From e91955ba3dd6c8c641ce6ed7008e60655fd842c5 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Mon, 28 Mar 2022 08:31:53 +0200 Subject: [PATCH 1/2] Fix 1338 --- IM/connectors/Azure.py | 2 +- IM/connectors/OpenStack.py | 21 +++++++++++---------- IM/tosca/Tosca.py | 11 ++++------- test/files/tosca_long.yml | 5 +++++ test/unit/Tosca.py | 3 ++- test/unit/connectors/OpenStack.py | 1 + 6 files changed, 24 insertions(+), 19 deletions(-) diff --git a/IM/connectors/Azure.py b/IM/connectors/Azure.py index 19c029949..e984d9995 100644 --- a/IM/connectors/Azure.py +++ b/IM/connectors/Azure.py @@ -388,7 +388,7 @@ def create_nsg(self, location, group_name, nsg_name, outports, network_client, i outport.get_port_end()) sr['destination_port_range'] = "%d-%d" % (outport.get_port_init(), outport.get_port_end()) security_rules.append(sr) - elif outport.get_local_port() != 22: + else: sr['name'] = 'sr-%s-%d-%d' % (outport.get_protocol(), outport.get_remote_port(), outport.get_local_port()) diff --git a/IM/connectors/OpenStack.py b/IM/connectors/OpenStack.py index 1183f3bf8..618045379 100644 --- a/IM/connectors/OpenStack.py +++ b/IM/connectors/OpenStack.py @@ -1543,17 +1543,18 @@ def create_security_groups(self, driver, inf, radl): outport.get_remote_cidr()) except Exception as ex: self.log_warn("Exception adding SG rules: %s" % get_ex_error(ex)) + self.error_messages += ("Exception adding port range: %s-%s to SG rules.\n" % + outport.get_port_init(), outport.get_port_end()) else: - if outport.get_remote_port() != 22 or not network.isPublic(): - try: - driver.ex_create_security_group_rule(sg, outport.get_protocol(), - outport.get_remote_port(), - outport.get_remote_port(), - outport.get_remote_cidr()) - except Exception as ex: - self.log_warn("Exception adding SG rules: %s" % get_ex_error(ex)) - self.error_messages += ("Exception adding port %s to SG rules.\n" % - outport.get_remote_port()) + try: + driver.ex_create_security_group_rule(sg, outport.get_protocol(), + outport.get_remote_port(), + outport.get_remote_port(), + outport.get_remote_cidr()) + except Exception as ex: + self.log_warn("Exception adding SG rules: %s" % get_ex_error(ex)) + self.error_messages += ("Exception adding port %s to SG rules.\n" % + outport.get_remote_port()) return res diff --git a/IM/tosca/Tosca.py b/IM/tosca/Tosca.py index 4c5d38874..89997e117 100644 --- a/IM/tosca/Tosca.py +++ b/IM/tosca/Tosca.py @@ -347,11 +347,11 @@ def _format_outports(ports_dict): for port in ports_dict.values(): protocol = "tcp" source_range = None - remote_cidr = None + remote_cidr = "" if "protocol" in port: protocol = port["protocol"] if "remote_cidr" in port: - remote_cidr = port["remote_cidr"] + remote_cidr = "%s-" % port["remote_cidr"] if "source_range" in port: source_range = port["source_range"] else: @@ -368,14 +368,11 @@ def _format_outports(ports_dict): if source_range: if res: res += "," - res += "%s:%s/%s" % (source_range[0], source_range[1], protocol) + res += "%s%s:%s/%s" % (remote_cidr, source_range[0], source_range[1], protocol) else: if res: res += "," - res += "%s/%s-%s/%s" % (remote_port, protocol, local_port, protocol) - - if remote_cidr: - res = "%s-%s" % (remote_cidr, res) + res += "%s%s/%s-%s/%s" % (remote_cidr, remote_port, protocol, local_port, protocol) return res diff --git a/test/files/tosca_long.yml b/test/files/tosca_long.yml index 4d5b777eb..6f91c302e 100644 --- a/test/files/tosca_long.yml +++ b/test/files/tosca_long.yml @@ -158,6 +158,11 @@ topology_template: http_port: protocol: tcp source: 10000 + remote_cidr: 0.0.0.0/0 + other_port: + protocol: tcp + source: 80 + remote_cidr: 8.0.0.0/24 scalable: properties: count: 1 diff --git a/test/unit/Tosca.py b/test/unit/Tosca.py index d376a5ad4..9577bd1a6 100755 --- a/test/unit/Tosca.py +++ b/test/unit/Tosca.py @@ -70,7 +70,8 @@ def test_tosca_to_radl(self): self.assertIn('80/tcp-80/tcp', net1.getValue("outports")) self.assertIn('8080/tcp-8080/tcp', net1.getValue("outports")) - self.assertIn('10000/tcp-10000/tcp', net2.getValue("outports")) + self.assertIn('0.0.0.0/0-10000/tcp-10000/tcp', net2.getValue("outports")) + self.assertIn('8.0.0.0/24-80/tcp-80/tcp', net2.getValue("outports")) lrms_wn = radl.get_system_by_name('lrms_wn') self.assertEqual(lrms_wn.getValue('memory.size'), 2000000000) diff --git a/test/unit/connectors/OpenStack.py b/test/unit/connectors/OpenStack.py index ffe6a0399..87402d670 100644 --- a/test/unit/connectors/OpenStack.py +++ b/test/unit/connectors/OpenStack.py @@ -270,6 +270,7 @@ def test_20_launch(self, get_image_data, save_data, get_driver): ] self.assertEqual(driver.create_node.call_args_list[0][1]['ex_blockdevicemappings'], mappings) self.assertEqual(driver.ex_create_subnet.call_args_list[0][0][2], "10.0.1.0/24") + self.assertEqual(driver.ex_create_security_group_rule.call_args_list[8][0][1:], ('tcp', 22, 22, '0.0.0.0/0')) # test with proxy auth data auth = Authentication([{'id': 'ost', 'type': 'OpenStack', 'proxy': 'proxy', From bb247493a8ea0f3ea2914283f1930342100b4609 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Mon, 28 Mar 2022 08:37:26 +0200 Subject: [PATCH 2/2] =?UTF-8?q?Fix=20sty=C3=B1e?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- IM/connectors/OpenStack.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/IM/connectors/OpenStack.py b/IM/connectors/OpenStack.py index 618045379..a758891f8 100644 --- a/IM/connectors/OpenStack.py +++ b/IM/connectors/OpenStack.py @@ -1548,9 +1548,9 @@ def create_security_groups(self, driver, inf, radl): else: try: driver.ex_create_security_group_rule(sg, outport.get_protocol(), - outport.get_remote_port(), - outport.get_remote_port(), - outport.get_remote_cidr()) + outport.get_remote_port(), + outport.get_remote_port(), + outport.get_remote_cidr()) except Exception as ex: self.log_warn("Exception adding SG rules: %s" % get_ex_error(ex)) self.error_messages += ("Exception adding port %s to SG rules.\n" %