Add new SG rule ext. ``security-groups-rules-belongs-to-default-sg``

Added a new API extension ``security-groups-rules-belongs-to-default-sg`` that adds a new read only field ``belongs_to_default_sg`` in the security group rules. This flag determines if this security group rule belongs to the project's default security group. Related-Bug: #2019960 Change-Id: Ibd8f57d82b28f5cdb8874f1ae22cb35adcd8e880
2023-05-23 01:53:00 +02:00 · 2023-05-23 01:53:00 +02:00 · 7da72b7f2d
parent c5ca1ddf42
commit 7da72b7f2d
13 changed files with 135 additions and 17 deletions
--- a/api-ref/source/v2/parameters.yaml
+++ b/api-ref/source/v2/parameters.yaml
@ -6316,6 +6316,13 @@ security_group_rule:
  in: body
  required: true
  type: object
+security_group_rule-belongs-to-default-sg:
+  description: |
+    Indicates if the security group rule belongs to the default security
+    group of the project or not.
+  in: body
+  required: true
+  type: boolean
 security_group_rule-id:
  description: |
    The ID of the security group rule.
--- a/api-ref/source/v2/samples/security-groups/security-group-create-response.json
+++ b/api-ref/source/v2/samples/security-groups/security-group-create-response.json
@ -21,7 +21,8 @@
                "revisio[n_number": 1,
                "tags": ["tag1,tag2"],
                "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
-                "description": ""
+                "description": "",
+                "belongs_to_default_sg": false
            },
            {
                "direction": "egress",
@ -39,7 +40,8 @@
                "revision_number": 1,
                "tags": ["tag1,tag2"],
                "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
-                "description": ""
+                "description": "",
+                "belongs_to_default_sg": false
            }
        ],
        "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
--- a/api-ref/source/v2/samples/security-groups/security-group-rule-create-response.json
+++ b/api-ref/source/v2/samples/security-groups/security-group-rule-create-response.json
@ -14,6 +14,7 @@
        "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
        "created_at": "2018-03-19T19:16:56Z",
        "updated_at": "2018-03-19T19:16:56Z",
-        "description": ""
+        "description": "",
+        "belongs_to_default_sg": false
    }
 }
--- a/api-ref/source/v2/samples/security-groups/security-group-rule-show-response.json
+++ b/api-ref/source/v2/samples/security-groups/security-group-rule-show-response.json
@ -13,6 +13,7 @@
        "updated_at": "2018-03-19T19:16:56Z",
        "security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
        "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
-        "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
+        "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
+        "belongs_to_default_sg": false
    }
 }
--- a/api-ref/source/v2/samples/security-groups/security-group-rules-list-response.json
+++ b/api-ref/source/v2/samples/security-groups/security-group-rules-list-response.json
@ -15,7 +15,8 @@
            "created_at": "2018-03-19T19:16:56Z",
            "updated_at": "2018-03-19T19:16:56Z",
            "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
-            "description": ""
+            "description": "",
+            "belongs_to_default_sg": false
        },
        {
            "direction": "egress",
@ -32,7 +33,8 @@
            "created_at": "2018-03-19T19:16:56Z",
            "updated_at": "2018-03-19T19:16:56Z",
            "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
-            "description": ""
+            "description": "",
+            "belongs_to_default_sg": false
        },
        {
            "direction": "ingress",
@ -49,7 +51,8 @@
            "created_at": "2018-03-19T19:16:56Z",
            "updated_at": "2018-03-19T19:16:56Z",
            "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
-            "description": ""
+            "description": "",
+            "belongs_to_default_sg": false
        },
        {
            "direction": "ingress",
@ -66,7 +69,8 @@
            "created_at": "2018-03-19T19:16:56Z",
            "updated_at": "2018-03-19T19:16:56Z",
            "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
-            "description": ""
