Remove 'os-security-group-default-rules' REST API
This is a nova-network-only API. As with previously removed APIs, this API now return a 410 response for all routes. There are some DB methods that were only used by this API. They will be removed separately in a future change. Change-Id: Iaa7fb6c548613164d33793822ee85339f9f7fefb Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
This commit is contained in:
		| @@ -71,7 +71,6 @@ limited to some maximum microversion. | |||||||
| .. include:: os-floating-ip-pools.inc | .. include:: os-floating-ip-pools.inc | ||||||
| .. include:: os-floating-ips.inc | .. include:: os-floating-ips.inc | ||||||
| .. include:: os-security-groups.inc | .. include:: os-security-groups.inc | ||||||
| .. include:: os-security-group-default-rules.inc |  | ||||||
| .. include:: os-security-group-rules.inc | .. include:: os-security-group-rules.inc | ||||||
| .. include:: os-hosts.inc | .. include:: os-hosts.inc | ||||||
|  |  | ||||||
| @@ -90,3 +89,4 @@ Compute API in the past, but no longer exist. | |||||||
| .. include:: os-floating-ips-bulk.inc | .. include:: os-floating-ips-bulk.inc | ||||||
| .. include:: os-floating-ip-dns.inc | .. include:: os-floating-ip-dns.inc | ||||||
| .. include:: os-cells.inc | .. include:: os-cells.inc | ||||||
|  | .. include:: os-security-group-default-rules.inc | ||||||
|   | |||||||
| @@ -1,17 +1,15 @@ | |||||||
| .. -*- rst -*- | .. -*- rst -*- | ||||||
|  |  | ||||||
| .. NOTE(gmann): These APIs are deprecated so do not update this | ==================================================================== | ||||||
|    file even body, example or parameters are not complete. |  Rules for default security group (os-security-group-default-rules) | ||||||
|  | ==================================================================== | ||||||
| ================================================================================ |  | ||||||
|  Rules for default security group (os-security-group-default-rules) (DEPRECATED) |  | ||||||
| ================================================================================ |  | ||||||
|  |  | ||||||
| .. warning:: | .. warning:: | ||||||
|  |  | ||||||
|    This API only available with ``nova-network`` which is |    This API only available with ``nova-network`` which is | ||||||
|    deprecated. It should be avoided in any new applications. |    deprecated. It should be avoided in any new applications. | ||||||
|    These will fail with a 404 starting from microversion 2.36. |    These will fail with a 404 starting from microversion 2.36. | ||||||
|  |    They were completely removed in the 21.0.0 (Ussuri) release. | ||||||
|  |  | ||||||
| Lists, shows information for, and creates default security group rules. | Lists, shows information for, and creates default security group rules. | ||||||
|  |  | ||||||
| @@ -24,7 +22,8 @@ Lists default security group rules. | |||||||
|  |  | ||||||
| Normal response codes: 200 | Normal response codes: 200 | ||||||
|  |  | ||||||
| Error response codes: unauthorized(401), forbidden(403), itemNotFound(404), notImplemented(501) | Error response codes: unauthorized(401), forbidden(403), itemNotFound(404), | ||||||
|  | gone(410), notImplemented(501) | ||||||
|  |  | ||||||
| Response | Response | ||||||
| -------- | -------- | ||||||
| @@ -53,7 +52,8 @@ Shows details for a security group rule. | |||||||
|  |  | ||||||
| Normal response codes: 200 | Normal response codes: 200 | ||||||
|  |  | ||||||
| Error response codes: badRequest(400), unauthorized(401), forbidden(403), itemNotFound(404), notImplemented(501) | Error response codes: badRequest(400), unauthorized(401), forbidden(403), | ||||||
|  | itemNotFound(404), gone(410), notImplemented(501) | ||||||
|  |  | ||||||
| Request | Request | ||||||
| ------- | ------- | ||||||
| @@ -92,7 +92,8 @@ IP protocol ( ``ip_protocol`` ) value. Otherwise, the operation returns the ``Ba | |||||||
|  |  | ||||||
| Normal response codes: 200 | Normal response codes: 200 | ||||||
|  |  | ||||||
| Error response codes: badRequest(400), unauthorized(401), forbidden(403), conflict(409), notImplemented(501) | Error response codes: badRequest(400), unauthorized(401), forbidden(403), | ||||||
|  | conflict(409), gone(410), notImplemented(501) | ||||||
|  |  | ||||||
| Request | Request | ||||||
| ------- | ------- | ||||||
| @@ -137,7 +138,8 @@ Deletes a security group rule. | |||||||
|  |  | ||||||
| Normal response codes: 204 | Normal response codes: 204 | ||||||
|  |  | ||||||
| Error response codes: badRequest(400), unauthorized(401), forbidden(403), itemNotFound(404), notImplemented(501) | Error response codes: badRequest(400), unauthorized(401), forbidden(403), | ||||||
|  | itemNotFound(404), gone(410), notImplemented(501) | ||||||
|  |  | ||||||
| Request | Request | ||||||
| ------- | ------- | ||||||
|   | |||||||
| @@ -415,11 +415,25 @@ API endpoints as below:: | |||||||
|   '/os-baremetal-nodes' |   '/os-baremetal-nodes' | ||||||
|   '/os-fping' |   '/os-fping' | ||||||
|  |  | ||||||
| .. note:: A `regression`_ was introduced in this microversion which broke the | .. note:: | ||||||
|  |  | ||||||
|  |     A `regression`__ was introduced in this microversion which broke the | ||||||
|     ``force`` parameter in the ``PUT /os-quota-sets`` API. The fix will have |     ``force`` parameter in the ``PUT /os-quota-sets`` API. The fix will have | ||||||
|     to be applied to restore this functionality. |     to be applied to restore this functionality. | ||||||
|  |  | ||||||
| .. _regression: https://bugs.launchpad.net/nova/+bug/1733886 |     __ https://bugs.launchpad.net/nova/+bug/1733886 | ||||||
