From 922f0a91d81a815d89a3e1a7338066bc3585fcf4 Mon Sep 17 00:00:00 2001 From: Slawek Kaplonski Date: Tue, 26 Jan 2021 14:54:44 +0100 Subject: [PATCH] Don't try to create default SG when security groups are disabled If security group API is disabled, there is no point to create default security group for tenant when e.g. network is created. Closes-Bug: #1913297 Change-Id: Ib73babdd563e3e8c21ce6f63456cc87af414c5aa (cherry picked from commit 013c183d7c1a16d07f5acae9e29b157b0ffd8fae) --- neutron/db/securitygroups_db.py | 6 +++++- neutron/tests/unit/db/test_securitygroups_db.py | 14 ++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/neutron/db/securitygroups_db.py b/neutron/db/securitygroups_db.py index 56ab2e1c4e3..c7934bd7c07 100644 --- a/neutron/db/securitygroups_db.py +++ b/neutron/db/securitygroups_db.py @@ -14,6 +14,7 @@ import netaddr from neutron_lib.api.definitions import port as port_def +from neutron_lib.api import extensions from neutron_lib.api import validators from neutron_lib.callbacks import events from neutron_lib.callbacks import exceptions @@ -817,6 +818,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase, :returns: the default security group id for given tenant. """ + if not extensions.is_extension_supported(self, 'security-group'): + return default_group_id = self._get_default_sg_id(context, tenant_id) if default_group_id: return default_group_id @@ -874,7 +877,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase, port_project = port.get('tenant_id') default_sg = self._ensure_default_security_group(context, port_project) - port[ext_sg.SECURITYGROUPS] = [default_sg] + if default_sg: + port[ext_sg.SECURITYGROUPS] = [default_sg] def _check_update_deletes_security_groups(self, port): """Return True if port has as a security group and it's value diff --git a/neutron/tests/unit/db/test_securitygroups_db.py b/neutron/tests/unit/db/test_securitygroups_db.py index ba73d360777..0ae5ac6f185 100644 --- a/neutron/tests/unit/db/test_securitygroups_db.py +++ b/neutron/tests/unit/db/test_securitygroups_db.py @@ -79,6 +79,10 @@ class SecurityGroupDbMixinTestCase(testlib_api.SqlTestCase): self.mock_quota_make_res = make_res.start() commit_res = mock.patch.object(quota.QuotaEngine, 'commit_reservation') self.mock_quota_commit_res = commit_res.start() + is_ext_supported = mock.patch( + 'neutron_lib.api.extensions.is_extension_supported') + self.is_ext_supported = is_ext_supported.start() + self.is_ext_supported.return_value = True def test_create_security_group_conflict(self): with mock.patch.object(registry, "publish") as mock_publish: @@ -586,3 +590,13 @@ class SecurityGroupDbMixinTestCase(testlib_api.SqlTestCase): get_default_sg_id.assert_has_calls([ mock.call(self.ctx, 'tenant_1'), mock.call(self.ctx, 'tenant_1')]) + + def test__ensure_default_security_group_when_disabled(self): + with mock.patch.object( + self.mixin, '_get_default_sg_id') as get_default_sg_id,\ + mock.patch.object( + self.mixin, 'create_security_group') as create_sg: + self.is_ext_supported.return_value = False + self.mixin._ensure_default_security_group(self.ctx, 'tenant_1') + create_sg.assert_not_called() + get_default_sg_id.assert_not_called()