Merge "Remove 'os-security-group-default-rules' REST API"
This commit is contained in:
commit
e7038e8952
|
@ -71,7 +71,6 @@ limited to some maximum microversion.
|
||||||
.. include:: os-floating-ip-pools.inc
|
.. include:: os-floating-ip-pools.inc
|
||||||
.. include:: os-floating-ips.inc
|
.. include:: os-floating-ips.inc
|
||||||
.. include:: os-security-groups.inc
|
.. include:: os-security-groups.inc
|
||||||
.. include:: os-security-group-default-rules.inc
|
|
||||||
.. include:: os-security-group-rules.inc
|
.. include:: os-security-group-rules.inc
|
||||||
.. include:: os-hosts.inc
|
.. include:: os-hosts.inc
|
||||||
|
|
||||||
|
@ -90,3 +89,4 @@ Compute API in the past, but no longer exist.
|
||||||
.. include:: os-floating-ips-bulk.inc
|
.. include:: os-floating-ips-bulk.inc
|
||||||
.. include:: os-floating-ip-dns.inc
|
.. include:: os-floating-ip-dns.inc
|
||||||
.. include:: os-cells.inc
|
.. include:: os-cells.inc
|
||||||
|
.. include:: os-security-group-default-rules.inc
|
||||||
|
|
|
@ -1,17 +1,15 @@
|
||||||
.. -*- rst -*-
|
.. -*- rst -*-
|
||||||
|
|
||||||
.. NOTE(gmann): These APIs are deprecated so do not update this
|
====================================================================
|
||||||
file even body, example or parameters are not complete.
|
Rules for default security group (os-security-group-default-rules)
|
||||||
|
====================================================================
|
||||||
================================================================================
|
|
||||||
Rules for default security group (os-security-group-default-rules) (DEPRECATED)
|
|
||||||
================================================================================
|
|
||||||
|
|
||||||
.. warning::
|
.. warning::
|
||||||
|
|
||||||
This API only available with ``nova-network`` which is
|
This API only available with ``nova-network`` which is
|
||||||
deprecated. It should be avoided in any new applications.
|
deprecated. It should be avoided in any new applications.
|
||||||
These will fail with a 404 starting from microversion 2.36.
|
These will fail with a 404 starting from microversion 2.36.
|
||||||
|
They were completely removed in the 21.0.0 (Ussuri) release.
|
||||||
|
|
||||||
Lists, shows information for, and creates default security group rules.
|
Lists, shows information for, and creates default security group rules.
|
||||||
|
|
||||||
|
@ -24,7 +22,8 @@ Lists default security group rules.
|
||||||
|
|
||||||
Normal response codes: 200
|
Normal response codes: 200
|
||||||
|
|
||||||
Error response codes: unauthorized(401), forbidden(403), itemNotFound(404), notImplemented(501)
|
Error response codes: unauthorized(401), forbidden(403), itemNotFound(404),
|
||||||
|
gone(410), notImplemented(501)
|
||||||
|
|
||||||
Response
|
Response
|
||||||
--------
|
--------
|
||||||
|
@ -53,7 +52,8 @@ Shows details for a security group rule.
|
||||||
|
|
||||||
Normal response codes: 200
|
Normal response codes: 200
|
||||||
|
|
||||||
Error response codes: badRequest(400), unauthorized(401), forbidden(403), itemNotFound(404), notImplemented(501)
|
Error response codes: badRequest(400), unauthorized(401), forbidden(403),
|
||||||
|
itemNotFound(404), gone(410), notImplemented(501)
|
||||||
|
|
||||||
Request
|
Request
|
||||||
-------
|
-------
|
||||||
|
@ -92,7 +92,8 @@ IP protocol ( ``ip_protocol`` ) value. Otherwise, the operation returns the ``Ba
|
||||||
|
|
||||||
Normal response codes: 200
|
Normal response codes: 200
|
||||||
|
|
||||||
Error response codes: badRequest(400), unauthorized(401), forbidden(403), conflict(409), notImplemented(501)
|
Error response codes: badRequest(400), unauthorized(401), forbidden(403),
|
||||||
|
conflict(409), gone(410), notImplemented(501)
|
||||||
|
|
||||||
Request
|
Request
|
||||||
-------
|
-------
|
||||||
|
@ -137,7 +138,8 @@ Deletes a security group rule.
|
||||||
|
|
||||||
Normal response codes: 204
|
Normal response codes: 204
|
||||||
|
|
||||||
Error response codes: badRequest(400), unauthorized(401), forbidden(403), itemNotFound(404), notImplemented(501)
|
Error response codes: badRequest(400), unauthorized(401), forbidden(403),
|
||||||
|
itemNotFound(404), gone(410), notImplemented(501)
|
||||||
|
|
||||||
Request
|
Request
|
||||||
-------
|
-------
|
||||||
|
|
|
@ -415,11 +415,25 @@ API endpoints as below::
|
||||||
'/os-baremetal-nodes'
|
'/os-baremetal-nodes'
|
||||||
'/os-fping'
|
'/os-fping'
|
||||||
|
|
||||||
.. note:: A `regression`_ was introduced in this microversion which broke the
|
.. note::
|
||||||
|
|
||||||
|
A `regression`__ was introduced in this microversion which broke the
|
||||||
``force`` parameter in the ``PUT /os-quota-sets`` API. The fix will have
|
``force`` parameter in the ``PUT /os-quota-sets`` API. The fix will have
|
||||||
to be applied to restore this functionality.
