1161 lines
38 KiB
Python
1161 lines
38 KiB
Python
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
|
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from gbpautomation.heat.engine.resources.neutron import gbpresource
|
|
from neutronclient.common.exceptions import NeutronClientException
|
|
|
|
from heat.engine import attributes
|
|
from heat.engine import constraints
|
|
from heat.engine import properties
|
|
|
|
|
|
class PolicyTarget(gbpresource.GBPResource):
|
|
|
|
PROPERTIES = (
|
|
TENANT_ID, NAME, DESCRIPTION, POLICY_TARGET_GROUP_ID
|
|
) = (
|
|
'tenant_id', 'name', 'description', 'policy_target_group_id'
|
|
)
|
|
|
|
ATTRIBUTES = (
|
|
PORT_ID
|
|
) = (
|
|
'port_id'
|
|
)
|
|
|
|
properties_schema = {
|
|
TENANT_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Tenant id of the policy target.')
|
|
),
|
|
NAME: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Name of the policy target.'),
|
|
update_allowed=True
|
|
),
|
|
DESCRIPTION: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Description of the policy target.'),
|
|
update_allowed=True
|
|
),
|
|
POLICY_TARGET_GROUP_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Policy target group id of the policy target.'),
|
|
required=True,
|
|
update_allowed=True
|
|
)
|
|
}
|
|
|
|
attributes_schema = {
|
|
PORT_ID: attributes.Schema(
|
|
_("Neutron port id of this policy target")
|
|
)
|
|
}
|
|
|
|
def _show_resource(self):
|
|
client = self.grouppolicy()
|
|
pt_id = self.resource_id
|
|
return client.show_policy_target(pt_id)['policy_target']
|
|
|
|
def handle_create(self):
|
|
client = self.grouppolicy()
|
|
|
|
props = {}
|
|
for key in self.properties:
|
|
if self.properties.get(key) is not None:
|
|
props[key] = self.properties.get(key)
|
|
|
|
pt = client.create_policy_target(
|
|
{'policy_target': props})['policy_target']
|
|
|
|
self.resource_id_set(pt['id'])
|
|
|
|
def _resolve_attribute(self, name):
|
|
client = self.grouppolicy()
|
|
pt_id = self.resource_id
|
|
if name == 'port_id':
|
|
return client.show_policy_target(pt_id)['policy_target']['port_id']
|
|
return super(PolicyTarget, self)._resolve_attribute(name)
|
|
|
|
def handle_delete(self):
|
|
|
|
client = self.grouppolicy()
|
|
pt_id = self.resource_id
|
|
|
|
try:
|
|
client.delete_policy_target(pt_id)
|
|
except NeutronClientException as ex:
|
|
self.client_plugin().ignore_not_found(ex)
|
|
else:
|
|
return self._delete_task()
|
|
|
|
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
|
|
if prop_diff:
|
|
self.grouppolicy().update_policy_target(
|
|
self.resource_id, {'policy_target': prop_diff})
|
|
|
|
|
|
class PolicyTargetGroup(gbpresource.GBPResource):
|
|
|
|
PROPERTIES = (
|
|
TENANT_ID, NAME, DESCRIPTION, L2_POLICY_ID, PROVIDED_POLICY_RULE_SETS,
|
|
CONSUMED_POLICY_RULE_SETS, NETWORK_SERVICE_POLICY_ID, SHARED
|
|
) = (
|
|
'tenant_id', 'name', 'description', 'l2_policy_id',
|
|
'provided_policy_rule_sets', 'consumed_policy_rule_sets',
|
|
'network_service_policy_id', 'shared'
|
|
)
|
|
|
|
properties_schema = {
|
|
TENANT_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Tenant id of the policy target group.')
