Raise exception for nova egress secgroup rule

Nova does not support egress security group rules, only Neutron. Trying to add one with the current code base simply ignores the direction and creates an ingress rule. Not ideal. Change-Id: I10f3d67b1f66b8c05eb36ec5cecfb530d93458aa
2015-07-06 15:39:09 -04:00 · 2015-07-06 15:39:09 -04:00 · 2ab23109cb
parent 6a967f737f
commit 2ab23109cb
2 changed files with 15 additions and 0 deletions
--- a/shade/init.py
+++ b/shade/init.py
@ -3104,6 +3104,12 @@ class OpenStackCloud(object):
            if protocol is None:
                raise OpenStackCloudException('Protocol must be specified')

+            if direction == 'egress':
+                self.log.debug(
+                    'Rule creation failed: Nova does not support egress rules'
+                )
+                raise OpenStackCloudException('No support for egress rules')
+
            # NOTE: Neutron accepts None for ports, but Nova requires -1
            # as the equivalent value for ICMP.
            #
--- a/shade/tests/unit/test_security_groups.py
+++ b/shade/tests/unit/test_security_groups.py
@ -324,3 +324,12 @@ class TestSecurityGroups(base.TestCase):
        )
        r = self.cloud.delete_security_group('doesNotExist')
        self.assertFalse(r)
+
+    @mock.patch.object(shade.OpenStackCloud, 'nova_client')
+    def test_nova_egress_security_group_rule(self, mock_nova):
+        self.cloud.secgroup_source = 'nova'
+        mock_nova.security_groups.list.return_value = [nova_grp_obj]
+        self.assertRaises(shade.OpenStackCloudException,
+                          self.cloud.create_security_group_rule,
+                          secgroup_name_or_id='nova-sec-group',
+                          direction='egress')