openstack/python-openstackclient
Code Issues Proposed changes
0fb1378c6c
python-openstackclient/doc/source/command-objects/security-group-rule.rst

194 lines
4.2 KiB
ReStructuredText
Raw Normal View History

Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132
2015-11-24 07:52:43 -06:00
===================
security group rule
===================
Doc: Add network resource descriptions Add descriptions to the network resource command documentation. Change-Id: I547ffb48f8950311a5ee65d6b535846f2aca0efc
2016-04-24 19:17:36 -05:00
A **security group rule** specifies the network access rules for servers
and other resources on the network.
Refactor security group delete to use SDK Refactored the 'os security group delete' command to use the SDK when neutron is enabled, but continue to use the nova client when nova network is enabled. This patch set introduces a new NetworkAndComputeCommand class to be used for commands that must support neutron and nova network. The new class allows both the parser and actions to be unique. The current DeleteSecurityGroup class is now a subclass of this new class and has moved under the network v2 commands. This patch set also introduces a new FakeSecurityGroup class for testing security groups. And finally, this patch set updates the command documentation for security group and security group rule to indicate that Network v2 is also used. Change-Id: Ic21376b86b40cc6d97f360f3760ba5beed154537 Partial-Bug: #1519511 Related-to: blueprint neutron-client
2015-12-14 13:29:43 -06:00
Compute v2, Network v2
Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132
2015-11-24 07:52:43 -06:00
security group rule create
--------------------------
Create a new security group rule
.. program:: security group rule create
.. code:: bash
change os in command example to openstack(3) In the current doc, the command examples are like "os server create" but the acutal command should be started with "openstack" instead of "os", it is misleading to first time users. Change-Id: Ie67c0152d8ff8b7c456f91dc8b9a9164437ee9d1
2016-12-20 09:26:15 +08:00
openstack security group rule create
Not appropriate name sg rule attribute For ingress rules set ip-prefix means src-ip- prefix, but for egress rules set ip-prefix means dst-ip-prefix. It is not appropriate to name src-ip directly. So as to src-group. Change-Id: I03fd0e14e470e7272930ac2651e73263b83bd4e1 Closes-bug: #1637365
2016-11-04 17:23:46 +08:00
[--remote-ip <ip-address> | --remote-group <group>]
Additional network protocol support Add the following network protocol support to the "os security group rule create" command: - Add "--icmp-type" and "--icmp-code" options for Network v2 only. These options can be used to set the ICMP type and code for ICMP IP protocols. - Change the "--proto" option to "--protocol". Using the "--proto" option is still supported, but is no longer documented and may be deprecated in a future release. - Add the following Network v2 IP protocols to the "--protocol" option: "ah", "dccp", "egp", "esp", "gre", "igmp", "ipv6-encap", "ipv6-frag", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "ipv6-route", "ospf", "pgm", "rsvp", "sctp", "udplite", "vrrp" and integer representations [0-255]. The "os security group rule list" command now supports displaying the ICMP type and code for security group rules with the ICMP IP protocols. Change-Id: Ic84bc92bc7aa5ac08f6ef91660eb6c125a200eb3 Closes-Bug: #1519512 Implements: blueprint neutron-client
2016-04-15 07:36:43 -05:00
[--dst-port <port-range> | [--icmp-type <icmp-type> [--icmp-code <icmp-code>]]]
[--protocol <protocol>]
Add network options to security group rule create Add the following network options to the "os security group rule" command: (1) --ingress and --egress (2) --ethertype These options enable egress and IPv6 security group rules for Network v2. Change-Id: Ie30b5e95f94e0c087b0ce81e518de72d2dda25ad Partial-Bug: #1519512 Implements: blueprint neutron-client
2016-03-31 16:19:20 -05:00
[--ingress | --egress]
[--ethertype <ethertype>]
Add project options to security group rule create Add the --project and --project-domain options to the 'os security group rule create' command. These options are for Network v2 only. Change-Id: Ie3e136be076f0f2c22fbe7048d1d6eaebf5aa655 Partial-Bug: #1519512 Implements: blueprint neutron-client
2016-04-04 16:20:20 -05:00
[--project <project> [--project-domain <project-domain>]]
