126319cde4
This module will be the base library to implement security groups and generic firewall. It is an independent iptables module, made to be easy to package if used by agents and also inside quantum Using quantum.agent.linux.utils Added support to root_helper Change-Id: Iaa29322477fc2e753b52dc4f01e7c4a561110638
64 lines
2.0 KiB
Python
64 lines
2.0 KiB
Python
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
|
|
|
# Copyright (c) 2012 Openstack, LLC.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
|
|
import os
|
|
import sys
|
|
|
|
|
|
FILTERS_MODULES = ['quantum.rootwrap.linuxbridge-agent',
|
|
'quantum.rootwrap.openvswitch-agent',
|
|
'quantum.rootwrap.ryu-agent',
|
|
'quantum.rootwrap.iptables-firewall-agent']
|
|
|
|
|
|
def load_filters():
|
|
"""Load filters from modules present in quantum.rootwrap."""
|
|
filters = []
|
|
for modulename in FILTERS_MODULES:
|
|
try:
|
|
__import__(modulename)
|
|
module = sys.modules[modulename]
|
|
filters = filters + module.filterlist
|
|
except ImportError:
|
|
# It's OK to have missing filters, since filter modules
|
|
# may be shipped with specific nodes
|
|
pass
|
|
return filters
|
|
|
|
|
|
def match_filter(filters, userargs):
|
|
"""
|
|
Checks user command and arguments through command filters and
|
|
returns the first matching filter, or None is none matched.
|
|
"""
|
|
|
|
found_filter = None
|
|
|
|
for f in filters:
|
|
if f.match(userargs):
|
|
# Try other filters if executable is absent
|
|
if not os.access(f.exec_path, os.X_OK):
|
|
if not found_filter:
|
|
found_filter = f
|
|
continue
|
|
# Otherwise return matching filter for execution
|
|
return f
|
|
|
|
# No filter matched or first missing executable
|
|
return found_filter
|