|
|
),
|
|
NAME: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Name of the policy target group.'),
|
|
update_allowed=True
|
|
),
|
|
DESCRIPTION: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Description of the policy target group.'),
|
|
update_allowed=True
|
|
),
|
|
L2_POLICY_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('L2 policy id of the policy target group.'),
|
|
update_allowed=True
|
|
),
|
|
PROVIDED_POLICY_RULE_SETS: properties.Schema(
|
|
properties.Schema.LIST,
|
|
_('Provided policy rule set for the policy target group.'),
|
|
update_allowed=True
|
|
),
|
|
CONSUMED_POLICY_RULE_SETS: properties.Schema(
|
|
properties.Schema.LIST,
|
|
_('Consumed policy rule set for the policy target group.'),
|
|
update_allowed=True
|
|
),
|
|
NETWORK_SERVICE_POLICY_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Network service policy id of the policy target group.'),
|
|
update_allowed=True, default=None
|
|
),
|
|
SHARED: properties.Schema(
|
|
properties.Schema.BOOLEAN,
|
|
_('Shared.'),
|
|
update_allowed=True, required=True
|
|
)
|
|
|
|
}
|
|
|
|
def _show_resource(self):
|
|
client = self.grouppolicy()
|
|
ptg_id = self.resource_id
|
|
return client.show_policy_target_group(ptg_id)['policy_target_group']
|
|
|
|
def handle_create(self):
|
|
client = self.grouppolicy()
|
|
|
|
props = {}
|
|
for key in self.properties:
|
|
if self.properties.get(key) is not None:
|
|
props[key] = self.properties.get(key)
|
|
|
|
provided_policy_rule_set_list = {}
|
|
consumed_policy_rule_set_list = {}
|
|
props_provided_policy_rule_sets = props.get(
|
|
'provided_policy_rule_sets', [])
|
|
props_consumed_policy_rule_sets = props.get(
|
|
'consumed_policy_rule_sets', [])
|
|
|
|
for prop_prov_policy_rule_set in props_provided_policy_rule_sets:
|
|
policy_rule_set_id = (
|
|
prop_prov_policy_rule_set['policy_rule_set_id'])
|
|
policy_rule_set_scope = (
|
|
prop_prov_policy_rule_set['policy_rule_set_scope'])
|
|
provided_policy_rule_set_list.update({policy_rule_set_id:
|
|
policy_rule_set_scope})
|
|
|
|
for prop_cons_policy_rule_set in props_consumed_policy_rule_sets:
|
|
policy_rule_set_id = (
|
|
prop_cons_policy_rule_set['policy_rule_set_id'])
|
|
policy_rule_set_scope = (
|
|
prop_cons_policy_rule_set['policy_rule_set_scope'])
|
|
consumed_policy_rule_set_list.update({policy_rule_set_id:
|
|
policy_rule_set_scope})
|
|
|
|
if provided_policy_rule_set_list:
|
|
props['provided_policy_rule_sets'] = provided_policy_rule_set_list
|
|
if consumed_policy_rule_set_list:
|
|
props['consumed_policy_rule_sets'] = consumed_policy_rule_set_list
|
|
|
|
ptg = client.create_policy_target_group(
|
|
{'policy_target_group': props})['policy_target_group']
|
|
|
|
self.resource_id_set(ptg['id'])
|
|
|
|
def handle_delete(self):
|
|
|
|
client = self.grouppolicy()
|
|
ptg_id = self.resource_id
|
|
|
|
try:
|
|
client.delete_policy_target_group(ptg_id)
|
|
except NeutronClientException as ex:
|
|
self.client_plugin().ignore_not_found(ex)
|
|
else:
|
|
return self._delete_task()
|
|
|
|
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
|
|
if prop_diff:
|
|
provided_policy_rule_set_list = {}
|
|
consumed_policy_rule_set_list = {}
|
|
props_provided_policy_rule_sets = prop_diff.get(
|
|
'provided_policy_rule_sets', [])
|
|
props_consumed_policy_rule_sets = prop_diff.get(
|
|
'consumed_policy_rule_sets', [])
|
|
|
|
for prop_prov_policy_rule_set in props_provided_policy_rule_sets:
|
|
policy_rule_set_id = (
|
|
prop_prov_policy_rule_set['policy_rule_set_id'])
|
|
policy_rule_set_scope = (
|
|
prop_prov_policy_rule_set['policy_rule_set_scope'])
|
|
provided_policy_rule_set_list.update({policy_rule_set_id:
|
|
policy_rule_set_scope})
|
|
|
|
for prop_cons_policy_rule_set in props_consumed_policy_rule_sets:
|
|
policy_rule_set_id = (
|
|
prop_cons_policy_rule_set['policy_rule_set_id'])
|
|
policy_rule_set_scope = (
|
|
prop_cons_policy_rule_set['policy_rule_set_scope'])
|
|
consumed_policy_rule_set_list.update({policy_rule_set_id:
|
|
policy_rule_set_scope})
|
|
|
|
if provided_policy_rule_set_list:
|
|
prop_diff['provided_policy_rule_sets'] = (
|
|
provided_policy_rule_set_list)
|
|
if consumed_policy_rule_set_list:
|
|
prop_diff['consumed_policy_rule_sets'] = (
|
|
consumed_policy_rule_set_list)
|
|
|
|
self.grouppolicy().update_policy_target_group(
|
|
self.resource_id, {'policy_target_group': prop_diff})
|
|
|
|
|
|
class L2Policy(gbpresource.GBPResource):
|
|
|
|
PROPERTIES = (
|
|
TENANT_ID, NAME, DESCRIPTION, L3_POLICY_ID, SHARED
|
|
) = (
|
|
'tenant_id', 'name', 'description', 'l3_policy_id', 'shared'
|
|
)
|
|
|
|
properties_schema = {
|
|
TENANT_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Tenant id of the L2 policy.')
