Adds Remote Firewall Groups to FWaaS V2 Rules
In the original spec (https://specs.openstack.org/openstack/neutron-specs/specs/mitaka/fwaas-api-2.0.html) FWaaS V2 introduced remote firewall groups. This implements them in the API. Change-Id: I4086278fe90ec68631ae1dbba4b17f8cf06005ed
This commit is contained in:
parent
f06fd07d74
commit
c30700866e
@ -527,6 +527,7 @@ Response Parameters
|
||||
- firewall_rules: firewall_rules_object
|
||||
- action: firewall_rule_action-body-required
|
||||
- description: firewall_rule_description-body-required
|
||||
- destination_firewall_group_id: destination_firewall_group_id-body-required
|
||||
- destination_ip_address: firewall_rule_destination_ip_address-body-required
|
||||
- destination_port: firewall_rule_destination_port-body-required
|
||||
- enabled: firewall_rule_enabled-body-required
|
||||
@ -537,6 +538,7 @@ Response Parameters
|
||||
- project_id: project_id-body-required
|
||||
- protocol: firewall_rule_protocol-body-required
|
||||
- shared: firewall_rule_shared-body-required
|
||||
- source_firewall_group_id: source_firewall_group_id-body-required
|
||||
- source_ip_address: firewall_rule_source_ip_address-body-required
|
||||
- source_port: firewall_rule_source_port-body-required
|
||||
- tenant_id: project_id-body-required
|
||||
@ -577,6 +579,7 @@ Response Parameters
|
||||
- firewall_rule: firewall_rule_object
|
||||
- action: firewall_rule_action-body-required
|
||||
- description: firewall_rule_description-body-required
|
||||
- destination_firewall_group_id: destination_firewall_group_id-body-required
|
||||
- destination_ip_address: firewall_rule_destination_ip_address-body-required
|
||||
- destination_port: firewall_rule_destination_port-body-required
|
||||
- enabled: firewall_rule_enabled-body-required
|
||||
@ -587,6 +590,7 @@ Response Parameters
|
||||
- project_id: project_id-body-required
|
||||
- protocol: firewall_rule_protocol-body-required
|
||||
- shared: firewall_rule_shared-body-required
|
||||
- source_firewall_group_id: source_firewall_group_id-body-required
|
||||
- source_ip_address: firewall_rule_source_ip_address-body-required
|
||||
- source_port: firewall_rule_source_port-body-required
|
||||
- tenant_id: project_id-body-required
|
||||
@ -616,6 +620,7 @@ Request
|
||||
- firewall_rule: firewall_rule_object
|
||||
- action: firewall_rule_action-body-optional
|
||||
- description: firewall_rule_description-body-optional
|
||||
- destination_firewall_group_id: destination_firewall_group_id-body-optional
|
||||
- destination_ip_address: firewall_rule_destination_ip_address-body-optional
|
||||
- destination_port: firewall_rule_destination_port-body-optional
|
||||
- enabled: firewall_rule_enabled-body-optional
|
||||
@ -624,6 +629,7 @@ Request
|
||||
- project_id: project_id-body-optional
|
||||
- protocol: firewall_rule_protocol-body-optional
|
||||
- shared: firewall_rule_shared-body-optional
|
||||
- source_firewall_group_id: source_firewall_group_id-body-optional
|
||||
- source_ip_address: firewall_rule_source_ip_address-body-optional
|
||||
- source_port: firewall_rule_source_port-body-optional
|
||||
- tenant_id: project_id-body-optional
|
||||
@ -642,6 +648,7 @@ Response Parameters
|
||||
- firewall_rule: firewall_rule_object
|
||||
- action: firewall_rule_action-body-required
|
||||
- description: firewall_rule_description-body-required
|
||||
- destination_firewall_group_id: destination_firewall_group_id-body-required
|
||||
- destination_ip_address: firewall_rule_destination_ip_address-body-required
|
||||
