Also add those DHCP rules to the default SG
We need this when the optimized DHCP is off. Change-Id: I830a36cda43088a44ebbec8e828d6f55a2088dc7
This commit is contained in:
parent
6a7e95e0b8
commit
0f46a0d9d3
|
@ -205,9 +205,9 @@ class ApicMechanismDriver(api_plus.MechanismDriver,
|
|||
self._ensure_common_tenant(aim_ctx)
|
||||
self._ensure_unrouted_vrf(aim_ctx)
|
||||
self._ensure_any_filter(aim_ctx)
|
||||
self._setup_default_arp_security_group_rules(aim_ctx)
|
||||
self._setup_default_arp_dhcp_security_group_rules(aim_ctx)
|
||||
|
||||
def _setup_default_arp_security_group_rules(self, aim_ctx):
|
||||
def _setup_default_arp_dhcp_security_group_rules(self, aim_ctx):
|
||||
sg_name = self._default_sg_name
|
||||
dname = aim_utils.sanitize_display_name('DefaultSecurityGroup')
|
||||
sg = aim_resource.SecurityGroup(
|
||||
|
@ -221,7 +221,7 @@ class ApicMechanismDriver(api_plus.MechanismDriver,
|
|||
self.aim.create(aim_ctx, sg_subject, overwrite=True)
|
||||
|
||||
dname = aim_utils.sanitize_display_name(
|
||||
'DefaultSecurityGroupEgressRule')
|
||||
'DefaultSecurityGroupArpEgressRule')
|
||||
arp_egress_rule = aim_resource.SecurityGroupRule(
|
||||
tenant_name=COMMON_TENANT_NAME,
|
||||
security_group_name=sg_name,
|
||||
|
@ -234,7 +234,7 @@ class ApicMechanismDriver(api_plus.MechanismDriver,
|
|||
self.aim.create(aim_ctx, arp_egress_rule, overwrite=True)
|
||||
|
||||
dname = aim_utils.sanitize_display_name(
|
||||
'DefaultSecurityGroupIngressRule')
|
||||
'DefaultSecurityGroupArpIngressRule')
|
||||
arp_ingress_rule = aim_resource.SecurityGroupRule(
|
||||
tenant_name=COMMON_TENANT_NAME,
|
||||
security_group_name=sg_name,
|
||||
|
@ -246,6 +246,38 @@ class ApicMechanismDriver(api_plus.MechanismDriver,
|
|||
conn_track='normal')
|
||||
self.aim.create(aim_ctx, arp_ingress_rule, overwrite=True)
|
||||
|
||||
dname = aim_utils.sanitize_display_name(
|
||||
'DefaultSecurityGroupDhcpEgressRule')
|
||||
dhcp_egress_rule = aim_resource.SecurityGroupRule(
|
||||
tenant_name=COMMON_TENANT_NAME,
|
||||
security_group_name=sg_name,
|
||||
security_group_subject_name='default',
|
||||
name='dhcp_egress',
|
||||
display_name=dname,
|
||||
direction='egress',
|
||||
ethertype='ipv4',
|
||||
ip_protocol='udp',
|
||||
from_port='67',
|
||||
to_port='67',
|
||||
conn_track='normal')
|
||||
self.aim.create(aim_ctx, dhcp_egress_rule, overwrite=True)
|
||||
|
||||
dname = aim_utils.sanitize_display_name(
|
||||
'DefaultSecurityGroupDhcpIngressRule')
|
||||
dhcp_ingress_rule = aim_resource.SecurityGroupRule(
|
||||
tenant_name=COMMON_TENANT_NAME,
|
||||
security_group_name=sg_name,
|
||||
security_group_subject_name='default',
|
||||
name='dhcp_ingress',
|
||||
display_name=dname,
|
||||
direction='ingress',
|
||||
ethertype='ipv4',
|
||||
ip_protocol='udp',
|
||||
from_port='68',
|
||||
to_port='68',
|
||||
conn_track='normal')
|
||||
self.aim.create(aim_ctx, dhcp_ingress_rule, overwrite=True)
|
||||
|
||||
def _setup_keystone_notification_listeners(self):
|
||||
targets = [oslo_messaging.Target(
|
||||
