diff options
author | rexlee8776 <limingjiang@huawei.com> | 2018-08-08 08:54:59 +0000 |
---|---|---|
committer | Rex Lee <limingjiang@huawei.com> | 2018-08-27 03:45:49 +0000 |
commit | ac4587e04248eb53c4df9519b6f918567949bedc (patch) | |
tree | c33f0fc1002072eacb7eff7b1749b174f647a0d1 /yardstick/orchestrator | |
parent | 8af5c098fb0f30cc1bda0dd4431dbce1b2403a16 (diff) |
Make security group configurable - dovetail
Make sercurity group can be configured via the context.
The format would be:
context:
name: demo
image: yardstick-image
flavor: yardstick-flavor
user: ubuntu
security_group:
rules:
- remote_ip_prefix: "0.0.0.0/0"
protocol: "tcp"
port_range_min: 1
port_range_max: 65535
- remote_ip_prefix: "0.0.0.0/0"
protocol: "udp"
port_range_min: 1
port_range_max: 65535
- remote_ip_prefix: "0.0.0.0/0"
protocol: "icmp"
JIRA: YARDSTICK-1360
Change-Id: I00c45767ee2d70b790590e824599d5a4c274bced
Signed-off-by: rexlee8776 <limingjiang@huawei.com>
(cherry picked from commit cea576574ac0554c1320179bffe6965ac1333972)
Diffstat (limited to 'yardstick/orchestrator')
-rw-r--r-- | yardstick/orchestrator/heat.py | 121 |
1 files changed, 65 insertions, 56 deletions
diff --git a/yardstick/orchestrator/heat.py b/yardstick/orchestrator/heat.py index bfc1f7061..d2d13aaeb 100644 --- a/yardstick/orchestrator/heat.py +++ b/yardstick/orchestrator/heat.py @@ -479,68 +479,77 @@ name (i.e. %s). 'value': {'get_resource': name} } - def add_security_group(self, name): + def add_security_group(self, name, security_group=None): """add to the template a Neutron SecurityGroup""" log.debug("adding Neutron::SecurityGroup '%s'", name) + description = ("Group allowing IPv4 and IPv6 for icmp and upd/tcp on" + "all ports") + rules = [ + {'remote_ip_prefix': '0.0.0.0/0', + 'protocol': 'tcp', + 'port_range_min': '1', + 'port_range_max': '65535'}, + {'remote_ip_prefix': '0.0.0.0/0', + 'protocol': 'udp', + 'port_range_min': '1', + 'port_range_max': '65535'}, + {'remote_ip_prefix': '0.0.0.0/0', + 'protocol': 'icmp'}, + {'remote_ip_prefix': '::/0', + 'ethertype': 'IPv6', + 'protocol': 'tcp', + 'port_range_min': '1', + 'port_range_max': '65535'}, + {'remote_ip_prefix': '::/0', + 'ethertype': 'IPv6', + 'protocol': 'udp', + 'port_range_min': '1', + 'port_range_max': '65535'}, + {'remote_ip_prefix': '::/0', + 'ethertype': 'IPv6', + 'protocol': 'ipv6-icmp'}, + {'remote_ip_prefix': '0.0.0.0/0', + 'direction': 'egress', + 'protocol': 'tcp', + 'port_range_min': '1', + 'port_range_max': '65535'}, + {'remote_ip_prefix': '0.0.0.0/0', + 'direction': 'egress', + 'protocol': 'udp', + 'port_range_min': '1', + 'port_range_max': '65535'}, + {'remote_ip_prefix': '0.0.0.0/0', + 'direction': 'egress', + 'protocol': 'icmp'}, + {'remote_ip_prefix': '::/0', + 'direction': 'egress', + 'ethertype': 'IPv6', + 'protocol': 'tcp', + 'port_range_min': '1', + 'port_range_max': '65535'}, + {'remote_ip_prefix': '::/0', + 'direction': 'egress', + 'ethertype': 'IPv6', + 'protocol': 'udp', + 'port_range_min': '1', + 'port_range_max': '65535'}, + {'remote_ip_prefix': '::/0', + 'direction': 'egress', + 'ethertype': 'IPv6', + 'protocol': 'ipv6-icmp'}, + ] + if security_group: + description = "Custom security group rules defined by the user" + rules = security_group.get('rules') + + log.debug("The security group rules is %s", rules) + self.resources[name] = { 'type': 'OS::Neutron::SecurityGroup', 'properties': { 'name': name, - 'description': "Group allowing IPv4 and IPv6 for icmp and upd/tcp on all ports", - 'rules': [ - {'remote_ip_prefix': '0.0.0.0/0', - 'protocol': 'tcp', - 'port_range_min': '1', - 'port_range_max': '65535'}, - {'remote_ip_prefix': '0.0.0.0/0', - 'protocol': 'udp', - 'port_range_min': '1', - 'port_range_max': '65535'}, - {'remote_ip_prefix': '0.0.0.0/0', - 'protocol': 'icmp'}, - {'remote_ip_prefix': '::/0', - 'ethertype': 'IPv6', - 'protocol': 'tcp', - 'port_range_min': '1', - 'port_range_max': '65535'}, - {'remote_ip_prefix': '::/0', - 'ethertype': 'IPv6', - 'protocol': 'udp', - 'port_range_min': '1', - 'port_range_max': '65535'}, - {'remote_ip_prefix': '::/0', - 'ethertype': 'IPv6', - 'protocol': 'ipv6-icmp'}, - {'remote_ip_prefix': '0.0.0.0/0', - 'direction': 'egress', - 'protocol': 'tcp', - 'port_range_min': '1', - 'port_range_max': '65535'}, - {'remote_ip_prefix': '0.0.0.0/0', - 'direction': 'egress', - 'protocol': 'udp', - 'port_range_min': '1', - 'port_range_max': '65535'}, - {'remote_ip_prefix': '0.0.0.0/0', - 'direction': 'egress', - 'protocol': 'icmp'}, - {'remote_ip_prefix': '::/0', - 'direction': 'egress', - 'ethertype': 'IPv6', - 'protocol': 'tcp', - 'port_range_min': '1', - 'port_range_max': '65535'}, - {'remote_ip_prefix': '::/0', - 'direction': 'egress', - 'ethertype': 'IPv6', - 'protocol': 'udp', - 'port_range_min': '1', - 'port_range_max': '65535'}, - {'remote_ip_prefix': '::/0', - 'direction': 'egress', - 'ethertype': 'IPv6', - 'protocol': 'ipv6-icmp'}, - ] + 'description': description, + 'rules': rules } } |