|
|
@@ -505,6 +505,50 @@ class OpenStackSecurityGroup(BaseSecurityGroup):
|
|
|
def __init__(self, provider, security_group):
|
|
|
super(OpenStackSecurityGroup, self).__init__(provider, security_group)
|
|
|
|
|
|
+ def add_rule(self, ip_protocol=None, from_port=None, to_port=None,
|
|
|
+ cidr_ip=None, src_group=None):
|
|
|
+ """
|
|
|
+ Create a security group rule.
|
|
|
+
|
|
|
+ You need to pass in either ``src_group`` OR ``ip_protocol``,
|
|
|
+ ``from_port``, ``to_port``, and ``cidr_ip``. In other words, either
|
|
|
+ you are authorizing another group or you are authorizing some
|
|
|
+ ip-based rule.
|
|
|
+
|
|
|
+ :type ip_protocol: str
|
|
|
+ :param ip_protocol: Either ``tcp`` | ``udp`` | ``icmp``
|
|
|
+
|
|
|
+ :type from_port: int
|
|
|
+ :param from_port: The beginning port number you are enabling
|
|
|
+
|
|
|
+ :type to_port: int
|
|
|
+ :param to_port: The ending port number you are enabling
|
|
|
+
|
|
|
+ :type cidr_ip: str or list of strings
|
|
|
+ :param cidr_ip: The CIDR block you are providing access to.
|
|
|
+
|
|
|
+ :type src_group: ``object`` of :class:`.SecurityGroup`
|
|
|
+ :param src_group: The Security Group you are granting access to.
|
|
|
+
|
|
|
+ :rtype: bool
|
|
|
+ :return: True if successful.
|
|
|
+ """
|
|
|
+ if src_group:
|
|
|
+ for protocol in ['tcp', 'udp']:
|
|
|
+ self.provider.nova.security_group_rules.create(
|
|
|
+ parent_group_id=self._security_group.id,
|
|
|
+ ip_protocol=protocol,
|
|
|
+ from_port=1,
|
|
|
+ to_port=65535,
|
|
|
+ group_id=src_group.id)
|
|
|
+ else:
|
|
|
+ return self.provider.nova.security_group_rules.create(
|
|
|
+ parent_group_id=self._security_group.id,
|
|
|
+ ip_protocol=ip_protocol,
|
|
|
+ from_port=from_port,
|
|
|
+ to_port=to_port,
|
|
|
+ cidr=cidr_ip)
|
|
|
+
|
|
|
|
|
|
class OpenStackContainerObject(ContainerObject):
|
|
|
|
Enis Afgan