Use the port tenant instead of the EPG tenant as the SG tenant
Neither port nor the SG can be created as a shared resource so when a SG is assigned to a VM port, that SG must be from the same tenant of that VM port. Change-Id: Id1607e6f274a2529c4ce841ff7602dd75cf4f603
This commit is contained in:
parent
5beb9c92f5
commit
6c2ac9b022
|
@ -256,9 +256,12 @@ class AIMMappingRPCMixin(ha_ip_db.HAIPOwnerDbMixin):
|
|||
vif_details.get('ovs_hybrid_plug')):
|
||||
return
|
||||
details['security_group'] = []
|
||||
|
||||
tenant_aname = self.aim_mech_driver.name_mapper.project(
|
||||
context.session, port['tenant_id'])
|
||||
for sg_id in port['security_groups']:
|
||||
details['security_group'].append(
|
||||
{'policy-space': details['ptg_tenant'],
|
||||
{'policy-space': tenant_aname,
|
||||
'name': sg_id})
|
||||
# Always include this SG which has the default arp & dhcp rules
|
||||
details['security_group'].append(
|
||||
|
|
|
@ -3094,10 +3094,11 @@ class TestPolicyTarget(AIMBaseTestCase):
|
|||
self.assertEqual(100, mapping['dhcp_lease_time'])
|
||||
|
||||
port = self._plugin.get_port(self._context, pt2['port_id'])
|
||||
port_tenant = self.name_mapper.project(None, port['tenant_id'])
|
||||
sg_list = []
|
||||
for sg_id in port['security_groups']:
|
||||
sg_list.append(
|
||||
{'policy-space': mapping['ptg_tenant'],
|
||||
{'policy-space': port_tenant,
|
||||
'name': sg_id})
|
||||
sg_list.append({'policy-space': 'common',
|
||||
'name': self.driver.aim_mech_driver.apic_system_id +
|
||||
|
|
Loading…
Reference in New Issue