From b52da6a7c5d1f78ffbf033d5ac20648fc5448222 Mon Sep 17 00:00:00 2001 From: kumari paluru Date: Tue, 29 Sep 2020 10:57:18 +0530 Subject: [PATCH] Delete default security groups created by stack. Default security group gets created during project creation through stack launch. But it's not getting deleted through stack-delete. So added function to delete default security groups created by stack. Closes Bug: #2006692 Change-Id: I00de452057c4589628d963d0e51d44ec9b7ea959 --- .../resources/openstack/keystone/project.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/heat/engine/resources/openstack/keystone/project.py b/heat/engine/resources/openstack/keystone/project.py index 2fdecf19d7..8ea1945e86 100644 --- a/heat/engine/resources/openstack/keystone/project.py +++ b/heat/engine/resources/openstack/keystone/project.py @@ -192,6 +192,24 @@ class KeystoneProject(resource.Resource): result[self.DOMAIN] = resource_data.get('domain_id') return result + def handle_delete(self): + if self.resource_id: + # find and delete the default security group Neutron has created + default_sec_group_name = "default" + nclient = self.client_plugin("neutron").client() + default_sec_groups = nclient.list_security_groups( + project_id=self.resource_id, + name=default_sec_group_name)["security_groups"] + # NOTE(pas-ha) this should always contain a single security group + # (if any) as Netron enforces uniqueness of 'default' security + # group in a project. + # However leaving orphans is bad enough, so we are deleting + # any security group with such name w/o uniqueness check. + for secgroup in default_sec_groups: + with self.client_plugin("neutron").ignore_not_found: + nclient.delete_security_group(secgroup["id"]) + super(KeystoneProject, self).handle_delete() + def resource_mapping(): return {