From d7ccd2bfba17a8cc000eb588804acd80a5d62723 Mon Sep 17 00:00:00 2001
From: James Page <james.page@ubuntu.com>
Date: Thu, 21 Sep 2017 21:53:51 +0100
Subject: [PATCH] apparmor: manage lbaasv2 profile >= newton

Ensure that the LBaaS v2 profile is managed for OpenStack Newton
or later, in preference to the removed LBaaS v1 profile.

Change-Id: I2510e55a1bb14ee5771c0991d8257faa321b7621
Closes-Bug: 1718768
---
 hooks/neutron_utils.py           |  7 ++++++-
 unit_tests/test_neutron_hooks.py |  2 ++
 unit_tests/test_neutron_utils.py | 18 ++++++++++++++++++
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/hooks/neutron_utils.py b/hooks/neutron_utils.py
index 87ed652a..273ee020 100644
--- a/hooks/neutron_utils.py
+++ b/hooks/neutron_utils.py
@@ -1542,5 +1542,10 @@ def _pause_resume_helper(f, configs):
 
 def configure_apparmor():
     '''Configure all apparmor profiles for the local unit'''
-    for profile in APPARMOR_PROFILES:
+    profiles = deepcopy(APPARMOR_PROFILES)
+    cmp_os_source = CompareOpenStackReleases(os_release('neutron-common'))
+    if cmp_os_source >= 'newton':
+        profiles.remove(NEUTRON_LBAAS_AA_PROFILE)
+        profiles.append(NEUTRON_LBAASV2_AA_PROFILE)
+    for profile in profiles:
         context.AppArmorContext(profile).setup_aa_profile()
diff --git a/unit_tests/test_neutron_hooks.py b/unit_tests/test_neutron_hooks.py
index 969b79f8..53b8f0cc 100644
--- a/unit_tests/test_neutron_hooks.py
+++ b/unit_tests/test_neutron_hooks.py
@@ -58,6 +58,7 @@ TO_PATCH = [
     'service_restart',
     'is_unit_paused_set',
     'install_systemd_override',
+    'configure_apparmor',
 ]
 
 
@@ -164,6 +165,7 @@ class TestQuantumHooks(CharmTestCase):
         self.assertTrue(_amqp_nova_joined.called)
         self.assertTrue(_zmq_joined.called)
         self.assertTrue(self.create_sysctl.called)
+        self.configure_apparmor.assert_called_with()
 
     @patch.object(hooks, 'git_install_requested')
     def test_config_changed_upgrade(self, git_requested):
diff --git a/unit_tests/test_neutron_utils.py b/unit_tests/test_neutron_utils.py
index 3bb7ef2d..48217dd2 100644
--- a/unit_tests/test_neutron_utils.py
+++ b/unit_tests/test_neutron_utils.py
@@ -1537,3 +1537,21 @@ class TestNeutronAgentReallocation(CharmTestCase):
         _subprocess.check_call.assert_called_with(
             ['systemctl', 'daemon-reload']
         )
+
+    @patch.object(neutron_utils, 'context')
+    def test_configure_apparmor_mitaka(self, context):
+        self.os_release.return_value = 'mitaka'
+        context.AppArmorContext = MagicMock()
+        neutron_utils.configure_apparmor()
+        context.AppArmorContext.assert_any_call(
+            neutron_utils.NEUTRON_LBAAS_AA_PROFILE
+        )
+
+    @patch.object(neutron_utils, 'context')
+    def test_configure_apparmor_newton(self, context):
+        self.os_release.return_value = 'newton'
+        context.AppArmorContext = MagicMock()
+        neutron_utils.configure_apparmor()
+        context.AppArmorContext.assert_any_call(
+            neutron_utils.NEUTRON_LBAASV2_AA_PROFILE
+        )