|
to be applied to restore this functionality.
|
||||||
|
|
||||||
.. _regression: https://bugs.launchpad.net/nova/+bug/1733886
|
__ https://bugs.launchpad.net/nova/+bug/1733886
|
||||||
|
|
||||||
|
.. versionchanged:: 18.0.0
|
||||||
|
|
||||||
|
The ``os-fping`` API was completely removed in the 18.0.0 (Rocky) release.
|
||||||
|
On deployments newer than this, the API will return HTTP 410 (Gone)
|
||||||
|
regardless of the requested microversion.
|
||||||
|
|
||||||
|
.. versionchanged:: 21.0.0
|
||||||
|
|
||||||
|
The ``os-security-group-default-rules`` API was completely removed in the
|
||||||
|
21.0.0 (Ussuri) release. On deployments newer than this, the APIs will
|
||||||
|
return HTTP 410 (Gone) regadless of the requested microversion.
|
||||||
|
|
||||||
2.37
|
2.37
|
||||||
----
|
----
|
||||||
|
|
|
@ -14,121 +14,24 @@
|
||||||
|
|
||||||
from webob import exc
|
from webob import exc
|
||||||
|
|
||||||
from nova.api.openstack.api_version_request \
|
|
||||||
import MAX_PROXY_API_SUPPORT_VERSION
|
|
||||||
from nova.api.openstack.compute import security_groups as sg
|
|
||||||
from nova.api.openstack import wsgi
|
from nova.api.openstack import wsgi
|
||||||
from nova import exception
|
|
||||||
from nova.i18n import _
|
|
||||||
from nova.network.security_group import openstack_driver
|
|
||||||
from nova.policies import security_group_default_rules as sgdr_policies
|
|
||||||
|
|
||||||
|
|
||||||
class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase,
|
class SecurityGroupDefaultRulesController(wsgi.Controller):
|
||||||
wsgi.Controller):
|
"""(Removed) Controller for default project security groups."""
|
||||||
|
|
||||||
def __init__(self):
|
@wsgi.expected_errors(410)
|
||||||
super(SecurityGroupDefaultRulesController, self).__init__()
|
|
||||||
self.security_group_api = (
|
|
||||||
openstack_driver.get_openstack_security_group_driver())
|
|
||||||
|
|
||||||
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
|
|
||||||
@wsgi.expected_errors((400, 409, 501))
|
|
||||||
def create(self, req, body):
|
def create(self, req, body):
|
||||||
context = req.environ['nova.context']
|
raise exc.HTTPGone()
|
||||||
context.can(sgdr_policies.BASE_POLICY_NAME)
|
|
||||||
|
|
||||||
sg_rule = self._from_body(body, 'security_group_default_rule')
|
@wsgi.expected_errors(410)
|
||||||
|
|
||||||
try:
|
|
||||||
values = self._rule_args_to_dict(to_port=sg_rule.get('to_port'),
|
|
||||||
from_port=sg_rule.get('from_port'),
|
|
||||||
ip_protocol=sg_rule.get('ip_protocol'),
|
|
||||||
cidr=sg_rule.get('cidr'))
|
|
||||||
except (exception.InvalidCidr,
|
|
||||||
exception.InvalidInput,
|
|
||||||
exception.InvalidIpProtocol,
|
|
||||||
exception.InvalidPortRange) as ex:
|
|
||||||
raise exc.HTTPBadRequest(explanation=ex.format_message())
|
|
||||||
|
|
||||||
if values is None:
|
|
||||||
msg = _('Not enough parameters to build a valid rule.')
|
|
||||||
raise exc.HTTPBadRequest(explanation=msg)
|
|
||||||
|
|
||||||
if self.security_group_api.default_rule_exists(context, values):
|
|
||||||
msg = _('This default rule already exists.')
