From 7da72b7f2d009e46807cc2c4fb30cc96f3693344 Mon Sep 17 00:00:00 2001 From: Rodolfo Alonso Hernandez Date: Tue, 23 May 2023 01:53:00 +0200 Subject: [PATCH] Add new SG rule ext. ``security-groups-rules-belongs-to-default-sg`` Added a new API extension ``security-groups-rules-belongs-to-default-sg`` that adds a new read only field ``belongs_to_default_sg`` in the security group rules. This flag determines if this security group rule belongs to the project's default security group. Related-Bug: #2019960 Change-Id: Ibd8f57d82b28f5cdb8874f1ae22cb35adcd8e880 --- api-ref/source/v2/parameters.yaml | 7 +++ .../security-group-create-response.json | 6 ++- .../security-group-rule-create-response.json | 3 +- .../security-group-rule-show-response.json | 3 +- .../security-group-rules-list-response.json | 12 +++-- .../security-group-show-response.json | 12 +++-- .../security-group-update-response.json | 3 +- .../security-groups-list-response.json | 12 +++-- api-ref/source/v2/security-group-rules.inc | 9 ++++ neutron_lib/api/definitions/__init__.py | 3 ++ ...rity_groups_rules_belongs_to_default_sg.py | 52 +++++++++++++++++++ ...rity_groups_rules_belongs_to_default_sg.py | 23 ++++++++ ...elongs-to-default-sg-36a5ac28831101e6.yaml | 7 +++ 13 files changed, 135 insertions(+), 17 deletions(-) create mode 100644 neutron_lib/api/definitions/security_groups_rules_belongs_to_default_sg.py create mode 100644 neutron_lib/tests/unit/api/definitions/test_security_groups_rules_belongs_to_default_sg.py create mode 100644 releasenotes/notes/add-extension-security-groups-rules-belongs-to-default-sg-36a5ac28831101e6.yaml diff --git a/api-ref/source/v2/parameters.yaml b/api-ref/source/v2/parameters.yaml index 640cf9878..52ff7a4fe 100644 --- a/api-ref/source/v2/parameters.yaml +++ b/api-ref/source/v2/parameters.yaml @@ -6316,6 +6316,13 @@ security_group_rule: in: body required: true type: object +security_group_rule-belongs-to-default-sg: + description: | + Indicates if the security group rule belongs to the default security + group of the project or not. + in: body + required: true + type: boolean security_group_rule-id: description: | The ID of the security group rule. diff --git a/api-ref/source/v2/samples/security-groups/security-group-create-response.json b/api-ref/source/v2/samples/security-groups/security-group-create-response.json index 15f5367f9..6ed06237c 100644 --- a/api-ref/source/v2/samples/security-groups/security-group-create-response.json +++ b/api-ref/source/v2/samples/security-groups/security-group-create-response.json @@ -21,7 +21,8 @@ "revisio[n_number": 1, "tags": ["tag1,tag2"], "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", - "description": "" + "description": "", + "belongs_to_default_sg": false }, { "direction": "egress", @@ -39,7 +40,8 @@ "revision_number": 1, "tags": ["tag1,tag2"], "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", - "description": "" + "description": "", + "belongs_to_default_sg": false } ], "project_id": "e4f50856753b4dc6afee5fa6b9b6c550", diff --git a/api-ref/source/v2/samples/security-groups/security-group-rule-create-response.json b/api-ref/source/v2/samples/security-groups/security-group-rule-create-response.json index 1432f5337..5d10cf421 100644 --- a/api-ref/source/v2/samples/security-groups/security-group-rule-create-response.json +++ b/api-ref/source/v2/samples/security-groups/security-group-rule-create-response.json @@ -14,6 +14,7 @@ "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", "created_at": "2018-03-19T19:16:56Z", "updated_at": "2018-03-19T19:16:56Z", - "description": "" + "description": "", + "belongs_to_default_sg": false } } diff --git a/api-ref/source/v2/samples/security-groups/security-group-rule-show-response.json b/api-ref/source/v2/samples/security-groups/security-group-rule-show-response.json index da5e3a9ad..548df6fde 100644 --- a/api-ref/source/v2/samples/security-groups/security-group-rule-show-response.json +++ b/api-ref/source/v2/samples/security-groups/security-group-rule-show-response.json @@ -13,6 +13,7 @@ "updated_at": "2018-03-19T19:16:56Z", "security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5", "project_id": "e4f50856753b4dc6afee5fa6b9b6c550", - "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550" + "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", + "belongs_to_default_sg": false } } diff --git a/api-ref/source/v2/samples/security-groups/security-group-rules-list-response.json b/api-ref/source/v2/samples/security-groups/security-group-rules-list-response.json index 4e9cc88ac..e1c1e9672 100644 --- a/api-ref/source/v2/samples/security-groups/security-group-rules-list-response.json +++ b/api-ref/source/v2/samples/security-groups/security-group-rules-list-response.json @@ -15,7 +15,8 @@ "created_at": "2018-03-19T19:16:56Z", "updated_at": "2018-03-19T19:16:56Z", "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", - "description": "" + "description": "", + "belongs_to_default_sg": false }, { "direction": "egress", @@ -32,7 +33,8 @@ "created_at": "2018-03-19T19:16:56Z", "updated_at": "2018-03-19T19:16:56Z", "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", - "description": "" + "description": "", + "belongs_to_default_sg": false }, { "direction": "ingress", @@ -49,7 +51,8 @@ "created_at": "2018-03-19T19:16:56Z", "updated_at": "2018-03-19T19:16:56Z", "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", - "description": "" + "description": "", + "belongs_to_default_sg": false }, { "direction": "ingress", @@ -66,7 +69,8 @@ "created_at": "2018-03-19T19:16:56Z", "updated_at": "2018-03-19T19:16:56Z", "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", - "description": "" + "description": "", + "belongs_to_default_sg": false } ] } diff --git a/api-ref/source/v2/samples/security-groups/security-group-show-response.json b/api-ref/source/v2/samples/security-groups/security-group-show-response.json index 3d8e368b7..8efe6e54b 100644 --- a/api-ref/source/v2/samples/security-groups/security-group-show-response.json +++ b/api-ref/source/v2/samples/security-groups/security-group-show-response.json @@ -20,7 +20,8 @@ "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", "created_at": "2018-03-19T19:16:56Z", "updated_at": "2018-03-19T19:16:56Z", - "description": "" + "description": "", + "belongs_to_default_sg": false }, { "direction": "egress", @@ -38,7 +39,8 @@ "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", "created_at": "2018-03-19T19:16:56Z", "updated_at": "2018-03-19T19:16:56Z", - "description": "" + "description": "", + "belongs_to_default_sg": false }, { "direction": "ingress", @@ -56,7 +58,8 @@ "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", "created_at": "2018-03-19T19:16:56Z", "updated_at": "2018-03-19T19:16:56Z", - "description": "" + "description": "", + "belongs_to_default_sg": false }, { "direction": "ingress", @@ -74,7 +77,8 @@ "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", "created_at": "2018-03-19T19:16:56Z", "updated_at": "2018-03-19T19:16:56Z", - "description": "" + "description": "", + "belongs_to_default_sg": false } ], "project_id": "e4f50856753b4dc6afee5fa6b9b6c550", diff --git a/api-ref/source/v2/samples/security-groups/security-group-update-response.json b/api-ref/source/v2/samples/security-groups/security-group-update-response.json index 2ce7438e0..b5940aa1c 100644 --- a/api-ref/source/v2/samples/security-groups/security-group-update-response.json +++ b/api-ref/source/v2/samples/security-groups/security-group-update-response.json @@ -11,6 +11,7 @@ "description": "my security group", "tags": ["tag1,tag2"], "stateful": true, - "shared": false + "shared": false, + "belongs_to_default_sg": false } } diff --git a/api-ref/source/v2/samples/security-groups/security-groups-list-response.json b/api-ref/source/v2/samples/security-groups/security-groups-list-response.json index 581551db9..f9b6e51dd 100644 --- a/api-ref/source/v2/samples/security-groups/security-groups-list-response.json +++ b/api-ref/source/v2/samples/security-groups/security-groups-list-response.json @@ -21,7 +21,8 @@ "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", "created_at": "2018-03-19T19:16:56Z", "updated_at": "2018-03-19T19:16:56Z", - "description": "" + "description": "", + "belongs_to_default_sg": false }, { "direction": "egress", @@ -39,7 +40,8 @@ "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", "created_at": "2018-03-19T19:16:56Z", "updated_at": "2018-03-19T19:16:56Z", - "description": "" + "description": "", + "belongs_to_default_sg": false }, { "direction": "ingress", @@ -57,7 +59,8 @@ "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", "created_at": "2018-03-19T19:16:56Z", "updated_at": "2018-03-19T19:16:56Z", - "description": "" + "description": "", + "belongs_to_default_sg": false }, { "direction": "ingress", @@ -75,7 +78,8 @@ "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", "created_at": "2018-03-19T19:16:56Z", "updated_at": "2018-03-19T19:16:56Z", - "description": "" + "description": "", + "belongs_to_default_sg": false } ], "project_id": "e4f50856753b4dc6afee5fa6b9b6c550", diff --git a/api-ref/source/v2/security-group-rules.inc b/api-ref/source/v2/security-group-rules.inc index 3f25f0fb4..7da56a977 100644 --- a/api-ref/source/v2/security-group-rules.inc +++ b/api-ref/source/v2/security-group-rules.inc @@ -15,6 +15,12 @@ Resource timestamps The ``standard-attr-timestamp`` extension adds the ``created_at`` and ``updated_at`` attributes to all resources that have standard attributes. +Belongs to the project's default security group +=============================================== + +This read only flag determines if the security group rule belongs to the +project default security group. Is a syntethic field set by the server. + List security group rules ========================= @@ -77,6 +83,7 @@ Response Parameters - revision_number: revision_number - id: security_group_rule-id - description: description + - belongs_to_default_sg: security_group_rule-belongs-to-default-sg Response Example ---------------- @@ -138,6 +145,7 @@ Response Parameters - revision_number: revision_number - id: security_group_rule-id - description: description + - belongs_to_default_sg: security_group_rule-belongs-to-default-sg Response Example ---------------- @@ -189,6 +197,7 @@ Response Parameters - revision_number: revision_number - id: security_group_rule-id - description: description + - belongs_to_default_sg: security_group_rule-belongs-to-default-sg Response Example ---------------- diff --git a/neutron_lib/api/definitions/__init__.py b/neutron_lib/api/definitions/__init__.py index 60859ebf1..bc6d469c4 100644 --- a/neutron_lib/api/definitions/__init__.py +++ b/neutron_lib/api/definitions/__init__.py @@ -131,6 +131,8 @@ from neutron_lib.api.definitions import routerservicetype from neutron_lib.api.definitions import security_groups_normalized_cidr from neutron_lib.api.definitions import security_groups_port_filtering from neutron_lib.api.definitions import security_groups_remote_address_group +from neutron_lib.api.definitions import \ + security_groups_rules_belongs_to_default_sg from neutron_lib.api.definitions import security_groups_shared_filtering from neutron_lib.api.definitions import segment from neutron_lib.api.definitions import segments_peer_subnet_host_routes @@ -282,6 +284,7 @@ _ALL_API_DEFINITIONS = { security_groups_normalized_cidr, security_groups_port_filtering, security_groups_remote_address_group, + security_groups_rules_belongs_to_default_sg, security_groups_shared_filtering, segment, segments_peer_subnet_host_routes, diff --git a/neutron_lib/api/definitions/security_groups_rules_belongs_to_default_sg.py b/neutron_lib/api/definitions/security_groups_rules_belongs_to_default_sg.py new file mode 100644 index 000000000..a4af18ad5 --- /dev/null +++ b/neutron_lib/api/definitions/security_groups_rules_belongs_to_default_sg.py @@ -0,0 +1,52 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from neutron_lib.api import converters + + +ALIAS = 'security-groups-rules-belongs-to-default-sg' +IS_SHIM_EXTENSION = False +IS_STANDARD_ATTR_EXTENSION = False +NAME = "Security group rule belongs to the project's default security group" +DESCRIPTION = ("Flag to determine if the security group rule belongs to the " + "project's default security group") +UPDATED_TIMESTAMP = '2023-05-23T10:00:00-00:00' +BELONGS_TO_DEFAULT_SG = 'belongs_to_default_sg' + +RESOURCE_ATTRIBUTE_MAP = { + 'security_group_rules': { + BELONGS_TO_DEFAULT_SG: { + 'allow_post': False, + 'allow_put': False, + 'convert_to': converters.convert_to_boolean_if_not_none, + 'is_visible': True, + 'is_filter': True, + 'is_sort_key': False, + }, + } +} + +SUB_RESOURCE_ATTRIBUTE_MAP = { +} + +ACTION_MAP = { +} + +ACTION_STATUS = { +} + +REQUIRED_EXTENSIONS = [ + 'security-group' +] + +OPTIONAL_EXTENSIONS = [ +] diff --git a/neutron_lib/tests/unit/api/definitions/test_security_groups_rules_belongs_to_default_sg.py b/neutron_lib/tests/unit/api/definitions/test_security_groups_rules_belongs_to_default_sg.py new file mode 100644 index 000000000..15e008586 --- /dev/null +++ b/neutron_lib/tests/unit/api/definitions/test_security_groups_rules_belongs_to_default_sg.py @@ -0,0 +1,23 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from neutron_lib.api.definitions import \ + security_groups_rules_belongs_to_default_sg +from neutron_lib.tests.unit.api.definitions import base + + +class SecurityGroupsRulesBelongsToDefaultSgTestCase( + base.DefinitionBaseTestCase): + + extension_module = security_groups_rules_belongs_to_default_sg + extension_resources = ('security_group_rules',) + extension_attributes = ('belongs_to_default_sg',) diff --git a/releasenotes/notes/add-extension-security-groups-rules-belongs-to-default-sg-36a5ac28831101e6.yaml b/releasenotes/notes/add-extension-security-groups-rules-belongs-to-default-sg-36a5ac28831101e6.yaml new file mode 100644 index 000000000..4a68d8d91 --- /dev/null +++ b/releasenotes/notes/add-extension-security-groups-rules-belongs-to-default-sg-36a5ac28831101e6.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Add new API extension ``security-groups-rules-belongs-to-default-sg`` that + adds a new read only field ``belongs_to_default_sg`` in the security group + rules. This flag determines if this security group rule belongs to the + project's default security group.