gophercloud
diff --git a/‎internal/acceptance/openstack/networking/v2/extensions/extensions.go‎
Lines changed: 38 additions & 0 deletions b/‎internal/acceptance/openstack/networking/v2/extensions/extensions.go‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎internal/acceptance/openstack/networking/v2/extensions/security_test.go‎
Lines changed: 6 additions & 0 deletions b/‎internal/acceptance/openstack/networking/v2/extensions/security_test.go‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎openstack/networking/v2/extensions/security/rules/requests.go‎
Lines changed: 17 additions & 0 deletions b/‎openstack/networking/v2/extensions/security/rules/requests.go‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎openstack/networking/v2/extensions/security/rules/results.go‎
Lines changed: 19 additions & 0 deletions b/‎openstack/networking/v2/extensions/security/rules/results.go‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎openstack/networking/v2/extensions/security/rules/testing/requests_test.go‎
Lines changed: 95 additions & 0 deletions b/‎openstack/networking/v2/extensions/security/rules/testing/requests_test.go‎
Lines changed: 95 additions & 0 deletions
diff --git a/‎params.go‎
Lines changed: 45 additions & 7 deletions b/‎params.go‎
Lines changed: 45 additions & 7 deletions
@@ -140,6 +140,44 @@ func CreateSecurityGroupRule(t *testing.T, client *gophercloud.ServiceClient, se
 	return rule, nil
 }
 
+// CreateSecurityGroupRulesBulk will create security group rules with a random name
+// and random port between 80 and 99.
+// An error will be returned if one was failed to be created.
+func CreateSecurityGroupRulesBulk(t *testing.T, client *gophercloud.ServiceClient, secGroupID string) ([]rules.SecGroupRule, error) {
+	t.Logf("Attempting to bulk create security group rules in group: %s", secGroupID)
+
+	sgRulesCreateOpts := make([]rules.CreateOpts, 3)
+	for i := range 3 {
+		description := "Rule description"
+		fromPort := tools.RandomInt(80, 89)
+		toPort := tools.RandomInt(90, 99)
+
+		sgRulesCreateOpts[i] = rules.CreateOpts{
+			Description:  description,
+			Direction:    "ingress",
+			EtherType:    "IPv4",
+			SecGroupID:   secGroupID,
+			PortRangeMin: fromPort,
+			PortRangeMax: toPort,
+			Protocol:     rules.ProtocolTCP,
+		}
+	}
+
+	rules, err := rules.CreateBulk(context.TODO(), client, sgRulesCreateOpts).Extract()
+	if err != nil {
+		return rules, err
+	}
+
+	for i, rule := range rules {
+		t.Logf("Created security group rule: %s", rule.ID)
+
+		th.AssertEquals(t, sgRulesCreateOpts[i].SecGroupID, rule.SecGroupID)
+		th.AssertEquals(t, sgRulesCreateOpts[i].Description, rule.Description)
+	}
+
+	return rules, nil
+}
+
 // DeleteSecurityGroup will delete a security group of a specified ID.
 // A fatal error will occur if the deletion failed. This works best as a
 // deferred function
 
@@ -26,6 +26,12 @@ func TestSecurityGroupsCreateUpdateDelete(t *testing.T) {
 	th.AssertNoErr(t, err)
 	defer DeleteSecurityGroupRule(t, client, rule.ID)
 
+	rules, err := CreateSecurityGroupRulesBulk(t, client, group.ID)
+	th.AssertNoErr(t, err)
+	for _, r := range rules {
+		defer DeleteSecurityGroupRule(t, client, r.ID)
+	}
+
 	tools.PrintResource(t, group)
 
 	var name = "Update group"
 
@@ -150,6 +150,23 @@ func Create(ctx context.Context, c *gophercloud.ServiceClient, opts CreateOptsBu
 	return
 }
 
+// CreateBulk is an operation which adds new security group rules and associates them
+// with an existing security group (whose ID is specified in CreateOpts).
+// As of Dalmatian (2024.2) neutron only allows bulk creation of rules when
+// they all belong to the same tenant and security group.
+// https://github.com/openstack/neutron/blob/6183792/neutron/db/securitygroups_db.py#L814-L828
+func CreateBulk(ctx context.Context, c *gophercloud.ServiceClient, opts []CreateOpts) (r CreateBulkResult) {
+	body, err := gophercloud.BuildRequestBody(opts, "security_group_rules")
+	if err != nil {
+		r.Err = err
+		return
+	}
+
+	resp, err := c.Post(ctx, rootURL(c), body, &r.Body, nil)
+	_, r.Header, r.Err = gophercloud.ParseResponse(resp, err)
+	return
+}
+
 // Get retrieves a particular security group rule based on its unique ID.
 func Get(ctx context.Context, c *gophercloud.ServiceClient, id string) (r GetResult) {
 	resp, err := c.Get(ctx, resourceURL(c, id), &r.Body, nil)
 
