From 916326df389f82af86f2600b292f78950e25e6f6 Mon Sep 17 00:00:00 2001 From: Hang Yang Date: Tue, 5 Oct 2021 17:01:27 -0500 Subject: [PATCH] Add API extension "security-groups-shared-filtering" Add API extension "security-groups-shared-filtering". This extension adds the "shared" field to security groups and allows users to filter security groups based on the "shared" field. Related-Bug: #1942615 Change-Id: Idba0af5a6ee1a2a8c02db51be197988d23412f0f --- api-ref/source/v2/parameters.yaml | 13 ++++ .../security-group-create-response.json | 3 +- .../security-group-show-response.json | 3 +- .../security-group-update-response.json | 3 +- .../security-groups-list-response.json | 3 +- api-ref/source/v2/security-groups.inc | 12 ++++ neutron_lib/api/definitions/__init__.py | 2 + .../security_groups_shared_filtering.py | 66 +++++++++++++++++++ .../test_security_groups_shared_filtering.py | 23 +++++++ ...tering-api-extension-6c3628cfda6ba6ed.yaml | 6 ++ 10 files changed, 130 insertions(+), 4 deletions(-) create mode 100644 neutron_lib/api/definitions/security_groups_shared_filtering.py create mode 100644 neutron_lib/tests/unit/api/definitions/test_security_groups_shared_filtering.py create mode 100644 releasenotes/notes/add-sg-shared-filtering-api-extension-6c3628cfda6ba6ed.yaml diff --git a/api-ref/source/v2/parameters.yaml b/api-ref/source/v2/parameters.yaml index e4dd9d9a4..0ca8da580 100644 --- a/api-ref/source/v2/parameters.yaml +++ b/api-ref/source/v2/parameters.yaml @@ -1365,6 +1365,13 @@ router:external-query: in: query required: false type: boolean +security_group-shared-query: + description: | + Filter the security group list result based on if the security group is + shared to the requestor's project. + in: query + required: false + type: boolean security_group-sort_key: description: | Sorts by a security group attribute. You can specify multiple pairs of @@ -6155,6 +6162,12 @@ security_group-id: in: body required: true type: string +security_group-shared-response: + description: | + Indicates whether this security group is shared to the requestor's project. + in: body + required: true + type: boolean security_group_id: description: | The security group UUID to associate with this diff --git a/api-ref/source/v2/samples/security-groups/security-group-create-response.json b/api-ref/source/v2/samples/security-groups/security-group-create-response.json index 31a91fc27..15f5367f9 100644 --- a/api-ref/source/v2/samples/security-groups/security-group-create-response.json +++ b/api-ref/source/v2/samples/security-groups/security-group-create-response.json @@ -48,6 +48,7 @@ "revision_number": 1, "tags": ["tag1,tag2"], "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", - "stateful": true + "stateful": true, + "shared": false } } diff --git a/api-ref/source/v2/samples/security-groups/security-group-show-response.json b/api-ref/source/v2/samples/security-groups/security-group-show-response.json index a1aed4b06..3d8e368b7 100644 --- a/api-ref/source/v2/samples/security-groups/security-group-show-response.json +++ b/api-ref/source/v2/samples/security-groups/security-group-show-response.json @@ -83,6 +83,7 @@ "revision_number": 4, "tags": ["tag1,tag2"], "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", - "stateful": true + "stateful": true, + "shared": false } } diff --git a/api-ref/source/v2/samples/security-groups/security-group-update-response.json b/api-ref/source/v2/samples/security-groups/security-group-update-response.json index e2b1cf4fe..2ce7438e0 100644 --- a/api-ref/source/v2/samples/security-groups/security-group-update-response.json +++ b/api-ref/source/v2/samples/security-groups/security-group-update-response.json @@ -10,6 +10,7 @@ "name": "mysecgroup", "description": "my security group", "tags": ["tag1,tag2"], - "stateful": true + "stateful": true, + "shared": false } } diff --git a/api-ref/source/v2/samples/security-groups/security-groups-list-response.json b/api-ref/source/v2/samples/security-groups/security-groups-list-response.json index 642c63e72..581551db9 100644 --- a/api-ref/source/v2/samples/security-groups/security-groups-list-response.json +++ b/api-ref/source/v2/samples/security-groups/security-groups-list-response.json @@ -84,7 +84,8 @@ "updated_at": "2018-03-19T19:16:56Z", "tags": ["tag1,tag2"], "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", - "stateful": true + "stateful": true, + "shared": false } ] } diff --git a/api-ref/source/v2/security-groups.inc b/api-ref/source/v2/security-groups.inc index 230d51ce3..047fd364f 100644 --- a/api-ref/source/v2/security-groups.inc +++ b/api-ref/source/v2/security-groups.inc @@ -29,6 +29,13 @@ or stateless security groups for ``ports``. The existing security groups will all be considered as stateful. Update of the ``stateful`` attribute is allowed when there is no port associated with the security group. +Shared filtering extension +========================== + +The ``security-groups-shared-filtering`` extension adds the ``shared`` field +to security groups and allows