Refactored the 'os security group rule create' command to use the
SDK when neutron is enabled, but continue to use the nova client
when nova network is enabled.
Added a release note for the change in security group rules output
due to Network v2.
Change-Id: I8c6c99d5272ff5d410a449f73d198d834c5cd96e
Partial-Bug: #1519512
Implements: blueprint neutron-client
Refactored the 'os security group create' command to use the SDK
when neutron is enabled, but continue to use the nova client
when nova network is enabled.
Added a release note for the change in security group rules output
due to Network v2. The tenant_id column name was fixed to align
with the 'os security group show' command.
Change-Id: Ib29df42edcddcc73a123fff6a64743a6bfcb7fbf
Partial-Bug: #1519511
Implements: blueprint neutron-client
Refactored the 'os security group show' command to use the SDK
when neutron is enabled, but continue to use the nova client
when nova network is enabled.
Added a release note for the change in security group rules output
due to Network v2. The column names remain unchanged to maintain
backwards compatibility.
Change-Id: I25233ddb8115d18b8b88affb3de13346084a339d
Partial-Bug: #1519511
Implements: blueprint neutron-client
Refactored the 'os security group set' command to use the SDK
when neutron is enabled, but continue to use the nova client
when nova network is enabled.
This patch set also fixes a compute bug which ignores name
and description when set to an empty value.
Change-Id: I4225179dca4aedf799e1656ec49236bdedc5e9bd
Partial-Bug: #1519511
Implements: blueprint neutron-client
Refactored the 'os security group list' command to use the SDK
when neutron is enabled, but continue to use the nova client
when nova network is enabled.
This refactor also removes the logic for displaying project names
instead of project IDs when the --all-projects option is specified.
This logic was removed because it is inconsistent with the other
network commands.
Since neutron will always display security groups across all
projects for an admin, the --all-projects option is now hidden
when neutron is enabled and the Project column is always
displayed.
Change-Id: I934a1f5084ef3c5f929d0ffd38ebf5064d799941
Partial-Bug: #1519511
Related-to: blueprint neutron-client
Refactored the 'os security group rule delete' command to use the
SDK when neutron is enabled, but continue to use the nova client
when nova network is enabled.
This patch set also introduces new FakeSecurityGroupRule classes
for testing network and compute security group rules. And fixes
were made to the network FakeSecurityGroup class.
Change-Id: I8d0917925aa464e8255defae95a2a2adfb6cfb75
Partial-Bug: #1519512
Related-to: blueprint neutron-client
Refactored the 'os security group delete' command to use the SDK
when neutron is enabled, but continue to use the nova client when
nova network is enabled.
This patch set introduces a new NetworkAndComputeCommand class
to be used for commands that must support neutron and nova network.
The new class allows both the parser and actions to be unique.
The current DeleteSecurityGroup class is now a subclass of this
new class and has moved under the network v2 commands.
This patch set also introduces a new FakeSecurityGroup class for
testing security groups.
And finally, this patch set updates the command documentation
for security group and security group rule to indicate that
Network v2 is also used.
Change-Id: Ic21376b86b40cc6d97f360f3760ba5beed154537
Partial-Bug: #1519511
Related-to: blueprint neutron-client
Previously each command logs take_action parameters explicitly
by using @utils.log_method decorator or log.debug().
Some commands have no logging.
This commit calls a logger in the base class and
drops all logging definition from individual commands.
Closes-Bug: #1532294
Change-Id: I43cd0290a4353c68c075bade9571c940733da1be
Improve the security group rules output when running the
"os security group show" command. Empty and duplicate
information for each security group rule is now removed.
This will ensure that the rules remain readable when
direction and ethertype information is returned as part
of the transition to neutron networking.
Change-Id: Ib49c27a9d7f4d5d38ceb2b0d785ddf94d88b2d89
Partial-Bug: #1519511
Related-To: blueprint neutron-client
Both nova and neutron allow security group rules to be listed without
specifying the owning security group. This patch set makes the
group argument on 'os security group rule list' optional. Behavior
is unchanged when the argument is specified. When the argument is
not specified then all accessible security group rules will be listed.
The listing will include the owning security group for each rule.
