Revision 26563957

b/api/actions.py
40 40

  
41 41
from synnefo.api.faults import BadRequest, ServiceUnavailable
42 42
from synnefo.api.util import random_password, get_vm
43
from synnefo.db.models import NetworkInterface
43 44
from synnefo.util.vapclient import request_forwarding as request_vnc_forwarding
44 45
from synnefo.logic import backend
45 46
from synnefo.logic.utils import get_rsapi_state
......
266 267

  
267 268
@server_action('firewallProfile')
268 269
def set_firewall_profile(request, vm, args):
270
    # Normal Response Code: 200
271
    # Error Response Codes: computeFault (400, 500),
272
    #                       serviceUnavailable (503),
273
    #                       unauthorized (401),
274
    #                       badRequest (400),
275
    #                       badMediaType(415),
276
    #                       itemNotFound (404),
277
    #                       buildInProgress (409),
278
    #                       overLimit (413)
279
    
269 280
    profile = args.get('profile', '')
270
    if profile not in ('ENABLED', 'DISABLED'):
281
    if profile not in [x[0] for x in NetworkInterface.FIREWALL_PROFILES]:
271 282
        raise BadRequest("Unsupported firewall profile")
272 283
    backend.set_firewall_profile(vm, profile)
273 284
    return HttpResponse(status=202)
b/db/models.py
423 423
class NetworkInterface(models.Model):
424 424
    FIREWALL_PROFILES = (
425 425
        ('ENABLED', 'Enabled'),
426
        ('DISABLED', 'Disabled')
426
        ('DISABLED', 'Disabled'),
427
        ('PROTECTED', 'Protected')
427 428
    )
428 429
    
429 430
    machine = models.ForeignKey(VirtualMachine, related_name='nics')
b/logic/backend.py
262 262
            'link': nic.network.link.name}))
263 263
    rapi.ModifyInstance(vm.backend_id, nics=ops, dry_run=settings.TEST)
264 264

  
265

  
266
_firewall_tags = {
267
    'ENABLED': settings.GANETI_FIREWALL_ENABLED_TAG,
268
    'DISABLED': settings.GANETI_FIREWALL_DISABLED_TAG,
269
    'PROTECTED': settings.GANETI_FIREWALL_PROTECTED_TAG}
270

  
265 271
def set_firewall_profile(vm, profile):
266
    if profile == 'ENABLED':
267
        to_delete = settings.GANETI_FIREWALL_DISABLED_TAG
268
        to_add = settings.GANETI_FIREWALL_ENABLED_TAG
269
    elif profile == 'DISABLED':
270
        to_delete = settings.GANETI_FIREWALL_ENABLED_TAG
271
        to_add = settings.GANETI_FIREWALL_DISABLED_TAG
272
    else:
272
    try:
273
        tag = _firewall_tags[profile]
274
    except KeyError:
273 275
        raise ValueError("Unsopported Firewall Profile: %s" % profile)
274 276
    
275
    rapi.DeleteInstanceTags(vm.backend_id, [to_delete], dry_run=settings.TEST)
276
    rapi.AddInstanceTags(vm.backend_id, [to_add], dry_run=settings.TEST)
277
    # Delete all firewall tags
278
    rapi.DeleteInstanceTags(vm.backend_id, _firewall_tags.values(),
279
                            dry_run=settings.TEST)
280
    
281
    rapi.AddInstanceTags(vm.backend_id, [tag], dry_run=settings.TEST)
b/settings.py.dist
286 286
# The number of private network links to use.
287 287
GANETI_MAX_LINK_NUMBER = 100
288 288

  
289
GANETI_FIREWALL_ENABLED_TAG = 'firewall_enabled'
290
GANETI_FIREWALL_DISABLED_TAG = 'firewall_disabled'
289
GANETI_FIREWALL_ENABLED_TAG = 'synnefo:network:0:enabled'
290
GANETI_FIREWALL_DISABLED_TAG = 'synnefo:network:0:disabled'
291
GANETI_FIREWALL_PROTECTED_TAG = 'synnefo:network:0:protected'
291 292

  
292 293
# A list of suggested server tags (server metadata keys)
293 294
DEFAULT_KEYWORDS = ["OS", "Role", "Location", "Owner"]

Also available in: Unified diff