- destination_port: firewall_rule_destination_port-body-required
|
||||
- enabled: firewall_rule_enabled-body-required
|
||||
@ -652,6 +659,7 @@ Response Parameters
|
||||
- project_id: project_id-body-required
|
||||
- protocol: firewall_rule_protocol-body-required
|
||||
- shared: firewall_rule_shared-body-required
|
||||
- source_firewall_group_id: source_firewall_group_id-body-required
|
||||
- source_ip_address: firewall_rule_source_ip_address-body-required
|
||||
- source_port: firewall_rule_source_port-body-required
|
||||
- tenant_id: project_id-body-required
|
||||
@ -682,6 +690,7 @@ Request
|
||||
- firewall_rule: firewall_rule_object
|
||||
- action: firewall_rule_action-body-optional
|
||||
- description: firewall_rule_description-body-optional
|
||||
- destination_firewall_group_id: destination_firewall_group_id-body-optional
|
||||
- destination_ip_address: firewall_rule_destination_ip_address-body-optional
|
||||
- destination_port: firewall_rule_destination_port-body-optional
|
||||
- enabled: firewall_rule_enabled-body-optional
|
||||
@ -691,6 +700,7 @@ Request
|
||||
- project_id: project_id-body-optional
|
||||
- protocol: firewall_rule_protocol-body-optional
|
||||
- shared: firewall_rule_shared-body-optional
|
||||
- source_firewall_group_id: source_firewall_group_id-body-optional
|
||||
- source_ip_address: firewall_rule_source_ip_address-body-optional
|
||||
- source_port: firewall_rule_source_port-body-optional
|
||||
- tenant_id: project_id-body-optional
|
||||
@ -709,6 +719,7 @@ Response Parameters
|
||||
- firewall_rule: firewall_rule_object
|
||||
- action: firewall_rule_action-body-required
|
||||
- description: firewall_rule_description-body-required
|
||||
- destination_firewall_group_id: destination_firewall_group_id-body-required
|
||||
- destination_ip_address: firewall_rule_destination_ip_address-body-required
|
||||
- destination_port: firewall_rule_destination_port-body-required
|
||||
- enabled: firewall_rule_enabled-body-required
|
||||
@ -719,6 +730,7 @@ Response Parameters
|
||||
- project_id: project_id-body-required
|
||||
- protocol: firewall_rule_protocol-body-required
|
||||
- shared: firewall_rule_shared-body-required
|
||||
- source_firewall_group_id: source_firewall_group_id-body-required
|
||||
- source_ip_address: firewall_rule_source_ip_address-body-required
|
||||
- source_port: firewall_rule_source_port-body-required
|
||||
- tenant_id: project_id-body-required
|
||||
|
@ -1510,6 +1510,18 @@ description_resource:
|
||||
in: body
|
||||
required: true
|
||||
type: string
|
||||
destination_firewall_group_id-body-optional:
|
||||
description: |
|
||||
The ID of the remote destination firewall group.
|
||||
in: body
|
||||
required: false
|
||||
type: string
|
||||
destination_firewall_group_id-body-required:
|
||||
description: |
|
||||
The ID of the remote destination firewall group.
|
||||
in: body
|
||||
required: true
|
||||
type: string
|
||||
destination_ip_address:
|
||||
description: |
|
||||
The destination IPv4 or IPv6 address or CIDR. No
|
||||
@ -5502,6 +5514,18 @@ sni_container_refs-response:
|
||||
in: body
|
||||
required: true
|
||||
type: array
|
||||
source_firewall_group_id-body-optional:
|
||||
description: |
|
||||
The ID of the remote source firewall group.
|
||||
in: body
|
||||
required: no
|
||||
type: string
|
||||
source_firewall_group_id-body-required:
|
||||
description: |
|
||||
The ID of the remote source firewall group.
|
||||
in: body
|
||||
required: true
|
||||
type: string
|
||||
source_ip_address:
|
||||
description: |
|
||||
The source IPv4 or IPv6 address or CIDR.
