openstack
/
nova
Code Issues Proposed changes

Merge "Remove 'os-security-group-default-rules' REST API"

This commit is contained in:
Zuul 2019-11-22 13:44:26 +00:00 committed by Gerrit Code Review
parent e9d7b82282 22dee90760
commit e7038e8952
15 changed files with 61 additions and 607 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api-ref/source/index.rst
View File

@ -71,7 +71,6 @@ limited to some maximum microversion.
.. include:: os-floating-ip-pools.inc .. include:: os-floating-ip-pools.inc
.. include:: os-floating-ips.inc .. include:: os-floating-ips.inc
.. include:: os-security-groups.inc .. include:: os-security-groups.inc
.. include:: os-security-group-default-rules.inc
.. include:: os-security-group-rules.inc .. include:: os-security-group-rules.inc
.. include:: os-hosts.inc .. include:: os-hosts.inc
@ -90,3 +89,4 @@ Compute API in the past, but no longer exist.
.. include:: os-floating-ips-bulk.inc .. include:: os-floating-ips-bulk.inc
.. include:: os-floating-ip-dns.inc .. include:: os-floating-ip-dns.inc
.. include:: os-cells.inc .. include:: os-cells.inc
.. include:: os-security-group-default-rules.inc

22
api-ref/source/os-security-group-default-rules.inc
View File

@ -1,17 +1,15 @@
.. -*- rst -*- .. -*- rst -*-
.. NOTE(gmann): These APIs are deprecated so do not update this ====================================================================
file even body, example or parameters are not complete. Rules for default security group (os-security-group-default-rules)
====================================================================
================================================================================
Rules for default security group (os-security-group-default-rules) (DEPRECATED)
================================================================================
.. warning:: .. warning::
This API only available with ``nova-network`` which is This API only available with ``nova-network`` which is
deprecated. It should be avoided in any new applications. deprecated. It should be avoided in any new applications.
These will fail with a 404 starting from microversion 2.36. These will fail with a 404 starting from microversion 2.36.
They were completely removed in the 21.0.0 (Ussuri) release.
Lists, shows information for, and creates default security group rules. Lists, shows information for, and creates default security group rules.
@ -24,7 +22,8 @@ Lists default security group rules.
Normal response codes: 200 Normal response codes: 200
Error response codes: unauthorized(401), forbidden(403), itemNotFound(404), notImplemented(501) Error response codes: unauthorized(401), forbidden(403), itemNotFound(404),
gone(410), notImplemented(501)
Response Response
-------- --------
@ -53,7 +52,8 @@ Shows details for a security group rule.
Normal response codes: 200 Normal response codes: 200
Error response codes: badRequest(400), unauthorized(401), forbidden(403), itemNotFound(404), notImplemented(501) Error response codes: badRequest(400), unauthorized(401), forbidden(403),
itemNotFound(404), gone(410), notImplemented(501)
Request Request
------- -------
@ -92,7 +92,8 @@ IP protocol ( ``ip_protocol`` ) value. Otherwise, the operation returns the ``Ba
Normal response codes: 200 Normal response codes: 200
Error response codes: badRequest(400), unauthorized(401), forbidden(403), conflict(409), notImplemented(501) Error response codes: badRequest(400), unauthorized(401), forbidden(403),
conflict(409), gone(410), notImplemented(501)
Request Request
------- -------
@ -137,7 +138,8 @@ Deletes a security group rule.
Normal response codes: 204 Normal response codes: 204
Error response codes: badRequest(400), unauthorized(401), forbidden(403), itemNotFound(404), notImplemented(501) Error response codes: badRequest(400), unauthorized(401), forbidden(403),
itemNotFound(404), gone(410), notImplemented(501)
Request Request
------- -------