|  |  | ||||||
|  | .. versionchanged:: 18.0.0 | ||||||
|  |  | ||||||
|  |     The ``os-fping`` API was completely removed in the 18.0.0 (Rocky) release. | ||||||
|  |     On deployments newer than this, the API will return HTTP 410 (Gone) | ||||||
|  |     regardless of the requested microversion. | ||||||
|  |  | ||||||
|  | .. versionchanged:: 21.0.0 | ||||||
|  |  | ||||||
|  |     The ``os-security-group-default-rules`` API was completely removed in the | ||||||
|  |     21.0.0 (Ussuri) release. On deployments newer than this, the APIs will | ||||||
|  |     return HTTP 410 (Gone) regadless of the requested microversion. | ||||||
|  |  | ||||||
| 2.37 | 2.37 | ||||||
| ---- | ---- | ||||||
|   | |||||||
| @@ -14,121 +14,24 @@ | |||||||
|  |  | ||||||
| from webob import exc | from webob import exc | ||||||
|  |  | ||||||
| from nova.api.openstack.api_version_request \ |  | ||||||
|     import MAX_PROXY_API_SUPPORT_VERSION |  | ||||||
| from nova.api.openstack.compute import security_groups as sg |  | ||||||
| from nova.api.openstack import wsgi | from nova.api.openstack import wsgi | ||||||
| from nova import exception |  | ||||||
| from nova.i18n import _ |  | ||||||
| from nova.network.security_group import openstack_driver |  | ||||||
| from nova.policies import security_group_default_rules as sgdr_policies |  | ||||||
|  |  | ||||||
|  |  | ||||||
| class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase, | class SecurityGroupDefaultRulesController(wsgi.Controller): | ||||||
|                                           wsgi.Controller): |     """(Removed) Controller for default project security groups.""" | ||||||
|  |  | ||||||
|     def __init__(self): |     @wsgi.expected_errors(410) | ||||||
|         super(SecurityGroupDefaultRulesController, self).__init__() |  | ||||||
|         self.security_group_api = ( |  | ||||||
|             openstack_driver.get_openstack_security_group_driver()) |  | ||||||
|  |  | ||||||
|     @wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION) |  | ||||||
|     @wsgi.expected_errors((400, 409, 501)) |  | ||||||
|     def create(self, req, body): |     def create(self, req, body): | ||||||
|         context = req.environ['nova.context'] |         raise exc.HTTPGone() | ||||||
|         context.can(sgdr_policies.BASE_POLICY_NAME) |  | ||||||
|  |  | ||||||
|         sg_rule = self._from_body(body, 'security_group_default_rule') |     @wsgi.expected_errors(410) | ||||||
|  |  | ||||||
|         try: |  | ||||||
|             values = self._rule_args_to_dict(to_port=sg_rule.get('to_port'), |  | ||||||
|                 from_port=sg_rule.get('from_port'), |  | ||||||
|                 ip_protocol=sg_rule.get('ip_protocol'), |  | ||||||
|                 cidr=sg_rule.get('cidr')) |  | ||||||
|         except (exception.InvalidCidr, |  | ||||||
|                 exception.InvalidInput, |  | ||||||
|                 exception.InvalidIpProtocol, |  | ||||||
|                 exception.InvalidPortRange) as ex: |  | ||||||
|             raise exc.HTTPBadRequest(explanation=ex.format_message()) |  | ||||||
|  |  | ||||||
|         if values is None: |  | ||||||
|             msg = _('Not enough parameters to build a valid rule.') |  | ||||||
|             raise exc.HTTPBadRequest(explanation=msg) |  | ||||||
|  |  | ||||||
|         if self.security_group_api.default_rule_exists(context, values): |  | ||||||
|             msg = _('This default rule already exists.') |  | ||||||
|             raise exc.HTTPConflict(explanation=msg) |  | ||||||
|         security_group_rule = self.security_group_api.add_default_rules( |  | ||||||
|             context, [values])[0] |  | ||||||
|         fmt_rule = self._format_security_group_default_rule( |  | ||||||
|                                                         security_group_rule) |  | ||||||
|         return {'security_group_default_rule': fmt_rule} |  | ||||||
|  |  | ||||||
|     def _rule_args_to_dict(self, to_port=None, from_port=None, |  | ||||||
|                            ip_protocol=None, cidr=None): |  | ||||||
|         cidr = self.security_group_api.parse_cidr(cidr) |  | ||||||
|         return self.security_group_api.new_cidr_ingress_rule( |  | ||||||
|             cidr, ip_protocol, from_port, to_port) |  | ||||||
|  |  | ||||||
|     @wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION) |  | ||||||
|     @wsgi.expected_errors((400, 404, 501)) |  | ||||||
|     def show(self, req, id): |     def show(self, req, id): | ||||||
|         context = req.environ['nova.context'] |         raise exc.HTTPGone() | ||||||
|         context.can(sgdr_policies.BASE_POLICY_NAME) |  | ||||||
|  |  | ||||||
|         try: |     @wsgi.expected_errors(410) | ||||||
|             id = self.security_group_api.validate_id(id) |  | ||||||
|         except exception.Invalid as ex: |  | ||||||
|             raise exc.HTTPBadRequest(explanation=ex.format_message()) |  | ||||||
|  |  | ||||||
|         try: |  | ||||||
|             rule = self.security_group_api.get_default_rule(context, id) |  | ||||||
|         except exception.SecurityGroupDefaultRuleNotFound as ex: |  | ||||||
|             raise exc.HTTPNotFound(explanation=ex.format_message()) |  | ||||||
|  |  | ||||||
|         fmt_rule = self._format_security_group_default_rule(rule) |  | ||||||
|         return {"security_group_default_rule": fmt_rule} |  | ||||||
|  |  | ||||||
|     @wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION) |  | ||||||
|     @wsgi.expected_errors((400, 404, 501)) |  | ||||||
|     @wsgi.response(204) |  | ||||||
|     def delete(self, req, id): |     def delete(self, req, id): | ||||||
