Browse Source

Merge "Don't try to create default SG when security groups are disabled" into stable/train

changes/81/777781/1
Zuul 5 months ago
committed by Gerrit Code Review
parent
commit
4381f792c8
  1. 6
      neutron/db/securitygroups_db.py
  2. 14
      neutron/tests/unit/db/test_securitygroups_db.py

6
neutron/db/securitygroups_db.py

@ -14,6 +14,7 @@
import netaddr
from neutron_lib.api.definitions import port as port_def
from neutron_lib.api import extensions
from neutron_lib.api import validators
from neutron_lib.callbacks import events
from neutron_lib.callbacks import exceptions
@ -831,6 +832,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase,
:returns: the default security group id for given tenant.
"""
if not extensions.is_extension_supported(self, 'security-group'):
return
default_group_id = self._get_default_sg_id(context, tenant_id)
if default_group_id:
return default_group_id
@ -888,7 +891,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase,
port_project = port.get('tenant_id')
default_sg = self._ensure_default_security_group(context,
port_project)
port[ext_sg.SECURITYGROUPS] = [default_sg]
if default_sg:
port[ext_sg.SECURITYGROUPS] = [default_sg]
def _check_update_deletes_security_groups(self, port):
"""Return True if port has as a security group and it's value

14
neutron/tests/unit/db/test_securitygroups_db.py

@ -77,6 +77,10 @@ class SecurityGroupDbMixinTestCase(testlib_api.SqlTestCase):
self.mock_quota_make_res = make_res.start()
commit_res = mock.patch.object(quota.QuotaEngine, 'commit_reservation')
self.mock_quota_commit_res = commit_res.start()
is_ext_supported = mock.patch(
'neutron_lib.api.extensions.is_extension_supported')
self.is_ext_supported = is_ext_supported.start()
self.is_ext_supported.return_value = True
def test_create_security_group_conflict(self):
with mock.patch.object(registry, "publish") as mock_publish:
@ -584,3 +588,13 @@ class SecurityGroupDbMixinTestCase(testlib_api.SqlTestCase):
get_default_sg_id.assert_has_calls([
mock.call(self.ctx, 'tenant_1'),
mock.call(self.ctx, 'tenant_1')])
def test__ensure_default_security_group_when_disabled(self):
with mock.patch.object(
self.mixin, '_get_default_sg_id') as get_default_sg_id,\
mock.patch.object(
self.mixin, 'create_security_group') as create_sg:
self.is_ext_supported.return_value = False
self.mixin._ensure_default_security_group(self.ctx, 'tenant_1')
create_sg.assert_not_called()
get_default_sg_id.assert_not_called()
Loading…
Cancel
Save