summaryrefslogtreecommitdiffstats
path: root/nova/api
diff options
context:
space:
mode:
authorTushar Patil <tushar.vitthal.patil@gmail.com>2011-08-21 00:04:29 +0000
committerTarmac <>2011-08-21 00:04:29 +0000
commit271817cdce37c55f29bb9782429ee8b6ad57364e (patch)
tree40483fbcd36ea864039af10969645e184b7d535d /nova/api
parent7924fb7899b02d3cb7420c916e035094d5c90194 (diff)
parentbb989133196744779527e36cba22a76bd44e533b (diff)
downloadnova-271817cdce37c55f29bb9782429ee8b6ad57364e.tar.gz
nova-271817cdce37c55f29bb9782429ee8b6ad57364e.tar.xz
nova-271817cdce37c55f29bb9782429ee8b6ad57364e.zip
Added OS APIs to associate/disassociate security groups to/from instances.
I will add views to return list of security groups associated with the servers later after this branch is merged into trunk. The reason I will do this later is because my previous merge proposal (https://code.launchpad.net/~tpatil/nova/add-options-network-create-os-apis/+merge/68292) is dependent on this work. In this merge proposal I have added a new extension which still uses default OS v1.1 controllers and views, but I am going to override views in this extension to send extra information like security groups.
Diffstat (limited to 'nova/api')
-rw-r--r--nova/api/openstack/contrib/security_groups.py113
-rw-r--r--nova/api/openstack/create_instance_helper.py31
2 files changed, 126 insertions, 18 deletions
diff --git a/nova/api/openstack/contrib/security_groups.py b/nova/api/openstack/contrib/security_groups.py
index 6c57fbb51..1fd64f3b8 100644
--- a/nova/api/openstack/contrib/security_groups.py
+++ b/nova/api/openstack/contrib/security_groups.py
@@ -25,10 +25,11 @@ from nova import db
from nova import exception
from nova import flags
from nova import log as logging
+from nova import rpc
from nova.api.openstack import common
from nova.api.openstack import extensions
from nova.api.openstack import wsgi
-
+from nova.compute import power_state
from xml.dom import minidom
@@ -73,33 +74,28 @@ class SecurityGroupController(object):
context, rule)]
return security_group
- def show(self, req, id):
- """Return data about the given security group."""
- context = req.environ['nova.context']
+ def _get_security_group(self, context, id):
try:
id = int(id)
security_group = db.security_group_get(context, id)
except ValueError:
- msg = _("Security group id is not integer")
- return exc.HTTPBadRequest(explanation=msg)
+ msg = _("Security group id should be integer")
+ raise exc.HTTPBadRequest(explanation=msg)
except exception.NotFound as exp:
- return exc.HTTPNotFound(explanation=unicode(exp))
+ raise exc.HTTPNotFound(explanation=unicode(exp))
+ return security_group
+ def show(self, req, id):
+ """Return data about the given security group."""
+ context = req.environ['nova.context']
+ security_group = self._get_security_group(context, id)
return {'security_group': self._format_security_group(context,
security_group)}
def delete(self, req, id):
"""Delete a security group."""
context = req.environ['nova.context']
- try:
- id = int(id)
- security_group = db.security_group_get(context, id)
- except ValueError:
- msg = _("Security group id is not integer")
- return exc.HTTPBadRequest(explanation=msg)
- except exception.SecurityGroupNotFound as exp:
- return exc.HTTPNotFound(explanation=unicode(exp))
-
+ security_group = self._get_security_group(context, id)
LOG.audit(_("Delete security group %s"), id, context=context)
db.security_group_destroy(context, security_group.id)
@@ -226,9 +222,9 @@ class SecurityGroupRulesController(SecurityGroupController):
security_group_rule = db.security_group_rule_create(context, values)
self.compute_api.trigger_security_group_rules_refresh(context,
- security_group_id=security_group['id'])
+ security_group_id=security_group['id'])
- return {'security_group_rule': self._format_security_group_rule(
+ return {"security_group_rule": self._format_security_group_rule(
context,
security_group_rule)}
@@ -336,6 +332,11 @@ class SecurityGroupRulesController(SecurityGroupController):
class Security_groups(extensions.ExtensionDescriptor):
+
+ def __init__(self):
+ self.compute_api = compute.API()
+ super(Security_groups, self).__init__()
+
def get_name(self):
return "SecurityGroups"
@@ -351,6 +352,82 @@ class Security_groups(extensions.ExtensionDescriptor):
def get_updated(self):
return "2011-07-21T00:00:00+00:00"
+ def _addSecurityGroup(self, input_dict, req, instance_id):
+ context = req.environ['nova.context']
+
+ try:
+ body = input_dict['addSecurityGroup']
+ group_name = body['name']
+ instance_id = int(instance_id)
+ except ValueError:
+ msg = _("Server id should be integer")
