Add "security group rule show" command

Add the "os security group rule show" command which will use
the SDK when neutron is enabled, and use the nova client when
nova network is enabled.

Change-Id: I41efaa4468ec15e4e86d74144cc72edc25a29024
Partial-Bug: #1519512
Implements: blueprint neutron-client

1 files changed, 86 insertions, 0 deletions

diff --git a/openstackclient/network/v2/security_group_rule.py b/openstackclient/network/v2/security_group_rule.py
index beeeaff7..a61e3233 100644
--- a/openstackclient/network/v2/security_group_rule.py
+++ b/openstackclient/network/v2/security_group_rule.py
@@ -13,9 +13,54 @@
 
 """Security Group Rule action implementations"""
 
+import six
+
+from openstackclient.common import exceptions
+from openstackclient.common import utils
 from openstackclient.network import common
 
 
+def _xform_security_group_rule(sgroup):
+    info = {}
+    info.update(sgroup)
+    from_port = info.pop('from_port')
+    to_port = info.pop('to_port')
+    if isinstance(from_port, int) and isinstance(to_port, int):
+        port_range = {'port_range': "%u:%u" % (from_port, to_port)}
+    elif from_port is None and to_port is None:
+        port_range = {'port_range': ""}
+    else:
+        port_range = {'port_range': "%s:%s" % (from_port, to_port)}
+    info.update(port_range)
+    if 'cidr' in info['ip_range']:
+        info['ip_range'] = info['ip_range']['cidr']
+    else:
+        info['ip_range'] = ''
+    if info['ip_protocol'] is None:
+        info['ip_protocol'] = ''
+    elif info['ip_protocol'].lower() == 'icmp':
+        info['port_range'] = ''
+    group = info.pop('group')
+    if 'name' in group:
+        info['remote_security_group'] = group['name']
+    else:
+        info['remote_security_group'] = ''
+    return info
+
+
+def _format_security_group_rule_show(obj):
+    data = _xform_security_group_rule(obj)
+    return zip(*sorted(six.iteritems(data)))
+
+
+def _get_columns(item):
+    columns = item.keys()
+    if 'tenant_id' in columns:
+        columns.remove('tenant_id')
+        columns.append('project_id')
+    return tuple(sorted(columns))
+
+
 class DeleteSecurityGroupRule(common.NetworkAndComputeCommand):
     """Delete a security group rule"""
 
@@ -33,3 +78,44 @@ class DeleteSecurityGroupRule(common.NetworkAndComputeCommand):
 
     def take_action_compute(self, client, parsed_args):
         client.security_group_rules.delete(parsed_args.rule)
+
+
+class ShowSecurityGroupRule(common.NetworkAndComputeShowOne):
+    """Display security group rule details"""
+
+    def update_parser_common(self, parser):
+        parser.add_argument(
+            'rule',
+            metavar="<rule>",
+            help="Security group rule to display (ID only)"
+        )
+        return parser
+
+    def take_action_network(self, client, parsed_args):
+        obj = client.find_security_group_rule(parsed_args.rule,
+                                              ignore_missing=False)
+        columns = _get_columns(obj)
+        data = utils.get_item_properties(obj, columns)
+        return (columns, data)
+
+    def take_action_compute(self, client, parsed_args):
+        # NOTE(rtheis): Unfortunately, compute does not have an API
+        # to get or list security group rules so parse through the
+        # security groups to find all accessible rules in search of
+        # the requested rule.
+        obj = None
+        security_group_rules = []
+        for security_group in client.security_groups.list():
+            security_group_rules.extend(security_group.rules)
+        for security_group_rule in security_group_rules:
+            if parsed_args.rule == str(security_group_rule.get('id')):
+                obj = security_group_rule
+                break
+
+        if obj is None:
+            msg = "Could not find security group rule " \
+                  "with ID %s" % parsed_args.rule
+            raise exceptions.CommandError(msg)
+
+        # NOTE(rtheis): Format security group rule
+        return _format_security_group_rule_show(obj)