|
|
),
|
|
NAME: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Name of the L2 policy.'),
|
|
update_allowed=True
|
|
),
|
|
DESCRIPTION: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Description of the L2 policy.'),
|
|
update_allowed=True
|
|
),
|
|
L3_POLICY_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('L3 policy id associated with l2 policy.'),
|
|
required=True,
|
|
update_allowed=True
|
|
),
|
|
SHARED: properties.Schema(
|
|
properties.Schema.BOOLEAN,
|
|
_('Shared.'),
|
|
update_allowed=True, required=True
|
|
)
|
|
}
|
|
|
|
def _show_resource(self):
|
|
client = self.grouppolicy()
|
|
l2_policy_id = self.resource_id
|
|
return client.show_l2_policy(l2_policy_id)['l2_policy']
|
|
|
|
def handle_create(self):
|
|
client = self.grouppolicy()
|
|
|
|
props = {}
|
|
for key in self.properties:
|
|
if self.properties.get(key) is not None:
|
|
props[key] = self.properties.get(key)
|
|
|
|
l2_policy = client.create_l2_policy(
|
|
{'l2_policy': props})['l2_policy']
|
|
|
|
self.resource_id_set(l2_policy['id'])
|
|
|
|
def handle_delete(self):
|
|
|
|
client = self.grouppolicy()
|
|
l2_policy_id = self.resource_id
|
|
|
|
try:
|
|
client.delete_l2_policy(l2_policy_id)
|
|
except NeutronClientException as ex:
|
|
self.client_plugin().ignore_not_found(ex)
|
|
else:
|
|
return self._delete_task()
|
|
|
|
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
|
|
if prop_diff:
|
|
self.grouppolicy().update_l2_policy(
|
|
self.resource_id, {'l2_policy': prop_diff})
|
|
|
|
|
|
class L3Policy(gbpresource.GBPResource):
|
|
|
|
PROPERTIES = (
|
|
TENANT_ID, NAME, DESCRIPTION, IP_VERSION, IP_POOL,
|
|
SUBNET_PREFIX_LENGTH, EXTERNAL_SEGMENTS, SHARED
|
|
) = (
|
|
'tenant_id', 'name', 'description', 'ip_version', 'ip_pool',
|
|
'subnet_prefix_length', 'external_segments', 'shared'
|
|
)
|
|
|
|
properties_schema = {
|
|
TENANT_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Tenant id of the L3 policy.')
|
|
),
|
|
NAME: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Name of the L3 policy.'),
|
|
update_allowed=True
|
|
),
|
|
DESCRIPTION: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Description of the L3 policy.'),
|
|
update_allowed=True
|
|
),
|
|
IP_VERSION: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('IP version of the L3 policy.'),
|
|
update_allowed=False
|
|
),
|
|
IP_POOL: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('IP pool of the L3 policy.'),
|
|
update_allowed=False
|
|
),
|
|
SUBNET_PREFIX_LENGTH: properties.Schema(
|
|
properties.Schema.INTEGER,
|
|
_('Subnet prefix length of L3 policy.'),
|
|
update_allowed=True
|
|
),
|
|
EXTERNAL_SEGMENTS: properties.Schema(
|
|
properties.Schema.MAP,
|
|
_('External segments of L3 policy.'),
|
|
update_allowed=True
|
|
),
|
|
SHARED: properties.Schema(
|
|
properties.Schema.BOOLEAN,
|
|
_('Shared.'),
|
|
update_allowed=True, required=True
|
|
)
|
|
}
|
|
|
|
def _show_resource(self):
|
|
client = self.grouppolicy()
|
|
l3_policy_id = self.resource_id
|
|
return client.show_l3_policy(l3_policy_id)['l3_policy']
|
|
|
|
def handle_create(self):
|
|
client = self.grouppolicy()
|
|
|
|
props = {}
|
|
for key in self.properties:
|
|
if self.properties.get(key) is not None:
|
|
props[key] = self.properties.get(key)
|
|
|
|
l3_policy = client.create_l3_policy(
|
|
{'l3_policy': props})['l3_policy']
|
|
|
|
self.resource_id_set(l3_policy['id'])
|
|
|
|
def handle_delete(self):
|
|
|
|
client = self.grouppolicy()
|
|
l3_policy_id = self.resource_id
|
|
|
|
try:
|
|
client.delete_l3_policy(l3_policy_id)
|
|
except NeutronClientException as ex:
|
|
self.client_plugin().ignore_not_found(ex)
|
|
else:
|
|
return self._delete_task()
|
|
|
|
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
|
|
if prop_diff:
|
|
self.grouppolicy().update_l3_policy(
|
|
self.resource_id, {'l3_policy': prop_diff})
|
|
|
|
|
|
class PolicyClassifier(gbpresource.GBPResource):
|
|
|
|
PROPERTIES = (
|
|
TENANT_ID, NAME, DESCRIPTION, PROTOCOL, PORT_RANGE,
|
|
DIRECTION, SHARED
|
|
) = (
|
|
'tenant_id', 'name', 'description', 'protocol', 'port_range',
|
|
'direction', 'shared'
|
|
)
|
|
|
|
properties_schema = {
|
|
TENANT_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Tenant id of the policy classifier.')