|
|
||||||
raise exc.HTTPConflict(explanation=msg)
|
|
||||||
security_group_rule = self.security_group_api.add_default_rules(
|
|
||||||
context, [values])[0]
|
|
||||||
fmt_rule = self._format_security_group_default_rule(
|
|
||||||
security_group_rule)
|
|
||||||
return {'security_group_default_rule': fmt_rule}
|
|
||||||
|
|
||||||
def _rule_args_to_dict(self, to_port=None, from_port=None,
|
|
||||||
ip_protocol=None, cidr=None):
|
|
||||||
cidr = self.security_group_api.parse_cidr(cidr)
|
|
||||||
return self.security_group_api.new_cidr_ingress_rule(
|
|
||||||
cidr, ip_protocol, from_port, to_port)
|
|
||||||
|
|
||||||
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
|
|
||||||
@wsgi.expected_errors((400, 404, 501))
|
|
||||||
def show(self, req, id):
|
def show(self, req, id):
|
||||||
context = req.environ['nova.context']
|
raise exc.HTTPGone()
|
||||||
context.can(sgdr_policies.BASE_POLICY_NAME)
|
|
||||||
|
|
||||||
try:
|
@wsgi.expected_errors(410)
|
||||||
id = self.security_group_api.validate_id(id)
|
|
||||||
except exception.Invalid as ex:
|
|
||||||
raise exc.HTTPBadRequest(explanation=ex.format_message())
|
|
||||||
|
|
||||||
try:
|
|
||||||
rule = self.security_group_api.get_default_rule(context, id)
|
|
||||||
except exception.SecurityGroupDefaultRuleNotFound as ex:
|
|
||||||
raise exc.HTTPNotFound(explanation=ex.format_message())
|
|
||||||
|
|
||||||
fmt_rule = self._format_security_group_default_rule(rule)
|
|
||||||
return {"security_group_default_rule": fmt_rule}
|
|
||||||
|
|
||||||
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
|
|
||||||
@wsgi.expected_errors((400, 404, 501))
|
|
||||||
@wsgi.response(204)
|
|
||||||
def delete(self, req, id):
|
def delete(self, req, id):
|
||||||
context = req.environ['nova.context']
|
raise exc.HTTPGone()
|
||||||
context.can(sgdr_policies.BASE_POLICY_NAME)
|
|
||||||
|
|
||||||
try:
|
@wsgi.expected_errors(410)
|
||||||
id = self.security_group_api.validate_id(id)
|
|
||||||
except exception.Invalid as ex:
|
|
||||||
raise exc.HTTPBadRequest(explanation=ex.format_message())
|
|
||||||
|
|
||||||
try:
|
|
||||||
rule = self.security_group_api.get_default_rule(context, id)
|
|
||||||
self.security_group_api.remove_default_rules(context, [rule['id']])
|
|
||||||
except exception.SecurityGroupDefaultRuleNotFound as ex:
|
|
||||||
raise exc.HTTPNotFound(explanation=ex.format_message())
|
|
||||||
|
|
||||||
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
|
|
||||||
@wsgi.expected_errors((404, 501))
|
|
||||||
def index(self, req):
|
def index(self, req):
|
||||||
context = req.environ['nova.context']
|
raise exc.HTTPGone()
|
||||||
context.can(sgdr_policies.BASE_POLICY_NAME)
|
|
||||||
|
|
||||||
ret = {'security_group_default_rules': []}
|
|
||||||
try:
|
|
||||||
for rule in self.security_group_api.get_all_default_rules(context):
|
|
||||||
rule_fmt = self._format_security_group_default_rule(rule)
|
|
||||||
ret['security_group_default_rules'].append(rule_fmt)
|
|
||||||
except exception.SecurityGroupDefaultRuleNotFound as ex:
|
|
||||||
raise exc.HTTPNotFound(explanation=ex.format_message())
|
|
||||||
|
|
||||||
return ret
|
|
||||||
|
|
||||||
def _format_security_group_default_rule(self, rule):
|
|
||||||
sg_rule = {}
|
|
||||||
sg_rule['id'] = rule['id']
|
|
||||||
sg_rule['ip_protocol'] = rule['protocol']
|
|
||||||
sg_rule['from_port'] = rule['from_port']
|
|
||||||
sg_rule['to_port'] = rule['to_port']
|
|
||||||
sg_rule['ip_range'] = {}
|
|
||||||
sg_rule['ip_range'] = {'cidr': rule['cidr']}
|
|
||||||
return sg_rule
|
|
||||||
|
|
|
@ -53,7 +53,6 @@ from nova.policies import quota_class_sets
|
||||||
from nova.policies import quota_sets
|
from nova.policies import quota_sets
|
||||||
from nova.policies import remote_consoles
|
from nova.policies import remote_consoles
|
||||||
from nova.policies import rescue
|
from nova.policies import rescue
|
||||||
from nova.policies import security_group_default_rules
|
|
||||||
from nova.policies import security_groups
|
from nova.policies import security_groups
|
||||||
from nova.policies import server_diagnostics
|
from nova.policies import server_diagnostics
|
||||||
from nova.policies import server_external_events
|
from nova.policies import server_external_events
|
||||||
|
@ -116,7 +115,6 @@ def list_rules():
|
||||||
quota_sets.list_rules(),
|
quota_sets.list_rules(),
|
||||||
remote_consoles.list_rules(),
|
remote_consoles.list_rules(),
|
||||||
rescue.list_rules(),
|
rescue.list_rules(),
|
||||||
security_group_default_rules.list_rules(),
|
|
||||||
security_groups.list_rules(),
|
security_groups.list_rules(),
|
||||||
server_diagnostics.list_rules(),
|
server_diagnostics.list_rules(),
|
||||||
server_external_events.list_rules(),
|
server_external_events.list_rules(),
|
||||||
|
|
|
@ -1,56 +0,0 @@
|
||||||
# Copyright 2016 Cloudbase Solutions Srl
|
|
||||||
# All Rights Reserved.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
from oslo_policy import policy
|
|
||||||
|
|
||||||
from nova.policies import base
|
|
||||||
|
|
||||||
|
|
||||||
BASE_POLICY_NAME = 'os_compute_api:os-security-group-default-rules'
|
|
||||||
|
|
||||||
|
|
||||||
security_group_default_rules_policies = [
|
|
||||||
policy.DocumentedRuleDefault(
|
|
||||||
BASE_POLICY_NAME,
|
|
||||||
base.RULE_ADMIN_API,
|
|
||||||
"""List, show information for, create, or delete default security
|
|
||||||
group rules.
