Add "remote_address_group_id" attribute to the default SG rules API
This patch adds new parameter to the API of the default SG rules templates API. New parameter is called "remote_address_group_id" and can be used to define uuid of the remote address group which will be referenced in default rule(s) created for each new SG. Additionally this patch updates type of the "remote_ip_prefix" field in the database. It was set by mistake to "Integer" but should be "String". Related-bug: #1983053 Change-Id: Ieccd6e70bce6be9a16d38b25efc2774ffefe1699
This commit is contained in:
parent
73f68a1fda
commit
7600a542f7
|
@ -79,6 +79,7 @@ Details of the API are below:
|
||||||
"port_range_min": null,
|
"port_range_min": null,
|
||||||
"protocol": null,
|
"protocol": null,
|
||||||
"remote_group_id": null,
|
"remote_group_id": null,
|
||||||
|
"remote_address_group_id": null,
|
||||||
"remote_ip_prefix": null,
|
"remote_ip_prefix": null,
|
||||||
"used_in_default_security_group": True
|
"used_in_default_security_group": True
|
||||||
"used_in_non_default_security_group": True
|
"used_in_non_default_security_group": True
|
||||||
|
@ -95,6 +96,7 @@ Details of the API are below:
|
||||||
"port_range_min": null,
|
"port_range_min": null,
|
||||||
"protocol": null,
|
"protocol": null,
|
||||||
"remote_group_id": null,
|
"remote_group_id": null,
|
||||||
|
"remote_address_group_id": null,
|
||||||
"remote_ip_prefix": null,
|
"remote_ip_prefix": null,
|
||||||
"used_in_default_security_group": True
|
"used_in_default_security_group": True
|
||||||
"used_in_non_default_security_group": True
|
"used_in_non_default_security_group": True
|
||||||
|
@ -111,6 +113,7 @@ Details of the API are below:
|
||||||
"port_range_min": null,
|
"port_range_min": null,
|
||||||
"protocol": null,
|
"protocol": null,
|
||||||
"remote_group_id": "PARENT",
|
"remote_group_id": "PARENT",
|
||||||
|
"remote_address_group_id": null,
|
||||||
"remote_ip_prefix": null,
|
"remote_ip_prefix": null,
|
||||||
"used_in_default_security_group": True
|
"used_in_default_security_group": True
|
||||||
"used_in_non_default_security_group": False
|
"used_in_non_default_security_group": False
|
||||||
|
@ -127,6 +130,7 @@ Details of the API are below:
|
||||||
"port_range_min": null,
|
"port_range_min": null,
|
||||||
"protocol": null,
|
"protocol": null,
|
||||||
"remote_group_id": "PARENT",
|
"remote_group_id": "PARENT",
|
||||||
|
"remote_address_group_id": null,
|
||||||
"remote_ip_prefix": null,
|
"remote_ip_prefix": null,
|
||||||
"used_in_default_security_group": True
|
"used_in_default_security_group": True
|
||||||
"used_in_non_default_security_group": False
|
"used_in_non_default_security_group": False
|
||||||
|
@ -143,6 +147,7 @@ Details of the API are below:
|
||||||
"port_range_min": 22,
|
"port_range_min": 22,
|
||||||
"protocol": null,
|
"protocol": null,
|
||||||
"remote_group_id": null,
|
"remote_group_id": null,
|
||||||
|
"remote_address_group_id": null,
|
||||||
"remote_ip_prefix": null,
|
"remote_ip_prefix": null,
|
||||||
"used_in_default_security_group": False
|
"used_in_default_security_group": False
|
||||||
"used_in_non_default_security_group": True
|
"used_in_non_default_security_group": True
|
||||||
|
@ -159,6 +164,7 @@ Details of the API are below:
|
||||||
"port_range_min": 22,
|
"port_range_min": 22,
|
||||||
"protocol": null,
|
"protocol": null,
|
||||||
"remote_group_id": null,
|
"remote_group_id": null,
|
||||||
|
"remote_address_group_id": null,
|
||||||
"remote_ip_prefix": null,
|
"remote_ip_prefix": null,
|
||||||
"used_in_default_security_group": False
|
"used_in_default_security_group": False
|
||||||
"used_in_non_default_security_group": True
|
"used_in_non_default_security_group": True
|
||||||
|
@ -197,6 +203,7 @@ Details of the API are below:
|
||||||
"port_range_min": 80,
|
"port_range_min": 80,
|
||||||
"protocol": "tcp",
|
"protocol": "tcp",
|
||||||
"remote_group_id": null,
|
"remote_group_id": null,
