summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-06-19 08:24:09 +0000
committerGerrit Code Review <review@openstack.org>2017-06-19 08:24:09 +0000
commit7cb56a1628883a76d5971a850365dc9ead66b7a0 (patch)
treec9c0c94acf59a8d65a05ceaac5328db0f9f4864d
parentab0dba40d15aa9c003af9e25a2ef134355421421 (diff)
parent89abce3efe0645cc08e840b4cc4d455889ee8866 (diff)
Merge "Pass the complete info in sg/rules db into PRECOMMIT_XXX callback"
-rw-r--r--neutron/db/securitygroups_db.py45
-rw-r--r--neutron/tests/unit/db/test_securitygroups_db.py54
2 files changed, 67 insertions, 32 deletions
diff --git a/neutron/db/securitygroups_db.py b/neutron/db/securitygroups_db.py
index ba4b3bb..e4aea06 100644
--- a/neutron/db/securitygroups_db.py
+++ b/neutron/db/securitygroups_db.py
@@ -116,16 +116,15 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
116 sg.rules.append(egress_rule) 116 sg.rules.append(egress_rule)
117 sg.obj_reset_changes(['rules']) 117 sg.obj_reset_changes(['rules'])
118 118
119 # fetch sg from db to load the sg rules with sg model.
120 sg = sg_obj.SecurityGroup.get_object(context, id=sg.id)
121 secgroup_dict = self._make_security_group_dict(sg)
122 kwargs['security_group'] = secgroup_dict
119 self._registry_notify(resources.SECURITY_GROUP, 123 self._registry_notify(resources.SECURITY_GROUP,
120 events.PRECOMMIT_CREATE, 124 events.PRECOMMIT_CREATE,
121 exc_cls=ext_sg.SecurityGroupConflict, 125 exc_cls=ext_sg.SecurityGroupConflict,
122 **kwargs) 126 **kwargs)
123 127
124 # fetch sg from db to load the sg rules with sg model.
125 sg = sg_obj.SecurityGroup.get_object(context, id=sg.id)
126 secgroup_dict = self._make_security_group_dict(sg)
127
128 kwargs['security_group'] = secgroup_dict
129 registry.notify(resources.SECURITY_GROUP, events.AFTER_CREATE, self, 128 registry.notify(resources.SECURITY_GROUP, events.AFTER_CREATE, self,
130 **kwargs) 129 **kwargs)
131 return secgroup_dict 130 return secgroup_dict
@@ -220,6 +219,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
220 ports = self._get_port_security_group_bindings(context, filters) 219 ports = self._get_port_security_group_bindings(context, filters)
221 sg = self._get_security_group(context, id) 220 sg = self._get_security_group(context, id)
222 kwargs['security_group_rule_ids'] = [r['id'] for r in sg.rules] 221 kwargs['security_group_rule_ids'] = [r['id'] for r in sg.rules]
222 kwargs['security_group'] = self._make_security_group_dict(sg)
223 self._registry_notify(resources.SECURITY_GROUP, 223 self._registry_notify(resources.SECURITY_GROUP,
224 events.PRECOMMIT_DELETE, 224 events.PRECOMMIT_DELETE,
225 exc_cls=ext_sg.SecurityGroupInUse, id=id, 225 exc_cls=ext_sg.SecurityGroupInUse, id=id,
@@ -246,6 +246,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
246 sg = self._get_security_group(context, id) 246 sg = self._get_security_group(context, id)
247 if sg.name == 'default' and 'name' in s: 247 if sg.name == 'default' and 'name' in s:
248 raise ext_sg.SecurityGroupCannotUpdateDefault() 248 raise ext_sg.SecurityGroupCannotUpdateDefault()
249 kwargs['security_group'] = self._make_security_group_dict(sg)
250
249 self._registry_notify( 251 self._registry_notify(
250 resources.SECURITY_GROUP, 252 resources.SECURITY_GROUP,
251 events.PRECOMMIT_UPDATE, 253 events.PRECOMMIT_UPDATE,
@@ -344,14 +346,6 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