|
|
||||||
|
|
||||||
These APIs are only available with nova-network which is now deprecated.""",
|
|
||||||
[
|
|
||||||
{
|
|
||||||
'method': 'GET',
|
|
||||||
'path': '/os-security-group-default-rules'
|
|
||||||
},
|
|
||||||
{
|
|
||||||
'method': 'GET',
|
|
||||||
'path': '/os-security-group-default-rules'
|
|
||||||
'/{security_group_default_rule_id}'
|
|
||||||
},
|
|
||||||
{
|
|
||||||
'method': 'POST',
|
|
||||||
'path': '/os-security-group-default-rules'
|
|
||||||
},
|
|
||||||
{
|
|
||||||
'method': 'DELETE',
|
|
||||||
'path': '/os-security-group-default-rules'
|
|
||||||
'/{security_group_default_rule_id}'
|
|
||||||
}
|
|
||||||
]),
|
|
||||||
]
|
|
||||||
|
|
||||||
|
|
||||||
def list_rules():
|
|
||||||
return security_group_default_rules_policies
|
|
|
@ -1,8 +0,0 @@
|
||||||
{
|
|
||||||
"security_group_default_rule": {
|
|
||||||
"ip_protocol": "TCP",
|
|
||||||
"from_port": "80",
|
|
||||||
"to_port": "80",
|
|
||||||
"cidr": "10.10.10.0/24"
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,11 +0,0 @@
|
||||||
{
|
|
||||||
"security_group_default_rule": {
|
|
||||||
"from_port": 80,
|
|
||||||
"id": 1,
|
|
||||||
"ip_protocol": "TCP",
|
|
||||||
"ip_range":{
|
|
||||||
"cidr": "10.10.10.0/24"
|
|
||||||
},
|
|
||||||
"to_port": 80
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,13 +0,0 @@
|
||||||
{
|
|
||||||
"security_group_default_rules": [
|
|
||||||
{
|
|
||||||
"from_port": 80,
|
|
||||||
"id": 1,
|
|
||||||
"ip_protocol": "TCP",
|
|
||||||
"ip_range": {
|
|
||||||
"cidr": "10.10.10.0/24"
|
|
||||||
},
|
|
||||||
"to_port": 80
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
|
@ -1,11 +0,0 @@
|
||||||
{
|
|
||||||
"security_group_default_rule": {
|
|
||||||
"id": 1,
|
|
||||||
"from_port": 80,
|
|
||||||
"to_port": 80,
|
|
||||||
"ip_protocol": "TCP",
|
|
||||||
"ip_range": {
|
|
||||||
"cidr": "10.10.10.0/24"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -15,29 +15,17 @@
|
||||||
from nova.tests.functional.api_sample_tests import api_sample_base
|
from nova.tests.functional.api_sample_tests import api_sample_base
|
||||||
|
|
||||||
|
|
||||||
# TODO(stephenfin): Remove this API since it's nova-network only
|
|
||||||
class SecurityGroupDefaultRulesSampleJsonTest(
|
class SecurityGroupDefaultRulesSampleJsonTest(
|
||||||
api_sample_base.ApiSampleTestBaseV21):
|
api_sample_base.ApiSampleTestBaseV21):
|
||||||
USE_NEUTRON = False # nova-net only
|
|
||||||
ADMIN_API = True
|
|
||||||
sample_dir = 'os-security-group-default-rules'
|
|
||||||
|
|
||||||
def test_security_group_default_rules_create(self):
|
def test_security_group_default_rules_create(self):
|
||||||
response = self._do_post('os-security-group-default-rules',
|
self.api.api_post('os-security-group-default-rules', {},
|
||||||
'security-group-default-rules-create-req',
|
check_response_status=[410])
|
||||||
{})
|
|
||||||
self._verify_response('security-group-default-rules-create-resp',
|
|
||||||
{}, response, 200)
|
|
||||||
|
|
||||||
def test_security_group_default_rules_list(self):
|
def test_security_group_default_rules_list(self):
|
||||||
self.test_security_group_default_rules_create()
|
self.api.api_get('os-security-group-default-rules',
|
||||||
response = self._do_get('os-security-group-default-rules')
|
check_response_status=[410])
|
||||||
self._verify_response('security-group-default-rules-list-resp',
|
|
||||||
{}, response, 200)
|
|
||||||
|
|
||||||
def test_security_group_default_rules_show(self):
|
def test_security_group_default_rules_show(self):
|
||||||
self.test_security_group_default_rules_create()
|
self.api.api_get('os-security-group-default-rules/1',
|
||||||
rule_id = '1'
|
check_response_status=[410])
|
||||||
response = self._do_get('os-security-group-default-rules/%s' % rule_id)
|
|
||||||
self._verify_response('security-group-default-rules-show-resp',
|
|
||||||
{}, response, 200)
|
|
||||||
|
|
|
@ -1,366 +0,0 @@
|
||||||
# Copyright 2013 Metacloud, Inc
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
import mock
|
|
||||||
import webob
|
|
||||||
|
|
||||||
from nova.api.openstack.compute import \
|
|
||||||
security_group_default_rules as security_group_default_rules_v21
|
|
||||||
from nova import context
|
|
||||||
import nova.db.api
|
|
||||||
from nova import exception
|
|
||||||
from nova import test
|
|
||||||
from nova.tests.unit.api.openstack import fakes
|
|
||||||
|
|
||||||
|
|
||||||
class AttrDict(dict):
|
|
||||||
def __getattr__(self, k):
|
|
||||||
return self[k]
|
|
||||||
|
|
||||||
|
|
||||||
def security_group_default_rule_template(**kwargs):
|
|
||||||
rule = kwargs.copy()
|
|
||||||
rule.setdefault('ip_protocol', 'TCP')
|
|
||||||
rule.setdefault('from_port', 22)
|
|
||||||
rule.setdefault('to_port', 22)
|
|
||||||
rule.setdefault('cidr', '10.10.10.0/24')
|
|
||||||
return rule
|
|
||||||
|
|
||||||
|
|
||||||
def security_group_default_rule_db(security_group_default_rule, id=None):
|
|
||||||
attrs = security_group_default_rule.copy()
|
|
||||||
if id is not None:
|
|
||||||
attrs['id'] = id
|
|
||||||
return AttrDict(attrs)
|
|
||||||
|
|
||||||
|
|
||||||
class TestSecurityGroupDefaultRulesNeutronV21(test.TestCase):
|
|
||||||
controller_cls = (security_group_default_rules_v21.
