Merge "Query DB to get the tenant ID of the SG"

2018-02-09 21:57:36 +00:00 · 2018-02-09 21:57:36 +00:00 · a7cf4ee4b5
parent e7b0cfe902 7337427275
commit a7cf4ee4b5
2 changed files with 32 additions and 9 deletions
--- a/gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/aim_mapping_rpc.py
+++ b/gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/aim_mapping_rpc.py
@ -15,6 +15,7 @@ from neutron.common import topics
 from neutron.db import api as db_api

 from neutron.db import db_base_plugin_common
+from neutron.db.models import securitygroup as sg_models
 from neutron.objects import base as objects_base
 from neutron.objects import trunk as trunk_objects
 from neutron.plugins.ml2 import rpc as ml2_rpc
@ -258,9 +259,14 @@ class AIMMappingRPCMixin(ha_ip_db.HAIPOwnerDbMixin):
            return
        details['security_group'] = []

-        tenant_aname = self.aim_mech_driver.name_mapper.project(
-            context.session, port['tenant_id'])
-        for sg_id in port['security_groups']:
+        port_sgs = (context.session.query(sg_models.SecurityGroup.id,
+                                          sg_models.SecurityGroup.tenant_id).
+                    filter(sg_models.SecurityGroup.id.
+                           in_(port['security_groups'])).
+                    all())
+        for sg_id, tenant_id in port_sgs:
+            tenant_aname = self.aim_mech_driver.name_mapper.project(
+                context.session, tenant_id)
            details['security_group'].append(
                {'policy-space': tenant_aname,
                 'name': sg_id})
--- a/gbpservice/neutron/tests/unit/services/grouppolicy/test_aim_mapping_driver.py
+++ b/gbpservice/neutron/tests/unit/services/grouppolicy/test_aim_mapping_driver.py
@ -27,10 +27,12 @@ from netaddr import IPSet
 from neutron.api.rpc.agentnotifiers import dhcp_rpc_agent_api
 from neutron.common import utils as n_utils
 from neutron.db import api as db_api
+from neutron.db.models import securitygroup as sg_models
 from neutron.extensions import dns
 from neutron.notifiers import nova
 from neutron.tests.unit.db import test_db_base_plugin_v2 as test_plugin
 from neutron.tests.unit.extensions import test_address_scope
+from neutron.tests.unit.extensions import test_securitygroup
 from neutron_lib.callbacks import registry
 from neutron_lib import constants as n_constants
 from neutron_lib import context as nctx
@ -2600,7 +2602,8 @@ class TestPolicyTargetGroupRollback(AIMBaseTestCase):
        self.dummy.delete_l3_policy_precommit = orig_func


-class TestPolicyTarget(AIMBaseTestCase):
+class TestPolicyTarget(AIMBaseTestCase,
+                       test_securitygroup.SecurityGroupsTestCase):

    def setUp(self, *args, **kwargs):
        super(TestPolicyTarget, self).setUp(*args, **kwargs)
@ -3092,6 +3095,16 @@ class TestPolicyTarget(AIMBaseTestCase):
            policy_target_group_id=ptg['id'])['policy_target']
        self._bind_port_to_host(pt2['port_id'], 'h1')

+        # As admin, create a SG in a different tenant then associate
+        # with the same port
+        sg = self._make_security_group(
+            self.fmt, 'sg_1', 'test',
+            tenant_id='test-tenant-2')['security_group']
+        port = self._plugin.get_port(self._context, pt2['port_id'])
+        port['security_groups'].append(sg['id'])
+        port = self._plugin.update_port(
+            self._context, port['id'], {'port': port})
+
        mapping = self.driver.get_gbp_details(
            self._neutron_admin_context, device='tap%s' % pt2['port_id'],
            host='h2')
@ -3104,13 +3117,17 @@ class TestPolicyTarget(AIMBaseTestCase):
            'uni:tn-t1:out-l2:instP-n2', '200.200.0.3', '200.200.0.1/16')
        self.assertEqual(1000, mapping['interface_mtu'])
        self.assertEqual(100, mapping['dhcp_lease_time'])
-
-        port = self._plugin.get_port(self._context, pt2['port_id'])
-        port_tenant = self.name_mapper.project(None, port['tenant_id'])
        sg_list = []
-        for sg_id in port['security_groups']:
+        ctx = nctx.get_admin_context()
+        port_sgs = (ctx.session.query(sg_models.SecurityGroup.id,
+                                      sg_models.SecurityGroup.tenant_id).
+                    filter(sg_models.SecurityGroup.id.
+                           in_(port['security_groups'])).
+                    all())
+        for sg_id, tenant_id in port_sgs:
+            sg_tenant = self.name_mapper.project(None, tenant_id)
            sg_list.append(
-                {'policy-space': port_tenant,
+                {'policy-space': sg_tenant,
                 'name': sg_id})
        sg_list.append({'policy-space': 'common',
                        'name': self.driver.aim_mech_driver.apic_system_id +