openstack/trove
Code Issues Proposed changes

Add and associate security group rule with group.

Browse Source 
Fixes: bug #1176095 #1176098
Change-Id: I254aca213ae40326ed6e9c00bc35d63ff0805c9f
This commit is contained in:
Denis M 2013-08-29 15:45:07 +03:00 committed by Denis Makogon
parent 154639565a
commit 797fe9c2d3
4 changed files with 47 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
etc/trove/trove.conf.sample
View File

@ -89,9 +89,10 @@ reboot_time_out = 60
# Trove Security Groups for Instances
trove_security_groups_support = True
trove_security_groups_rules_support = False
trove_security_group_rule_protocol = tcp
trove_security_group_rule_port = 3306
trove_security_group_rule_cidr = 0.0.0.0/0
# Trove api-paste file name
api_paste_config = api-paste.ini

2
trove/common/cfg.py
View File

@ -121,8 +121,10 @@ common_opts = [
cfg.BoolOpt('hostname_require_ipv4', default=True,
help="Require user hostnames to be IPv4 addresses."),
cfg.BoolOpt('trove_security_groups_support', default=True),
cfg.BoolOpt('trove_security_groups_rules_support', default=True),
cfg.StrOpt('trove_security_group_rule_protocol', default='tcp'),
cfg.IntOpt('trove_security_group_rule_port', default=3306),
cfg.StrOpt('trove_security_group_rule_cidr', default='0.0.0.0/0'),
cfg.IntOpt('trove_api_workers', default=None),
cfg.IntOpt('usage_sleep_time', default=1,
help='Time to sleep during the check active guest'),

16
trove/instance/models.py
View File

@ -26,6 +26,7 @@ from trove.common.remote import create_guest_client
from trove.common.remote import create_nova_client
from trove.common.remote import create_cinder_client
from trove.extensions.security_group.models import SecurityGroup
from trove.extensions.security_group.models import SecurityGroupRule
from trove.db import models as dbmodels
from trove.backup.models import Backup
from trove.quota.quota import run_with_quotas
@ -55,7 +56,6 @@ def load_server(context, instance_id, server_id):
class InstanceStatus(object):
ACTIVE = "ACTIVE"
BLOCKED = "BLOCKED"
BUILD = "BUILD"
@ -391,14 +391,12 @@ class BaseInstance(SimpleInstance):
class FreshInstance(BaseInstance):
@classmethod
def load(cls, context, id):
return load_instance(cls, context, id, needs_server=False)
class BuiltInstance(BaseInstance):
@classmethod
def load(cls, context, id):
return load_instance(cls, context, id, needs_server=True)
@ -468,6 +466,15 @@ class Instance(BuiltInstance):
security_group = SecurityGroup.create_for_instance(
db_info.id,
context)
if CONF.trove_security_groups_rules_support:
SecurityGroupRule.create_sec_group_rule(
security_group,
CONF.trove_security_group_rule_protocol,
CONF.trove_security_group_rule_port,
CONF.trove_security_group_rule_port,
CONF.trove_security_group_rule_cidr,
context
)
security_groups = [security_group["name"]]
task_api.API(context).create_instance(db_info.id, name, flavor,
@ -601,11 +608,11 @@ def create_server_list_matcher(server_list):
LOG.error(_("Server %s for instance %s was found twice!") %
(server_id, instance_id))
raise exception.TroveError(uuid=instance_id)
return find_server
class Instances(object):
DEFAULT_LIMIT = CONF.instances_page_size
@staticmethod
@ -709,7 +716,6 @@ class ServiceImage(dbmodels.DatabaseModelBase):
class InstanceServiceStatus(dbmodels.DatabaseModelBase):
_data_fields = ['instance_id', 'status_id', 'status_description']
def __init__(self, status, **kwargs):