users to filter security groups based on the +``shared`` field. + List security groups ==================== @@ -62,6 +69,7 @@ Request - description: description-query - sort_dir: sort_dir - sort_key: security_group-sort_key + - shared: security_group-shared-query - tags: tags-query - tags-any: tags-any-query - not-tags: not-tags-query @@ -85,6 +93,7 @@ Response Parameters - security_group_rules: security_group_rules - tags: tags - stateful: stateful_enabled + - shared: security_group-shared-response Response Example ---------------- @@ -141,6 +150,7 @@ Response Parameters - security_group_rules: security_group_rules - tags: tags - stateful: stateful_enabled + - shared: security_group-shared-response Response Example ---------------- @@ -193,6 +203,7 @@ Response Parameters - security_group_rules: security_group_rules - tags: tags - stateful: stateful_enabled + - shared: security_group-shared-response Response Example ---------------- @@ -244,6 +255,7 @@ Response Parameters - security_group_rules: security_group_rules - tags: tags - stateful: stateful_enabled + - shared: security_group-shared-response Response Example ---------------- diff --git a/neutron_lib/api/definitions/__init__.py b/neutron_lib/api/definitions/__init__.py index 91326c414..ac7ada3c3 100644 --- a/neutron_lib/api/definitions/__init__.py +++ b/neutron_lib/api/definitions/__init__.py @@ -119,6 +119,7 @@ from neutron_lib.api.definitions import routerservicetype from neutron_lib.api.definitions import security_groups_normalized_cidr from neutron_lib.api.definitions import security_groups_port_filtering from neutron_lib.api.definitions import security_groups_remote_address_group +from neutron_lib.api.definitions import security_groups_shared_filtering from neutron_lib.api.definitions import segment from neutron_lib.api.definitions import segments_peer_subnet_host_routes from neutron_lib.api.definitions import servicetype @@ -255,6 +256,7 @@ _ALL_API_DEFINITIONS = { security_groups_normalized_cidr, security_groups_port_filtering, security_groups_remote_address_group, + security_groups_shared_filtering, segment, segments_peer_subnet_host_routes, servicetype, diff --git a/neutron_lib/api/definitions/security_groups_shared_filtering.py b/neutron_lib/api/definitions/security_groups_shared_filtering.py new file mode 100644 index 000000000..044ed9706 --- /dev/null +++ b/neutron_lib/api/definitions/security_groups_shared_filtering.py @@ -0,0 +1,66 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +from neutron_lib.api import converters +from neutron_lib import constants + + +# The alias of the extension. +ALIAS = 'security-groups-shared-filtering' + +IS_SHIM_EXTENSION = False + +IS_STANDARD_ATTR_EXTENSION = False + +# The name of the extension. +NAME = 'Security group filtering on the shared field' + +# The description of the extension. +DESCRIPTION = "Support filtering security groups on the shared field" + +# A timestamp of when the extension was introduced. +UPDATED_TIMESTAMP = "2021-10-05T09:00:00-00:00" + +# The resource attribute map for the extension. +RESOURCE_ATTRIBUTE_MAP = { + 'security_groups': { + constants.SHARED: { + 'allow_post': False, + 'allow_put': False, + 'convert_to': converters.convert_to_boolean, + 'is_visible': True, + 'is_filter': True, + 'required_by_policy': True, + 'enforce_policy': True, + } + } +} + +# The subresource attribute map for the extension. +SUB_RESOURCE_ATTRIBUTE_MAP = { +} + +# The action map. +ACTION_MAP = { +} + +# The action status. +ACTION_STATUS = { +} + +# The list of required extensions. +REQUIRED_EXTENSIONS = ['rbac-security-groups'] + +# The list of optional extensions. +OPTIONAL_EXTENSIONS = [ +] diff --git a/neutron_lib/tests/unit/api/definitions/test_security_groups_shared_filtering.py b/neutron_lib/tests/unit/api/definitions/test_security_groups_shared_filtering.py new file mode 100644 index 000000000..c0088d543 --- /dev/null +++ b/neutron_lib/tests/unit/api/definitions/test_security_groups_shared_filtering.py @@ -0,0 +1,23 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from neutron_lib.api.definitions import security_groups_shared_filtering +from neutron_lib import constants +from neutron_lib.tests.unit.api.definitions import base + + +class SecurityGroupsSharedFilteringDefinitionTestCase( + base.DefinitionBaseTestCase): + + extension_module = security_groups_shared_filtering + extension_resources = ('security_groups',) + extension_attributes = (constants.SHARED,) diff --git a/releasenotes/notes/add-sg-shared-filtering-api-extension-6c3628cfda6ba6ed.yaml b/releasenotes/notes/add-sg-shared-filtering-api-extension-6c3628cfda6ba6ed.yaml new file mode 100644 index 000000000..c5f2a0b66 --- /dev/null +++ b/releasenotes/notes/add-sg-shared-filtering-api-extension-6c3628cfda6ba6ed.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Add API extension ``security-groups-shared-filtering``. This extension + adds the ``shared`` field to security groups and allows users to filter + security groups based on the ``shared`` field.