openstack
/
neutron-lib
Code Issues Proposed changes

add "stateful-security-group" api extension 

commit adds "stateful-security-group" API extension to
neutron-lib for implementing stateless security groups.

Needed-By: https://review.opendev.org/572767

Partial-Bug: #1753466

Change-Id: I72addb21b7515d7120768c91e02660258959373e
This commit is contained in:
Aditya Reddy Nagaram 2019-11-26 12:46:10 +01:00
parent 85205e9f08
commit f470973446
13 changed files with 124 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
api-ref/source/v2/parameters.yaml
View File

@ -5500,6 +5500,12 @@ state:
in: body in: body
required: true required: true
type: string type: string
stateful_enabled:
description: |
Indicates if the security group is stateful or stateless.
in: body
required: false
type: boolean
status_description: status_description:
description: | description: |
Human-readable description of the status. Human-readable description of the status.

3
api-ref/source/v2/samples/security-groups/security-group-create-request.json
View File

@ -1,6 +1,7 @@
{ {
"security_group": { "security_group": {
"name": "new-webservers", "name": "new-webservers",
"description": "security group for webservers" "description": "security group for webservers",
"stateful": true
} }
} }

3
api-ref/source/v2/samples/security-groups/security-group-create-response.json
View File

@ -47,6 +47,7 @@
"updated_at": "2018-03-19T19:16:56Z", "updated_at": "2018-03-19T19:16:56Z",
"revision_number": 1, "revision_number": 1,
"tags": ["tag1,tag2"], "tags": ["tag1,tag2"],
"tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550" "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"stateful": true
} }
} }

3
api-ref/source/v2/samples/security-groups/security-group-show-response.json
View File

@ -82,6 +82,7 @@
"updated_at": "2018-03-19T19:16:56Z", "updated_at": "2018-03-19T19:16:56Z",
"revision_number": 4, "revision_number": 4,
"tags": ["tag1,tag2"], "tags": ["tag1,tag2"],
"tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550" "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"stateful": true
} }
} }

3
api-ref/source/v2/samples/security-groups/security-group-update-request.json
View File

@ -1,6 +1,7 @@
{ {
"security_group": { "security_group": {
"name": "mysecgroup", "name": "mysecgroup",
"description": "my security group" "description": "my security group",
"stateful": true
} }
} }

3
api-ref/source/v2/samples/security-groups/security-group-update-response.json
View File

@ -9,6 +9,7 @@
"id": "01fbade5-b664-42f6-83ae-4e214f4263fa", "id": "01fbade5-b664-42f6-83ae-4e214f4263fa",
"name": "mysecgroup", "name": "mysecgroup",
"description": "my security group", "description": "my security group",
"tags": ["tag1,tag2"] "tags": ["tag1,tag2"],
"stateful": true
} }
} }

3
api-ref/source/v2/samples/security-groups/security-groups-list-response.json
View File

@ -83,7 +83,8 @@
"created_at": "2018-03-19T19:16:56Z", "created_at": "2018-03-19T19:16:56Z",
"updated_at": "2018-03-19T19:16:56Z", "updated_at": "2018-03-19T19:16:56Z",
"tags": ["tag1,tag2"], "tags": ["tag1,tag2"],
"tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550" "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"stateful": true
} }
] ]
} }

13
api-ref/source/v2/security-groups.inc
View File

@ -20,6 +20,14 @@ The ``standard-attr-tag`` adds Tag support for resources with
standard attributes by adding the ``tags`` attribute standard attributes by adding the ``tags`` attribute
allowing consumers to associate tags with resources. allowing consumers to associate tags with resources.
Stateful security groups extension (``stateful-security-group``)
================================================================
The stateful security group extension (``stateful-security-group``) adds the
``stateful`` field to security groups, allowing users to configure stateful
or stateless security groups for ``ports``. The existing security groups
will all be considered as stateful. Update of the ``stateful`` attribute is
allowed when there is no port associated with the security group.
List security groups List security groups
==================== ====================
@ -76,6 +84,7 @@ Response Parameters
- description: description - description: description
- security_group_rules: security_group_rules - security_group_rules: security_group_rules
- tags: tags - tags: tags
- stateful: stateful_enabled
Response Example Response Example
---------------- ----------------
@ -107,6 +116,7 @@ Request
- project_id: project_id - project_id: project_id
- description: description-request - description: description-request
- name: name - name: name
- stateful: stateful_enabled
Request Example Request Example
--------------- ---------------
@ -130,6 +140,7 @@ Response Parameters
- description: description - description: description
- security_group_rules: security_group_rules - security_group_rules: security_group_rules
- tags: tags - tags: tags
- stateful: stateful_enabled
Response Example Response Example
---------------- ----------------
@ -181,6 +192,7 @@ Response Parameters
- description: description - description: description
- security_group_rules: security_group_rules - security_group_rules: security_group_rules
- tags: tags - tags: tags
- stateful: stateful_enabled
Response Example Response Example
---------------- ----------------
@ -231,6 +243,7 @@ Response Parameters
- description: description - description: description
- security_group_rules: security_group_rules - security_group_rules: security_group_rules
- tags: tags - tags: tags
- stateful: stateful_enabled
Response Example Response Example
---------------- ----------------

