Deprecate SecurityGroup related proxy API
This patch deprecates all the APIs which related SecurityGroup. All those APIs will return 404. The deprecated API endpoints are '/os-security-group-default-rules' '/os-security-groups' '/os-security-group-rules' The action 'addSecurityGroup' and 'removeSecurityGroup' will be kept. And the attribute 'security_groups' in the servers response will be kept also. Due to the current implementation of Microversion didn't support inheritance very well. This patch uses object as SecurityGroupControllerBase's base class to avoid two controller share same base controller which is subclass of 'wsgi.Controller'. The support of inheritance will be improved later to avoid increase the complicated in this series patches. This patch doesn't bump the max api version, due to the patch separation. The max api version will bump in the last patch. Partially implements blueprint deprecate-api-proxies Change-Id: Ic834db770f68c72892a6497d5c60707b75f1beef
This commit is contained in:
He Jie Xu
parent
5044db5fce
commit
53fffbadff
|
|
@ -14,6 +14,8 @@
|
|||
|
||||
from webob import exc
|
||||
|
||||
from nova.api.openstack.api_version_request \
|
||||
import MAX_PROXY_API_SUPPORT_VERSION
|
||||
from nova.api.openstack.compute import security_groups as sg
|
||||
from nova.api.openstack import extensions
|
||||
from nova.api.openstack import wsgi
|
||||
|
|
@ -26,12 +28,14 @@ from nova.policies import security_group_default_rules as sgdr_policies
|
|||
ALIAS = "os-security-group-default-rules"
|
||||
|
||||
|
||||
class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase):
|
||||
class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase,
|
||||
wsgi.Controller):
|
||||
|
||||
def __init__(self):
|
||||
self.security_group_api = (
|
||||
openstack_driver.get_openstack_security_group_driver())
|
||||
|
||||
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
|
||||
@extensions.expected_errors((400, 409, 501))
|
||||
def create(self, req, body):
|
||||
context = req.environ['nova.context']
|
||||
|
|
@ -69,6 +73,7 @@ class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase):
|
|||
return self.security_group_api.new_cidr_ingress_rule(
|
||||
cidr, ip_protocol, from_port, to_port)
|
||||
|
||||
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
|
||||
@extensions.expected_errors((400, 404, 501))
|
||||
def show(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
|
|
@ -87,6 +92,7 @@ class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase):
|
|||
fmt_rule = self._format_security_group_default_rule(rule)
|
||||
return {"security_group_default_rule": fmt_rule}
|
||||
|
||||
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
|
||||
@extensions.expected_errors((400, 404, 501))
|
||||
@wsgi.response(204)
|
||||
def delete(self, req, id):
|
||||
|
|
@ -104,6 +110,7 @@ class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase):
|
|||
except exception.SecurityGroupDefaultRuleNotFound as ex:
|
||||
raise exc.HTTPNotFound(explanation=ex.format_message())
|
||||
|
||||
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
|
||||
@extensions.expected_errors((404, 501))
|
||||
def index(self, req):
|
||||
context = req.environ['nova.context']
|
||||
|
|
|
|||
|
|
@ -19,6 +19,8 @@ from oslo_log import log as logging
|
|||
from oslo_serialization import jsonutils
|
||||
from webob import exc
|
||||
|
||||
from nova.api.openstack.api_version_request \
|
||||
import MAX_PROXY_API_SUPPORT_VERSION
|
||||
from nova.api.openstack import common
|
||||
from nova.api.openstack.compute.schemas import security_groups as \
|
||||
schema_security_groups
|
||||
|
|
@ -43,7 +45,7 @@ def _authorize_context(req):
|
|||
return context
|
||||
|
||||
|
||||
class SecurityGroupControllerBase(wsgi.Controller):
|
||||
class SecurityGroupControllerBase(object):
|
||||
"""Base class for Security Group controllers."""
|
||||
|
||||
def __init__(self):
|
||||
|
|
@ -113,9 +115,10 @@ class SecurityGroupControllerBase(wsgi.Controller):
|
|||
return value
|
||||
|
||||
|
||||
class SecurityGroupController(SecurityGroupControllerBase):
|
||||
class SecurityGroupController(SecurityGroupControllerBase, wsgi.Controller):
|
||||
"""The Security group API controller for the OpenStack API."""
|
||||
|
||||
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
|
||||
@extensions.expected_errors((400, 404))
|
||||
def show(self, req, id):
|
||||
"""Return data about the given security group."""
|
||||
|
|
@ -133,6 +136,7 @@ class SecurityGroupController(SecurityGroupControllerBase):
|
|||
return {'security_group': self._format_security_group(context,
|
||||
security_group)}
|
||||
|
||||
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
|
||||
@extensions.expected_errors((400, 404))
|
||||
@wsgi.response(202)
|
||||
def delete(self, req, id):
|
||||
|
|
@ -149,6 +153,7 @@ class SecurityGroupController(SecurityGroupControllerBase):
|
|||
except exception.Invalid as exp:
|
||||
raise exc.HTTPBadRequest(explanation=exp.format_message())
|
||||
|
||||
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
|
||||
@extensions.expected_errors(404)
|
||||
def index(self, req):
|
||||
"""Returns a list of security groups."""