|
|
||||||
SecurityGroupDefaultRulesController)
|
|
||||||
|
|
||||||
def setUp(self):
|
|
||||||
self.flags(use_neutron=True)
|
|
||||||
super(TestSecurityGroupDefaultRulesNeutronV21, self).setUp()
|
|
||||||
self.controller = self.controller_cls()
|
|
||||||
|
|
||||||
def test_create_security_group_default_rule_not_implemented_neutron(self):
|
|
||||||
sgr = security_group_default_rule_template()
|
|
||||||
req = fakes.HTTPRequest.blank(
|
|
||||||
'/v2/%s/os-security-group-default-rules' % fakes.FAKE_PROJECT_ID,
|
|
||||||
use_admin_context=True)
|
|
||||||
self.assertRaises(webob.exc.HTTPNotImplemented, self.controller.create,
|
|
||||||
req, {'security_group_default_rule': sgr})
|
|
||||||
|
|
||||||
def test_security_group_default_rules_list_not_implemented_neutron(self):
|
|
||||||
req = fakes.HTTPRequest.blank(
|
|
||||||
'/v2/%s/os-security-group-default-rules' % fakes.FAKE_PROJECT_ID,
|
|
||||||
use_admin_context=True)
|
|
||||||
self.assertRaises(webob.exc.HTTPNotImplemented, self.controller.index,
|
|
||||||
req)
|
|
||||||
|
|
||||||
def test_security_group_default_rules_show_not_implemented_neutron(self):
|
|
||||||
req = fakes.HTTPRequest.blank(
|
|
||||||
'/v2/%s/os-security-group-default-rules' % fakes.FAKE_PROJECT_ID,
|
|
||||||
use_admin_context=True)
|
|
||||||
self.assertRaises(webob.exc.HTTPNotImplemented, self.controller.show,
|
|
||||||
req, '602ed77c-a076-4f9b-a617-f93b847b62c5')
|
|
||||||
|
|
||||||
def test_security_group_default_rules_delete_not_implemented_neutron(self):
|
|
||||||
req = fakes.HTTPRequest.blank(
|
|
||||||
'/v2/%s/os-security-group-default-rules' % fakes.FAKE_PROJECT_ID,
|
|
||||||
use_admin_context=True)
|
|
||||||
self.assertRaises(webob.exc.HTTPNotImplemented, self.controller.delete,
|
|
||||||
req, '602ed77c-a076-4f9b-a617-f93b847b62c5')
|
|
||||||
|
|
||||||
|
|
||||||
class TestSecurityGroupDefaultRulesV21(test.TestCase):
|
|
||||||
controller_cls = (security_group_default_rules_v21.
|
|
||||||
SecurityGroupDefaultRulesController)
|
|
||||||
|
|
||||||
def setUp(self):
|
|
||||||
super(TestSecurityGroupDefaultRulesV21, self).setUp()
|
|
||||||
self.flags(use_neutron=False)
|
|
||||||
self.controller = self.controller_cls()
|
|
||||||
self.req = fakes.HTTPRequest.blank(
|
|
||||||
'/v2/%s/os-security-group-default-rules' % fakes.FAKE_PROJECT_ID)
|
|
||||||
|
|
||||||
def test_create_security_group_default_rule(self):
|
|
||||||
sgr = security_group_default_rule_template()
|
|
||||||
|
|
||||||
sgr_dict = dict(security_group_default_rule=sgr)
|
|
||||||
res_dict = self.controller.create(self.req, sgr_dict)
|
|
||||||
security_group_default_rule = res_dict['security_group_default_rule']
|
|
||||||
self.assertEqual(security_group_default_rule['ip_protocol'],
|
|
||||||
sgr['ip_protocol'])
|
|
||||||
self.assertEqual(security_group_default_rule['from_port'],
|
|
||||||
sgr['from_port'])
|
|
||||||
self.assertEqual(security_group_default_rule['to_port'],
|
|
||||||
sgr['to_port'])
|
|
||||||
self.assertEqual(security_group_default_rule['ip_range']['cidr'],
|
|
||||||
sgr['cidr'])
|
|
||||||
|
|
||||||
def test_create_security_group_default_rule_with_no_to_port(self):
|
|
||||||
sgr = security_group_default_rule_template()
|
|
||||||
del sgr['to_port']
|
|
||||||
|
|
||||||
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
|
|
||||||
self.req, {'security_group_default_rule': sgr})
|
|
||||||
|
|
||||||
def test_create_security_group_default_rule_with_no_from_port(self):
|
|
||||||
sgr = security_group_default_rule_template()
|
|
||||||
del sgr['from_port']
|
|
||||||
|
|
||||||
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
|
|
||||||
self.req, {'security_group_default_rule': sgr})
|
|
||||||
|
|
||||||
def test_create_security_group_default_rule_with_no_ip_protocol(self):
|
|
||||||
sgr = security_group_default_rule_template()
|
|
||||||
del sgr['ip_protocol']
|
|
||||||
|
|
||||||
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
|
|
||||||
self.req, {'security_group_default_rule': sgr})
|
|
||||||
|
|
||||||
def test_create_security_group_default_rule_with_no_cidr(self):
|
|
||||||
sgr = security_group_default_rule_template()
|
|
||||||
del sgr['cidr']
|
|
||||||
|
|
||||||
res_dict = self.controller.create(self.req,
|
|
||||||
{'security_group_default_rule': sgr})
|
|
||||||
security_group_default_rule = res_dict['security_group_default_rule']
|
|
||||||
self.assertNotEqual(security_group_default_rule['id'], 0)
|
|