|         context = req.environ['nova.context'] |         raise exc.HTTPGone() | ||||||
|         context.can(sgdr_policies.BASE_POLICY_NAME) |  | ||||||
|  |  | ||||||
|         try: |     @wsgi.expected_errors(410) | ||||||
|             id = self.security_group_api.validate_id(id) |  | ||||||
|         except exception.Invalid as ex: |  | ||||||
|             raise exc.HTTPBadRequest(explanation=ex.format_message()) |  | ||||||
|  |  | ||||||
|         try: |  | ||||||
|             rule = self.security_group_api.get_default_rule(context, id) |  | ||||||
|             self.security_group_api.remove_default_rules(context, [rule['id']]) |  | ||||||
|         except exception.SecurityGroupDefaultRuleNotFound as ex: |  | ||||||
|             raise exc.HTTPNotFound(explanation=ex.format_message()) |  | ||||||
|  |  | ||||||
|     @wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION) |  | ||||||
|     @wsgi.expected_errors((404, 501)) |  | ||||||
|     def index(self, req): |     def index(self, req): | ||||||
|         context = req.environ['nova.context'] |         raise exc.HTTPGone() | ||||||
|         context.can(sgdr_policies.BASE_POLICY_NAME) |  | ||||||
|  |  | ||||||
|         ret = {'security_group_default_rules': []} |  | ||||||
|         try: |  | ||||||
|             for rule in self.security_group_api.get_all_default_rules(context): |  | ||||||
|                 rule_fmt = self._format_security_group_default_rule(rule) |  | ||||||
|                 ret['security_group_default_rules'].append(rule_fmt) |  | ||||||
|         except exception.SecurityGroupDefaultRuleNotFound as ex: |  | ||||||
|             raise exc.HTTPNotFound(explanation=ex.format_message()) |  | ||||||
|  |  | ||||||
|         return ret |  | ||||||
|  |  | ||||||
|     def _format_security_group_default_rule(self, rule): |  | ||||||
|         sg_rule = {} |  | ||||||
|         sg_rule['id'] = rule['id'] |  | ||||||
|         sg_rule['ip_protocol'] = rule['protocol'] |  | ||||||
|         sg_rule['from_port'] = rule['from_port'] |  | ||||||
|         sg_rule['to_port'] = rule['to_port'] |  | ||||||
|         sg_rule['ip_range'] = {} |  | ||||||
|         sg_rule['ip_range'] = {'cidr': rule['cidr']} |  | ||||||
|         return sg_rule |  | ||||||
|   | |||||||
| @@ -53,7 +53,6 @@ from nova.policies import quota_class_sets | |||||||
| from nova.policies import quota_sets | from nova.policies import quota_sets | ||||||
| from nova.policies import remote_consoles | from nova.policies import remote_consoles | ||||||
| from nova.policies import rescue | from nova.policies import rescue | ||||||
| from nova.policies import security_group_default_rules |  | ||||||
| from nova.policies import security_groups | from nova.policies import security_groups | ||||||
| from nova.policies import server_diagnostics | from nova.policies import server_diagnostics | ||||||
| from nova.policies import server_external_events | from nova.policies import server_external_events | ||||||
| @@ -116,7 +115,6 @@ def list_rules(): | |||||||
|         quota_sets.list_rules(), |         quota_sets.list_rules(), | ||||||
|         remote_consoles.list_rules(), |         remote_consoles.list_rules(), | ||||||
|         rescue.list_rules(), |         rescue.list_rules(), | ||||||
|         security_group_default_rules.list_rules(), |  | ||||||
|         security_groups.list_rules(), |         security_groups.list_rules(), | ||||||
|         server_diagnostics.list_rules(), |         server_diagnostics.list_rules(), | ||||||
|         server_external_events.list_rules(), |         server_external_events.list_rules(), | ||||||
|   | |||||||
| @@ -1,56 +0,0 @@ | |||||||
| # Copyright 2016 Cloudbase Solutions Srl |  | ||||||
| # All Rights Reserved. |  | ||||||
| # |  | ||||||
| #    Licensed under the Apache License, Version 2.0 (the "License"); you may |  | ||||||
| #    not use this file except in compliance with the License. You may obtain |  | ||||||
| #    a copy of the License at |  | ||||||
| # |  | ||||||
| #         http://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| # |  | ||||||
| #    Unless required by applicable law or agreed to in writing, software |  | ||||||
| #    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |  | ||||||
| #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |  | ||||||
| #    License for the specific language governing permissions and limitations |  | ||||||
| #    under the License. |  | ||||||
|  |  | ||||||
| from oslo_policy import policy |  | ||||||
|  |  | ||||||
| from nova.policies import base |  | ||||||
|  |  | ||||||
|  |  | ||||||
| BASE_POLICY_NAME = 'os_compute_api:os-security-group-default-rules' |  | ||||||
|  |  | ||||||
|  |  | ||||||
| security_group_default_rules_policies = [ |  | ||||||
|     policy.DocumentedRuleDefault( |  | ||||||
|         BASE_POLICY_NAME, |  | ||||||
|         base.RULE_ADMIN_API, |  | ||||||
|         """List, show information for, create, or delete default security |  | ||||||
| group rules. |  | ||||||
|  |  | ||||||
| These APIs are only available with nova-network which is now deprecated.""", |  | ||||||
|         [ |  | ||||||
|             { |  | ||||||
|                 'method': 'GET', |  | ||||||
|                 'path': '/os-security-group-default-rules' |  | ||||||
|             }, |  | ||||||
|             { |  | ||||||
|                 'method': 'GET', |  | ||||||
|                 'path': '/os-security-group-default-rules' |  | ||||||
|                         '/{security_group_default_rule_id}' |  | ||||||
|             }, |  | ||||||
|             { |  | ||||||