|
|
),
|
|
NAME: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Name of the policy classifier.'),
|
|
update_allowed=True
|
|
),
|
|
DESCRIPTION: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Description of the policy classifier.'),
|
|
update_allowed=True
|
|
),
|
|
PROTOCOL: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Protocol of traffic described by the policy classifier.'),
|
|
constraints=[
|
|
constraints.AllowedValues(['tcp', 'udp', 'icmp', None])
|
|
],
|
|
update_allowed=True
|
|
),
|
|
PORT_RANGE: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Port range of traffic described by the policy classifier.'),
|
|
update_allowed=True
|
|
),
|
|
DIRECTION: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Direction of traffic described by the policy classifier.'),
|
|
constraints=[
|
|
constraints.AllowedValues(['in', 'out', 'bi', None])
|
|
],
|
|
update_allowed=True
|
|
),
|
|
SHARED: properties.Schema(
|
|
properties.Schema.BOOLEAN,
|
|
_('Shared.'),
|
|
update_allowed=True, required=True
|
|
)
|
|
}
|
|
|
|
def _show_resource(self):
|
|
client = self.grouppolicy()
|
|
pc_id = self.resource_id
|
|
return client.show_policy_classifier(pc_id)['policy_classifier']
|
|
|
|
def handle_create(self):
|
|
client = self.grouppolicy()
|
|
|
|
props = {}
|
|
for key in self.properties:
|
|
if self.properties.get(key) is not None:
|
|
props[key] = self.properties.get(key)
|
|
|
|
policy_classifier = client.create_policy_classifier(
|
|
{'policy_classifier': props})['policy_classifier']
|
|
|
|
self.resource_id_set(policy_classifier['id'])
|
|
|
|
def handle_delete(self):
|
|
|
|
client = self.grouppolicy()
|
|
pc_id = self.resource_id
|
|
|
|
try:
|
|
client.delete_policy_classifier(pc_id)
|
|
except NeutronClientException as ex:
|
|
self.client_plugin().ignore_not_found(ex)
|
|
else:
|
|
return self._delete_task()
|
|
|
|
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
|
|
if prop_diff:
|
|
self.grouppolicy().update_policy_classifier(
|
|
self.resource_id, {'policy_classifier': prop_diff})
|
|
|
|
|
|
class PolicyAction(gbpresource.GBPResource):
|
|
|
|
PROPERTIES = (
|
|
TENANT_ID, NAME, DESCRIPTION, ACTION_TYPE, ACTION_VALUE, SHARED
|
|
) = (
|
|
'tenant_id', 'name', 'description', 'action_type', 'action_value',
|
|
'shared'
|
|
)
|
|
|
|
properties_schema = {
|
|
TENANT_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Tenant id of the action.')
|
|
),
|
|
NAME: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Name of the action.'),
|
|
update_allowed=True
|
|
),
|
|
DESCRIPTION: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Description of the action.'),
|
|
update_allowed=True
|
|
),
|
|
ACTION_TYPE: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Type of action.'),
|
|
constraints=[
|
|
constraints.AllowedValues(['allow', 'redirect', None])
|
|
],
|
|
update_allowed=True
|
|
),
|
|
ACTION_VALUE: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Value of the action.'),
|
|
update_allowed=True
|
|
),
|
|
SHARED: properties.Schema(
|
|
properties.Schema.BOOLEAN,
|
|
_('Shared.'),
|
|
update_allowed=True, required=True
|
|
)
|
|
}
|
|
|
|
def _show_resource(self):
|
|
client = self.grouppolicy()
|
|
action_id = self.resource_id
|
|
return client.show_policy_action(action_id)['policy_action']
|
|
|
|
def handle_create(self):
|
|
client = self.grouppolicy()
|
|
|
|
props = {}
|
|
for key in self.properties:
|
|
if self.properties.get(key) is not None:
|
|
props[key] = self.properties.get(key)
|
|
|
|
policy_action = client.create_policy_action(
|
|
{'policy_action': props})['policy_action']
|
|
|
|
self.resource_id_set(policy_action['id'])
|
|
|
|
def handle_delete(self):
|
|
|
|
client = self.grouppolicy()
|
|
action_id = self.resource_id
|
|
|
|
try:
|
|
client.delete_policy_action(action_id)
|
|
except NeutronClientException as ex:
|
|
self.client_plugin().ignore_not_found(ex)
|
|
else:
|
|
return self._delete_task()
|
|
|
|
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
|
|
if prop_diff:
|
|
self.grouppolicy().update_policy_action(
|
|
self.resource_id, {'policy_action': prop_diff})
|
|
|
|
|
|
class PolicyRule(gbpresource.GBPResource):
|
|
|
|
PROPERTIES = (
|
|
TENANT_ID, NAME, DESCRIPTION, ENABLED, POLICY_CLASSIFIER_ID,
|
|
POLICY_ACTIONS, SHARED
|
|
) = (
|
|
'tenant_id', 'name', 'description', 'enabled', 'policy_classifier_id',
|
|
'policy_actions', 'shared'
|
|
)
|
|
|
|
properties_schema = {
|
|
TENANT_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Tenant id of the policy rule.')
