Latest revision as of 23:30, 17 February 2013

Support management of security group in OS API 1.1 or later version same as it is present in the EC2 API.

Design

Sr No.	verb	URI	Request
1	GET	/security_groups	No Request body
2	GET	/security_groups/id	No Request body
3	POST	/security_groups	Request body
4	DELETE	/security_groups/id	No Request body
5	POST	/security_group_rules	Request body
6	DELETE	/security_group_rules/id	No request body

API Operations

Create Security Group API

URL : http://10.2.3.150:8774/v1.1/security_groups

Verb	URI
POST	/security_groups

Normal Response Code(s): 200

Error Response Code(s): 500, unauthorized(401), badRequest(400)

This operation creates a new security group into your account.

Error Handling

Name	Description	Error Description
name	Name of the security group	Security group name is mandatory
		Security group name is an empty string
		Security group name should not be greater than 255 characters
description	Description of the security group	Security group description is mandatory
		Security group description is an empty string
		Security group description should not be greater than 255 characters

In all of the above error cases, it returns HTTP status code 400.

Request XML

<security_group name="11111">
    <description>test</description>
</security_group>

Response XML

<security_group id="39" name="11111" tenant_id="admin" xmlns="http://docs.openstack.org/compute/api/v1.1">
    <rules/>
    <description>
        test
    </description>
</security_group>

Note: tenant_id will be the project Id.

Request JSON

{
  "security_group" :
    {
        "name" : "test12",
        "description" : "security group description"
    }
}

Response JSON

{
   "security_group":
      {
         "rules": [],
         "tenant_id": "admin",
         "id": 41,
         "name": "test12",
         "description": "security group description"
      }
}

Get Security Group

URL: http://10.2.3.150:8774/v1.1/security_groups/<id>

Verb	URI
GET	/security_groups/id

Normal Response Code(s): 200

Error Response Code(s): unauthorized(401), ItemNotFound(404)

This operation returns the details of a security group

This operation does not require a request body

Response XML

<security_group id="28" name="default" tenant_id="admin" xmlns="http://docs.openstack.org/compute/api/v1.1">
    <rules>
        <rule id="108" parent_group_id="28">
            <from_port>
                22
            </from_port>
            <group/>
            <ip_protocol>
                tcp
            </ip_protocol>
            <to_port>
                22
            </to_port>
            <ip_range>
                <cidr>
                    10.2.6.0/24
                </cidr>
            </ip_range>
        </rule>
        <rule id="109" parent_group_id="28">
            <from_port>
                22
            </from_port>
            <group>
                <tenant_id>
                    admin
                </tenant_id>
                <name>
                    11111
                </name>
            </group>
            <ip_protocol>
                tcp
            </ip_protocol>
            <to_port>
                22
            </to_port>
            <ip_range/>
        </rule>
    </rules>
    <description>
        default
    </description>
</security_group>

Response JSON

{
    "security_group":
        {
          "rules": [
              {
                "from_port": 22,
                "group": {},
                "ip_protocol": "tcp",
                "to_port": 22,
                "parent_group_id": 28,
                "ip_range": {
                    "cidr": "10.2.6.0/24"
                 },
                 "id": 108
              },
              {
                 "from_port": 22,
                 "group": {
                     "tenant_id": "admin",
                     "name": "11111"
                  },
                  "ip_protocol": "tcp",
                  "to_port": 22,
                  "parent_group_id": 28,
                  "ip_range": {},
                  "id": 109
               }
          ],
          "tenant_id": "admin",
          "id": 28,
          "name": "default",
          "description": "default"
        }
}

List Security Groups

URL : http://10.2.3.150:8774/v1.1/security-groups

Verb	URI
GET	/security_groups

Normal Response Code(s): 200

Error Response Code(s): unauthorized(401)

This operation provides a list of security groups with your account. Security groups that have been deleted are not included in this list. The list of security groups doesn't support filtering in this version. The list returned is sorted based on the id, if you are a admin user then the list returned is sorted based on the tenant_id (ProjectID) and security group name.