344 if validate: 346 if validate:
345 self._validate_security_group_rule(context, security_group_rule) 347 self._validate_security_group_rule(context, security_group_rule)
346 rule_dict = security_group_rule['security_group_rule'] 348 rule_dict = security_group_rule['security_group_rule']
347 kwargs = {
348 'context': context,
349 'security_group_rule': rule_dict
350 }
351 self._registry_notify(resources.SECURITY_GROUP_RULE,
352 events.BEFORE_CREATE,
353 exc_cls=ext_sg.SecurityGroupConflict, **kwargs)
354
355 remote_ip_prefix = rule_dict.get('remote_ip_prefix') 349 remote_ip_prefix = rule_dict.get('remote_ip_prefix')
356 if remote_ip_prefix: 350 if remote_ip_prefix:
357 remote_ip_prefix = utils.AuthenticIPNetwork(remote_ip_prefix) 351 remote_ip_prefix = utils.AuthenticIPNetwork(remote_ip_prefix)
@@ -381,19 +375,30 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
381 if port_range_max is not None: 375 if port_range_max is not None:
382 args['port_range_max'] = port_range_max 376 args['port_range_max'] = port_range_max
383 377
378 kwargs = {
379 'context': context,
380 'security_group_rule': args
381 }
382 self._registry_notify(resources.SECURITY_GROUP_RULE,
383 events.BEFORE_CREATE,
384 exc_cls=ext_sg.SecurityGroupConflict, **kwargs)
384 with db_api.context_manager.writer.using(context): 385 with db_api.context_manager.writer.using(context):
385 if validate: 386 if validate:
386 self._check_for_duplicate_rules_in_db(context, 387 self._check_for_duplicate_rules_in_db(context,
387 security_group_rule) 388 security_group_rule)
388 sg_rule = sg_obj.SecurityGroupRule(context, **args) 389 sg_rule = sg_obj.SecurityGroupRule(context, **args)
389 sg_rule.create() 390 sg_rule.create()
391
392 # fetch sg_rule from db to load the sg rules with sg model
393 # otherwise a DetachedInstanceError can occur for model extensions
394 sg_rule = sg_obj.SecurityGroupRule.get_object(context,
395 id=sg_rule.id)
396 res_rule_dict = self._make_security_group_rule_dict(sg_rule.db_obj)
397 kwargs['security_group_rule'] = res_rule_dict
390 self._registry_notify(resources.SECURITY_GROUP_RULE, 398 self._registry_notify(resources.SECURITY_GROUP_RULE,
391 events.PRECOMMIT_CREATE, 399 events.PRECOMMIT_CREATE,
392 exc_cls=ext_sg.SecurityGroupConflict, **kwargs) 400 exc_cls=ext_sg.SecurityGroupConflict, **kwargs)
393 # fetch sg_rule from db to load the sg rules with sg model otherwise 401 return res_rule_dict
394 # a DetachedInstanceError can occur for model extensions
395 sg_rule = sg_obj.SecurityGroupRule.get_object(context, id=sg_rule.id)
396 return self._make_security_group_rule_dict(sg_rule.db_obj)
397 402
398 def _get_ip_proto_number(self, protocol): 403 def _get_ip_proto_number(self, protocol):
399 if protocol is None: 404 if protocol is None:
@@ -678,16 +683,14 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
678 exc_cls=ext_sg.SecurityGroupRuleInUse, **kwargs) 683 exc_cls=ext_sg.SecurityGroupRuleInUse, **kwargs)
679 684
680 with db_api.context_manager.writer.using(context): 685 with db_api.context_manager.writer.using(context):
686 sgr = self._get_security_group_rule(context, id)
687 kwargs['security_group_id'] = sgr['security_group_id']
681 self._registry_notify(resources.SECURITY_GROUP_RULE, 688 self._registry_notify(resources.SECURITY_GROUP_RULE,
682 events.PRECOMMIT_DELETE, 689 events.PRECOMMIT_DELETE,
