Merge "Changes in security groups in default VPC mode"
This commit is contained in:
commit
8cd198af7d
|
@ -69,6 +69,8 @@ def create_security_group(context, group_name, group_description,
|
||||||
raise exception.InvalidGroupReserved(group_name=group_name)
|
raise exception.InvalidGroupReserved(group_name=group_name)
|
||||||
filter = [{'name': 'group-name',
|
filter = [{'name': 'group-name',
|
||||||
'value': [group_name]}]
|
'value': [group_name]}]
|
||||||
|
if not vpc_id and CONF.disable_ec2_classic:
|
||||||
|
vpc_id = ec2utils.get_default_vpc(context)['id']
|
||||||
if vpc_id and group_name != vpc_id:
|
if vpc_id and group_name != vpc_id:
|
||||||
filter.append({'name': 'vpc-id',
|
filter.append({'name': 'vpc-id',
|
||||||
'value': [vpc_id]})
|
'value': [vpc_id]})
|
||||||
|
@ -115,15 +117,15 @@ def _create_default_security_group(context, vpc):
|
||||||
# NOTE(Alex): OpenStack doesn't allow creation of another group
|
# NOTE(Alex): OpenStack doesn't allow creation of another group
|
||||||
# named 'default' hence vpc-id is used.
|
# named 'default' hence vpc-id is used.
|
||||||
try:
|
try:
|
||||||
_create_security_group(context, vpc['id'],
|
sg_id = _create_security_group(context, vpc['id'],
|
||||||
'Default VPC security group', vpc['id'],
|
'Default VPC security group', vpc['id'],
|
||||||
default=True)
|
default=True)['groupId']
|
||||||
except (exception.EC2DBDuplicateEntry, exception.InvalidVpcIDNotFound):
|
except (exception.EC2DBDuplicateEntry, exception.InvalidVpcIDNotFound):
|
||||||
# NOTE(andrey-mp): when this thread tries to recreate default group
|
# NOTE(andrey-mp): when this thread tries to recreate default group
|
||||||
# but another thread tries to delete vpc we should pass vpc not found
|
# but another thread tries to delete vpc we should pass vpc not found
|
||||||
LOG.exception('Failed to create default security group.')
|
LOG.exception('Failed to create default security group.')
|
||||||
return False
|
return None
|
||||||
return True
|
return sg_id
|
||||||
|
|
||||||
|
|
||||||
def delete_security_group(context, group_name=None, group_id=None,
|
def delete_security_group(context, group_name=None, group_id=None,
|
||||||
|
@ -211,6 +213,12 @@ def describe_security_groups(context, group_name=None, group_id=None,
|
||||||
|
|
||||||
def authorize_security_group_ingress(context, group_id=None,
|
def authorize_security_group_ingress(context, group_id=None,
|
||||||
group_name=None, ip_permissions=None):
|
group_name=None, ip_permissions=None):
|
||||||
|
if group_name and not group_id and CONF.disable_ec2_classic:
|
||||||
|
sg = describe_security_groups(
|
||||||
|
context,
|
||||||
|
group_name=[group_name])['securityGroupInfo'][0]
|
||||||
|
group_id = sg['groupId']
|
||||||
|
group_name = None
|
||||||
return _authorize_security_group(context, group_id, group_name,
|
return _authorize_security_group(context, group_id, group_name,
|
||||||
ip_permissions, 'ingress')
|
ip_permissions, 'ingress')
|
||||||
|
|
||||||
|
@ -472,6 +480,12 @@ class SecurityGroupEngineNeutron(object):
|
||||||
def delete_group(self, context, group_name=None, group_id=None,
|
def delete_group(self, context, group_name=None, group_id=None,
|
||||||
delete_default=False):
|
delete_default=False):
|
||||||
neutron = clients.neutron(context)
|
neutron = clients.neutron(context)
|
||||||
|
if CONF.disable_ec2_classic and group_name:
|
||||||
|
sg = describe_security_groups(
|
||||||
|
context,
|
||||||
|
group_name=[group_name])['securityGroupInfo'][0]
|
||||||
|
group_id = sg['groupId']
|
||||||
|
group_name = None
|
||||||
if group_id is None or not group_id.startswith('sg-'):
|
if group_id is None or not group_id.startswith('sg-'):
|
||||||
return SecurityGroupEngineNova().delete_group(context,
|
return SecurityGroupEngineNova().delete_group(context,
