From d057aa14af05ebeb3d1ab5d636b1150a01a24fa2 Mon Sep 17 00:00:00 2001 From: Hang Yang Date: Tue, 25 Aug 2020 16:02:40 -0500 Subject: [PATCH] Add remote_address_group_id field in SG rules Add a new field remote_address_group_id in security group rule's API definition. This allows users to easily manage SG rules for aggregated IP address blocks. Change-Id: I6a3cd961d6597c95dcd89e4263bd7894a70347ef Implements: blueprint address-groups-in-sg-rules --- neutron_lib/api/definitions/__init__.py | 2 + .../security_groups_remote_address_group.py | 46 +++++++++++++++++++ ...st_security_groups_remote_address_group.py | 22 +++++++++ ...remote-address-group-c71dbb57b61a1dba.yaml | 6 +++ 4 files changed, 76 insertions(+) create mode 100644 neutron_lib/api/definitions/security_groups_remote_address_group.py create mode 100644 neutron_lib/tests/unit/api/definitions/test_security_groups_remote_address_group.py create mode 100644 releasenotes/notes/add-extension-security-groups-remote-address-group-c71dbb57b61a1dba.yaml diff --git a/neutron_lib/api/definitions/__init__.py b/neutron_lib/api/definitions/__init__.py index efbec634b..86eb04dbd 100644 --- a/neutron_lib/api/definitions/__init__.py +++ b/neutron_lib/api/definitions/__init__.py @@ -98,6 +98,7 @@ from neutron_lib.api.definitions import router_interface_fip from neutron_lib.api.definitions import routerservicetype from neutron_lib.api.definitions import security_groups_normalized_cidr from neutron_lib.api.definitions import security_groups_port_filtering +from neutron_lib.api.definitions import security_groups_remote_address_group from neutron_lib.api.definitions import segment from neutron_lib.api.definitions import segments_peer_subnet_host_routes from neutron_lib.api.definitions import servicetype @@ -213,6 +214,7 @@ _ALL_API_DEFINITIONS = { routerservicetype, security_groups_normalized_cidr, security_groups_port_filtering, + security_groups_remote_address_group, segment, segments_peer_subnet_host_routes, servicetype, diff --git a/neutron_lib/api/definitions/security_groups_remote_address_group.py b/neutron_lib/api/definitions/security_groups_remote_address_group.py new file mode 100644 index 000000000..20bd79071 --- /dev/null +++ b/neutron_lib/api/definitions/security_groups_remote_address_group.py @@ -0,0 +1,46 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +REMOTE_ADDRESS_GROUP_ID = 'remote_address_group_id' + +ALIAS = 'security-groups-remote-address-group' +IS_SHIM_EXTENSION = False +IS_STANDARD_ATTR_EXTENSION = False +NAME = 'Remote address group id field for security group rules' +DESCRIPTION = 'Add new field of remote address group id in SG rules' +UPDATED_TIMESTAMP = '2020-08-25T10:00:00-00:00' + +RESOURCE_ATTRIBUTE_MAP = { + 'security_group_rules': { + REMOTE_ADDRESS_GROUP_ID: { + 'allow_post': True, 'allow_put': False, + 'default': None, 'is_visible': True, + 'is_sort_key': True, 'is_filter': True}, + } +} + +SUB_RESOURCE_ATTRIBUTE_MAP = { +} + +ACTION_MAP = { +} + +ACTION_STATUS = { +} + +REQUIRED_EXTENSIONS = [ + 'security-group' +] + +OPTIONAL_EXTENSIONS = [ +] diff --git a/neutron_lib/tests/unit/api/definitions/test_security_groups_remote_address_group.py b/neutron_lib/tests/unit/api/definitions/test_security_groups_remote_address_group.py new file mode 100644 index 000000000..acf7ad10b --- /dev/null +++ b/neutron_lib/tests/unit/api/definitions/test_security_groups_remote_address_group.py @@ -0,0 +1,22 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from neutron_lib.api.definitions import security_groups_remote_address_group +from neutron_lib.tests.unit.api.definitions import base + + +class SecurityGroupsRemoteAddressGroupDefinitionTestCase( + base.DefinitionBaseTestCase): + + extension_module = security_groups_remote_address_group + extension_resources = ('security_group_rules',) + extension_attributes = ('remote_address_group_id',) diff --git a/releasenotes/notes/add-extension-security-groups-remote-address-group-c71dbb57b61a1dba.yaml b/releasenotes/notes/add-extension-security-groups-remote-address-group-c71dbb57b61a1dba.yaml new file mode 100644 index 000000000..8d9e87375 --- /dev/null +++ b/releasenotes/notes/add-extension-security-groups-remote-address-group-c71dbb57b61a1dba.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Add an API extension ``security-groups-remote-address-group`` that adds the + new field ``remote_address_group_id`` in security group rules. This allows + users to easily manage SG rules for aggregated IP address blocks.