18
nova/api/openstack/compute/rest_api_version_history.rst
View File

@ -415,11 +415,25 @@ API endpoints as below::
'/os-baremetal-nodes' '/os-baremetal-nodes'
'/os-fping' '/os-fping'
.. note:: A `regression`_ was introduced in this microversion which broke the .. note::
A `regression`__ was introduced in this microversion which broke the
``force`` parameter in the ``PUT /os-quota-sets`` API. The fix will have ``force`` parameter in the ``PUT /os-quota-sets`` API. The fix will have
to be applied to restore this functionality. to be applied to restore this functionality.
.. _regression: https://bugs.launchpad.net/nova/+bug/1733886 __ https://bugs.launchpad.net/nova/+bug/1733886
.. versionchanged:: 18.0.0
The ``os-fping`` API was completely removed in the 18.0.0 (Rocky) release.
On deployments newer than this, the API will return HTTP 410 (Gone)
regardless of the requested microversion.
.. versionchanged:: 21.0.0
The ``os-security-group-default-rules`` API was completely removed in the
21.0.0 (Ussuri) release. On deployments newer than this, the APIs will
return HTTP 410 (Gone) regadless of the requested microversion.
2.37 2.37
---- ----

117
nova/api/openstack/compute/security_group_default_rules.py
View File

@ -14,121 +14,24 @@
from webob import exc from webob import exc
from nova.api.openstack.api_version_request \
import MAX_PROXY_API_SUPPORT_VERSION
from nova.api.openstack.compute import security_groups as sg
from nova.api.openstack import wsgi from nova.api.openstack import wsgi
from nova import exception
from nova.i18n import _
from nova.network.security_group import openstack_driver
from nova.policies import security_group_default_rules as sgdr_policies
class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase, class SecurityGroupDefaultRulesController(wsgi.Controller):
wsgi.Controller): """(Removed) Controller for default project security groups."""
def __init__(self): @wsgi.expected_errors(410)
super(SecurityGroupDefaultRulesController, self).__init__()
self.security_group_api = (
openstack_driver.get_openstack_security_group_driver())
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
@wsgi.expected_errors((400, 409, 501))
def create(self, req, body): def create(self, req, body):
context = req.environ['nova.context'] raise exc.HTTPGone()
context.can(sgdr_policies.BASE_POLICY_NAME)
sg_rule = self._from_body(body, 'security_group_default_rule') @wsgi.expected_errors(410)
try:
values = self._rule_args_to_dict(to_port=sg_rule.get('to_port'),
from_port=sg_rule.get('from_port'),
ip_protocol=sg_rule.get('ip_protocol'),
cidr=sg_rule.get('cidr'))
except (exception.InvalidCidr,
exception.InvalidInput,
exception.InvalidIpProtocol,
exception.InvalidPortRange) as ex:
raise exc.HTTPBadRequest(explanation=ex.format_message())
if values is None:
msg = _('Not enough parameters to build a valid rule.')
raise exc.HTTPBadRequest(explanation=msg)
if self.security_group_api.default_rule_exists(context, values):
msg = _('This default rule already exists.')
raise exc.HTTPConflict(explanation=msg)
security_group_rule = self.security_group_api.add_default_rules(
context, [values])[0]
fmt_rule = self._format_security_group_default_rule(
security_group_rule)
return {'security_group_default_rule': fmt_rule}
def _rule_args_to_dict(self, to_port=None, from_port=None,
ip_protocol=None, cidr=None):
cidr = self.security_group_api.parse_cidr(cidr)
return self.security_group_api.new_cidr_ingress_rule(
cidr, ip_protocol, from_port, to_port)
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
@wsgi.expected_errors((400, 404, 501))
def show(self, req, id): def show(self, req, id):
context = req.environ['nova.context'] raise exc.HTTPGone()
context.can(sgdr_policies.BASE_POLICY_NAME)
try: @wsgi.expected_errors(410)
id = self.security_group_api.validate_id(id)
except exception.Invalid as ex:
raise exc.HTTPBadRequest(explanation=ex.format_message())
try:
rule = self.security_group_api.get_default_rule(context, id)
except exception.SecurityGroupDefaultRuleNotFound as ex:
raise exc.HTTPNotFound(explanation=ex.format_message())
fmt_rule = self._format_security_group_default_rule(rule)
return {"security_group_default_rule": fmt_rule}
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
@wsgi.expected_errors((400, 404, 501))
@wsgi.response(204)
def delete(self, req, id): def delete(self, req, id):
context = req.environ['nova.context'] raise exc.HTTPGone()
context.can(sgdr_policies.BASE_POLICY_NAME)
try: @wsgi.expected_errors(410)
id = self.security_group_api.validate_id(id)
except exception.Invalid as ex:
raise exc.HTTPBadRequest(explanation=ex.format_message())
try:
rule = self.security_group_api.get_default_rule(context, id)
self.security_group_api.remove_default_rules(context, [rule['id']])
except exception.SecurityGroupDefaultRuleNotFound as ex:
raise exc.HTTPNotFound(explanation=ex.format_message())
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
@wsgi.expected_errors((404, 501))
def index(self, req): def index(self, req):
context = req.environ['nova.context'] raise exc.HTTPGone()
context.can(sgdr_policies.BASE_POLICY_NAME)
ret = {'security_group_default_rules': []}
try:
for rule in self.security_group_api.get_all_default_rules(context):
rule_fmt = self._format_security_group_default_rule(rule)
ret['security_group_default_rules'].append(rule_fmt)
except exception.SecurityGroupDefaultRuleNotFound as ex:
raise exc.HTTPNotFound(explanation=ex.format_message())
return ret
def _format_security_group_default_rule(self, rule):
sg_rule = {}
sg_rule['id'] = rule['id']
sg_rule['ip_protocol'] = rule['protocol']
sg_rule['from_port'] = rule['from_port']
sg_rule['to_port'] = rule['to_port']
sg_rule['ip_range'] = {}
sg_rule['ip_range'] = {'cidr': rule['cidr']}
return sg_rule

