the rule may contain security_group_id,
protocol, port_min, port_max
source_ip_prefix, source_port_min,
- source_port_max, dest_ip_prefix,
+ source_port_max, dest_ip_prefix, and
+ remote_group_id
Note: source_group_ip in REST API should be converted by this rule
if direction is ingress:
- source_group_ip will be a soruce_prefix_ip
+ remote_group_ip will be a source_ip_prefix
if direction is egress:
- source_group_ip will be a dest_prefix_ip
- Note: source_group_id in REST API should be converted by this rule
+ remote_group_ip will be a dest_ip_prefix
+ Note: remote_group_id in REST API should be converted by this rule
if direction is ingress:
- source_group_id will be a list of soruce_prefix_ip
+ remote_group_id will be a list of source_ip_prefix
if direction is egress:
- source_group_id will be a list of dest_prefix_ip
+ remote_group_id will be a list of dest_ip_prefix
+ remote_group_id will also remaining membership update management
"""
__metaclass__ = abc.ABCMeta
sa.Column('tenant_id', sa.String(length=255), nullable=True),
sa.Column('id', sa.String(length=36), nullable=False),
sa.Column('security_group_id', sa.String(length=36), nullable=False),
- sa.Column('source_group_id', sa.String(length=36), nullable=True),
+ sa.Column('remote_group_id', sa.String(length=36), nullable=True),
sa.Column('direction',
sa.Enum('ingress', 'egress',
name='securitygrouprules_direction'),
sa.Column('protocol', sa.String(length=40), nullable=True),
sa.Column('port_range_min', sa.Integer(), nullable=True),
sa.Column('port_range_max', sa.Integer(), nullable=True),
- sa.Column('source_ip_prefix', sa.String(length=255), nullable=True),
+ sa.Column('remote_ip_prefix', sa.String(length=255), nullable=True),
sa.ForeignKeyConstraint(['security_group_id'], ['securitygroups.id'],
ondelete='CASCADE'),
- sa.ForeignKeyConstraint(['source_group_id'], ['securitygroups.id'],
+ sa.ForeignKeyConstraint(['remote_group_id'], ['securitygroups.id'],
ondelete='CASCADE'),
sa.PrimaryKeyConstraint('id')
)
ondelete="CASCADE"),
nullable=False)
- source_group_id = sa.Column(sa.String(36),
+ remote_group_id = sa.Column(sa.String(36),
sa.ForeignKey("securitygroups.id",
ondelete="CASCADE"),
nullable=True)
protocol = sa.Column(sa.String(40))
port_range_min = sa.Column(sa.Integer)
port_range_max = sa.Column(sa.Integer)
- source_ip_prefix = sa.Column(sa.String(255))
+ remote_ip_prefix = sa.Column(sa.String(255))
security_group = orm.relationship(
SecurityGroup,
backref=orm.backref('rules', cascade='all,delete'),
source_group = orm.relationship(
SecurityGroup,
backref=orm.backref('source_rules', cascade='all,delete'),
- primaryjoin="SecurityGroup.id==SecurityGroupRule.source_group_id")
+ primaryjoin="SecurityGroup.id==SecurityGroupRule.remote_group_id")
class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
id=uuidutils.generate_uuid(), tenant_id=tenant_id,
security_group_id=rule['security_group_id'],
direction=rule['direction'],
- source_group_id=rule.get('source_group_id'),
+ remote_group_id=rule.get('remote_group_id'),
ethertype=rule['ethertype'],
protocol=rule['protocol'],
port_range_min=rule['port_range_min'],
port_range_max=rule['port_range_max'],
- source_ip_prefix=rule.get('source_ip_prefix'))
+ remote_ip_prefix=rule.get('remote_ip_prefix'))
context.session.add(db)
ret.append(self._make_security_group_rule_dict(db))
return ret
def _validate_security_group_rules(self, context, security_group_rule):
"""Check that rules being installed all belong to the same security
- group, source_group_id/security_group_id belong to the same tenant,
+ group, remote_group_id/security_group_id belong to the same tenant,
and rules are valid.
