diff --git a/nova/api/openstack/compute/security_group_default_rules.py b/nova/api/openstack/compute/security_group_default_rules.py
index a827f0abbacd..3468f7f8d041 100644
--- a/nova/api/openstack/compute/security_group_default_rules.py
+++ b/nova/api/openstack/compute/security_group_default_rules.py
@@ -14,6 +14,8 @@
 
 from webob import exc
 
+from nova.api.openstack.api_version_request \
+    import MAX_PROXY_API_SUPPORT_VERSION
 from nova.api.openstack.compute import security_groups as sg
 from nova.api.openstack import extensions
 from nova.api.openstack import wsgi
@@ -26,12 +28,14 @@ from nova.policies import security_group_default_rules as sgdr_policies
 ALIAS = "os-security-group-default-rules"
 
 
-class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase):
+class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase,
+                                          wsgi.Controller):
 
     def __init__(self):
         self.security_group_api = (
             openstack_driver.get_openstack_security_group_driver())
 
+    @wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
     @extensions.expected_errors((400, 409, 501))
     def create(self, req, body):
         context = req.environ['nova.context']
@@ -69,6 +73,7 @@ class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase):
         return self.security_group_api.new_cidr_ingress_rule(
             cidr, ip_protocol, from_port, to_port)
 
+    @wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
     @extensions.expected_errors((400, 404, 501))
     def show(self, req, id):
         context = req.environ['nova.context']
@@ -87,6 +92,7 @@ class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase):
         fmt_rule = self._format_security_group_default_rule(rule)
         return {"security_group_default_rule": fmt_rule}
 
+    @wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
     @extensions.expected_errors((400, 404, 501))
     @wsgi.response(204)
     def delete(self, req, id):
@@ -104,6 +110,7 @@ class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase):
         except exception.SecurityGroupDefaultRuleNotFound as ex:
             raise exc.HTTPNotFound(explanation=ex.format_message())
 
+    @wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
     @extensions.expected_errors((404, 501))
     def index(self, req):
         context = req.environ['nova.context']
diff --git a/nova/api/openstack/compute/security_groups.py b/nova/api/openstack/compute/security_groups.py
index cd036f6ef02a..b8ff34b52a74 100644
--- a/nova/api/openstack/compute/security_groups.py
+++ b/nova/api/openstack/compute/security_groups.py
@@ -19,6 +19,8 @@ from oslo_log import log as logging
 from oslo_serialization import jsonutils
 from webob import exc
 
+from nova.api.openstack.api_version_request \
+    import MAX_PROXY_API_SUPPORT_VERSION
 from nova.api.openstack import common
 from nova.api.openstack.compute.schemas import security_groups as \
                                                   schema_security_groups
@@ -43,7 +45,7 @@ def _authorize_context(req):
     return context
 
 
-class SecurityGroupControllerBase(wsgi.Controller):
+class SecurityGroupControllerBase(object):
     """Base class for Security Group controllers."""
 
     def __init__(self):
@@ -113,9 +115,10 @@ class SecurityGroupControllerBase(wsgi.Controller):
         return value
 
 
-class SecurityGroupController(SecurityGroupControllerBase):
+class SecurityGroupController(SecurityGroupControllerBase, wsgi.Controller):
     """The Security group API controller for the OpenStack API."""
 
+    @wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
     @extensions.expected_errors((400, 404))
     def show(self, req, id):
         """Return data about the given security group."""
@@ -133,6 +136,7 @@ class SecurityGroupController(SecurityGroupControllerBase):
         return {'security_group': self._format_security_group(context,
                                                               security_group)}
 
+    @wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
     @extensions.expected_errors((400, 404))
     @wsgi.response(202)
     def delete(self, req, id):
@@ -149,6 +153,7 @@ class SecurityGroupController(SecurityGroupControllerBase):
         except exception.Invalid as exp:
             raise exc.HTTPBadRequest(explanation=exp.format_message())
 
+    @wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
     @extensions.expected_errors(404)
     def index(self, req):
         """Returns a list of security groups."""
@@ -170,6 +175,7 @@ class SecurityGroupController(SecurityGroupControllerBase):
                 list(sorted(result,
                             key=lambda k: (k['tenant_id'], k['name'])))}
 
+    @wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
     @extensions.expected_errors((400, 403))
     def create(self, req, body):
         """Creates a new security group."""
@@ -194,6 +200,7 @@ class SecurityGroupController(SecurityGroupControllerBase):
         return {'security_group': self._format_security_group(context,
                                                               group_ref)}
 
+    @wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
     @extensions.expected_errors((400, 404))
     def update(self, req, id, body):
         """Update a security group."""
@@ -227,8 +234,10 @@ class SecurityGroupController(SecurityGroupControllerBase):
                                                               group_ref)}
 