2
nova/policies/__init__.py
View File

@ -53,7 +53,6 @@ from nova.policies import quota_class_sets
from nova.policies import quota_sets from nova.policies import quota_sets
from nova.policies import remote_consoles from nova.policies import remote_consoles
from nova.policies import rescue from nova.policies import rescue
from nova.policies import security_group_default_rules
from nova.policies import security_groups from nova.policies import security_groups
from nova.policies import server_diagnostics from nova.policies import server_diagnostics
from nova.policies import server_external_events from nova.policies import server_external_events
@ -116,7 +115,6 @@ def list_rules():
quota_sets.list_rules(), quota_sets.list_rules(),
remote_consoles.list_rules(), remote_consoles.list_rules(),
rescue.list_rules(), rescue.list_rules(),
security_group_default_rules.list_rules(),
security_groups.list_rules(), security_groups.list_rules(),
server_diagnostics.list_rules(), server_diagnostics.list_rules(),
server_external_events.list_rules(), server_external_events.list_rules(),

56
nova/policies/security_group_default_rules.py
View File

@ -1,56 +0,0 @@
# Copyright 2016 Cloudbase Solutions Srl
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
BASE_POLICY_NAME = 'os_compute_api:os-security-group-default-rules'
security_group_default_rules_policies = [
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
"""List, show information for, create, or delete default security
group rules.
These APIs are only available with nova-network which is now deprecated.""",
[
{
'method': 'GET',
'path': '/os-security-group-default-rules'
},
{
'method': 'GET',
'path': '/os-security-group-default-rules'
'/{security_group_default_rule_id}'
},
{
'method': 'POST',
'path': '/os-security-group-default-rules'
},
{
'method': 'DELETE',
'path': '/os-security-group-default-rules'
'/{security_group_default_rule_id}'
}
]),
]
def list_rules():
return security_group_default_rules_policies

8
nova/tests/functional/api_sample_tests/api_samples/os-security-group-default-rules/security-group-default-rules-create-req.json.tpl
View File

@ -1,8 +0,0 @@
{
"security_group_default_rule": {
"ip_protocol": "TCP",
"from_port": "80",
"to_port": "80",
"cidr": "10.10.10.0/24"
}
}

11
nova/tests/functional/api_sample_tests/api_samples/os-security-group-default-rules/security-group-default-rules-create-resp.json.tpl
View File

@ -1,11 +0,0 @@
{
"security_group_default_rule": {
"from_port": 80,
"id": 1,
"ip_protocol": "TCP",
"ip_range":{
"cidr": "10.10.10.0/24"
},
"to_port": 80
}
}

13
nova/tests/functional/api_sample_tests/api_samples/os-security-group-default-rules/security-group-default-rules-list-resp.json.tpl
View File

@ -1,13 +0,0 @@
{
"security_group_default_rules": [
{
"from_port": 80,
"id": 1,
"ip_protocol": "TCP",
"ip_range": {
"cidr": "10.10.10.0/24"
},
"to_port": 80
}
]
}