Add 'description' option This patch adds '--description' option to os security group rule create cmd. Change-Id: I604bcdeb4658d2dcc4d860a87e704e186cca5225 Partially-Implements: blueprint network-commands-options Partially-Implements: blueprint neutron-client-descriptions
2016-11-06 22:56:00 -06:00
[--description <description>]
Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132
2015-11-24 07:52:43 -06:00
<group>
Not appropriate name sg rule attribute For ingress rules set ip-prefix means src-ip- prefix, but for egress rules set ip-prefix means dst-ip-prefix. It is not appropriate to name src-ip directly. So as to src-group. Change-Id: I03fd0e14e470e7272930ac2651e73263b83bd4e1 Closes-bug: #1637365
2016-11-04 17:23:46 +08:00
.. option:: --remote-ip <ip-address>
Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132
2015-11-24 07:52:43 -06:00
Not appropriate name sg rule attribute For ingress rules set ip-prefix means src-ip- prefix, but for egress rules set ip-prefix means dst-ip-prefix. It is not appropriate to name src-ip directly. So as to src-group. Change-Id: I03fd0e14e470e7272930ac2651e73263b83bd4e1 Closes-bug: #1637365
2016-11-04 17:23:46 +08:00
Remote IP address block
Add network options to security group rule create Add the following network options to the "os security group rule" command: (1) --ingress and --egress (2) --ethertype These options enable egress and IPv6 security group rules for Network v2. Change-Id: Ie30b5e95f94e0c087b0ce81e518de72d2dda25ad Partial-Bug: #1519512 Implements: blueprint neutron-client
2016-03-31 16:19:20 -05:00
(may use CIDR notation; default for IPv4 rule: 0.0.0.0/0)
Add source security group support to create rule The 'security group rule create' command was updated to support a source security group. Now either a source IP address block or source security group can be specified when creating a rule. The default remains the same. Change-Id: If57de2871810caddeeaee96482eb34146968e173 Closes-Bug: #1522969
2015-12-04 16:37:40 -06:00
Not appropriate name sg rule attribute For ingress rules set ip-prefix means src-ip- prefix, but for egress rules set ip-prefix means dst-ip-prefix. It is not appropriate to name src-ip directly. So as to src-group. Change-Id: I03fd0e14e470e7272930ac2651e73263b83bd4e1 Closes-bug: #1637365
2016-11-04 17:23:46 +08:00
.. option:: --remote-group <group>
Add source security group support to create rule The 'security group rule create' command was updated to support a source security group. Now either a source IP address block or source security group can be specified when creating a rule. The default remains the same. Change-Id: If57de2871810caddeeaee96482eb34146968e173 Closes-Bug: #1522969
2015-12-04 16:37:40 -06:00
Not appropriate name sg rule attribute For ingress rules set ip-prefix means src-ip- prefix, but for egress rules set ip-prefix means dst-ip-prefix. It is not appropriate to name src-ip directly. So as to src-group. Change-Id: I03fd0e14e470e7272930ac2651e73263b83bd4e1 Closes-bug: #1637365
2016-11-04 17:23:46 +08:00
Remote security group (name or ID)
Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132
2015-11-24 07:52:43 -06:00
.. option:: --dst-port <port-range>
Additional network protocol support Add the following network protocol support to the "os security group rule create" command: - Add "--icmp-type" and "--icmp-code" options for Network v2 only. These options can be used to set the ICMP type and code for ICMP IP protocols. - Change the "--proto" option to "--protocol". Using the "--proto" option is still supported, but is no longer documented and may be deprecated in a future release. - Add the following Network v2 IP protocols to the "--protocol" option: "ah", "dccp", "egp", "esp", "gre", "igmp", "ipv6-encap", "ipv6-frag", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "ipv6-route", "ospf", "pgm", "rsvp", "sctp", "udplite", "vrrp" and integer representations [0-255]. The "os security group rule list" command now supports displaying the ICMP type and code for security group rules with the ICMP IP protocols. Change-Id: Ic84bc92bc7aa5ac08f6ef91660eb6c125a200eb3 Closes-Bug: #1519512 Implements: blueprint neutron-client
2016-04-15 07:36:43 -05:00
Destination port, may be a single port or a starting and
ending port range: 137:139. Required for IP protocols TCP
and UDP. Ignored for ICMP IP protocols.
