Workaround for Launchpad Bug #1384347

Workaround for the case when default tenant security group
doesn't exist.

Change-Id: I893f8ee860dea8b22e3487ebd1c9e65c94312bb2

ec2api/api/instance.py

@@ -81,6 +81,11 @@ def run_instances(context, image_id, min_count, max_count,
      delete_on_termination_flags) = _parse_network_interface_parameters(
                     context, neutron, vpc_network_parameters)
 
+    # NOTE(ft): workaround for Launchpad Bug #1384347 in Icehouse
+    if not security_groups_names and vpc_network_parameters:
+        security_groups_names = _get_vpc_default_security_group_id(
+                context, network_interfaces, create_network_interfaces_args)
+
     security_groups = security_group_api._format_security_groups_ids_names(
             context)
 
@@ -527,6 +532,25 @@ def _create_network_interfaces(context, cleaner, params):
     return network_interfaces
 
 
+def _get_vpc_default_security_group_id(context, network_interfaces,
+                                       create_network_interfaces_args):
+    if network_interfaces:
+        vpc_id = network_interfaces[0]['vpc_id']
+    else:
+        subnet = db_api.get_item_by_id(
+                context, 'subnet', create_network_interfaces_args[0][0])
+        vpc_id = subnet['vpc_id']
+    default_groups = security_group_api.describe_security_groups(
+        context,
+        filter=[{'name': 'vpc-id', 'value': [vpc_id]},
+                {'name': 'group-name', 'value': ['Default']}]
+        )['securityGroupInfo']
+    security_groups = [ec2utils.get_db_item(context, 'sg',
+                                            default_group['groupId'])
+                       for default_group in default_groups]
+    return [sg['os_id'] for sg in security_groups]
+
+
 # NOTE(ft): following functions are copied from various parts of Nova
 
 _dev = re.compile('^/dev/')

ec2api/tests/test_instance.py

@@ -59,7 +59,8 @@ class InstanceTestCase(base.ApiTestCase):
         self.fake_instance_class = collections.namedtuple(
             'FakeInstance', ['id'])
 
-    def test_run_instances(self):
+    @mock.patch('ec2api.api.instance._get_vpc_default_security_group_id')
+    def test_run_instances(self, _get_vpc_default_security_group_id):
         """Run instance with various network interface settings."""
         self.db_api.get_item_by_id.side_effect = (
             fakes.get_db_api_get_item_by_id(
@@ -87,6 +88,8 @@ class InstanceTestCase(base.ApiTestCase):
         self.nova_servers.create.return_value = self.fake_instance_class(
                 fakes.ID_OS_INSTANCE_1)
 
+        _get_vpc_default_security_group_id.return_value = None
+
         def do_check(params, new_port=True, delete_on_termination=None):
             params.update({'ImageId': 'ami-00000001',
                            'InstanceType': 'fake_flavor',
@@ -155,7 +158,9 @@ class InstanceTestCase(base.ApiTestCase):
                   fakes.EC2_NETWORK_INTERFACE_1['networkInterfaceId']},
                  new_port=False)
 
-    def test_run_instances_multiple_networks(self):
+    @mock.patch('ec2api.api.instance._get_vpc_default_security_group_id')
+    def test_run_instances_multiple_networks(
+                self, _get_vpc_default_security_group_id):
         """Run 2 instances at once on 2 subnets in all combinations."""
         self._build_multiple_data_model()
 
@@ -168,6 +173,8 @@ class InstanceTestCase(base.ApiTestCase):
         fake_flavor = self.fake_flavor_class('fake_flavor')
         self.nova_flavors.list.return_value = [fake_flavor]
 
+        _get_vpc_default_security_group_id.return_value = None
+
         ec2_instances = [
             fakes.gen_ec2_instance(
                 ec2_instance_id,
@@ -707,3 +714,6 @@ class InstanceTestCase(base.ApiTestCase):
         self.assertIn('device_id', list_ports_kwargs)
         self.assertEqual(sorted(instance_ids),
                          sorted(list_ports_kwargs['device_id']))
+
+
+# TODO(ft): add tests for _get_vpc_default_security_group_id