Merge "Add project options to security group rule create"

This commit is contained in:
Jenkins 2016-04-14 21:45:03 +00:00 committed by Gerrit Code Review
commit 52a12e743e
4 changed files with 74 additions and 3 deletions

View File

@ -18,6 +18,7 @@ Create a new security group rule
[--dst-port <port-range>]
[--ingress | --egress]
[--ethertype <ethertype>]
[--project <project> [--project-domain <project-domain>]]
<group>
.. option:: --proto <proto>
@ -56,6 +57,19 @@ Create a new security group rule
*Network version 2 only*
.. option:: --project <project>
Owner's project (name or ID)
*Network version 2 only*
.. option:: --project-domain <project-domain>
Domain the project belongs to (name or ID).
This can be used in case collisions between project names exist.
*Network version 2 only*
.. describe:: <group>
Create rule in this security group (name or ID)

View File

@ -23,6 +23,7 @@ except ImportError:
from openstackclient.common import exceptions
from openstackclient.common import parseractions
from openstackclient.common import utils
from openstackclient.identity import common as identity_common
from openstackclient.network import common
from openstackclient.network import utils as network_utils
@ -120,6 +121,12 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
help='Ethertype of network traffic '
'(IPv4, IPv6; default: IPv4)',
)
parser.add_argument(
'--project',
metavar='<project>',
help="Owner's project (name or ID)"
)
identity_common.add_project_domain_option_to_parser(parser)
return parser
def take_action_network(self, client, parsed_args):
@ -159,6 +166,14 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
elif attrs['ethertype'] == 'IPv4':
attrs['remote_ip_prefix'] = '0.0.0.0/0'
attrs['security_group_id'] = security_group_id
if parsed_args.project is not None:
identity_client = self.app.client_manager.identity
project_id = identity_common.find_project(
identity_client,
parsed_args.project,
parsed_args.project_domain,
).id
attrs['tenant_id'] = project_id
# Create and show the security group rule.
obj = client.create_security_group_rule(**attrs)

View File

@ -18,6 +18,7 @@ from openstackclient.network import utils as network_utils
from openstackclient.network.v2 import security_group_rule
from openstackclient.tests.compute.v2 import fakes as compute_fakes
from openstackclient.tests import fakes
from openstackclient.tests.identity.v3 import fakes as identity_fakes
from openstackclient.tests.network.v2 import fakes as network_fakes
from openstackclient.tests import utils as tests_utils
@ -89,6 +90,30 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
self.network.find_security_group = mock.Mock(
return_value=self._security_group)
# Set identity client v3. And get a shortcut to Identity client.
identity_client = identity_fakes.FakeIdentityv3Client(
endpoint=fakes.AUTH_URL,
token=fakes.AUTH_TOKEN,
)
self.app.client_manager.identity = identity_client
self.identity = self.app.client_manager.identity
# Get a shortcut to the ProjectManager Mock
self.projects_mock = self.identity.projects
self.projects_mock.get.return_value = fakes.FakeResource(
None,
copy.deepcopy(identity_fakes.PROJECT),
loaded=True,
)
# Get a shortcut to the DomainManager Mock
self.domains_mock = self.identity.domains
self.domains_mock.get.return_value = fakes.FakeResource(
None,
copy.deepcopy(identity_fakes.DOMAIN),
loaded=True,
)
# Get the command object to test
self.cmd = security_group_rule.CreateSecurityGroupRule(
self.app, self.namespace)
@ -231,6 +256,8 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
'--dst-port', str(self._security_group_rule.port_range_min),
'--egress',
'--ethertype', self._security_group_rule.ethertype,
'--project', identity_fakes.project_name,
'--project-domain', identity_fakes.domain_name,
self._security_group.id,
]
verifylist = [
@ -238,6 +265,8 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
self._security_group_rule.port_range_max)),
('egress', True),
('ethertype', self._security_group_rule.ethertype),
('project', identity_fakes.project_name),
('project_domain', identity_fakes.domain_name),
('group', self._security_group.id),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -251,6 +280,7 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
'port_range_min': self._security_group_rule.port_range_min,
'protocol': self._security_group_rule.protocol,
'security_group_id': self._security_group.id,
'tenant_id': identity_fakes.project_id,
})
self.assertEqual(tuple(self.expected_columns), columns)
self.assertEqual(self.expected_data, data)
@ -307,6 +337,17 @@ class TestCreateSecurityGroupRuleCompute(TestSecurityGroupRuleCompute):
self.assertRaises(tests_utils.ParserException,
self.check_parser, self.cmd, arglist, [])
def test_create_network_options(self):
arglist = [
'--ingress',
'--ethertype', 'IPv4',
'--project', identity_fakes.project_name,
'--project-domain', identity_fakes.domain_name,
self._security_group.id,
]
self.assertRaises(tests_utils.ParserException,
self.check_parser, self.cmd, arglist, [])
def test_create_default_rule(self):
expected_columns, expected_data = self._setup_security_group_rule()
dst_port = str(self._security_group_rule.from_port) + ':' + \

View File

@ -1,6 +1,7 @@
---
features:
- Add ``--ingress``, ``--egress``, and ``--ethertype`` options to the
``security group rule create`` command for Network v2 only. These
options enable ``egress`` and ``IPv6`` security group rules.
- Add ``--ingress``, ``--egress``, ``--ethertype``, ``--project``
and ``--project-domain`` options to the ``security group rule create``
command for Network v2 only. These options enable ``egress`` and
``IPv6`` security group rules along with setting the project.
[Bug `1519512 <https://bugs.launchpad.net/bugs/1519512>`_]