summaryrefslogtreecommitdiffstats
path: root/snaps/openstack/create_security_group.py
diff options
context:
space:
mode:
Diffstat (limited to 'snaps/openstack/create_security_group.py')
-rw-r--r--snaps/openstack/create_security_group.py85
1 files changed, 44 insertions, 41 deletions
diff --git a/snaps/openstack/create_security_group.py b/snaps/openstack/create_security_group.py
index 34d5952..8218c83 100644
--- a/snaps/openstack/create_security_group.py
+++ b/snaps/openstack/create_security_group.py
@@ -16,6 +16,8 @@ import logging
import enum
from neutronclient.common.exceptions import NotFound, Conflict
+
+from snaps.openstack.openstack_creator import OpenStackNetworkObject
from snaps.openstack.utils import keystone_utils
from snaps.openstack.utils import neutron_utils
@@ -24,9 +26,9 @@ __author__ = 'spisarski'
logger = logging.getLogger('OpenStackSecurityGroup')
-class OpenStackSecurityGroup:
+class OpenStackSecurityGroup(OpenStackNetworkObject):
"""
- Class responsible for creating Security Groups
+ Class responsible for managing a Security Group in OpenStack
"""
def __init__(self, os_creds, sec_grp_settings):
@@ -35,10 +37,9 @@ class OpenStackSecurityGroup:
:param os_creds: The credentials to connect with OpenStack
:param sec_grp_settings: The settings used to create a security group
"""
- self.__os_creds = os_creds
+ super(self.__class__, self).__init__(os_creds)
+
self.sec_grp_settings = sec_grp_settings
- self.__neutron = None
- self.__keystone = None
# Attributes instantiated on create()
self.__security_group = None
@@ -46,29 +47,46 @@ class OpenStackSecurityGroup:
# dict where the rule settings object is the key
self.__rules = dict()
- def create(self, cleanup=False):
+ def initialize(self):
+ """
+ Loads existing security group.
+ :return: the security group domain object
+ """
+ super(self.__class__, self).initialize()
+
+ self.__security_group = neutron_utils.get_security_group(
+ self._neutron, sec_grp_settings=self.sec_grp_settings)
+ if self.__security_group:
+ # Populate rules
+ existing_rules = neutron_utils.get_rules_by_security_group(
+ self._neutron, self.__security_group)
+
+ for existing_rule in existing_rules:
+ # For Custom Rules
+ rule_setting = self.__get_setting_from_rule(existing_rule)
+ self.__rules[rule_setting] = existing_rule
+
+ return self.__security_group
+
+ def create(self):
"""
Responsible for creating the security group.
- :param cleanup: Denotes whether or not this is being called for cleanup
- :return: the OpenStack security group object
+ :return: the security group domain object
"""
- self.__neutron = neutron_utils.neutron_client(self.__os_creds)
- self.__keystone = keystone_utils.keystone_client(self.__os_creds)
+ self.initialize()
- logger.info(
- 'Creating security group %s...' % self.sec_grp_settings.name)
+ if not self.__security_group:
+ logger.info(
+ 'Creating security group %s...' % self.sec_grp_settings.name)
- self.__security_group = neutron_utils.get_security_group(
- self.__neutron, sec_grp_settings=self.sec_grp_settings)
- if not self.__security_group and not cleanup:
- # Create the security group
+ keystone = keystone_utils.keystone_client(self._os_creds)
self.__security_group = neutron_utils.create_security_group(
- self.__neutron, self.__keystone,
+ self._neutron, keystone,
self.sec_grp_settings)
# Get the rules added for free
auto_rules = neutron_utils.get_rules_by_security_group(
- self.__neutron, self.__security_group)
+ self._neutron, self.__security_group)
ctr = 0
for auto_rule in auto_rules:
@@ -80,7 +98,7 @@ class OpenStackSecurityGroup:
for sec_grp_rule_setting in self.sec_grp_settings.rule_settings:
try:
custom_rule = neutron_utils.create_security_group_rule(
- self.__neutron, sec_grp_rule_setting)
+ self._neutron, sec_grp_rule_setting)
self.__rules[sec_grp_rule_setting] = custom_rule
except Conflict as e:
logger.warn('Unable to create rule due to conflict - %s',
@@ -88,22 +106,7 @@ class OpenStackSecurityGroup:
# Refresh security group object to reflect the new rules added
self.__security_group = neutron_utils.get_security_group(
- self.__neutron, sec_grp_settings=self.sec_grp_settings)
- else:
- # Populate rules
- existing_rules = neutron_utils.get_rules_by_security_group(
- self.__neutron, self.__security_group)
-
- for existing_rule in existing_rules:
- # For Custom Rules
- rule_setting = self.__get_setting_from_rule(existing_rule)
- ctr = 0
- if not rule_setting:
- # For Free Rules
- rule_setting = self.__generate_rule_setting(existing_rule)
- ctr += 1
-
- self.__rules[rule_setting] = existing_rule
+ self._neutron, sec_grp_settings=self.sec_grp_settings)
return self.__security_group
@@ -115,7 +118,7 @@ class OpenStackSecurityGroup:
:return: the newly instantiated SecurityGroupRuleSettings object
"""
sec_grp = neutron_utils.get_security_group_by_id(
- self.__neutron, rule.security_group_id)
+ self._neutron, rule.security_group_id)
setting = SecurityGroupRuleSettings(
description=rule.description,
@@ -135,7 +138,7 @@ class OpenStackSecurityGroup:
"""
for setting, rule in self.__rules.items():
try:
- neutron_utils.delete_security_group_rule(self.__neutron, rule)
+ neutron_utils.delete_security_group_rule(self._neutron, rule)
except NotFound as e:
logger.warning('Rule not found, cannot delete - ' + str(e))
pass
@@ -143,7 +146,7 @@ class OpenStackSecurityGroup:
if self.__security_group:
try:
- neutron_utils.delete_security_group(self.__neutron,
+ neutron_utils.delete_security_group(self._neutron,
self.__security_group)
except NotFound as e:
logger.warning(
@@ -171,7 +174,7 @@ class OpenStackSecurityGroup:
:param rule_setting: the rule configuration
"""
rule_setting.sec_grp_name = self.sec_grp_settings.name
- new_rule = neutron_utils.create_security_group_rule(self.__neutron,
+ new_rule = neutron_utils.create_security_group_rule(self._neutron,
rule_setting)
self.__rules[rule_setting] = new_rule
self.sec_grp_settings.rule_settings.append(rule_setting)
@@ -187,12 +190,12 @@ class OpenStackSecurityGroup:
if rule_id or rule_setting:
if rule_id:
rule_to_remove = neutron_utils.get_rule_by_id(
- self.__neutron, self.__security_group, rule_id)
+ self._neutron, self.__security_group, rule_id)
elif rule_setting:
rule_to_remove = self.__rules.get(rule_setting)
if rule_to_remove:
- neutron_utils.delete_security_group_rule(self.__neutron,
+ neutron_utils.delete_security_group_rule(self._neutron,
rule_to_remove)
rule_setting = self.__get_setting_from_rule(rule_to_remove)
if rule_setting: