218 lines
7.6 KiB
Python
218 lines
7.6 KiB
Python
# Copyright 2013 Big Switch Networks
|
|
# All Rights Reserved
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
|
|
from __future__ import print_function
|
|
|
|
import argparse
|
|
|
|
from neutronclient.i18n import _
|
|
from neutronclient.neutron import v2_0 as neutronv20
|
|
|
|
|
|
def _format_firewall_rules(firewall_policy):
|
|
try:
|
|
output = '[' + ',\n '.join([rule for rule in
|
|
firewall_policy['firewall_rules']]) + ']'
|
|
return output
|
|
except (TypeError, KeyError):
|
|
return ''
|
|
|
|
|
|
def common_add_known_arguments(parser):
|
|
parser.add_argument(
|
|
'--firewall-rules', type=lambda x: x.split(),
|
|
help=_('Ordered list of whitespace-delimited firewall rule '
|
|
'names or IDs; e.g., --firewall-rules \"rule1 rule2\"'))
|
|
|
|
|
|
def common_args2body(client, parsed_args):
|
|
if parsed_args.firewall_rules:
|
|
_firewall_rules = []
|
|
for f in parsed_args.firewall_rules:
|
|
_firewall_rules.append(
|
|
neutronv20.find_resourceid_by_name_or_id(
|
|
client, 'firewall_rule', f))
|
|
body = {'firewall_rules': _firewall_rules}
|
|
else:
|
|
body = {}
|
|
neutronv20.update_dict(parsed_args, body,
|
|
['name', 'description', 'shared',
|
|
'audited', 'tenant_id'])
|
|
return {'firewall_policy': body}
|
|
|
|
|
|
class ListFirewallPolicy(neutronv20.ListCommand):
|
|
"""List firewall policies that belong to a given tenant."""
|
|
|
|
resource = 'firewall_policy'
|
|
list_columns = ['id', 'name', 'firewall_rules']
|
|
_formatters = {'firewall_rules': _format_firewall_rules,
|
|
}
|
|
pagination_support = True
|
|
sorting_support = True
|
|
|
|
|
|
class ShowFirewallPolicy(neutronv20.ShowCommand):
|
|
"""Show information of a given firewall policy."""
|
|
|
|
resource = 'firewall_policy'
|
|
|
|
|
|
class CreateFirewallPolicy(neutronv20.CreateCommand):
|
|
"""Create a firewall policy."""
|
|
|
|
resource = 'firewall_policy'
|
|
|
|
def add_known_arguments(self, parser):
|
|
parser.add_argument(
|
|
'name',
|
|
metavar='NAME',
|
|
help=_('Name for the firewall policy.'))
|
|
parser.add_argument(
|
|
'--description',
|
|
help=_('Description for the firewall policy.'))
|
|
parser.add_argument(
|
|
'--shared',
|
|
dest='shared',
|
|
action='store_true',
|
|
help=_('Create a shared policy.'),
|
|
default=argparse.SUPPRESS)
|
|
common_add_known_arguments(parser)
|
|
parser.add_argument(
|
|
'--audited',
|
|
action='store_true',
|
|
help=_('Sets audited to True.'),
|
|
default=argparse.SUPPRESS)
|
|
|
|
def args2body(self, parsed_args):
|
|
return common_args2body(self.get_client(), parsed_args)
|
|
|
|
|
|
class UpdateFirewallPolicy(neutronv20.UpdateCommand):
|
|
"""Update a given firewall policy."""
|
|
|
|
resource = 'firewall_policy'
|
|
|
|
def add_known_arguments(self, parser):
|
|
common_add_known_arguments(parser)
|
|
|
|
def args2body(self, parsed_args):
|
|
return common_args2body(self.get_client(), parsed_args)
|
|
|
|
|
|
class DeleteFirewallPolicy(neutronv20.DeleteCommand):
|
|
"""Delete a given firewall policy."""
|
|
|
|
resource = 'firewall_policy'
|
|
|
|
|
|
class FirewallPolicyInsertRule(neutronv20.UpdateCommand):
|
|
"""Insert a rule into a given firewall policy."""
