From 4ac0d8068c60f7568579f87518ccfc58064e4973 Mon Sep 17 00:00:00 2001 From: reedip Date: Tue, 15 Dec 2015 14:57:27 +0900 Subject: [PATCH] "neutron help firewall-rule-update" info updated Currently, neutron firewall-rule-update does not show all the options which it supports. With this patch, additional options which were earlier missing are added to the help option of firewall-rule-update. The additional options added are: --name --description --shared --source-ip-address --destination-ip-address --source-port --destination-port --enabled --action --ip-version Change-Id: I000dacfe9acbd220a61b2d3c6cea86c7a42b398f Depends-On: Ib8b278fc89f81d89d30f4e8dde9797e9149d3919 Closes-Bug: #1503985 --- neutronclient/neutron/v2_0/fw/firewallrule.py | 130 ++++++++++-------- .../tests/unit/fw/test_cli20_firewallrule.py | 47 ++++++- 2 files changed, 113 insertions(+), 64 deletions(-) diff --git a/neutronclient/neutron/v2_0/fw/firewallrule.py b/neutronclient/neutron/v2_0/fw/firewallrule.py index 70ef8e817..df5db95d6 100644 --- a/neutronclient/neutron/v2_0/fw/firewallrule.py +++ b/neutronclient/neutron/v2_0/fw/firewallrule.py @@ -21,6 +21,62 @@ from neutronclient.common import utils from neutronclient.neutron import v2_0 as neutronv20 +def _add_common_args(parser, is_create=True): + """If is_create is True, protocol and action become mandatory arguments. + + CreateCommand = is_create : True + UpdateCommand = is_create : False + """ + parser.add_argument( + '--name', + help=_('Name for the firewall rule.')) + parser.add_argument( + '--description', + help=_('Description for the firewall rule.')) + parser.add_argument( + '--source-ip-address', + help=_('Source IP address or subnet.')) + parser.add_argument( + '--destination-ip-address', + help=_('Destination IP address or subnet.')) + parser.add_argument( + '--source-port', + help=_('Source port (integer in [1, 65535] or range in a:b).')) + parser.add_argument( + '--destination-port', + help=_('Destination port (integer in [1, 65535] or range in ' + 'a:b).')) + utils.add_boolean_argument( + parser, '--enabled', dest='enabled', + help=_('Whether to enable or disable this rule.')) + parser.add_argument( + '--protocol', choices=['tcp', 'udp', 'icmp', 'any'], + required=is_create, + type=utils.convert_to_lowercase, + help=_('Protocol for the firewall rule.')) + parser.add_argument( + '--action', + required=is_create, + type=utils.convert_to_lowercase, + choices=['allow', 'deny', 'reject'], + help=_('Action for the firewall rule.')) + + +def common_args2body(parsed_args): + body = {} + neutronv20.update_dict(parsed_args, body, + ['name', 'description', 'shared', 'tenant_id', + 'source_ip_address', 'destination_ip_address', + 'source_port', 'destination_port', 'action', + 'enabled', 'ip_version']) + protocol = parsed_args.protocol + if protocol: + if protocol == 'any': + protocol = None + body['protocol'] = protocol + return body + + class ListFirewallRule(neutronv20.ListCommand): """List firewall rules that belong to a given tenant.""" @@ -69,63 +125,19 @@ class CreateFirewallRule(neutronv20.CreateCommand): resource = 'firewall_rule' def add_known_arguments(self, parser): - parser.add_argument( - '--name', - help=_('Name for the firewall rule.')) - parser.add_argument( - '--description', - help=_('Description for the firewall rule.')) parser.add_argument( '--shared', - dest='shared', action='store_true', - help=_('Set shared to True (default is False).'), + help=_('Set shared flag for the firewall rule.'), default=argparse.SUPPRESS) + _add_common_args(parser) parser.add_argument( '--ip-version', type=int, choices=[4, 6], default=4, help=_('IP version for the firewall rule (default is 4).')) - parser.add_argument( - '--source-ip-address', - help=_('Source IP address or subnet.')) - parser.add_argument( - '--destination-ip-address', - help=_('Destination IP address or subnet.')) - parser.add_argument( - '--source-port', - help=_('Source port (integer in [1, 65535] or range in a:b).')) - parser.add_argument( - '--destination-port', - help=_('Destination port (integer in [1, 65535] or range in ' - 'a:b).')) - utils.add_boolean_argument( - parser, '--enabled', dest='enabled', - help=_('Whether