@@ -103,6 +103,10 @@ type commonResult struct {
 	gophercloud.Result
 }
 
+type bulkResult struct {
+	gophercloud.Result
+}
+
 // Extract is a function that accepts a result and extracts a security rule.
 func (r commonResult) Extract() (*SecGroupRule, error) {
 	var s struct {
@@ -112,12 +116,27 @@ func (r commonResult) Extract() (*SecGroupRule, error) {
 	return s.SecGroupRule, err
 }
 
+// Extract is a function that accepts a result and extracts security rules.
+func (r bulkResult) Extract() ([]SecGroupRule, error) {
+	var s struct {
+		SecGroupRules []SecGroupRule `json:"security_group_rules"`
+	}
+	err := r.ExtractInto(&s)
+	return s.SecGroupRules, err
+}
+
 // CreateResult represents the result of a create operation. Call its Extract
 // method to interpret it as a SecGroupRule.
 type CreateResult struct {
 	commonResult
 }
 
+// CreateBulkResult represents the result of a bulk create operation. Call its
+// Extract method to interpret it as a slice of SecGroupRules.
+type CreateBulkResult struct {
+	bulkResult
+}
+
 // GetResult represents the result of a get operation. Call its Extract
 // method to interpret it as a SecGroupRule.
 type GetResult struct {
 
@@ -222,6 +222,101 @@ func TestCreateAnyProtocol(t *testing.T) {
 	th.AssertNoErr(t, err)
 }
 
+func TestCreateBulk(t *testing.T) {
+	th.SetupHTTP()
+	defer th.TeardownHTTP()
+
+	th.Mux.HandleFunc("/v2.0/security-group-rules", func(w http.ResponseWriter, r *http.Request) {
+		th.TestMethod(t, r, "POST")
+		th.TestHeader(t, r, "X-Auth-Token", fake.TokenID)
+		th.TestHeader(t, r, "Content-Type", "application/json")
+		th.TestHeader(t, r, "Accept", "application/json")
+		th.TestJSONRequest(t, r, `
+{
+    "security_group_rules": [
+        {
+            "description": "test description of rule",
+            "direction": "ingress",
+            "port_range_min": 80,
+            "ethertype": "IPv4",
+            "port_range_max": 80,
+            "protocol": "tcp",
+            "remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
+            "security_group_id": "a7734e61-b545-452d-a3cd-0189cbd9747a"
+        },
+        {
+            "description": "test description of rule",
+            "direction": "ingress",
+            "port_range_min": 443,
             "ethertype": "IPv4",
+            "port_range_max": 443,
+            "protocol": "tcp",
+            "security_group_id": "a7734e61-b545-452d-a3cd-0189cbd9747a"
+        }
+    ]
+}
+      `)
+
+		w.Header().Add("Content-Type", "application/json")
+		w.WriteHeader(http.StatusCreated)
+
+		fmt.Fprint(w, `
+{
+    "security_group_rules": [
+        {
+            "description": "test description of rule",
+            "direction": "ingress",
+            "ethertype": "IPv4",
+            "port_range_max": 80,
+            "port_range_min": 80,
+            "protocol": "tcp",
+            "remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
+            "remote_ip_prefix": null,
+            "security_group_id": "a7734e61-b545-452d-a3cd-0189cbd9747a",
+            "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
+        },
+        {
+            "description": "test description of rule",
+            "direction": "ingress",
+            "ethertype": "IPv4",
+            "port_range_max": 443,
+            "port_range_min": 443,
+            "protocol": "tcp",
+            "remote_group_id": null,
+            "remote_ip_prefix": null,
+            "security_group_id": "a7734e61-b545-452d-a3cd-0189cbd9747a",
+            "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
+        }
+    ]
+}
+    `)
+	})
+
+	opts := []rules.CreateOpts{
+		{
+			Description:   "test description of rule",
+			Direction:     "ingress",
+			PortRangeMin:  80,
+			EtherType:     rules.EtherType4,
+			PortRangeMax:  80,
+			Protocol:      "tcp",
+			RemoteGroupID: "85cc3048-abc3-43cc-89b3-377341426ac5",
+			SecGroupID:    "a7734e61-b545-452d-a3cd-0189cbd9747a",
+		},
+		{
+			Description:  "test description of rule",
+			Direction:    "ingress",
+			PortRangeMin: 443,
+			EtherType:    rules.EtherType4,
+			PortRangeMax: 443,
+			Protocol:     "tcp",
+			SecGroupID:   "a7734e61-b545-452d-a3cd-0189cbd9747a",
+		},
+	}
+	_, err := rules.CreateBulk(context.TODO(), fake.ServiceClient(), opts).Extract()
+	th.AssertNoErr(t, err)
+}
+
 func TestRequiredCreateOpts(t *testing.T) {
 	res := rules.Create(context.TODO(), fake.ServiceClient(), rules.CreateOpts{Direction: rules.DirIngress})
 	if res.Err == nil {
 
