Using neutron engine in security groups describe.

Nova engine works incorrect in case when describe is using in metadata.
Security-group-list in nova cannot be filtered by tenant,
listing all secgroups in case of big amount of groups can be slow
and may have limitations in number.

Co-Author: tikitavi <rtikitavi@gmail.com>

Change-Id: I199b0f4f4febad4c23a0d8968f7858763bcbf00c
Closes-Bug: #1660888
This commit is contained in:
Jake Yip 2017-02-01 16:07:24 +11:00 committed by Andrey Pavlov
parent 6d30c69895
commit 6b3c283894
2 changed files with 28 additions and 11 deletions

View File

@ -574,10 +574,16 @@ class SecurityGroupEngineNova(object):
pass
def get_os_groups(self, context):
nova = clients.nova(context)
return self.convert_groups_to_neutron_format(
context,
nova.security_groups.list())
# Note(tikitavi): Using neutron engine in describing security groups.
# Security-group-list in nova cannot be filtered by tenant,
# listing all secgroups in case of big amount of groups can be slow
# and may have limitations in number.
try:
groups = SecurityGroupEngineNeutron().get_os_groups(context)
except Exception as ex:
groups = []
LOG.warning(_("Failed to get os groups."))
return groups
def authorize_security_group(self, context, rule_body):
nova = clients.nova(context)

View File

@ -381,17 +381,28 @@ class SecurityGroupTestCase(base.ApiTestCase):
def test_describe_security_groups_nova(self):
security_group.security_group_engine = (
security_group.SecurityGroupEngineNova())
self.set_mock_db_items(fakes.NOVA_DB_SECURITY_GROUP_1,
fakes.NOVA_DB_SECURITY_GROUP_2)
self.nova.security_groups.list.return_value = (
[fakes.NovaSecurityGroup(fakes.NOVA_SECURITY_GROUP_1),
fakes.NovaSecurityGroup(fakes.NOVA_SECURITY_GROUP_2)])
self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1,
fakes.DB_SECURITY_GROUP_2,
fakes.DB_SECURITY_GROUP_3,
fakes.DB_SECURITY_GROUP_4,
fakes.DB_SECURITY_GROUP_5,)
self.neutron.list_security_groups.return_value = (
{'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1),
fakes.OS_SECURITY_GROUP_2,
fakes.OS_SECURITY_GROUP_3,
fakes.OS_SECURITY_GROUP_4,
fakes.OS_SECURITY_GROUP_5]})
resp = self.execute('DescribeSecurityGroups', {})
self.assertThat(resp['securityGroupInfo'],
matchers.ListMatches(
[fakes.EC2_NOVA_SECURITY_GROUP_1,
fakes.EC2_NOVA_SECURITY_GROUP_2],
[fakes.EC2_SECURITY_GROUP_1,
fakes.EC2_SECURITY_GROUP_2,
fakes.EC2_SECURITY_GROUP_3,
fakes.EC2_SECURITY_GROUP_4,
fakes.EC2_SECURITY_GROUP_5],
orderless_lists=True))
self.neutron.list_security_groups.assert_called_once_with(
tenant_id=fakes.ID_OS_PROJECT)
@mock.patch('ec2api.api.ec2utils.check_and_create_default_vpc')
def test_describe_security_groups_no_default_vpc(self, check_and_create):