||||||
self.assertEqual(security_group_default_rule['ip_range']['cidr'],
|
|
||||||
'0.0.0.0/0')
|
|
||||||
|
|
||||||
def test_create_security_group_default_rule_with_blank_to_port(self):
|
|
||||||
sgr = security_group_default_rule_template(to_port='')
|
|
||||||
|
|
||||||
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
|
|
||||||
self.req, {'security_group_default_rule': sgr})
|
|
||||||
|
|
||||||
def test_create_security_group_default_rule_with_blank_from_port(self):
|
|
||||||
sgr = security_group_default_rule_template(from_port='')
|
|
||||||
|
|
||||||
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
|
|
||||||
self.req, {'security_group_default_rule': sgr})
|
|
||||||
|
|
||||||
def test_create_security_group_default_rule_with_blank_ip_protocol(self):
|
|
||||||
sgr = security_group_default_rule_template(ip_protocol='')
|
|
||||||
|
|
||||||
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
|
|
||||||
self.req, {'security_group_default_rule': sgr})
|
|
||||||
|
|
||||||
def test_create_security_group_default_rule_with_blank_cidr(self):
|
|
||||||
sgr = security_group_default_rule_template(cidr='')
|
|
||||||
|
|
||||||
res_dict = self.controller.create(self.req,
|
|
||||||
{'security_group_default_rule': sgr})
|
|
||||||
security_group_default_rule = res_dict['security_group_default_rule']
|
|
||||||
self.assertNotEqual(security_group_default_rule['id'], 0)
|
|
||||||
self.assertEqual(security_group_default_rule['ip_range']['cidr'],
|
|
||||||
'0.0.0.0/0')
|
|
||||||
|
|
||||||
def test_create_security_group_default_rule_non_numerical_to_port(self):
|
|
||||||
sgr = security_group_default_rule_template(to_port='invalid')
|
|
||||||
|
|
||||||
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
|
|
||||||
self.req, {'security_group_default_rule': sgr})
|
|
||||||
|
|
||||||
def test_create_security_group_default_rule_non_numerical_from_port(self):
|
|
||||||
sgr = security_group_default_rule_template(from_port='invalid')
|
|
||||||
|
|
||||||
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
|
|
||||||
self.req, {'security_group_default_rule': sgr})
|
|
||||||
|
|
||||||
def test_create_security_group_default_rule_invalid_ip_protocol(self):
|
|
||||||
sgr = security_group_default_rule_template(ip_protocol='invalid')
|
|
||||||
|
|
||||||
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
|
|
||||||
self.req, {'security_group_default_rule': sgr})
|
|
||||||
|
|
||||||
def test_create_security_group_default_rule_invalid_cidr(self):
|
|
||||||
sgr = security_group_default_rule_template(cidr='10.10.2222.0/24')
|
|
||||||
|
|
||||||
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
|
|
||||||
self.req, {'security_group_default_rule': sgr})
|
|
||||||
|
|
||||||
def test_create_security_group_default_rule_invalid_to_port(self):
|
|
||||||
sgr = security_group_default_rule_template(to_port='666666')
|
|
||||||
|
|
||||||
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
|
|
||||||
self.req, {'security_group_default_rule': sgr})
|
|
||||||
|
|
||||||
def test_create_security_group_default_rule_invalid_from_port(self):
|
|
||||||
sgr = security_group_default_rule_template(from_port='666666')
|
|
||||||
|
|
||||||
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
|
|
||||||
self.req, {'security_group_default_rule': sgr})
|
|
||||||
|
|
||||||
def test_create_security_group_default_rule_with_no_body(self):
|
|
||||||
self.assertRaises(webob.exc.HTTPBadRequest,
|
|
||||||
self.controller.create, self.req, None)
|
|
||||||
|
|
||||||
def test_create_duplicate_security_group_default_rule(self):
|
|
||||||
sgr = security_group_default_rule_template()
|
|
||||||
|
|
||||||
self.controller.create(self.req, {'security_group_default_rule': sgr})
|
|
||||||
|
|
||||||
self.assertRaises(webob.exc.HTTPConflict, self.controller.create,
|
|
||||||
self.req, {'security_group_default_rule': sgr})
|
|
||||||
|
|
||||||
def test_security_group_default_rules_list(self):
|
|
||||||
self.test_create_security_group_default_rule()
|
|
||||||
rules = [dict(id=1,
|
|
||||||
ip_protocol='TCP',
|
|
||||||
from_port=22,
|
|
||||||
to_port=22,
|
|
||||||
ip_range=dict(cidr='10.10.10.0/24'))]
|
|
||||||
expected = {'security_group_default_rules': rules}
|
|
||||||
|
|
||||||
res_dict = self.controller.index(self.req)
|
|
||||||
self.assertEqual(res_dict, expected)
|
|
||||||
|
|
||||||
@mock.patch('nova.db.api.security_group_default_rule_list',
|
|
||||||
side_effect=(exception.
