# Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. Namespaces: =: io.murano.system std: io.murano Name: NeutronSecurityGroupManager Extends: SecurityGroupManager Methods: addGroupIngress: Arguments: - rules: Contract: - FromPort: $.int().notNull() ToPort: $.int().notNull() IpProtocol: $.string().notNull() External: $.bool().notNull() - groupName: Contract: $.string().notNull() Default: $this.defaultGroupName Body: - $ext_keys: true: ext_key: remote_ip_prefix ext_val: '0.0.0.0/0' false: ext_key: remote_mode ext_val: remote_group_id - $stack: $.environment.stack - $template: resources: $groupName: type: 'OS::Neutron::SecurityGroup' properties: description: format('Composite security group of Murano environment {0}', $.environment.name) rules: - port_range_min: null port_range_max: null protocol: icmp remote_ip_prefix: '0.0.0.0/0' - $.environment.stack.updateTemplate($template) - $ingress: $rules.select(dict( port_range_min => $.FromPort, port_range_max => $.ToPort, protocol => $.IpProtocol, $ext_keys.get($.External).ext_key => $ext_keys.get($.External).ext_val )) - $template: resources: $groupName: type: 'OS::Neutron::SecurityGroup' properties: rules: $ingress - $.environment.stack.updateTemplate($template)