"""
new_rules = set()
else:
raise ext_sg.SecurityGroupInvalidPortRange()
- if rule['source_ip_prefix'] and rule['source_group_id']:
- raise ext_sg.SecurityGroupSourceGroupAndIpPrefix()
+ if rule['remote_ip_prefix'] and rule['remote_group_id']:
+ raise ext_sg.SecurityGroupRemoteGroupAndRemoteIpPrefix()
if rule['tenant_id'] not in tenant_ids:
tenant_ids.add(rule['tenant_id'])
- source_group_id = rule.get('source_group_id')
- # Check that source_group_id exists for tenant
- if source_group_id:
- self.get_security_group(context, source_group_id,
+ remote_group_id = rule.get('remote_group_id')
+ # Check that remote_group_id exists for tenant
+ if remote_group_id:
+ self.get_security_group(context, remote_group_id,
tenant_id=rule['tenant_id'])
if len(new_rules) > 1:
raise ext_sg.SecurityGroupNotSingleGroupRules()
'protocol': security_group_rule['protocol'],
'port_range_min': security_group_rule['port_range_min'],
'port_range_max': security_group_rule['port_range_max'],
- 'source_ip_prefix': security_group_rule['source_ip_prefix'],
- 'source_group_id': security_group_rule['source_group_id']}
+ 'remote_ip_prefix': security_group_rule['remote_ip_prefix'],
+ 'remote_group_id': security_group_rule['remote_group_id']}
return self._fields(res, fields)
'direction': [sgr['direction']]}
include_if_present = ['protocol', 'port_range_max', 'port_range_min',
- 'ethertype', 'source_ip_prefix',
- 'source_group_id']
+ 'ethertype', 'remote_ip_prefix',
+ 'remote_group_id']
for key in include_if_present:
value = sgr.get(key)
if value:
def security_group_rules_for_devices(self, context, **kwargs):
""" return security group rules for each port
- also convert source_group_id rule
- to source_ip_prefix rule
+ also convert remote_group_id rule
+ to source_ip_prefix and dest_ip_prefix rule
:params devices: list of devices
:returns: port correspond to the devices with security group rules
query = query.filter(sg_binding_port.in_(ports.keys()))
return query.all()
- def _select_ips_for_source_group(self, context, source_group_ids):
+ def _select_ips_for_remote_group(self, context, remote_group_ids):
ips_by_group = {}
- if not source_group_ids:
+ if not remote_group_ids:
return ips_by_group
- for source_group_id in source_group_ids:
- ips_by_group[source_group_id] = []
+ for remote_group_id in remote_group_ids:
+ ips_by_group[remote_group_id] = []
ip_port = models_v2.IPAllocation.port_id
sg_binding_port = sg_db.SecurityGroupPortBinding.port_id
models_v2.IPAllocation.ip_address)
query = query.join(models_v2.IPAllocation,
ip_port == sg_binding_port)
- query = query.filter(sg_binding_sgid.in_(source_group_ids))
+ query = query.filter(sg_binding_sgid.in_(remote_group_ids))
ip_in_db = query.all()
for security_group_id, ip_address in ip_in_db:
ips_by_group[security_group_id].append(ip_address)
return ips_by_group
- def _select_source_group_ids(self, ports):
- source_group_ids = []
+ def _select_remote_group_ids(self, ports):
+ remote_group_ids = []
for port in ports.values():
for rule in port.get('security_group_rules'):
- source_group_id = rule.get('source_group_id')
- if source_group_id:
- source_group_ids.append(source_group_id)
- return source_group_ids
+ remote_group_id = rule.get('remote_group_id')
+ if remote_group_id:
+ remote_group_ids.append(remote_group_id)
+ return remote_group_ids
def _select_network_ids(self, ports):
return set((port['network_id'] for port in ports.values()))
ips[port['network_id']].append(ip)
return ips
- def _convert_source_group_id_to_ip_prefix(self, context, ports):
- source_group_ids = self._select_source_group_ids(ports)
- ips = self._select_ips_for_source_group(context, source_group_ids)
+ def _convert_remote_group_id_to_ip_prefix(self, context, ports):
+ remote_group_ids = self._select_remote_group_ids(ports)
+ ips = self._select_ips_for_remote_group(context, remote_group_ids)
