f25776a5c3
Existing implementation of Neutron-based networking assumed that the neutron's security groups are used to manage VM accessibility. However there may exist environments with disabled security-group extension in Neutron and thus relying on something else to restrict the traffic. Murano could not operate in such environments since it always was attempting to create resources of type OS::Neutron::SecurityGroup and attach VMs' ports to this resource. This is addressed by introducing a new subclass of SecurityGroupManager - DummySecurityGroupManager, which actually does nothing but silently ignores the calls to create security rules. This new security manager is instantiated instead of NeutronSecurityGroupManager for Neutron-based networks in cases if the 'security-group' extension is not present in Neutron's configuration. If it is instantiated a warning message is reported to the end-user to notify them that security requirements of the application were ignored. Change-Id: Ia3bc6c17f9ca0a4b8bf8c272481760a8c81b27b7 Closes-bug: #1593253
6 lines
198 B
YAML
6 lines
198 B
YAML
---
|
|
fixes:
|
|
- Murano is now able to deploy applications in the environments with disabled
|
|
Neutron Security Groups. Detection is based on the presence of
|
|
'security-group' Neutron extension.
|