This operation does not require a request body.

Response XML

<security_groups xmlns="http://docs.openstack.org/compute/api/v1.1">
    <security_group id="39" name="11111" tenant_id="admin">
        <rules/>
        <description>
            test
        </description>
    </security_group>
    <security_group id="28" name="default" tenant_id="admin">
        <rules>
            <rule id="108" parent_group_id="28">
                <from_port>
                    22
                </from_port>
                <group/>
                <ip_protocol>
                    tcp
                </ip_protocol>
                <to_port>
                    22
                </to_port>
                <ip_range>
                    <cidr>
                        10.2.6.0/24
                    </cidr>
                </ip_range>
            </rule>
            <rule id="109" parent_group_id="28">
                <from_port>
                    22
                </from_port>
                <group>
                    <tenant_id>
                        admin
                    </tenant_id>
                    <name>
                        11111
                    </name>
                </group>
                <ip_protocol>
                    tcp
                </ip_protocol>
                <to_port>
                    22
                </to_port>
                <ip_range/>
            </rule>
        </rules>
        <description>
            default
        </description>
    </security_group>
</security_groups>

Response JSON

{
    "security_groups": [
        {
           "rules": [],
           "tenant_id": "admin",
           "id": 39,
           "name": "11111",
           "description": "test"
        },
        {
          "rules": [
              {
                "from_port": 22,
                "group": {},
                "ip_protocol": "tcp",
                "to_port": 22,
                "parent_group_id": 28,
                "ip_range": {
                    "cidr": "10.2.6.0/24"
                 },
                 "id": 108
              },
              {
                 "from_port": 22,
                 "group": {
                     "tenant_id": "admin",
                     "name": "11111"
                  },
                  "ip_protocol": "tcp",
                  "to_port": 22,
                  "parent_group_id": 28,
                  "ip_range": {},
                  "id": 109
               }
          ],
          "tenant_id": "admin",
          "id": 28,
          "name": "default",
          "description": "default"
        }
      ]
}

Delete Security Group

verb	URI
DELETE	/security-groups/id

Normal Response Code(s): 202

Error Response Code(s): unauthorized (401), itemNotFound (404)

This operation does not require a request or a response body.

Create Security Group Rule

Verb	URI
POST	/security_group_rules

Normal Response Code(s): 202

Error Response Code(s): computeFault(500), unauthorized(401), BadRequest(400), UnprocessableEntity(422), itemNotfound(400)

This operation adds one rule to a security group in a single request.

Exmaple 1 Request XML

<security_group_rule> 
  <ip_protocol>tcp</ip_protocol>
  <from_port>22</from_port>
  <to_port>22</to_port>
  <parent_group_id>28</parent_group_id>
  <cidr>10.2.6.0/24</cidr>
</security_group_rule>

Example 1 XML Response

<security_group_rule id="108" parent_group_id="28" xmlns="http://docs.openstack.org/compute/api/v1.1">
    <from_port>
        22
    </from_port>
    <group/>
    <ip_protocol>
        tcp
    </ip_protocol>
    <to_port>
        22
    </to_port>
    <ip_range>
        <cidr>
            10.2.6.0/24
        </cidr>
    </ip_range>
</security_group_rule>

Example 2 Request XML

<security_group_rule> 
  <ip_protocol>tcp</ip_protocol>
  <from_port>22</from_port>
  <to_port>22</to_port>
  <parent_group_id>28</parent_group_id>
  <group_id>45</group_id>
</security_group_rule>

Example 2 XML Response

<security_group_rule id="108" parent_group_id="28" xmlns="http://docs.openstack.org/compute/api/v1.1">
    <from_port>
        22
    </from_port>
    </group>
       <tenant_id>testproject<tenant_id>
       <name>test</name>
    <group>
    <ip_protocol>
        tcp
    </ip_protocol>
    <to_port>
        22
    </to_port>
    </ip_range>
</security_group_rule>

Example 1 Request JSON

{
   "security_group_rule": {
       "ip_protocol": "tcp",
       "from_port": "22",
       "to_port": "22",
       "parent_group_id": 2,
       "cidr": "10.2.3.124/24"
    }
}

Example 2 Request JSON

{
  "security_group_rule": {
      "ip_protocol": "tcp",
      "from_port": "22",
      "to_port": "22",
      "group_id": 1,
      "parent_group_id": 2
   }
}

Delete Security Group Rule

Verb	URI
POST	/security_group_rules/id

Normal Response Code(s): 202

Error Response Code(s): unauthorized(401), itemNotfound(404)

This operation removes one rule from a security group.

