summaryrefslogtreecommitdiffstats
path: root/aria/multivim-plugin/neutron_plugin/security_group.py
diff options
context:
space:
mode:
Diffstat (limited to 'aria/multivim-plugin/neutron_plugin/security_group.py')
-rw-r--r--aria/multivim-plugin/neutron_plugin/security_group.py130
1 files changed, 0 insertions, 130 deletions
diff --git a/aria/multivim-plugin/neutron_plugin/security_group.py b/aria/multivim-plugin/neutron_plugin/security_group.py
deleted file mode 100644
index 5f335f482b..0000000000
--- a/aria/multivim-plugin/neutron_plugin/security_group.py
+++ /dev/null
@@ -1,130 +0,0 @@
-#########
-# Copyright (c) 2014 GigaSpaces Technologies Ltd. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# * See the License for the specific language governing permissions and
-# * limitations under the License.
-
-from time import sleep
-
-from requests.exceptions import RequestException
-
-from cloudify import ctx
-from cloudify.decorators import operation
-from cloudify.exceptions import NonRecoverableError
-from openstack_plugin_common import (
- transform_resource_name,
- with_neutron_client,
- delete_resource_and_runtime_properties,
-)
-from openstack_plugin_common.security_group import (
- build_sg_data,
- process_rules,
- use_external_sg,
- set_sg_runtime_properties,
- delete_sg,
- sg_creation_validation,
- RUNTIME_PROPERTIES_KEYS
-)
-
-DEFAULT_RULE_VALUES = {
- 'direction': 'ingress',
- 'ethertype': 'IPv4',
- 'port_range_min': 1,
- 'port_range_max': 65535,
- 'protocol': 'tcp',
- 'remote_group_id': None,
- 'remote_ip_prefix': '0.0.0.0/0',
-}
-
-
-@operation
-@with_neutron_client
-def create(
- neutron_client, args,
- status_attempts=10, status_timeout=2, **kwargs
-):
-
- security_group = build_sg_data(args)
- if not security_group['description']:
- security_group['description'] = ctx.node.properties['description']
-
- sg_rules = process_rules(neutron_client, DEFAULT_RULE_VALUES,
- 'remote_ip_prefix', 'remote_group_id',
- 'port_range_min', 'port_range_max')
-
- disable_default_egress_rules = ctx.node.properties.get(
- 'disable_default_egress_rules')
-
- if use_external_sg(neutron_client):
- return
-
- transform_resource_name(ctx, security_group)
-
- sg = neutron_client.create_security_group(
- {'security_group': security_group})['security_group']
-
- for attempt in range(max(status_attempts, 1)):
- sleep(status_timeout)
- try:
- neutron_client.show_security_group(sg['id'])
- except RequestException as e:
- ctx.logger.debug("Waiting for SG to be visible. Attempt {}".format(
- attempt))
- else:
- break
- else:
- raise NonRecoverableError(
- "Timed out waiting for security_group to exist", e)
-
- set_sg_runtime_properties(sg, neutron_client)
-
- try:
- if disable_default_egress_rules:
- for er in _egress_rules(_rules_for_sg_id(neutron_client,
- sg['id'])):
- neutron_client.delete_security_group_rule(er['id'])
-
- for sgr in sg_rules:
- sgr['security_group_id'] = sg['id']
- neutron_client.create_security_group_rule(
- {'security_group_rule': sgr})
- except Exception:
- try:
- delete_resource_and_runtime_properties(
- ctx, neutron_client,
- RUNTIME_PROPERTIES_KEYS)
- except Exception as e:
- raise NonRecoverableError(
- 'Exception while tearing down for retry', e)
- raise
-
-
-@operation
-@with_neutron_client
-def delete(neutron_client, **kwargs):
- delete_sg(neutron_client)
-
-
-@operation
-@with_neutron_client
-def creation_validation(neutron_client, **kwargs):
- sg_creation_validation(neutron_client, 'remote_ip_prefix')
-
-
-def _egress_rules(rules):
- return [rule for rule in rules if rule.get('direction') == 'egress']
-
-
-def _rules_for_sg_id(neutron_client, id):
- rules = neutron_client.list_security_group_rules()['security_group_rules']
- rules = [rule for rule in rules if rule['security_group_id'] == id]
- return rules