|                 'method': 'POST', |  | ||||||
|                 'path': '/os-security-group-default-rules' |  | ||||||
|             }, |  | ||||||
|             { |  | ||||||
|                 'method': 'DELETE', |  | ||||||
|                 'path': '/os-security-group-default-rules' |  | ||||||
|                         '/{security_group_default_rule_id}' |  | ||||||
|             } |  | ||||||
|         ]), |  | ||||||
| ] |  | ||||||
|  |  | ||||||
|  |  | ||||||
| def list_rules(): |  | ||||||
|     return security_group_default_rules_policies |  | ||||||
| @@ -1,8 +0,0 @@ | |||||||
| { |  | ||||||
|     "security_group_default_rule": { |  | ||||||
|         "ip_protocol": "TCP", |  | ||||||
|         "from_port": "80", |  | ||||||
|         "to_port": "80", |  | ||||||
|         "cidr": "10.10.10.0/24" |  | ||||||
|     } |  | ||||||
| } |  | ||||||
| @@ -1,11 +0,0 @@ | |||||||
| { |  | ||||||
|     "security_group_default_rule": { |  | ||||||
|         "from_port": 80, |  | ||||||
|         "id": 1, |  | ||||||
|         "ip_protocol": "TCP", |  | ||||||
|         "ip_range":{ |  | ||||||
|             "cidr": "10.10.10.0/24" |  | ||||||
|         }, |  | ||||||
|         "to_port": 80 |  | ||||||
|     } |  | ||||||
| } |  | ||||||
| @@ -1,13 +0,0 @@ | |||||||
| { |  | ||||||
|     "security_group_default_rules": [ |  | ||||||
|         { |  | ||||||
|             "from_port": 80, |  | ||||||
|             "id": 1, |  | ||||||
|             "ip_protocol": "TCP", |  | ||||||
|             "ip_range": { |  | ||||||
|                 "cidr": "10.10.10.0/24" |  | ||||||
|             }, |  | ||||||
|             "to_port": 80 |  | ||||||
|         } |  | ||||||
|     ] |  | ||||||
| } |  | ||||||
| @@ -1,11 +0,0 @@ | |||||||
| { |  | ||||||
|     "security_group_default_rule": { |  | ||||||
|         "id": 1, |  | ||||||
|         "from_port": 80, |  | ||||||
|         "to_port": 80, |  | ||||||
|         "ip_protocol": "TCP", |  | ||||||
|         "ip_range": { |  | ||||||
|             "cidr": "10.10.10.0/24" |  | ||||||
|         } |  | ||||||
|     } |  | ||||||
| } |  | ||||||
| @@ -15,29 +15,17 @@ | |||||||
| from nova.tests.functional.api_sample_tests import api_sample_base | from nova.tests.functional.api_sample_tests import api_sample_base | ||||||
|  |  | ||||||
|  |  | ||||||
| # TODO(stephenfin): Remove this API since it's nova-network only |  | ||||||
| class SecurityGroupDefaultRulesSampleJsonTest( | class SecurityGroupDefaultRulesSampleJsonTest( | ||||||
|         api_sample_base.ApiSampleTestBaseV21): |         api_sample_base.ApiSampleTestBaseV21): | ||||||
|     USE_NEUTRON = False  # nova-net only |  | ||||||
|     ADMIN_API = True |  | ||||||
|     sample_dir = 'os-security-group-default-rules' |  | ||||||
|  |  | ||||||
|     def test_security_group_default_rules_create(self): |     def test_security_group_default_rules_create(self): | ||||||
|         response = self._do_post('os-security-group-default-rules', |         self.api.api_post('os-security-group-default-rules', {}, | ||||||
|                                  'security-group-default-rules-create-req', |                           check_response_status=[410]) | ||||||
|                                  {}) |  | ||||||
|         self._verify_response('security-group-default-rules-create-resp', |  | ||||||
|                               {}, response, 200) |  | ||||||
|  |  | ||||||
|     def test_security_group_default_rules_list(self): |     def test_security_group_default_rules_list(self): | ||||||
|         self.test_security_group_default_rules_create() |         self.api.api_get('os-security-group-default-rules', | ||||||
|         response = self._do_get('os-security-group-default-rules') |                          check_response_status=[410]) | ||||||
|         self._verify_response('security-group-default-rules-list-resp', |  | ||||||
|                               {}, response, 200) |  | ||||||
|  |  | ||||||
|     def test_security_group_default_rules_show(self): |     def test_security_group_default_rules_show(self): | ||||||
|         self.test_security_group_default_rules_create() |         self.api.api_get('os-security-group-default-rules/1', | ||||||
|         rule_id = '1' |                          check_response_status=[410]) | ||||||
|         response = self._do_get('os-security-group-default-rules/%s' % rule_id) |  | ||||||
|         self._verify_response('security-group-default-rules-show-resp', |  | ||||||
|                               {}, response, 200) |  | ||||||
|   | |||||||
| @@ -1,366 +0,0 @@ | |||||||
| # Copyright 2013 Metacloud, Inc |  | ||||||
| # |  | ||||||
| #    Licensed under the Apache License, Version 2.0 (the "License"); you may |  | ||||||
| #    not use this file except in compliance with the License. You may obtain |  | ||||||
| #    a copy of the License at |  | ||||||
| # |  | ||||||
| #         http://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| # |  | ||||||
| #    Unless required by applicable law or agreed to in writing, software |  | ||||||
| #    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |  | ||||||
| #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |  | ||||||
| #    License for the specific language governing permissions and limitations |  | ||||||
| #    under the License. |  | ||||||
|  |  | ||||||
| import mock |  | ||||||
| import webob |  | ||||||
|  |  | ||||||
| from nova.api.openstack.compute import \ |  | ||||||
|     security_group_default_rules as security_group_default_rules_v21 |  | ||||||
| from nova import context |  | ||||||
| import nova.db.api |  | ||||||