|
||||||
|
"remote_address_group_id": null,
|
||||||
"remote_ip_prefix": null,
|
"remote_ip_prefix": null,
|
||||||
"used_in_default_security_group": False
|
"used_in_default_security_group": False
|
||||||
"used_in_non_default_security_group": True
|
"used_in_non_default_security_group": True
|
||||||
|
@ -223,6 +230,7 @@ Details of the API are below:
|
||||||
"port_range_min": null,
|
"port_range_min": null,
|
||||||
"protocol": null,
|
"protocol": null,
|
||||||
"remote_group_id": null,
|
"remote_group_id": null,
|
||||||
|
"remote_address_group_id": null,
|
||||||
"remote_ip_prefix": null,
|
"remote_ip_prefix": null,
|
||||||
"used_in_default_security_group": False
|
"used_in_default_security_group": False
|
||||||
"used_in_non_default_security_group": True
|
"used_in_non_default_security_group": True
|
||||||
|
@ -242,54 +250,58 @@ DB Impact
|
||||||
|
|
||||||
Default security group rule DB table:
|
Default security group rule DB table:
|
||||||
|
|
||||||
+------------------------+---------+------+------+---------------------------------------+
|
+-------------------------+---------+------+------+---------------------------------------+
|
||||||
| Attribute | Type | Req | CRUD | Description |
|
| Attribute | Type | Req | CRUD | Description |
|
||||||
+========================+=========+======+======+=======================================+
|
+=========================+=========+======+======+=======================================+
|
||||||
| id | uuid-str| No | R | Id of default security group rule. |
|
| id | uuid-str| No | R | Id of default security group rule. |
|
||||||
+------------------------+---------+------+------+---------------------------------------+
|
+-------------------------+---------+------+------+---------------------------------------+
|
||||||
| direction | String | Yes | CR | Direction in which the security group |
|
| direction | String | Yes | CR | Direction in which the security group |
|
||||||
| | | | | rule is applied. |
|
| | | | | rule is applied. |
|
||||||
+------------------------+---------+------+------+---------------------------------------+
|
+-------------------------+---------+------+------+---------------------------------------+
|
||||||
| ethertype | String | No | CR | Must be IPv4 or IPv6. |
|
| ethertype | String | No | CR | Must be IPv4 or IPv6. |
|
||||||
+------------------------+---------+------+------+---------------------------------------+
|
+-------------------------+---------+------+------+---------------------------------------+
|
||||||
| remote_group_id | String | No | CR | The remote group UUID to associate |
|
| remote_group_id | String | No | CR | The remote group UUID to associate |
|
||||||
| | | | | with this security group rule. |
|
| | | | | with this security group rule. |
|
||||||
| | | | | Special value ``PARENT`` can be also |
|
| | | | | Special value ``PARENT`` can be also |
|
||||||
| | | | | used and it means to always use |
|
| | | | | used and it means to always use |
|
||||||
| | | | | id of the security group in which |
|
| | | | | id of the security group in which |
|
||||||
| | | | | will be created with such rule. |
|
| | | | | will be created with such rule. |
|
||||||
+------------------------+---------+------+------+---------------------------------------+
|
+-------------------------+---------+------+------+---------------------------------------+
|
||||||
| protocol | String | No | CR | The IP protocol can be represented by |
|
| remote_address_group_id | String | No | CR | The remote address group UUID to |
|
||||||
| | | | | a string, an integer, or null. |
|
| | | | | associate with this security group |
|
||||||
| | | | | Valid strings or integers are the |
|
| | | | | rule. |
|
||||||
| | | | | same as for the |
|
+-------------------------+---------+------+------+---------------------------------------+
|
||||||
| | | | | ``security group rule``. |
|
