Fix incorrect log resources querying

This patch aims to fix a co-existence problem between security_group and firewall_group log resources due to incorrect log querying from database. Change-Id: Ic60ad436e0fbb23cdae0e63eaeb73130ebf02089 Closes-Bug: #1787119
2018-08-15 15:52:28 +07:00 · 2018-08-15 15:52:28 +07:00 · 310bfa326f
commit 310bfa326f
parent 088f51cdaf
3 changed files with 41 additions and 3 deletions
--- a/neutron/services/logapi/common/db_api.py
+++ b/neutron/services/logapi/common/db_api.py
@ -170,8 +170,10 @@ def get_logs_bound_port(context, port_id):

    port = port_objects.Port.get_object(context, id=port_id)
    project_id = port['project_id']
-    logs = log_object.Log.get_objects(
-        context, project_id=project_id, enabled=True)
+    logs = log_object.Log.get_objects(context,
+                                      project_id=project_id,
+                                      resource_type=constants.SECURITY_GROUP,
+                                      enabled=True)
    is_bound = lambda log: (log.resource_id in port.security_group_ids or
                            log.target_id == port.id or
                            (not log.target_id and not log.resource_id))
@ -183,7 +185,11 @@ def get_logs_bound_sg(context, sg_id):

    project_id = context.tenant_id
    log_objs = log_object.Log.get_objects(
-        context, project_id=project_id, enabled=True)
+        context,
+        project_id=project_id,
+        resource_type=constants.SECURITY_GROUP,
+        enabled=True)
+
    log_resources = []
    for log_obj in log_objs:
        if log_obj.resource_id == sg_id:
--- a/neutron/tests/unit/services/logapi/common/test_db_api.py
+++ b/neutron/tests/unit/services/logapi/common/test_db_api.py
@ -50,6 +50,7 @@ class LoggingDBApiTestCase(test_sg.SecurityGroupDBTestCase):
        super(LoggingDBApiTestCase, self).setUp()
        self.context = context.get_admin_context()
        self.sg_id, self.port_id, self.tenant_id = self._create_sg_and_port()
+        self.context.tenant_id = self.tenant_id

    def _create_sg_and_port(self):
        with self.network() as network, \
@ -72,6 +73,12 @@ class LoggingDBApiTestCase(test_sg.SecurityGroupDBTestCase):
            self.assertEqual(
                [log], db_api.get_logs_bound_port(self.context, self.port_id))

+            # Test get log objects with required resource type
+            calls = [mock.call(self.context, project_id=self.tenant_id,
+                               resource_type=log_const.SECURITY_GROUP,
+                               enabled=True)]
+            log_object.Log.get_objects.assert_has_calls(calls)
+
    def test_get_logs_not_bound_port(self):
        fake_sg_id = uuidutils.generate_uuid()
        log = _create_log(resource_id=fake_sg_id, tenant_id=self.tenant_id)
@ -80,6 +87,12 @@ class LoggingDBApiTestCase(test_sg.SecurityGroupDBTestCase):
            self.assertEqual(
                [], db_api.get_logs_bound_port(self.context, self.port_id))

+            # Test get log objects with required resource type
+            calls = [mock.call(self.context, project_id=self.tenant_id,
+                               resource_type=log_const.SECURITY_GROUP,
+                               enabled=True)]
+            log_object.Log.get_objects.assert_has_calls(calls)
+
    def test_get_logs_bound_sg(self):
        log = _create_log(resource_id=self.sg_id, tenant_id=self.tenant_id)
        with mock.patch.object(log_object.Log, 'get_objects',
@ -87,6 +100,12 @@ class LoggingDBApiTestCase(test_sg.SecurityGroupDBTestCase):
            self.assertEqual(
                [log], db_api.get_logs_bound_sg(self.context, self.sg_id))

+            # Test get log objects with required resource type
+            calls = [mock.call(self.context, project_id=self.tenant_id,
+                               resource_type=log_const.SECURITY_GROUP,
+                               enabled=True)]
+            log_object.Log.get_objects.assert_has_calls(calls)
+
    def test_get_logs_not_bound_sg(self):
        with self.network() as network, \
                self.subnet(network), \
@ -102,6 +121,12 @@ class LoggingDBApiTestCase(test_sg.SecurityGroupDBTestCase):
                self.assertEqual(
                    [], db_api.get_logs_bound_sg(self.context, self.sg_id))

+                # Test get log objects with required resource type
+                calls = [mock.call(self.context, project_id=self.tenant_id,
+                                   resource_type=log_const.SECURITY_GROUP,
+                                   enabled=True)]
+                log_object.Log.get_objects.assert_has_calls(calls)
+
    def test__get_ports_being_logged(self):
        log1 = _create_log(target_id=self.port_id,
                           tenant_id=self.tenant_id)
--- a/releasenotes/notes/fix-co-existence-bug-between-sg-logging-and-fwg-logging-ef16077880d76449.yaml
+++ b/releasenotes/notes/fix-co-existence-bug-between-sg-logging-and-fwg-logging-ef16077880d76449.yaml
@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Add ``resource_type`` into log object query to distinguish between security
+    group and firewall group log objects.
+    For more information see bug
+    `1787119 <https://bugs.launchpad.net/neutron/+bug/1787119>`_.