+            "description": "",
+            "belongs_to_default_sg": false
        }
    ]
 }
--- a/api-ref/source/v2/samples/security-groups/security-group-show-response.json
+++ b/api-ref/source/v2/samples/security-groups/security-group-show-response.json
@ -20,7 +20,8 @@
                "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
                "created_at": "2018-03-19T19:16:56Z",
                "updated_at": "2018-03-19T19:16:56Z",
-                "description": ""
+                "description": "",
+                "belongs_to_default_sg": false
            },
            {
                "direction": "egress",
@ -38,7 +39,8 @@
                "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
                "created_at": "2018-03-19T19:16:56Z",
                "updated_at": "2018-03-19T19:16:56Z",
-                "description": ""
+                "description": "",
+                "belongs_to_default_sg": false
            },
            {
                "direction": "ingress",
@ -56,7 +58,8 @@
                "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
                "created_at": "2018-03-19T19:16:56Z",
                "updated_at": "2018-03-19T19:16:56Z",
-                "description": ""
+                "description": "",
+                "belongs_to_default_sg": false
            },
            {
                "direction": "ingress",
@ -74,7 +77,8 @@
                "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
                "created_at": "2018-03-19T19:16:56Z",
                "updated_at": "2018-03-19T19:16:56Z",
-                "description": ""
+                "description": "",
+                "belongs_to_default_sg": false
            }
        ],
        "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
--- a/api-ref/source/v2/samples/security-groups/security-group-update-response.json
+++ b/api-ref/source/v2/samples/security-groups/security-group-update-response.json
@ -11,6 +11,7 @@
        "description": "my security group",
        "tags": ["tag1,tag2"],
        "stateful": true,
-        "shared": false
+        "shared": false,
+        "belongs_to_default_sg": false
    }
 }
--- a/api-ref/source/v2/samples/security-groups/security-groups-list-response.json
+++ b/api-ref/source/v2/samples/security-groups/security-groups-list-response.json
@ -21,7 +21,8 @@
                    "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
                    "created_at": "2018-03-19T19:16:56Z",
                    "updated_at": "2018-03-19T19:16:56Z",
-                    "description": ""
+                    "description": "",
+                    "belongs_to_default_sg": false
                },
                {
                    "direction": "egress",
@ -39,7 +40,8 @@
                    "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
                    "created_at": "2018-03-19T19:16:56Z",
                    "updated_at": "2018-03-19T19:16:56Z",
-                    "description": ""
+                    "description": "",
+                    "belongs_to_default_sg": false
                },
                {
                    "direction": "ingress",
@ -57,7 +59,8 @@
                    "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
                    "created_at": "2018-03-19T19:16:56Z",
                    "updated_at": "2018-03-19T19:16:56Z",
-                    "description": ""
+                    "description": "",
+                    "belongs_to_default_sg": false
                },
                {
                    "direction": "ingress",
@ -75,7 +78,8 @@
                    "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
                    "created_at": "2018-03-19T19:16:56Z",
                    "updated_at": "2018-03-19T19:16:56Z",
-                    "description": ""
+                    "description": "",
+                    "belongs_to_default_sg": false
                }
            ],
            "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
--- a/api-ref/source/v2/security-group-rules.inc
+++ b/api-ref/source/v2/security-group-rules.inc
@ -15,6 +15,12 @@ Resource timestamps
 The ``standard-attr-timestamp`` extension adds the ``created_at`` and
 ``updated_at`` attributes to all resources that have standard attributes.

