Low-level Compute v2 API: security group rules

api.compute.APIv2 security group rule functions. novaclient 8.0 is now released without support for the previously deprecated nova-net functions, so include a new low-level REST implementation of the removed APIs. Change-Id: Ieabd61113bc6d3562738686f52bb06aa84fca765
2017-04-07 20:59:58 -05:00
parent 4289ddd47a
commit 1bf6706ad1
6 changed files with 301 additions and 118 deletions
--- a/openstackclient/api/compute_v2.py
+++ b/openstackclient/api/compute_v2.py
@ -19,6 +19,12 @@ from osc_lib import exceptions
 from osc_lib.i18n import _


+# TODO(dtroyer): Mingrate this to osc-lib
+class InvalidValue(Exception):
+    """An argument value is not valid: wrong type, out of range, etc"""
+    message = "Supplied value is not valid"
+
+
 class APIv2(api.BaseAPI):
    """Compute v2 API"""

@ -27,6 +33,29 @@ class APIv2(api.BaseAPI):

    # Overrides

+    def _check_integer(self, value, msg=None):
+        """Attempt to convert value to an integer
+
+        Raises InvalidValue on failure
+
+        :param value:
+            Convert this to an integer.  None is converted to 0 (zero).
+        :param msg:
+            An alternate message for the exception, must include exactly
+            one substitution to receive the attempted value.
+        """
+
+        if value is None:
+            return 0
+
+        try:
+            value = int(value)
+        except (TypeError, ValueError):
+            if not msg:
+                msg = "%s is not an integer" % value
+            raise InvalidValue(msg)
+        return value
+
    # TODO(dtroyer): Override find() until these fixes get into an osc-lib
    #                minimum release
    def find(
@ -209,3 +238,71 @@ class APIv2(api.BaseAPI):
                json={'security_group': security_group},
            ).json()['security_group']
        return None
+
+    # Security Group Rules
+
+    def security_group_rule_create(
+        self,
+        security_group_id=None,
+        ip_protocol=None,
+        from_port=None,
+        to_port=None,
+        remote_ip=None,
+        remote_group=None,
+    ):
+        """Create a new security group rule
+
+        https://developer.openstack.org/api-ref/compute/#create-security-group-rule
+
+        :param string security_group_id:
+            Security group ID
+        :param ip_protocol:
+            IP protocol, 'tcp', 'udp' or 'icmp'
+        :param from_port:
+            Source port
+        :param to_port:
+            Destination port
+        :param remote_ip:
+            Source IP address in CIDR notation
+        :param remote_group:
+            Remote security group
+        """
+
+        url = "/os-security-group-rules"
+
+        if ip_protocol.lower() not in ['icmp', 'tcp', 'udp']:
+            raise InvalidValue(
+                "%(s) is not one of 'icmp', 'tcp', or 'udp'" % ip_protocol
+            )
+
+        params = {
+            'parent_group_id': security_group_id,
+            'ip_protocol': ip_protocol,
+            'from_port': self._check_integer(from_port),
+            'to_port': self._check_integer(to_port),
+            'cidr': remote_ip,
+            'group_id': remote_group,
+        }
+
+        return self.create(
+            url,
+            json={'security_group_rule': params},
+        )['security_group_rule']
+
+    def security_group_rule_delete(
+        self,
+        security_group_rule_id=None,
+    ):
+        """Delete a security group rule
+
+        https://developer.openstack.org/api-ref/compute/#delete-security-group-rule
+
+        :param string security_group_rule_id:
+            Security group rule ID
+        """
+
+        url = "/os-security-group-rules"
+        if security_group_rule_id is not None:
+            return self.delete('/%s/%s' % (url, security_group_rule_id))
+
+        return None