¡@
OpenStack Study: security_groups.py**** CubicPower OpenStack Study ****
# Copyright 2011 OpenStack Foundation # Copyright 2012 Justin Santa Barbara # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. """The security groups extension.""" import json from nova.api.openstack import extensions from nova.api.openstack import wsgi from nova import compute from nova.compute import api as compute_api from nova import exception from nova.network.security_group import neutron_driver from nova.network.security_group import openstack_driver ALIAS = 'os-security-groups' ATTRIBUTE_NAME = '%s:security_groups' % ALIAS authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS) softauth = extensions.soft_extension_authorizer('compute', 'v3:' + ALIAS)
**** CubicPower OpenStack Study **** def _authorize_context(req): context = req.environ['nova.context'] authorize(context) return context
**** CubicPower OpenStack Study **** class SecurityGroupsOutputController(wsgi.Controller):
**** CubicPower OpenStack Study **** def __init__(self, *args, **kwargs): super(SecurityGroupsOutputController, self).__init__(*args, **kwargs) self.compute_api = compute.API() self.security_group_api = ( openstack_driver.get_openstack_security_group_driver())
**** CubicPower OpenStack Study **** def _extend_servers(self, req, servers): # TODO(arosen) this function should be refactored to reduce duplicate # code and use get_instance_security_groups instead of get_db_instance. if not len(servers): return key = "security_groups" context = _authorize_context(req) if not openstack_driver.is_neutron_security_groups(): for server in servers: instance = req.get_db_instance(server['id']) groups = instance.get(key) if groups: server[ATTRIBUTE_NAME] = [{"name": group["name"]} for group in groups] else: # If method is a POST we get the security groups intended for an # instance from the request. The reason for this is if using # neutron security groups the requested security groups for the # instance are not in the db and have not been sent to neutron yet. if req.method != 'POST': sg_instance_bindings = ( self.security_group_api .get_instances_security_groups_bindings(context, servers)) for server in servers: groups = sg_instance_bindings.get(server['id']) if groups: server[ATTRIBUTE_NAME] = groups # In this section of code len(servers) == 1 as you can only POST # one server in an API request. else: # try converting to json req_obj = json.loads(req.body) # Add security group to server, if no security group was in # request add default since that is the group it is part of servers[0][ATTRIBUTE_NAME] = req_obj['server'].get( ATTRIBUTE_NAME, [{'name': 'default'}])
**** CubicPower OpenStack Study **** def _show(self, req, resp_obj): if not softauth(req.environ['nova.context']): return if 'server' in resp_obj.obj: self._extend_servers(req, [resp_obj.obj['server']]) @wsgi.extends
**** CubicPower OpenStack Study **** def show(self, req, resp_obj, id): return self._show(req, resp_obj) @wsgi.extends
**** CubicPower OpenStack Study **** def create(self, req, resp_obj, body): return self._show(req, resp_obj) @wsgi.extends
**** CubicPower OpenStack Study **** def detail(self, req, resp_obj): if not softauth(req.environ['nova.context']): return self._extend_servers(req, list(resp_obj.obj['servers']))
**** CubicPower OpenStack Study **** class SecurityGroups(extensions.V3APIExtensionBase): """Security group support.""" name = "SecurityGroups" alias = ALIAS version = 1
**** CubicPower OpenStack Study **** def get_controller_extensions(self): controller = SecurityGroupsOutputController() output = extensions.ControllerExtension(self, 'servers', controller) return [output]
**** CubicPower OpenStack Study **** def get_resources(self): return []
**** CubicPower OpenStack Study **** def server_create(self, server_dict, create_kwargs): security_groups = server_dict.get(ATTRIBUTE_NAME) if security_groups is not None: create_kwargs['security_group'] = [ sg['name'] for sg in security_groups if sg.get('name')] create_kwargs['security_group'] = list( set(create_kwargs['security_group']))
**** CubicPower OpenStack Study **** class NativeSecurityGroupExceptions(object): @staticmethod
**** CubicPower OpenStack Study **** def raise_invalid_property(msg): raise exception.Invalid(msg) @staticmethod
**** CubicPower OpenStack Study **** def raise_group_already_exists(msg): raise exception.Invalid(msg) @staticmethod
**** CubicPower OpenStack Study **** def raise_invalid_group(msg): raise exception.Invalid(msg) @staticmethod
**** CubicPower OpenStack Study **** def raise_invalid_cidr(cidr, decoding_exception=None): raise exception.InvalidCidr(cidr=cidr) @staticmethod
**** CubicPower OpenStack Study **** def raise_over_quota(msg): raise exception.SecurityGroupLimitExceeded(msg) @staticmethod
**** CubicPower OpenStack Study **** def raise_not_found(msg): raise exception.SecurityGroupNotFound(msg)
**** CubicPower OpenStack Study **** class NativeNovaSecurityGroupAPI(NativeSecurityGroupExceptions,
compute_api.SecurityGroupAPI): pass
**** CubicPower OpenStack Study **** class NativeNeutronSecurityGroupAPI(NativeSecurityGroupExceptions,
neutron_driver.SecurityGroupAPI): pass
|