python-openstackclient 6.3.0__py3-none-any.whl → 6.5.0__py3-none-any.whl

openstackclient/network/utils.py

@@ -81,3 +81,103 @@ def str2dict(strdict):
         key, sep, value = kv.partition(':')
         result[key] = value
     return result
+
+
+def format_security_group_rule_show(obj):
+    data = transform_compute_security_group_rule(obj)
+    return zip(*sorted(data.items()))
+
+
+def format_network_port_range(rule):
+    # Display port range or ICMP type and code. For example:
+    # - ICMP type: 'type=3'
+    # - ICMP type and code: 'type=3:code=0'
+    # - ICMP code: Not supported
+    # - Matching port range: '443:443'
+    # - Different port range: '22:24'
+    # - Single port: '80:80'
+    # - No port range: ''
+    port_range = ''
+    if is_icmp_protocol(rule['protocol']):
+        if rule['port_range_min']:
+            port_range += 'type=' + str(rule['port_range_min'])
+        if rule['port_range_max']:
+            port_range += ':code=' + str(rule['port_range_max'])
+    elif rule['port_range_min'] or rule['port_range_max']:
+        port_range_min = str(rule['port_range_min'])
+        port_range_max = str(rule['port_range_max'])
+        if rule['port_range_min'] is None:
+            port_range_min = port_range_max
+        if rule['port_range_max'] is None:
+            port_range_max = port_range_min
+        port_range = port_range_min + ':' + port_range_max
+    return port_range
+
+
+def format_remote_ip_prefix(rule):
+    remote_ip_prefix = rule['remote_ip_prefix']
+    if remote_ip_prefix is None:
+        ethertype = rule['ether_type']
+        if ethertype == 'IPv4':
+            remote_ip_prefix = '0.0.0.0/0'
+        elif ethertype == 'IPv6':
+            remote_ip_prefix = '::/0'
+    return remote_ip_prefix
+
+
+def convert_ipvx_case(string):
+    if string.lower() == 'ipv4':
+        return 'IPv4'
+    if string.lower() == 'ipv6':
+        return 'IPv6'
+    return string
+
+
+def is_icmp_protocol(protocol):
+    # NOTE(rtheis): Neutron has deprecated protocol icmpv6.
+    # However, while the OSC CLI doesn't document the protocol,
+    # the code must still handle it. In addition, handle both
+    # protocol names and numbers.
+    if protocol in ['icmp', 'icmpv6', 'ipv6-icmp', '1', '58']:
+        return True
+    else:
+        return False
+
+
+def convert_to_lowercase(string):
+    return string.lower()
+
+
+def get_protocol(parsed_args, default_protocol='any'):
+    protocol = default_protocol
+    if parsed_args.protocol is not None:
+        protocol = parsed_args.protocol
+    if hasattr(parsed_args, "proto") and parsed_args.proto is not None:
+        protocol = parsed_args.proto
+    if protocol == 'any':
+        protocol = None
+    return protocol
+
+
+def get_ethertype(parsed_args, protocol):
+    ethertype = 'IPv4'
+    if parsed_args.ethertype is not None:
+        ethertype = parsed_args.ethertype
+    elif is_ipv6_protocol(protocol):
+        ethertype = 'IPv6'
+    return ethertype
+
+
+def is_ipv6_protocol(protocol):
+    # NOTE(rtheis): Neutron has deprecated protocol icmpv6.
+    # However, while the OSC CLI doesn't document the protocol,
+    # the code must still handle it. In addition, handle both
+    # protocol names and numbers.
+    if (
+        protocol is not None
+        and protocol.startswith('ipv6-')
+        or protocol in ['icmpv6', '41', '43', '44', '58', '59', '60']
+    ):
+        return True
+    else:
+        return False