11
nova/tests/functional/api_sample_tests/api_samples/os-security-group-default-rules/security-group-default-rules-show-resp.json.tpl
View File

@ -1,11 +0,0 @@
{
"security_group_default_rule": {
"id": 1,
"from_port": 80,
"to_port": 80,
"ip_protocol": "TCP",
"ip_range": {
"cidr": "10.10.10.0/24"
}
}
}

24
nova/tests/functional/api_sample_tests/test_security_group_default_rules.py
View File

@ -15,29 +15,17 @@
from nova.tests.functional.api_sample_tests import api_sample_base from nova.tests.functional.api_sample_tests import api_sample_base
# TODO(stephenfin): Remove this API since it's nova-network only
class SecurityGroupDefaultRulesSampleJsonTest( class SecurityGroupDefaultRulesSampleJsonTest(
api_sample_base.ApiSampleTestBaseV21): api_sample_base.ApiSampleTestBaseV21):
USE_NEUTRON = False # nova-net only
ADMIN_API = True
sample_dir = 'os-security-group-default-rules'
def test_security_group_default_rules_create(self): def test_security_group_default_rules_create(self):
response = self._do_post('os-security-group-default-rules', self.api.api_post('os-security-group-default-rules', {},
'security-group-default-rules-create-req', check_response_status=[410])
{})
self._verify_response('security-group-default-rules-create-resp',
{}, response, 200)
def test_security_group_default_rules_list(self): def test_security_group_default_rules_list(self):
self.test_security_group_default_rules_create() self.api.api_get('os-security-group-default-rules',
response = self._do_get('os-security-group-default-rules') check_response_status=[410])
self._verify_response('security-group-default-rules-list-resp',
{}, response, 200)
def test_security_group_default_rules_show(self): def test_security_group_default_rules_show(self):
self.test_security_group_default_rules_create() self.api.api_get('os-security-group-default-rules/1',
rule_id = '1' check_response_status=[410])
response = self._do_get('os-security-group-default-rules/%s' % rule_id)
self._verify_response('security-group-default-rules-show-resp',
{}, response, 200)

366
nova/tests/unit/api/openstack/compute/test_security_group_default_rules.py
View File

