Browse Source

Don't try to create default SG when security groups are disabled

If security group API is disabled, there is no point to create default
security group for tenant when e.g. network is created.

Closes-Bug: #1913297
Change-Id: Ib73babdd563e3e8c21ce6f63456cc87af414c5aa
(cherry picked from commit 013c183d7c)
changes/07/774407/3
Slawek Kaplonski 4 months ago
committed by Bernard Cafarelli
parent
commit
922f0a91d8
2 changed files with 19 additions and 1 deletions
  1. +5
    -1
      neutron/db/securitygroups_db.py
  2. +14
    -0
      neutron/tests/unit/db/test_securitygroups_db.py

+ 5
- 1
neutron/db/securitygroups_db.py View File

@ -14,6 +14,7 @@
import netaddr
from neutron_lib.api.definitions import port as port_def
from neutron_lib.api import extensions
from neutron_lib.api import validators
from neutron_lib.callbacks import events
from neutron_lib.callbacks import exceptions
@ -817,6 +818,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase,
:returns: the default security group id for given tenant.
"""
if not extensions.is_extension_supported(self, 'security-group'):
return
default_group_id = self._get_default_sg_id(context, tenant_id)
if default_group_id:
return default_group_id
@ -874,7 +877,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase,
port_project = port.get('tenant_id')
default_sg = self._ensure_default_security_group(context,
port_project)
port[ext_sg.SECURITYGROUPS] = [default_sg]
if default_sg:
port[ext_sg.SECURITYGROUPS] = [default_sg]
def _check_update_deletes_security_groups(self, port):
"""Return True if port has as a security group and it's value


+ 14
- 0
neutron/tests/unit/db/test_securitygroups_db.py View File

@ -79,6 +79,10 @@ class SecurityGroupDbMixinTestCase(testlib_api.SqlTestCase):
self.mock_quota_make_res = make_res.start()
commit_res = mock.patch.object(quota.QuotaEngine, 'commit_reservation')
self.mock_quota_commit_res = commit_res.start()
is_ext_supported = mock.patch(
'neutron_lib.api.extensions.is_extension_supported')
self.is_ext_supported = is_ext_supported.start()
self.is_ext_supported.return_value = True
def test_create_security_group_conflict(self):
with mock.patch.object(registry, "publish") as mock_publish:
@ -586,3 +590,13 @@ class SecurityGroupDbMixinTestCase(testlib_api.SqlTestCase):
get_default_sg_id.assert_has_calls([
mock.call(self.ctx, 'tenant_1'),
mock.call(self.ctx, 'tenant_1')])
def test__ensure_default_security_group_when_disabled(self):
with mock.patch.object(
self.mixin, '_get_default_sg_id') as get_default_sg_id,\
mock.patch.object(
self.mixin, 'create_security_group') as create_sg:
self.is_ext_supported.return_value = False
self.mixin._ensure_default_security_group(self.ctx, 'tenant_1')
create_sg.assert_not_called()
get_default_sg_id.assert_not_called()

Loading…
Cancel
Save