| from nova import exception |  | ||||||
| from nova import test |  | ||||||
| from nova.tests.unit.api.openstack import fakes |  | ||||||
|  |  | ||||||
|  |  | ||||||
| class AttrDict(dict): |  | ||||||
|     def __getattr__(self, k): |  | ||||||
|         return self[k] |  | ||||||
|  |  | ||||||
|  |  | ||||||
| def security_group_default_rule_template(**kwargs): |  | ||||||
|     rule = kwargs.copy() |  | ||||||
|     rule.setdefault('ip_protocol', 'TCP') |  | ||||||
|     rule.setdefault('from_port', 22) |  | ||||||
|     rule.setdefault('to_port', 22) |  | ||||||
|     rule.setdefault('cidr', '10.10.10.0/24') |  | ||||||
|     return rule |  | ||||||
|  |  | ||||||
|  |  | ||||||
| def security_group_default_rule_db(security_group_default_rule, id=None): |  | ||||||
|     attrs = security_group_default_rule.copy() |  | ||||||
|     if id is not None: |  | ||||||
|         attrs['id'] = id |  | ||||||
|     return AttrDict(attrs) |  | ||||||
|  |  | ||||||
|  |  | ||||||
| class TestSecurityGroupDefaultRulesNeutronV21(test.TestCase): |  | ||||||
|     controller_cls = (security_group_default_rules_v21. |  | ||||||
|                       SecurityGroupDefaultRulesController) |  | ||||||
|  |  | ||||||
|     def setUp(self): |  | ||||||
|         self.flags(use_neutron=True) |  | ||||||
|         super(TestSecurityGroupDefaultRulesNeutronV21, self).setUp() |  | ||||||
|         self.controller = self.controller_cls() |  | ||||||
|  |  | ||||||
|     def test_create_security_group_default_rule_not_implemented_neutron(self): |  | ||||||
|         sgr = security_group_default_rule_template() |  | ||||||
|         req = fakes.HTTPRequest.blank( |  | ||||||
|             '/v2/%s/os-security-group-default-rules' % fakes.FAKE_PROJECT_ID, |  | ||||||
|             use_admin_context=True) |  | ||||||
|         self.assertRaises(webob.exc.HTTPNotImplemented, self.controller.create, |  | ||||||
|                           req, {'security_group_default_rule': sgr}) |  | ||||||
|  |  | ||||||
|     def test_security_group_default_rules_list_not_implemented_neutron(self): |  | ||||||
|         req = fakes.HTTPRequest.blank( |  | ||||||
|             '/v2/%s/os-security-group-default-rules' % fakes.FAKE_PROJECT_ID, |  | ||||||
|             use_admin_context=True) |  | ||||||
|         self.assertRaises(webob.exc.HTTPNotImplemented, self.controller.index, |  | ||||||
|                           req) |  | ||||||
|  |  | ||||||
|     def test_security_group_default_rules_show_not_implemented_neutron(self): |  | ||||||
|         req = fakes.HTTPRequest.blank( |  | ||||||
|             '/v2/%s/os-security-group-default-rules' % fakes.FAKE_PROJECT_ID, |  | ||||||
|             use_admin_context=True) |  | ||||||
|         self.assertRaises(webob.exc.HTTPNotImplemented, self.controller.show, |  | ||||||
|                           req, '602ed77c-a076-4f9b-a617-f93b847b62c5') |  | ||||||
|  |  | ||||||
|     def test_security_group_default_rules_delete_not_implemented_neutron(self): |  | ||||||
|         req = fakes.HTTPRequest.blank( |  | ||||||
|             '/v2/%s/os-security-group-default-rules' % fakes.FAKE_PROJECT_ID, |  | ||||||
|             use_admin_context=True) |  | ||||||
|         self.assertRaises(webob.exc.HTTPNotImplemented, self.controller.delete, |  | ||||||
|                           req, '602ed77c-a076-4f9b-a617-f93b847b62c5') |  | ||||||
|  |  | ||||||
|  |  | ||||||
| class TestSecurityGroupDefaultRulesV21(test.TestCase): |  | ||||||
|     controller_cls = (security_group_default_rules_v21. |  | ||||||
|                       SecurityGroupDefaultRulesController) |  | ||||||
|  |  | ||||||
|     def setUp(self): |  | ||||||
|         super(TestSecurityGroupDefaultRulesV21, self).setUp() |  | ||||||
|         self.flags(use_neutron=False) |  | ||||||
|         self.controller = self.controller_cls() |  | ||||||
|         self.req = fakes.HTTPRequest.blank( |  | ||||||
|             '/v2/%s/os-security-group-default-rules' % fakes.FAKE_PROJECT_ID) |  | ||||||
|  |  | ||||||
|     def test_create_security_group_default_rule(self): |  | ||||||
|         sgr = security_group_default_rule_template() |  | ||||||
|  |  | ||||||
|         sgr_dict = dict(security_group_default_rule=sgr) |  | ||||||
|         res_dict = self.controller.create(self.req, sgr_dict) |  | ||||||
|         security_group_default_rule = res_dict['security_group_default_rule'] |  | ||||||
|         self.assertEqual(security_group_default_rule['ip_protocol'], |  | ||||||
|                          sgr['ip_protocol']) |  | ||||||
|         self.assertEqual(security_group_default_rule['from_port'], |  | ||||||
|                          sgr['from_port']) |  | ||||||
|         self.assertEqual(security_group_default_rule['to_port'], |  | ||||||
|                          sgr['to_port']) |  | ||||||
|         self.assertEqual(security_group_default_rule['ip_range']['cidr'], |  | ||||||
|                          sgr['cidr']) |  | ||||||
|  |  | ||||||
|     def test_create_security_group_default_rule_with_no_to_port(self): |  | ||||||
|         sgr = security_group_default_rule_template() |  | ||||||
|         del sgr['to_port'] |  | ||||||
|  |  | ||||||
|         self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create, |  | ||||||
|                           self.req, {'security_group_default_rule': sgr}) |  | ||||||
|  |  | ||||||
|     def test_create_security_group_default_rule_with_no_from_port(self): |  | ||||||
|         sgr = security_group_default_rule_template() |  | ||||||
|         del sgr['from_port'] |  | ||||||
|  |  | ||||||
