c60f22384c
This adds an extension to the security-group API, using this extension will allow a user to define rules with the notation of local-prefix-ip, which matches on the destination address of packets going into the port. One may use this extended API in order to specify a specific set of multicast groups addresses in which a port (or group of ports) should be allowed to accept packets from. Change-Id: I9756cb27395b7b936dbfa94f403d98ac43c2e872
64 lines
1.9 KiB
Python
64 lines
1.9 KiB
Python
# Copyright 2016 VMware, Inc. All rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from neutron.api import extensions
|
|
from neutron.api.v2 import attributes as attr
|
|
from neutron.extensions import securitygroup
|
|
|
|
LOCAL_IP_PREFIX = 'local_ip_prefix'
|
|
|
|
RESOURCE_ATTRIBUTE_MAP = {
|
|
'security_group_rules': {
|
|
LOCAL_IP_PREFIX: {
|
|
'allow_post': True,
|
|
'allow_put': False,
|
|
'convert_to': securitygroup.convert_ip_prefix_to_cidr,
|
|
'default': attr.ATTR_NOT_SPECIFIED,
|
|
'enforce_policy': True,
|
|
'is_visible': True}
|
|
}
|
|
}
|
|
|
|
|
|
class Secgroup_rule_local_ip_prefix(extensions.ExtensionDescriptor):
|
|
"""Extension class to add support for specifying local-ip-prefix in a
|
|
security-group rule.
|
|
"""
|
|
|
|
@classmethod
|
|
def get_name(cls):
|
|
return "Security Group rule local ip prefix"
|
|
|
|
@classmethod
|
|
def get_alias(cls):
|
|
return "secgroup-rule-local-ip-prefix"
|
|
|
|
@classmethod
|
|
def get_description(cls):
|
|
return ("Enable to specify the 'local-ip-prefix' when creating a "
|
|
"security-group rule.")
|
|
|
|
@classmethod
|
|
def get_updated(cls):
|
|
return "2016-03-01T10:00:00-00:00"
|
|
|
|
def get_required_extensions(self):
|
|
return ["security-group"]
|
|
|
|
def get_extended_resources(self, version):
|
|
if version == "2.0":
|
|
return RESOURCE_ATTRIBUTE_MAP
|
|
else:
|
|
return {}
|