**** CubicPower OpenStack Study ****
# Copyright 2011 OpenStack Foundation
# Copyright 2012 Justin Santa Barbara
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""The security groups extension."""
import json
from nova.api.openstack import extensions
from nova.api.openstack import wsgi
from nova import compute
from nova.compute import api as compute_api
from nova import exception
from nova.network.security_group import neutron_driver
from nova.network.security_group import openstack_driver
ALIAS = 'os-security-groups'
ATTRIBUTE_NAME = '%s:security_groups' % ALIAS
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
softauth = extensions.soft_extension_authorizer('compute', 'v3:' + ALIAS)
**** CubicPower OpenStack Study ****
def _authorize_context(req):
context = req.environ['nova.context']
authorize(context)
return context
**** CubicPower OpenStack Study ****
class SecurityGroupsOutputController(wsgi.Controller):
**** CubicPower OpenStack Study ****
def __init__(self, *args, **kwargs):
super(SecurityGroupsOutputController, self).__init__(*args, **kwargs)
self.compute_api = compute.API()
self.security_group_api = (
openstack_driver.get_openstack_security_group_driver())
**** CubicPower OpenStack Study ****
def _extend_servers(self, req, servers):
# TODO(arosen) this function should be refactored to reduce duplicate
# code and use get_instance_security_groups instead of get_db_instance.
if not len(servers):
return
key = "security_groups"
context = _authorize_context(req)
if not openstack_driver.is_neutron_security_groups():
for server in servers:
instance = req.get_db_instance(server['id'])
groups = instance.get(key)
if groups:
server[ATTRIBUTE_NAME] = [{"name": group["name"]}
for group in groups]
else:
# If method is a POST we get the security groups intended for an
# instance from the request. The reason for this is if using
# neutron security groups the requested security groups for the
# instance are not in the db and have not been sent to neutron yet.
if req.method != 'POST':
sg_instance_bindings = (
self.security_group_api
.get_instances_security_groups_bindings(context,
servers))
for server in servers:
groups = sg_instance_bindings.get(server['id'])
if groups:
server[ATTRIBUTE_NAME] = groups
# In this section of code len(servers) == 1 as you can only POST
# one server in an API request.
else:
# try converting to json
req_obj = json.loads(req.body)
# Add security group to server, if no security group was in
# request add default since that is the group it is part of
servers[0][ATTRIBUTE_NAME] = req_obj['server'].get(
ATTRIBUTE_NAME, [{'name': 'default'}])
**** CubicPower OpenStack Study ****
def _show(self, req, resp_obj):
if not softauth(req.environ['nova.context']):
return
if 'server' in resp_obj.obj:
self._extend_servers(req, [resp_obj.obj['server']])
@wsgi.extends
**** CubicPower OpenStack Study ****
def show(self, req, resp_obj, id):
return self._show(req, resp_obj)
@wsgi.extends
**** CubicPower OpenStack Study ****
def create(self, req, resp_obj, body):
return self._show(req, resp_obj)
@wsgi.extends
**** CubicPower OpenStack Study ****
def detail(self, req, resp_obj):
if not softauth(req.environ['nova.context']):
return
self._extend_servers(req, list(resp_obj.obj['servers']))
**** CubicPower OpenStack Study ****
class SecurityGroups(extensions.V3APIExtensionBase):
"""Security group support."""
name = "SecurityGroups"
alias = ALIAS
version = 1
**** CubicPower OpenStack Study ****
def get_controller_extensions(self):
controller = SecurityGroupsOutputController()
output = extensions.ControllerExtension(self, 'servers', controller)
return [output]
**** CubicPower OpenStack Study ****
def get_resources(self):
return []
**** CubicPower OpenStack Study ****
def server_create(self, server_dict, create_kwargs):
security_groups = server_dict.get(ATTRIBUTE_NAME)
if security_groups is not None:
create_kwargs['security_group'] = [
sg['name'] for sg in security_groups if sg.get('name')]
create_kwargs['security_group'] = list(
set(create_kwargs['security_group']))
**** CubicPower OpenStack Study ****
class NativeSecurityGroupExceptions(object):
@staticmethod
**** CubicPower OpenStack Study ****
def raise_invalid_property(msg):
raise exception.Invalid(msg)
@staticmethod
**** CubicPower OpenStack Study ****
def raise_group_already_exists(msg):
raise exception.Invalid(msg)
@staticmethod
**** CubicPower OpenStack Study ****
def raise_invalid_group(msg):
raise exception.Invalid(msg)
@staticmethod
**** CubicPower OpenStack Study ****
def raise_invalid_cidr(cidr, decoding_exception=None):
raise exception.InvalidCidr(cidr=cidr)
@staticmethod
**** CubicPower OpenStack Study ****
def raise_over_quota(msg):
raise exception.SecurityGroupLimitExceeded(msg)
@staticmethod
**** CubicPower OpenStack Study ****
def raise_not_found(msg):
raise exception.SecurityGroupNotFound(msg)
**** CubicPower OpenStack Study ****
class NativeNovaSecurityGroupAPI(NativeSecurityGroupExceptions,
compute_api.SecurityGroupAPI):
pass
**** CubicPower OpenStack Study ****
class NativeNeutronSecurityGroupAPI(NativeSecurityGroupExceptions,
neutron_driver.SecurityGroupAPI):
pass