openstackclient/network/v2/default_security_group_rule.py

@@ -0,0 +1,418 @@
+#   Licensed under the Apache License, Version 2.0 (the "License"); you may
+#   not use this file except in compliance with the License. You may obtain
+#   a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#   License for the specific language governing permissions and limitations
+#   under the License.
+#
+
+"""Default Security Group Rule action implementations"""
+
+import logging
+
+from osc_lib.cli import parseractions
+from osc_lib.command import command
+from osc_lib import exceptions
+from osc_lib import utils
+
+from openstackclient.i18n import _
+from openstackclient.network import common
+from openstackclient.network import utils as network_utils
+
+LOG = logging.getLogger(__name__)
+
+
+def _get_columns(item):
+    column_map = {}
+    hidden_columns = ['location', 'name', 'revision_number']
+    return utils.get_osc_show_columns_for_sdk_resource(
+        item, column_map, hidden_columns
+    )
+
+
+class CreateDefaultSecurityGroupRule(
+    command.ShowOne, common.NeutronCommandWithExtraArgs
+):
+    """Add a new security group rule to the default security group template.
+
+    These rules will be applied to the default security groups created for any
+    new project. They will not be applied to any existing default security
+    groups.
+    """
+
+    def get_parser(self, prog_name):
+        parser = super().get_parser(prog_name)
+
+        parser.add_argument(
+            '--description',
+            metavar='<description>',
+            help=_("Set default security group rule description"),
+        )
+        parser.add_argument(
+            '--icmp-type',
+            metavar='<icmp-type>',
+            type=int,
+            help=_("ICMP type for ICMP IP protocols"),
+        )
+        parser.add_argument(
+            '--icmp-code',
+            metavar='<icmp-code>',
+            type=int,
+            help=_("ICMP code for ICMP IP protocols"),
+        )
+        direction_group = parser.add_mutually_exclusive_group()
+        direction_group.add_argument(
+            '--ingress',
+            action='store_true',
+            help=_("Rule will apply to incoming network traffic (default)"),
+        )
+        direction_group.add_argument(
+            '--egress',
+            action='store_true',
+            help=_("Rule will apply to outgoing network traffic"),
+        )
+        parser.add_argument(
+            '--ethertype',
+            metavar='<ethertype>',
+            choices=['IPv4', 'IPv6'],
+            type=network_utils.convert_ipvx_case,
+            help=_(
+                "Ethertype of network traffic "
+                "(IPv4, IPv6; default: based on IP protocol)"
+            ),
+        )
+        remote_group = parser.add_mutually_exclusive_group()
+        remote_group.add_argument(
+            "--remote-ip",
+            metavar="<ip-address>",
+            help=_(
+                "Remote IP address block (may use CIDR notation; "
+                "default for IPv4 rule: 0.0.0.0/0, "
+                "default for IPv6 rule: ::/0)"
+            ),
+        )
+        remote_group.add_argument(
+            "--remote-group",
+            metavar="<group>",
+            help=_("Remote security group (ID)"),
+        )
+        remote_group.add_argument(
+            "--remote-address-group",
+            metavar="<group>",
+            help=_("Remote address group (ID)"),
+        )
+
+        parser.add_argument(
+            '--dst-port',
+            metavar='<port-range>',
+            action=parseractions.RangeAction,
+            help=_(
+                "Destination port, may be a single port or a starting and "
+                "ending port range: 137:139. Required for IP protocols TCP "
+                "and UDP. Ignored for ICMP IP protocols."
+            ),
+        )
+        parser.add_argument(
+            '--protocol',
+            metavar='<protocol>',
+            type=network_utils.convert_to_lowercase,
+            help=_(
+                "IP protocol (ah, dccp, egp, esp, gre, icmp, igmp, "
+                "ipv66-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, "
+                "ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp "
+                "and integer representations [0-255] or any; "
+                "default: any (all protocols))"
+            ),
+        )
+        parser.add_argument(
+            '--for-default-sg',
+            action='store_true',
+            default=False,
+            help=_(
+                "Set this default security group rule to be used in all "
+                "default security groups created automatically for each "
+                "project"
+            ),
+        )
+        parser.add_argument(
+            '--for-custom-sg',
+            action='store_true',
+            default=True,
+            help=_(
+                "Set this default security group rule to be used in all "
+                "custom security groups created manually by users"
+            ),
+        )