@ -1,366 +0,0 @@
# Copyright 2013 Metacloud, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import mock
import webob
from nova.api.openstack.compute import \
security_group_default_rules as security_group_default_rules_v21
from nova import context
import nova.db.api
from nova import exception
from nova import test
from nova.tests.unit.api.openstack import fakes
class AttrDict(dict):
def __getattr__(self, k):
return self[k]
def security_group_default_rule_template(**kwargs):
rule = kwargs.copy()
rule.setdefault('ip_protocol', 'TCP')
rule.setdefault('from_port', 22)
rule.setdefault('to_port', 22)
rule.setdefault('cidr', '10.10.10.0/24')
return rule
def security_group_default_rule_db(security_group_default_rule, id=None):
attrs = security_group_default_rule.copy()
if id is not None:
attrs['id'] = id
return AttrDict(attrs)
class TestSecurityGroupDefaultRulesNeutronV21(test.TestCase):
controller_cls = (security_group_default_rules_v21.
SecurityGroupDefaultRulesController)
def setUp(self):
self.flags(use_neutron=True)
super(TestSecurityGroupDefaultRulesNeutronV21, self).setUp()
self.controller = self.controller_cls()
def test_create_security_group_default_rule_not_implemented_neutron(self):
sgr = security_group_default_rule_template()
req = fakes.HTTPRequest.blank(
'/v2/%s/os-security-group-default-rules' % fakes.FAKE_PROJECT_ID,
use_admin_context=True)
self.assertRaises(webob.exc.HTTPNotImplemented, self.controller.create,
req, {'security_group_default_rule': sgr})
def test_security_group_default_rules_list_not_implemented_neutron(self):
req = fakes.HTTPRequest.blank(
'/v2/%s/os-security-group-default-rules' % fakes.FAKE_PROJECT_ID,
use_admin_context=True)
self.assertRaises(webob.exc.HTTPNotImplemented, self.controller.index,
req)
def test_security_group_default_rules_show_not_implemented_neutron(self):
req = fakes.HTTPRequest.blank(
'/v2/%s/os-security-group-default-rules' % fakes.FAKE_PROJECT_ID,
use_admin_context=True)
self.assertRaises(webob.exc.HTTPNotImplemented, self.controller.show,
req, '602ed77c-a076-4f9b-a617-f93b847b62c5')
def test_security_group_default_rules_delete_not_implemented_neutron(self):
req = fakes.HTTPRequest.blank(
'/v2/%s/os-security-group-default-rules' % fakes.FAKE_PROJECT_ID,
use_admin_context=True)
self.assertRaises(webob.exc.HTTPNotImplemented, self.controller.delete,
req, '602ed77c-a076-4f9b-a617-f93b847b62c5')
class TestSecurityGroupDefaultRulesV21(test.TestCase):
controller_cls = (security_group_default_rules_v21.
SecurityGroupDefaultRulesController)
def setUp(self):
super(TestSecurityGroupDefaultRulesV21, self).setUp()
self.flags(use_neutron=False)
self.controller = self.controller_cls()
self.req = fakes.HTTPRequest.blank(
'/v2/%s/os-security-group-default-rules' % fakes.FAKE_PROJECT_ID)
def test_create_security_group_default_rule(self):
sgr = security_group_default_rule_template()
sgr_dict = dict(security_group_default_rule=sgr)
res_dict = self.controller.create(self.req, sgr_dict)
security_group_default_rule = res_dict['security_group_default_rule']
self.assertEqual(security_group_default_rule['ip_protocol'],
sgr['ip_protocol'])
self.assertEqual(security_group_default_rule['from_port'],
sgr['from_port'])
self.assertEqual(security_group_default_rule['to_port'],
sgr['to_port'])
self.assertEqual(security_group_default_rule['ip_range']['cidr'],
sgr['cidr'])
def test_create_security_group_default_rule_with_no_to_port(self):
sgr = security_group_default_rule_template()
del sgr['to_port']
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
self.req, {'security_group_default_rule': sgr})
def test_create_security_group_default_rule_with_no_from_port(self):
sgr = security_group_default_rule_template()
del sgr['from_port']
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
self.req, {'security_group_default_rule': sgr})
def test_create_security_group_default_rule_with_no_ip_protocol(self):
sgr = security_group_default_rule_template()
del sgr['ip_protocol']
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
self.req, {'security_group_default_rule': sgr})
def test_create_security_group_default_rule_with_no_cidr(self):
sgr = security_group_default_rule_template()
del sgr['cidr']
res_dict = self.controller.create(self.req,
{'security_group_default_rule': sgr})
security_group_default_rule = res_dict['security_group_default_rule']
self.assertNotEqual(security_group_default_rule['id'], 0)
self.assertEqual(security_group_default_rule['ip_range']['cidr'],
'0.0.0.0/0')
def test_create_security_group_default_rule_with_blank_to_port(self):
sgr = security_group_default_rule_template(to_port='')
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
self.req, {'security_group_default_rule': sgr})
def test_create_security_group_default_rule_with_blank_from_port(self):
sgr = security_group_default_rule_template(from_port='')
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
self.req, {'security_group_default_rule': sgr})
def test_create_security_group_default_rule_with_blank_ip_protocol(self):
sgr = security_group_default_rule_template(ip_protocol='')
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
self.req, {'security_group_default_rule': sgr})
def test_create_security_group_default_rule_with_blank_cidr(self):
sgr = security_group_default_rule_template(cidr='')
res_dict = self.controller.create(self.req,
{'security_group_default_rule': sgr})
security_group_default_rule = res_dict['security_group_default_rule']
self.assertNotEqual(security_group_default_rule['id'], 0)
self.assertEqual(security_group_default_rule['ip_range']['cidr'],
'0.0.0.0/0')
def test_create_security_group_default_rule_non_numerical_to_port(self):
sgr = security_group_default_rule_template(to_port='invalid')
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
self.req, {'security_group_default_rule': sgr})
def test_create_security_group_default_rule_non_numerical_from_port(self):
sgr = security_group_default_rule_template(from_port='invalid')
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
self.req, {'security_group_default_rule': sgr})
def test_create_security_group_default_rule_invalid_ip_protocol(self):
sgr = security_group_default_rule_template(ip_protocol='invalid')