for port in ports.values():
updated_rule = []
for rule in port.get('security_group_rules'):
- source_group_id = rule.get('source_group_id')
+ remote_group_id = rule.get('remote_group_id')
direction = rule.get('direction')
direction_ip_prefix = DIRECTION_IP_PREFIX[direction]
- if not source_group_id:
+ if not remote_group_id:
updated_rule.append(rule)
continue
- port['security_group_source_groups'].append(source_group_id)
+ port['security_group_source_groups'].append(remote_group_id)
base_rule = rule
- for ip in ips[source_group_id]:
+ for ip in ips[remote_group_id]:
if ip in port.get('fixed_ips', []):
continue
ip_rule = base_rule.copy()
'ethertype': rule_in_db['ethertype'],
}
for key in ('protocol', 'port_range_min', 'port_range_max',
- 'source_ip_prefix', 'source_group_id'):
+ 'remote_ip_prefix', 'remote_group_id'):
if rule_in_db.get(key):
- if key == 'source_ip_prefix' and direction == 'egress':
- rule_dict['dest_ip_prefix'] = rule_in_db[key]
+ if key == 'remote_ip_prefix':
+ direction_ip_prefix = DIRECTION_IP_PREFIX[direction]
+ rule_dict[direction_ip_prefix] = rule_in_db[key]
continue
rule_dict[key] = rule_in_db[key]
port['security_group_rules'].append(rule_dict)
self._apply_provider_rule(context, ports)
- return self._convert_source_group_id_to_ip_prefix(context, ports)
+ return self._convert_remote_group_id_to_ip_prefix(context, ports)
" not allowed")
-class SecurityGroupSourceGroupAndIpPrefix(qexception.InvalidInput):
- message = _("Only source_ip_prefix or source_group_id may "
+class SecurityGroupRemoteGroupAndRemoteIpPrefix(qexception.InvalidInput):
+ message = _("Only remote_ip_prefix or remote_group_id may "
"be provided.")
"one security profile at a time")
-class SecurityGroupSourceGroupNotFound(qexception.NotFound):
- message = _("Source group id %(id)s does not exist")
-
-
class SecurityGroupNotFound(qexception.NotFound):
message = _("Security group %(id)s does not exist")
'primary_key': True},
'security_group_id': {'allow_post': True, 'allow_put': False,
'is_visible': True, 'required_by_policy': True},
- 'source_group_id': {'allow_post': True, 'allow_put': False,
+ 'remote_group_id': {'allow_post': True, 'allow_put': False,
'default': None, 'is_visible': True},
'direction': {'allow_post': True, 'allow_put': True,
'is_visible': True,
'is_visible': True, 'default': 'IPv4',
'convert_to': convert_ethertype_to_case_insensitive,
'validate': {'type:values': sg_supported_ethertypes}},
- 'source_ip_prefix': {'allow_post': True, 'allow_put': False,
+ 'remote_ip_prefix': {'allow_post': True, 'allow_put': False,
'default': None, 'is_visible': True},
'tenant_id': {'allow_post': True, 'allow_put': False,
'required_by_policy': True,
rule_id = rule['id']
ethertype = rule['ethertype']
security_group_id = rule['security_group_id']
- source_group_id = rule['source_group_id']
- source_ip_prefix = rule['source_ip_prefix'] # watch out. not validated
+ remote_group_id = rule['remote_group_id']
+ remote_ip_prefix = rule['remote_ip_prefix'] # watch out. not validated
tenant_id = rule['tenant_id']
port_range_min = rule['port_range_min']
external_id = rule['external_id']
port_group_id = None
# handle source
- if not source_ip_prefix is None:
- nw_src_address, nw_src_length = source_ip_prefix.split('/')
- elif not source_group_id is None: # security group as a srouce
- source_pg = self.pg_manager.get_for_sg(tenant_id, source_group_id)
+ if not remote_ip_prefix is None:
+ nw_src_address, nw_src_length = remote_ip_prefix.split('/')
+ elif not remote_group_id is None: # security group as a srouce
+ source_pg = self.pg_manager.get_for_sg(tenant_id, remote_group_id)
port_group_id = source_pg.get_id()
else:
raise Exception(_("Don't know what to do with rule=%r"), rule)
def _convert_to_nvp_rule(self, rule, with_id=False):
"""Converts Quantum API security group rule to NVP API."""
