Browse Source

nlbaas2octavia: do not change SG owned by user

When a user associated a VIP to his own security group, the migration
should not change its ownership.

Change-Id: I74648fc016f490c83890568fdd482ef0fdd8fa61
Kobi Samoray 8 months ago
parent
commit
aba049283e
1 changed files with 14 additions and 7 deletions
  1. 14
    7
      tools/nlbaas2octavia/nlbaas2octavia.py

+ 14
- 7
tools/nlbaas2octavia/nlbaas2octavia.py View File

@@ -343,13 +343,20 @@ def migrate_lb(LOG, n_session_maker, o_session_maker, lb_id):
343 343
             if result.rowcount != 1:
344 344
                 raise Exception(_('Unable to update VIP port in the neutron '
345 345
                                 'database.'))
346
-            result = n_session.execute(
347
-                "UPDATE securitygroups SET project_id = :proj_id WHERE "
348
-                "id = :id;", {'proj_id': CONF.migration.octavia_account_id,
349
-                              'id': vip_port[2]})
350
-            if result.rowcount != 1:
351
-                raise Exception(_('Unable to update VIP security group in the '
352
-                                'neutron database.'))
346
+            security_group = n_session.execute(
347
+                "SELECT project_id FROM securitygroups WHERE id = :id",
348
+                {'id': vip_port[2]}).fetchone()
349
+
350
+            # Update security group project, only when its owner is not the
351
+            # user project, which means that Octavia should own it
352
+            if security_group[0] != n_lb[1]:
353
+                result = n_session.execute(
354
+                    "UPDATE securitygroups SET project_id = :proj_id WHERE "
355
+                    "id = :id;", {'proj_id': CONF.migration.octavia_account_id,
356
+                                  'id': vip_port[2]})
357
+                if result.rowcount != 1:
358
+                    raise Exception(_('Unable to update VIP security group in '
359
+                                      'the neutron database.'))
353 360
 
354 361
         # Octavia driver load balancers are now done, next process the other
355 362
         # provider driver load balancers

Loading…
Cancel
Save