated with your account.
 
+        Get security groups associated with your account filtered by name.
 
 
         :type name: str
 
         :param name: The name of the security group to retrieve.

+ 19 - 20
cloudbridge/cloud/providers/openstack/resources.py
Wyświetl plik 

@@ -875,8 +875,8 @@ class OpenStackSecurityGroup(BaseSecurityGroup):
 
         """
 
         Create a security group rule.
 
 
-        You need to pass in either ``src_group`` OR ``ip_protocol``,
 
-        ``from_port``, ``to_port``, and ``cidr_ip``.  In other words, either
 
+        You need to pass in either ``src_group`` OR ``ip_protocol`` AND
 
+        ``from_port``, ``to_port``, ``cidr_ip``.  In other words, either
 
         you are authorizing another group or you are authorizing some
 
         ip-based rule.
 
 
@@ -902,20 +902,19 @@ class OpenStackSecurityGroup(BaseSecurityGroup):
 
             if not isinstance(src_group, SecurityGroup):
 
                 src_group = self._provider.security.security_groups.get(
 
                     src_group)
 
-            for protocol in ['udp', 'tcp']:
 
-                existing_rule = self.get_rule(ip_protocol=ip_protocol,
 
-                                              from_port=1,
 
-                                              to_port=65535,
 
-                                              src_group=src_group)
 
-                if existing_rule:
 
-                    return existing_rule
 
-
 
-                rule = self._provider.nova.security_group_rules.create(
 
-                    parent_group_id=self._security_group.id,
 
-                    ip_protocol=protocol,
 
-                    from_port=1,
 
-                    to_port=65535,
 
-                    group_id=src_group.id)
 
+            existing_rule = self.get_rule(ip_protocol=ip_protocol,
 
+                                          from_port=from_port,
 
+                                          to_port=to_port,
 
+                                          src_group=src_group)
 
+            if existing_rule:
 
+                return existing_rule
 
+
 
+            rule = self._provider.nova.security_group_rules.create(
 
+                parent_group_id=self._security_group.id,
 
+                ip_protocol=ip_protocol,
 
+                from_port=from_port,
 
+                to_port=to_port,
 
+                group_id=src_group.id)
 
             if rule:
 
                 # We can only return one Rule so default to TCP (ie, last in
 
                 # the for loop above).
 
@@ -942,16 +941,16 @@ class OpenStackSecurityGroup(BaseSecurityGroup):
 
 
     def get_rule(self, ip_protocol=None, from_port=None, to_port=None,
 
                  cidr_ip=None, src_group=None):
 
-        # Update SG object; otherwise, recently added rules do now show
 
+        # Update SG object; otherwise, recently added rules do not show
 
         self._security_group = self._provider.nova.security_groups.get(
 
             self._security_group)
 
         for rule in self._security_group.rules:
 
             if (rule['ip_protocol'] == ip_protocol and
 
                 rule['from_port'] == from_port and
 
                 rule['to_port'] == to_port and
 
-                rule['ip_range'].get('cidr') == cidr_ip) or \
 
-               (rule['group'].get('name') == src_group.name if src_group
 
-                    else False):
 
+                (rule['ip_range'].get('cidr') == cidr_ip or
 
+                 (rule['group'].get('name') == src_group.name if src_group
 
+                  else False))):
 
                 return OpenStackSecurityGroupRule(self._provider, rule, self)
 
         return None