188 lines
8.4 KiB
Python
188 lines
8.4 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from neutron_lib.api import converters
|
|
from neutron_lib.api.definitions import constants as api_const
|
|
from neutron_lib import constants
|
|
from neutron_lib.db import constants as db_const
|
|
|
|
# The alias of the extension.
|
|
ALIAS = 'fwaas'
|
|
|
|
# Whether or not this extension is simply signaling behavior to the user
|
|
# or it actively modifies the attribute map.
|
|
IS_SHIM_EXTENSION = False
|
|
|
|
# Whether the extension is marking the adoption of standardattr model for
|
|
# legacy resources, or introducing new standardattr attributes. False or
|
|
# None if the standardattr model is adopted since the introduction of
|
|
# resource extension.
|
|
# If this is True, the alias for the extension should be prefixed with
|
|
# 'standard-attr-'.
|
|
IS_STANDARD_ATTR_EXTENSION = False
|
|
|
|
# The name of the extension.
|
|
NAME = 'FWaaS v1'
|
|
|
|
# The description of the extension.
|
|
DESCRIPTION = "Provides support for firewall-as-a-service version 1"
|
|
|
|
# A timestamp of when the extension was introduced.
|
|
UPDATED_TIMESTAMP = "2016-01-01T10:00:00-00:00"
|
|
|
|
# Base for the API calls
|
|
API_PREFIX = '/fw'
|
|
|
|
RESOURCE_ATTRIBUTE_MAP = {
|
|
api_const.FIREWALL_RULES: {
|
|
'id': {'allow_post': False, 'allow_put': False,
|
|
'validate': {'type:uuid': None},
|
|
'is_visible': True, 'primary_key': True},
|
|
'tenant_id': {'allow_post': True, 'allow_put': False,
|
|
'required_by_policy': True,
|
|
'is_visible': True},
|
|
'name': {'allow_post': True, 'allow_put': True,
|
|
'validate': {'type:string': db_const.NAME_FIELD_SIZE},
|
|
'is_visible': True, 'default': ''},
|
|
'description': {'allow_post': True, 'allow_put': True,
|
|
'validate': {'type:string':
|
|
db_const.DESCRIPTION_FIELD_SIZE},
|
|
'is_visible': True, 'default': ''},
|
|
'firewall_policy_id': {'allow_post': False, 'allow_put': False,
|
|
'validate': {'type:uuid_or_none': None},
|
|
'is_visible': True},
|
|
constants.SHARED: {
|
|
'allow_post': True, 'allow_put': True,
|
|
'default': False,
|
|
'convert_to': converters.convert_to_boolean,
|
|
'is_visible': True, 'required_by_policy': True,
|
|
'enforce_policy': True
|
|
},
|
|
'protocol': {
|
|
'allow_post': True, 'allow_put': True,
|
|
'is_visible': True, 'default': None,
|
|
'convert_to': converters.convert_to_protocol,
|
|
'validate': {'type:values': api_const.FW_PROTOCOL_VALUES}},
|
|
'ip_version': {'allow_post': True, 'allow_put': True,
|
|
'default': 4, 'convert_to': converters.convert_to_int,
|
|
'validate': {'type:values': [4, 6]},
|
|
'is_visible': True},
|
|
'source_ip_address': {'allow_post': True, 'allow_put': True,
|
|
'validate': {'type:ip_or_subnet_or_none':
|
|
None},
|
|
'is_visible': True, 'default': None},
|
|
'destination_ip_address': {'allow_post': True, 'allow_put': True,
|
|
'validate': {'type:ip_or_subnet_or_none':
|
|
None},
|
|
'is_visible': True, 'default': None},
|
|
'source_port': {'allow_post': True, 'allow_put': True,
|
|
'validate': {'type:port_range': None},
|
|
'convert_to': converters.convert_to_string,
|
|
'default': None, 'is_visible': True},
|
|
'destination_port': {'allow_post': True, 'allow_put': True,
|
|
'validate': {'type:port_range': None},
|
|
'convert_to': converters.convert_to_string,
|
|
'default': None, 'is_visible': True},
|
|
