diff --git a/meta/io.murano/Classes/system/AwsSecurityGroupManager.yaml b/meta/io.murano/Classes/system/AwsSecurityGroupManager.yaml index 2214d7a9..1966e99a 100644 --- a/meta/io.murano/Classes/system/AwsSecurityGroupManager.yaml +++ b/meta/io.murano/Classes/system/AwsSecurityGroupManager.yaml @@ -27,6 +27,37 @@ Methods: ToPort: $.int().notNull() IpProtocol: $.string().notNull() External: $.bool().notNull() + Ethertype: $.string().check($ in list(null, 'IPv4', 'IPv6')) + - groupName: + Contract: $.string().notNull() + Default: $this.defaultGroupName + Body: + - $._addGroup(ingress, $rules, $groupName) + + addGroupEgress: + Arguments: + - rules: + Contract: + - FromPort: $.int().notNull() + ToPort: $.int().notNull() + IpProtocol: $.string().notNull() + External: $.bool().notNull() + Ethertype: $.string().check($ in list(null, 'IPv4', 'IPv6')) + - groupName: + Contract: $.string().notNull() + Default: $this.defaultGroupName + Body: + - $._addGroup(egress, $rules, $groupName) + + _addGroup: + Arguments: + - rules: + Contract: + - FromPort: $.int().notNull() + ToPort: $.int().notNull() + IpProtocol: $.string().notNull() + External: $.bool().notNull() + Ethertype: $.string().check($ in list(null, 'IPv4', 'IPv6')) - groupName: Contract: $.string().notNull() Default: $this.defaultGroupName @@ -39,6 +70,15 @@ Methods: ext_key: remote_mode ext_val: remote_group_id + - $ethertype: $rules.where($.get(Ethertype) = IPv6) + - If: len($ethertype) > 0 + Then: + - $msg: 'Unable to add security group. IPv6 is not supported.' + - $._environment.reporter.report_error($this, $msg) + - Throw: UnsupportedPropertyValue + Message: $msg + - $groupDirection: dict(egress => SecurityGroupEgress).get($direction, SecurityGroupIngress) + - $stack: $.environment.stack - $template: resources: @@ -46,14 +86,14 @@ Methods: type: 'AWS::EC2::SecurityGroup' properties: GroupDescription: format('Composite security group of Murano environment {0}', $.environment.name) - SecurityGroupIngress: + $groupDirection: - FromPort: '-1' ToPort: '-1' IpProtocol: icmp CidrIp: '0.0.0.0/0' - $.environment.stack.updateTemplate($template) - - $ingress: $rules.select(dict( + - $rulesList: $rules.select(dict( FromPort => str($.FromPort), ToPort => str($.ToPort), IpProtocol => $.IpProtocol, @@ -65,5 +105,5 @@ Methods: $groupName: type: 'AWS::EC2::SecurityGroup' properties: - SecurityGroupIngress: $ingress + $groupDirection: $rulesList - $.environment.stack.updateTemplate($template) diff --git a/meta/io.murano/Classes/system/NeutronSecurityGroupManager.yaml b/meta/io.murano/Classes/system/NeutronSecurityGroupManager.yaml index 1c22206d..ab085ee8 100644 --- a/meta/io.murano/Classes/system/NeutronSecurityGroupManager.yaml +++ b/meta/io.murano/Classes/system/NeutronSecurityGroupManager.yaml @@ -27,9 +27,41 @@ Methods: ToPort: $.int().notNull() IpProtocol: $.string().notNull() External: $.bool().notNull() + Ethertype: $.string().check($ in list(null, 'IPv4', 'IPv6')) - groupName: Contract: $.string().notNull() Default: $this.defaultGroupName + Body: + - $._addGroup(ingress, $rules, $groupName) + + addGroupEgress: + Arguments: + - rules: + Contract: + - FromPort: $.int().notNull() + ToPort: $.int().notNull() + IpProtocol: $.string().notNull() + External: $.bool().notNull() + Ethertype: $.string().check($ in list(null, 'IPv4', 'IPv6')) + - groupName: + Contract: $.string().notNull() + Default: $this.defaultGroupName + Body: + - $._addGroup(egress, $rules, $groupName) + + _addGroup: + Arguments: + - direction: + Contract: $.string().notNull().check($ in list(ingress, egress)) + - rules: + Contract: + - FromPort: $.int().notNull() + ToPort: $.int().notNull() + IpProtocol: $.string().notNull() + External: $.bool().notNull() + Ethertype: $.string().check($ in list(null, 'IPv4', 'IPv6')) + - groupName: + Contract: $.string().notNull() Body: - $ext_keys: true: @@ -53,11 +85,13 @@ Methods: remote_ip_prefix: '0.0.0.0/0' - $.environment.stack.updateTemplate($template) - - $ingress: $rules.select(dict( + - $rulesList: $rules.select(dict( port_range_min => $.FromPort, port_range_max => $.ToPort, protocol => $.IpProtocol, - $ext_keys.get($.External).ext_key => $ext_keys.get($.External).ext_val + ethertype => $.get(Ethertype, IPv4), + $ext_keys.get($.External).ext_key => $ext_keys.get($.External).ext_val, + direction => $direction )) - $template: @@ -65,5 +99,5 @@ Methods: $groupName: type: 'OS::Neutron::SecurityGroup' properties: - rules: $ingress - - $.environment.stack.updateTemplate($template) + rules: $rulesList + - $.environment.stack.updateTemplate($template) \ No newline at end of file diff --git a/meta/io.murano/Classes/system/SecurityGroupManager.yaml b/meta/io.murano/Classes/system/SecurityGroupManager.yaml index aca2632b..e6e48fe1 100644 --- a/meta/io.murano/Classes/system/SecurityGroupManager.yaml +++ b/meta/io.murano/Classes/system/SecurityGroupManager.yaml @@ -33,6 +33,20 @@ Methods: ToPort: $.int().notNull() IpProtocol: $.string().notNull() External: $.bool().notNull() + Ethertype: $.string().check($ in list(null, 'IPv4', 'IPv6')) - groupName: Contract: $.string().notNull() Default: $this.defaultGroupName + + addGroupEgress: + Arguments: + - rules: + Contract: + - FromPort: $.int().notNull() + ToPort: $.int().notNull() + IpProtocol: $.string().notNull() + External: $.bool().notNull() + Ethertype: $.string().check($ in list(null, 'IPv4', 'IPv6')) + - groupName: + Contract: $.string().notNull() + Default: $this.defaultGroupName \ No newline at end of file