+ raise exc.HTTPBadRequest(explanation=msg)
+ except TypeError:
+ msg = _("Missing parameter dict")
+ raise webob.exc.HTTPBadRequest(explanation=msg)
+ except KeyError:
+ msg = _("Security group not specified")
+ raise webob.exc.HTTPBadRequest(explanation=msg)
+
+ if not group_name or group_name.strip() == '':
+ msg = _("Security group name cannot be empty")
+ raise webob.exc.HTTPBadRequest(explanation=msg)
+
+ try:
+ self.compute_api.add_security_group(context, instance_id,
+ group_name)
+ except exception.SecurityGroupNotFound as exp:
+ return exc.HTTPNotFound(explanation=unicode(exp))
+ except exception.InstanceNotFound as exp:
+ return exc.HTTPNotFound(explanation=unicode(exp))
+ except exception.Invalid as exp:
+ return exc.HTTPBadRequest(explanation=unicode(exp))
+
+ return exc.HTTPAccepted()
+
+ def _removeSecurityGroup(self, input_dict, req, instance_id):
+ context = req.environ['nova.context']
+
+ try:
+ body = input_dict['removeSecurityGroup']
+ group_name = body['name']
+ instance_id = int(instance_id)
+ except ValueError:
+ msg = _("Server id should be integer")
+ raise exc.HTTPBadRequest(explanation=msg)
+ except TypeError:
+ msg = _("Missing parameter dict")
+ raise webob.exc.HTTPBadRequest(explanation=msg)
+ except KeyError:
+ msg = _("Security group not specified")
+ raise webob.exc.HTTPBadRequest(explanation=msg)
+
+ if not group_name or group_name.strip() == '':
+ msg = _("Security group name cannot be empty")
+ raise webob.exc.HTTPBadRequest(explanation=msg)
+
+ try:
+ self.compute_api.remove_security_group(context, instance_id,
+ group_name)
+ except exception.SecurityGroupNotFound as exp:
+ return exc.HTTPNotFound(explanation=unicode(exp))
+ except exception.InstanceNotFound as exp:
+ return exc.HTTPNotFound(explanation=unicode(exp))
+ except exception.Invalid as exp:
+ return exc.HTTPBadRequest(explanation=unicode(exp))
+
+ return exc.HTTPAccepted()
+
+ def get_actions(self):
+ """Return the actions the extensions adds"""
+ actions = [
+ extensions.ActionExtension("servers", "addSecurityGroup",
+ self._addSecurityGroup),
+ extensions.ActionExtension("servers", "removeSecurityGroup",
+ self._removeSecurityGroup)
+ ]
+ return actions
+
def get_resources(self):
resources = []
diff --git a/nova/api/openstack/create_instance_helper.py b/nova/api/openstack/create_instance_helper.py
index 978741682..73e48dca5 100644
--- a/nova/api/openstack/create_instance_helper.py
+++ b/nova/api/openstack/create_instance_helper.py
@@ -111,6 +111,15 @@ class CreateInstanceHelper(object):
if personality:
injected_files = self._get_injected_files(personality)
+ sg_names = []
+ security_groups = server_dict.get('security_groups')
+ if security_groups is not None:
+ sg_names = [sg['name'] for sg in security_groups if sg.get('name')]
+ if not sg_names:
+ sg_names.append('default')
+
+ sg_names = list(set(sg_names))
+
try:
flavor_id = self.controller._flavor_id_from_req_data(body)
except ValueError as error:
@@ -164,6 +173,7 @@ class CreateInstanceHelper(object):
reservation_id=reservation_id,
min_count=min_count,
max_count=max_count,
+ security_group=sg_names,
user_data=user_data,
availability_zone=availability_zone))
except quota.QuotaError as error:
@@ -174,6 +184,8 @@ class CreateInstanceHelper(object):
except exception.FlavorNotFound as error:
msg = _("Invalid flavorRef provided.")
raise exc.HTTPBadRequest(explanation=msg)
+ except exception.SecurityGroupNotFound as error:
+ raise exc.HTTPBadRequest(explanation=unicode(error))
# Let the caller deal with unhandled exceptions.
def _handle_quota_error(self, error):
@@ -465,6 +477,10 @@ class ServerXMLDeserializerV11(wsgi.MetadataXMLDeserializer):
if personality is not None:
server["personality"] = personality
+ security_groups = self._extract_security_groups(server_node)
+ if security_groups is not None:
+ server["security_groups"] = security_groups
+
return server
def _extract_personality(self, server_node):
@@ -481,3 +497,18 @@ class ServerXMLDeserializerV11(wsgi.MetadataXMLDeserializer):
return personality
else:
return None
+
+ def _extract_security_groups(self, server_node):
+ """Marshal the security_groups attribute of a parsed request"""
+ node = self.find_first_child_named(server_node, "security_groups")
+ if node is not None:
+ security_groups = []
+ for sg_node in self.find_children_named(node, "security_group"):
+ item = {}
+ name_node = self.find_first_child_named(sg_node, "name")
+ if name_node:
+ item["name"] = self.extract_text(name_node)
+ security_groups.append(item)
+ return security_groups
+ else:
+ return None
generated by cgit (git 2.34.1) at 2026-02-08 11:46:19 +0000