|         self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create, |  | ||||||
|                           self.req, {'security_group_default_rule': sgr}) |  | ||||||
|  |  | ||||||
|     def test_create_security_group_default_rule_with_no_ip_protocol(self): |  | ||||||
|         sgr = security_group_default_rule_template() |  | ||||||
|         del sgr['ip_protocol'] |  | ||||||
|  |  | ||||||
|         self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create, |  | ||||||
|                           self.req, {'security_group_default_rule': sgr}) |  | ||||||
|  |  | ||||||
|     def test_create_security_group_default_rule_with_no_cidr(self): |  | ||||||
|         sgr = security_group_default_rule_template() |  | ||||||
|         del sgr['cidr'] |  | ||||||
|  |  | ||||||
|         res_dict = self.controller.create(self.req, |  | ||||||
|                                           {'security_group_default_rule': sgr}) |  | ||||||
|         security_group_default_rule = res_dict['security_group_default_rule'] |  | ||||||
|         self.assertNotEqual(security_group_default_rule['id'], 0) |  | ||||||
|         self.assertEqual(security_group_default_rule['ip_range']['cidr'], |  | ||||||
|                          '0.0.0.0/0') |  | ||||||
|  |  | ||||||
|     def test_create_security_group_default_rule_with_blank_to_port(self): |  | ||||||
|         sgr = security_group_default_rule_template(to_port='') |  | ||||||
|  |  | ||||||
|         self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create, |  | ||||||
|                           self.req, {'security_group_default_rule': sgr}) |  | ||||||
|  |  | ||||||
|     def test_create_security_group_default_rule_with_blank_from_port(self): |  | ||||||
|         sgr = security_group_default_rule_template(from_port='') |  | ||||||
|  |  | ||||||
|         self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create, |  | ||||||
|                           self.req, {'security_group_default_rule': sgr}) |  | ||||||
|  |  | ||||||
|     def test_create_security_group_default_rule_with_blank_ip_protocol(self): |  | ||||||
|         sgr = security_group_default_rule_template(ip_protocol='') |  | ||||||
|  |  | ||||||
|         self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create, |  | ||||||
|                           self.req, {'security_group_default_rule': sgr}) |  | ||||||
|  |  | ||||||
|     def test_create_security_group_default_rule_with_blank_cidr(self): |  | ||||||
|         sgr = security_group_default_rule_template(cidr='') |  | ||||||
|  |  | ||||||
|         res_dict = self.controller.create(self.req, |  | ||||||
|                                           {'security_group_default_rule': sgr}) |  | ||||||
|         security_group_default_rule = res_dict['security_group_default_rule'] |  | ||||||
|         self.assertNotEqual(security_group_default_rule['id'], 0) |  | ||||||
|         self.assertEqual(security_group_default_rule['ip_range']['cidr'], |  | ||||||
|                          '0.0.0.0/0') |  | ||||||
|  |  | ||||||
|     def test_create_security_group_default_rule_non_numerical_to_port(self): |  | ||||||
|         sgr = security_group_default_rule_template(to_port='invalid') |  | ||||||
|  |  | ||||||
|         self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create, |  | ||||||
|                           self.req, {'security_group_default_rule': sgr}) |  | ||||||
|  |  | ||||||
|     def test_create_security_group_default_rule_non_numerical_from_port(self): |  | ||||||
|         sgr = security_group_default_rule_template(from_port='invalid') |  | ||||||
|  |  | ||||||
|         self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create, |  | ||||||
|                           self.req, {'security_group_default_rule': sgr}) |  | ||||||
|  |  | ||||||
|     def test_create_security_group_default_rule_invalid_ip_protocol(self): |  | ||||||
|         sgr = security_group_default_rule_template(ip_protocol='invalid') |  | ||||||
|  |  | ||||||
|         self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create, |  | ||||||
|                           self.req, {'security_group_default_rule': sgr}) |  | ||||||
|  |  | ||||||
|     def test_create_security_group_default_rule_invalid_cidr(self): |  | ||||||
|         sgr = security_group_default_rule_template(cidr='10.10.2222.0/24') |  | ||||||
|  |  | ||||||
|         self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create, |  | ||||||
|                           self.req, {'security_group_default_rule': sgr}) |  | ||||||
|  |  | ||||||
|     def test_create_security_group_default_rule_invalid_to_port(self): |  | ||||||
|         sgr = security_group_default_rule_template(to_port='666666') |  | ||||||
|  |  | ||||||
|         self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create, |  | ||||||
|                           self.req, {'security_group_default_rule': sgr}) |  | ||||||
|  |  | ||||||
|     def test_create_security_group_default_rule_invalid_from_port(self): |  | ||||||
|         sgr = security_group_default_rule_template(from_port='666666') |  | ||||||
|  |  | ||||||
|         self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create, |  | ||||||
|                           self.req, {'security_group_default_rule': sgr}) |  | ||||||
|  |  | ||||||
|     def test_create_security_group_default_rule_with_no_body(self): |  | ||||||
|         self.assertRaises(webob.exc.HTTPBadRequest, |  | ||||||
|                           self.controller.create, self.req, None) |  | ||||||
|  |  | ||||||
|     def test_create_duplicate_security_group_default_rule(self): |  | ||||||