@@ -11,9 +11,11 @@ import (
 )
 
 /*
-BuildRequestBody builds a map[string]interface from the given `struct`. If
-parent is not an empty string, the final map[string]interface returned will
-encapsulate the built one. For example:
+BuildRequestBody builds a map[string]interface from the given `struct`, or
+collection of `structs`. If parent is not an empty string, the final
+map[string]interface returned will encapsulate the built one. Parent is
+required when passing a list of `structs`.
+For example:
 
 	disk := 1
 	createOpts := flavors.CreateOpts{
@@ -27,7 +29,29 @@ encapsulate the built one. For example:
 
 	body, err := gophercloud.BuildRequestBody(createOpts, "flavor")
 
-The above example can be run as-is, however it is recommended to look at how
+
+	opts := []rules.CreateOpts{
+		{
+			Direction:     "ingress",
+			PortRangeMin:  80,
+			EtherType:     rules.EtherType4,
+			PortRangeMax:  80,
+			Protocol:      "tcp",
+			SecGroupID:    "a7734e61-b545-452d-a3cd-0189cbd9747a",
+		},
+		{
+			Direction:    "ingress",
+			PortRangeMin: 443,
+			EtherType:    rules.EtherType4,
+			PortRangeMax: 443,
+			Protocol:     "tcp",
+			SecGroupID:   "a7734e61-b545-452d-a3cd-0189cbd9747a",
+		},
+	}
+
+	body, err := gophercloud.BuildRequestBody(opts, "security_group_rules")
+
+The above examples can be run as-is, however it is recommended to look at how
 BuildRequestBody is used within Gophercloud to more fully understand how it
 fits within the request process as a whole rather than use it directly as shown
 above.
@@ -44,7 +68,8 @@ func BuildRequestBody(opts any, parent string) (map[string]any, error) {
 	}
 
 	optsMap := make(map[string]any)
-	if optsValue.Kind() == reflect.Struct {
+	switch optsValue.Kind() {
+	case reflect.Struct:
 		//fmt.Printf("optsValue.Kind() is a reflect.Struct: %+v\n", optsValue.Kind())
 		for i := 0; i < optsValue.NumField(); i++ {
 			v := optsValue.Field(i)
@@ -184,9 +209,22 @@ func BuildRequestBody(opts any, parent string) (map[string]any, error) {
 		}
 		//fmt.Printf("optsMap after parent added: %+v\n", optsMap)
 		return optsMap, nil
+	case reflect.Slice, reflect.Array:
+		optsMaps := make([]map[string]any, optsValue.Len())
+		for i := 0; i < optsValue.Len(); i++ {
+			b, err := BuildRequestBody(optsValue.Index(i).Interface(), "")
+			if err != nil {
+				return nil, err
+			}
+			optsMaps[i] = b
+		}
+		if parent == "" {
+			return nil, fmt.Errorf("Parent is required when passing an array or a slice.")
+		}
+		return map[string]any{parent: optsMaps}, nil
 	}
-	// Return an error if the underlying type of 'opts' isn't a struct.
-	return nil, fmt.Errorf("Options type is not a struct.")
+	// Return an error if we can't work with the underlying type of 'opts'
+	return nil, fmt.Errorf("Options type is not a struct, a slice, or an array.")
 }
 
 // EnabledState is a convenience type, mostly used in Create and Update