diff options
| author | Todd Willey <todd@ansolabs.com> | 2011-06-11 18:03:45 -0400 |
|---|---|---|
| committer | Todd Willey <todd@ansolabs.com> | 2011-06-11 18:03:45 -0400 |
| commit | ed3914eafa7d076fdcc03ee958f77528bcf20603 (patch) | |
| tree | b123e5578df1c3c28d6f5e0788dd7572ec890f13 | |
| parent | d1b6ebb4009e13ac2cf2309275a66a634e4f9171 (diff) | |
Add a method to delete provider firewall rules.
| -rw-r--r-- | nova/api/ec2/admin.py | 12 | ||||
| -rw-r--r-- | nova/db/api.py | 10 | ||||
| -rw-r--r-- | nova/db/sqlalchemy/api.py | 21 |
3 files changed, 43 insertions, 0 deletions
diff --git a/nova/api/ec2/admin.py b/nova/api/ec2/admin.py index 37ae2e648..da982d8dc 100644 --- a/nova/api/ec2/admin.py +++ b/nova/api/ec2/admin.py @@ -377,3 +377,15 @@ class AdminController(object): blocks = [{'cidr': b} for b in blocks] return {'externalIpBlockInfo': list(sorted(blocks, key=lambda k: k['cidr']))} + + def remove_external_address_block(self, context, cidr): + LOG.audit(_('Removing ip block from %s'), cidr, context=context) + cidr = urllib.unquote(cidr).decode() + # raise if invalid + IPy.IP(cidr) + rules = db.provider_fw_rule_get_all_by_cidr(context, cidr) + for rule in rules: + db.provider_fw_rule_destroy(context, rule['id']) + if rules: + self.compute_api.trigger_provider_fw_rules_refresh(context) + return {'status': 'OK', 'message': 'Deleted %s rules' % len(rules)} diff --git a/nova/db/api.py b/nova/db/api.py index 798b2881c..62368c438 100644 --- a/nova/db/api.py +++ b/nova/db/api.py @@ -1004,6 +1004,16 @@ def provider_fw_rule_get_all(context): return IMPL.provider_fw_rule_get_all(context) +def provider_fw_rule_get_all_by_cidr(context, cidr): + """Get all provider-level firewall rules.""" + return IMPL.provider_fw_rule_get_all_by_cidr(context) + + +def provider_fw_rule_destroy(context, rule_id): + """Delete a provider firewall rule from the database.""" + return IMPL.provider_fw_rule_destroy(context) + + ################### diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py index 9612e456b..c8802e354 100644 --- a/nova/db/sqlalchemy/api.py +++ b/nova/db/sqlalchemy/api.py @@ -2093,6 +2093,7 @@ def provider_fw_rule_create(context, rule): return fw_rule_ref +@require_admin_context def provider_fw_rule_get_all(context): session = get_session() return session.query(models.ProviderFirewallRule).\ @@ -2100,6 +2101,26 @@ def provider_fw_rule_get_all(context): all() +@require_admin_context +def provider_fw_rule_get_all_by_cidr(context, cidr): + session = get_session() + return session.query(models.ProviderFirewallRule).\ + filter_by(deleted=can_read_deleted(context)).\ + filter_by(cidr=cidr).\ + all() + + +@require_admin_context +def provider_fw_rule_destroy(context, rule_id): + session = get_session() + with session.begin(): + session.query(models.ProviderFirewallRule).\ + filter_by(id=rule_id).\ + update({'deleted': True, + 'deleted_at': utils.utcnow(), + 'updated_at': literal_column('updated_at')}) + + ################### |