|
|
@ -224,7 +224,7 @@ class SecurityGroupInfoAPIMixin(object): |
|
|
|
context, sg_info['sg_member_ips'].keys()) |
|
|
|
for sg_id, member_ips in ips.items(): |
|
|
|
for ip in member_ips: |
|
|
|
ethertype = 'IPv%d' % netaddr.IPNetwork(ip).version |
|
|
|
ethertype = 'IPv%d' % netaddr.IPNetwork(ip[0]).version |
|
|
|
if ethertype in sg_info['sg_member_ips'][sg_id]: |
|
|
|
sg_info['sg_member_ips'][sg_id][ethertype].add(ip) |
|
|
|
return sg_info |
|
|
@ -253,7 +253,8 @@ class SecurityGroupInfoAPIMixin(object): |
|
|
|
|
|
|
|
port['security_group_source_groups'].append(remote_group_id) |
|
|
|
base_rule = rule |
|
|
|
for ip in ips[remote_group_id]: |
|
|
|
ip_list = [ip[0] for ip in ips[remote_group_id]] |
|
|
|
for ip in ip_list: |
|
|
|
if ip in port.get('fixed_ips', []): |
|
|
|
continue |
|
|
|
ip_rule = base_rule.copy() |
|
|
@ -396,9 +397,11 @@ class SecurityGroupServerRpcMixin(SecurityGroupInfoAPIMixin, |
|
|
|
|
|
|
|
# Join the security group binding table directly to the IP allocation |
|
|
|
# table instead of via the Port table skip an unnecessary intermediary |
|
|
|
query = context.session.query(sg_binding_sgid, |
|
|
|
models_v2.IPAllocation.ip_address, |
|
|
|
aap_models.AllowedAddressPair.ip_address) |
|
|
|
query = context.session.query( |
|
|
|
sg_binding_sgid, |
|
|
|
models_v2.IPAllocation.ip_address, |
|
|
|
aap_models.AllowedAddressPair.ip_address, |
|
|
|
aap_models.AllowedAddressPair.mac_address) |
|
|
|
query = query.join(models_v2.IPAllocation, |
|
|
|
ip_port == sg_binding_port) |
|
|
|
# Outerjoin because address pairs may be null and we still want the |
|
|
@ -410,8 +413,12 @@ class SecurityGroupServerRpcMixin(SecurityGroupInfoAPIMixin, |
|
|
|
# Each allowed address pair IP record for a port beyond the 1st |
|
|
|
# will have a duplicate regular IP in the query response since |
|
|
|
# the relationship is 1-to-many. Dedup with a set |
|
|
|
for security_group_id, ip_address, allowed_addr_ip in query: |
|
|
|
ips_by_group[security_group_id].add(ip_address) |
|
|
|
for security_group_id, ip_address, allowed_addr_ip, mac in query: |
|
|
|
# Since port mac will not be used further, but in order to align |
|
|
|
# the data structure we directly set None to it to avoid bother |
|
|
|
# the ports table. |
|
|
|
ips_by_group[security_group_id].add((ip_address, None)) |
|
|
|
if allowed_addr_ip: |
|
|
|
ips_by_group[security_group_id].add(allowed_addr_ip) |
|
|
|
ips_by_group[security_group_id].add( |
|
|
|
(allowed_addr_ip, mac)) |
|
|
|
return ips_by_group |