Fix incorrect log resources querying
This patch aims to fix a co-existence problem between security_group and firewall_group log resources due to incorrect log querying from database. Change-Id: Ic60ad436e0fbb23cdae0e63eaeb73130ebf02089 Closes-Bug: #1787119
This commit is contained in:
parent
088f51cdaf
commit
310bfa326f
|
@ -170,8 +170,10 @@ def get_logs_bound_port(context, port_id):
|
||||||
|
|
||||||
port = port_objects.Port.get_object(context, id=port_id)
|
port = port_objects.Port.get_object(context, id=port_id)
|
||||||
project_id = port['project_id']
|
project_id = port['project_id']
|
||||||
logs = log_object.Log.get_objects(
|
logs = log_object.Log.get_objects(context,
|
||||||
context, project_id=project_id, enabled=True)
|
project_id=project_id,
|
||||||
|
resource_type=constants.SECURITY_GROUP,
|
||||||
|
enabled=True)
|
||||||
is_bound = lambda log: (log.resource_id in port.security_group_ids or
|
is_bound = lambda log: (log.resource_id in port.security_group_ids or
|
||||||
log.target_id == port.id or
|
log.target_id == port.id or
|
||||||
(not log.target_id and not log.resource_id))
|
(not log.target_id and not log.resource_id))
|
||||||
|
@ -183,7 +185,11 @@ def get_logs_bound_sg(context, sg_id):
|
||||||
|
|
||||||
project_id = context.tenant_id
|
project_id = context.tenant_id
|
||||||
log_objs = log_object.Log.get_objects(
|
log_objs = log_object.Log.get_objects(
|
||||||
context, project_id=project_id, enabled=True)
|
context,
|
||||||
|
project_id=project_id,
|
||||||
|
resource_type=constants.SECURITY_GROUP,
|
||||||
|
enabled=True)
|
||||||
|
|
||||||
log_resources = []
|
log_resources = []
|
||||||
for log_obj in log_objs:
|
for log_obj in log_objs:
|
||||||
if log_obj.resource_id == sg_id:
|
if log_obj.resource_id == sg_id:
|
||||||
|
|
|
@ -50,6 +50,7 @@ class LoggingDBApiTestCase(test_sg.SecurityGroupDBTestCase):
|
||||||
super(LoggingDBApiTestCase, self).setUp()
|
super(LoggingDBApiTestCase, self).setUp()
|
||||||
self.context = context.get_admin_context()
|
self.context = context.get_admin_context()
|
||||||
self.sg_id, self.port_id, self.tenant_id = self._create_sg_and_port()
|
self.sg_id, self.port_id, self.tenant_id = self._create_sg_and_port()
|
||||||
|
self.context.tenant_id = self.tenant_id
|
||||||
|
|
||||||
def _create_sg_and_port(self):
|
def _create_sg_and_port(self):
|
||||||
with self.network() as network, \
|
with self.network() as network, \
|
||||||
|
@ -72,6 +73,12 @@ class LoggingDBApiTestCase(test_sg.SecurityGroupDBTestCase):
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
[log], db_api.get_logs_bound_port(self.context, self.port_id))
|
[log], db_api.get_logs_bound_port(self.context, self.port_id))
|
||||||
|
|
||||||
|
# Test get log objects with required resource type
|
||||||
|
calls = [mock.call(self.context, project_id=self.tenant_id,
|
||||||
|
resource_type=log_const.SECURITY_GROUP,
|
||||||
|
enabled=True)]
|
||||||
|
log_object.Log.get_objects.assert_has_calls(calls)
|
||||||
|
|
||||||
def test_get_logs_not_bound_port(self):
|
def test_get_logs_not_bound_port(self):
|
||||||
fake_sg_id = uuidutils.generate_uuid()
|
fake_sg_id = uuidutils.generate_uuid()
|
||||||
log = _create_log(resource_id=fake_sg_id, tenant_id=self.tenant_id)
|
log = _create_log(resource_id=fake_sg_id, tenant_id=self.tenant_id)
|
||||||
|
@ -80,6 +87,12 @@ class LoggingDBApiTestCase(test_sg.SecurityGroupDBTestCase):
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
[], db_api.get_logs_bound_port(self.context, self.port_id))
|
[], db_api.get_logs_bound_port(self.context, self.port_id))
|
||||||
|
|
||||||
|
# Test get log objects with required resource type
|
||||||
|
calls = [mock.call(self.context, project_id=self.tenant_id,
|
||||||
|
resource_type=log_const.SECURITY_GROUP,
|
||||||
|
enabled=True)]
|
||||||
|
log_object.Log.get_objects.assert_has_calls(calls)
|
||||||
|
|
||||||
def test_get_logs_bound_sg(self):
|
def test_get_logs_bound_sg(self):
|
||||||
log = _create_log(resource_id=self.sg_id, tenant_id=self.tenant_id)
|
log = _create_log(resource_id=self.sg_id, tenant_id=self.tenant_id)
|
||||||
with mock.patch.object(log_object.Log, 'get_objects',
|
with mock.patch.object(log_object.Log, 'get_objects',
|
||||||
|
@ -87,6 +100,12 @@ class LoggingDBApiTestCase(test_sg.SecurityGroupDBTestCase):
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
[log], db_api.get_logs_bound_sg(self.context, self.sg_id))
|
[log], db_api.get_logs_bound_sg(self.context, self.sg_id))
|
||||||
|
|
||||||
|
# Test get log objects with required resource type
|
||||||
|
calls = [mock.call(self.context, project_id=self.tenant_id,
|
||||||
|
resource_type=log_const.SECURITY_GROUP,
|
||||||
|
enabled=True)]
|
||||||
|
log_object.Log.get_objects.assert_has_calls(calls)
|
||||||
|
|
||||||
def test_get_logs_not_bound_sg(self):
|
def test_get_logs_not_bound_sg(self):
|
||||||
with self.network() as network, \
|
with self.network() as network, \
|
||||||
self.subnet(network), \
|
self.subnet(network), \
|
||||||
|
@ -102,6 +121,12 @@ class LoggingDBApiTestCase(test_sg.SecurityGroupDBTestCase):
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
[], db_api.get_logs_bound_sg(self.context, self.sg_id))
|
[], db_api.get_logs_bound_sg(self.context, self.sg_id))
|
||||||
|
|
||||||
|
# Test get log objects with required resource type
|
||||||
|
calls = [mock.call(self.context, project_id=self.tenant_id,
|
||||||
|
resource_type=log_const.SECURITY_GROUP,
|
||||||
|
enabled=True)]
|
||||||
|
log_object.Log.get_objects.assert_has_calls(calls)
|
||||||
|
|
||||||
def test__get_ports_being_logged(self):
|
def test__get_ports_being_logged(self):
|
||||||
log1 = _create_log(target_id=self.port_id,
|
log1 = _create_log(target_id=self.port_id,
|
||||||
tenant_id=self.tenant_id)
|
tenant_id=self.tenant_id)
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Add ``resource_type`` into log object query to distinguish between security
|
||||||
|
group and firewall group log objects.
|
||||||
|
For more information see bug
|
||||||
|
`1787119 <https://bugs.launchpad.net/neutron/+bug/1787119>`_.
|
Loading…
Reference in New Issue