Os-security-groups
Support management of security group in OS API 1.1 or later version same as it is present in the EC2 API.
Contents
Design
Sr No. | verb | URI | Request |
1 | GET | /security_groups | No Request body |
2 | GET | /security_groups/id | No Request body |
3 | POST | /security_groups | Request body |
4 | DELETE | /security_groups/id | No Request body |
5 | POST | /security_group_rules | Request body |
6 | DELETE | /security_group_rules/id | No request body |
API Operations
Create Security Group API
URL : http://10.2.3.150:8774/v1.1/security_groups
Verb | URI |
POST | /security_groups |
Normal Response Code(s): 200
Error Response Code(s): 500, unauthorized(401), badRequest(400)
This operation creates a new security group into your account.
Error Handling
Name | Description | Error Description |
name | Name of the security group | Security group name is mandatory |
Security group name is an empty string | ||
Security group name should not be greater than 255 characters | ||
description | Description of the security group | Security group description is mandatory |
Security group description is an empty string | ||
Security group description should not be greater than 255 characters |
In all of the above error cases, it returns HTTP status code 400.
Request XML
<security_group name="11111"> <description>test</description> </security_group>
Response XML
<security_group id="39" name="11111" tenant_id="admin" xmlns="http://docs.openstack.org/compute/api/v1.1"> <rules/> <description> test </description> </security_group>
- Note: tenant_id will be the project Id.
Request JSON
{ "security_group" : { "name" : "test12", "description" : "security group description" } }
Response JSON
{ "security_group": { "rules": [], "tenant_id": "admin", "id": 41, "name": "test12", "description": "security group description" } }
Get Security Group
URL: http://10.2.3.150:8774/v1.1/security_groups/<id>
Verb | URI |
GET | /security_groups/id |
Normal Response Code(s): 200
Error Response Code(s): unauthorized(401), ItemNotFound(404)
This operation returns the details of a security group
This operation does not require a request body
Response XML
<security_group id="28" name="default" tenant_id="admin" xmlns="http://docs.openstack.org/compute/api/v1.1"> <rules> <rule id="108" parent_group_id="28"> <from_port> 22 </from_port> <group/> <ip_protocol> tcp </ip_protocol> <to_port> 22 </to_port> <ip_range> <cidr> 10.2.6.0/24 </cidr> </ip_range> </rule> <rule id="109" parent_group_id="28"> <from_port> 22 </from_port> <group> <tenant_id> admin </tenant_id> <name> 11111 </name> </group> <ip_protocol> tcp </ip_protocol> <to_port> 22 </to_port> <ip_range/> </rule> </rules> <description> default </description> </security_group>
Response JSON
{ "security_group": { "rules": [ { "from_port": 22, "group": {}, "ip_protocol": "tcp", "to_port": 22, "parent_group_id": 28, "ip_range": { "cidr": "10.2.6.0/24" }, "id": 108 }, { "from_port": 22, "group": { "tenant_id": "admin", "name": "11111" }, "ip_protocol": "tcp", "to_port": 22, "parent_group_id": 28, "ip_range": {}, "id": 109 } ], "tenant_id": "admin", "id": 28, "name": "default", "description": "default" } }
List Security Groups
URL : http://10.2.3.150:8774/v1.1/security-groups
Verb | URI |
GET | /security_groups |
Normal Response Code(s): 200
Error Response Code(s): unauthorized(401)
This operation provides a list of security groups with your account. Security groups that have been deleted are not included in this list. The list of security groups doesn't support filtering in this version. The list returned is sorted based on the id, if you are a admin user then the list returned is sorted based on the tenant_id (ProjectID) and security group name.
This operation does not require a request body.
Response XML
<security_groups xmlns="http://docs.openstack.org/compute/api/v1.1"> <security_group id="39" name="11111" tenant_id="admin"> <rules/> <description> test </description> </security_group> <security_group id="28" name="default" tenant_id="admin"> <rules> <rule id="108" parent_group_id="28"> <from_port> 22 </from_port> <group/> <ip_protocol> tcp </ip_protocol> <to_port> 22 </to_port> <ip_range> <cidr> 10.2.6.0/24 </cidr> </ip_range> </rule> <rule id="109" parent_group_id="28"> <from_port> 22 </from_port> <group> <tenant_id> admin </tenant_id> <name> 11111 </name> </group> <ip_protocol> tcp </ip_protocol> <to_port> 22 </to_port> <ip_range/> </rule> </rules> <description> default </description> </security_group> </security_groups>
Response JSON
{ "security_groups": [ { "rules": [], "tenant_id": "admin", "id": 39, "name": "11111", "description": "test" }, { "rules": [ { "from_port": 22, "group": {}, "ip_protocol": "tcp", "to_port": 22, "parent_group_id": 28, "ip_range": { "cidr": "10.2.6.0/24" }, "id": 108 }, { "from_port": 22, "group": { "tenant_id": "admin", "name": "11111" }, "ip_protocol": "tcp", "to_port": 22, "parent_group_id": 28, "ip_range": {}, "id": 109 } ], "tenant_id": "admin", "id": 28, "name": "default", "description": "default" } ] }
Delete Security Group
verb | URI |
DELETE | /security-groups/id |
Normal Response Code(s): 202
Error Response Code(s): unauthorized (401), itemNotFound (404)
This operation does not require a request or a response body.
Create Security Group Rule
Verb | URI |
POST | /security_group_rules |
Normal Response Code(s): 202
Error Response Code(s): computeFault(500), unauthorized(401), BadRequest(400), UnprocessableEntity(422), itemNotfound(400)
This operation adds one rule to a security group in a single request.
Exmaple 1 Request XML
<security_group_rule> <ip_protocol>tcp</ip_protocol> <from_port>22</from_port> <to_port>22</to_port> <parent_group_id>28</parent_group_id> <cidr>10.2.6.0/24</cidr> </security_group_rule>
Example 1 XML Response
<security_group_rule id="108" parent_group_id="28" xmlns="http://docs.openstack.org/compute/api/v1.1"> <from_port> 22 </from_port> <group/> <ip_protocol> tcp </ip_protocol> <to_port> 22 </to_port> <ip_range> <cidr> 10.2.6.0/24 </cidr> </ip_range> </security_group_rule>
Example 2 Request XML
<security_group_rule> <ip_protocol>tcp</ip_protocol> <from_port>22</from_port> <to_port>22</to_port> <parent_group_id>28</parent_group_id> <group_id>45</group_id> </security_group_rule>
Example 2 XML Response
<security_group_rule id="108" parent_group_id="28" xmlns="http://docs.openstack.org/compute/api/v1.1"> <from_port> 22 </from_port> </group> <tenant_id>testproject<tenant_id> <name>test</name> <group> <ip_protocol> tcp </ip_protocol> <to_port> 22 </to_port> </ip_range> </security_group_rule>
Example 1 Request JSON
{ "security_group_rule": { "ip_protocol": "tcp", "from_port": "22", "to_port": "22", "parent_group_id": 2, "cidr": "10.2.3.124/24" } }
Example 2 Request JSON
{ "security_group_rule": { "ip_protocol": "tcp", "from_port": "22", "to_port": "22", "group_id": 1, "parent_group_id": 2 } }
Delete Security Group Rule
Verb | URI |
POST | /security_group_rules/id |
Normal Response Code(s): 202
Error Response Code(s): unauthorized(401), itemNotfound(404)
This operation removes one rule from a security group.
This operation does not require a request or a response body.