Low-level Compute v2 API: security group rules

api.compute.APIv2 security group rule functions.

novaclient 8.0 is now released without support for the previously
deprecated nova-net functions, so include a new low-level REST
implementation of the removed APIs.

Change-Id: Ieabd61113bc6d3562738686f52bb06aa84fca765

1 files changed, 97 insertions, 0 deletions

diff --git a/openstackclient/api/compute_v2.py b/openstackclient/api/compute_v2.py
index 3bf3a0d8..065121fc 100644
--- a/openstackclient/api/compute_v2.py
+++ b/openstackclient/api/compute_v2.py
@@ -19,6 +19,12 @@ from osc_lib import exceptions
 from osc_lib.i18n import _
 
 
+# TODO(dtroyer): Mingrate this to osc-lib
+class InvalidValue(Exception):
+    """An argument value is not valid: wrong type, out of range, etc"""
+    message = "Supplied value is not valid"
+
+
 class APIv2(api.BaseAPI):
     """Compute v2 API"""
 
@@ -27,6 +33,29 @@ class APIv2(api.BaseAPI):
 
     # Overrides
 
+    def _check_integer(self, value, msg=None):
+        """Attempt to convert value to an integer
+
+        Raises InvalidValue on failure
+
+        :param value:
+            Convert this to an integer.  None is converted to 0 (zero).
+        :param msg:
+            An alternate message for the exception, must include exactly
+            one substitution to receive the attempted value.
+        """
+
+        if value is None:
+            return 0
+
+        try:
+            value = int(value)
+        except (TypeError, ValueError):
+            if not msg:
+                msg = "%s is not an integer" % value
+            raise InvalidValue(msg)
+        return value
+
     # TODO(dtroyer): Override find() until these fixes get into an osc-lib
     #                minimum release
     def find(
@@ -209,3 +238,71 @@ class APIv2(api.BaseAPI):
                 json={'security_group': security_group},
             ).json()['security_group']
         return None
+
+    # Security Group Rules
+
+    def security_group_rule_create(
+        self,
+        security_group_id=None,
+        ip_protocol=None,
+        from_port=None,
+        to_port=None,
+        remote_ip=None,
+        remote_group=None,
+    ):
+        """Create a new security group rule
+
+        https://developer.openstack.org/api-ref/compute/#create-security-group-rule
+
+        :param string security_group_id:
+            Security group ID
+        :param ip_protocol:
+            IP protocol, 'tcp', 'udp' or 'icmp'
+        :param from_port:
+            Source port
+        :param to_port:
+            Destination port
+        :param remote_ip:
+            Source IP address in CIDR notation
+        :param remote_group:
+            Remote security group
+        """
+
+        url = "/os-security-group-rules"
+
+        if ip_protocol.lower() not in ['icmp', 'tcp', 'udp']:
+            raise InvalidValue(
+                "%(s) is not one of 'icmp', 'tcp', or 'udp'" % ip_protocol
+            )
+
+        params = {
+            'parent_group_id': security_group_id,
+            'ip_protocol': ip_protocol,
+            'from_port': self._check_integer(from_port),
+            'to_port': self._check_integer(to_port),
+            'cidr': remote_ip,
+            'group_id': remote_group,
+        }
+
+        return self.create(
+            url,
+            json={'security_group_rule': params},
+        )['security_group_rule']
+
+    def security_group_rule_delete(
+        self,
+        security_group_rule_id=None,
+    ):
+        """Delete a security group rule
+
+        https://developer.openstack.org/api-ref/compute/#delete-security-group-rule
+
+        :param string security_group_rule_id:
+            Security group rule ID
+        """
+
+        url = "/os-security-group-rules"
+        if security_group_rule_id is not None:
+            return self.delete('/%s/%s' % (url, security_group_rule_id))
+
+        return None