From e01e59caeb56cb7bf4f38403b82d0a265b163098 Mon Sep 17 00:00:00 2001
From: Hang Yang <hangyang@verizonmedia.com>
Date: Wed, 14 Oct 2020 11:35:22 -0500
Subject: Support remote-address-group in SG rules

Add support for using remote-address-group in security group rules.

Change-Id: Ib1972244d484839943bc3cda07519a6c6d4b945a
Implements: blueprint address-groups-in-sg-rules
Depends-On: https://review.opendev.org/755644
---
 openstackclient/network/v2/security_group_rule.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'openstackclient/network')

diff --git a/openstackclient/network/v2/security_group_rule.py b/openstackclient/network/v2/security_group_rule.py
index a7703933..17241ed2 100644
--- a/openstackclient/network/v2/security_group_rule.py
+++ b/openstackclient/network/v2/security_group_rule.py
@@ -126,6 +126,12 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
             metavar="<group>",
             help=_("Remote security group (name or ID)"),
         )
+        if self.is_neutron:
+            remote_group.add_argument(
+                "--remote-address-group",
+                metavar="<group>",
+                help=_("Remote address group (name or ID)"),
+            )
 
         # NOTE(efried): The --dst-port, --protocol, and --proto options exist
         # for both nova-network and neutron, but differ slightly. For the sake
@@ -328,6 +334,11 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
                 parsed_args.remote_group,
                 ignore_missing=False
             ).id
+        elif parsed_args.remote_address_group is not None:
+            attrs['remote_address_group_id'] = client.find_address_group(
+                parsed_args.remote_address_group,
+                ignore_missing=False
+            ).id
         elif parsed_args.remote_ip is not None:
             attrs['remote_ip_prefix'] = parsed_args.remote_ip
         elif attrs['ethertype'] == 'IPv4':
@@ -507,6 +518,8 @@ class ListSecurityGroupRule(common.NetworkAndComputeLister):
             'Direction',
             'Remote Security Group',
         )
+        if self.is_neutron:
+            column_headers = column_headers + ('Remote Address Group',)
         if parsed_args.group is None:
             column_headers = column_headers + ('Security Group',)
         return column_headers
@@ -526,6 +539,7 @@ class ListSecurityGroupRule(common.NetworkAndComputeLister):
             'port_range',
             'direction',
             'remote_group_id',
+            'remote_address_group_id',
         )
 
         # Get the security group rules using the requested query.
-- 
cgit v1.2.1