This operation does not require a request or a response body.

Difference between revisions of "Os-security-groups"

Latest revision as of 23:30, 17 February 2013

Contents

Design

API Operations

Create Security Group API

Request XML

Response XML

Request JSON

Response JSON

Get Security Group

Response XML

Response JSON

List Security Groups

Response XML

Response JSON

Delete Security Group

Create Security Group Rule

Exmaple 1 Request XML

Example 1 XML Response

Example 2 Request XML

Example 2 XML Response

Example 1 Request JSON

Example 2 Request JSON

Delete Security Group Rule

@@ Line 1: / Line 1: @@
-__NOTOC__
 Support management of security group in OS API 1.1 or later version same as it is present in the EC2 API.
 == Design ==
@@ Line 10: / Line 10: @@
 | 1
 | GET
-| /os-security-groups
+| /security_groups
 | No Request body
 |-
 | 2
 | GET
-| /os-security-groups/{id}
+| /security_groups/id
 | No Request body
 |-
 | 3
 | POST
-| /os-security-groups
+| /security_groups
 | Request body
 |-
 | 4
 | DELETE
-| /os-security-groups/{id}
+| /security_groups/id
 | No Request body
 |-
 | 5
 | POST
-| /os-security-groups/{id}/authorize_ingress
+| /security_group_rules
 | Request body
 |-
 | 6
-| POST
+| DELETE
-| /os-security-groups/{id}/revoke_ingress
+| /security_group_rules/id
-|  Request body
+| No request body
-|-
-| 7
-| POST
-| /os-security-groups/detail
-|  n/a
 |}
@@ Line 47: / Line 42: @@
 == Create Security Group API ==
-URL : http://10.2.3.150:8774/v1.1/os-security-groups
+URL : http://10.2.3.150:8774/v1.1/security_groups
 {| border="1" cellpadding="2" cellspacing="0"
@@ Line 54: / Line 49: @@
 |-
 | POST
-| /os-security-groups
+| /security_groups
 |}
@@ Line 100: / Line 95: @@
 <pre><nowiki>
-<securityGroup name="test">
+<security_group name="11111">
-   <description>test</description>
+    <description>test</description>
-</securityGroup>
+</security_group>
 </nowiki></pre>
@@ Line 109: / Line 104: @@
 <pre><nowiki>
-<securityGroup id="34" name="test" userId="admin" xmlns="http://docs.openstack.org/ext/securitygroups/api/v1.1">
+<security_group id="39" name="11111" tenant_id="admin" xmlns="http://docs.openstack.org/compute/api/v1.1">
+    <rules/>
      <description>
          test
      </description>
-</securityGroup>
+</security_group>
 </nowiki></pre>
-* Note: [[UserId]] will be the project Id.
+* Note: tenant_id will be the project Id.
 === Request JSON ===
@@ Line 123: / Line 119: @@
 <pre><nowiki>
 {
-   "securityGroup" :
+   "security_group" :
      {
          "name" : "test12",
@@ Line 136: / Line 132: @@
 <pre><nowiki>
 {
-"securityGroup":{
+   "security_group":
-		 "name": "test12",
+      {
-		 "userId": "admin",
+         "rules": [],
-		 "id": 1,
+         "tenant_id": "admin",
-		 "description": "security group description"
+         "id": 41,
-		}
+         "name": "test12",
+         "description": "security group description"
+      }
 }
 </nowiki></pre>
@@ Line 147: / Line 145: @@
 == Get Security Group ==
-URL: http://10.2.3.150:8774/v1.1/os-security-groups/<id>
+URL: http://10.2.3.150:8774/v1.1/security_groups/<id>
 {| border="1" cellpadding="2" cellspacing="0"
@@ Line 154: / Line 152: @@
 |-
 | GET
-| /os-security-groups/id
+| /security_groups/id
 |}
@@ Line 161: / Line 159: @@
 Error Response Code(s): unauthorized(401), [[ItemNotFound]](404)
-This operation returns the details of a security group bu its ID
+This operation returns the details of a security group
 This operation does not require a request body
@@ Line 168: / Line 166: @@
 <pre><nowiki>
-<securityGroup id="2" name="default" userId="admin" xmlns="http://docs.openstack.org/compute/api/v1.1">
+<security_group id="28" name="default" tenant_id="admin" xmlns="http://docs.openstack.org/compute/api/v1.1">
-     <permissions>
+     <rules>
-         <permission>
+         <rule id="108" parent_group_id="28">