nvp_rule = {}
- params = ['source_ip_prefix', 'protocol',
- 'source_group_id', 'port_range_min',
+ params = ['remote_ip_prefix', 'protocol',
+ 'remote_group_id', 'port_range_min',
'port_range_max', 'ethertype']
if with_id:
params.append('id')
nvp_rule[param] = value
elif not value:
pass
- elif param == 'source_ip_prefix':
- nvp_rule['ip_prefix'] = rule['source_ip_prefix']
- elif param == 'source_group_id':
- nvp_rule['profile_uuid'] = rule['source_group_id']
+ elif param == 'remote_ip_prefix':
+ nvp_rule['ip_prefix'] = rule['remote_ip_prefix']
+ elif param == 'remote_group_id':
+ nvp_rule['profile_uuid'] = rule['remote_group_id']
elif param == 'protocol':
nvp_rule['protocol'] = protocol_num_look_up[rule['protocol']]
else:
with_id=False):
"""Query quantum db for security group rules.
"""
- fields = ['source_ip_prefix', 'source_group_id', 'protocol',
+ fields = ['remote_ip_prefix', 'remote_group_id', 'protocol',
'port_range_min', 'port_range_max', 'protocol', 'ethertype']
if with_id:
fields.append('id')
'logical_port_egress_rules': ingress_rules}
return self._convert_to_nvp_rules(rules, with_id)
- def _get_profile_uuid(self, context, source_group_id):
+ def _get_profile_uuid(self, context, remote_group_id):
"""Return profile id from novas group id. """
- security_group = self.get_security_group(context, source_group_id)
+ security_group = self.get_security_group(context, remote_group_id)
if not security_group:
- raise ext_sg.SecurityGroupNotFound(id=source_group_id)
+ raise ext_sg.SecurityGroupNotFound(id=remote_group_id)
return security_group['id']
def _merge_security_group_rules_with_current(self, context, new_rules,
rule = new_rule['security_group_rule']
rule['security_group_id'] = security_group_id
if rule.get('souce_group_id'):
- rule['source_group_id'] = self._get_profile_uuid(
- context, rule['source_group_id'])
+ rule['remote_group_id'] = self._get_profile_uuid(
+ context, rule['remote_group_id'])
if rule['direction'] == 'ingress':
merged_rules['logical_port_egress_rules'].append(
self._convert_to_nvp_rule(rule))
return {"tenant_id": tenant_id, "security_group_id": sg_id,
"rule_id": rule_id, "direction": direction,
"protocol": protocol,
- "source_ip_prefix": src_ip, "source_group_id": src_group_id,
+ "remote_ip_prefix": src_ip, "remote_group_id": src_group_id,
"port_range_min": port_min, "port_range_max": port_max,
"ethertype": ethertype, "id": rule_id, "external_id": None}
def _build_security_group_rule(self, security_group_id, direction,
protocol, port_range_min, port_range_max,
- source_ip_prefix=None, source_group_id=None,
+ remote_ip_prefix=None, remote_group_id=None,
tenant_id='test_tenant',
ethertype='IPv4'):
'port_range_max': port_range_max,
'tenant_id': tenant_id,
'ethertype': ethertype}}
- if source_ip_prefix:
- data['security_group_rule']['source_ip_prefix'] = source_ip_prefix
+ if remote_ip_prefix:
+ data['security_group_rule']['remote_ip_prefix'] = remote_ip_prefix
- if source_group_id:
- data['security_group_rule']['source_group_id'] = source_group_id
+ if remote_group_id:
+ data['security_group_rule']['remote_group_id'] = remote_group_id
return data
'd1db38eb087',
direction='ingress', protocol='tcp',
port_range_min='22', port_range_max='22',
- source_ip_prefix=None, source_group_id=None,
+ remote_ip_prefix=None, remote_group_id=None,
fmt=None, no_delete=False, ethertype='IPv4'):
if not fmt:
fmt = self.fmt
direction,
protocol, port_range_min,
port_range_max,
- source_ip_prefix,
- source_group_id,
+ remote_ip_prefix,
+ remote_group_id,
ethertype=ethertype)
security_group_rule = self._make_security_group_rule(self.fmt, rule)
try:
with self.security_group(name, description) as sg:
security_group_id = sg['security_group']['id']
direction = "ingress"
- source_ip_prefix = "10.0.0.0/24"
+ remote_ip_prefix = "10.0.0.0/24"
protocol = 'TCP'
port_range_min = 22
port_range_max = 22
with self.security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
- source_ip_prefix,
+ remote_ip_prefix,
ethertype=ethertype) as rule:
# the lower case value will be return
name = 'webservers'
description = 'my webservers'
with self.security_group(name, description) as sg:
- source_group_id = sg['security_group']['id']
- res = self.new_show_request('security-groups', source_group_id)
+ remote_group_id = sg['security_group']['id']
