yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #46505
[Bug 1529109] Re: [RFE] Security groups resources are not extendable
Reviewed: https://review.openstack.org/261338
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=18bc556bd44c5f73e37dbc9687c7792065440722
Submitter: Jenkins
Branch: master
commit 18bc556bd44c5f73e37dbc9687c7792065440722
Author: Roey Chen <roeyc@xxxxxxxxxx>
Date: Thu Dec 24 06:50:00 2015 -0800
Allow other extensions to extend Securitygroup resources
The Neutron Securitygroup extension defines two resources:
security-group
security-group-rule
So that other extensions could extend one or both of this resources, the
security-group extension descriptor must override the base class method,
"neutron.extensions.ExtensionDescriptor.update_attributes_map".
Change-Id: I8c462a4ee6f60ef716bf9e4d7f83a35c7e1dead0
Closes-Bug: #1529109
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1529109
Title:
[RFE] Security groups resources are not extendable
Status in neutron:
Fix Released
Bug description:
The Security Groups extension enables tenant/project to secure its
instances, and covers fairly common use cases where tenant may require to use this feature, however, there are some use-cases which can't be expressed by the current API:
e.g - Allow ingress multicast traffic for a specific set of multicast
addresses.
Some of these use cases are naturally fitting to the security-group flow of use, without impairing its simplicity.
Sure, such enhancements to the security-group API may lack support in some implementations or might not be even relevant - this is why such additions to the API should be introduced by a separate extension.
For example, The "l3" extension defines the 'routers' resource, which is being further extended by "router_availability_zone".
To support the option of extending security-group/-rules resources,
for the reasons described above, the Securitygroup class in
neutron/extensions/securitygroup should override the base method
"update_attributes_map" so that the resources it defines ("security-
group" and "security-group-rules") may be extended by other
extensions.
For example, the "l3" extension descriptor object overrides the same
base method, this allows other extensions like
"router_availability_zone" to extend the "routers" resource.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1529109/+subscriptions
References