|
|
||||||
SecurityGroupDefaultRuleNotFound("Rule Not Found")))
|
|
||||||
def test_non_existing_security_group_default_rules_list(self,
|
|
||||||
mock_sec_grp_rule):
|
|
||||||
self.assertRaises(webob.exc.HTTPNotFound,
|
|
||||||
self.controller.index, self.req)
|
|
||||||
|
|
||||||
def test_default_security_group_default_rule_show(self):
|
|
||||||
sgr = security_group_default_rule_template(id=1)
|
|
||||||
|
|
||||||
self.test_create_security_group_default_rule()
|
|
||||||
|
|
||||||
res_dict = self.controller.show(self.req, '1')
|
|
||||||
|
|
||||||
security_group_default_rule = res_dict['security_group_default_rule']
|
|
||||||
|
|
||||||
self.assertEqual(security_group_default_rule['ip_protocol'],
|
|
||||||
sgr['ip_protocol'])
|
|
||||||
self.assertEqual(security_group_default_rule['to_port'],
|
|
||||||
sgr['to_port'])
|
|
||||||
self.assertEqual(security_group_default_rule['from_port'],
|
|
||||||
sgr['from_port'])
|
|
||||||
self.assertEqual(security_group_default_rule['ip_range']['cidr'],
|
|
||||||
sgr['cidr'])
|
|
||||||
|
|
||||||
@mock.patch('nova.db.api.security_group_default_rule_get',
|
|
||||||
side_effect=(exception.
|
|
||||||
SecurityGroupDefaultRuleNotFound("Rule Not Found")))
|
|
||||||
def test_non_existing_security_group_default_rule_show(self,
|
|
||||||
mock_sec_grp_rule):
|
|
||||||
self.assertRaises(webob.exc.HTTPNotFound,
|
|
||||||
self.controller.show, self.req, '1')
|
|
||||||
|
|
||||||
def test_delete_security_group_default_rule(self):
|
|
||||||
sgr = security_group_default_rule_template(id=1)
|
|
||||||
|
|
||||||
self.test_create_security_group_default_rule()
|
|
||||||
|
|
||||||
self.called = False
|
|
||||||
|
|
||||||
def security_group_default_rule_destroy(context, id):
|
|
||||||
self.called = True
|
|
||||||
|
|
||||||
def return_security_group_default_rule(context, id):
|
|
||||||
self.assertEqual(sgr['id'], id)
|
|
||||||
return security_group_default_rule_db(sgr)
|
|
||||||
|
|
||||||
self.stub_out('nova.db.api.security_group_default_rule_destroy',
|
|
||||||
security_group_default_rule_destroy)
|
|
||||||
self.stub_out('nova.db.api.security_group_default_rule_get',
|
|
||||||
return_security_group_default_rule)
|
|
||||||
|
|
||||||
self.controller.delete(self.req, '1')
|
|
||||||
|
|
||||||
self.assertTrue(self.called)
|
|
||||||
|
|
||||||
@mock.patch('nova.db.api.security_group_default_rule_destroy',
|
|
||||||
side_effect=(exception.
|
|
||||||
SecurityGroupDefaultRuleNotFound("Rule Not Found")))
|
|
||||||
def test_non_existing_security_group_default_rule_delete(
|
|
||||||
self, mock_sec_grp_rule):
|
|
||||||
self.assertRaises(webob.exc.HTTPNotFound,
|
|
||||||
self.controller.delete, self.req, '1')
|
|
||||||
|
|
||||||
def test_security_group_ensure_default(self):
|
|
||||||
sgr = security_group_default_rule_template(id=1)
|
|
||||||
self.test_create_security_group_default_rule()
|
|
||||||
|
|
||||||
ctxt = context.get_admin_context()
|
|
||||||
|
|
||||||
setattr(ctxt, 'project_id', 'new_project_id')
|
|
||||||
|
|
||||||
sg = nova.db.api.security_group_ensure_default(ctxt)
|
|
||||||
rules = nova.db.api.security_group_rule_get_by_security_group(
|
|
||||||
ctxt, sg.id)
|
|
||||||
security_group_rule = rules[0]
|
|
||||||
self.assertEqual(sgr['id'], security_group_rule.id)
|
|
||||||
self.assertEqual(sgr['ip_protocol'], security_group_rule.protocol)
|
|
||||||
self.assertEqual(sgr['from_port'], security_group_rule.from_port)
|
|
||||||
self.assertEqual(sgr['to_port'], security_group_rule.to_port)
|
|
||||||
self.assertEqual(sgr['cidr'], security_group_rule.cidr)
|
|
||||||
|
|
||||||
|
|
||||||
class SecurityGroupDefaultRulesPolicyEnforcementV21(test.NoDBTestCase):
|
|
||||||
|
|
||||||
def setUp(self):
|
|
||||||
super(SecurityGroupDefaultRulesPolicyEnforcementV21, self).setUp()
|
|
||||||
self.controller = (security_group_default_rules_v21.
