31e798dc21
There have been at least a couple of bugs about not being able to create egress security group rules in Nova, which is because nova-network does not support them. Neutron does, but Nova does not proxy this to Neutron, nor will it. So add a note in the api-ref docs for creating security group rules about the egress rule limitation with nova-network. Change-Id: Idc79cd1718b52db8611fd108b23f176f925221a6 Related-Bug: #1579749 Related-Bug: #1267140
97 lines
2.5 KiB
ReStructuredText
97 lines
2.5 KiB
ReStructuredText
.. -*- rst -*-
|
|
.. needs:example_verification
|
|
.. needs:body_verification
|
|
|
|
====================================================
|
|
Rules for security group (os-security-group-rules)
|
|
====================================================
|
|
|
|
Creates and deletes security group rules.
|
|
|
|
Create Security Group Rule
|
|
==========================
|
|
|
|
.. rest_method:: POST /v2.1/{tenant_id}/os-security-group-rules
|
|
|
|
Creates a rule for a security group. Either ``cidr`` or ``group_id`` must be
|
|
specified when creating a rule.
|
|
|
|
.. note::
|
|
nova-network only supports ingress rules. If you want to define egress
|
|
rules you must use the Neutron networking service.
|
|
|
|
Normal response codes: 200
|
|
|
|
Error response codes: badRequest(400), unauthorized(401), forbidden(403)
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- tenant_id: tenant_id
|
|
- security_group_rule: security_group_rule
|
|
- parent_group_id: parent_group_id
|
|
- ip_protocol: ip_protocol
|
|
- from_port: from_port
|
|
- to_port: to_port
|
|
- cidr: secgroup_rule_cidr
|
|
- group_id: group_id
|
|
|
|
.. TODO(sdague): we currently have no samples here
|
|
**Example Create security group rule: JSON request**
|
|
|
|
.. literalinclude:: ../../doc/api_samples/os-security-group-rules/security-group-rule-create-req.json
|
|
:language: javascript
|
|
|
|
Response
|
|
--------
|
|
|
|
The ``group`` is empty if ``group_id`` was not provided on the request.
|
|
|
|
The ``ip_range`` is empty if ``cidr`` was not provided on the request.
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- security_group_rule: security_group_rule
|
|
- ip_protocol: ip_protocol
|
|
- from_port: from_port
|
|
- to_port: to_port
|
|
- ip_range: secgroup_rule_ip_range
|
|
- cidr: secgroup_rule_cidr
|
|
- id: secgroup_rule_id
|
|
- group: group
|
|
- parent_group_id: parent_group_id
|
|
- name: name
|
|
- tenant_id: secgroup_tenant_id_body
|
|
|
|
.. TODO(sdague): we currently have no samples here
|
|
**Example Create security group rule: JSON response**
|
|
|
|
.. literalinclude:: ../../doc/api_samples/os-security-group-rules/security-group-rule-create-resp.json
|
|
:language: javascript
|
|
|
|
Delete Security Group Rule
|
|
==========================
|
|
|
|
.. rest_method:: DELETE /v2.1/{tenant_id}/os-security-group-rules/{security_group_rule_id}
|
|
|
|
Deletes a security group rule.
|
|
|
|
Normal response codes: 202
|
|
|
|
Error response codes: badRequest(400), unauthorized(401), forbidden(403), itemNotFound(404), conflict(409)
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- tenant_id: tenant_id
|
|
- security_group_rule_id: security_group_rule_id
|
|
|
|
Response
|
|
--------
|
|
|
|
There is no body content for the response of a successful DELETE query.
|