|
|
),
|
|
NAME: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Name of the policy rule.'),
|
|
update_allowed=True
|
|
),
|
|
DESCRIPTION: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Description of the policy rule.'),
|
|
update_allowed=True
|
|
),
|
|
ENABLED: properties.Schema(
|
|
properties.Schema.BOOLEAN,
|
|
_('State of policy rule.'),
|
|
default=True, update_allowed=True
|
|
),
|
|
POLICY_CLASSIFIER_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Classifier id of the policy rule.'),
|
|
required=True, update_allowed=True
|
|
),
|
|
POLICY_ACTIONS: properties.Schema(
|
|
properties.Schema.LIST,
|
|
_('List of actions of the policy rule.'),
|
|
default=None, update_allowed=True
|
|
),
|
|
SHARED: properties.Schema(
|
|
properties.Schema.BOOLEAN,
|
|
_('Shared.'),
|
|
update_allowed=True, required=True
|
|
)
|
|
}
|
|
|
|
def _show_resource(self):
|
|
client = self.grouppolicy()
|
|
rule_id = self.resource_id
|
|
return client.show_policy_rule(rule_id)['policy_rule']
|
|
|
|
def handle_create(self):
|
|
client = self.grouppolicy()
|
|
|
|
props = {}
|
|
for key in self.properties:
|
|
if self.properties.get(key) is not None:
|
|
props[key] = self.properties.get(key)
|
|
|
|
policy_rule = client.create_policy_rule(
|
|
{'policy_rule': props})['policy_rule']
|
|
|
|
self.resource_id_set(policy_rule['id'])
|
|
|
|
def handle_delete(self):
|
|
|
|
client = self.grouppolicy()
|
|
rule_id = self.resource_id
|
|
|
|
try:
|
|
client.delete_policy_rule(rule_id)
|
|
except NeutronClientException as ex:
|
|
self.client_plugin().ignore_not_found(ex)
|
|
else:
|
|
return self._delete_task()
|
|
|
|
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
|
|
if prop_diff:
|
|
self.grouppolicy().update_policy_rule(
|
|
self.resource_id, {'policy_rule': prop_diff})
|
|
|
|
|
|
class PolicyRuleSet(gbpresource.GBPResource):
|
|
|
|
PROPERTIES = (
|
|
TENANT_ID, NAME, DESCRIPTION, PARENT_ID, CHILD_POLICY_RULE_SETS,
|
|
POLICY_RULES, SHARED
|
|
) = (
|
|
'tenant_id', 'name', 'description', 'parent_id',
|
|
'child_policy_rule_sets', 'policy_rules', 'shared'
|
|
)
|
|
|
|
properties_schema = {
|
|
TENANT_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Tenant id of the policy rule set.')
|
|
),
|
|
NAME: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Name of the policy rule set.'),
|
|
update_allowed=True
|
|
),
|
|
DESCRIPTION: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Description of the policy rule set.'),
|
|
update_allowed=True
|
|
),
|
|
PARENT_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Parent id of the policy rule set.'),
|
|
update_allowed=False
|
|
),
|
|
CHILD_POLICY_RULE_SETS: properties.Schema(
|
|
properties.Schema.LIST,
|
|
_('List of child policy rule sets.'),
|
|
default=None, update_allowed=True
|
|
),
|
|
POLICY_RULES: properties.Schema(
|
|
properties.Schema.LIST,
|
|
_('List of policy rules.'),
|
|
default=None, update_allowed=True
|
|
),
|
|
SHARED: properties.Schema(
|
|
properties.Schema.BOOLEAN,
|
|
_('Shared.'),
|
|
update_allowed=True, required=True
|
|
)
|
|
}
|
|
|
|
def _show_resource(self):
|
|
client = self.grouppolicy()
|
|
prs_id = self.resource_id
|
|
return client.show_policy_rule_set(prs_id)['policy_rule_set']
|
|
|
|
def handle_create(self):
|
|
client = self.grouppolicy()
|
|
|
|
props = {}
|
|
for key in self.properties:
|
|
if self.properties.get(key) is not None:
|
|
props[key] = self.properties.get(key)
|
|
|
|
policy_rule_set = client.create_policy_rule_set(
|
|
{'policy_rule_set': props})['policy_rule_set']
|
|
|
|
self.resource_id_set(policy_rule_set['id'])
|
|
|
|
def handle_delete(self):
|
|
|
|
client = self.grouppolicy()
|
|
policy_rule_set_id = self.resource_id
|
|
|
|
try:
|
|
client.delete_policy_rule_set(policy_rule_set_id)
|
|
except NeutronClientException as ex:
|
|
self.client_plugin().ignore_not_found(ex)
|
|
else:
|
|
return self._delete_task()
|
|
|
|
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
|
|
if prop_diff:
|
|
self.grouppolicy().update_policy_rule_set(
|
|
self.resource_id, {'policy_rule_set': prop_diff})
|
|
|
|
|
|
class NetworkServicePolicy(gbpresource.GBPResource):
|
|
|
|
PROPERTIES = (
|
|
TENANT_ID, NAME, DESCRIPTION, NETWORK_SERVICE_PARAMS, SHARED
|
|
) = (
|
|
'tenant_id', 'name', 'description', 'network_service_params', 'shared'
|
|
)
|
|
|
|
properties_schema = {
|
|
TENANT_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Tenant id of the network service policy.')