|
|
||||||
SecurityGroupDefaultRulesController())
|
|
||||||
self.req = fakes.HTTPRequest.blank('')
|
|
||||||
|
|
||||||
def _common_policy_check(self, func, *arg, **kwarg):
|
|
||||||
rule_name = "os_compute_api:os-security-group-default-rules"
|
|
||||||
rule = {rule_name: "project:non_fake"}
|
|
||||||
self.policy.set_rules(rule)
|
|
||||||
exc = self.assertRaises(
|
|
||||||
exception.PolicyNotAuthorized, func, *arg, **kwarg)
|
|
||||||
self.assertEqual(
|
|
||||||
"Policy doesn't allow %s to be performed." %
|
|
||||||
rule_name, exc.format_message())
|
|
||||||
|
|
||||||
def test_create_policy_failed(self):
|
|
||||||
self._common_policy_check(self.controller.create, self.req, {})
|
|
||||||
|
|
||||||
def test_show_policy_failed(self):
|
|
||||||
self._common_policy_check(
|
|
||||||
self.controller.show, self.req, fakes.FAKE_UUID)
|
|
||||||
|
|
||||||
def test_delete_policy_failed(self):
|
|
||||||
self._common_policy_check(
|
|
||||||
self.controller.delete, self.req, fakes.FAKE_UUID)
|
|
||||||
|
|
||||||
def test_index_policy_failed(self):
|
|
||||||
self._common_policy_check(self.controller.index, self.req)
|
|
||||||
|
|
||||||
|
|
||||||
class TestSecurityGroupDefaultRulesDeprecation(test.NoDBTestCase):
|
|
||||||
|
|
||||||
def setUp(self):
|
|
||||||
super(TestSecurityGroupDefaultRulesDeprecation, self).setUp()
|
|
||||||
self.req = fakes.HTTPRequest.blank('', version='2.36')
|
|
||||||
self.controller = (security_group_default_rules_v21.
|
|
||||||
SecurityGroupDefaultRulesController())
|
|
||||||
|
|
||||||
def test_all_apis_return_not_found(self):
|
|
||||||
self.assertRaises(exception.VersionNotFoundForAPIMethod,
|
|
||||||
self.controller.create, self.req, {})
|
|
||||||
self.assertRaises(exception.VersionNotFoundForAPIMethod,
|
|
||||||
self.controller.show, self.req, fakes.FAKE_UUID)
|
|
||||||
self.assertRaises(exception.VersionNotFoundForAPIMethod,
|
|
||||||
self.controller.delete, self.req, fakes.FAKE_UUID)
|
|
||||||
self.assertRaises(exception.VersionNotFoundForAPIMethod,
|
|
||||||
self.controller.index, self.req)
|
|
|
@ -71,7 +71,6 @@ policy_data = """
|
||||||
"os_compute_api:os-quota-class-sets:update": "",
|
"os_compute_api:os-quota-class-sets:update": "",
|
||||||
"os_compute_api:os-quota-class-sets:show": "",
|
"os_compute_api:os-quota-class-sets:show": "",
|
||||||
"os_compute_api:os-rescue": "",
|
"os_compute_api:os-rescue": "",
|
||||||
"os_compute_api:os-security-group-default-rules": "",
|
|
||||||
"os_compute_api:os-server-diagnostics": "",
|
"os_compute_api:os-server-diagnostics": "",
|
||||||
"os_compute_api:os-server-password": "",
|
"os_compute_api:os-server-password": "",
|
||||||
"os_compute_api:os-server-tags:index": "",
|
"os_compute_api:os-server-tags:index": "",
|
||||||
|
|
|
@ -350,7 +350,6 @@ class RealRolePolicyTestCase(test.NoDBTestCase):
|
||||||
"os_compute_api:os-networks-associate",
|
"os_compute_api:os-networks-associate",
|
||||||
"os_compute_api:os-quota-sets:update",
|
"os_compute_api:os-quota-sets:update",
|
||||||
"os_compute_api:os-quota-sets:delete",
|
"os_compute_api:os-quota-sets:delete",
|
||||||
"os_compute_api:os-security-group-default-rules",
|
|
||||||
"os_compute_api:os-server-diagnostics",
|
"os_compute_api:os-server-diagnostics",
|
||||||
"os_compute_api:os-services",
|
"os_compute_api:os-services",
|
||||||
"os_compute_api:os-shelve:shelve_offload",
|
"os_compute_api:os-shelve:shelve_offload",
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
The *nova-network* feature has been deprecated since the 14.0.0 (Newton)
|
||||||
|
release and has now been removed. The remaining *nova-network* specific
|
||||||
|
REST APIs have been removed along with their related policy rules. Calling
|
||||||
|
these APIs will now result in a ``410 (Gone)`` error response.
|
||||||
|
|
||||||
|
* ``GET /os-security-group-default-rules``
|
||||||
|
* ``POST /os-security-group-default-rules``
|
||||||
|
* ``GET /os-security-group-default-rules/{id}``
|
||||||
|
* ``DELETE /os-security-group-default-rules/{id}``
|
||||||
|
|
||||||
|
The following policies have also been removed.
|
||||||
|
|
||||||
|
* ``os_compute_api:os-security-group-default-rules``
|
Loading…
Reference in New Issue