blueprint quantum-security-group
Rule table view
* Add direction and ethertype columns (which are specific to Neutron)
It may be better to hide "Direction" and "Ether Type" columns
unless Quantum security group is enabled.
* Merge ip_protocol/from_port/to_port into one column for better view
* Use "::/0" for IPv6 ANY instead of "0.0.0.0/0"
* Rename "Source" column to "Remote".
(The naming "source" does not fit egress rules)
* Display security group name in the title of rule detail view
Rule creation form
* New arguments 'direction' and 'ethertype' in security_group_rule_create()
* Set the default value of 'direction' to 'ingress' in forms.handle()
* Rename 'ip_protocol' to 'rule_menu' and 'source' to 'remote'
Note that rule_menu is retrieved from rule.ip_protocol in the unit tests
since they are tests for custom TCP/UDP/ICMP rules.
Network abstraction layer for security group management
* Move security group methods to api.network
* Add Neutron security group API implementation
* Move base classes for network abstraction to a separate module
(api/network_base.py) to avoid circulated import between
api.network and api.nova/api.neutron
Add a configuration parameter to control Neutron security group support
* Neutron security group support is enabled when Neutron is enabled and
enable_security_group in OPENSTACK_NEUTRON_NETWORK in settings is True.
* Not all neutron plugins support security group, so we need a way
to control neutron security group is enabled or not.
* It can be determined by supported extension list from Neutron
and it is a possible future work.
Move get_int_or_uuid to openstack_dashboard/utils/filters.
* get_int_or_uuid is now used in security_group implementation as
well as floating IP logics.
* In addition the depth of the directory tree becomes longer and
it is hard to fit the import line in 80 chars.
It is a good chance to move it to a common directory.
Add __repr__ to API**Wrapper to make it easier to debug.
Limitations:
Neutron supports per-port security group. security groups can be
associated with a port instead of an instace and each port can have
a different set of security groups. It is not a scope of this BP
and is a future work.
Change-Id: I5410e88043a364596037b9ebcc566cd50b317614