Adapted default security group to work for Kilo.
Kilo forbids additional security groups to be created with the name Default. Now we use vpc ID for names of VPC default security groups in OpenStack but they are converted into EC2 compatible "default" when reported back to EC2 API client. Change-Id: I9b1cc8551f3e6d55fab9132934f59bb1bd16a006
This commit is contained in:
parent
e4f264e6af
commit
c116351a17
@ -1056,7 +1056,7 @@ class InstanceEngineNeutron(object):
|
||||
default_groups = security_group_api.describe_security_groups(
|
||||
context,
|
||||
filter=[{'name': 'vpc-id', 'value': [vpc_id]},
|
||||
{'name': 'group-name', 'value': ['Default']}]
|
||||
{'name': 'group-name', 'value': ['default']}]
|
||||
)['securityGroupInfo']
|
||||
security_groups = [ec2utils.get_db_item(context, 'sg',
|
||||
default_group['groupId'])
|
||||
|
@ -98,7 +98,7 @@ def create_network_interface(context, subnet_id,
|
||||
default_groups = security_group_api.describe_security_groups(
|
||||
context,
|
||||
filter=[{'name': 'vpc-id', 'value': [vpc_id]},
|
||||
{'name': 'group-name', 'value': ['Default']}]
|
||||
{'name': 'group-name', 'value': ['default']}]
|
||||
)['securityGroupInfo']
|
||||
security_group_id = [default_group['groupId']
|
||||
for default_group in default_groups]
|
||||
|
@ -61,6 +61,8 @@ def create_security_group(context, group_name, group_description,
|
||||
nova = clients.nova(context)
|
||||
with common.OnCrashCleaner() as cleaner:
|
||||
try:
|
||||
# TODO(Alex): Shouldn't allow creation of groups with existing
|
||||
# name if in the same VPC or in EC2-Classic.
|
||||
os_security_group = nova.security_groups.create(group_name,
|
||||
group_description)
|
||||
except nova_exception.OverLimit:
|
||||
@ -80,8 +82,8 @@ def create_security_group(context, group_name, group_description,
|
||||
|
||||
def _create_default_security_group(context, vpc):
|
||||
# NOTE(Alex): OpenStack doesn't allow creation of another group
|
||||
# named 'default' hence 'Default' is used.
|
||||
return create_security_group(context, 'Default',
|
||||
# named 'default' hence vpc-id is used.
|
||||
return create_security_group(context, vpc['id'],
|
||||
'Default VPC security group', vpc['id'])
|
||||
|
||||
|
||||
@ -104,13 +106,19 @@ class SecurityGroupDescriber(common.TaggableItemsDescriber):
|
||||
self.all_db_items = None
|
||||
|
||||
def format(self, item=None, os_item=None):
|
||||
if self.all_db_items is None:
|
||||
self.all_db_items = ec2utils.get_db_items(self.context, 'sg', None)
|
||||
return _format_security_group(item, os_item,
|
||||
self.all_db_items, self.os_items)
|
||||
|
||||
def get_os_items(self):
|
||||
return security_group_engine.get_os_groups(self.context)
|
||||
if self.all_db_items == None:
|
||||
self.all_db_items = ec2utils.get_db_items(self.context, 'sg', None)
|
||||
self.os_ids_in_db = set(g['os_id'] for g in self.all_db_items)
|
||||
os_groups = security_group_engine.get_os_groups(self.context)
|
||||
for os_group in os_groups:
|
||||
if (os_group['name'].startswith('vpc-') and
|
||||
os_group['id'] in self.os_ids_in_db):
|
||||
os_group['name'] = 'default'
|
||||
return os_groups
|
||||
|
||||
|
||||
def describe_security_groups(context, group_name=None, group_id=None,
|
||||
|
@ -89,6 +89,8 @@ def delete_vpc(context, vpc_id):
|
||||
cleaner.addCleanup(db_api.restore_item, context, 'vpc', vpc)
|
||||
route_table_api._delete_route_table(context, vpc['route_table_id'],
|
||||
cleaner=cleaner)
|
||||
# TODO(Alex): Check that only the default security group is left
|
||||
# in this VPC, otherwise DependencyViolation.
|
||||
security_groups = security_group_api.describe_security_groups(
|
||||
context,
|
||||
filter=[{'name': 'vpc-id',
|
||||
|
@ -340,7 +340,7 @@ class InstanceTestCase(base.ApiTestCase):
|
||||
'MinCount': '1', 'MaxCount': '1',
|
||||
'KernelId': fakes.ID_EC2_IMAGE_AKI_1,
|
||||
'RamdiskId': fakes.ID_EC2_IMAGE_ARI_1,
|
||||
'SecurityGroup.1': 'Default',
|
||||
'SecurityGroup.1': 'default',
|
||||
'Placement.AvailabilityZone': 'fake_zone',
|
||||
'ClientToken': 'fake_client_token',
|
||||
'BlockDeviceMapping.1.DeviceName': '/dev/vdd',
|
||||
@ -354,7 +354,7 @@ class InstanceTestCase(base.ApiTestCase):
|
||||
userdata=None, kernel_id=fakes.ID_OS_IMAGE_AKI_1,
|
||||
ramdisk_id=fakes.ID_OS_IMAGE_ARI_1, key_name=None,
|
||||
block_device_mapping='fake_bdm',
|
||||
availability_zone='fake_zone', security_groups=['Default'],
|
||||
availability_zone='fake_zone', security_groups=['default'],
|
||||
**extra_kwargs)
|
||||
self.nova_servers.reset_mock()
|
||||
db_instance = {'os_id': mock.ANY,
|
||||
|
Loading…
Reference in New Issue
Block a user