Support management of security group in OS API 1.1 or later version same as it is present in the EC2 API.

Design

Sr No.	verb	URI	Request
1	GET	/security_groups	No Request body
2	GET	/security_groups/id	No Request body
3	POST	/security_groups	Request body
4	DELETE	/security_groups/id	No Request body
5	POST	/security_group_rules	Request body
6	DELETE	/security_group_rules/id	No request body

API Operations

Create Security Group API

URL : http://10.2.3.150:8774/v1.1/security_groups

Verb	URI
POST	/security_groups

Normal Response Code(s): 200

Error Response Code(s): 500, unauthorized(401), badRequest(400)

This operation creates a new security group into your account.

Error Handling

Name	Description	Error Description
name	Name of the security group	Security group name is mandatory
		Security group name is an empty string
		Security group name should not be greater than 255 characters
description	Description of the security group	Security group description is mandatory
		Security group description is an empty string
		Security group description should not be greater than 255 characters

In all of the above error cases, it returns HTTP status code 400.

Request XML

<security_group name="11111">
    <description>test</description>
</security_group>

Response XML

<security_group id="39" name="11111" tenant_id="admin" xmlns="http://docs.openstack.org/compute/api/v1.1">
    <rules/>
    <description>
        test
    </description>
</security_group>

Note: tenant_id will be the project Id.

Request JSON

{
  "security_group" :
    {
        "name" : "test12",
        "description" : "security group description"
    }
}

Response JSON

{
   "security_group":
      {
         "rules": [],
         "tenant_id": "admin",
         "id": 41,
         "name": "test12",
         "description": "security group description"
      }
}

Get Security Group

URL: http://10.2.3.150:8774/v1.1/security_groups/<id>

Verb	URI
GET	/security_groups/id

Normal Response Code(s): 200

Error Response Code(s): unauthorized(401), ItemNotFound(404)

This operation returns the details of a security group

This operation does not require a request body

Response XML

<security_group id="28" name="default" tenant_id="admin" xmlns="http://docs.openstack.org/compute/api/v1.1">
    <rules>
        <rule id="108" parent_group_id="28">
            <from_port>
                22
            </from_port>
            <group/>
            <ip_protocol>
                tcp
            </ip_protocol>
            <to_port>
                22
            </to_port>
            <ip_range>
                <cidr>
                    10.2.6.0/24
                </cidr>
            </ip_range>
        </rule>
        <rule id="109" parent_group_id="28">
            <from_port>
                22
            </from_port>
            <group>
                <tenant_id>
                    admin
                </tenant_id>
                <name>
                    11111
                </name>
            </group>
            <ip_protocol>
                tcp
            </ip_protocol>
            <to_port>
                22
            </to_port>
            <ip_range/>
        </rule>
    </rules>
    <description>
        default
    </description>
</security_group>

Response JSON

{
    "security_group":
        {
          "rules": [
              {
                "from_port": 22,
                "group": {},
                "ip_protocol": "tcp",
                "to_port": 22,
                "parent_group_id": 28,
                "ip_range": {
                    "cidr": "10.2.6.0/24"
                 },
                 "id": 108
              },
              {
                 "from_port": 22,
                 "group": {
                     "tenant_id": "admin",
                     "name": "11111"
                  },
                  "ip_protocol": "tcp",
                  "to_port": 22,
                  "parent_group_id": 28,
                  "ip_range": {},
                  "id": 109
               }
          ],
          "tenant_id": "admin",
          "id": 28,
          "name": "default",
          "description": "default"
        }
}

List Security Groups

URL : http://10.2.3.150:8774/v1.1/security-groups

Verb	URI
GET	/security_groups

Normal Response Code(s): 200

Error Response Code(s): unauthorized(401)

This operation provides a list of security groups with your account. Security groups that have been deleted are not included in this list. The list of security groups doesn't support filtering in this version. The list returned is sorted based on the id, if you are a admin user then the list returned is sorted based on the tenant_id (ProjectID) and security group name.

This operation does not require a request body.

