Don't try to create default SG when security groups are disabled
If security group API is disabled, there is no point to create default security group for tenant when e.g. network is created. Closes-Bug: #1913297 Change-Id: Ib73babdd563e3e8c21ce6f63456cc87af414c5aa
This commit is contained in:
parent
4184bae651
commit
013c183d7c
|
@ -14,6 +14,7 @@
|
||||||
|
|
||||||
import netaddr
|
import netaddr
|
||||||
from neutron_lib.api.definitions import port as port_def
|
from neutron_lib.api.definitions import port as port_def
|
||||||
|
from neutron_lib.api import extensions
|
||||||
from neutron_lib.api import validators
|
from neutron_lib.api import validators
|
||||||
from neutron_lib.callbacks import events
|
from neutron_lib.callbacks import events
|
||||||
from neutron_lib.callbacks import exceptions
|
from neutron_lib.callbacks import exceptions
|
||||||
|
@ -904,6 +905,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase,
|
||||||
|
|
||||||
:returns: the default security group id for given tenant.
|
:returns: the default security group id for given tenant.
|
||||||
"""
|
"""
|
||||||
|
if not extensions.is_extension_supported(self, 'security-group'):
|
||||||
|
return
|
||||||
default_group_id = self._get_default_sg_id(context, tenant_id)
|
default_group_id = self._get_default_sg_id(context, tenant_id)
|
||||||
if default_group_id:
|
if default_group_id:
|
||||||
return default_group_id
|
return default_group_id
|
||||||
|
@ -962,6 +965,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase,
|
||||||
port_project = port.get('tenant_id')
|
port_project = port.get('tenant_id')
|
||||||
default_sg = self._ensure_default_security_group(context,
|
default_sg = self._ensure_default_security_group(context,
|
||||||
port_project)
|
port_project)
|
||||||
|
if default_sg:
|
||||||
port[ext_sg.SECURITYGROUPS] = [default_sg]
|
port[ext_sg.SECURITYGROUPS] = [default_sg]
|
||||||
|
|
||||||
def _check_update_deletes_security_groups(self, port):
|
def _check_update_deletes_security_groups(self, port):
|
||||||
|
|
|
@ -78,6 +78,10 @@ class SecurityGroupDbMixinTestCase(testlib_api.SqlTestCase):
|
||||||
self.mock_quota_make_res = make_res.start()
|
self.mock_quota_make_res = make_res.start()
|
||||||
commit_res = mock.patch.object(quota.QuotaEngine, 'commit_reservation')
|
commit_res = mock.patch.object(quota.QuotaEngine, 'commit_reservation')
|
||||||
self.mock_quota_commit_res = commit_res.start()
|
self.mock_quota_commit_res = commit_res.start()
|
||||||
|
is_ext_supported = mock.patch(
|
||||||
|
'neutron_lib.api.extensions.is_extension_supported')
|
||||||
|
self.is_ext_supported = is_ext_supported.start()
|
||||||
|
self.is_ext_supported.return_value = True
|
||||||
|
|
||||||
def test_create_security_group_conflict(self):
|
def test_create_security_group_conflict(self):
|
||||||
with mock.patch.object(registry, "publish") as mock_publish:
|
with mock.patch.object(registry, "publish") as mock_publish:
|
||||||
|
@ -603,3 +607,13 @@ class SecurityGroupDbMixinTestCase(testlib_api.SqlTestCase):
|
||||||
get_default_sg_id.assert_has_calls([
|
get_default_sg_id.assert_has_calls([
|
||||||
mock.call(self.ctx, 'tenant_1'),
|
mock.call(self.ctx, 'tenant_1'),
|
||||||
mock.call(self.ctx, 'tenant_1')])
|
mock.call(self.ctx, 'tenant_1')])
|
||||||
|
|
||||||
|
def test__ensure_default_security_group_when_disabled(self):
|
||||||
|
with mock.patch.object(
|
||||||
|
self.mixin, '_get_default_sg_id') as get_default_sg_id,\
|
||||||
|
mock.patch.object(
|
||||||
|
self.mixin, 'create_security_group') as create_sg:
|
||||||
|
self.is_ext_supported.return_value = False
|
||||||
|
self.mixin._ensure_default_security_group(self.ctx, 'tenant_1')
|
||||||
|
create_sg.assert_not_called()
|
||||||
|
get_default_sg_id.assert_not_called()
|
||||||
|
|
Loading…
Reference in New Issue