Fix incorrect log resources querying

This patch aims to fix a co-existence problem between security_group
and firewall_group log resources due to incorrect log querying from
database.

Change-Id: Ic60ad436e0fbb23cdae0e63eaeb73130ebf02089
Closes-Bug: #1787119
This commit is contained in:
Kim Bao Long 2018-08-15 15:52:28 +07:00
parent 088f51cdaf
commit 310bfa326f
3 changed files with 41 additions and 3 deletions

View File

@ -170,8 +170,10 @@ def get_logs_bound_port(context, port_id):
port = port_objects.Port.get_object(context, id=port_id)
project_id = port['project_id']
logs = log_object.Log.get_objects(
context, project_id=project_id, enabled=True)
logs = log_object.Log.get_objects(context,
project_id=project_id,
resource_type=constants.SECURITY_GROUP,
enabled=True)
is_bound = lambda log: (log.resource_id in port.security_group_ids or
log.target_id == port.id or
(not log.target_id and not log.resource_id))
@ -183,7 +185,11 @@ def get_logs_bound_sg(context, sg_id):
project_id = context.tenant_id
log_objs = log_object.Log.get_objects(
context, project_id=project_id, enabled=True)
context,
project_id=project_id,
resource_type=constants.SECURITY_GROUP,
enabled=True)
log_resources = []
for log_obj in log_objs:
if log_obj.resource_id == sg_id:

View File

@ -50,6 +50,7 @@ class LoggingDBApiTestCase(test_sg.SecurityGroupDBTestCase):
super(LoggingDBApiTestCase, self).setUp()
self.context = context.get_admin_context()
self.sg_id, self.port_id, self.tenant_id = self._create_sg_and_port()
self.context.tenant_id = self.tenant_id
def _create_sg_and_port(self):
with self.network() as network, \
@ -72,6 +73,12 @@ class LoggingDBApiTestCase(test_sg.SecurityGroupDBTestCase):
self.assertEqual(
[log], db_api.get_logs_bound_port(self.context, self.port_id))
# Test get log objects with required resource type
calls = [mock.call(self.context, project_id=self.tenant_id,
resource_type=log_const.SECURITY_GROUP,
enabled=True)]
log_object.Log.get_objects.assert_has_calls(calls)
def test_get_logs_not_bound_port(self):
fake_sg_id = uuidutils.generate_uuid()
log = _create_log(resource_id=fake_sg_id, tenant_id=self.tenant_id)
@ -80,6 +87,12 @@ class LoggingDBApiTestCase(test_sg.SecurityGroupDBTestCase):
self.assertEqual(
[], db_api.get_logs_bound_port(self.context, self.port_id))
# Test get log objects with required resource type
calls = [mock.call(self.context, project_id=self.tenant_id,
resource_type=log_const.SECURITY_GROUP,
enabled=True)]
log_object.Log.get_objects.assert_has_calls(calls)
def test_get_logs_bound_sg(self):
log = _create_log(resource_id=self.sg_id, tenant_id=self.tenant_id)
with mock.patch.object(log_object.Log, 'get_objects',
@ -87,6 +100,12 @@ class LoggingDBApiTestCase(test_sg.SecurityGroupDBTestCase):
self.assertEqual(
[log], db_api.get_logs_bound_sg(self.context, self.sg_id))
# Test get log objects with required resource type
calls = [mock.call(self.context, project_id=self.tenant_id,
resource_type=log_const.SECURITY_GROUP,
enabled=True)]
log_object.Log.get_objects.assert_has_calls(calls)
def test_get_logs_not_bound_sg(self):
with self.network() as network, \
self.subnet(network), \
@ -102,6 +121,12 @@ class LoggingDBApiTestCase(test_sg.SecurityGroupDBTestCase):
self.assertEqual(
[], db_api.get_logs_bound_sg(self.context, self.sg_id))
# Test get log objects with required resource type
calls = [mock.call(self.context, project_id=self.tenant_id,
resource_type=log_const.SECURITY_GROUP,
enabled=True)]
log_object.Log.get_objects.assert_has_calls(calls)
def test__get_ports_being_logged(self):
log1 = _create_log(target_id=self.port_id,
tenant_id=self.tenant_id)

View File

@ -0,0 +1,7 @@
---
fixes:
- |
Add ``resource_type`` into log object query to distinguish between security
group and firewall group log objects.
For more information see bug
`1787119 <https://bugs.launchpad.net/neutron/+bug/1787119>`_.