From 46b25c7c0babbf9bfe7b64a5de87994364b46675 Mon Sep 17 00:00:00 2001
From: Alexey Stupnikov <aleksey.stupnikov@gmail.com>
Date: Thu, 24 Jul 2025 14:50:19 +0200
Subject: [PATCH] network: Add '--project' to SG rule list command

Include '--project' and '--project-domain' filtering options to the
'security group rule list'.

Closes-Bug: #1648317
Change-Id: I19e423906846073cfa1e45b4a295b3a8f5d11970
Signed-off-by: Alexey Stupnikov <aleksey.stupnikov@gmail.com>
---
 .../network/v2/security_group_rule.py         | 17 +++++++
 .../v2/test_security_group_rule_network.py    | 49 +++++++++++++++++++
 .../notes/bug-1648317-2d12dabc357c4d52.yaml   | 10 ++++
 3 files changed, 76 insertions(+)
 create mode 100644 releasenotes/notes/bug-1648317-2d12dabc357c4d52.yaml

diff --git a/openstackclient/network/v2/security_group_rule.py b/openstackclient/network/v2/security_group_rule.py
index 4907fe66d3..6cb0f7fa3c 100644
--- a/openstackclient/network/v2/security_group_rule.py
+++ b/openstackclient/network/v2/security_group_rule.py
@@ -427,6 +427,14 @@ class ListSecurityGroupRule(common.NetworkAndComputeLister):
                 _("**Deprecated** This argument is no longer needed")
             ),
         )
+        parser.add_argument(
+            '--project',
+            metavar='<project>',
+            help=self.enhance_help_neutron(_("Owner's project (name or ID)")),
+        )
+        identity_common.add_project_domain_option_to_parser(
+            parser, enhance_help=self.enhance_help_neutron
+        )
         return parser
 
     def update_parser_compute(self, parser):
@@ -503,6 +511,15 @@ class ListSecurityGroupRule(common.NetworkAndComputeLister):
             query['direction'] = 'egress'
         if parsed_args.protocol is not None:
             query['protocol'] = parsed_args.protocol
+        if parsed_args.project is not None:
+            identity_client = self.app.client_manager.identity
+            project_id = identity_common.find_project(
+                identity_client,
+                parsed_args.project,
+                parsed_args.project_domain,
+            ).id
+            query['tenant_id'] = project_id
+            query['project_id'] = project_id
 
         rules = [
             self._format_network_security_group_rule(r)
diff --git a/openstackclient/tests/unit/network/v2/test_security_group_rule_network.py b/openstackclient/tests/unit/network/v2/test_security_group_rule_network.py
index 34cf12e017..d5630c3684 100644
--- a/openstackclient/tests/unit/network/v2/test_security_group_rule_network.py
+++ b/openstackclient/tests/unit/network/v2/test_security_group_rule_network.py
@@ -1251,6 +1251,55 @@ class TestListSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
         self.assertEqual(self.expected_columns_no_group, columns)
         self.assertEqual(self.expected_data_no_group, list(data))
 
+    def test_list_with_project(self):
+        project = identity_fakes.FakeProject.create_one_project()
+        self._security_group_rule_tcp.port_range_min = 80
+        self.projects_mock.get.return_value = project
+
+        arglist = [
+            '--project',
+            project.id,
+        ]
+        verifylist = [
+            ('project', project.id),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        columns, data = self.cmd.take_action(parsed_args)
+        filters = {'tenant_id': project.id, 'project_id': project.id}
+
+        self.network_client.security_group_rules.assert_called_once_with(
+            **filters
+        )
+        self.assertEqual(self.expected_columns_no_group, columns)
+        self.assertEqual(self.expected_data_no_group, list(data))
+
+    def test_list_with_project_domain(self):
+        project = identity_fakes.FakeProject.create_one_project()
+        self._security_group_rule_tcp.port_range_min = 80
+        self.projects_mock.get.return_value = project
+
+        arglist = [
+            '--project',
+            project.id,
+            '--project-domain',
+            project.domain_id,
+        ]
+        verifylist = [
+            ('project', project.id),
+            ('project_domain', project.domain_id),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        columns, data = self.cmd.take_action(parsed_args)
+        filters = {'tenant_id': project.id, 'project_id': project.id}
+
+        self.network_client.security_group_rules.assert_called_once_with(
+            **filters
+        )
+        self.assertEqual(self.expected_columns_no_group, columns)
+        self.assertEqual(self.expected_data_no_group, list(data))
+
 
 class TestShowSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
     # The security group rule to be shown.
diff --git a/releasenotes/notes/bug-1648317-2d12dabc357c4d52.yaml b/releasenotes/notes/bug-1648317-2d12dabc357c4d52.yaml
new file mode 100644
index 0000000000..ffd1ff90b6
--- /dev/null
+++ b/releasenotes/notes/bug-1648317-2d12dabc357c4d52.yaml
@@ -0,0 +1,10 @@
+---
+features:
+  - |
+    Add ``--project`` and --project-domain`` options to the following network
+    commands:
+
+    - ``openstack security group rule list``
+
+    [Bug `1648317 <https://bugs.launchpad.net/bugs/1648317>`_]
+