Change-Id: I6914baecf70a65354e1e82dad92c6afbd32b4973
Related-Bug: #1519512
The 'security group rule list' command was updated to display the
remote security group name for a security group rule. This was done
via a new 'Remote Security Group' column. The output of the
'security group rule create' and 'security group show' commands was
also updated to include 'remote_security_group' information instead
of the raw 'group' information returned from the API layer.
Change-Id: I5f9600338c8331966d2c658109a24b502c538106
Closes-Bug: #1520003
The 'security group rule create' command was updated to support a
source security group. Now either a source IP address block or source
security group can be specified when creating a rule. The default
remains the same.
Change-Id: If57de2871810caddeeaee96482eb34146968e173
Closes-Bug: #1522969
* Change session imports to keystoneauth1
* Change keystoneclient.exception imports to keystoneauth1
* Change exceptions raised from internal API from keystoneclient to openstack.common
Change-Id: I046d89f561d6fe04baae53726f9749d2e7fe2056
Per comment in [1], refactor the security group class names to
be in alphabetical order.
[1] https://review.openstack.org/#/c/249223
Change-Id: If28a153cdab57c0659ff5c78b276766d4043467f
Add missing command list documentation for the 'security group'
and 'security group rule' commands. In addition, update the
command description and argument help to fix minor issues and
use consistent terminology.
Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132
The Compute API requires 'from_port' and 'to_port' to be -1 for
ICMP security group rules. It happily accepts them empty or None
but the resulting rules do not work. So we force the values for
ICMP rules.
Closes-bug: #1477629
Change-Id: Iba57211014caca16be7c9a28d15d4db2a6c51b8d
Instead of duplicating the same log statement throughout
the code, the same logic can be provided by a shared decorator
that abstracts away the logging capability and unifies it behind
a common function instead.
Change-Id: Icc63bced7347c8bbf0299a4c5821425a10892a79
Security group list command tries to get a project list and
this may fail with a multitude of exceptions including but
not limited to 401, 404, ConnectionRefused and EndpointNotFound.
Rather than try to capture every possibility, this patch just
catches the base class. Converting project ids to names is
less important than having a working security group list command.
Change-Id: I68214d2680bad907f9d04ad3ca2f62cf3feee028
Closes-Bug: #1459629
By default the --dst-port value is set to None when no --dst-port
argument is provided. By making the default value (0, 0), this allows
novaclient to proceed without any error.
Change-Id: Ibb58f5df5ed1890a8f499dd2467b12b0e79d547b
Closes-Bug: #1443963
--description is optional in our CLI but the server requires it to be
non-empty. Set a default value of the given name.
Closes-Bug: #1434172
Change-Id: I81507a77ad8d815000ff411784ae71e229c77f78
Update help message for openstack security group rule delete
Update help message for openstack security group rule list
Change-Id: I017ffd424ca25b6c62193b91068eb1ba7de6c919
Closes-Bug: #1417854
As of 2.21.0 novaclient moved all of the v1_1 classes to v2 with a
deprecation warning. The version-non-specific interfaces provided in
novaclient.client are insufficient to support a few specific commands in
OSC so we need to conditionally import directly from the correct classes.
Closes-Bug: #1418024
Change-Id: I864b1908737803069dc1419c9cbca391b985c932
The keystoneclient.openstack.common directory is where we sync files
from oslo incubator. It is not a public directory and should not be
being consumed by openstackclient.
Change-Id: I011bb95c2c824e2dbc4b822ca922ae77b8d9b955
Non-admin users couldn't list security groups due to the project lookup
failure. That shouldn't stop the listing.
Change-Id: I27f6ff4975b35d1de1c852c8d4e830b83c7dec75
There are files containing string format arguments inside
logging messages. Using logging function parameters should
be preferred.
Change-Id: Ic749ac9eb55564ed631d57055a5a4dfc3aebd169
* port range was throwing exception for None to/from ports
* ip_range didn't always have cidr causing error
* ip_protocol None at times and looked bad
Closes-Bug #1256935
Change-Id: I451a0f038a3e9646bca3f278c5d6f6d7e3097a83
* Add security group: create, delete, list, set, show
* Add server: add secgroup, remove secgroup
* Add security group rule: create, delete, list
* Add Oslo's strutils and gettextutils
* Adds parseractions.RangeAction() to handle option arguments of either a single number
or a range of numbers: '--port 25' or '--port 1024:65535'
Blueprint: nova-client
Change-Id: Iad2de1b273ba29197709fc4c6a1036b4ae99725f