Response XML

<security_groups xmlns="http://docs.openstack.org/compute/api/v1.1">
    <security_group id="39" name="11111" tenant_id="admin">
        <rules/>
        <description>
            test
        </description>
    </security_group>
    <security_group id="28" name="default" tenant_id="admin">
        <rules>
            <rule id="108" parent_group_id="28">
                <from_port>
                    22
                </from_port>
                <group/>
                <ip_protocol>
                    tcp
                </ip_protocol>
                <to_port>
                    22
                </to_port>
                <ip_range>
                    <cidr>
                        10.2.6.0/24
                    </cidr>
                </ip_range>
            </rule>
            <rule id="109" parent_group_id="28">
                <from_port>
                    22
                </from_port>
                <group>
                    <tenant_id>
                        admin
                    </tenant_id>
                    <name>
                        11111
                    </name>
                </group>
                <ip_protocol>
                    tcp
                </ip_protocol>
                <to_port>
                    22
                </to_port>
                <ip_range/>
            </rule>
        </rules>
        <description>
            default
        </description>
    </security_group>
</security_groups>

Response JSON

{
    "security_groups": [
        {
           "rules": [],
           "tenant_id": "admin",
           "id": 39,
           "name": "11111",
           "description": "test"
        },
        {
          "rules": [
              {
                "from_port": 22,
                "group": {},
                "ip_protocol": "tcp",
                "to_port": 22,
                "parent_group_id": 28,
                "ip_range": {
                    "cidr": "10.2.6.0/24"
                 },
                 "id": 108
              },
              {
                 "from_port": 22,
                 "group": {
                     "tenant_id": "admin",
                     "name": "11111"
                  },
                  "ip_protocol": "tcp",
                  "to_port": 22,
                  "parent_group_id": 28,
                  "ip_range": {},
                  "id": 109
               }
          ],
          "tenant_id": "admin",
          "id": 28,
          "name": "default",
          "description": "default"
        }
      ]
}

Delete Security Group

verb	URI
DELETE	/security-groups/id

Normal Response Code(s): 202

Error Response Code(s): unauthorized (401), itemNotFound (404)

This operation does not require a request or a response body.

Create Security Group Rule

Verb	URI
POST	/security_group_rules

Normal Response Code(s): 202

Error Response Code(s): computeFault(500), unauthorized(401), BadRequest(400), UnprocessableEntity(422), itemNotfound(400)

This operation adds one rule to a security group in a single request.

Exmaple 1 Request XML

<security_group_rule> 
  <ip_protocol>tcp</ip_protocol>
  <from_port>22</from_port>
  <to_port>22</to_port>
  <parent_group_id>28</parent_group_id>
  <cidr>10.2.6.0/24</cidr>
</security_group_rule>

Example 1 XML Response

<security_group_rule id="108" parent_group_id="28" xmlns="http://docs.openstack.org/compute/api/v1.1">
    <from_port>
        22
    </from_port>
    <group/>
    <ip_protocol>
        tcp
    </ip_protocol>
    <to_port>
        22
    </to_port>
    <ip_range>
        <cidr>
            10.2.6.0/24
        </cidr>
    </ip_range>
</security_group_rule>

Example 2 Request XML

<security_group_rule> 
  <ip_protocol>tcp</ip_protocol>
  <from_port>22</from_port>
  <to_port>22</to_port>
  <parent_group_id>28</parent_group_id>
  <group_id>45</group_id>
</security_group_rule>

Example 2 XML Response

<security_group_rule id="108" parent_group_id="28" xmlns="http://docs.openstack.org/compute/api/v1.1">
    <from_port>
        22
    </from_port>
    </group>
       <tenant_id>testproject<tenant_id>
       <name>test</name>
    <group>
    <ip_protocol>
        tcp
    </ip_protocol>
    <to_port>
        22
    </to_port>
    </ip_range>
</security_group_rule>

Example 1 Request JSON

{
   "security_group_rule": {
       "ip_protocol": "tcp",
       "from_port": "22",
       "to_port": "22",
       "parent_group_id": 2,
       "cidr": "10.2.3.124/24"
    }
}

Example 2 Request JSON

{
  "security_group_rule": {
      "ip_protocol": "tcp",
      "from_port": "22",
      "to_port": "22",
      "group_id": 1,
      "parent_group_id": 2
   }
}

Delete Security Group Rule

Verb	URI
POST	/security_group_rules/id

Normal Response Code(s): 202

Error Response Code(s): unauthorized(401), itemNotfound(404)

This operation removes one rule from a security group.

This operation does not require a request or a response body.

Os-security-groups

Contents

Design

API Operations

Create Security Group API

Request XML

Response XML

Request JSON

Response JSON

Get Security Group

Response XML

Response JSON

List Security Groups

Response XML

Response JSON

Delete Security Group

Create Security Group Rule

Exmaple 1 Request XML

Example 1 XML Response

Example 2 Request XML

Example 2 XML Response

Example 1 Request JSON

Example 2 Request JSON

Delete Security Group Rule