Refactor security group rule create to use SDK

Refactored the 'os security group rule create' command to use the SDK when neutron is enabled, but continue to use the nova client when nova network is enabled. Added a release note for the change in security group rules output due to Network v2. Change-Id: I8c6c99d5272ff5d410a449f73d198d834c5cd96e Partial-Bug: #1519512 Implements: blueprint neutron-client
author: Richard Theis <rtheis@us.ibm.com> 2016-03-11 15:30:47 -0600
committer: Richard Theis <rtheis@us.ibm.com> 2016-03-23 09:56:01 -0500
commit: d90650796217fbb9cdd19297ee6ff59f0e009413 (patch)
tree: a49c8c1f3d4dcddf9f6309340b2114ac9154a829 /openstackclient/network
parent: 4b4349ee6821f08fb1483d5281d568081649a0d9 (diff)
download: python-openstackclient-d90650796217fbb9cdd19297ee6ff59f0e009413.tar.gz
1 files changed, 100 insertions, 0 deletions
diff --git a/openstackclient/network/v2/security_group_rule.py b/openstackclient/network/v2/security_group_rule.py
index 9309b326..e0244654 100644
--- a/openstackclient/network/v2/security_group_rule.py
+++ b/openstackclient/network/v2/security_group_rule.py
@@ -16,6 +16,7 @@
 import six
 
 from openstackclient.common import exceptions
+from openstackclient.common import parseractions
 from openstackclient.common import utils
 from openstackclient.network import common
 from openstackclient.network import utils as network_utils
@@ -34,6 +35,105 @@ def _get_columns(item):
     return tuple(sorted(columns))
 
 
+def _convert_to_lowercase(string):
+    return string.lower()
+
+
+class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
+    """Create a new security group rule"""
+
+    def update_parser_common(self, parser):
+        parser.add_argument(
+            'group',
+            metavar='<group>',
+            help='Create rule in this security group (name or ID)',
+        )
+        # TODO(rtheis): Add support for additional protocols for network.
+        # Until then, continue enforcing the compute choices.
+        parser.add_argument(
+            "--proto",
+            metavar="<proto>",
+            default="tcp",
+            choices=['icmp', 'tcp', 'udp'],
+            type=_convert_to_lowercase,
+            help="IP protocol (icmp, tcp, udp; default: tcp)",
+        )
+        source_group = parser.add_mutually_exclusive_group()
+        source_group.add_argument(
+            "--src-ip",
+            metavar="<ip-address>",
+            default="0.0.0.0/0",
+            help="Source IP address block (may use CIDR notation; default: "
+                 "0.0.0.0/0)",
+        )
+        source_group.add_argument(
+            "--src-group",
+            metavar="<group>",
+            help="Source security group (ID only)",
+        )
+        parser.add_argument(
+            "--dst-port",
+            metavar="<port-range>",
+            default=(0, 0),
+            action=parseractions.RangeAction,
+            help="Destination port, may be a single port or port range: "
+                 "137:139 (only required for IP protocols tcp and udp)",
+        )
+        return parser
+
+    def take_action_network(self, client, parsed_args):
+        # Get the security group ID to hold the rule.
+        security_group_id = client.find_security_group(
+            parsed_args.group,
+            ignore_missing=False
+        ).id
+
+        # Build the create attributes.
+        attrs = {}
+        # TODO(rtheis): Add --direction option. Until then, continue
+        # with the default of 'ingress'.
+        attrs['direction'] = 'ingress'
+        # TODO(rtheis): Add --ethertype option. Until then, continue
+        # with the default of 'IPv4'
+        attrs['ethertype'] = 'IPv4'
+        # TODO(rtheis): Add port range support (type and code) for icmp
+        # protocol. Until then, continue ignoring the port range.
+        if parsed_args.proto != 'icmp':
+            attrs['port_range_min'] = parsed_args.dst_port[0]
+            attrs['port_range_max'] = parsed_args.dst_port[1]
+        attrs['protocol'] = parsed_args.proto
+        if parsed_args.src_group is not None:
+            attrs['remote_group_id'] = parsed_args.src_group
+        else:
+            attrs['remote_ip_prefix'] = parsed_args.src_ip
+        attrs['security_group_id'] = security_group_id
+
+        # Create and show the security group rule.
+        obj = client.create_security_group_rule(**attrs)
+        columns = _get_columns(obj)
+        data = utils.get_item_properties(obj, columns)
+        return (columns, data)
+
+    def take_action_compute(self, client, parsed_args):
+        group = utils.find_resource(
+            client.security_groups,
+            parsed_args.group,
+        )
+        if parsed_args.proto == 'icmp':
+            from_port, to_port = -1, -1
+        else:
+            from_port, to_port = parsed_args.dst_port
+        obj = client.security_group_rules.create(
+            group.id,
+            parsed_args.proto,
+            from_port,
+            to_port,
+            parsed_args.src_ip,
+            parsed_args.src_group,
+        )
+        return _format_security_group_rule_show(obj._info)
+
+
 class DeleteSecurityGroupRule(common.NetworkAndComputeCommand):
     """Delete a security group rule"""
author	Richard Theis <rtheis@us.ibm.com>	2016-03-11 15:30:47 -0600
committer	Richard Theis <rtheis@us.ibm.com>	2016-03-23 09:56:01 -0500
commit	d90650796217fbb9cdd19297ee6ff59f0e009413 (patch)
tree	a49c8c1f3d4dcddf9f6309340b2114ac9154a829 /openstackclient/network
parent	4b4349ee6821f08fb1483d5281d568081649a0d9 (diff)
download	python-openstackclient-d90650796217fbb9cdd19297ee6ff59f0e009413.tar.gz