|
|
),
|
|
NAME: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Name of the network service policy.'),
|
|
update_allowed=True
|
|
),
|
|
DESCRIPTION: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Description of the network service policy.'),
|
|
update_allowed=True
|
|
),
|
|
NETWORK_SERVICE_PARAMS: properties.Schema(
|
|
properties.Schema.LIST,
|
|
_('List of network service policy dicts.'),
|
|
default=None, update_allowed=True
|
|
),
|
|
SHARED: properties.Schema(
|
|
properties.Schema.BOOLEAN,
|
|
_('Shared.'),
|
|
update_allowed=True, required=True
|
|
)
|
|
}
|
|
|
|
def _show_resource(self):
|
|
client = self.grouppolicy()
|
|
nsp_id = self.resource_id
|
|
nsp = client.show_network_service_policy(nsp_id)
|
|
return nsp['network_service_policy']
|
|
|
|
def handle_create(self):
|
|
client = self.grouppolicy()
|
|
|
|
props = {}
|
|
for key in self.properties:
|
|
if self.properties.get(key) is not None:
|
|
props[key] = self.properties.get(key)
|
|
|
|
nsp = client.create_network_service_policy(
|
|
{'network_service_policy': props})['network_service_policy']
|
|
|
|
self.resource_id_set(nsp['id'])
|
|
|
|
def handle_delete(self):
|
|
|
|
client = self.grouppolicy()
|
|
nsp_id = self.resource_id
|
|
|
|
try:
|
|
client.delete_network_service_policy(nsp_id)
|
|
except NeutronClientException as ex:
|
|
self.client_plugin().ignore_not_found(ex)
|
|
else:
|
|
return self._delete_task()
|
|
|
|
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
|
|
if prop_diff:
|
|
self.grouppolicy().update_network_service_policy(
|
|
self.resource_id, {'network_service_policy': prop_diff})
|
|
|
|
|
|
class ExternalPolicy(gbpresource.GBPResource):
|
|
|
|
PROPERTIES = (
|
|
TENANT_ID, NAME, DESCRIPTION, EXTERNAL_SEGMENTS,
|
|
PROVIDED_POLICY_RULE_SETS, CONSUMED_POLICY_RULE_SETS, SHARED
|
|
) = (
|
|
'tenant_id', 'name', 'description', 'external_segments',
|
|
'provided_policy_rule_sets', 'consumed_policy_rule_sets', 'shared'
|
|
)
|
|
|
|
properties_schema = {
|
|
TENANT_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Tenant id of the external policy.')
|
|
),
|
|
NAME: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Name of the external policy.'),
|
|
update_allowed=True
|
|
),
|
|
DESCRIPTION: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Description of the external policy.'),
|
|
update_allowed=True
|
|
),
|
|
EXTERNAL_SEGMENTS: properties.Schema(
|
|
properties.Schema.LIST,
|
|
_('External segments of the policy.'),
|
|
update_allowed=True
|
|
),
|
|
PROVIDED_POLICY_RULE_SETS: properties.Schema(
|
|
properties.Schema.LIST,
|
|
_('Provided policy rule sets.'),
|
|
default=None, update_allowed=True
|
|
),
|
|
CONSUMED_POLICY_RULE_SETS: properties.Schema(
|
|
properties.Schema.LIST,
|
|
_('Consumed policy rule sets.'),
|
|
default=None, update_allowed=True
|
|
),
|
|
SHARED: properties.Schema(
|
|
properties.Schema.BOOLEAN,
|
|
_('Shared.'),
|
|
update_allowed=True, required=True
|
|
)
|
|
}
|
|
|
|
def _show_resource(self):
|
|
client = self.grouppolicy()
|
|
ext_policy_id = self.resource_id
|
|
ext_policy = client.show_external_policy(ext_policy_id)
|
|
return ext_policy['external_policy']
|
|
|
|
def handle_create(self):
|
|
client = self.grouppolicy()
|
|
|
|
props = {}
|
|
for key in self.properties:
|
|
if self.properties.get(key) is not None:
|
|
props[key] = self.properties.get(key)
|
|
|
|
