695bf560c0
blueprint quantum-security-group Rule table view * Add direction and ethertype columns (which are specific to Neutron) It may be better to hide "Direction" and "Ether Type" columns unless Quantum security group is enabled. * Merge ip_protocol/from_port/to_port into one column for better view * Use "::/0" for IPv6 ANY instead of "0.0.0.0/0" * Rename "Source" column to "Remote". (The naming "source" does not fit egress rules) * Display security group name in the title of rule detail view Rule creation form * New arguments 'direction' and 'ethertype' in security_group_rule_create() * Set the default value of 'direction' to 'ingress' in forms.handle() * Rename 'ip_protocol' to 'rule_menu' and 'source' to 'remote' Note that rule_menu is retrieved from rule.ip_protocol in the unit tests since they are tests for custom TCP/UDP/ICMP rules. Network abstraction layer for security group management * Move security group methods to api.network * Add Neutron security group API implementation * Move base classes for network abstraction to a separate module (api/network_base.py) to avoid circulated import between api.network and api.nova/api.neutron Add a configuration parameter to control Neutron security group support * Neutron security group support is enabled when Neutron is enabled and enable_security_group in OPENSTACK_NEUTRON_NETWORK in settings is True. * Not all neutron plugins support security group, so we need a way to control neutron security group is enabled or not. * It can be determined by supported extension list from Neutron and it is a possible future work. Move get_int_or_uuid to openstack_dashboard/utils/filters. * get_int_or_uuid is now used in security_group implementation as well as floating IP logics. * In addition the depth of the directory tree becomes longer and it is hard to fit the import line in 80 chars. It is a good chance to move it to a common directory. Add __repr__ to API**Wrapper to make it easier to debug. Limitations: Neutron supports per-port security group. security groups can be associated with a port instead of an instace and each port can have a different set of security groups. It is not a scope of this BP and is a future work. Change-Id: I5410e88043a364596037b9ebcc566cd50b317614
39 lines
1.2 KiB
Python
39 lines
1.2 KiB
Python
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
|
|
|
# Copyright 2012 Nebula, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from django.core.exceptions import ValidationError
|
|
|
|
from horizon import conf
|
|
|
|
|
|
def validate_port_range(port):
|
|
if port not in range(-1, 65536):
|
|
raise ValidationError("Not a valid port number")
|
|
|
|
|
|
def validate_ip_protocol(ip_proto):
|
|
if ip_proto not in range(-1, 256):
|
|
raise ValidationError("%s is not a valid ip protocol number" %
|
|
type(ip_proto))
|
|
|
|
|
|
def password_validator():
|
|
return conf.HORIZON_CONFIG["password_validator"]["regex"]
|
|
|
|
|
|
def password_validator_msg():
|
|
return conf.HORIZON_CONFIG["password_validator"]["help_text"]
|