-             <toPort>
+             <from_port>
-             </toPort>
+             </from_port>
-             <fromPort>
+             <group/>
+             <ip_protocol>
-            </fromPort>
-            <sourceGroups/>
-             <protocol>
                  tcp
-             </protocol>
+             </ip_protocol>
-             <ipRanges>
+             <to_port>
-                <ipRange>
-                    <cidrIp>
-.2.3.0/24
-                    </cidrIp>
-                </ipRange>
-            </ipRanges>
-        </permission>
-        <permission>
-            <toPort>
-             </toPort>
+             </to_port>
-             <fromPort>
+             <ip_range>
+                <cidr>
+.2.6.0/24
+                </cidr>
+            </ip_range>
+        </rule>
+        <rule id="109" parent_group_id="28">
+            <from_port>
-             </fromPort>
+             </from_port>
-             <sourceGroups/>
+            <group>
-             <protocol>
+                <tenant_id>
+                    admin
+                </tenant_id>
+                <name>
+                </name>
+             </group>
+             <ip_protocol>
                  tcp
-             </protocol>
+             </ip_protocol>
-             <ipRanges>
+             <to_port>
-                 <ipRange>
-                    <cidrIp>
+             </to_port>
-.2.3.124/24
+             <ip_range/>
-                    </cidrIp>
+         </rule>
-                </ipRange>
+     </rules>
-            </ipRanges>
-        </permission>
-        <permission>
-            <toPort>
-                None
-            </toPort>
-            <fromPort>
-                None
-            </fromPort>
-            <sourceGroups>
-                <sourceGroup>
-                    <userId>
-                        admin
-                    </userId>
-                    <groupId>
-                    </groupId>
-                </sourceGroup>
-            </sourceGroups>
-            <protocol>
-                None
-             </protocol>
-             <ipRanges/>
-         </permission>
-     </permissions>
      <description>
          default
      </description>
-</securityGroup>
+</security_group>
 </nowiki></pre>
@@ Line 240: / Line 215: @@
 <pre><nowiki>
-Response JSON
 {
-     "securityGroup":
+     "security_group":
-       {
+        {
-           "permissions":
+           "rules": [
-          [
-             {
-                "toPort": 22,
-                "fromPort": 22,
-                "sourceGroups": [],
-                "protocol": "tcp",
-                "ipRanges":
-                [
-                    {
-                      "cidrIp": "10.2.3.0/24"
-                    }
-                ]
-              },
                {
-                 "toPort": 22,
+                "from_port": 22,
-                 "fromPort": 22,
+                "group": {},
-                 "sourceGroups": [],
+                "ip_protocol": "tcp",
-                 "protocol": "tcp",
+                "to_port": 22,
-                 "ipRanges":
+                "parent_group_id": 28,
-                  [
+                "ip_range": {
-                     {
+                     "cidr": "10.2.6.0/24"
-                        "cidrIp": "10.2.3.124/24"
+                 },
-                    }
+                 "id": 108
-                  ]
                },
                {
-                "toPort": ,
+                 "from_port": 22,
-                "fromPort": ,
+                 "group": {
-                "sourceGroups":
+                     "tenant_id": "admin",
-                 [
+                     "name": "11111"
-                   {
+                  },
-                        "userId": "admin",
+                  "ip_protocol": "tcp",