683 exc_cls=ext_sg.SecurityGroupRuleInUse, id=id, 690 exc_cls=ext_sg.SecurityGroupRuleInUse, id=id,
684 **kwargs) 691 **kwargs)
685
686 sgr = self._get_security_group_rule(context, id)
687 sgr.delete() 692 sgr.delete()
688 693
689 kwargs['security_group_id'] = sgr['security_group_id']
690
691 registry.notify( 694 registry.notify(
692 resources.SECURITY_GROUP_RULE, events.AFTER_DELETE, self, 695 resources.SECURITY_GROUP_RULE, events.AFTER_DELETE, self,
693 **kwargs) 696 **kwargs)
diff --git a/neutron/tests/unit/db/test_securitygroups_db.py b/neutron/tests/unit/db/test_securitygroups_db.py
index 2a81b49..61ddd6b 100644
--- a/neutron/tests/unit/db/test_securitygroups_db.py
+++ b/neutron/tests/unit/db/test_securitygroups_db.py
@@ -254,28 +254,60 @@ class SecurityGroupDbMixinTestCase(testlib_api.SqlTestCase):
254 self.assertTrue(mock_rollback.called) 254 self.assertTrue(mock_rollback.called)
255 255
256 def test_security_group_precommit_create_event(self): 256 def test_security_group_precommit_create_event(self):
257 DEFAULT_SECGROUP = {
258 'tenant_id': FAKE_SECGROUP['security_group']['tenant_id'],
259 'name': 'default',
260 'description': 'Default security group',
261 }
262 DEFAULT_SECGROUP_DICT = {
263 'id': mock.ANY,
264 'tenant_id': FAKE_SECGROUP['security_group']['tenant_id'],
265 'project_id': FAKE_SECGROUP['security_group']['tenant_id'],
266 'name': 'default',
267 'description': 'Default security group',
268 'security_group_rules': mock.ANY,
269 }
257 with mock.patch.object(registry, "notify") as mock_notify: 270 with mock.patch.object(registry, "notify") as mock_notify:
258 self.mixin.create_security_group(self.ctx, FAKE_SECGROUP) 271 sg_dict = self.mixin.create_security_group(self.ctx, FAKE_SECGROUP)
259 mock_notify.assert_has_calls([mock.call('security_group', 272 mock_notify.assert_has_calls([
260 'precommit_create', mock.ANY, context=mock.ANY, 273 mock.call('security_group', 'before_create', mock.ANY,
261 is_default=mock.ANY, security_group=mock.ANY)]) 274 context=mock.ANY, is_default=False,
275 security_group=FAKE_SECGROUP['security_group']),
276
277 mock.call('security_group', 'before_create', mock.ANY,
278 context=mock.ANY, is_default=True,
279 security_group=DEFAULT_SECGROUP),
280 mock.call('security_group', 'precommit_create', mock.ANY,
281 context=mock.ANY, is_default=True,
282 security_group=DEFAULT_SECGROUP_DICT),
283 mock.call('security_group', 'after_create', mock.ANY,
284 context=mock.ANY, is_default=True,
285 security_group=DEFAULT_SECGROUP_DICT),
286
287 mock.call('security_group', 'precommit_create', mock.ANY,
288 context=mock.ANY, is_default=False,
289 security_group=sg_dict),
290 mock.call('security_group', 'after_create', mock.ANY,
291 context=mock.ANY, is_default=False,
292 security_group=sg_dict)])
262 293
263 def test_security_group_precommit_update_event(self): 294 def test_security_group_precommit_update_event(self):
264 sg_dict = self.mixin.create_security_group(self.ctx, FAKE_SECGROUP) 295 sg_dict = self.mixin.create_security_group(self.ctx, FAKE_SECGROUP)
265 with mock.patch.object(registry, "notify") as mock_notify: 296 with mock.patch.object(registry, "notify") as mock_notify:
266 self.mixin.update_security_group(self.ctx, sg_dict['id'],
267 FAKE_SECGROUP)
268 mock_notify.assert_has_calls([mock.call('security_group', 297 mock_notify.assert_has_calls([mock.call('security_group',
