Summary: Add two neutron api about creating and deleting a firewall rule.

Description: Add function create_firewall_rule in salt/modules/neutron.py Add function delete_firewall_rule in salt/modules/neutron.py Add object function create_firewall_rule in salt/utils/openstack/neutron.py Add object function delete_firewall_rule in salt/utils/openstack/neutron.py Add object function _find_firewall_rule_id in salt/utils/openstack/neutron.py
2024-11-08 17:33:54 +00:00 · 2015-12-10 19:25:53 +08:00 · 2015-12-10 19:25:53 +08:00 · bc5505fa77
commit bc5505fa77
parent 58bccde0ff
2 changed files with 83 additions and 0 deletions
--- a/salt/modules/neutron.py
+++ b/salt/modules/neutron.py
@ -1405,6 +1405,54 @@ def show_firewall_rule(firewall_rule, profile=None):
    return conn.show_firewall_rule(firewall_rule)


+def create_firewall_rule(protocol, action, profile=None, **kwargs):
+    '''
+    Creates a new firewall rule
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt '*' neutron.create_firewall_rule protocol action
+                tenant_id=TENANT_ID name=NAME description=DESCRIPTION ip_version=IP_VERSION
+                source_ip_address=SOURCE_IP_ADDRESS destination_ip_address=DESTINATION_IP_ADDRESS source_port=SOURCE_PORT
+                destination_port=DESTINATION_PORT shared=SHARED enabled=ENABLED
+    
+    :param protocol: Protocol for the firewall rule, choose "tcp","udp","icmp" or "None".
+    :param action: Action for the firewall rule, choose "allow" or "deny".
+    :param tenant_id: The owner tenant ID. (Optional)
+    :param name: Name for the firewall rule. (Optional)
+    :param description: Description for the firewall rule. (Optional)
+    :param ip_version: IP protocol version, default: 4. (Optional)
+    :param source_ip_address: Source IP address or subnet. (Optional)
+    :param destination_ip_address: Destination IP address or subnet. (Optional)
+    :param source_port: Source port (integer in [1, 65535] or range in a:b). (Optional)
+    :param destination_port: Destination port (integer in [1, 65535] or range in a:b). (Optional)
+    :param shared: Set shared to True, default: False. (Optional)
+    :param enabled: To enable this rule, default: True. (Optional)
+    '''
+    conn = _auth(profile)
+    return conn.create_firewall_rule(protocol, action, **kwargs)
+
+
+def delete_firewall_rule(firewall_rule, profile=None):
+    '''
+    Deletes the specified firewall_rule
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt '*' neutron.delete_firewall_rule firewall-rule
+
+    :param firewall_rule: ID or name of firewall rule to delete
+    :param profile: Profile to build on (Optional)
+    :return: True(Succeed) or False
+    '''
+    conn = _auth(profile)
+    return conn.delete_firewall_rule(firewall_rule)
+
+
 # The following is a list of functions that need to be incorporated in the
 # neutron module. This list should be updated as functions are added.
 #
--- a/salt/utils/openstack/neutron.py
+++ b/salt/utils/openstack/neutron.py
@ -125,6 +125,10 @@ class SaltNeutron(NeutronShell):
        resource = self._fetch_ipsecpolicy(resource)
        return resource['id']

+    def _find_firewall_rule_id(self, resource):
+        resource = self._fetch_firewall_rule(resource)
+        return resource['id']
+
    def _fetch_port(self, name_or_id):
        resources = self.list_ports()['ports']
        return self._fetch(resources, name_or_id)
@ -758,6 +762,37 @@ class SaltNeutron(NeutronShell):
        '''
        return self._fetch_firewall_rule(firewall_rule)

+    def create_firewall_rule(self, protocol, action, **kwargs):
+        '''
+        Create a new firlwall rule
+        '''
+        body = {'protocol': protocol, 'action': action}
+        if 'tenant_id' in kwargs:
+            body['tenant_id'] = kwargs['tenant_id']
+        if 'name' in kwargs:
+            body['name'] = kwargs['name']
+        if 'description' in kwargs:
+            body['description'] = kwargs['description']
+        if 'ip_version' in kwargs:
+            body['ip_version'] = kwargs['ip_version']
+        if 'source_ip_address' in kwargs:
+            body['source_ip_address'] = kwargs['source_ip_address']
+        if 'destination_port' in kwargs:
+            body['destination_port'] = kwargs['destination_port']
+        if 'shared' in kwargs:
+            body['shared'] = kwargs['shared']
+        if 'enabled' in kwargs:
+            body['enabled'] = kwargs['enabled']
+        return self.network_conn.create_firewall_rule(body={'firewall_rule': body})
+
+    def delete_firewall_rule(self, firewall_rule):
+        '''
+        Deletes the specified firewall rule
+        '''
+        firewall_rule_id = self._find_firewall_rule_id(firewall_rule)
+        ret = self.network_conn.delete_firewall_rule(firewall_rule_id)
+        return ret if ret else True
+
 # The following is a list of functions that need to be incorporated in the
 # neutron module. This list should be updated as functions are added.
 #