-                        "groupId": 20
+                  "to_port": 22,
-                    }
+                  "parent_group_id": 28,
-                 ],
+                  "ip_range": {},
-                 "protocol": ,
+                  "id": 109
-                 "ipRanges": []
                 }
-            ],
+          ],
-            "userId": "admin",
+          "tenant_id": "admin",
-            "id": 2,
+          "id": 28,
-            "name": "default",
+          "name": "default",
-            "description": "default"
+          "description": "default"
-       }
+        }
-  }
+}
 </nowiki></pre>
-== List security groups ==
+== List Security Groups ==
-URL : http://10.2.3.150:8774/v1.1/os-security-groups
+URL : http://10.2.3.150:8774/v1.1/security-groups
 {| border="1" cellpadding="2" cellspacing="0"
@@ Line 301: / Line 260: @@
 |-
 | GET
-| /os-security-groups
+| /security_groups
 |}
@@ Line 309: / Line 268: @@
 This operation provides a list of security groups with your account. Security groups that have been deleted are not included in this list.
-The list of security groups doesn't support filtering in this version. The list returned is sorted based on the id, if you are a admin user then the list returned is sorted based on the userID (ProjectID) and IDs of the security groups.
+The list of security groups doesn't support filtering in this version. The list returned is sorted based on the id, if you are a admin user then the list returned is sorted based on the tenant_id (ProjectID) and security group name.
 This operation does not require a request body.
@@ Line 316: / Line 275: @@
 <pre><nowiki>
-<securityGroups xmlns="http://docs.openstack.org/compute/api/v1.1">
+<security_groups xmlns="http://docs.openstack.org/compute/api/v1.1">
-     <securityGroup id="2" name="default" userId="admin">
+     <security_group id="39" name="11111" tenant_id="admin">
-         <description>
+         <rules/>
-            default
-        </description>
-    </securityGroup>
-    <securityGroup id="20" name="test" userId="admin">
          <description>
              test
          </description>
-     </securityGroup>
+     </security_group>
-</securityGroups>
+    <security_group id="28" name="default" tenant_id="admin">
-</nowiki></pre>
+         <rules>
+            <rule id="108" parent_group_id="28">
-=== Response JSON ===
+                 <from_port>
-<pre><nowiki>
-{
- "securityGroups":
-   [
-      {
-        "userId": "admin",
-        "id": 2,
-        "name": "default",
-        "description": "default"
-      },
-      {
-        "userId": "admin",
-        "id": 20,
-        "name": "test",
-         "description": "test"
-      }
-    ]
- }
-</nowiki></pre>
-== Detail security groups ==
-URL: http://10.2.3.150:8774/v1.1/os-security-groups/detail
-{| border="1" cellpadding="2" cellspacing="0"
-| Verb
-| URI
-|-
-| GET
-| /os-security-groups/detail
-|}
-Normal Response Code(s): 200
-Error Response Code(s): unauthorized(401)
-This operation is slightly different from "List of security groups" operation. In this operation the list is returned with more details of each security group. This operation provides a list of security groups with your account. Security groups that have been deleted are not included in this list.The list of security groups doesn't support filtering in this version. The list returned is sorted based on the id, if you are a admin user then the list returned is sorted based on the userID (ProjectID) and IDs of the security groups.
-This operation does not require a request body.
-=== Response XML ===
-<pre><nowiki>
-<securityGroups xmlns="http://docs.openstack.org/compute/api/v1.1">
-    <securityGroup id="2" name="default" userId="admin">
-        <permissions>
-            <permission>
-                <toPort>
-                </toPort>
