2015-12-24 14:47:06 |
Roey Chen |
description |
The Securitygroup class in neutron/extensions/securitygroup should override the base method "update_attributes_map"
so that the resources it defines ("security-group" and "security-group-rules") may be extended by other extensions. |
The Securitygroup class in neutron/extensions/securitygroup should override the base method "update_attributes_map"
so that the resources it defines ("security-group" and "security-group-rules") may be extended by other extensions.
For example, the "l3" extension overrides the same method, this allows other extensions like "router_availability_zone" to extend the "routers" resource. |
|
2015-12-25 11:44:41 |
Roey Chen |
description |
The Securitygroup class in neutron/extensions/securitygroup should override the base method "update_attributes_map"
so that the resources it defines ("security-group" and "security-group-rules") may be extended by other extensions.
For example, the "l3" extension overrides the same method, this allows other extensions like "router_availability_zone" to extend the "routers" resource. |
The Security Groups extension enables tenant/project to secure its
instances, and covers fairly common use cases where tenant may require to use this feature, however, there are some use-cases which can't be expressed by the current API:
e.g - Allow ingress multicast traffic for a specific set of multicast
addresses.
Some of these use cases are naturally fitting to the security-group flow of use, without impairing its simplicity.
Sure, such enhancements to the security-group API may lack support in some implementations or might not be even relevant - this is why such additions to the API should be introduced by a separate extension.
For example, The "l3" extension defines the 'routers' resource, which is being further extended by "router_availability_zone".
To support the option of extending security-group/-rules resources, for the reasons described above, the Securitygroup class in neutron/extensions/securitygroup should override the base method "update_attributes_map" so that the resources it defines ("security-group" and "security-group-rules") may be extended by other extensions.
For example, the "l3" extension descriptor object overrides the same base method, this allows other extensions like "router_availability_zone" to extend the "routers" resource. |
|