Also add the dhcp ipv6 rules to the default security group.

Change-Id: I4d4fb9ea65eef36fbd816d7c4a671d4fe35356a8

gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/mechanism_driver.py

@@ -282,6 +282,38 @@ class ApicMechanismDriver(api_plus.MechanismDriver,
             conn_track='normal')
         self.aim.create(aim_ctx, dhcp_ingress_rule, overwrite=True)
 
+        dname = aim_utils.sanitize_display_name(
+            'DefaultSecurityGroupDhcp6EgressRule')
+        dhcp6_egress_rule = aim_resource.SecurityGroupRule(
+            tenant_name=COMMON_TENANT_NAME,
+            security_group_name=sg_name,
+            security_group_subject_name='default',
+            name='dhcp6_egress',
+            display_name=dname,
+            direction='egress',
+            ethertype='ipv6',
+            ip_protocol='udp',
+            from_port='547',
+            to_port='547',
+            conn_track='normal')
+        self.aim.create(aim_ctx, dhcp6_egress_rule, overwrite=True)
+
+        dname = aim_utils.sanitize_display_name(
+            'DefaultSecurityGroupDhcp6IngressRule')
+        dhcp6_ingress_rule = aim_resource.SecurityGroupRule(
+            tenant_name=COMMON_TENANT_NAME,
+            security_group_name=sg_name,
+            security_group_subject_name='default',
+            name='dhcp6_ingress',
+            display_name=dname,
+            direction='ingress',
+            ethertype='ipv6',
+            ip_protocol='udp',
+            from_port='546',
+            to_port='546',
+            conn_track='normal')
+        self.aim.create(aim_ctx, dhcp6_ingress_rule, overwrite=True)
+
     def _setup_keystone_notification_listeners(self):
         targets = [oslo_messaging.Target(
                     exchange=self.keystone_notification_exchange,

gbpservice/neutron/tests/unit/plugins/ml2plus/test_apic_aim.py

@@ -920,6 +920,40 @@ class TestAimMapping(ApicAimTestCase):
         self.assertEqual('68', sg_rule.to_port)
         self.assertEqual('normal', sg_rule.conn_track)
 
+        # Check DHCP6 egress SecurityGroupRule.
+        sg_rule = self._get_sg_rule(
+            'dhcp6_egress', 'default', sg_aname, 'common')
+        self.assertEqual('common', sg_rule.tenant_name)
+        self.assertEqual(sg_aname, sg_rule.security_group_name)
+        self.assertEqual('default', sg_rule.security_group_subject_name)
+        self.assertEqual('dhcp6_egress', sg_rule.name)
+        self.assertEqual(
+            'DefaultSecurityGroupDhcp6EgressRule', sg_rule.display_name)
+        self.assertEqual('egress', sg_rule.direction)
+        self.assertEqual('ipv6', sg_rule.ethertype)
+        self.assertEqual('udp', sg_rule.ip_protocol)
+        self.assertEqual([], sg_rule.remote_ips)
+        self.assertEqual('547', sg_rule.from_port)
+        self.assertEqual('547', sg_rule.to_port)
+        self.assertEqual('normal', sg_rule.conn_track)
+
+        # Check DHCP6 ingress SecurityGroupRule.
+        sg_rule = self._get_sg_rule(
+            'dhcp6_ingress', 'default', sg_aname, 'common')
+        self.assertEqual('common', sg_rule.tenant_name)
+        self.assertEqual(sg_aname, sg_rule.security_group_name)
+        self.assertEqual('default', sg_rule.security_group_subject_name)
+        self.assertEqual('dhcp6_ingress', sg_rule.name)
+        self.assertEqual(
+            'DefaultSecurityGroupDhcp6IngressRule', sg_rule.display_name)
+        self.assertEqual('ingress', sg_rule.direction)
+        self.assertEqual('ipv6', sg_rule.ethertype)
+        self.assertEqual('udp', sg_rule.ip_protocol)
+        self.assertEqual([], sg_rule.remote_ips)
+        self.assertEqual('546', sg_rule.from_port)
+        self.assertEqual('546', sg_rule.to_port)
+        self.assertEqual('normal', sg_rule.conn_track)
+
     def test_network_lifecycle(self):
         # Test create.
         net = self._make_network(self.fmt, 'net1', True)['network']