-                 <fromPort>
-                 </fromPort>
+                 </from_port>
-                 <sourceGroups/>
+                 <group/>
-                 <protocol>
+                 <ip_protocol>
                      tcp
-                 </protocol>
+                 </ip_protocol>
-                 <ipRanges>
+                 <to_port>
-                    <ipRange>
-                        <cidrIp>
-.2.3.0/24
-                        </cidrIp>
-                    </ipRange>
-                </ipRanges>
-            </permission>
-            <permission>
-                <toPort>
-                 </toPort>
+                 </to_port>
-                 <fromPort>
+                 <ip_range>
+                    <cidr>
+.2.6.0/24
+                    </cidr>
+                </ip_range>
+            </rule>
+            <rule id="109" parent_group_id="28">
+                <from_port>
-                 </fromPort>
+                 </from_port>
-                 <sourceGroups/>
+                <group>
-                 <protocol>
+                    <tenant_id>
+                        admin
+                    </tenant_id>
+                    <name>
+                    </name>
+                 </group>
+                 <ip_protocol>
                      tcp
-                 </protocol>
+                 </ip_protocol>
-                 <ipRanges>
+                 <to_port>
-                     <ipRange>
-                        <cidrIp>
+                 </to_port>
-.2.3.124/24
+                 <ip_range/>
-                        </cidrIp>
+             </rule>
-                    </ipRange>
+         </rules>
-                </ipRanges>
-            </permission>
-            <permission>
-                <toPort>
-                    None
-                </toPort>
-                <fromPort>
-                    None
-                </fromPort>
-                <sourceGroups>
-                    <sourceGroup>
-                        <userId>
-                            admin
-                        </userId>
-                        <groupId>
-                        </groupId>
-                    </sourceGroup>
-                </sourceGroups>
-                <protocol>
-                    None
-                 </protocol>
-                 <ipRanges/>
-             </permission>
-         </permissions>
          <description>
              default
          </description>
-     </securityGroup>
+     </security_group>
-    <securityGroup id="20" name="test" userId="admin">
+</security_groups>
-        <permissions/>
-        <description>
-            test
-        </description>
-    </securityGroup>
-</securityGroups>
 </nowiki></pre>
 === Response JSON ===
@@ Line 457: / Line 333: @@
 <pre><nowiki>
 {
-     "securityGroups":
+     "security_groups": [
-     [
+        {
-       {
+           "rules": [],
-           "permission":
+           "tenant_id": "admin",
-          [
+           "id": 39,
-             {
+           "name": "11111",
-                 "toPort": 22,
+           "description": "test"
-                 "fromPort": 22,
+        },
-                 "sourceGroups": [],
+        {
-                 "protocol": "tcp",
+           "rules": [
-                 "ipRanges":
+              {
-                [
+                 "from_port": 22,
-                     {
+                 "group": {},
-                      "cidrIp": "10.2.3.0/24"
+                 "ip_protocol": "tcp",
-                    }
+                 "to_port": 22,
-                ]
+                "parent_group_id": 28,
-               }
+                 "ip_range": {
-            ],
+                     "cidr": "10.2.6.0/24"
-            "userId": "admin",
+                 },
-            "id": 2,
+                 "id": 108
-            "name": "default",
