Add project options to security group rule create

Add the --project and --project-domain options to the 'os security group rule create' command. These options are for Network v2 only. Change-Id: Ie3e136be076f0f2c22fbe7048d1d6eaebf5aa655 Partial-Bug: #1519512 Implements: blueprint neutron-client
2016-04-04 16:20:20 -05:00 · 2016-04-04 16:20:20 -05:00 · a5a9caea2b
parent 3a3f33b926
commit a5a9caea2b
4 changed files with 74 additions and 3 deletions
--- a/doc/source/command-objects/security-group-rule.rst
+++ b/doc/source/command-objects/security-group-rule.rst
@ -18,6 +18,7 @@ Create a new security group rule
        [--dst-port <port-range>]
        [--ingress | --egress]
        [--ethertype <ethertype>]
+        [--project <project> [--project-domain <project-domain>]]
        <group>

 .. option:: --proto <proto>
@ -56,6 +57,19 @@ Create a new security group rule

    *Network version 2 only*

+.. option:: --project <project>
+
+    Owner's project (name or ID)
+
+    *Network version 2 only*
+
+.. option:: --project-domain <project-domain>
+
+    Domain the project belongs to (name or ID).
+    This can be used in case collisions between project names exist.
+
+    *Network version 2 only*
+
 .. describe:: <group>

    Create rule in this security group (name or ID)
--- a/openstackclient/network/v2/security_group_rule.py
+++ b/openstackclient/network/v2/security_group_rule.py
@ -23,6 +23,7 @@ except ImportError:
 from openstackclient.common import exceptions
 from openstackclient.common import parseractions
 from openstackclient.common import utils
+from openstackclient.identity import common as identity_common
 from openstackclient.network import common
 from openstackclient.network import utils as network_utils

@ -120,6 +121,12 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
            help='Ethertype of network traffic '
                 '(IPv4, IPv6; default: IPv4)',
        )
+        parser.add_argument(
+            '--project',
+            metavar='<project>',
+            help="Owner's project (name or ID)"
+        )
+        identity_common.add_project_domain_option_to_parser(parser)
        return parser

    def take_action_network(self, client, parsed_args):
@ -159,6 +166,14 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
        elif attrs['ethertype'] == 'IPv4':
            attrs['remote_ip_prefix'] = '0.0.0.0/0'
        attrs['security_group_id'] = security_group_id
+        if parsed_args.project is not None:
+            identity_client = self.app.client_manager.identity
+            project_id = identity_common.find_project(
+                identity_client,
+                parsed_args.project,
+                parsed_args.project_domain,
+            ).id
+            attrs['tenant_id'] = project_id

        # Create and show the security group rule.
        obj = client.create_security_group_rule(**attrs)
--- a/openstackclient/tests/network/v2/test_security_group_rule.py
+++ b/openstackclient/tests/network/v2/test_security_group_rule.py
@ -18,6 +18,7 @@ from openstackclient.network import utils as network_utils
 from openstackclient.network.v2 import security_group_rule
 from openstackclient.tests.compute.v2 import fakes as compute_fakes
 from openstackclient.tests import fakes
+from openstackclient.tests.identity.v3 import fakes as identity_fakes
 from openstackclient.tests.network.v2 import fakes as network_fakes
 from openstackclient.tests import utils as tests_utils

@ -89,6 +90,30 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
        self.network.find_security_group = mock.Mock(
            return_value=self._security_group)

+        # Set identity client v3. And get a shortcut to Identity client.
+        identity_client = identity_fakes.FakeIdentityv3Client(
+            endpoint=fakes.AUTH_URL,
+            token=fakes.AUTH_TOKEN,
+        )
+        self.app.client_manager.identity = identity_client
+        self.identity = self.app.client_manager.identity
+
+        # Get a shortcut to the ProjectManager Mock
+        self.projects_mock = self.identity.projects
+        self.projects_mock.get.return_value = fakes.FakeResource(
+            None,
+            copy.deepcopy(identity_fakes.PROJECT),
+            loaded=True,
+        )
+
+        # Get a shortcut to the DomainManager Mock
+        self.domains_mock = self.identity.domains
+        self.domains_mock.get.return_value = fakes.FakeResource(
+            None,
+            copy.deepcopy(identity_fakes.DOMAIN),
+            loaded=True,
+        )
+
        # Get the command object to test
        self.cmd = security_group_rule.CreateSecurityGroupRule(
            self.app, self.namespace)
@ -231,6 +256,8 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
            '--dst-port', str(self._security_group_rule.port_range_min),
            '--egress',
            '--ethertype', self._security_group_rule.ethertype,
+            '--project', identity_fakes.project_name,
+            '--project-domain', identity_fakes.domain_name,
            self._security_group.id,
        ]
        verifylist = [
@ -238,6 +265,8 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
                          self._security_group_rule.port_range_max)),
            ('egress', True),
            ('ethertype', self._security_group_rule.ethertype),
+            ('project', identity_fakes.project_name),
+            ('project_domain', identity_fakes.domain_name),
            ('group', self._security_group.id),
        ]
        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -251,6 +280,7 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
            'port_range_min': self._security_group_rule.port_range_min,
            'protocol': self._security_group_rule.protocol,
            'security_group_id': self._security_group.id,
+            'tenant_id': identity_fakes.project_id,
        })
        self.assertEqual(tuple(self.expected_columns), columns)
        self.assertEqual(self.expected_data, data)
@ -307,6 +337,17 @@ class TestCreateSecurityGroupRuleCompute(TestSecurityGroupRuleCompute):
        self.assertRaises(tests_utils.ParserException,
                          self.check_parser, self.cmd, arglist, [])

+    def test_create_network_options(self):
+        arglist = [
+            '--ingress',
+            '--ethertype', 'IPv4',
+            '--project', identity_fakes.project_name,
+            '--project-domain', identity_fakes.domain_name,
+            self._security_group.id,
+        ]
+        self.assertRaises(tests_utils.ParserException,
+                          self.check_parser, self.cmd, arglist, [])
+
    def test_create_default_rule(self):
        expected_columns, expected_data = self._setup_security_group_rule()
        dst_port = str(self._security_group_rule.from_port) + ':' + \
--- a/releasenotes/notes/bug-1519512-48d98f09e44220a3.yaml
+++ b/releasenotes/notes/bug-1519512-48d98f09e44220a3.yaml
@ -1,6 +1,7 @@
 ---
 features:
-  - Add ``--ingress``, ``--egress``, and ``--ethertype`` options to the
-    ``security group rule create`` command for Network v2 only. These
-    options enable ``egress`` and ``IPv6`` security group rules.
+  - Add ``--ingress``, ``--egress``, ``--ethertype``, ``--project``
+    and ``--project-domain`` options to the ``security group rule create``
+    command for Network v2 only. These options enable ``egress`` and
+    ``IPv6`` security group rules along with setting the project.
    [Bug `1519512 <https://bugs.launchpad.net/bugs/1519512>`_]