.. option:: --icmp-type <icmp-type>
ICMP type for ICMP IP protocols
*Network version 2 only*
.. option:: --icmp-code <icmp-code>
ICMP code for ICMP IP protocols
*Network version 2 only*
.. option:: --protocol <protocol>
IP protocol (icmp, tcp, udp; default: tcp)
*Compute version 2*
IP protocol (ah, dccp, egp, esp, gre, icmp, igmp,
ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,
ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp,
udp, udplite, vrrp and integer representations [0-255];
default: tcp)
*Network version 2*
Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132
2015-11-24 07:52:43 -06:00
Add network options to security group rule create Add the following network options to the "os security group rule" command: (1) --ingress and --egress (2) --ethertype These options enable egress and IPv6 security group rules for Network v2. Change-Id: Ie30b5e95f94e0c087b0ce81e518de72d2dda25ad Partial-Bug: #1519512 Implements: blueprint neutron-client
2016-03-31 16:19:20 -05:00
.. option:: --ingress
Rule applies to incoming network traffic (default)
*Network version 2 only*
.. option:: --egress
Rule applies to outgoing network traffic
*Network version 2 only*
.. option:: --ethertype <ethertype>
Additional network protocol support Add the following network protocol support to the "os security group rule create" command: - Add "--icmp-type" and "--icmp-code" options for Network v2 only. These options can be used to set the ICMP type and code for ICMP IP protocols. - Change the "--proto" option to "--protocol". Using the "--proto" option is still supported, but is no longer documented and may be deprecated in a future release. - Add the following Network v2 IP protocols to the "--protocol" option: "ah", "dccp", "egp", "esp", "gre", "igmp", "ipv6-encap", "ipv6-frag", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "ipv6-route", "ospf", "pgm", "rsvp", "sctp", "udplite", "vrrp" and integer representations [0-255]. The "os security group rule list" command now supports displaying the ICMP type and code for security group rules with the ICMP IP protocols. Change-Id: Ic84bc92bc7aa5ac08f6ef91660eb6c125a200eb3 Closes-Bug: #1519512 Implements: blueprint neutron-client
2016-04-15 07:36:43 -05:00
Ethertype of network traffic
(IPv4, IPv6; default: based on IP protocol)
Add network options to security group rule create Add the following network options to the "os security group rule" command: (1) --ingress and --egress (2) --ethertype These options enable egress and IPv6 security group rules for Network v2. Change-Id: Ie30b5e95f94e0c087b0ce81e518de72d2dda25ad Partial-Bug: #1519512 Implements: blueprint neutron-client
2016-03-31 16:19:20 -05:00
*Network version 2 only*
Add project options to security group rule create Add the --project and --project-domain options to the 'os security group rule create' command. These options are for Network v2 only. Change-Id: Ie3e136be076f0f2c22fbe7048d1d6eaebf5aa655 Partial-Bug: #1519512 Implements: blueprint neutron-client
2016-04-04 16:20:20 -05:00
.. option:: --project <project>
Owner's project (name or ID)
*Network version 2 only*
.. option:: --project-domain <project-domain>
Domain the project belongs to (name or ID).
This can be used in case collisions between project names exist.
*Network version 2 only*
Add 'description' option This patch adds '--description' option to os security group rule create cmd. Change-Id: I604bcdeb4658d2dcc4d860a87e704e186cca5225 Partially-Implements: blueprint network-commands-options Partially-Implements: blueprint neutron-client-descriptions
2016-11-06 22:56:00 -06:00
.. option:: --description <description>
Set security group rule description
*Network version 2 only*
Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132
2015-11-24 07:52:43 -06:00
.. describe:: <group>
Create rule in this security group (name or ID)
security group rule delete
--------------------------
Support bulk deletion for commands that exist in both network and compute. Some delete commands in networkv2 are exist in both network and compute, They can use NetworkAndComputeDeleteclass to supprot bulk deletion and error handling and the codes are similar, so I change them all in this patch. The changed commands including: 1.floating ip delete 2.security group delete 3.security group rule delete Also, I update unit tests and docs for these commands in this patch. Change-Id: I6c94c3d10ba579ddd9b14d17673c821e3481fd8a Partially-Implements: blueprint multi-argument-network
2016-06-12 12:50:30 +08:00
Delete security group rule(s)
Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132
2015-11-24 07:52:43 -06:00
.. program:: security group rule delete
.. code:: bash
change os in command example to openstack(3) In the current doc, the command examples are like "os server create" but the acutal command should be started with "openstack" instead of "os", it is misleading to first time users. Change-Id: Ie67c0152d8ff8b7c456f91dc8b9a9164437ee9d1
2016-12-20 09:26:15 +08:00
openstack security group rule delete
Support bulk deletion for commands that exist in both network and compute. Some delete commands in networkv2 are exist in both network and compute, They can use NetworkAndComputeDeleteclass to supprot bulk deletion and error handling and the codes are similar, so I change them all in this patch. The changed commands including: 1.floating ip delete 2.security group delete 3.security group rule delete Also, I update unit tests and docs for these commands in this patch. Change-Id: I6c94c3d10ba579ddd9b14d17673c821e3481fd8a Partially-Implements: blueprint multi-argument-network
2016-06-12 12:50:30 +08:00
<rule> [<rule> ...]
Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132
2015-11-24 07:52:43 -06:00
.. describe:: <rule>
Support bulk deletion for commands that exist in both network and compute. Some delete commands in networkv2 are exist in both network and compute, They can use NetworkAndComputeDeleteclass to supprot bulk deletion and error handling and the codes are similar, so I change them all in this patch. The changed commands including: 1.floating ip delete 2.security group delete 3.security group rule delete Also, I update unit tests and docs for these commands in this patch. Change-Id: I6c94c3d10ba579ddd9b14d17673c821e3481fd8a Partially-Implements: blueprint multi-argument-network
2016-06-12 12:50:30 +08:00
Security group rule(s) to delete (ID only)
Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132
2015-11-24 07:52:43 -06:00
security group rule list
------------------------
List security group rules
.. program:: security group rule list
.. code:: bash
change os in command example to openstack(3) In the current doc, the command examples are like "os server create" but the acutal command should be started with "openstack" instead of "os", it is misleading to first time users. Change-Id: Ie67c0152d8ff8b7c456f91dc8b9a9164437ee9d1
2016-12-20 09:26:15 +08:00
openstack security group rule list
Add options to security group rule list Add the following options to the 'os security group rule list' command: --long: Display direction and ethertype for Network v2 --all-projects: Display information from all projects for Compute v2 Change-Id: If8a1cbd7669cdfa6577d6d2f6fffd9e999a39a82 Partial-Bug: #1519512 Implements: blueprint neutron-client
2016-04-11 13:45:12 -05:00
[--all-projects]
Add direction and protocol options to os security group rule list cmd This patch added direction options (--ingress, --egress) and protocol option (--protocol) to filter rules by os security group rule list command. Change-Id: I56ace3f97eb927fd2a868f728c7347a29d028b67 Closes-Bug: #1613533 Partially-Implements: blueprint network-commands-options
2016-08-17 13:40:52 +07:00
[--protocol <protocol>]
[--ingress | --egress]
Add options to security group rule list Add the following options to the 'os security group rule list' command: --long: Display direction and ethertype for Network v2 --all-projects: Display information from all projects for Compute v2 Change-Id: If8a1cbd7669cdfa6577d6d2f6fffd9e999a39a82 Partial-Bug: #1519512 Implements: blueprint neutron-client
2016-04-11 13:45:12 -05:00
[--long]
Add support to list all security group rules Both nova and neutron allow security group rules to be listed without specifying the owning security group. This patch set makes the group argument on 'os security group rule list' optional. Behavior is unchanged when the argument is specified. When the argument is not specified then all accessible security group rules will be listed. The listing will include the owning security group for each rule. Change-Id: I6914baecf70a65354e1e82dad92c6afbd32b4973 Related-Bug: #1519512
2015-12-16 16:01:40 -06:00
[<group>]
Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132
2015-11-24 07:52:43 -06:00
Add options to security group rule list Add the following options to the 'os security group rule list' command: --long: Display direction and ethertype for Network v2 --all-projects: Display information from all projects for Compute v2 Change-Id: If8a1cbd7669cdfa6577d6d2f6fffd9e999a39a82 Partial-Bug: #1519512 Implements: blueprint neutron-client
2016-04-11 13:45:12 -05:00
.. option:: --all-projects
Display information from all projects (admin only)
*Network version 2 ignores this option and will always display information*
*for all projects (admin only).*
.. option:: --long
List additional fields in output
*Compute version 2 does not have additional fields to display.*
Add direction and protocol options to os security group rule list cmd This patch added direction options (--ingress, --egress) and protocol option (--protocol) to filter rules by os security group rule list command. Change-Id: I56ace3f97eb927fd2a868f728c7347a29d028b67 Closes-Bug: #1613533 Partially-Implements: blueprint network-commands-options
2016-08-17 13:40:52 +07:00
.. option:: --protocol
List rules by the IP protocol (ah, dhcp, egp, esp, gre, icmp, igmp,
ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,ipv6-opts, ipv6-route,
ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer
representations [0-255])
*Network version 2*
.. option:: --ingress
List rules applied to incoming network traffic
*Network version 2 only*
.. option:: --egress
List rules applied to outgoing network traffic
*Network version 2 only*
Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132
2015-11-24 07:52:43 -06:00
.. describe:: <group>
List all rules in this security group (name or ID)
Add "security group rule show" command Add the "os security group rule show" command which will use the SDK when neutron is enabled, and use the nova client when nova network is enabled. Change-Id: I41efaa4468ec15e4e86d74144cc72edc25a29024 Partial-Bug: #1519512 Implements: blueprint neutron-client
2016-02-19 10:19:28 -06:00
security group rule show
------------------------
Display security group rule details
.. program:: security group rule show
.. code:: bash
change os in command example to openstack(3) In the current doc, the command examples are like "os server create" but the acutal command should be started with "openstack" instead of "os", it is misleading to first time users. Change-Id: Ie67c0152d8ff8b7c456f91dc8b9a9164437ee9d1
2016-12-20 09:26:15 +08:00
openstack security group rule show
Add "security group rule show" command Add the "os security group rule show" command which will use the SDK when neutron is enabled, and use the nova client when nova network is enabled. Change-Id: I41efaa4468ec15e4e86d74144cc72edc25a29024 Partial-Bug: #1519512 Implements: blueprint neutron-client
2016-02-19 10:19:28 -06:00
<rule>
.. describe:: <rule>
Security group rule to display (ID only)
Copy Permalink