+Belongs to the project's default security group
+===============================================
+
+This read only flag determines if the security group rule belongs to the
+project default security group. Is a syntethic field set by the server.
+
 List security group rules
 =========================

@ -77,6 +83,7 @@ Response Parameters
   - revision_number: revision_number
   - id: security_group_rule-id
   - description: description
+   - belongs_to_default_sg: security_group_rule-belongs-to-default-sg

 Response Example
 ----------------
@ -138,6 +145,7 @@ Response Parameters
   - revision_number: revision_number
   - id: security_group_rule-id
   - description: description
+   - belongs_to_default_sg: security_group_rule-belongs-to-default-sg

 Response Example
 ----------------
@ -189,6 +197,7 @@ Response Parameters
   - revision_number: revision_number
   - id: security_group_rule-id
   - description: description
+   - belongs_to_default_sg: security_group_rule-belongs-to-default-sg

 Response Example
 ----------------
--- a/neutron_lib/api/definitions/init.py
+++ b/neutron_lib/api/definitions/init.py
@ -131,6 +131,8 @@ from neutron_lib.api.definitions import routerservicetype
 from neutron_lib.api.definitions import security_groups_normalized_cidr
 from neutron_lib.api.definitions import security_groups_port_filtering
 from neutron_lib.api.definitions import security_groups_remote_address_group
+from neutron_lib.api.definitions import \
+    security_groups_rules_belongs_to_default_sg
 from neutron_lib.api.definitions import security_groups_shared_filtering
 from neutron_lib.api.definitions import segment
 from neutron_lib.api.definitions import segments_peer_subnet_host_routes
@ -282,6 +284,7 @@ _ALL_API_DEFINITIONS = {
    security_groups_normalized_cidr,
    security_groups_port_filtering,
    security_groups_remote_address_group,
+    security_groups_rules_belongs_to_default_sg,
    security_groups_shared_filtering,
    segment,
    segments_peer_subnet_host_routes,
--- a/neutron_lib/api/definitions/security_groups_rules_belongs_to_default_sg.py
+++ b/neutron_lib/api/definitions/security_groups_rules_belongs_to_default_sg.py
@ -0,0 +1,52 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from neutron_lib.api import converters
+
+
+ALIAS = 'security-groups-rules-belongs-to-default-sg'
+IS_SHIM_EXTENSION = False
+IS_STANDARD_ATTR_EXTENSION = False
+NAME = "Security group rule belongs to the project's default security group"
+DESCRIPTION = ("Flag to determine if the security group rule belongs to the "
+               "project's default security group")
+UPDATED_TIMESTAMP = '2023-05-23T10:00:00-00:00'
+BELONGS_TO_DEFAULT_SG = 'belongs_to_default_sg'
+
+RESOURCE_ATTRIBUTE_MAP = {
+    'security_group_rules': {
+        BELONGS_TO_DEFAULT_SG: {
+            'allow_post': False,
+            'allow_put': False,
+            'convert_to': converters.convert_to_boolean_if_not_none,
+            'is_visible': True,
+            'is_filter': True,
+            'is_sort_key': False,
+        },
+    }
+}
+
+SUB_RESOURCE_ATTRIBUTE_MAP = {
+}
+
+ACTION_MAP = {
+}
+
+ACTION_STATUS = {
+}
+
+REQUIRED_EXTENSIONS = [
+    'security-group'
+]
+
+OPTIONAL_EXTENSIONS = [
+]
--- a/neutron_lib/tests/unit/api/definitions/test_security_groups_rules_belongs_to_default_sg.py
+++ b/neutron_lib/tests/unit/api/definitions/test_security_groups_rules_belongs_to_default_sg.py
@ -0,0 +1,23 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from neutron_lib.api.definitions import \
+    security_groups_rules_belongs_to_default_sg
+from neutron_lib.tests.unit.api.definitions import base
+
+
+class SecurityGroupsRulesBelongsToDefaultSgTestCase(
+        base.DefinitionBaseTestCase):
+
+    extension_module = security_groups_rules_belongs_to_default_sg
+    extension_resources = ('security_group_rules',)
+    extension_attributes = ('belongs_to_default_sg',)
--- a/releasenotes/notes/add-extension-security-groups-rules-belongs-to-default-sg-36a5ac28831101e6.yaml
+++ b/releasenotes/notes/add-extension-security-groups-rules-belongs-to-default-sg-36a5ac28831101e6.yaml
@ -0,0 +1,7 @@
+---
+features:
+  - |
+    Add new API extension ``security-groups-rules-belongs-to-default-sg`` that
+    adds a new read only field ``belongs_to_default_sg`` in the security group
+    rules. This flag determines if this security group rule belongs to the
+    project's default security group.