+               },
-            "description": "default"
+              {
-       },
+                 "from_port": 22,
-       {
+                 "group": {
-          "permission":
+                     "tenant_id": "admin",
-          [
+                     "name": "11111"
-             {
+                  },
-                "toPort": 22,
+                  "ip_protocol": "tcp",
-                "fromPort": 22,
+                  "to_port": 22,
-                "sourceGroups": [],
+                  "parent_group_id": 28,
-                "protocol": "tcp",
+                  "ip_range": {},
-                "ipRanges":
+                  "id": 109
-                [
+               }
-                    {
+          ],
-                      "cidrIp": "10.2.3.0/24"
+          "tenant_id": "admin",
-                    }
+          "id": 28,
-                ]
+          "name": "default",
-              }
+          "description": "default"
-            ],
+        }
-            "userId": "admin",
+      ]
-            "id": 3,
-            "name": "test1",
-            "description": "test1 description"
-       }
-    ]
 }
 </nowiki></pre>
@@ Line 514: / Line 384: @@
 |-
 | DELETE
-| /os-security-groups/id
+| /security-groups/id
 |}
-Normal Response Code(s): 204
+Normal Response Code(s): 202
 Error Response Code(s): unauthorized (401), itemNotFound (404)
@@ Line 523: / Line 393: @@
 This operation does not require a request or a response body.
-= Authorize Security Group Ingress =
+= Create Security Group Rule =
 {| border="1" cellpadding="2" cellspacing="0"
@@ Line 530: / Line 400: @@
 |-
 | POST
-| /os-security-groups/id/authorize_ingress
+| /security_group_rules
 |}
@@ Line 537: / Line 407: @@
 Error Response Code(s): computeFault(500), unauthorized(401), [[BadRequest]](400), [[UnprocessableEntity]](422), itemNotfound(400)
-This operation adds one or more ingress rules to a security group. this action gives one or more CIDR IP address ranges permission to access a security group in your account, or gives one or more other security groups permissions to access a securit group in your account. A source group can be in your own account or another.
+This operation adds one rule to a security group in a single request.
+=== Exmaple 1 Request XML ===
-This operation does not send a response body.
+<pre><nowiki>
+<security_group_rule>
+  <ip_protocol>tcp</ip_protocol>
+  <from_port>22</from_port>
+  <to_port>22</to_port>
+  <parent_group_id>28</parent_group_id>
+  <cidr>10.2.6.0/24</cidr>
+</security_group_rule>
+</nowiki></pre>
-== Questions ==
-* Should there be any restrictions on the numbers of rules allowed per security group?
-In amazon EC2, you can have up to 100 rules per group.
-=== Example 1 Request XML ===
+=== Example 1 XML Response ===
 <pre><nowiki>
-<authorizeIngressSecurityGroup>
+<security_group_rule id="108" parent_group_id="28" xmlns="http://docs.openstack.org/compute/api/v1.1">
-     <permissions>
+    <from_port>
- 	    <permission>
- 		<protocol>tcp</protocol>
+    </from_port>
- 		<fromPort>22</fromPort>
+    <group/>
- 		<toPort>22</toPort>
+    <ip_protocol>
- 		<sourceGroups/>
+        tcp
- 		<ipRanges>
+    </ip_protocol>
- 		    <ipRange>
+    <to_port>
- 			<cidrIp>10.2.3.0/24</cidrIp>
- 		    </ipRange>
+    </to_port>
- 		</ipRanges>
+    <ip_range>
- 	    </permission>
+        <cidr>
-   </permissions>
+.2.6.0/24
-  </authorizeIngressSecurityGroup>
+        </cidr>
+    </ip_range>
+</security_group_rule>
 </nowiki></pre>
@@ Line 569: / Line 448: @@
 <pre><nowiki>
-<authorizeIngressSecurityGroup>
+<security_group_rule>
-     <permissions>
+  <ip_protocol>tcp</ip_protocol>
- 	    <permission>
+  <from_port>22</from_port>
- 		<sourceGroups>
+  <to_port>22</to_port>
- 		    <sourceGroup>
+  <parent_group_id>28</parent_group_id>
- 			<userId>admin</userId>