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
self.req, {'security_group_default_rule': sgr})
def test_create_security_group_default_rule_invalid_cidr(self):
sgr = security_group_default_rule_template(cidr='10.10.2222.0/24')
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
self.req, {'security_group_default_rule': sgr})
def test_create_security_group_default_rule_invalid_to_port(self):
sgr = security_group_default_rule_template(to_port='666666')
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
self.req, {'security_group_default_rule': sgr})
def test_create_security_group_default_rule_invalid_from_port(self):
sgr = security_group_default_rule_template(from_port='666666')
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
self.req, {'security_group_default_rule': sgr})
def test_create_security_group_default_rule_with_no_body(self):
self.assertRaises(webob.exc.HTTPBadRequest,
self.controller.create, self.req, None)
def test_create_duplicate_security_group_default_rule(self):
sgr = security_group_default_rule_template()
self.controller.create(self.req, {'security_group_default_rule': sgr})
self.assertRaises(webob.exc.HTTPConflict, self.controller.create,
self.req, {'security_group_default_rule': sgr})
def test_security_group_default_rules_list(self):
self.test_create_security_group_default_rule()
rules = [dict(id=1,
ip_protocol='TCP',
from_port=22,
to_port=22,
ip_range=dict(cidr='10.10.10.0/24'))]
expected = {'security_group_default_rules': rules}
res_dict = self.controller.index(self.req)
self.assertEqual(res_dict, expected)
@mock.patch('nova.db.api.security_group_default_rule_list',
side_effect=(exception.
SecurityGroupDefaultRuleNotFound("Rule Not Found")))
def test_non_existing_security_group_default_rules_list(self,
mock_sec_grp_rule):
self.assertRaises(webob.exc.HTTPNotFound,
self.controller.index, self.req)
def test_default_security_group_default_rule_show(self):
sgr = security_group_default_rule_template(id=1)
self.test_create_security_group_default_rule()
res_dict = self.controller.show(self.req, '1')
security_group_default_rule = res_dict['security_group_default_rule']
self.assertEqual(security_group_default_rule['ip_protocol'],
sgr['ip_protocol'])
self.assertEqual(security_group_default_rule['to_port'],
sgr['to_port'])
self.assertEqual(security_group_default_rule['from_port'],
sgr['from_port'])
self.assertEqual(security_group_default_rule['ip_range']['cidr'],
sgr['cidr'])
@mock.patch('nova.db.api.security_group_default_rule_get',
side_effect=(exception.
SecurityGroupDefaultRuleNotFound("Rule Not Found")))
def test_non_existing_security_group_default_rule_show(self,
mock_sec_grp_rule):
self.assertRaises(webob.exc.HTTPNotFound,
self.controller.show, self.req, '1')
def test_delete_security_group_default_rule(self):
sgr = security_group_default_rule_template(id=1)
self.test_create_security_group_default_rule()
self.called = False
def security_group_default_rule_destroy(context, id):
self.called = True
def return_security_group_default_rule(context, id):
self.assertEqual(sgr['id'], id)
return security_group_default_rule_db(sgr)
self.stub_out('nova.db.api.security_group_default_rule_destroy',
security_group_default_rule_destroy)
self.stub_out('nova.db.api.security_group_default_rule_get',
return_security_group_default_rule)
self.controller.delete(self.req, '1')
self.assertTrue(self.called)
@mock.patch('nova.db.api.security_group_default_rule_destroy',
side_effect=(exception.
SecurityGroupDefaultRuleNotFound("Rule Not Found")))
def test_non_existing_security_group_default_rule_delete(
self, mock_sec_grp_rule):
self.assertRaises(webob.exc.HTTPNotFound,
self.controller.delete, self.req, '1')
def test_security_group_ensure_default(self):
sgr = security_group_default_rule_template(id=1)
self.test_create_security_group_default_rule()
ctxt = context.get_admin_context()
setattr(ctxt, 'project_id', 'new_project_id')
sg = nova.db.api.security_group_ensure_default(ctxt)
rules = nova.db.api.security_group_rule_get_by_security_group(
ctxt, sg.id)
security_group_rule = rules[0]
self.assertEqual(sgr['id'], security_group_rule.id)
self.assertEqual(sgr['ip_protocol'], security_group_rule.protocol)
self.assertEqual(sgr['from_port'], security_group_rule.from_port)
self.assertEqual(sgr['to_port'], security_group_rule.to_port)
self.assertEqual(sgr['cidr'], security_group_rule.cidr)
class SecurityGroupDefaultRulesPolicyEnforcementV21(test.NoDBTestCase):
def setUp(self):
super(SecurityGroupDefaultRulesPolicyEnforcementV21, self).setUp()
self.controller = (security_group_default_rules_v21.
SecurityGroupDefaultRulesController())
self.req = fakes.HTTPRequest.blank('')
def _common_policy_check(self, func, *arg, **kwarg):
rule_name = "os_compute_api:os-security-group-default-rules"
rule = {rule_name: "project:non_fake"}
self.policy.set_rules(rule)
exc = self.assertRaises(
exception.PolicyNotAuthorized, func, *arg, **kwarg)
self.assertEqual(
"Policy doesn't allow %s to be performed." %
rule_name, exc.format_message())
def test_create_policy_failed(self):
self._common_policy_check(self.controller.create, self.req, {})
def test_show_policy_failed(self):
self._common_policy_check(
self.controller.show, self.req, fakes.FAKE_UUID)
def test_delete_policy_failed(self):
self._common_policy_check(
self.controller.delete, self.req, fakes.FAKE_UUID)
def test_index_policy_failed(self):
self._common_policy_check(self.controller.index, self.req)
class TestSecurityGroupDefaultRulesDeprecation(test.NoDBTestCase):
def setUp(self):
super(TestSecurityGroupDefaultRulesDeprecation, self).setUp()
self.req = fakes.HTTPRequest.blank('', version='2.36')
self.controller = (security_group_default_rules_v21.
SecurityGroupDefaultRulesController())
def test_all_apis_return_not_found(self):
self.assertRaises(exception.VersionNotFoundForAPIMethod,
self.controller.create, self.req, {})
self.assertRaises(exception.VersionNotFoundForAPIMethod,
self.controller.show, self.req, fakes.FAKE_UUID)
self.assertRaises(exception.VersionNotFoundForAPIMethod,
self.controller.delete, self.req, fakes.FAKE_UUID)
self.assertRaises(exception.VersionNotFoundForAPIMethod,
self.controller.index, self.req)

