Merge "Filter by project id in list_security_groups"
This commit is contained in:
commit
1e168df5ec
|
@ -167,7 +167,11 @@ class NeutronClientPlugin(os_client.ExtensionMixin,
|
|||
seclist.append(sg)
|
||||
else:
|
||||
if not all_groups:
|
||||
response = self.client().list_security_groups()
|
||||
# filtering by project_id so that if the user
|
||||
# has access to multiple (like admin)
|
||||
# only groups from the token scope are returned
|
||||
response = self.client().list_security_groups(
|
||||
project_id=self.context.project_id)
|
||||
all_groups = response['security_groups']
|
||||
same_name_groups = [g for g in all_groups if g['name'] == sg]
|
||||
groups = [g['id'] for g in same_name_groups]
|
||||
|
@ -176,15 +180,7 @@ class NeutronClientPlugin(os_client.ExtensionMixin,
|
|||
elif len(groups) == 1:
|
||||
seclist.append(groups[0])
|
||||
else:
|
||||
# for admin roles, can get the other users'
|
||||
# securityGroups, so we should match the tenant_id with
|
||||
# the groups, and return the own one
|
||||
own_groups = [g['id'] for g in same_name_groups
|
||||
if g['tenant_id'] == self.context.tenant_id]
|
||||
if len(own_groups) == 1:
|
||||
seclist.append(own_groups[0])
|
||||
else:
|
||||
raise exception.PhysicalResourceNameAmbiguity(name=sg)
|
||||
raise exception.PhysicalResourceNameAmbiguity(name=sg)
|
||||
return seclist
|
||||
|
||||
def _resolve_resource_path(self, resource):
|
||||
|
|
|
@ -1385,7 +1385,8 @@ class InstancesTest(common.HeatTestCase):
|
|||
|
||||
self.nclient.create_port.assert_called_with({'port': props})
|
||||
if not all_uuids:
|
||||
self.nclient.list_security_groups.assert_called_once_with()
|
||||
self.nclient.list_security_groups.assert_called_once_with(
|
||||
project_id=mock.ANY)
|
||||
|
||||
def _get_fake_properties(self, sg='one'):
|
||||
fake_groups_list = {
|
||||
|
|
|
@ -64,28 +64,6 @@ class NeutronClientPluginTest(NeutronClientPluginTestCase):
|
|||
]
|
||||
}
|
||||
self.neutron_client.list_security_groups.return_value = fake_list
|
||||
self.assertEqual(expected_groups,
|
||||
self.neutron_plugin.get_secgroup_uuids(sgs_non_uuid))
|
||||
# test only one belong to the tenant
|
||||
fake_list = {
|
||||
'security_groups': [
|
||||
{
|
||||
'tenant_id': 'test_tenant_id',
|
||||
'id': '0389f747-7785-4757-b7bb-2ab07e4b09c3',
|
||||
'name': 'security_group_1',
|
||||
'security_group_rules': [],
|
||||
'description': 'no protocol'
|
||||
},
|
||||
{
|
||||
'tenant_id': 'not_test_tenant_id',
|
||||
'id': '384ccd91-447c-4d83-832c-06974a7d3d05',
|
||||
'name': 'security_group_1',
|
||||
'security_group_rules': [],
|
||||
'description': 'no protocol'
|
||||
}
|
||||
]
|
||||
}
|
||||
self.neutron_client.list_security_groups.return_value = fake_list
|
||||
self.assertEqual(expected_groups,
|
||||
self.neutron_plugin.get_secgroup_uuids(sgs_non_uuid))
|
||||
# test there are two securityGroups with same name, and the two
|
||||
|
|
Loading…
Reference in New Issue