diff options
author | rexlee8776 <limingjiang@huawei.com> | 2018-08-08 08:54:59 +0000 |
---|---|---|
committer | rexlee8776 <limingjiang@huawei.com> | 2018-08-20 04:04:05 +0000 |
commit | cea576574ac0554c1320179bffe6965ac1333972 (patch) | |
tree | 4d9baf9d63e1c388fad138b46a11eb2591c69fdd /yardstick/orchestrator/heat.py | |
parent | 799a7d36587b14cbc0a9e24da5ba627b7ccb935c (diff) |
Make security group configurable - dovetail
Make sercurity group can be configured via the context.
The format would be:
context:
name: demo
image: yardstick-image
flavor: yardstick-flavor
user: ubuntu
security_group:
rules:
- remote_ip_prefix: "0.0.0.0/0"
protocol: "tcp"
port_range_min: 1
port_range_max: 65535
- remote_ip_prefix: "0.0.0.0/0"
protocol: "udp"
port_range_min: 1
port_range_max: 65535
- remote_ip_prefix: "0.0.0.0/0"
protocol: "icmp"
JIRA: YARDSTICK-1360
Change-Id: I00c45767ee2d70b790590e824599d5a4c274bced
Signed-off-by: rexlee8776 <limingjiang@huawei.com>
Diffstat (limited to 'yardstick/orchestrator/heat.py')
-rw-r--r-- | yardstick/orchestrator/heat.py | 121 |
1 files changed, 65 insertions, 56 deletions
diff --git a/yardstick/orchestrator/heat.py b/yardstick/orchestrator/heat.py index 99a5760a3..9da4948dd 100644 --- a/yardstick/orchestrator/heat.py +++ b/yardstick/orchestrator/heat.py @@ -471,68 +471,77 @@ name (i.e. %s). 'value': {'get_resource': name} } - def add_security_group(self, name): + def add_security_group(self, name, security_group=None): """add to the template a Neutron SecurityGroup""" log.debug("adding Neutron::SecurityGroup '%s'", name) + description = ("Group allowing IPv4 and IPv6 for icmp and upd/tcp on" + "all ports") + rules = [ + {'remote_ip_prefix': '0.0.0.0/0', + 'protocol': 'tcp', + 'port_range_min': '1', + 'port_range_max': '65535'}, + {'remote_ip_prefix': '0.0.0.0/0', + 'protocol': 'udp', + 'port_range_min': '1', + 'port_range_max': '65535'}, + {'remote_ip_prefix': '0.0.0.0/0', + 'protocol': 'icmp'}, + {'remote_ip_prefix': '::/0', + 'ethertype': 'IPv6', + 'protocol': 'tcp', + 'port_range_min': '1', + 'port_range_max': '65535'}, + {'remote_ip_prefix': '::/0', + 'ethertype': 'IPv6', + 'protocol': 'udp', + 'port_range_min': '1', + 'port_range_max': '65535'}, + {'remote_ip_prefix': '::/0', + 'ethertype': 'IPv6', + 'protocol': 'ipv6-icmp'}, + {'remote_ip_prefix': '0.0.0.0/0', + 'direction': 'egress', + 'protocol': 'tcp', + 'port_range_min': '1', + 'port_range_max': '65535'}, + {'remote_ip_prefix': '0.0.0.0/0', + 'direction': 'egress', + 'protocol': 'udp', + 'port_range_min': '1', + 'port_range_max': '65535'}, + {'remote_ip_prefix': '0.0.0.0/0', + 'direction': 'egress', + 'protocol': 'icmp'}, + {'remote_ip_prefix': '::/0', + 'direction': 'egress', + 'ethertype': 'IPv6', + 'protocol': 'tcp', + 'port_range_min': '1', + 'port_range_max': '65535'}, + {'remote_ip_prefix': '::/0', + 'direction': 'egress', + 'ethertype': 'IPv6', + 'protocol': 'udp', + 'port_range_min': '1', + 'port_range_max': '65535'}, + {'remote_ip_prefix': '::/0', + 'direction': 'egress', + 'ethertype': 'IPv6', + 'protocol': 'ipv6-icmp'}, + ] + if security_group: + description = "Custom security group rules defined by the user" + rules = security_group.get('rules') + + log.debug("The security group rules is %s", rules) + self.resources[name] = { 'type': 'OS::Neutron::SecurityGroup', 'properties': { 'name': name, - 'description': "Group allowing IPv4 and IPv6 for icmp and upd/tcp on all ports", - 'rules': [ - {'remote_ip_prefix': '0.0.0.0/0', - 'protocol': 'tcp', - 'port_range_min': '1', - 'port_range_max': '65535'}, - {'remote_ip_prefix': '0.0.0.0/0', - 'protocol': 'udp', - 'port_range_min': '1', - 'port_range_max': '65535'}, - {'remote_ip_prefix': '0.0.0.0/0', - 'protocol': 'icmp'}, - {'remote_ip_prefix': '::/0', - 'ethertype': 'IPv6', - 'protocol': 'tcp', - 'port_range_min': '1', - 'port_range_max': '65535'}, - {'remote_ip_prefix': '::/0', - 'ethertype': 'IPv6', - 'protocol': 'udp', - 'port_range_min': '1', - 'port_range_max': '65535'}, - {'remote_ip_prefix': '::/0', - 'ethertype': 'IPv6', - 'protocol': 'ipv6-icmp'}, - {'remote_ip_prefix': '0.0.0.0/0', - 'direction': 'egress', - 'protocol': 'tcp', - 'port_range_min': '1', - 'port_range_max': '65535'}, - {'remote_ip_prefix': '0.0.0.0/0', - 'direction': 'egress', - 'protocol': 'udp', - 'port_range_min': '1', - 'port_range_max': '65535'}, - {'remote_ip_prefix': '0.0.0.0/0', - 'direction': 'egress', - 'protocol': 'icmp'}, - {'remote_ip_prefix': '::/0', - 'direction': 'egress', - 'ethertype': 'IPv6', - 'protocol': 'tcp', - 'port_range_min': '1', - 'port_range_max': '65535'}, - {'remote_ip_prefix': '::/0', - 'direction': 'egress', - 'ethertype': 'IPv6', - 'protocol': 'udp', - 'port_range_min': '1', - 'port_range_max': '65535'}, - {'remote_ip_prefix': '::/0', - 'direction': 'egress', - 'ethertype': 'IPv6', - 'protocol': 'ipv6-icmp'}, - ] + 'description': description, + 'rules': rules } } |