2
neutron_lib/api/definitions/__init__.py
View File

@ -96,6 +96,7 @@ from neutron_lib.api.definitions import sfc
from neutron_lib.api.definitions import sort_key_validation from neutron_lib.api.definitions import sort_key_validation
from neutron_lib.api.definitions import sorting from neutron_lib.api.definitions import sorting
from neutron_lib.api.definitions import standard_attr_segment from neutron_lib.api.definitions import standard_attr_segment
from neutron_lib.api.definitions import stateful_security_group
from neutron_lib.api.definitions import subnet from neutron_lib.api.definitions import subnet
from neutron_lib.api.definitions import subnet_dns_publish_fixed_ip from neutron_lib.api.definitions import subnet_dns_publish_fixed_ip
from neutron_lib.api.definitions import subnet_onboard from neutron_lib.api.definitions import subnet_onboard
@ -200,6 +201,7 @@ _ALL_API_DEFINITIONS = {
sort_key_validation, sort_key_validation,
sorting, sorting,
standard_attr_segment, standard_attr_segment,
stateful_security_group,
subnet, subnet,
subnet_dns_publish_fixed_ip, subnet_dns_publish_fixed_ip,
subnet_onboard, subnet_onboard,

3
neutron_lib/api/definitions/base.py
View File

@ -55,7 +55,8 @@ KNOWN_RESOURCES = (
'ports', 'ports',
'routers', 'routers',
'subnets', 'subnets',
'subnetpools' 'subnetpools',
'security_groups'
) )
KNOWN_HTTP_ACTIONS = ( KNOWN_HTTP_ACTIONS = (

61
neutron_lib/api/definitions/stateful_security_group.py Normal file
View File

@ -0,0 +1,61 @@
# Copyright 2018 NOKIA
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from neutron_lib.api import converters
# The alias of the extension.
ALIAS = 'stateful-security-group'
IS_SHIM_EXTENSION = False
IS_STANDARD_ATTR_EXTENSION = False
# The name of the extension.
NAME = 'Stateful security group'
# The description of the extension.
DESCRIPTION = "Indicates if the security group is stateful or not"
# A timestamp of when the extension was introduced.
UPDATED_TIMESTAMP = "2019-11-26T09:00:00-00:00"
# The resource attribute map for the extension.
RESOURCE_ATTRIBUTE_MAP = {
'security_groups': {
'stateful': {'allow_post': True, 'allow_put': True,
'is_visible': True, 'default': True,
'convert_to': converters.convert_to_boolean}
}
}
# The subresource attribute map for the extension.
SUB_RESOURCE_ATTRIBUTE_MAP = {
}
# The action map.
ACTION_MAP = {
}
# The action status.
ACTION_STATUS = {
}
# The list of required extensions.
REQUIRED_EXTENSIONS = ['security-group']
# The list of optional extensions.
OPTIONAL_EXTENSIONS = [
]

23
neutron_lib/tests/unit/api/definitions/test_stateful_security_group.py Normal file
View File

@ -0,0 +1,23 @@
# Copyright 2018 NOKIA
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from neutron_lib.api.definitions import stateful_security_group
from neutron_lib.tests.unit.api.definitions import base
class StatefulSecurityGroupDefinitionTestCase(base.DefinitionBaseTestCase):
extension_module = stateful_security_group
extension_attributes = ('stateful',)

5
releasenotes/notes/stateful-security-group-a1ece5472f029dc1.yaml Normal file
View File

@ -0,0 +1,5 @@
---
features:
- |
The API defintion for the ``stateful-security-group`` extension is
now available in ``neutron_lib.api.definitions.stateful_security_group``.