|
||||||
group_name,
|
group_name,
|
||||||
|
|
|
@ -141,9 +141,9 @@ def _create_vpc(context, cidr_block, is_default=False):
|
||||||
vpc['route_table_id'] = route_table['id']
|
vpc['route_table_id'] = route_table['id']
|
||||||
db_api.update_item(context, vpc)
|
db_api.update_item(context, vpc)
|
||||||
neutron.update_router(os_router['id'], {'router': {'name': vpc['id']}})
|
neutron.update_router(os_router['id'], {'router': {'name': vpc['id']}})
|
||||||
security_group_api._create_default_security_group(context, vpc)
|
sg_id = security_group_api._create_default_security_group(context, vpc)
|
||||||
cleaner.addCleanup(security_group_api.delete_security_group, context,
|
cleaner.addCleanup(security_group_api.delete_security_group, context,
|
||||||
group_name=vpc['id'], delete_default=True)
|
group_id=sg_id, delete_default=True)
|
||||||
if is_default:
|
if is_default:
|
||||||
igw_id = internet_gateway_api.create_internet_gateway(
|
igw_id = internet_gateway_api.create_internet_gateway(
|
||||||
context)['internetGateway']['internetGatewayId']
|
context)['internetGateway']['internetGatewayId']
|
||||||
|
|
|
@ -343,8 +343,6 @@ class VpcPrivateTestCase(base.BaseTestCase):
|
||||||
|
|
||||||
self.neutron.create_router.side_effect = (
|
self.neutron.create_router.side_effect = (
|
||||||
tools.get_neutron_create('router', fakes.ID_OS_ROUTER_DEFAULT))
|
tools.get_neutron_create('router', fakes.ID_OS_ROUTER_DEFAULT))
|
||||||
self.nova.security_groups.list.return_value = (
|
|
||||||
[fakes.NovaSecurityGroup(fakes.OS_SECURITY_GROUP_DEFAULT)])
|
|
||||||
|
|
||||||
self.db_api.add_item.side_effect = (
|
self.db_api.add_item.side_effect = (
|
||||||
tools.get_db_api_add_item({'vpc': fakes.ID_EC2_VPC_DEFAULT}))
|
tools.get_db_api_add_item({'vpc': fakes.ID_EC2_VPC_DEFAULT}))
|
||||||
|
@ -356,11 +354,14 @@ class VpcPrivateTestCase(base.BaseTestCase):
|
||||||
self.db_api.get_item_by_id.side_effect = (
|
self.db_api.get_item_by_id.side_effect = (
|
||||||
tools.get_db_api_get_item_by_id(fakes.DB_VPC_DEFAULT,
|
tools.get_db_api_get_item_by_id(fakes.DB_VPC_DEFAULT,
|
||||||
fakes.DB_SUBNET_DEFAULT,
|
fakes.DB_SUBNET_DEFAULT,
|
||||||
|
fakes.DB_SECURITY_GROUP_DEFAULT,
|
||||||
DB_IGW_DEFAULT_DETACHED))
|
DB_IGW_DEFAULT_DETACHED))
|
||||||
create_route_table.return_value = fakes.DB_ROUTE_TABLE_DEFAULT
|
create_route_table.return_value = fakes.DB_ROUTE_TABLE_DEFAULT
|
||||||
create_internet_gateway.return_value = {'internetGateway':
|
create_internet_gateway.return_value = {'internetGateway':
|
||||||
fakes.EC2_IGW_DEFAULT}
|
fakes.EC2_IGW_DEFAULT}
|
||||||
create_subnet.return_value = {'subnet': fakes.EC2_SUBNET_DEFAULT}
|
create_subnet.return_value = {'subnet': fakes.EC2_SUBNET_DEFAULT}
|
||||||
|
create_default_security_group.return_value = (
|
||||||
|
fakes.ID_EC2_SECURITY_GROUP_DEFAULT)
|
||||||
|
|
||||||
# exception during attaching internet gateway
|
# exception during attaching internet gateway
|
||||||
create_route.side_effect = Exception()
|
create_route.side_effect = Exception()
|
||||||
|
@ -374,7 +375,7 @@ class VpcPrivateTestCase(base.BaseTestCase):
|
||||||
fakes.ID_EC2_SUBNET_DEFAULT)
|
fakes.ID_EC2_SUBNET_DEFAULT)
|
||||||
self.db_api.delete_item.assert_any_call(mock.ANY,
|
self.db_api.delete_item.assert_any_call(mock.ANY,
|
||||||
fakes.ID_EC2_IGW_DEFAULT)
|
fakes.ID_EC2_IGW_DEFAULT)
|
||||||
self.nova.security_groups.delete.assert_any_call(
|
self.neutron.delete_security_group.assert_any_call(
|
||||||
fakes.ID_OS_SECURITY_GROUP_DEFAULT)
|
fakes.ID_OS_SECURITY_GROUP_DEFAULT)
|
||||||
self.db_api.delete_item.assert_any_call(mock.ANY,
|
self.db_api.delete_item.assert_any_call(mock.ANY,
|
||||||
fakes.ID_EC2_ROUTE_TABLE_DEFAULT)
|
fakes.ID_EC2_ROUTE_TABLE_DEFAULT)
|
||||||
|
|
Loading…
Reference in New Issue