+ res = self.new_show_request('security-groups', remote_group_id)
security_group_id = sg['security_group']['id']
direction = "ingress"
- source_ip_prefix = "10.0.0.0/24"
+ remote_ip_prefix = "10.0.0.0/24"
protocol = 'tcp'
port_range_min = 22
port_range_max = 22
- keys = [('source_ip_prefix', source_ip_prefix),
+ keys = [('remote_ip_prefix', remote_ip_prefix),
('security_group_id', security_group_id),
('direction', direction),
('protocol', protocol),
with self.security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
- source_ip_prefix):
+ remote_ip_prefix):
group = self.deserialize(
self.fmt, res.get_response(self.ext_api))
sg_rule = group['security_group']['security_group_rules']
self.assertEqual(group['security_group']['id'],
- source_group_id)
+ remote_group_id)
self.assertEqual(len(sg_rule), 1)
for k, v, in keys:
self.assertEqual(sg_rule[0][k], v)
name = 'webservers'
description = 'my webservers'
with self.security_group(name, description, no_delete=True) as sg:
- source_group_id = sg['security_group']['id']
- self._delete('security-groups', source_group_id, 204)
+ remote_group_id = sg['security_group']['id']
+ self._delete('security-groups', remote_group_id, 204)
def test_delete_default_security_group_fail(self):
with self.network():
self.assertEqual(rule['port_range_min'], None)
self.assertEqual(rule['protocol'], None)
- def test_create_security_group_rule_source_ip_prefix(self):
+ def test_create_security_group_rule_remote_ip_prefix(self):
name = 'webservers'
description = 'my webservers'
with self.security_group(name, description) as sg:
security_group_id = sg['security_group']['id']
direction = "ingress"
- source_ip_prefix = "10.0.0.0/24"
+ remote_ip_prefix = "10.0.0.0/24"
protocol = 'tcp'
port_range_min = 22
port_range_max = 22
- keys = [('source_ip_prefix', source_ip_prefix),
+ keys = [('remote_ip_prefix', remote_ip_prefix),
('security_group_id', security_group_id),
('direction', direction),
('protocol', protocol),
with self.security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
- source_ip_prefix) as rule:
+ remote_ip_prefix) as rule:
for k, v, in keys:
self.assertEqual(rule['security_group_rule'][k], v)
with self.security_group(name, description) as sg2:
security_group_id = sg['security_group']['id']
direction = "ingress"
- source_group_id = sg2['security_group']['id']
+ remote_group_id = sg2['security_group']['id']
protocol = 'tcp'
port_range_min = 22
port_range_max = 22
- keys = [('source_group_id', source_group_id),
+ keys = [('remote_group_id', remote_group_id),
('security_group_id', security_group_id),
('direction', direction),
('protocol', protocol),
with self.security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
- source_group_id=source_group_id
+ remote_group_id=remote_group_id
) as rule:
for k, v, in keys:
self.assertEqual(rule['security_group_rule'][k], v)
def test_create_security_group_source_group_ip_and_ip_prefix(self):
security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
direction = "ingress"
- source_ip_prefix = "10.0.0.0/24"
+ remote_ip_prefix = "10.0.0.0/24"
protocol = 'tcp'
port_range_min = 22
port_range_max = 22
- source_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
+ remote_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
rule = self._build_security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
- source_ip_prefix,
- source_group_id)
+ remote_ip_prefix,
+ remote_group_id)
res = self._create_security_group_rule(self.fmt, rule)
self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, 400)
def test_create_security_group_rule_bad_security_group_id(self):
security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
direction = "ingress"
- source_ip_prefix = "10.0.0.0/24"
+ remote_ip_prefix = "10.0.0.0/24"
protocol = 'tcp'
port_range_min = 22
port_range_max = 22
rule = self._build_security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
- source_ip_prefix)
+ remote_ip_prefix)
res = self._create_security_group_rule(self.fmt, rule)
self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, 404)
self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, 404)
- def test_create_security_group_rule_bad_tenant_source_group_id(self):
+ def test_create_security_group_rule_bad_tenant_remote_group_id(self):
with self.security_group() as sg:
res = self._create_security_group(self.fmt, 'webservers',
'webservers',
'port_range_min': '22',
'port_range_max': '22',
'tenant_id': 'bad_tenant',
- 'source_group_id': sg['security_group']['id']}}
+ 'remote_group_id': sg['security_group']['id']}}
res = self._create_security_group_rule(self.fmt, rule,
tenant_id='bad_tenant',
self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, 404)
- def test_create_security_group_rule_bad_source_group_id(self):
+ def test_create_security_group_rule_bad_remote_group_id(self):
name = 'webservers'
description = 'my webservers'
with self.security_group(name, description) as sg:
security_group_id = sg['security_group']['id']
- source_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
+ remote_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
direction = "ingress"
protocol = 'tcp'
port_range_min = 22
rule = self._build_security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
- source_group_id=source_group_id)
+ remote_group_id=remote_group_id)
res = self._create_security_group_rule(self.fmt, rule)
self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, 404)
def test_create_security_group_rule_with_invalid_ethertype(self):
security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
direction = "ingress"
- source_ip_prefix = "10.0.0.0/24"
+ remote_ip_prefix = "10.0.0.0/24"
protocol = 'tcp'
port_range_min = 22
port_range_max = 22
- source_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
+ remote_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
rule = self._build_security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
- source_ip_prefix,
- source_group_id,
+ remote_ip_prefix,
+ remote_group_id,
ethertype='IPv5')
res = self._create_security_group_rule(self.fmt, rule)
self.deserialize(self.fmt, res)
def test_create_security_group_rule_with_invalid_protocol(self):
security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
direction = "ingress"
- source_ip_prefix = "10.0.0.0/24"
+ remote_ip_prefix = "10.0.0.0/24"
protocol = 'tcp/ip'
port_range_min = 22
port_range_max = 22
- source_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
+ remote_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
rule = self._build_security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
- source_ip_prefix,
- source_group_id)
+ remote_ip_prefix,
+ remote_group_id)
res = self._create_security_group_rule(self.fmt, rule)
self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, 400)
rule1 = self._build_security_group_rule(
sg1_id,
'ingress', 'tcp', '24',
- '25', source_group_id=sg2['security_group']['id'])
+ '25', remote_group_id=sg2['security_group']['id'])
rules = {
'security_group_rules': [rule1['security_group_rule']]}
res = self._create_security_group_rule(self.fmt, rules)
'source_ip_prefix': u'10.0.0.3/32',
'protocol': u'tcp', 'ethertype': u'IPv4',
'port_range_max': 25, 'port_range_min': 24,
- 'source_group_id': sg2_id,
+ 'remote_group_id': sg2_id,
'security_group_id': sg1_id},
{'ethertype': 'IPv4', 'direction': 'egress'},
]
'ingress', 'tcp', '24',
'25',
ethertype='IPv6',
- source_group_id=sg2['security_group']['id'])
+ remote_group_id=sg2['security_group']['id'])
rules = {
'security_group_rules': [rule1['security_group_rule']]}
res = self._create_security_group_rule(self.fmt, rules)
'source_ip_prefix': 'fe80::3/128',
'protocol': 'tcp', 'ethertype': 'IPv6',
'port_range_max': 25, 'port_range_min': 24,
- 'source_group_id': sg2_id,
+ 'remote_group_id': sg2_id,
'security_group_id': sg1_id},
{'ethertype': 'IPv6', 'direction': 'egress'},
]
'security_group_source_groups': ['fake_sgid2'],
'security_group_rules': [{'security_group_id':
'fake_sgid1',
- 'source_group_id':
+ 'remote_group_id':
'fake_sgid2'}]}
fake_devices = {'fake_device': self.fake_device}
self.firewall.ports = fake_devices
with self.security_group(name, description) as sg2:
security_group_id = sg['security_group']['id']
direction = "ingress"
- source_group_id = sg2['security_group']['id']
+ remote_group_id = sg2['security_group']['id']
protocol = 'tcp'
port_range_min = 88
port_range_max = 88
with self.security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
- source_group_id=source_group_id
+ remote_group_id=remote_group_id
):
pass
self.notifier.assert_has_calls(
Code Review / openstack-build / neutron-build.git / commitdiff