|
|
|
|
resource = 'firewall_policy'
|
|
|
|
def call_api(self, neutron_client, firewall_policy_id, body):
|
|
return neutron_client.firewall_policy_insert_rule(firewall_policy_id,
|
|
body)
|
|
|
|
def args2body(self, parsed_args):
|
|
_rule = ''
|
|
if parsed_args.firewall_rule_id:
|
|
_rule = neutronv20.find_resourceid_by_name_or_id(
|
|
self.get_client(), 'firewall_rule',
|
|
parsed_args.firewall_rule_id)
|
|
_insert_before = ''
|
|
if 'insert_before' in parsed_args:
|
|
if parsed_args.insert_before:
|
|
_insert_before = neutronv20.find_resourceid_by_name_or_id(
|
|
self.get_client(), 'firewall_rule',
|
|
parsed_args.insert_before)
|
|
_insert_after = ''
|
|
if 'insert_after' in parsed_args:
|
|
if parsed_args.insert_after:
|
|
_insert_after = neutronv20.find_resourceid_by_name_or_id(
|
|
self.get_client(), 'firewall_rule',
|
|
parsed_args.insert_after)
|
|
body = {'firewall_rule_id': _rule,
|
|
'insert_before': _insert_before,
|
|
'insert_after': _insert_after}
|
|
return body
|
|
|
|
def get_parser(self, prog_name):
|
|
parser = super(FirewallPolicyInsertRule, self).get_parser(prog_name)
|
|
parser.add_argument(
|
|
'--insert-before',
|
|
metavar='FIREWALL_RULE',
|
|
help=_('Insert before this rule.'))
|
|
parser.add_argument(
|
|
'--insert-after',
|
|
metavar='FIREWALL_RULE',
|
|
help=_('Insert after this rule.'))
|
|
parser.add_argument(
|
|
'firewall_rule_id',
|
|
metavar='FIREWALL_RULE',
|
|
help=_('New rule to insert.'))
|
|
self.add_known_arguments(parser)
|
|
return parser
|
|
|
|
def run(self, parsed_args):
|
|
neutron_client = self.get_client()
|
|
body = self.args2body(parsed_args)
|
|
_id = neutronv20.find_resourceid_by_name_or_id(neutron_client,
|
|
self.resource,
|
|
parsed_args.id)
|
|
self.call_api(neutron_client, _id, body)
|
|
print((_('Inserted firewall rule in firewall policy %(id)s') %
|
|
{'id': parsed_args.id}), file=self.app.stdout)
|
|
|
|
|
|
class FirewallPolicyRemoveRule(neutronv20.UpdateCommand):
|
|
"""Remove a rule from a given firewall policy."""
|
|
|
|
resource = 'firewall_policy'
|
|
|
|
def call_api(self, neutron_client, firewall_policy_id, body):
|
|
return neutron_client.firewall_policy_remove_rule(firewall_policy_id,
|
|
body)
|
|
|
|
def args2body(self, parsed_args):
|
|
_rule = ''
|
|
if parsed_args.firewall_rule_id:
|
|
_rule = neutronv20.find_resourceid_by_name_or_id(
|
|
self.get_client(), 'firewall_rule',
|
|
parsed_args.firewall_rule_id)
|
|
body = {'firewall_rule_id': _rule}
|
|
return body
|
|
|
|
def get_parser(self, prog_name):
|
|
parser = super(FirewallPolicyRemoveRule, self).get_parser(prog_name)
|
|
parser.add_argument(
|
|
'firewall_rule_id',
|
|
metavar='FIREWALL_RULE',
|
|
help=_('Firewall rule to remove from policy.'))
|
|
self.add_known_arguments(parser)
|
|
return parser
|
|
|
|
def run(self, parsed_args):
|
|
neutron_client = self.get_client()
|
|
body = self.args2body(parsed_args)
|
|
_id = neutronv20.find_resourceid_by_name_or_id(neutron_client,
|
|
self.resource,
|
|
parsed_args.id)
|
|
self.call_api(neutron_client, _id, body)
|
|
print((_('Removed firewall rule from firewall policy %(id)s') %
|
|
{'id': parsed_args.id}), file=self.app.stdout)
|