provided_policy_rule_set_list = {}
|
|
consumed_policy_rule_set_list = {}
|
|
props_provided_policy_rule_sets = props.get(
|
|
'provided_policy_rule_sets', [])
|
|
props_consumed_policy_rule_sets = props.get(
|
|
'consumed_policy_rule_sets', [])
|
|
|
|
for prop_prov_policy_rule_set in props_provided_policy_rule_sets:
|
|
policy_rule_set_id = (
|
|
prop_prov_policy_rule_set['policy_rule_set_id'])
|
|
policy_rule_set_scope = (
|
|
prop_prov_policy_rule_set['policy_rule_set_scope'])
|
|
provided_policy_rule_set_list.update({policy_rule_set_id:
|
|
policy_rule_set_scope})
|
|
|
|
for prop_cons_policy_rule_set in props_consumed_policy_rule_sets:
|
|
policy_rule_set_id = (
|
|
prop_cons_policy_rule_set['policy_rule_set_id'])
|
|
policy_rule_set_scope = (
|
|
prop_cons_policy_rule_set['policy_rule_set_scope'])
|
|
consumed_policy_rule_set_list.update({policy_rule_set_id:
|
|
policy_rule_set_scope})
|
|
|
|
if provided_policy_rule_set_list:
|
|
props['provided_policy_rule_sets'] = provided_policy_rule_set_list
|
|
if consumed_policy_rule_set_list:
|
|
props['consumed_policy_rule_sets'] = consumed_policy_rule_set_list
|
|
|
|
ext_policy = client.create_external_policy(
|
|
{'external_policy': props})['external_policy']
|
|
|
|
self.resource_id_set(ext_policy['id'])
|
|
|
|
def handle_delete(self):
|
|
|
|
client = self.grouppolicy()
|
|
ext_policy_id = self.resource_id
|
|
|
|
try:
|
|
client.delete_external_policy(ext_policy_id)
|
|
except NeutronClientException as ex:
|
|
self.client_plugin().ignore_not_found(ex)
|
|
else:
|
|
return self._delete_task()
|
|
|
|
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
|
|
if prop_diff:
|
|
provided_policy_rule_set_list = {}
|
|
consumed_policy_rule_set_list = {}
|
|
props_provided_policy_rule_sets = prop_diff.get(
|
|
'provided_policy_rule_sets', [])
|
|
props_consumed_policy_rule_sets = prop_diff.get(
|
|
'consumed_policy_rule_sets', [])
|
|
|
|
for prop_prov_policy_rule_set in props_provided_policy_rule_sets:
|
|
policy_rule_set_id = (
|
|
prop_prov_policy_rule_set['policy_rule_set_id'])
|
|
policy_rule_set_scope = (
|
|
prop_prov_policy_rule_set['policy_rule_set_scope'])
|
|
provided_policy_rule_set_list.update({policy_rule_set_id:
|
|
policy_rule_set_scope})
|
|
|
|
for prop_cons_policy_rule_set in props_consumed_policy_rule_sets:
|
|
policy_rule_set_id = (
|
|
prop_cons_policy_rule_set['policy_rule_set_id'])
|
|
policy_rule_set_scope = (
|
|
prop_cons_policy_rule_set['policy_rule_set_scope'])
|
|
consumed_policy_rule_set_list.update({policy_rule_set_id:
|
|
policy_rule_set_scope})
|
|
|
|
if provided_policy_rule_set_list:
|
|
prop_diff['provided_policy_rule_sets'] = (
|
|
provided_policy_rule_set_list)
|
|
if consumed_policy_rule_set_list:
|
|
prop_diff['consumed_policy_rule_sets'] = (
|
|
consumed_policy_rule_set_list)
|
|
|
|
self.grouppolicy().update_external_policy(
|
|
self.resource_id, {'external_policy': prop_diff})
|
|
|
|
|
|
class ExternalSegment(gbpresource.GBPResource):
|
|
|
|
PROPERTIES = (
|
|
TENANT_ID, NAME, DESCRIPTION, IP_VERSION, CIDR, SUBNET_ID,
|
|
EXTERNAL_ROUTES, PORT_ADDRESS_TRANSLATION, SHARED
|
|
) = (
|
|
'tenant_id', 'name', 'description', 'ip_version', 'cidr',
|
|
'subnet_id', 'external_routes', 'port_address_translation',
|
|
'shared'
|
|
)
|
|
|
|
properties_schema = {
|
|
TENANT_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Tenant id of the external segment.')
