Add remote_address_group_id field in SG rules

Add a new field remote_address_group_id in security group rule's API
definition. This allows users to easily manage SG rules for aggregated IP
address blocks.

Change-Id: I6a3cd961d6597c95dcd89e4263bd7894a70347ef
Implements: blueprint address-groups-in-sg-rules

neutron_lib/api/definitions/__init__.py

@@ -98,6 +98,7 @@ from neutron_lib.api.definitions import router_interface_fip
 from neutron_lib.api.definitions import routerservicetype
 from neutron_lib.api.definitions import security_groups_normalized_cidr
 from neutron_lib.api.definitions import security_groups_port_filtering
+from neutron_lib.api.definitions import security_groups_remote_address_group
 from neutron_lib.api.definitions import segment
 from neutron_lib.api.definitions import segments_peer_subnet_host_routes
 from neutron_lib.api.definitions import servicetype
@@ -213,6 +214,7 @@ _ALL_API_DEFINITIONS = {
     routerservicetype,
     security_groups_normalized_cidr,
     security_groups_port_filtering,
+    security_groups_remote_address_group,
     segment,
     segments_peer_subnet_host_routes,
     servicetype,

neutron_lib/api/definitions/security_groups_remote_address_group.py

@@ -0,0 +1,46 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+
+REMOTE_ADDRESS_GROUP_ID = 'remote_address_group_id'
+
+ALIAS = 'security-groups-remote-address-group'
+IS_SHIM_EXTENSION = False
+IS_STANDARD_ATTR_EXTENSION = False
+NAME = 'Remote address group id field for security group rules'
+DESCRIPTION = 'Add new field of remote address group id in SG rules'
+UPDATED_TIMESTAMP = '2020-08-25T10:00:00-00:00'
+
+RESOURCE_ATTRIBUTE_MAP = {
+    'security_group_rules': {
+        REMOTE_ADDRESS_GROUP_ID: {
+            'allow_post': True, 'allow_put': False,
+            'default': None, 'is_visible': True,
+            'is_sort_key': True, 'is_filter': True},
+    }
+}
+
+SUB_RESOURCE_ATTRIBUTE_MAP = {
+}
+
+ACTION_MAP = {
+}
+
+ACTION_STATUS = {
+}
+
+REQUIRED_EXTENSIONS = [
+    'security-group'
+]
+
+OPTIONAL_EXTENSIONS = [
+]

neutron_lib/tests/unit/api/definitions/test_security_groups_remote_address_group.py

@@ -0,0 +1,22 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from neutron_lib.api.definitions import security_groups_remote_address_group
+from neutron_lib.tests.unit.api.definitions import base
+
+
+class SecurityGroupsRemoteAddressGroupDefinitionTestCase(
+        base.DefinitionBaseTestCase):
+
+    extension_module = security_groups_remote_address_group
+    extension_resources = ('security_group_rules',)
+    extension_attributes = ('remote_address_group_id',)

releasenotes/notes/add-extension-security-groups-remote-address-group-c71dbb57b61a1dba.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Add an API extension ``security-groups-remote-address-group`` that adds the
+    new field ``remote_address_group_id`` in security group rules. This allows
+    users to easily manage SG rules for aggregated IP address blocks.