Use the port tenant instead of the EPG tenant as the SG tenant

Neither port nor the SG can be created as a shared resource so when a SG is assigned to a VM port, that SG must be from the same tenant of that VM port. Change-Id: Id1607e6f274a2529c4ce841ff7602dd75cf4f603
2018-01-29 14:47:10 -08:00 · 2018-01-29 14:47:10 -08:00 · 6c2ac9b022
parent 5beb9c92f5
commit 6c2ac9b022
2 changed files with 6 additions and 2 deletions
--- a/gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/aim_mapping_rpc.py
+++ b/gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/aim_mapping_rpc.py
@ -256,9 +256,12 @@ class AIMMappingRPCMixin(ha_ip_db.HAIPOwnerDbMixin):
                vif_details.get('ovs_hybrid_plug')):
            return
        details['security_group'] = []
+
+        tenant_aname = self.aim_mech_driver.name_mapper.project(
+            context.session, port['tenant_id'])
        for sg_id in port['security_groups']:
            details['security_group'].append(
-                {'policy-space': details['ptg_tenant'],
+                {'policy-space': tenant_aname,
                 'name': sg_id})
        # Always include this SG which has the default arp & dhcp rules
        details['security_group'].append(
--- a/gbpservice/neutron/tests/unit/services/grouppolicy/test_aim_mapping_driver.py
+++ b/gbpservice/neutron/tests/unit/services/grouppolicy/test_aim_mapping_driver.py
@ -3094,10 +3094,11 @@ class TestPolicyTarget(AIMBaseTestCase):
        self.assertEqual(100, mapping['dhcp_lease_time'])

        port = self._plugin.get_port(self._context, pt2['port_id'])
+        port_tenant = self.name_mapper.project(None, port['tenant_id'])
        sg_list = []
        for sg_id in port['security_groups']:
            sg_list.append(
-                {'policy-space': mapping['ptg_tenant'],
+                {'policy-space': port_tenant,
                 'name': sg_id})
        sg_list.append({'policy-space': 'common',
                        'name': self.driver.aim_mech_driver.apic_system_id +