|
|
),
|
|
NAME: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Name of the external segment.'),
|
|
update_allowed=True
|
|
),
|
|
DESCRIPTION: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Description of the external segment.'),
|
|
update_allowed=True
|
|
),
|
|
IP_VERSION: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('IP version of the external segment.'),
|
|
default='4', update_allowed=False
|
|
),
|
|
CIDR: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('CIDR of the external segment.'),
|
|
default=None, update_allowed=False
|
|
),
|
|
SUBNET_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Subnet ID of the neutron external network.'),
|
|
default=None, update_allowed=False
|
|
),
|
|
EXTERNAL_ROUTES: properties.Schema(
|
|
properties.Schema.LIST,
|
|
_('External routes of the external segment.'),
|
|
default=None, update_allowed=True
|
|
),
|
|
PORT_ADDRESS_TRANSLATION: properties.Schema(
|
|
properties.Schema.BOOLEAN,
|
|
_('Port address translation required for the external segment.'),
|
|
update_allowed=True, default=False
|
|
),
|
|
SHARED: properties.Schema(
|
|
properties.Schema.BOOLEAN,
|
|
_('Shared.'),
|
|
update_allowed=True, required=True
|
|
)
|
|
}
|
|
|
|
def _show_resource(self):
|
|
client = self.grouppolicy()
|
|
es_id = self.resource_id
|
|
es = client.show_external_segment(es_id)
|
|
return es['external_segment']
|
|
|
|
def handle_create(self):
|
|
client = self.grouppolicy()
|
|
|
|
props = {}
|
|
for key in self.properties:
|
|
if self.properties.get(key) is not None:
|
|
props[key] = self.properties.get(key)
|
|
|
|
es = client.create_external_segment(
|
|
{'external_segment': props})['external_segment']
|
|
|
|
self.resource_id_set(es['id'])
|
|
|
|
def handle_delete(self):
|
|
|
|
client = self.grouppolicy()
|
|
es_id = self.resource_id
|
|
|
|
try:
|
|
client.delete_external_segment(es_id)
|
|
except NeutronClientException as ex:
|
|
self.client_plugin().ignore_not_found(ex)
|
|
else:
|
|
return self._delete_task()
|
|
|
|
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
|
|
if prop_diff:
|
|
self.grouppolicy().update_external_segment(
|
|
self.resource_id, {'external_segment': prop_diff})
|
|
|
|
|
|
class NATPool(gbpresource.GBPResource):
|
|
|
|
PROPERTIES = (
|
|
TENANT_ID, NAME, DESCRIPTION, IP_VERSION, IP_POOL,
|
|
EXTERNAL_SEGMENT_ID, SHARED
|
|
) = (
|
|
'tenant_id', 'name', 'description', 'ip_version', 'ip_pool',
|
|
'external_segment_id', 'shared'
|
|
)
|
|
|
|
properties_schema = {
|
|
TENANT_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Tenant id of the NAT pool.')
|
|
),
|
|
NAME: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Name of the NAT pool.'),
|
|
update_allowed=True
|
|
),
|
|
DESCRIPTION: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('Description of the NET pool.'),
|
|
update_allowed=True
|
|
),
|
|
IP_VERSION: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('IP version of the NAT pool.'),
|
|
default='4', update_allowed=False
|
|
),
|
|
IP_POOL: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('IP pool of the NAT pool.'),
|
|
default=None, update_allowed=False
|
|
),
|
|
EXTERNAL_SEGMENT_ID: properties.Schema(
|
|
properties.Schema.STRING,
|
|
_('External segment id of the NAT pool.'),
|
|
update_allowed=True, required=True
|
|
),
|
|
SHARED: properties.Schema(
|
|
properties.Schema.BOOLEAN,
|
|
_('Shared.'),
|
|
update_allowed=True, required=True
|
|
)
|
|
}
|
|
|
|
def _show_resource(self):
|
|
client = self.grouppolicy()
|
|
nat_pool_id = self.resource_id
|
|
nat_pool = client.show_nat_pool(nat_pool_id)
|
|
return nat_pool['nat_pool']
|
|
|
|
def handle_create(self):
|
|
client = self.grouppolicy()
|
|
|
|
props = {}
|
|
for key in self.properties:
|
|
if self.properties.get(key) is not None:
|
|
props[key] = self.properties.get(key)
|
|
|
|
nat_pool = client.create_nat_pool(
|
|
{'nat_pool': props})['nat_pool']
|
|
|
|
self.resource_id_set(nat_pool['id'])
|
|
|
|
def handle_delete(self):
|
|
|
|
client = self.grouppolicy()
|
|
nat_pool_id = self.resource_id
|
|
|
|
try:
|
|
client.delete_nat_pool(nat_pool_id)
|
|
except NeutronClientException as ex:
|
|
self.client_plugin().ignore_not_found(ex)
|
|
else:
|
|
return self._delete_task()
|
|
|
|
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
|
|
if prop_diff:
|
|
self.grouppolicy().update_nat_pool(
|
|
self.resource_id, {'nat_pool': prop_diff})
|
|
|
|
|
|
def resource_mapping():
|
|
return {
|
|
'OS::Neutron::PolicyTarget': PolicyTarget,
|
|
'OS::Neutron::PolicyTargetGroup': PolicyTargetGroup,
|
|
'OS::Neutron::L2Policy': L2Policy,
|
|
'OS::Neutron::L3Policy': L3Policy,
|
|
'OS::Neutron::PolicyClassifier': PolicyClassifier,
|
|
'OS::Neutron::PolicyAction': PolicyAction,
|
|
'OS::Neutron::PolicyRule': PolicyRule,
|
|
'OS::Neutron::PolicyRuleSet': PolicyRuleSet,
|
|
'OS::Neutron::NetworkServicePolicy': NetworkServicePolicy,
|
|
'OS::Neutron::ExternalPolicy': ExternalPolicy,
|
|
'OS::Neutron::ExternalSegment': ExternalSegment,
|
|
'OS::Neutron::NATPool': NATPool
|
|
}
|