yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1529109] Re: [RFE] Security groups resources are not extendable

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1529109@xxxxxxxxxxxxxxxxxx>
Date: Fri, 19 Feb 2016 06:34:05 -0000
Reply-to: Bug 1529109 <1529109@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/261338
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=18bc556bd44c5f73e37dbc9687c7792065440722
Submitter: Jenkins
Branch:    master

commit 18bc556bd44c5f73e37dbc9687c7792065440722
Author: Roey Chen <roeyc@xxxxxxxxxx>
Date:   Thu Dec 24 06:50:00 2015 -0800

    Allow other extensions to extend Securitygroup resources
    
    The Neutron Securitygroup extension defines two resources:
    security-group
    security-group-rule
    
    So that other extensions could extend one or both of this resources, the
    security-group extension descriptor must override the base class method,
    "neutron.extensions.ExtensionDescriptor.update_attributes_map".
    
    Change-Id: I8c462a4ee6f60ef716bf9e4d7f83a35c7e1dead0
    Closes-Bug: #1529109


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1529109

Title:
  [RFE] Security groups resources are not extendable

Status in neutron:
  Fix Released

Bug description:
  The Security Groups extension enables tenant/project to secure its
  instances, and covers fairly common use cases where tenant may require to use this feature, however, there are some use-cases which can't be expressed by the current API:
  e.g - Allow ingress multicast traffic for a specific set of multicast
  addresses.

  Some of these use cases are naturally fitting to the security-group flow of use, without impairing its simplicity.
  Sure, such enhancements to the security-group API may lack support in some implementations or might not be even relevant - this is why such additions to the API should be introduced by a separate extension.
  For example, The "l3" extension defines the 'routers' resource, which is being further extended by "router_availability_zone".

  To support the option of extending security-group/-rules resources,
  for the reasons described above, the Securitygroup class in
  neutron/extensions/securitygroup should override the base method
  "update_attributes_map" so that the resources it defines ("security-
  group" and "security-group-rules") may be extended by other
  extensions.

  For example, the "l3" extension descriptor object overrides the same
  base method, this allows other extensions like
  "router_availability_zone" to extend the "routers" resource.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1529109/+subscriptions

References

[Bug 1529109] [NEW] Secuirty groups resources are not extendable
From: Roey Chen, 2015-12-24