vmware-nsx/vmware_nsx/extensions/secgroup_rule_local_ip_prefix.py
Roey Chen c60f22384c Extending security-group ingress rule
This adds an extension to the security-group API, using this extension will
allow a user to define rules with the notation of local-prefix-ip, which
matches on the destination address of packets going into the port.
One may use this extended API in order to specify a specific set of
multicast groups addresses in which a port (or group of ports) should
be allowed to accept packets from.

Change-Id: I9756cb27395b7b936dbfa94f403d98ac43c2e872
2016-03-03 07:22:48 -08:00

64 lines
1.9 KiB
Python

# Copyright 2016 VMware, Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from neutron.api import extensions
from neutron.api.v2 import attributes as attr
from neutron.extensions import securitygroup
LOCAL_IP_PREFIX = 'local_ip_prefix'
RESOURCE_ATTRIBUTE_MAP = {
'security_group_rules': {
LOCAL_IP_PREFIX: {
'allow_post': True,
'allow_put': False,
'convert_to': securitygroup.convert_ip_prefix_to_cidr,
'default': attr.ATTR_NOT_SPECIFIED,
'enforce_policy': True,
'is_visible': True}
}
}
class Secgroup_rule_local_ip_prefix(extensions.ExtensionDescriptor):
"""Extension class to add support for specifying local-ip-prefix in a
security-group rule.
"""
@classmethod
def get_name(cls):
return "Security Group rule local ip prefix"
@classmethod
def get_alias(cls):
return "secgroup-rule-local-ip-prefix"
@classmethod
def get_description(cls):
return ("Enable to specify the 'local-ip-prefix' when creating a "
"security-group rule.")
@classmethod
def get_updated(cls):
return "2016-03-01T10:00:00-00:00"
def get_required_extensions(self):
return ["security-group"]
def get_extended_resources(self, version):
if version == "2.0":
return RESOURCE_ATTRIBUTE_MAP
else:
return {}