|
||||
|
|
@ -170,6 +175,7 @@ class SecurityGroupController(SecurityGroupControllerBase):
|
|||
list(sorted(result,
|
||||
key=lambda k: (k['tenant_id'], k['name'])))}
|
||||
|
||||
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
|
||||
@extensions.expected_errors((400, 403))
|
||||
def create(self, req, body):
|
||||
"""Creates a new security group."""
|
||||
|
|
@ -194,6 +200,7 @@ class SecurityGroupController(SecurityGroupControllerBase):
|
|||
return {'security_group': self._format_security_group(context,
|
||||
group_ref)}
|
||||
|
||||
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
|
||||
@extensions.expected_errors((400, 404))
|
||||
def update(self, req, id, body):
|
||||
"""Update a security group."""
|
||||
|
|
@ -227,8 +234,10 @@ class SecurityGroupController(SecurityGroupControllerBase):
|
|||
group_ref)}
|
||||
|
||||
|
||||
class SecurityGroupRulesController(SecurityGroupControllerBase):
|
||||
class SecurityGroupRulesController(SecurityGroupControllerBase,
|
||||
wsgi.Controller):
|
||||
|
||||
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
|
||||
@extensions.expected_errors((400, 403, 404))
|
||||
def create(self, req, body):
|
||||
context = _authorize_context(req)
|
||||
|
|
@ -302,6 +311,7 @@ class SecurityGroupRulesController(SecurityGroupControllerBase):
|
|||
return self.security_group_api.new_cidr_ingress_rule(
|
||||
cidr, ip_protocol, from_port, to_port)
|
||||
|
||||
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
|
||||
@extensions.expected_errors((400, 404, 409))
|
||||
@wsgi.response(202)
|
||||
def delete(self, req, id):
|
||||
|
|
|
|||
|
|
@ -339,3 +339,22 @@ class SecurityGroupDefaultRulesPolicyEnforcementV21(test.NoDBTestCase):
|
|||
|
||||
def test_index_policy_failed(self):
|
||||
self._common_policy_check(self.controller.index, self.req)
|
||||
|
||||
|
||||
class TestSecurityGroupDefaultRulesDeprecation(test.NoDBTestCase):
|
||||
|
||||
def setUp(self):
|
||||
super(TestSecurityGroupDefaultRulesDeprecation, self).setUp()
|
||||
self.req = fakes.HTTPRequest.blank('', version='2.36')
|
||||
self.controller = (security_group_default_rules_v21.
|
||||
SecurityGroupDefaultRulesController())
|
||||
|
||||
def test_all_apis_return_not_found(self):
|
||||
self.assertRaises(exception.VersionNotFoundForAPIMethod,
|
||||
self.controller.create, self.req, {})
|
||||
self.assertRaises(exception.VersionNotFoundForAPIMethod,
|
||||
self.controller.show, self.req, fakes.FAKE_UUID)
|
||||
self.assertRaises(exception.VersionNotFoundForAPIMethod,
|
||||
self.controller.delete, self.req, fakes.FAKE_UUID)
|
||||
self.assertRaises(exception.VersionNotFoundForAPIMethod,
|
||||
self.controller.index, self.req)
|
||||
|
|
|
|||
|
|
@ -1511,3 +1511,37 @@ class SecurityGroupActionPolicyEnforcementV21(PolicyEnforcementV21):
|
|||
def test_remove_security_group_policy_failed(self):
|
||||
self._common_policy_check(
|
||||
self.controller._removeSecurityGroup, self.req, FAKE_UUID1, {})
|
||||
|
||||
|
||||
class TestSecurityGroupsDeprecation(test.NoDBTestCase):
|
||||
|
||||
def setUp(self):
|
||||
super(TestSecurityGroupsDeprecation, self).setUp()
|
||||
self.controller = secgroups_v21.SecurityGroupController()
|
||||
self.req = fakes.HTTPRequest.blank('', version='2.36')
|
||||
|
||||
def test_all_apis_return_not_found(self):
|
||||
self.assertRaises(exception.VersionNotFoundForAPIMethod,
|
||||
self.controller.show, self.req, fakes.FAKE_UUID)
|
||||
self.assertRaises(exception.VersionNotFoundForAPIMethod,
|
||||
self.controller.delete, self.req, fakes.FAKE_UUID)
|
||||
self.assertRaises(exception.VersionNotFoundForAPIMethod,
|
||||
self.controller.index, self.req)
|
||||
self.assertRaises(exception.VersionNotFoundForAPIMethod,
|
||||
self.controller.update, self.req, fakes.FAKE_UUID, {})
|
||||
self.assertRaises(exception.VersionNotFoundForAPIMethod,
|
||||
self.controller.create, self.req, {})
|
||||
|
||||
|
||||
class TestSecurityGroupRulesDeprecation(test.NoDBTestCase):
|
||||
|
||||
def setUp(self):
|
||||
super(TestSecurityGroupRulesDeprecation, self).setUp()
|
||||
self.controller = secgroups_v21.SecurityGroupRulesController()
|
||||
self.req = fakes.HTTPRequest.blank('', version='2.36')
|
||||
|
||||
def test_all_apis_return_not_found(self):
|
||||
self.assertRaises(exception.VersionNotFoundForAPIMethod,
|
||||
self.controller.create, self.req, {})
|
||||
self.assertRaises(exception.VersionNotFoundForAPIMethod,
|
||||
self.controller.delete, self.req, fakes.FAKE_UUID)
|
||||
|
|
|
|||
Loading…
Reference in New Issue