Merge "Add project options to security group rule create"
This commit is contained in:
commit
52a12e743e
@ -18,6 +18,7 @@ Create a new security group rule
|
||||
[--dst-port <port-range>]
|
||||
[--ingress | --egress]
|
||||
[--ethertype <ethertype>]
|
||||
[--project <project> [--project-domain <project-domain>]]
|
||||
<group>
|
||||
|
||||
.. option:: --proto <proto>
|
||||
@ -56,6 +57,19 @@ Create a new security group rule
|
||||
|
||||
*Network version 2 only*
|
||||
|
||||
.. option:: --project <project>
|
||||
|
||||
Owner's project (name or ID)
|
||||
|
||||
*Network version 2 only*
|
||||
|
||||
.. option:: --project-domain <project-domain>
|
||||
|
||||
Domain the project belongs to (name or ID).
|
||||
This can be used in case collisions between project names exist.
|
||||
|
||||
*Network version 2 only*
|
||||
|
||||
.. describe:: <group>
|
||||
|
||||
Create rule in this security group (name or ID)
|
||||
|
@ -23,6 +23,7 @@ except ImportError:
|
||||
from openstackclient.common import exceptions
|
||||
from openstackclient.common import parseractions
|
||||
from openstackclient.common import utils
|
||||
from openstackclient.identity import common as identity_common
|
||||
from openstackclient.network import common
|
||||
from openstackclient.network import utils as network_utils
|
||||
|
||||
@ -120,6 +121,12 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
|
||||
help='Ethertype of network traffic '
|
||||
'(IPv4, IPv6; default: IPv4)',
|
||||
)
|
||||
parser.add_argument(
|
||||
'--project',
|
||||
metavar='<project>',
|
||||
help="Owner's project (name or ID)"
|
||||
)
|
||||
identity_common.add_project_domain_option_to_parser(parser)
|
||||
return parser
|
||||
|
||||
def take_action_network(self, client, parsed_args):
|
||||
@ -159,6 +166,14 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
|
||||
elif attrs['ethertype'] == 'IPv4':
|
||||
attrs['remote_ip_prefix'] = '0.0.0.0/0'
|
||||
attrs['security_group_id'] = security_group_id
|
||||
if parsed_args.project is not None:
|
||||
identity_client = self.app.client_manager.identity
|
||||
project_id = identity_common.find_project(
|
||||
identity_client,
|
||||
parsed_args.project,
|
||||
parsed_args.project_domain,
|
||||
).id
|
||||
attrs['tenant_id'] = project_id
|
||||
|
||||
# Create and show the security group rule.
|
||||
obj = client.create_security_group_rule(**attrs)
|
||||
|
@ -18,6 +18,7 @@ from openstackclient.network import utils as network_utils
|
||||
from openstackclient.network.v2 import security_group_rule
|
||||
from openstackclient.tests.compute.v2 import fakes as compute_fakes
|
||||
from openstackclient.tests import fakes
|
||||
from openstackclient.tests.identity.v3 import fakes as identity_fakes
|
||||
from openstackclient.tests.network.v2 import fakes as network_fakes
|
||||
from openstackclient.tests import utils as tests_utils
|
||||
|
||||
@ -89,6 +90,30 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
|
||||
self.network.find_security_group = mock.Mock(
|
||||
return_value=self._security_group)
|
||||
|
||||
# Set identity client v3. And get a shortcut to Identity client.
|
||||
identity_client = identity_fakes.FakeIdentityv3Client(
|
||||
endpoint=fakes.AUTH_URL,
|
||||
token=fakes.AUTH_TOKEN,
|
||||
)
|
||||
self.app.client_manager.identity = identity_client
|
||||
self.identity = self.app.client_manager.identity
|
||||
|
||||
# Get a shortcut to the ProjectManager Mock
|
||||
self.projects_mock = self.identity.projects
|
||||
self.projects_mock.get.return_value = fakes.FakeResource(
|
||||
None,
|
||||
copy.deepcopy(identity_fakes.PROJECT),
|
||||
loaded=True,
|
||||
)
|
||||
|
||||
# Get a shortcut to the DomainManager Mock
|
||||
self.domains_mock = self.identity.domains
|
||||
self.domains_mock.get.return_value = fakes.FakeResource(
|
||||
None,
|
||||
copy.deepcopy(identity_fakes.DOMAIN),
|
||||
loaded=True,
|
||||
)
|
||||
|
||||
# Get the command object to test
|
||||
self.cmd = security_group_rule.CreateSecurityGroupRule(
|
||||
self.app, self.namespace)
|
||||
@ -231,6 +256,8 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
|
||||
'--dst-port', str(self._security_group_rule.port_range_min),
|
||||
'--egress',
|
||||
'--ethertype', self._security_group_rule.ethertype,
|
||||
'--project', identity_fakes.project_name,
|
||||
'--project-domain', identity_fakes.domain_name,
|
||||
self._security_group.id,
|
||||
]
|
||||
verifylist = [
|
||||
@ -238,6 +265,8 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
|
||||
self._security_group_rule.port_range_max)),
|
||||
('egress', True),
|
||||
('ethertype', self._security_group_rule.ethertype),
|
||||
('project', identity_fakes.project_name),
|
||||
('project_domain', identity_fakes.domain_name),
|
||||
('group', self._security_group.id),
|
||||
]
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
@ -251,6 +280,7 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
|
||||
'port_range_min': self._security_group_rule.port_range_min,
|
||||
'protocol': self._security_group_rule.protocol,
|
||||
'security_group_id': self._security_group.id,
|
||||
'tenant_id': identity_fakes.project_id,
|
||||
})
|
||||
self.assertEqual(tuple(self.expected_columns), columns)
|
||||
self.assertEqual(self.expected_data, data)
|
||||
@ -307,6 +337,17 @@ class TestCreateSecurityGroupRuleCompute(TestSecurityGroupRuleCompute):
|
||||
self.assertRaises(tests_utils.ParserException,
|
||||
self.check_parser, self.cmd, arglist, [])
|
||||
|
||||
def test_create_network_options(self):
|
||||
arglist = [
|
||||
'--ingress',
|
||||
'--ethertype', 'IPv4',
|
||||
'--project', identity_fakes.project_name,
|
||||
'--project-domain', identity_fakes.domain_name,
|
||||
self._security_group.id,
|
||||
]
|
||||
self.assertRaises(tests_utils.ParserException,
|
||||
self.check_parser, self.cmd, arglist, [])
|
||||
|
||||
def test_create_default_rule(self):
|
||||
expected_columns, expected_data = self._setup_security_group_rule()
|
||||
dst_port = str(self._security_group_rule.from_port) + ':' + \
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
features:
|
||||
- Add ``--ingress``, ``--egress``, and ``--ethertype`` options to the
|
||||
``security group rule create`` command for Network v2 only. These
|
||||
options enable ``egress`` and ``IPv6`` security group rules.
|
||||
- Add ``--ingress``, ``--egress``, ``--ethertype``, ``--project``
|
||||
and ``--project-domain`` options to the ``security group rule create``
|
||||
command for Network v2 only. These options enable ``egress`` and
|
||||
``IPv6`` security group rules along with setting the project.
|
||||
[Bug `1519512 <https://bugs.launchpad.net/bugs/1519512>`_]
|
||||
|
Loading…
Reference in New Issue
Block a user