+        return parser
+
+    def take_action(self, parsed_args):
+        client = self.app.client_manager.sdk_connection.network
+        # Build the create attributes.
+        attrs = {}
+        attrs['protocol'] = network_utils.get_protocol(parsed_args)
+
+        if parsed_args.description is not None:
+            attrs['description'] = parsed_args.description
+
+        # NOTE: A direction must be specified and ingress
+        # is the default.
+        if parsed_args.ingress or not parsed_args.egress:
+            attrs['direction'] = 'ingress'
+        if parsed_args.egress:
+            attrs['direction'] = 'egress'
+
+        # NOTE(rtheis): Use ethertype specified else default based
+        # on IP protocol.
+        attrs['ethertype'] = network_utils.get_ethertype(
+            parsed_args, attrs['protocol']
+        )
+
+        # NOTE(rtheis): Validate the port range and ICMP type and code.
+        # It would be ideal if argparse could do this.
+        if parsed_args.dst_port and (
+            parsed_args.icmp_type or parsed_args.icmp_code
+        ):
+            msg = _(
+                'Argument --dst-port not allowed with arguments '
+                '--icmp-type and --icmp-code'
+            )
+            raise exceptions.CommandError(msg)
+        if parsed_args.icmp_type is None and parsed_args.icmp_code is not None:
+            msg = _('Argument --icmp-type required with argument --icmp-code')
+            raise exceptions.CommandError(msg)
+        is_icmp_protocol = network_utils.is_icmp_protocol(attrs['protocol'])
+        if not is_icmp_protocol and (
+            parsed_args.icmp_type or parsed_args.icmp_code
+        ):
+            msg = _(
+                'ICMP IP protocol required with arguments '
+                '--icmp-type and --icmp-code'
+            )
+            raise exceptions.CommandError(msg)
+        # NOTE(rtheis): For backwards compatibility, continue ignoring
+        # the destination port range when an ICMP IP protocol is specified.
+        if parsed_args.dst_port and not is_icmp_protocol:
+            attrs['port_range_min'] = parsed_args.dst_port[0]
+            attrs['port_range_max'] = parsed_args.dst_port[1]
+        if parsed_args.icmp_type is not None and parsed_args.icmp_type >= 0:
+            attrs['port_range_min'] = parsed_args.icmp_type
+        if parsed_args.icmp_code is not None and parsed_args.icmp_code >= 0:
+            attrs['port_range_max'] = parsed_args.icmp_code
+
+        if parsed_args.remote_group is not None:
+            attrs['remote_group_id'] = parsed_args.remote_group
+        elif parsed_args.remote_address_group is not None:
+            attrs['remote_address_group_id'] = parsed_args.remote_address_group
+        elif parsed_args.remote_ip is not None:
+            attrs['remote_ip_prefix'] = parsed_args.remote_ip
+        elif attrs['ethertype'] == 'IPv4':
+            attrs['remote_ip_prefix'] = '0.0.0.0/0'
+        elif attrs['ethertype'] == 'IPv6':
+            attrs['remote_ip_prefix'] = '::/0'
+
+        attrs['used_in_default_sg'] = parsed_args.for_default_sg
+        attrs['used_in_non_default_sg'] = parsed_args.for_custom_sg
+
+        attrs.update(
+            self._parse_extra_properties(parsed_args.extra_properties)
+        )
+
+        # Create and show the security group rule.
+        obj = client.create_default_security_group_rule(**attrs)
+        display_columns, columns = _get_columns(obj)
+        data = utils.get_item_properties(obj, columns)
+        return (display_columns, data)
+
+
+class DeleteDefaultSecurityGroupRule(command.Command):
+    """Remove security group rule(s) from the default security group template.
+
+    These rules will not longer be applied to the default security groups
+    created for any new project. They will not be removed from any existing
+    default security groups.
+    """
+
+    def get_parser(self, prog_name):
+        parser = super().get_parser(prog_name)
+        parser.add_argument(
+            'rule',
+            metavar='<rule>',
+            nargs="+",
+            help=_("Default security group rule(s) to delete (ID only)"),
+        )
+        return parser
+
+    def take_action(self, parsed_args):
+        result = 0
+        client = self.app.client_manager.sdk_connection.network
+        for r in parsed_args.rule:
+            try:
+                obj = client.find_default_security_group_rule(
+                    r, ignore_missing=False
+                )
+                client.delete_default_security_group_rule(obj)
+            except Exception as e:
+                result += 1
+                LOG.error(
+                    _(
+                        "Failed to delete default SG rule with "
+                        "ID '%(rule_id)s': %(e)s"
+                    ),
+                    {'rule_id': r, 'e': e},
+                )
+
+        if result > 0:
+            total = len(parsed_args.rule)
+            msg = _(
+                "%(result)s of %(total)s default rules failed to delete."
+            ) % {'result': result, 'total': total}