269 'precommit_update', mock.ANY, context=mock.ANY, 298 'precommit_update', mock.ANY, context=mock.ANY,
270 security_group=mock.ANY, security_group_id=sg_dict['id'])]) 299 security_group=self.mixin.update_security_group(
300 self.ctx, sg_dict['id'], FAKE_SECGROUP),
301 security_group_id=sg_dict['id'])])
271 302
272 def test_security_group_precommit_and_after_delete_event(self): 303 def test_security_group_precommit_and_after_delete_event(self):
273 sg_dict = self.mixin.create_security_group(self.ctx, FAKE_SECGROUP) 304 sg_dict = self.mixin.create_security_group(self.ctx, FAKE_SECGROUP)
274 with mock.patch.object(registry, "notify") as mock_notify: 305 with mock.patch.object(registry, "notify") as mock_notify:
275 self.mixin.delete_security_group(self.ctx, sg_dict['id']) 306 self.mixin.delete_security_group(self.ctx, sg_dict['id'])
307 sg_dict['security_group_rules'] = mock.ANY
276 mock_notify.assert_has_calls( 308 mock_notify.assert_has_calls(
277 [mock.call('security_group', 'precommit_delete', 309 [mock.call('security_group', 'precommit_delete',
278 mock.ANY, context=mock.ANY, security_group=mock.ANY, 310 mock.ANY, context=mock.ANY, security_group=sg_dict,
279 security_group_id=sg_dict['id'], 311 security_group_id=sg_dict['id'],
280 security_group_rule_ids=[mock.ANY, mock.ANY]), 312 security_group_rule_ids=[mock.ANY, mock.ANY]),
281 mock.call('security_group', 'after_delete', 313 mock.call('security_group', 'after_delete',
@@ -319,11 +351,10 @@ class SecurityGroupDbMixinTestCase(testlib_api.SqlTestCase):
319 fake_rule['security_group_rule']['security_group_id'] = sg_dict['id'] 351 fake_rule['security_group_rule']['security_group_id'] = sg_dict['id']
320 with mock.patch.object(registry, "notify") as mock_notify, \ 352 with mock.patch.object(registry, "notify") as mock_notify, \
321 mock.patch.object(self.mixin, '_get_security_group'): 353 mock.patch.object(self.mixin, '_get_security_group'):
322 self.mixin.create_security_group_rule(self.ctx,
323 fake_rule)
324 mock_notify.assert_has_calls([mock.call('security_group_rule', 354 mock_notify.assert_has_calls([mock.call('security_group_rule',
325 'precommit_create', mock.ANY, context=mock.ANY, 355 'precommit_create', mock.ANY, context=mock.ANY,
326 security_group_rule=mock.ANY)]) 356 security_group_rule=self.mixin.create_security_group_rule(
357 self.ctx, fake_rule))])
327 358
328 def test_sg_rule_before_precommit_and_after_delete_event(self): 359 def test_sg_rule_before_precommit_and_after_delete_event(self):
329 sg_dict = self.mixin.create_security_group(self.ctx, FAKE_SECGROUP) 360 sg_dict = self.mixin.create_security_group(self.ctx, FAKE_SECGROUP)
@@ -340,6 +371,7 @@ class SecurityGroupDbMixinTestCase(testlib_api.SqlTestCase):
340 security_group_rule_id=sg_rule_dict['id'])]) 371 security_group_rule_id=sg_rule_dict['id'])])
341 mock_notify.assert_has_calls([mock.call('security_group_rule', 372 mock_notify.assert_has_calls([mock.call('security_group_rule',
342 'precommit_delete', mock.ANY, context=mock.ANY, 373 'precommit_delete', mock.ANY, context=mock.ANY,
374 security_group_id=sg_dict['id'],
343 security_group_rule_id=sg_rule_dict['id'])]) 375 security_group_rule_id=sg_rule_dict['id'])])
344 mock_notify.assert_has_calls([mock.call('security_group_rule', 376 mock_notify.assert_has_calls([mock.call('security_group_rule',
345 'after_delete', mock.ANY, context=mock.ANY, 377 'after_delete', mock.ANY, context=mock.ANY,