| protocol | String | No | CR | The IP protocol can be represented by |
|
||||||
+------------------------+---------+------+------+---------------------------------------+
|
| | | | | a string, an integer, or null. |
|
||||||
| port_range_min | String | No | CR | The minimum port number in the |
|
| | | | | Valid strings or integers are the |
|
||||||
| | | | | range that is matched by the security |
|
| | | | | same as for the |
|
||||||
| | | | | group rule. |
|
| | | | | ``security group rule``. |
|
||||||
+------------------------+---------+------+------+---------------------------------------+
|
+-------------------------+---------+------+------+---------------------------------------+
|
||||||
| port_range_max | Integer | No | CR | The maximum port number in the |
|
| port_range_min | String | No | CR | The minimum port number in the |
|
||||||
| | | | | range that is matched by the security |
|
| | | | | range that is matched by the security |
|
||||||
| | | | | group rule. |
|
| | | | | group rule. |
|
||||||
+------------------------+---------+------+------+---------------------------------------+
|
+-------------------------+---------+------+------+---------------------------------------+
|
||||||
| remote_ip_prefix | Integer | No | CR | The remote IP prefix that is matched |
|
| port_range_max | Integer | No | CR | The maximum port number in the |
|
||||||
| | | | | by this security group rule. |
|
| | | | | range that is matched by the security |
|
||||||
+------------------------+---------+------+------+---------------------------------------+
|
| | | | | group rule. |
|
||||||
| standard_attr_id | Ingeger | Yes | R | Id of the associated standard |
|
+-------------------------+---------+------+------+---------------------------------------+
|
||||||
| | | | | attribute record. |
|
| remote_ip_prefix | String | No | CR | The remote IP prefix that is matched |
|
||||||
+------------------------+---------+------+------+---------------------------------------+
|
| | | | | by this security group rule. |
|
||||||
| used_in_default_sg | Boolean | No | CR | If it is set to ``True`` such rule |
|
+-------------------------+---------+------+------+---------------------------------------+
|
||||||
| | | | | will be used in a template for the |
|
| standard_attr_id | Ingeger | Yes | R | Id of the associated standard |
|
||||||
| | | | | ``default`` security group which is |
|
| | | | | attribute record. |
|
||||||
| | | | | created automatically for every |
|
+-------------------------+---------+------+------+---------------------------------------+
|
||||||
| | | | | project. Default value is ``False`` |
|
| used_in_default_sg | Boolean | No | CR | If it is set to ``True`` such rule |
|
||||||
+------------------------+---------+------+------+---------------------------------------+
|
| | | | | will be used in a template for the |
|
||||||
| used_in_non_default_sg | Boolean | No | CR | If it is set to ``True`` such rule |
|
| | | | | ``default`` security group which is |
|
||||||
| | | | | will be used in a template for the |
|
| | | | | created automatically for every |
|
||||||
| | | | | every ``non default`` security group. |
|
| | | | | project. Default value is ``False`` |
|
||||||
| | | | | Default value is ``False`` |
|
+-------------------------+---------+------+------+---------------------------------------+
|
||||||
+------------------------+---------+------+------+---------------------------------------+
|
| used_in_non_default_sg | Boolean | No | CR | If it is set to ``True`` such rule |
|
||||||
|
| | | | | will be used in a template for the |
|
||||||
|
| | | | | every ``non default`` security group. |
|
||||||
|
| | | | | Default value is ``False`` |
|
||||||
|
+-------------------------+---------+------+------+---------------------------------------+
|
||||||
|
|
||||||
Security Impact
|
Security Impact
|
||||||
---------------
|
---------------
|
||||||
|
|
Loading…
Reference in New Issue