|         sgr = security_group_default_rule_template() |  | ||||||
|  |  | ||||||
|         self.controller.create(self.req, {'security_group_default_rule': sgr}) |  | ||||||
|  |  | ||||||
|         self.assertRaises(webob.exc.HTTPConflict, self.controller.create, |  | ||||||
|                           self.req, {'security_group_default_rule': sgr}) |  | ||||||
|  |  | ||||||
|     def test_security_group_default_rules_list(self): |  | ||||||
|         self.test_create_security_group_default_rule() |  | ||||||
|         rules = [dict(id=1, |  | ||||||
|         ip_protocol='TCP', |  | ||||||
|         from_port=22, |  | ||||||
|         to_port=22, |  | ||||||
|         ip_range=dict(cidr='10.10.10.0/24'))] |  | ||||||
|         expected = {'security_group_default_rules': rules} |  | ||||||
|  |  | ||||||
|         res_dict = self.controller.index(self.req) |  | ||||||
|         self.assertEqual(res_dict, expected) |  | ||||||
|  |  | ||||||
|     @mock.patch('nova.db.api.security_group_default_rule_list', |  | ||||||
|                 side_effect=(exception. |  | ||||||
|                     SecurityGroupDefaultRuleNotFound("Rule Not Found"))) |  | ||||||
|     def test_non_existing_security_group_default_rules_list(self, |  | ||||||
|                                                             mock_sec_grp_rule): |  | ||||||
|         self.assertRaises(webob.exc.HTTPNotFound, |  | ||||||
|                           self.controller.index, self.req) |  | ||||||
|  |  | ||||||
|     def test_default_security_group_default_rule_show(self): |  | ||||||
|         sgr = security_group_default_rule_template(id=1) |  | ||||||
|  |  | ||||||
|         self.test_create_security_group_default_rule() |  | ||||||
|  |  | ||||||
|         res_dict = self.controller.show(self.req, '1') |  | ||||||
|  |  | ||||||
|         security_group_default_rule = res_dict['security_group_default_rule'] |  | ||||||
|  |  | ||||||
|         self.assertEqual(security_group_default_rule['ip_protocol'], |  | ||||||
|                          sgr['ip_protocol']) |  | ||||||
|         self.assertEqual(security_group_default_rule['to_port'], |  | ||||||
|                          sgr['to_port']) |  | ||||||
|         self.assertEqual(security_group_default_rule['from_port'], |  | ||||||
|                          sgr['from_port']) |  | ||||||
|         self.assertEqual(security_group_default_rule['ip_range']['cidr'], |  | ||||||
|                          sgr['cidr']) |  | ||||||
|  |  | ||||||
|     @mock.patch('nova.db.api.security_group_default_rule_get', |  | ||||||
|                 side_effect=(exception. |  | ||||||
|                     SecurityGroupDefaultRuleNotFound("Rule Not Found"))) |  | ||||||
|     def test_non_existing_security_group_default_rule_show(self, |  | ||||||
|                                                            mock_sec_grp_rule): |  | ||||||
|         self.assertRaises(webob.exc.HTTPNotFound, |  | ||||||
|                           self.controller.show, self.req, '1') |  | ||||||
|  |  | ||||||
|     def test_delete_security_group_default_rule(self): |  | ||||||
|         sgr = security_group_default_rule_template(id=1) |  | ||||||
|  |  | ||||||
|         self.test_create_security_group_default_rule() |  | ||||||
|  |  | ||||||
|         self.called = False |  | ||||||
|  |  | ||||||
|         def security_group_default_rule_destroy(context, id): |  | ||||||
|             self.called = True |  | ||||||
|  |  | ||||||
|         def return_security_group_default_rule(context, id): |  | ||||||
|             self.assertEqual(sgr['id'], id) |  | ||||||
|             return security_group_default_rule_db(sgr) |  | ||||||
|  |  | ||||||
|         self.stub_out('nova.db.api.security_group_default_rule_destroy', |  | ||||||
|                       security_group_default_rule_destroy) |  | ||||||
|         self.stub_out('nova.db.api.security_group_default_rule_get', |  | ||||||
|                       return_security_group_default_rule) |  | ||||||
|  |  | ||||||
|         self.controller.delete(self.req, '1') |  | ||||||
|  |  | ||||||
|         self.assertTrue(self.called) |  | ||||||
|  |  | ||||||
|     @mock.patch('nova.db.api.security_group_default_rule_destroy', |  | ||||||
|                 side_effect=(exception. |  | ||||||
|                     SecurityGroupDefaultRuleNotFound("Rule Not Found"))) |  | ||||||
|     def test_non_existing_security_group_default_rule_delete( |  | ||||||
|             self, mock_sec_grp_rule): |  | ||||||
|         self.assertRaises(webob.exc.HTTPNotFound, |  | ||||||
|                           self.controller.delete, self.req, '1') |  | ||||||
|  |  | ||||||
|     def test_security_group_ensure_default(self): |  | ||||||
|         sgr = security_group_default_rule_template(id=1) |  | ||||||
|         self.test_create_security_group_default_rule() |  | ||||||
|  |  | ||||||
|         ctxt = context.get_admin_context() |  | ||||||
|  |  | ||||||
|         setattr(ctxt, 'project_id', 'new_project_id') |  | ||||||
|  |  | ||||||
|         sg = nova.db.api.security_group_ensure_default(ctxt) |  | ||||||
|         rules = nova.db.api.security_group_rule_get_by_security_group( |  | ||||||
|             ctxt, sg.id) |  | ||||||
|         security_group_rule = rules[0] |  | ||||||
|         self.assertEqual(sgr['id'], security_group_rule.id) |  | ||||||
|         self.assertEqual(sgr['ip_protocol'], security_group_rule.protocol) |  | ||||||
|         self.assertEqual(sgr['from_port'], security_group_rule.from_port) |  | ||||||
|         self.assertEqual(sgr['to_port'], security_group_rule.to_port) |  | ||||||