+  <group_id>45</group_id>
- 			<groupId>20</groupId>
+</security_group_rule>
- 		    </sourceGroup>
+</nowiki></pre>
- 		</sourceGroups>
-                </ipRanges>
- 	    </permission>
+=== Example 2 XML Response ===
-   </permissions>
-  </authorizeIngressSecurityGroup>
+<pre><nowiki>
+<security_group_rule id="108" parent_group_id="28" xmlns="http://docs.openstack.org/compute/api/v1.1">
+    <from_port>
+    </from_port>
+    </group>
+       <tenant_id>testproject<tenant_id>
+       <name>test</name>
+    <group>
+    <ip_protocol>
+        tcp
+    </ip_protocol>
+    <to_port>
+    </to_port>
+    </ip_range>
+</security_group_rule>
 </nowiki></pre>
@@ Line 589: / Line 484: @@
 <pre><nowiki>
 {
-    "authorizeIngressSecurityGroup" :  {
+   "security_group_rule": {
-  	"permissions" :  [
+       "ip_protocol": "tcp",
-   		{
+       "from_port": "22",
-                    "sourceGroups" : [
+       "to_port": "22",
-  	                {
+       "parent_group_id": 2,
-   			    "userId" : "admin",
+       "cidr": "10.2.3.124/24"
-  			    "groupId" : "20"
+    }
-   		        }
-  		    ]
-                }
-        ]
-   }
 }
 </nowiki></pre>
@@ Line 608: / Line 498: @@
 <pre><nowiki>
 {
-    "authorizeIngressSecurityGroup" :  {
+  "security_group_rule": {
-        "permissions" :  [
+      "ip_protocol": "tcp",
-  	    {
+      "from_port": "22",
- 	        "protocol" : "tcp",
+      "to_port": "22",
-  		"fromPort" : "22",
+      "group_id": 1,
-  		"toPort" : "22",
+      "parent_group_id": 2
-                "ipRanges" : [
- 		    {
-                        "cidrIp" : "10.2.3.124/24"
-  		    }
- 		]
-            }
-        ]
     }
 }
@@ Line 626: / Line 509: @@
-= Revoke Security Group Ingress =
+= Delete Security Group Rule =
 {| border="1" cellpadding="2" cellspacing="0"
@@ Line 633: / Line 516: @@
 |-
 | POST
-| /os-security-groups/id/revoke_ingress
+| /security_group_rules/id
 |}
 Normal Response Code(s): 202
-Error Response Code(s): computeFault(500), unauthorized(401), [[BadRequest]](400), [[UnprocessableEntity]](422), itemNotfound(400)
+Error Response Code(s): unauthorized(401), itemNotfound(404)
-This operation removes one or more ingress rules from a security group.
+This operation removes one rule from a security group.
-This operation does not send a response body.
+This operation does not require a request or a response body.
-=== Example 1 Request XML ===
-<pre><nowiki>
-<revokeIngressSecurityGroup>
-     <permissions>
- 	    <permission>
- 		<protocol>tcp</protocol>
- 		<fromPort>22</fromPort>
- 		<toPort>22</toPort>
- 		<sourceGroups/>
- 		<ipRanges>
- 		    <ipRange>
- 			<cidrIp>10.2.3.0/24</cidrIp>
- 		    </ipRange>
- 		</ipRanges>
- 	    </permission>
-   </permissions>
-</revokeIngressSecurityGroup>
-</nowiki></pre>
-=== Example 2 Request XML ===
-<pre><nowiki>
-<revokeIngressSecurityGroup>
-     <permissions>
- 	    <permission>
- 		<sourceGroups>
- 		    <sourceGroup>
- 			<userId>admin</userId>
- 			<groupId>20</groupId>
- 		    </sourceGroup>
- 		</sourceGroups>
-                </ipRanges>
- 	    </permission>
-   </permissions>
-  </revokeIngressSecurityGroup>
-</nowiki></pre>
-=== Example 1 Request JSON ===
-<pre><nowiki>
-{
-    "revokeIngressSecurityGroup" :  {
-  	"permissions" :  [
-   		{
-                    "sourceGroups" : [
-  	                {
-   			    "userId" : "admin",
-  			    "groupId" : "20"
-   		        }
-  		    ]
-                }
-        ]
-   }
-}
-</nowiki></pre>
-=== Example 2 Request JSON ===
-<pre><nowiki>
-{
-    "revokeIngressSecurityGroup" :  {
-        "permissions" :  [
-  	    {
- 	        "protocol" : "tcp",
-  		"fromPort" : "22",
-  		"toPort" : "22",
-                "ipRanges" : [
- 		    {
-                        "cidrIp" : "10.2.3.124/24"
-  		    }
- 		]
-            }
-        ]
-   }
-}
-</nowiki></pre>