66
trove/tests/api/instances.py
View File

@ -196,7 +196,8 @@ class InstanceSetup(object):
else:
flavor_name = CONFIG.values.get('instance_flavor_name', 'm1.tiny')
flavors = dbaas.find_flavors_by_name(flavor_name)
assert_equal(len(flavors), 1, "Number of flavors with name '%s' "
assert_equal(len(flavors), 1,
"Number of flavors with name '%s' "
"found was '%d'." % (flavor_name, len(flavors)))
flavor = flavors[0]
assert_true(flavor is not None, "Flavor '%s' not found!" % flavor_name)
@ -547,6 +548,9 @@ class SecurityGroupsTest(object):
runs_after_groups=[tests.PRE_INSTANCES])
class SecurityGroupsRulesTest(object):
# Security group already have default rule
# that is why 'delete'-test is not needed anymore
@before_class
def setUp(self):
self.testSecurityGroup = dbaas.security_groups.get(
@ -556,28 +560,32 @@ class SecurityGroupsRulesTest(object):
@test
def test_create_security_group_rule(self):
self.testSecurityGroupRule = dbaas.security_group_rules.create(
group_id=self.testSecurityGroup.id,
protocol="tcp",
from_port=3306,
to_port=3306,
cidr="0.0.0.0/0")
assert_is_not_none(self.testSecurityGroupRule)
with TypeCheck('SecurityGroupRule',
self.testSecurityGroupRule) as secGrpRule:
secGrpRule.has_field('id', basestring)
secGrpRule.has_field('security_group_id', basestring)
secGrpRule.has_field('protocol', basestring)
secGrpRule.has_field('cidr', basestring)
secGrpRule.has_field('from_port', int)
secGrpRule.has_field('to_port', int)
secGrpRule.has_field('created', basestring)
assert_equal(self.testSecurityGroupRule.security_group_id,
self.testSecurityGroup.id)
assert_equal(self.testSecurityGroupRule.protocol, "tcp")
assert_equal(int(self.testSecurityGroupRule.from_port), 3306)
assert_equal(int(self.testSecurityGroupRule.to_port), 3306)
assert_equal(self.testSecurityGroupRule.cidr, "0.0.0.0/0")
if len(self.testSecurityGroup.rules) == 0:
self.testSecurityGroupRule = \
dbaas.security_group_rules.create(
group_id=self.testSecurityGroup.id,
protocol="tcp",
from_port=3306,
to_port=3306,
cidr="0.0.0.0/0")
assert_is_not_none(self.testSecurityGroupRule)
with TypeCheck('SecurityGroupRule',
self.testSecurityGroupRule) as secGrpRule:
secGrpRule.has_field('id', basestring)
secGrpRule.has_field('security_group_id', basestring)
secGrpRule.has_field('protocol', basestring)
secGrpRule.has_field('cidr', basestring)
secGrpRule.has_field('from_port', int)
secGrpRule.has_field('to_port', int)
secGrpRule.has_field('created', basestring)
assert_equal(self.testSecurityGroupRule.security_group_id,
self.testSecurityGroup.id)
assert_equal(self.testSecurityGroupRule.protocol, "tcp")
assert_equal(int(self.testSecurityGroupRule.from_port), 3306)
assert_equal(int(self.testSecurityGroupRule.to_port), 3306)
assert_equal(self.testSecurityGroupRule.cidr, "0.0.0.0/0")
else:
assert_not_equal(len(self.testSecurityGroup.rules), 0)
@test
def test_deep_list_security_group_with_rules(self):
@ -586,17 +594,7 @@ class SecurityGroupsRulesTest(object):
securityGroup = [x for x in securityGroupList
if x.name in self.secGroupName]
assert_is_not_none(securityGroup[0])
assert_equal(len(securityGroup[0].rules), 1)
@test
def test_delete_security_group_rule(self):
dbaas.security_group_rules.delete(self.testSecurityGroupRule.id)
securityGroupList = dbaas.security_groups.list()
assert_is_not_none(securityGroupList)
securityGroup = [x for x in securityGroupList
if x.name in self.secGroupName]
assert_is_not_none(securityGroup[0])
assert_equal(len(securityGroup[0].rules), 0)
assert_not_equal(len(securityGroup[0].rules), 0)
@test(depends_on_classes=[CreateInstance],