exchange=self.keystone_notification_exchange,
|
||||
|
|
|
@ -859,7 +859,7 @@ class TestAimMapping(ApicAimTestCase):
|
|||
self.assertEqual('default', sg_rule.security_group_subject_name)
|
||||
self.assertEqual('arp_egress', sg_rule.name)
|
||||
self.assertEqual(
|
||||
'DefaultSecurityGroupEgressRule', sg_rule.display_name)
|
||||
'DefaultSecurityGroupArpEgressRule', sg_rule.display_name)
|
||||
self.assertEqual('egress', sg_rule.direction)
|
||||
self.assertEqual('arp', sg_rule.ethertype)
|
||||
self.assertEqual([], sg_rule.remote_ips)
|
||||
|
@ -875,7 +875,7 @@ class TestAimMapping(ApicAimTestCase):
|
|||
self.assertEqual('default', sg_rule.security_group_subject_name)
|
||||
self.assertEqual('arp_ingress', sg_rule.name)
|
||||
self.assertEqual(
|
||||
'DefaultSecurityGroupIngressRule', sg_rule.display_name)
|
||||
'DefaultSecurityGroupArpIngressRule', sg_rule.display_name)
|
||||
self.assertEqual('ingress', sg_rule.direction)
|
||||
self.assertEqual('arp', sg_rule.ethertype)
|
||||
self.assertEqual([], sg_rule.remote_ips)
|
||||
|
@ -883,6 +883,40 @@ class TestAimMapping(ApicAimTestCase):
|
|||
self.assertEqual('unspecified', sg_rule.to_port)
|
||||
self.assertEqual('normal', sg_rule.conn_track)
|
||||
|
||||
# Check DHCP egress SecurityGroupRule.
|
||||
sg_rule = self._get_sg_rule(
|
||||
'dhcp_egress', 'default', sg_aname, 'common')
|
||||
self.assertEqual('common', sg_rule.tenant_name)
|
||||
self.assertEqual(sg_aname, sg_rule.security_group_name)
|
||||
self.assertEqual('default', sg_rule.security_group_subject_name)
|
||||
self.assertEqual('dhcp_egress', sg_rule.name)
|
||||
self.assertEqual(
|
||||
'DefaultSecurityGroupDhcpEgressRule', sg_rule.display_name)
|
||||
self.assertEqual('egress', sg_rule.direction)
|
||||
self.assertEqual('ipv4', sg_rule.ethertype)
|
||||
self.assertEqual('udp', sg_rule.ip_protocol)
|
||||
self.assertEqual([], sg_rule.remote_ips)
|
||||
self.assertEqual('67', sg_rule.from_port)
|
||||
self.assertEqual('67', sg_rule.to_port)
|
||||
self.assertEqual('normal', sg_rule.conn_track)
|
||||
|
||||
# Check DHCP ingress SecurityGroupRule.
|
||||
sg_rule = self._get_sg_rule(
|
||||
'dhcp_ingress', 'default', sg_aname, 'common')
|
||||
self.assertEqual('common', sg_rule.tenant_name)
|
||||
self.assertEqual(sg_aname, sg_rule.security_group_name)
|
||||
self.assertEqual('default', sg_rule.security_group_subject_name)
|
||||
self.assertEqual('dhcp_ingress', sg_rule.name)
|
||||
self.assertEqual(
|
||||
'DefaultSecurityGroupDhcpIngressRule', sg_rule.display_name)
|
||||
self.assertEqual('ingress', sg_rule.direction)
|
||||
self.assertEqual('ipv4', sg_rule.ethertype)
|
||||
self.assertEqual('udp', sg_rule.ip_protocol)
|
||||
self.assertEqual([], sg_rule.remote_ips)
|
||||
self.assertEqual('68', sg_rule.from_port)
|
||||
self.assertEqual('68', sg_rule.to_port)
|
||||
self.assertEqual('normal', sg_rule.conn_track)
|
||||
|
||||
def test_network_lifecycle(self):
|
||||
# Test create.
|
||||
net = self._make_network(self.fmt, 'net1', True)['network']
|
||||
|
|
Loading…
Reference in New Issue