Add security group subcollection to providers, cloud tenants, and vms

app/controllers/api/cloud_tenants_controller.rb

@@ -1,4 +1,5 @@
 module Api
   class CloudTenantsController < BaseController
+    include Subcollections::SecurityGroups
   end
 end

app/controllers/api/providers_controller.rb

@@ -17,6 +17,7 @@ class ProvidersController < BaseController
     include Subcollections::CloudTenants
     include Subcollections::CustomAttributes
     include Subcollections::LoadBalancers
+    include Subcollections::SecurityGroups
     include Subcollections::Vms
 
     def create_resource(type, _id, data = {})

app/controllers/api/subcollections/security_groups.rb

@@ -0,0 +1,9 @@
+module Api
+  module Subcollections
+    module SecurityGroups
+      def security_groups_query_resource(object)
+        object.respond_to?(:security_groups) ? object.security_groups : []
+      end
+    end
+  end
+end

app/controllers/api/vms_controller.rb

@@ -5,6 +5,7 @@ class VmsController < BaseController
     include Subcollections::PolicyProfiles
     include Subcollections::Accounts
     include Subcollections::CustomAttributes
+    include Subcollections::SecurityGroups
     include Subcollections::Software
     include Subcollections::Snapshots
     include Subcollections::MetricRollups

config/api.yml

@@ -493,6 +493,8 @@
     - :subcollection
     :verbs: *gp
     :klass: CloudTenant
+    :subcollections:
+    - :security_groups
     :collection_actions:
       :get:
       - :name: read
@@ -1607,6 +1609,7 @@
     - :cloud_tenants
     - :custom_attributes
     - :load_balancers
+    - :security_groups
     - :vms
     :collection_actions:
       :get:
@@ -2650,6 +2653,7 @@
     - :policy_profiles
     - :accounts
     - :custom_attributes
+    - :security_groups
     - :software
     - :snapshots
     - :metric_rollups

spec/requests/providers_spec.rb

@@ -1108,6 +1108,53 @@ def gen_import_request
     end
   end
 
+  context 'security groups subcollection' do
+    before do
+      @provider = FactoryGirl.create(:ems_openstack)
+      @security_group = FactoryGirl.create(:security_group, :ext_management_system => @provider)
+    end
+
+    it 'queries all security groups' do
+      api_basic_authorize subcollection_action_identifier(:providers, :security_groups, :read, :get)
+
+      get(api_provider_security_groups_url(nil, @provider))
+
+      expected = {
+        'resources' => [
+          { 'href' => api_provider_security_group_url(nil, @provider, @security_group) }
+        ]
+
+      }
+      expect(response).to have_http_status(:ok)
+      expect(response.parsed_body).to include(expected)
+    end
+
+    it "will not show a provider's security groups without the appropriate role" do
+      api_basic_authorize
+
+      get(api_provider_security_groups_url(nil, @provider))
+
+      expect(response).to have_http_status(:forbidden)
+    end
+
+    it 'queries a single security group' do
+      api_basic_authorize action_identifier(:security_groups, :read, :subresource_actions, :get)
+
+      get(api_provider_security_group_url(nil, @provider, @security_group))
+
+      expect(response).to have_http_status(:ok)
+      expect(response.parsed_body).to include('id' => @security_group.id.to_s)
+    end
+
+    it "will not show a provider's security group without the appropriate role" do
+      api_basic_authorize
+
+      get(api_provider_security_group_url(nil, @provider, @security_group))
+
+      expect(response).to have_http_status(:forbidden)
+    end
+  end
+
   describe 'edit custom_attributes on providers' do
     context 'provider_class=provider' do
       let(:generic_provider) { FactoryGirl.create(:provider) }