|
||||
|
@ -2,6 +2,7 @@
|
||||
"firewall_rule": {
|
||||
"action": "deny",
|
||||
"description": "",
|
||||
"destination_firewall_group_id": null,
|
||||
"destination_ip_address": null,
|
||||
"destination_port": null,
|
||||
"enabled": true,
|
||||
@ -11,6 +12,7 @@
|
||||
"project_id": "95573613ec554b4b8df9f2679c64557b",
|
||||
"protocol": null,
|
||||
"shared": false,
|
||||
"source_firewall_group_id": null,
|
||||
"source_ip_address": null,
|
||||
"source_port": null,
|
||||
"tenant_id": "95573613ec554b4b8df9f2679c64557b"
|
||||
|
@ -2,6 +2,7 @@
|
||||
"firewall_rule": {
|
||||
"action": "allow",
|
||||
"description": "",
|
||||
"destination_firewall_group_id": null,
|
||||
"destination_ip_address": null,
|
||||
"destination_port": "80",
|
||||
"enabled": true,
|
||||
@ -13,6 +14,7 @@
|
||||
"project_id": "45977fa2dbd7482098dd68d0d8970117",
|
||||
"protocol": "tcp",
|
||||
"shared": false,
|
||||
"source_firewall_group_id": null,
|
||||
"source_ip_address": null,
|
||||
"source_port": null,
|
||||
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
|
||||
|
@ -2,6 +2,7 @@
|
||||
"firewall_rule": {
|
||||
"action": "allow",
|
||||
"description": "",
|
||||
"destination_firewall_group_id": null,
|
||||
"destination_ip_address": null,
|
||||
"destination_port": "80",
|
||||
"enabled": true,
|
||||
@ -13,6 +14,7 @@
|
||||
"project_id": "45977fa2dbd7482098dd68d0d8970117",
|
||||
"protocol": "tcp",
|
||||
"shared": true,
|
||||
"source_firewall_group_id": null,
|
||||
"source_ip_address": null,
|
||||
"source_port": null,
|
||||
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
|
||||
|
@ -3,6 +3,7 @@
|
||||
{
|
||||
"action": "allow",
|
||||
"description": "",
|
||||
"destination_firewall_group_id": null,
|
||||
"destination_ip_address": null,
|
||||
"destination_port": "80",
|
||||
"enabled": true,
|
||||
@ -14,6 +15,7 @@
|
||||
"project_id": "45977fa2dbd7482098dd68d0d8970117",
|
||||
"protocol": "tcp",
|
||||
"shared": false,
|
||||
"source_firewall_group_id": null,
|
||||
"source_ip_address": null,
|
||||
"source_port": null,
|
||||
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
|
||||
|
@ -100,6 +100,14 @@ RESOURCE_ATTRIBUTE_MAP = {
|
||||
'enabled': {'allow_post': True, 'allow_put': True,
|
||||
'convert_to': converters.convert_to_boolean,
|
||||
'default': True, 'is_visible': True},
|
||||
'source_firewall_group_id': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:uuid_or_none': None},
|
||||
'is_visible': True, 'default': None},
|
||||
'destination_firewall_group_id': {'allow_post': True,
|
||||
'allow_put': True,
|
||||
'validate':
|
||||
{'type:uuid_or_none': None},
|
||||
'is_visible': True, 'default': None},
|
||||
},
|
||||
api_const.FIREWALL_GROUPS: {
|
||||
'id': {'allow_post': False, 'allow_put': False,
|
||||
|
@ -24,4 +24,6 @@ class FirewallDefinitionTestCase(base.DefinitionBaseTestCase):
|
||||
'firewall_policy_id', 'firewall_rules',
|
||||
'ingress_firewall_policy_id', 'ip_version',
|
||||
'ports', 'position', 'protocol', 'shared',
|
||||
'source_ip_address', 'source_port')
|
||||
'source_ip_address', 'source_port',
|
||||
'source_firewall_group_id',
|
||||
'destination_firewall_group_id')
|
||||
|
8
releasenotes/notes/add_fwg_group-9252d07f1011613d.yaml
Normal file
8
releasenotes/notes/add_fwg_group-9252d07f1011613d.yaml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Updated fwaas API extension definition to include previously missing
|
||||
ability to specify remote firewall groups for ingress and egress traffic.
|
||||
When a firewall group rule specifies a remote group, for example an
|
||||
ingress rule in fwgA specifies a remote group of fwgB, that means only
|
||||
packets from fwgB could match this ingress rule.
|
Loading…
Reference in New Issue
Block a user