to enable or disable this rule.')) - parser.add_argument( - '--protocol', choices=['tcp', 'udp', 'icmp', 'any'], - type=utils.convert_to_lowercase, - required=True, - help=_('Protocol for the firewall rule.')) - parser.add_argument( - '--action', - required=True, - type=utils.convert_to_lowercase, - choices=['allow', 'deny', 'reject'], - help=_('Action for the firewall rule.')) def args2body(self, parsed_args): - body = {} - neutronv20.update_dict(parsed_args, body, - ['name', 'description', 'shared', - 'source_ip_address', 'destination_ip_address', - 'source_port', 'destination_port', - 'action', 'enabled', 'tenant_id', - 'ip_version']) - protocol = parsed_args.protocol - if protocol == 'any': - protocol = None - body['protocol'] = protocol - return {self.resource: body} + return {self.resource: common_args2body(parsed_args)} class UpdateFirewallRule(neutronv20.UpdateCommand): @@ -134,22 +146,20 @@ class UpdateFirewallRule(neutronv20.UpdateCommand): resource = 'firewall_rule' def add_known_arguments(self, parser): + utils.add_boolean_argument( + parser, + '--shared', + dest='shared', + help=_('Update the shared flag for the firewall rule.'), + default=argparse.SUPPRESS) parser.add_argument( - '--protocol', choices=['tcp', 'udp', 'icmp', 'any'], - required=False, - type=utils.convert_to_lowercase, - help=_('Protocol for the firewall rule.')) - # TODO(reedip) : Need to add the option for action once - # action also comes into Update Firewall Rule + '--ip-version', + type=int, choices=[4, 6], + help=_('Update IP version for the firewall rule.')) + _add_common_args(parser, is_create=False) def args2body(self, parsed_args): - body = {} - protocol = parsed_args.protocol - if protocol: - if protocol == 'any': - protocol = None - body['protocol'] = protocol - return {self.resource: body} + return {self.resource: common_args2body(parsed_args)} class DeleteFirewallRule(neutronv20.DeleteCommand): diff --git a/neutronclient/tests/unit/fw/test_cli20_firewallrule.py b/neutronclient/tests/unit/fw/test_cli20_firewallrule.py index d84f9ed95..50fabca8e 100644 --- a/neutronclient/tests/unit/fw/test_cli20_firewallrule.py +++ b/neutronclient/tests/unit/fw/test_cli20_firewallrule.py @@ -193,15 +193,54 @@ class CLITestV20FirewallRuleJSON(test_cli20.CLITestV20Base): ['myid', '--name', 'newname'], {'name': 'newname', }) - def test_update_firewall_rule_protocol(self): # firewall-rule-update myid --protocol any. - resource = 'firewall_rule' - cmd = firewallrule.UpdateFirewallRule(test_cli20.MyApp(sys.stdout), - None) self._test_update_resource(resource, cmd, 'myid', ['myid', '--protocol', 'any'], {'protocol': None, }) + # firewall-rule-update myid --description any + self._test_update_resource(resource, cmd, 'myid', + ['myid', '--description', 'any'], + {'description': 'any', }) + + # firewall-rule-update myid --source_ip_address 192.192.192.192 + self._test_update_resource(resource, cmd, 'myid', + ['myid', '--source_ip_address', + '192.192.192.192'], + {'source_ip_address': '192.192.192.192', }) + + # firewall-rule-update myid --source_port 32767 + self._test_update_resource(resource, cmd, 'myid', + ['myid', '--source_port', '32767'], + {'source_port': '32767', }) + + # firewall-rule-update myid --destination_ip_address 0.1.0.1 + self._test_update_resource(resource, cmd, 'myid', + ['myid', '--destination_ip_address', + '0.1.0.1'], + {'destination_ip_address': '0.1.0.1', }) + + # firewall-rule-update myid --destination_port 65432 + self._test_update_resource(resource, cmd, 'myid', + ['myid', '--destination_port', + '65432'], + {'destination_port': '65432', }) + + # firewall-rule-update myid --enabled False + self._test_update_resource(resource, cmd, 'myid', + ['myid', '--enabled', 'False'], + {'enabled': 'False', }) + + # firewall-rule-update myid --action reject + self._test_update_resource(resource, cmd, 'myid', + ['myid', '--action', 'reject'], + {'action': 'reject', }) + + # firewall-rule-update myid --shared false + self._test_update_resource(resource, cmd, 'myid', + ['myid', '--shared', 'false'], + {'shared': 'false', }) + def test_delete_firewall_rule(self): # firewall-rule-delete my-id. resource = 'firewall_rule'