diff --git a/openstackclient/network/v2/security_group_rule.py b/openstackclient/network/v2/security_group_rule.py index f71edce80..b7ca0eafe 100644 --- a/openstackclient/network/v2/security_group_rule.py +++ b/openstackclient/network/v2/security_group_rule.py @@ -14,6 +14,7 @@ """Security Group Rule action implementations""" import argparse +import logging try: from novaclient.v2 import security_group_rules as compute_secgroup_rules @@ -31,6 +32,9 @@ from openstackclient.network import common from openstackclient.network import utils as network_utils +LOG = logging.getLogger(__name__) + + def _format_security_group_rule_show(obj): data = network_utils.transform_compute_security_group_rule(obj) return zip(*sorted(six.iteritems(data))) @@ -94,34 +98,30 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne): metavar='', help=_("Create rule in this security group (name or ID)") ) - # NOTE(yujie): Support either remote-ip option name for now. - # However, consider deprecating and then removing --src-ip in - # a future release. remote_group = parser.add_mutually_exclusive_group() remote_group.add_argument( "--remote-ip", metavar="", help=_("Remote IP address block (may use CIDR notation; " - "default for IPv4 rule: 0.0.0.0/0)") + "default for IPv4 rule: 0.0.0.0/0)"), ) - remote_group.add_argument( - "--src-ip", - metavar="", - help=_("Source IP address block (may use CIDR notation; " - "default for IPv4 rule: 0.0.0.0/0)") - ) - # NOTE(yujie): Support either remote-group option name for now. - # However, consider deprecating and then removing --src-group in - # a future release. remote_group.add_argument( "--remote-group", metavar="", - help=_("Remote security group (name or ID)") + help=_("Remote security group (name or ID)"), + ) + # Handle deprecated options + # NOTE(dtroyer): --src-ip and --src-group were deprecated in Nov 2016. + # Do not remove before 4.x release or Nov 2017. + remote_group.add_argument( + "--src-ip", + metavar="", + help=argparse.SUPPRESS, ) remote_group.add_argument( "--src-group", metavar="", - help=_("Source security group (name or ID)") + help=argparse.SUPPRESS, ) return parser @@ -302,16 +302,31 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne): if parsed_args.icmp_code: attrs['port_range_max'] = parsed_args.icmp_code + # NOTE(dtroyer): --src-ip and --src-group were deprecated in Nov 2016. + # Do not remove before 4.x release or Nov 2017. if not (parsed_args.remote_group is None and parsed_args.src_group is None): attrs['remote_group_id'] = client.find_security_group( parsed_args.remote_group or parsed_args.src_group, ignore_missing=False ).id + if parsed_args.src_group: + LOG.warning( + _("The %(old)s option is deprecated, " + "please use %(new)s instead.") % + {'old': '--src-group', 'new': '--remote-group'}, + ) elif not (parsed_args.remote_ip is None and parsed_args.src_ip is None): - attrs['remote_ip_prefix'] = (parsed_args.remote_ip or - parsed_args.src_ip) + attrs['remote_ip_prefix'] = ( + parsed_args.remote_ip or parsed_args.src_ip + ) + if parsed_args.src_ip: + LOG.warning( + _("The %(old)s option is deprecated, " + "please use %(new)s instead.") % + {'old': '--src-ip', 'new': '--remote-ip'}, + ) elif attrs['ethertype'] == 'IPv4': attrs['remote_ip_prefix'] = '0.0.0.0/0' attrs['security_group_id'] = security_group_id @@ -340,6 +355,9 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne): from_port, to_port = -1, -1 else: from_port, to_port = parsed_args.dst_port + + # NOTE(dtroyer): --src-ip and --src-group were deprecated in Nov 2016. + # Do not remove before 4.x release or Nov 2017. remote_ip = None if not (parsed_args.remote_group is None and parsed_args.src_group is None): @@ -347,9 +365,21 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne): client.security_groups, parsed_args.remote_group or parsed_args.src_group, ).id + if parsed_args.src_group: + LOG.warning( + _("The %(old)s option is deprecated, " + "please use %(new)s instead.") % + {'old': '--src-group', 'new': '--remote-group'}, + ) if not (parsed_args.remote_ip is None and parsed_args.src_ip is None): remote_ip = parsed_args.remote_ip or parsed_args.src_ip + if parsed_args.src_ip: + LOG.warning( + _("The %(old)s option is deprecated, " + "please use %(new)s instead.") % + {'old': '--src-ip', 'new': '--remote-ip'}, + ) else: remote_ip = '0.0.0.0/0' obj = client.security_group_rules.create( diff --git a/releasenotes/notes/bug-1637365-b90cdcc05ffc7d3a.yaml b/releasenotes/notes/bug-1637365-b90cdcc05ffc7d3a.yaml index 2b8e6c16b..b2a169d71 100644 --- a/releasenotes/notes/bug-1637365-b90cdcc05ffc7d3a.yaml +++ b/releasenotes/notes/bug-1637365-b90cdcc05ffc7d3a.yaml @@ -1,7 +1,8 @@ upgrade: - - - Changed the ``security group rule create`` command ``--src-ip`` - option to ``--remote-ip``, ``--src-group`` option to ``--remote-group``. - Using the ``--src-ip`` ``--src-group`` option is still supported, but - is no longer documented and may be deprecated in a future release. + - | + Rename the ``--src-group`` and ``--src-ip`` options in the + ``security group rule create`` command to ``--remote-group`` + and ``--remote-ip``. + The ``--src-group`` and ``--src-ip`` options are deprecated but still + supported, and will be removed in a future release. [Bug `1637365 `_]