b6afd59e61
Add API & CLI support for security-group-default-rules. Security group default rules allows users to create, delete, list, and get rules that will be pre-populated into the Security Group "default" that is populated in all projects on creation. This feature was intoduced in Grizzly. This commit also includes a small typo fix in the security_group_rules fake. Change-Id: I6722b659934bde34bd206103f92dbd2cc42b1537 Closes-Bug: #1326941
82 lines
2.7 KiB
Python
82 lines
2.7 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
"""
|
|
Security group default rules interface.
|
|
"""
|
|
|
|
from novaclient import base
|
|
from novaclient import exceptions
|
|
from novaclient.openstack.common.gettextutils import _
|
|
|
|
|
|
class SecurityGroupDefaultRule(base.Resource):
|
|
def __str__(self):
|
|
return str(self.id)
|
|
|
|
def delete(self):
|
|
self.manager.delete(self)
|
|
|
|
|
|
class SecurityGroupDefaultRuleManager(base.Manager):
|
|
resource_class = SecurityGroupDefaultRule
|
|
|
|
def create(self, ip_protocol=None, from_port=None, to_port=None,
|
|
cidr=None):
|
|
"""
|
|
Create a security group default rule
|
|
|
|
:param ip_protocol: IP protocol, one of 'tcp', 'udp' or 'icmp'
|
|
:param from_port: Source port
|
|
:param to_port: Destination port
|
|
:param cidr: Destination IP address(es) in CIDR notation
|
|
"""
|
|
|
|
try:
|
|
from_port = int(from_port)
|
|
except (TypeError, ValueError):
|
|
raise exceptions.CommandError(_("From port must be an integer."))
|
|
try:
|
|
to_port = int(to_port)
|
|
except (TypeError, ValueError):
|
|
raise exceptions.CommandError(_("To port must be an integer."))
|
|
if ip_protocol.upper() not in ['TCP', 'UDP', 'ICMP']:
|
|
raise exceptions.CommandError(_("Ip protocol must be 'tcp', 'udp'"
|
|
", or 'icmp'."))
|
|
|
|
body = {"security_group_default_rule": {
|
|
"ip_protocol": ip_protocol,
|
|
"from_port": from_port,
|
|
"to_port": to_port,
|
|
"cidr": cidr}}
|
|
|
|
return self._create('/os-security-group-default-rules', body,
|
|
'security_group_default_rule')
|
|
|
|
def delete(self, rule):
|
|
"""
|
|
Delete a security group default rule
|
|
|
|
:param rule: The security group default rule to delete (ID or Class)
|
|
"""
|
|
self._delete('/os-security-group-default-rules/%s' % base.getid(rule))
|
|
|
|
def list(self):
|
|
"""
|
|
Get a list of all security group default rules
|
|
|
|
:rtype: list of :class:`SecurityGroupDefaultRule`
|
|
"""
|
|
|
|
return self._list('/os-security-group-default-rules',
|
|
'security_group_default_rules')
|