|         self.assertEqual(sgr['cidr'], security_group_rule.cidr) |  | ||||||
|  |  | ||||||
|  |  | ||||||
| class SecurityGroupDefaultRulesPolicyEnforcementV21(test.NoDBTestCase): |  | ||||||
|  |  | ||||||
|     def setUp(self): |  | ||||||
|         super(SecurityGroupDefaultRulesPolicyEnforcementV21, self).setUp() |  | ||||||
|         self.controller = (security_group_default_rules_v21. |  | ||||||
|                            SecurityGroupDefaultRulesController()) |  | ||||||
|         self.req = fakes.HTTPRequest.blank('') |  | ||||||
|  |  | ||||||
|     def _common_policy_check(self, func, *arg, **kwarg): |  | ||||||
|         rule_name = "os_compute_api:os-security-group-default-rules" |  | ||||||
|         rule = {rule_name: "project:non_fake"} |  | ||||||
|         self.policy.set_rules(rule) |  | ||||||
|         exc = self.assertRaises( |  | ||||||
|             exception.PolicyNotAuthorized, func, *arg, **kwarg) |  | ||||||
|         self.assertEqual( |  | ||||||
|             "Policy doesn't allow %s to be performed." % |  | ||||||
|             rule_name, exc.format_message()) |  | ||||||
|  |  | ||||||
|     def test_create_policy_failed(self): |  | ||||||
|         self._common_policy_check(self.controller.create, self.req, {}) |  | ||||||
|  |  | ||||||
|     def test_show_policy_failed(self): |  | ||||||
|         self._common_policy_check( |  | ||||||
|             self.controller.show, self.req, fakes.FAKE_UUID) |  | ||||||
|  |  | ||||||
|     def test_delete_policy_failed(self): |  | ||||||
|         self._common_policy_check( |  | ||||||
|             self.controller.delete, self.req, fakes.FAKE_UUID) |  | ||||||
|  |  | ||||||
|     def test_index_policy_failed(self): |  | ||||||
|         self._common_policy_check(self.controller.index, self.req) |  | ||||||
|  |  | ||||||
|  |  | ||||||
| class TestSecurityGroupDefaultRulesDeprecation(test.NoDBTestCase): |  | ||||||
|  |  | ||||||
|     def setUp(self): |  | ||||||
|         super(TestSecurityGroupDefaultRulesDeprecation, self).setUp() |  | ||||||
|         self.req = fakes.HTTPRequest.blank('', version='2.36') |  | ||||||
|         self.controller = (security_group_default_rules_v21. |  | ||||||
|                            SecurityGroupDefaultRulesController()) |  | ||||||
|  |  | ||||||
|     def test_all_apis_return_not_found(self): |  | ||||||
|         self.assertRaises(exception.VersionNotFoundForAPIMethod, |  | ||||||
|             self.controller.create, self.req, {}) |  | ||||||
|         self.assertRaises(exception.VersionNotFoundForAPIMethod, |  | ||||||
|             self.controller.show, self.req, fakes.FAKE_UUID) |  | ||||||
|         self.assertRaises(exception.VersionNotFoundForAPIMethod, |  | ||||||
|             self.controller.delete, self.req, fakes.FAKE_UUID) |  | ||||||
|         self.assertRaises(exception.VersionNotFoundForAPIMethod, |  | ||||||
|             self.controller.index, self.req) |  | ||||||
| @@ -71,7 +71,6 @@ policy_data = """ | |||||||
|     "os_compute_api:os-quota-class-sets:update": "", |     "os_compute_api:os-quota-class-sets:update": "", | ||||||
|     "os_compute_api:os-quota-class-sets:show": "", |     "os_compute_api:os-quota-class-sets:show": "", | ||||||
|     "os_compute_api:os-rescue": "", |     "os_compute_api:os-rescue": "", | ||||||
|     "os_compute_api:os-security-group-default-rules": "", |  | ||||||
|     "os_compute_api:os-server-diagnostics": "", |     "os_compute_api:os-server-diagnostics": "", | ||||||
|     "os_compute_api:os-server-password": "", |     "os_compute_api:os-server-password": "", | ||||||
|     "os_compute_api:os-server-tags:index": "", |     "os_compute_api:os-server-tags:index": "", | ||||||
|   | |||||||
| @@ -350,7 +350,6 @@ class RealRolePolicyTestCase(test.NoDBTestCase): | |||||||
| "os_compute_api:os-networks-associate", | "os_compute_api:os-networks-associate", | ||||||
| "os_compute_api:os-quota-sets:update", | "os_compute_api:os-quota-sets:update", | ||||||
| "os_compute_api:os-quota-sets:delete", | "os_compute_api:os-quota-sets:delete", | ||||||
| "os_compute_api:os-security-group-default-rules", |  | ||||||
| "os_compute_api:os-server-diagnostics", | "os_compute_api:os-server-diagnostics", | ||||||
| "os_compute_api:os-services", | "os_compute_api:os-services", | ||||||
| "os_compute_api:os-shelve:shelve_offload", | "os_compute_api:os-shelve:shelve_offload", | ||||||
|   | |||||||
							
								
								
									
										16
									
								
								releasenotes/notes/remove-nova-network-c02953ba72a1795d.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								releasenotes/notes/remove-nova-network-c02953ba72a1795d.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | |||||||
|  | --- | ||||||
|  | upgrade: | ||||||
|  |   - | | ||||||
|  |     The *nova-network* feature has been deprecated since the 14.0.0 (Newton) | ||||||
|  |     release and has now been removed. The remaining *nova-network* specific | ||||||
|  |     REST APIs have been removed along with their related policy rules. Calling | ||||||
|  |     these APIs will now result in a ``410 (Gone)`` error response. | ||||||
|  |  | ||||||
|  |     * ``GET /os-security-group-default-rules`` | ||||||
|  |     * ``POST /os-security-group-default-rules`` | ||||||
|  |     * ``GET /os-security-group-default-rules/{id}`` | ||||||
|  |     * ``DELETE /os-security-group-default-rules/{id}`` | ||||||
|  |  | ||||||
|  |     The following policies have also been removed. | ||||||
|  |  | ||||||
|  |     * ``os_compute_api:os-security-group-default-rules`` | ||||||
		Reference in New Issue
	
	Block a user
	 Stephen Finucane
					Stephen Finucane