deb-murano/meta/io.murano/Classes/system/AwsSecurityGroupManager.yaml
Dmytro Dovbii 7216781c03 [Core-Library] Add 'direction' argument to '_addGroup' method
Closes-Bug: #1541477

Change-Id: I76c9d3bc7e1f25a734393f15c32896437bd7230a
2016-02-03 16:18:56 +00:00

113 lines
3.7 KiB
YAML

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
Namespaces:
=: io.murano.system
std: io.murano
Name: AwsSecurityGroupManager
Extends: SecurityGroupManager
Methods:
addGroupIngress:
Arguments:
- rules:
Contract:
- FromPort: $.int().notNull()
ToPort: $.int().notNull()
IpProtocol: $.string().notNull()
External: $.bool().notNull()
Ethertype: $.string().check($ in list(null, 'IPv4', 'IPv6'))
- groupName:
Contract: $.string().notNull()
Default: $this.defaultGroupName
Body:
- $._addGroup(ingress, $rules, $groupName)
addGroupEgress:
Arguments:
- rules:
Contract:
- FromPort: $.int().notNull()
ToPort: $.int().notNull()
IpProtocol: $.string().notNull()
External: $.bool().notNull()
Ethertype: $.string().check($ in list(null, 'IPv4', 'IPv6'))
- groupName:
Contract: $.string().notNull()
Default: $this.defaultGroupName
Body:
- $._addGroup(egress, $rules, $groupName)
_addGroup:
Arguments:
- direction:
Contract: $.string().notNull().check($ in list(ingress, egress))
Default: ingress
- rules:
Contract:
- FromPort: $.int().notNull()
ToPort: $.int().notNull()
IpProtocol: $.string().notNull()
External: $.bool().notNull()
Ethertype: $.string().check($ in list(null, 'IPv4', 'IPv6'))
- groupName:
Contract: $.string().notNull()
Default: $this.defaultGroupName
Body:
- $ext_keys:
true:
ext_key: remote_ip_prefix
ext_val: '0.0.0.0/0'
false:
ext_key: remote_mode
ext_val: remote_group_id
- $ethertype: $rules.where($.get(Ethertype) = IPv6)
- If: len($ethertype) > 0
Then:
- $msg: 'Unable to add security group. IPv6 is not supported.'
- $._environment.reporter.report_error($this, $msg)
- Throw: UnsupportedPropertyValue
Message: $msg
- $groupDirection: dict(egress => SecurityGroupEgress).get($direction, SecurityGroupIngress)
- $stack: $.environment.stack
- $template:
resources:
$groupName:
type: 'AWS::EC2::SecurityGroup'
properties:
GroupDescription: format('Composite security group of Murano environment {0}', $.environment.name)
$groupDirection:
- FromPort: '-1'
ToPort: '-1'
IpProtocol: icmp
CidrIp: '0.0.0.0/0'
- $.environment.stack.updateTemplate($template)
- $rulesList: $rules.select(dict(
FromPort => str($.FromPort),
ToPort => str($.ToPort),
IpProtocol => $.IpProtocol,
CidrIp => '0.0.0.0/0'
))
- $template:
resources:
$groupName:
type: 'AWS::EC2::SecurityGroup'
properties:
$groupDirection: $rulesList
- $.environment.stack.updateTemplate($template)