diff --git a/gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/mechanism_driver.py b/gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/mechanism_driver.py index 0a7fbe1fb..3aded7f94 100644 --- a/gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/mechanism_driver.py +++ b/gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/mechanism_driver.py @@ -282,6 +282,38 @@ class ApicMechanismDriver(api_plus.MechanismDriver, conn_track='normal') self.aim.create(aim_ctx, dhcp_ingress_rule, overwrite=True) + dname = aim_utils.sanitize_display_name( + 'DefaultSecurityGroupDhcp6EgressRule') + dhcp6_egress_rule = aim_resource.SecurityGroupRule( + tenant_name=COMMON_TENANT_NAME, + security_group_name=sg_name, + security_group_subject_name='default', + name='dhcp6_egress', + display_name=dname, + direction='egress', + ethertype='ipv6', + ip_protocol='udp', + from_port='547', + to_port='547', + conn_track='normal') + self.aim.create(aim_ctx, dhcp6_egress_rule, overwrite=True) + + dname = aim_utils.sanitize_display_name( + 'DefaultSecurityGroupDhcp6IngressRule') + dhcp6_ingress_rule = aim_resource.SecurityGroupRule( + tenant_name=COMMON_TENANT_NAME, + security_group_name=sg_name, + security_group_subject_name='default', + name='dhcp6_ingress', + display_name=dname, + direction='ingress', + ethertype='ipv6', + ip_protocol='udp', + from_port='546', + to_port='546', + conn_track='normal') + self.aim.create(aim_ctx, dhcp6_ingress_rule, overwrite=True) + def _setup_keystone_notification_listeners(self): targets = [oslo_messaging.Target( exchange=self.keystone_notification_exchange, diff --git a/gbpservice/neutron/tests/unit/plugins/ml2plus/test_apic_aim.py b/gbpservice/neutron/tests/unit/plugins/ml2plus/test_apic_aim.py index 6e20327d4..21c2a3423 100644 --- a/gbpservice/neutron/tests/unit/plugins/ml2plus/test_apic_aim.py +++ b/gbpservice/neutron/tests/unit/plugins/ml2plus/test_apic_aim.py @@ -920,6 +920,40 @@ class TestAimMapping(ApicAimTestCase): self.assertEqual('68', sg_rule.to_port) self.assertEqual('normal', sg_rule.conn_track) + # Check DHCP6 egress SecurityGroupRule. + sg_rule = self._get_sg_rule( + 'dhcp6_egress', 'default', sg_aname, 'common') + self.assertEqual('common', sg_rule.tenant_name) + self.assertEqual(sg_aname, sg_rule.security_group_name) + self.assertEqual('default', sg_rule.security_group_subject_name) + self.assertEqual('dhcp6_egress', sg_rule.name) + self.assertEqual( + 'DefaultSecurityGroupDhcp6EgressRule', sg_rule.display_name) + self.assertEqual('egress', sg_rule.direction) + self.assertEqual('ipv6', sg_rule.ethertype) + self.assertEqual('udp', sg_rule.ip_protocol) + self.assertEqual([], sg_rule.remote_ips) + self.assertEqual('547', sg_rule.from_port) + self.assertEqual('547', sg_rule.to_port) + self.assertEqual('normal', sg_rule.conn_track) + + # Check DHCP6 ingress SecurityGroupRule. + sg_rule = self._get_sg_rule( + 'dhcp6_ingress', 'default', sg_aname, 'common') + self.assertEqual('common', sg_rule.tenant_name) + self.assertEqual(sg_aname, sg_rule.security_group_name) + self.assertEqual('default', sg_rule.security_group_subject_name) + self.assertEqual('dhcp6_ingress', sg_rule.name) + self.assertEqual( + 'DefaultSecurityGroupDhcp6IngressRule', sg_rule.display_name) + self.assertEqual('ingress', sg_rule.direction) + self.assertEqual('ipv6', sg_rule.ethertype) + self.assertEqual('udp', sg_rule.ip_protocol) + self.assertEqual([], sg_rule.remote_ips) + self.assertEqual('546', sg_rule.from_port) + self.assertEqual('546', sg_rule.to_port) + self.assertEqual('normal', sg_rule.conn_track) + def test_network_lifecycle(self): # Test create. net = self._make_network(self.fmt, 'net1', True)['network']