+            raise exceptions.CommandError(msg)
+
+
+class ListDefaultSecurityGroupRule(command.Lister):
+    """List security group rules used for new default security groups.
+
+    This shows the rules that will be added to any new default security groups
+    created. These rules may differ for the rules present on existing default
+    security groups.
+    """
+
+    def _format_network_security_group_rule(self, rule):
+        """Transform the SDK DefaultSecurityGroupRule object to a dict
+
+        The SDK object gets in the way of reformatting columns...
+        Create port_range column from port_range_min and port_range_max
+        """
+        rule = rule.to_dict()
+        rule['port_range'] = network_utils.format_network_port_range(rule)
+        rule['remote_ip_prefix'] = network_utils.format_remote_ip_prefix(rule)
+        return rule
+
+    def get_parser(self, prog_name):
+        parser = super().get_parser(prog_name)
+
+        parser.add_argument(
+            '--protocol',
+            metavar='<protocol>',
+            type=network_utils.convert_to_lowercase,
+            help=_(
+                "List rules by the IP protocol (ah, dhcp, egp, esp, gre, "
+                "icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, "
+                "ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, "
+                "sctp, tcp, udp, udplite, vrrp and integer "
+                "representations [0-255] or any; "
+                "default: any (all protocols))"
+            ),
+        )
+        parser.add_argument(
+            '--ethertype',
+            metavar='<ethertype>',
+            type=network_utils.convert_to_lowercase,
+            help=_("List default rules by the Ethertype (IPv4 or IPv6)"),
+        )
+        direction_group = parser.add_mutually_exclusive_group()
+        direction_group.add_argument(
+            '--ingress',
+            action='store_true',
+            help=_(
+                "List default rules which will be applied to incoming "
+                "network traffic"
+            ),
+        )
+        direction_group.add_argument(
+            '--egress',
+            action='store_true',
+            help=_(
+                "List default rules which will be applied to outgoing "
+                "network traffic"
+            ),
+        )
+        return parser
+
+    def take_action(self, parsed_args):
+        client = self.app.client_manager.sdk_connection.network
+        column_headers = (
+            'ID',
+            'IP Protocol',
+            'Ethertype',
+            'IP Range',
+            'Port Range',
+            'Direction',
+            'Remote Security Group',
+            'Remote Address Group',
+            'Used in default Security Group',
+            'Used in custom Security Group',
+        )
+        columns = (
+            'id',
+            'protocol',
+            'ether_type',
+            'remote_ip_prefix',
+            'port_range',
+            'direction',
+            'remote_group_id',
+            'remote_address_group_id',
+            'used_in_default_sg',
+            'used_in_non_default_sg',
+        )
+
+        # Get the security group rules using the requested query.
+        query = {}
+        if parsed_args.ingress:
+            query['direction'] = 'ingress'
+        if parsed_args.egress:
+            query['direction'] = 'egress'
+        if parsed_args.protocol is not None:
+            query['protocol'] = parsed_args.protocol
+
+        rules = [
+            self._format_network_security_group_rule(r)
+            for r in client.default_security_group_rules(**query)
+        ]
+
+        return (
+            column_headers,
+            (
+                utils.get_dict_properties(
+                    s,
+                    columns,
+                )
+                for s in rules
+            ),
+        )
+
+
+class ShowDefaultSecurityGroupRule(command.ShowOne):
+    """Show a security group rule used for new default security groups.
+
+    This shows a rule that will be added to any new default security groups
+    created. This rule may not be present on existing default security groups.
+    """
+
+    def get_parser(self, prog_name):
+        parser = super().get_parser(prog_name)
+        parser.add_argument(
+            'rule',
+            metavar="<rule>",
+            help=_("Default security group rule to display (ID only)"),
+        )
+        return parser
+
+    def take_action(self, parsed_args):
+        client = self.app.client_manager.sdk_connection.network
+        obj = client.find_default_security_group_rule(
+            parsed_args.rule, ignore_missing=False
+        )
+        # necessary for old rules that have None in this field
+        if not obj['remote_ip_prefix']:
+            obj['remote_ip_prefix'] = network_utils.format_remote_ip_prefix(
+                obj
+            )
+        display_columns, columns = _get_columns(obj)
+        data = utils.get_item_properties(obj, columns)
+        return (display_columns, data)