'position': {'allow_post': False, 'allow_put': False,
|
|
'default': None, 'is_visible': True},
|
|
'action': {'allow_post': True, 'allow_put': True,
|
|
'convert_to': converters.convert_string_to_case_insensitive,
|
|
'validate': {'type:values':
|
|
api_const.FW_VALID_ACTION_VALUES},
|
|
'is_visible': True, 'default': 'deny'},
|
|
'enabled': {'allow_post': True, 'allow_put': True,
|
|
'default': True, 'is_visible': True,
|
|
'convert_to': converters.convert_to_boolean},
|
|
},
|
|
api_const.FIREWALL_POLICIES: {
|
|
'id': {'allow_post': False, 'allow_put': False,
|
|
'validate': {'type:uuid': None},
|
|
'is_visible': True,
|
|
'primary_key': True},
|
|
'tenant_id': {'allow_post': True, 'allow_put': False,
|
|
'required_by_policy': True,
|
|
'is_visible': True},
|
|
'name': {'allow_post': True, 'allow_put': True,
|
|
'validate': {'type:string': db_const.NAME_FIELD_SIZE},
|
|
'is_visible': True, 'default': ''},
|
|
'description': {'allow_post': True, 'allow_put': True,
|
|
'validate': {'type:string':
|
|
db_const.DESCRIPTION_FIELD_SIZE},
|
|
'is_visible': True, 'default': ''},
|
|
constants.SHARED: {
|
|
'allow_post': True, 'allow_put': True,
|
|
'default': False, 'enforce_policy': True,
|
|
'convert_to': converters.convert_to_boolean,
|
|
'is_visible': True, 'required_by_policy': True
|
|
},
|
|
'firewall_rules': {'allow_post': True, 'allow_put': True,
|
|
'validate': {'type:uuid_list': None},
|
|
'convert_to': converters.convert_none_to_empty_list,
|
|
'default': None, 'is_visible': True},
|
|
'audited': {'allow_post': True, 'allow_put': True,
|
|
'default': False, 'is_visible': True,
|
|
'convert_to': converters.convert_to_boolean},
|
|
},
|
|
api_const.FIREWALLS: {
|
|
'id': {'allow_post': False, 'allow_put': False,
|
|
'validate': {'type:uuid': None},
|
|
'is_visible': True,
|
|
'primary_key': True},
|
|
'tenant_id': {'allow_post': True, 'allow_put': False,
|
|
'required_by_policy': True,
|
|
'is_visible': True},
|
|
'name': {'allow_post': True, 'allow_put': True,
|
|
'validate': {'type:string': db_const.NAME_FIELD_SIZE},
|
|
'is_visible': True, 'default': ''},
|
|
'description': {'allow_post': True, 'allow_put': True,
|
|
'validate': {'type:string':
|
|
db_const.DESCRIPTION_FIELD_SIZE},
|
|
'is_visible': True, 'default': ''},
|
|
'admin_state_up': {'allow_post': True, 'allow_put': True,
|
|
'default': True, 'is_visible': True,
|
|
'convert_to': converters.convert_to_boolean},
|
|
'status': {'allow_post': False, 'allow_put': False,
|
|
'is_visible': True},
|
|
constants.SHARED: {
|
|
'allow_post': True, 'allow_put': True,
|
|
'default': False, 'enforce_policy': True,
|
|
'convert_to': converters.convert_to_boolean,
|
|
'is_visible': False, 'required_by_policy': True
|
|
},
|
|
'firewall_policy_id': {'allow_post': True, 'allow_put': True,
|
|
'validate': {'type:uuid_or_none': None},
|
|
'is_visible': True},
|
|
},
|
|
}
|
|
|
|
# The subresource attribute map for the extension. This extension has only
|
|
# top level resources, not child resources, so this is set to an empty dict.
|
|
SUB_RESOURCE_ATTRIBUTE_MAP = {
|
|
}
|
|
|
|
# The action map.
|
|
ACTION_MAP = {
|
|
'firewall_policy': {'insert_rule': 'PUT', 'remove_rule': 'PUT'},
|
|
}
|
|
|
|
# The action status.
|
|
ACTION_STATUS = {
|
|
}
|
|
|
|
# The list of required extensions.
|
|
REQUIRED_EXTENSIONS = [
|
|
]
|
|
|
|
# The list of optional extensions.
|
|
OPTIONAL_EXTENSIONS = [
|
|
]
|