1
# vim: tabstop=4 shiftwidth=4 softtabstop=4
3
# Licensed under the Apache License, Version 2.0 (the "License"); you may
4
# not use this file except in compliance with the License. You may obtain
5
# a copy of the License at
7
# http://www.apache.org/licenses/LICENSE-2.0
9
# Unless required by applicable law or agreed to in writing, software
10
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12
# License for the specific language governing permissions and limitations
15
from heat.engine import clients
16
from heat.engine.resources.neutron import neutron
17
from heat.engine import scheduler
19
if clients.neutronclient is not None:
20
from neutronclient.common.exceptions import NeutronClientException
22
from heat.openstack.common import log as logging
24
logger = logging.getLogger(__name__)
27
class Firewall(neutron.NeutronResource):
29
A resource for the Firewall resource in Neutron FWaaS.
32
properties_schema = {'name': {'Type': 'String'},
33
'description': {'Type': 'String'},
34
'admin_state_up': {'Type': 'Boolean',
36
'firewall_policy_id': {'Type': 'String',
40
'id': 'unique identifier for the Firewall',
41
'name': 'name for the Firewall',
42
'description': 'description of the Firewall',
43
'admin_state_up': 'the administrative state of the Firewall',
44
'firewall_policy_id': 'unique identifier of the FirewallPolicy used to'
45
'create the Firewall',
46
'status': 'the status of the Firewall',
47
'tenant_id': 'Id of the tenant owning the Firewall'
50
update_allowed_keys = ('Properties',)
51
update_allowed_properties = ('name', 'description', 'admin_state_up',
54
def _show_resource(self):
55
return self.neutron().show_firewall(self.resource_id)['firewall']
57
def handle_create(self):
58
props = self.prepare_properties(
60
self.physical_resource_name())
61
firewall = self.neutron().create_firewall({'firewall': props})[
63
self.resource_id_set(firewall['id'])
65
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
67
self.neutron().update_firewall(
68
self.resource_id, {'firewall': prop_diff})
70
def handle_delete(self):
71
client = self.neutron()
73
client.delete_firewall(self.resource_id)
74
except NeutronClientException as ex:
75
if ex.status_code != 404:
78
return scheduler.TaskRunner(self._confirm_delete)()
81
class FirewallPolicy(neutron.NeutronResource):
83
A resource for the FirewallPolicy resource in Neutron FWaaS.
86
properties_schema = {'name': {'Type': 'String'},
87
'description': {'Type': 'String'},
88
'shared': {'Type': 'Boolean',
90
'audited': {'Type': 'Boolean',
92
'firewall_rules': {'Type': 'List',
96
'id': 'unique identifier for the FirewallPolicy',
97
'name': 'name for the FirewallPolicy',
98
'description': 'description of the FirewallPolicy',
99
'firewall_rules': 'list of FirewallRules in this FirewallPolicy',
100
'shared': 'shared status of this FirewallPolicy',
101
'audited': 'audit status of this FirewallPolicy',
102
'tenant_id': 'Id of the tenant owning the FirewallPolicy'
105
update_allowed_keys = ('Properties',)
106
update_allowed_properties = ('name', 'description', 'shared',
107
'audited', 'firewall_rules')
109
def _show_resource(self):
110
return self.neutron().show_firewall_policy(self.resource_id)[
113
def handle_create(self):
114
props = self.prepare_properties(
116
self.physical_resource_name())
117
firewall_policy = self.neutron().create_firewall_policy(
118
{'firewall_policy': props})['firewall_policy']
119
self.resource_id_set(firewall_policy['id'])
121
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
123
self.neutron().update_firewall_policy(
124
self.resource_id, {'firewall_policy': prop_diff})
126
def handle_delete(self):
127
client = self.neutron()
129
client.delete_firewall_policy(self.resource_id)
130
except NeutronClientException as ex:
131
if ex.status_code != 404:
134
return scheduler.TaskRunner(self._confirm_delete)()
137
class FirewallRule(neutron.NeutronResource):
139
A resource for the FirewallRule resource in Neutron FWaaS.
142
properties_schema = {'name': {'Type': 'String'},
143
'description': {'Type': 'String'},
144
'shared': {'Type': 'Boolean',
146
'protocol': {'Type': 'String',
147
'AllowedValues': ['tcp', 'udp', 'icmp',
150
'ip_version': {'Type': 'String',
151
'AllowedValues': ['4', '6'],
153
'source_ip_address': {'Type': 'String',
155
'destination_ip_address': {'Type': 'String',
157
'source_port': {'Type': 'String',
159
'destination_port': {'Type': 'String',
161
'action': {'Type': 'String',
162
'AllowedValues': ['allow', 'deny'],
164
'enabled': {'Type': 'Boolean',
167
attributes_schema = {
168
'id': 'unique identifier for the FirewallRule',
169
'name': 'name for the FirewallRule',
170
'description': 'description of the FirewallRule',
171
'firewall_policy_id': 'unique identifier of the FirewallPolicy to'
172
'which this FirewallRule belongs',
173
'shared': 'shared status of this FirewallRule',
174
'protocol': 'protocol value for this FirewallRule',
175
'ip_version': 'ip_version for this FirewallRule',
176
'source_ip_address': 'source ip_address for this FirewallRule',
177
'destination_ip_address': 'destination ip_address for this'
179
'source_port': 'source port range for this FirewallRule',
180
'destination_port': 'destination port range for this FirewallRule',
181
'action': 'allow or deny action for this FirewallRule',
182
'enabled': 'indicates whether this FirewallRule is enabled or not',
183
'position': 'position of the rule within the FirewallPolicy',
184
'tenant_id': 'Id of the tenant owning the Firewall'
187
update_allowed_keys = ('Properties',)
188
update_allowed_properties = ('name', 'description', 'shared',
189
'protocol', 'ip_version', 'source_ip_address',
190
'destination_ip_address', 'source_port',
191
'destination_port', 'action', 'enabled')
193
def _show_resource(self):
194
return self.neutron().show_firewall_rule(
195
self.resource_id)['firewall_rule']
197
def handle_create(self):
198
props = self.prepare_properties(
200
self.physical_resource_name())
201
firewall_rule = self.neutron().create_firewall_rule(
202
{'firewall_rule': props})['firewall_rule']
203
self.resource_id_set(firewall_rule['id'])
205
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
207
self.neutron().update_firewall_rule(
208
self.resource_id, {'firewall_rule': prop_diff})
210
def handle_delete(self):
211
client = self.neutron()
213
client.delete_firewall_rule(self.resource_id)
214
except NeutronClientException as ex:
215
if ex.status_code != 404:
218
return scheduler.TaskRunner(self._confirm_delete)()
221
def resource_mapping():
222
if clients.neutronclient is None:
226
'OS::Neutron::Firewall': Firewall,
227
'OS::Neutron::FirewallPolicy': FirewallPolicy,
228
'OS::Neutron::FirewallRule': FirewallRule,