Skip to content

Commit

Permalink
fixed rule setting for security groups
Browse files Browse the repository at this point in the history
  • Loading branch information
XaverStiensmeier committed Sep 29, 2023
1 parent 93cbdd7 commit 43eaba3
Showing 2 changed files with 20 additions and 16 deletions.
14 changes: 8 additions & 6 deletions bibigrid/core/actions/create.py
Original file line number Diff line number Diff line change
@@ -148,10 +148,11 @@ def generate_security_groups(self):
# allow incoming traffic from all other local provider networks
for tmp_configuration in self.configurations:
if tmp_configuration != configuration:
rules.append(
{"direction": "ingress", "ethertype": "IPv4", "protocol": "tcp", "port_range_min": None,
"port_range_max": None, "remote_ip_prefix": tmp_configuration['subnet_cidrs'],
"remote_group_id": None})
for cidr in tmp_configuration['subnet_cidrs']:
rules.append(
{"direction": "ingress", "ethertype": "IPv4", "protocol": "tcp", "port_range_min": None,
"port_range_max": None, "remote_ip_prefix": cidr,
"remote_group_id": None})
provider.append_rules_to_security_group(default_security_group_id, rules)
configuration["security_groups"] = [self.default_security_group_name] # store in configuration
# when running a multi-cloud setup create an additional wireguard group
@@ -351,8 +352,9 @@ def extended_network_configuration(self):
f"{configuration_a['private_v4']} --> allowed_address_pair({configuration_a['mac_addr']},"
f"{configuration_b['subnet_cidrs']})")
# add provider_b network as allowed network
allowed_addresses.append(
{'ip_address': configuration_b["subnet_cidrs"], 'mac_address': configuration_a["mac_addr"]})
for cidr in configuration_b["subnet_cidrs"]:
allowed_addresses.append(
{'ip_address': cidr, 'mac_address': configuration_a["mac_addr"]})
# configure security group rules
provider_a.append_rules_to_security_group(self.wireguard_security_group_name, [
{"direction": "ingress", "ethertype": "IPv4", "protocol": "udp", "port_range_min": 51820,
22 changes: 12 additions & 10 deletions bibigrid/openstack/openstack_provider.py
Original file line number Diff line number Diff line change
@@ -48,8 +48,8 @@ def create_session(self, app_name="openstack_scripts", app_version="1.0"):
auth = self.cloud_specification["auth"]
if all(key in auth for key in ["auth_url", "application_credential_id", "application_credential_secret"]):
auth_session = v3.ApplicationCredential(auth_url=auth["auth_url"],
application_credential_id=auth["application_credential_id"],
application_credential_secret=auth["application_credential_secret"])
application_credential_id=auth["application_credential_id"],
application_credential_secret=auth["application_credential_secret"])
elif all(key in auth for key in ["auth_url", "username", "password", "project_id", "user_domain_name"]):
auth_session = v3.Password(auth_url=auth["auth_url"], username=auth["username"], password=auth["password"],
project_id=auth["project_id"], user_domain_name=auth["user_domain_name"])
@@ -64,14 +64,16 @@ def create_session(self, app_name="openstack_scripts", app_version="1.0"):
def create_connection(self, app_name="openstack_bibigrid", app_version=version.__version__):
auth = self.cloud_specification["auth"]
return openstack.connect(load_yaml_config=False, load_envvars=False, auth_url=auth["auth_url"],
project_name=auth.get("project_name"), username=auth.get("username"), password=auth.get("password"),
region_name=self.cloud_specification["region_name"], user_domain_name=auth.get("user_domain_name"),
project_domain_name=auth.get("user_domain_name"), app_name=app_name, app_version=app_version,
application_credential_id=auth.get("application_credential_id"),
application_credential_secret=auth.get("application_credential_secret"),
interface=self.cloud_specification.get("interface"),
identity_api_version=self.cloud_specification.get("identity_api_version"),
auth_type=self.cloud_specification.get("auth_type"))
project_name=auth.get("project_name"), username=auth.get("username"),
password=auth.get("password"), region_name=self.cloud_specification["region_name"],
user_domain_name=auth.get("user_domain_name"),
project_domain_name=auth.get("user_domain_name"), app_name=app_name,
app_version=app_version,
application_credential_id=auth.get("application_credential_id"),
application_credential_secret=auth.get("application_credential_secret"),
interface=self.cloud_specification.get("interface"),
identity_api_version=self.cloud_specification.get("identity_api_version"),
auth_type=self.cloud_specification.get("auth_type"))

def create_application_credential(self, name=None):
return self.keystone_client.application_credentials.create(name=name).to_dict()

0 comments on commit 43eaba3

Please sign in to comment.