NOTE:
On 11/28/2017 I removed the old description from this bug and replaced with a simpler more consolidated version based on an example. It seems the old description's verbose nature may cause elongated understanding of the issue.
PROBLEM:
Neutron plugin API extensions that add attributes to existing API resources have no proper way to extend the python-openstackclient (OSC).
EXAMPLE:
a) We have a plugin that extends an existing API resource [1]; in this example we add a 'logging' attribute to the existing 'security_groups' API resource.
b) Now we want to add CLI support for the 'logging' attribute. But there's not clean way with OSC today:
..1) To get the new 'logging' attribute to even show up (parse from API and display on output), we need to update the sdk [2]. Traditionally this has not been something done for "non-stadium projects".
..2) The python-openstackclient (OSC) already defines the logic for 'security_groups'; we want to be able to extend it to handle our 'logging' attribute, but there's no current way [3] to extend an OSC networking command.
..3) As a result we need to duplicate the OSC code [3] for security_groups to add our custom logic [4]. Now we have to try and keep [4] in sync with [3] which is less than optimal.
Some existing plugins that have resource attribute extensions today: [1][5][6][7][8]
MITIGATION:
Today we can still use the python-neutronclient to interface with these types of extensions. This support is provided by the "looseness" of the neutronclient and it's support for arbitrary kwargs.
For example with neutron client you can do something like:
neutron security-group-create --logging=blah
and the client will pass logging=blah to the API allowing the extension to function properly. In addition the neutronclient will display the value(s) of 'logging' in the CLI output without and code changes to the python-neutronclient.
That said the current mitigation is to use the neutronclient.
CONSIDERATIONS:
- If the longer term goal is to move away from API extensions in neutron (like nova did [9]), then maybe we just support neutronclient until that time.
- While the current support we have for these extensions in neutronclient maybe a "side effect" (e.g. loose kwarg passing and CLI input/output), I know we have existing deployments relying on this support. So removing such support would leave them with no options.
- There maybe some middle ground to get support in OSC in the shorter-term, but in general it's my understanding that the SDK/OSC has few reviewers and maybe undergoing a "restructure" [10].
[1] https://github.com/openstack/vmware-nsx/blob/master/vmware_nsx/extensions/securitygrouplogging.py
[2] https://github.com/openstack/python-openstacksdk/blob/master/openstack/network/v2/security_group.py
[3] https://github.com/openstack/python-openstackclient/blob/master/openstackclient/network/v2/security_group.py#L117
[4] https://review.openstack.org/#/c/393322/4/vmware_nsx/osc/v2/security_group.py
[5] http://git.openstack.org/cgit/openstack/networking-h3c/tree/networking_h3c/extensions/portextensions.py
[6] http://git.openstack.org/cgit/openstack/astara-neutron/tree/astara_neutron/extensions/routerstatus.py
[7] http://git.openstack.org/cgit/openstack/networking-cisco/tree/networking_cisco/plugins/cisco/extensions/routertypeawarescheduler.py
[8] http://git.openstack.org/cgit/openstack/group-based-policy/tree/gbpservice/neutron/extensions/implicit_subnetpools.py
[9] https://blueprints.launchpad.net/nova/+spec/api-no-more-extensions-pike
[10] http://lists.openstack.org/pipermail/openstack-dev/2017-August/120673.html
I plan to let this age a little here, and then I'll try to get a slot on the OSC meeting to discuss; say in about 2 weeks time.
Again I'm willing to do this work, but want some agreement that the work can land in some form before investing the time hacking on some code.
There are obviously many ways to solve this problem; I have some ideas, but would prefer to get some input form those who have a history with this code.
Thanks