diff --git a/doc/api_samples/os-security-groups/security-group-rules-post-req.json b/doc/api_samples/os-security-groups/security-group-rules-post-req.json new file mode 100644 index 000000000000..c5116c8f0b30 --- /dev/null +++ b/doc/api_samples/os-security-groups/security-group-rules-post-req.json @@ -0,0 +1,9 @@ +{ + "security_group_rule": { + "parent_group_id": "21111111-1111-1111-1111-111111111112", + "ip_protocol": "tcp", + "from_port": 22, + "to_port": 22, + "cidr": "10.0.0.0/24" + } +} \ No newline at end of file diff --git a/doc/api_samples/os-security-groups/security-group-rules-post-resp.json b/doc/api_samples/os-security-groups/security-group-rules-post-resp.json new file mode 100644 index 000000000000..5bfd28910674 --- /dev/null +++ b/doc/api_samples/os-security-groups/security-group-rules-post-resp.json @@ -0,0 +1,13 @@ +{ + "security_group_rule": { + "from_port": 22, + "group": {}, + "id": "00000000-0000-0000-0000-000000000000", + "ip_protocol": "tcp", + "ip_range": { + "cidr": "10.0.0.0/24" + }, + "parent_group_id": "11111111-1111-1111-1111-111111111111", + "to_port": 22 + } +} \ No newline at end of file diff --git a/nova/api/openstack/compute/routes.py b/nova/api/openstack/compute/routes.py index cf8c6ec4ab09..f73a4ffde038 100644 --- a/nova/api/openstack/compute/routes.py +++ b/nova/api/openstack/compute/routes.py @@ -253,6 +253,10 @@ security_group_controller = functools.partial(_create_controller, security_groups.SecurityGroupController, [], []) +security_group_rules_controller = functools.partial(_create_controller, + security_groups.SecurityGroupRulesController, [], []) + + server_controller = functools.partial(_create_controller, servers.ServersController, [ @@ -616,6 +620,12 @@ ROUTE_LIST = ( ('/os-quota-sets/{id}/defaults', { 'GET': [quota_set_controller, 'defaults'] }), + ('/os-security-group-rules', { + 'POST': [security_group_rules_controller, 'create'] + }), + ('/os-security-group-rules/{id}', { + 'DELETE': [security_group_rules_controller, 'delete'] + }), ('/os-security-groups', { 'GET': [security_group_controller, 'index'], 'POST': [security_group_controller, 'create'] diff --git a/nova/api/openstack/compute/security_groups.py b/nova/api/openstack/compute/security_groups.py index 965d4d795997..e8d071760f20 100644 --- a/nova/api/openstack/compute/security_groups.py +++ b/nova/api/openstack/compute/security_groups.py @@ -35,7 +35,6 @@ from nova.virt import netutils LOG = logging.getLogger(__name__) -ALIAS = 'os-security-groups' ATTRIBUTE_NAME = 'security_groups' @@ -497,22 +496,6 @@ class SecurityGroupsOutputController(wsgi.Controller): self._extend_servers(req, list(resp_obj.obj['servers'])) -class SecurityGroups(extensions.V21APIExtensionBase): - """Security group support.""" - name = "SecurityGroups" - alias = ALIAS - version = 1 - - def get_controller_extensions(self): - return [] - - def get_resources(self): - secgrp_rules_ext = extensions.ResourceExtension( - 'os-security-group-rules', - controller=SecurityGroupRulesController()) - return [secgrp_rules_ext] - - # NOTE(gmann): This function is not supposed to use 'body_deprecated_param' # parameter as this is placed to handle scheduler_hint extension for V2.1. def server_create(server_dict, create_kwargs, body_deprecated_param): diff --git a/nova/tests/functional/api_sample_tests/api_samples/os-security-groups/security-group-rules-post-req.json.tpl b/nova/tests/functional/api_sample_tests/api_samples/os-security-groups/security-group-rules-post-req.json.tpl new file mode 100644 index 000000000000..da976bcd1ee2 --- /dev/null +++ b/nova/tests/functional/api_sample_tests/api_samples/os-security-groups/security-group-rules-post-req.json.tpl @@ -0,0 +1,9 @@ +{ + "security_group_rule": { + "parent_group_id": "21111111-1111-1111-1111-111111111112", + "ip_protocol": "tcp", + "from_port": 22, + "to_port": 22, + "cidr": "10.0.0.0/24" + } +} diff --git a/nova/tests/functional/api_sample_tests/api_samples/os-security-groups/security-group-rules-post-resp.json.tpl b/nova/tests/functional/api_sample_tests/api_samples/os-security-groups/security-group-rules-post-resp.json.tpl new file mode 100644 index 000000000000..bb72d2768a6f --- /dev/null +++ b/nova/tests/functional/api_sample_tests/api_samples/os-security-groups/security-group-rules-post-resp.json.tpl @@ -0,0 +1,13 @@ +{ + "security_group_rule": { + "from_port": 22, + "group": {}, + "ip_protocol": "tcp", + "to_port": 22, + "parent_group_id": "11111111-1111-1111-1111-111111111111", + "ip_range": { + "cidr": "10.0.0.0/24" + }, + "id": "00000000-0000-0000-0000-000000000000" + } +} diff --git a/nova/tests/functional/api_sample_tests/test_security_groups.py b/nova/tests/functional/api_sample_tests/test_security_groups.py index e4a2cce87531..586d7dc8abbc 100644 --- a/nova/tests/functional/api_sample_tests/test_security_groups.py +++ b/nova/tests/functional/api_sample_tests/test_security_groups.py @@ -58,6 +58,29 @@ def fake_create_security_group(self, context, name, description): return fake_get() +def fake_create_security_group_rule(self, context, security_group, new_rule): + return { + 'from_port': 22, + 'to_port': 22, + 'cidr': '10.0.0.0/24', + 'id': '00000000-0000-0000-0000-000000000000', + 'parent_group_id': '11111111-1111-1111-1111-111111111111', + 'protocol': 'tcp', + 'group_id': None + } + + +def fake_remove_rules(self, context, security_group, rule_ids): + pass + + +def fake_get_rule(self, context, id): + return { + 'id': id, + 'parent_group_id': '11111111-1111-1111-1111-111111111111' + } + + class SecurityGroupsJsonTest(test_servers.ServersSampleBase): sample_dir = 'os-security-groups' USE_NEUTRON = True @@ -77,6 +100,12 @@ class SecurityGroupsJsonTest(test_servers.ServersSampleBase): fake_get_instance_security_groups) self.stub_out(path + 'create_security_group', fake_create_security_group) + self.stub_out(path + 'create_security_group_rule', + fake_create_security_group_rule) + self.stub_out(path + 'remove_rules', + fake_remove_rules) + self.stub_out(path + 'get_rule', + fake_get_rule) def _get_create_subs(self): return { @@ -139,3 +168,14 @@ class SecurityGroupsJsonTest(test_servers.ServersSampleBase): 'security-group-remove-post-req', subs) self.assertEqual(202, response.status_code) self.assertEqual('', response.text) + + def test_security_group_rules_create(self): + response = self._do_post('os-security-group-rules', + 'security-group-rules-post-req', {}) + self._verify_response('security-group-rules-post-resp', {}, response, + 200) + + def test_security_group_rules_remove(self): + response = self._do_delete( + 'os-security-group-rules/00000000-0000-0000-0000-000000000000') + self.assertEqual(202, response.status_code) diff --git a/setup.cfg b/setup.cfg index bc7588156a20..4737ba011576 100644 --- a/setup.cfg +++ b/setup.cfg @@ -77,7 +77,6 @@ nova.api.v21.extensions = baremetal_nodes = nova.api.openstack.compute.baremetal_nodes:BareMetalNodes extension_info = nova.api.openstack.compute.extension_info:ExtensionInfo security_group_default_rules = nova.api.openstack.compute.security_group_default_rules:SecurityGroupDefaultRules - security_groups = nova.api.openstack.compute.security_groups:SecurityGroups versions = nova.api.openstack.compute.versionsV21:Versions volumes = nova.api.openstack.compute.volumes:Volumes