 
-class SecurityGroupRulesController(SecurityGroupControllerBase):
+class SecurityGroupRulesController(SecurityGroupControllerBase,
+                                   wsgi.Controller):
 
+    @wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
     @extensions.expected_errors((400, 403, 404))
     def create(self, req, body):
         context = _authorize_context(req)
@@ -302,6 +311,7 @@ class SecurityGroupRulesController(SecurityGroupControllerBase):
             return self.security_group_api.new_cidr_ingress_rule(
                                         cidr, ip_protocol, from_port, to_port)
 
+    @wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
     @extensions.expected_errors((400, 404, 409))
     @wsgi.response(202)
     def delete(self, req, id):
diff --git a/nova/tests/unit/api/openstack/compute/test_security_group_default_rules.py b/nova/tests/unit/api/openstack/compute/test_security_group_default_rules.py
index 0f35168cb0c8..7ad079910249 100644
--- a/nova/tests/unit/api/openstack/compute/test_security_group_default_rules.py
+++ b/nova/tests/unit/api/openstack/compute/test_security_group_default_rules.py
@@ -339,3 +339,22 @@ class SecurityGroupDefaultRulesPolicyEnforcementV21(test.NoDBTestCase):
 
     def test_index_policy_failed(self):
         self._common_policy_check(self.controller.index, self.req)
+
+
+class TestSecurityGroupDefaultRulesDeprecation(test.NoDBTestCase):
+
+    def setUp(self):
+        super(TestSecurityGroupDefaultRulesDeprecation, self).setUp()
+        self.req = fakes.HTTPRequest.blank('', version='2.36')
+        self.controller = (security_group_default_rules_v21.
+                           SecurityGroupDefaultRulesController())
+
+    def test_all_apis_return_not_found(self):
+        self.assertRaises(exception.VersionNotFoundForAPIMethod,
+            self.controller.create, self.req, {})
+        self.assertRaises(exception.VersionNotFoundForAPIMethod,
+            self.controller.show, self.req, fakes.FAKE_UUID)
+        self.assertRaises(exception.VersionNotFoundForAPIMethod,
+            self.controller.delete, self.req, fakes.FAKE_UUID)
+        self.assertRaises(exception.VersionNotFoundForAPIMethod,
+            self.controller.index, self.req)
diff --git a/nova/tests/unit/api/openstack/compute/test_security_groups.py b/nova/tests/unit/api/openstack/compute/test_security_groups.py
index 82649c882ed5..c72b46cbc347 100644
--- a/nova/tests/unit/api/openstack/compute/test_security_groups.py
+++ b/nova/tests/unit/api/openstack/compute/test_security_groups.py
@@ -1511,3 +1511,37 @@ class SecurityGroupActionPolicyEnforcementV21(PolicyEnforcementV21):
     def test_remove_security_group_policy_failed(self):
         self._common_policy_check(
             self.controller._removeSecurityGroup, self.req, FAKE_UUID1, {})
+
+
+class TestSecurityGroupsDeprecation(test.NoDBTestCase):
+
+    def setUp(self):
+        super(TestSecurityGroupsDeprecation, self).setUp()
+        self.controller = secgroups_v21.SecurityGroupController()
+        self.req = fakes.HTTPRequest.blank('', version='2.36')
+
+    def test_all_apis_return_not_found(self):
+        self.assertRaises(exception.VersionNotFoundForAPIMethod,
+            self.controller.show, self.req, fakes.FAKE_UUID)
+        self.assertRaises(exception.VersionNotFoundForAPIMethod,
+            self.controller.delete, self.req, fakes.FAKE_UUID)
+        self.assertRaises(exception.VersionNotFoundForAPIMethod,
+            self.controller.index, self.req)
+        self.assertRaises(exception.VersionNotFoundForAPIMethod,
+            self.controller.update, self.req, fakes.FAKE_UUID, {})
+        self.assertRaises(exception.VersionNotFoundForAPIMethod,
+            self.controller.create, self.req, {})
+
+
+class TestSecurityGroupRulesDeprecation(test.NoDBTestCase):
+
+    def setUp(self):
+        super(TestSecurityGroupRulesDeprecation, self).setUp()
+        self.controller = secgroups_v21.SecurityGroupRulesController()
+        self.req = fakes.HTTPRequest.blank('', version='2.36')
+
+    def test_all_apis_return_not_found(self):
+        self.assertRaises(exception.VersionNotFoundForAPIMethod,
+            self.controller.create, self.req, {})
+        self.assertRaises(exception.VersionNotFoundForAPIMethod,
+            self.controller.delete, self.req, fakes.FAKE_UUID)