openstackclient/network/v2/local_ip_association.py

@@ -124,7 +124,7 @@ class DeleteLocalIPAssociation(command.Command):
                         "fixed port "
                         "name or ID '%(fixed_port_id)s': %(e)s"
                     ),
-                    {'fixed port ID': fixed_port_id, 'e': e},
+                    {'fixed_port_id': fixed_port_id, 'e': e},
                 )
 
         if result > 0:

openstackclient/network/v2/ndp_proxy.py

@@ -129,7 +129,7 @@ class DeleteNDPProxy(command.Command):
         if result > 0:
             total = len(parsed_args.ndp_proxy)
             msg = _(
-                "%(result)s of %(total)s NDP Proxy failed " "to delete."
+                "%(result)s of %(total)s NDP proxies failed " "to delete."
             ) % {'result': result, 'total': total}
             raise exceptions.CommandError(msg)
 
@@ -142,12 +142,16 @@ class ListNDPProxy(command.Lister):
         parser.add_argument(
             '--router',
             metavar='<router>',
-            help=_("List only NDP proxies belong to this router (name or ID)"),
+            help=_(
+                "List only NDP proxies belonging to this router (name or ID)"
+            ),
         )
         parser.add_argument(
             '--port',
             metavar='<port>',
-            help=_("List only NDP proxies assocate to this port (name or ID)"),
+            help=_(
+                "List only NDP proxies associated to this port (name or ID)"
+            ),
         )
         parser.add_argument(
             '--ip-address',

openstackclient/network/v2/network.py

@@ -107,7 +107,7 @@ def _get_attrs_network(client_manager, parsed_args):
         attrs['availability_zone_hints'] = parsed_args.availability_zone_hints
 
     # set description
-    if parsed_args.description:
+    if parsed_args.description is not None:
         attrs['description'] = parsed_args.description
 
     # set mtu
@@ -139,7 +139,7 @@ def _get_attrs_network(client_manager, parsed_args):
     if 'no_qos_policy' in parsed_args and parsed_args.no_qos_policy:
         attrs['qos_policy_id'] = None
     # Update DNS network options
-    if parsed_args.dns_domain:
+    if parsed_args.dns_domain is not None:
         attrs['dns_domain'] = parsed_args.dns_domain
     return attrs