1
nova/tests/unit/fake_policy.py
View File

@ -71,7 +71,6 @@ policy_data = """
"os_compute_api:os-quota-class-sets:update": "", "os_compute_api:os-quota-class-sets:update": "",
"os_compute_api:os-quota-class-sets:show": "", "os_compute_api:os-quota-class-sets:show": "",
"os_compute_api:os-rescue": "", "os_compute_api:os-rescue": "",
"os_compute_api:os-security-group-default-rules": "",
"os_compute_api:os-server-diagnostics": "", "os_compute_api:os-server-diagnostics": "",
"os_compute_api:os-server-password": "", "os_compute_api:os-server-password": "",
"os_compute_api:os-server-tags:index": "", "os_compute_api:os-server-tags:index": "",

1
nova/tests/unit/test_policy.py
View File

@ -350,7 +350,6 @@ class RealRolePolicyTestCase(test.NoDBTestCase):
"os_compute_api:os-networks-associate", "os_compute_api:os-networks-associate",
"os_compute_api:os-quota-sets:update", "os_compute_api:os-quota-sets:update",
"os_compute_api:os-quota-sets:delete", "os_compute_api:os-quota-sets:delete",
"os_compute_api:os-security-group-default-rules",
"os_compute_api:os-server-diagnostics", "os_compute_api:os-server-diagnostics",
"os_compute_api:os-services", "os_compute_api:os-services",
"os_compute_api:os-shelve:shelve_offload", "os_compute_api:os-shelve:shelve_offload",

16
releasenotes/notes/remove-nova-network-c02953ba72a1795d.yaml Normal file
View File

@ -0,0 +1,16 @@
---
upgrade:
- |
The *nova-network* feature has been deprecated since the 14.0.0 (Newton)
release and has now been removed. The remaining *nova-network* specific
REST APIs have been removed along with their related policy rules. Calling
these APIs will now result in a ``410 (Gone)`` error response.
* ``GET /os-security-group-default-rules``
* ``POST /os-security-group-default-rules``
* ``GET /os-security-group-default-rules/{id}``
* ``DELETE /os-security-group-default-rules/{id}``
The following policies have also been removed.
* ``os_compute_api:os-security-group-default-rules``