Support to update instance access

Change-Id: I640cd8b50fd0e0f80a1a45399b8bfdac437ae2b9
author: Lingxian Kong <anlin.kong@gmail.com> 2020-08-10 19:48:16 +1200
committer: Lingxian Kong <anlin.kong@gmail.com> 2020-08-11 09:35:14 +1200
commit: 4de40cb5144cfd8cdc4b270f23acfdbd3eafa5be (patch)
tree: d8d6f9a3bdfe31193ba7c604f85862795b7569a3 /trove/taskmanager
parent: 680a43002bfaba4a334736af052995373cecd349 (diff)
download: trove-4de40cb5144cfd8cdc4b270f23acfdbd3eafa5be.tar.gz
3 files changed, 71 insertions, 0 deletions
diff --git a/trove/taskmanager/api.py b/trove/taskmanager/api.py
index 61f71f4a..3ffe8d6e 100644
--- a/trove/taskmanager/api.py
+++ b/trove/taskmanager/api.py
@@ -179,6 +179,13 @@ class API(object):
         self._cast("delete_instance", version=version,
                    instance_id=instance_id)
 
+    def update_access(self, instance_id, access):
+        LOG.debug(f"Making async call to update instance: {instance_id}")
+        version = self.API_BASE_VERSION
+
+        self._cast("update_access", version=version,
+                   instance_id=instance_id, access=access)
+
     def create_backup(self, backup_info, instance_id):
         LOG.debug("Making async call to create a backup for instance: %s",
                   instance_id)
diff --git a/trove/taskmanager/manager.py b/trove/taskmanager/manager.py
index 2ac5de87..6259863d 100644
--- a/trove/taskmanager/manager.py
+++ b/trove/taskmanager/manager.py
@@ -458,6 +458,16 @@ class Manager(periodic_task.PeriodicTasks):
         with EndNotification(context):
             instance_tasks.upgrade(datastore_version)
 
+    def update_access(self, context, instance_id, access):
+        instance_tasks = models.BuiltInstanceTasks.load(context, instance_id)
+
+        try:
+            instance_tasks.update_access(access)
+        except Exception as e:
+            LOG.error(f"Failed to update access configuration for "
+                      f"{instance_id}: {str(e)}")
+            self.update_db(task_status=InstanceTasks.UPDATING_ERROR_ACCESS)
+
     def create_cluster(self, context, cluster_id):
         with EndNotification(context, cluster_id=cluster_id):
             cluster_tasks = models.load_cluster_tasks(context, cluster_id)
diff --git a/trove/taskmanager/models.py b/trove/taskmanager/models.py
index 62007445..517e4cf7 100755
--- a/trove/taskmanager/models.py
+++ b/trove/taskmanager/models.py
@@ -1348,6 +1348,60 @@ class BuiltInstanceTasks(BuiltInstance, NotifyMixin, ConfigurationMixin):
         else:
             return "/dev/%s" % device
 
+    def update_access(self, access):
+        LOG.info(f"Updating access for instance {self.id}, access {access}")
+
+        new_is_public = access.get('is_public', False)
+        new_allowed_cidrs = access.get('allowed_cidrs', [])
+        is_public = (self.access.get('is_public', False) if self.access
+                     else None)
+        allowed_cidrs = (self.access.get('allowed_cidrs', []) if self.access
+                         else None)
+
+        ports = self.neutron_client.list_ports(
+            name='trove-%s' % self.id)['ports']
+
+        if is_public != new_is_public:
+            for port in ports:
+                if 'User port' in port['description']:
+                    LOG.debug(f"Updating port {port['id']}, is_public: "
+                              f"{new_is_public}")
+                    neutron.ensure_port_access(self.neutron_client, port['id'],
+                                               new_is_public)
+
+        if CONF.trove_security_groups_support:
+            if allowed_cidrs != new_allowed_cidrs:
+                name = f"{CONF.trove_security_group_name_prefix}-{self.id}"
+                sgs = self.neutron_client.list_security_groups(
+                    name=name)['security_groups']
+
+                LOG.debug(f"Updating security group rules for instance "
+                          f"{self.id}")
+                for sg in sgs:
+                    neutron.clear_ingress_security_group_rules(
+                        self.neutron_client,
+                        sg['id'])
+
+                    if new_allowed_cidrs:
+                        tcp_ports = CONF.get(self.datastore.name).tcp_ports
+                        udp_ports = CONF.get(self.datastore.name).udp_ports
+
+                        neutron.create_security_group_rule(
+                            self.neutron_client, sg['id'], 'tcp', tcp_ports,
+                            new_allowed_cidrs)
+                        neutron.create_security_group_rule(
+                            self.neutron_client, sg['id'], 'udp', udp_ports,
+                            new_allowed_cidrs)
+        else:
+            LOG.warning('Security group not supported.')
+
+        LOG.info(f"Finished to update access for instance {self.id}")
+        self.update_db(
+            task_status=InstanceTasks.NONE,
+            access={'is_public': new_is_public,
+                    'allowed_cidrs': new_allowed_cidrs}
+        )
+
 
 class BackupTasks(object):
     @classmethod
author	Lingxian Kong <anlin.kong@gmail.com>	2020-08-10 19:48:16 +1200
committer	Lingxian Kong <anlin.kong@gmail.com>	2020-08-11 09:35:14 +1200
commit	4de40cb5144cfd8cdc4b270f23acfdbd3eafa5be (patch)
tree	d8d6f9a3bdfe31193ba7c604f85862795b7569a3 /trove/taskmanager
parent	680a43002bfaba4a334736af052995373cecd349 (diff)
download	trove-4de40cb5144cfd8cdc4b270f23acfdbd3eafa5be.tar.gz