Merge "Refactor security group rule create to use SDK"

author: Jenkins <jenkins@review.openstack.org> 2016-03-28 09:16:23 +0000
committer: Gerrit Code Review <review@openstack.org> 2016-03-28 09:16:23 +0000
commit: d5596862b1bbd9fa0bcd1aeb8befad7fab4e3d2a (patch)
tree: d393d598b862e9ff422e4ac825f796286889a126 /openstackclient/network
parent: ef1faf77925f70eb9feeb7bb416f4c9257a16bee (diff)
parent: d90650796217fbb9cdd19297ee6ff59f0e009413 (diff)
download: python-openstackclient-d5596862b1bbd9fa0bcd1aeb8befad7fab4e3d2a.tar.gz
1 files changed, 100 insertions, 0 deletions
diff --git a/openstackclient/network/v2/security_group_rule.py b/openstackclient/network/v2/security_group_rule.py
index 9309b326..e0244654 100644
--- a/openstackclient/network/v2/security_group_rule.py
+++ b/openstackclient/network/v2/security_group_rule.py
@@ -16,6 +16,7 @@
 import six
 
 from openstackclient.common import exceptions
+from openstackclient.common import parseractions
 from openstackclient.common import utils
 from openstackclient.network import common
 from openstackclient.network import utils as network_utils
@@ -34,6 +35,105 @@ def _get_columns(item):
     return tuple(sorted(columns))
 
 
+def _convert_to_lowercase(string):
+    return string.lower()
+
+
+class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
+    """Create a new security group rule"""
+
+    def update_parser_common(self, parser):
+        parser.add_argument(
+            'group',
+            metavar='<group>',
+            help='Create rule in this security group (name or ID)',
+        )
+        # TODO(rtheis): Add support for additional protocols for network.
+        # Until then, continue enforcing the compute choices.
+        parser.add_argument(
+            "--proto",
+            metavar="<proto>",
+            default="tcp",
+            choices=['icmp', 'tcp', 'udp'],
+            type=_convert_to_lowercase,
+            help="IP protocol (icmp, tcp, udp; default: tcp)",
+        )
+        source_group = parser.add_mutually_exclusive_group()
+        source_group.add_argument(
+            "--src-ip",
+            metavar="<ip-address>",
+            default="0.0.0.0/0",
+            help="Source IP address block (may use CIDR notation; default: "
+                 "0.0.0.0/0)",
+        )
+        source_group.add_argument(
+            "--src-group",
+            metavar="<group>",
+            help="Source security group (ID only)",
+        )
+        parser.add_argument(
+            "--dst-port",
+            metavar="<port-range>",
+            default=(0, 0),
+            action=parseractions.RangeAction,
+            help="Destination port, may be a single port or port range: "
+                 "137:139 (only required for IP protocols tcp and udp)",
+        )
+        return parser
+
+    def take_action_network(self, client, parsed_args):
+        # Get the security group ID to hold the rule.
+        security_group_id = client.find_security_group(
+            parsed_args.group,
+            ignore_missing=False
+        ).id
+
+        # Build the create attributes.
+        attrs = {}
+        # TODO(rtheis): Add --direction option. Until then, continue
+        # with the default of 'ingress'.
+        attrs['direction'] = 'ingress'
+        # TODO(rtheis): Add --ethertype option. Until then, continue
+        # with the default of 'IPv4'
+        attrs['ethertype'] = 'IPv4'
+        # TODO(rtheis): Add port range support (type and code) for icmp
+        # protocol. Until then, continue ignoring the port range.
+        if parsed_args.proto != 'icmp':
+            attrs['port_range_min'] = parsed_args.dst_port[0]
+            attrs['port_range_max'] = parsed_args.dst_port[1]
+        attrs['protocol'] = parsed_args.proto
+        if parsed_args.src_group is not None:
+            attrs['remote_group_id'] = parsed_args.src_group
+        else:
+            attrs['remote_ip_prefix'] = parsed_args.src_ip
+        attrs['security_group_id'] = security_group_id
+
+        # Create and show the security group rule.
+        obj = client.create_security_group_rule(**attrs)
+        columns = _get_columns(obj)
+        data = utils.get_item_properties(obj, columns)
+        return (columns, data)
+
+    def take_action_compute(self, client, parsed_args):
+        group = utils.find_resource(
+            client.security_groups,
+            parsed_args.group,
+        )
+        if parsed_args.proto == 'icmp':
+            from_port, to_port = -1, -1
+        else:
+            from_port, to_port = parsed_args.dst_port
+        obj = client.security_group_rules.create(
+            group.id,
+            parsed_args.proto,
+            from_port,
+            to_port,
+            parsed_args.src_ip,
+            parsed_args.src_group,
+        )
+        return _format_security_group_rule_show(obj._info)
+
+
 class DeleteSecurityGroupRule(common.NetworkAndComputeCommand):
     """Delete a security group rule"""
author	Jenkins <jenkins@review.openstack.org>	2016-03-28 09:16:23 +0000
committer	Gerrit Code Review <review@openstack.org>	2016-03-28 09:16:23 +0000
commit	d5596862b1bbd9fa0bcd1aeb8befad7fab4e3d2a (patch)
tree	d393d598b862e9ff422e4ac825f796286889a126 /openstackclient/network
parent	ef1faf77925f70eb9feeb7bb416f4c9257a16bee (diff)
parent	d90650796217fbb9cdd19297ee6ff59f0e009413 (diff)
download	python-openstackclient-d5596862b1bbd9fa0bcd1aeb8befad7fab4e3d2a.tar.gz