From 797fe9c2d3909a248b342d24f1c1a2dbfab3620a Mon Sep 17 00:00:00 2001 From: Denis M Date: Thu, 29 Aug 2013 15:45:07 +0300 Subject: [PATCH] Add and associate security group rule with group. Fixes: bug #1176095 #1176098 Change-Id: I254aca213ae40326ed6e9c00bc35d63ff0805c9f --- etc/trove/trove.conf.sample | 3 +- trove/common/cfg.py | 2 ++ trove/instance/models.py | 16 ++++++--- trove/tests/api/instances.py | 66 +++++++++++++++++------------------- 4 files changed, 47 insertions(+), 40 deletions(-) diff --git a/etc/trove/trove.conf.sample b/etc/trove/trove.conf.sample index 107209a3f3..599bb87836 100644 --- a/etc/trove/trove.conf.sample +++ b/etc/trove/trove.conf.sample @@ -89,9 +89,10 @@ reboot_time_out = 60 # Trove Security Groups for Instances trove_security_groups_support = True +trove_security_groups_rules_support = False trove_security_group_rule_protocol = tcp trove_security_group_rule_port = 3306 - +trove_security_group_rule_cidr = 0.0.0.0/0 # Trove api-paste file name api_paste_config = api-paste.ini diff --git a/trove/common/cfg.py b/trove/common/cfg.py index 3970750707..4ca0acacc2 100644 --- a/trove/common/cfg.py +++ b/trove/common/cfg.py @@ -121,8 +121,10 @@ common_opts = [ cfg.BoolOpt('hostname_require_ipv4', default=True, help="Require user hostnames to be IPv4 addresses."), cfg.BoolOpt('trove_security_groups_support', default=True), + cfg.BoolOpt('trove_security_groups_rules_support', default=True), cfg.StrOpt('trove_security_group_rule_protocol', default='tcp'), cfg.IntOpt('trove_security_group_rule_port', default=3306), + cfg.StrOpt('trove_security_group_rule_cidr', default='0.0.0.0/0'), cfg.IntOpt('trove_api_workers', default=None), cfg.IntOpt('usage_sleep_time', default=1, help='Time to sleep during the check active guest'), diff --git a/trove/instance/models.py b/trove/instance/models.py index a4c354063a..dc74273993 100644 --- a/trove/instance/models.py +++ b/trove/instance/models.py @@ -26,6 +26,7 @@ from trove.common.remote import create_guest_client from trove.common.remote import create_nova_client from trove.common.remote import create_cinder_client from trove.extensions.security_group.models import SecurityGroup +from trove.extensions.security_group.models import SecurityGroupRule from trove.db import models as dbmodels from trove.backup.models import Backup from trove.quota.quota import run_with_quotas @@ -55,7 +56,6 @@ def load_server(context, instance_id, server_id): class InstanceStatus(object): - ACTIVE = "ACTIVE" BLOCKED = "BLOCKED" BUILD = "BUILD" @@ -391,14 +391,12 @@ class BaseInstance(SimpleInstance): class FreshInstance(BaseInstance): - @classmethod def load(cls, context, id): return load_instance(cls, context, id, needs_server=False) class BuiltInstance(BaseInstance): - @classmethod def load(cls, context, id): return load_instance(cls, context, id, needs_server=True) @@ -468,6 +466,15 @@ class Instance(BuiltInstance): security_group = SecurityGroup.create_for_instance( db_info.id, context) + if CONF.trove_security_groups_rules_support: + SecurityGroupRule.create_sec_group_rule( + security_group, + CONF.trove_security_group_rule_protocol, + CONF.trove_security_group_rule_port, + CONF.trove_security_group_rule_port, + CONF.trove_security_group_rule_cidr, + context + ) security_groups = [security_group["name"]] task_api.API(context).create_instance(db_info.id, name, flavor, @@ -601,11 +608,11 @@ def create_server_list_matcher(server_list): LOG.error(_("Server %s for instance %s was found twice!") % (server_id, instance_id)) raise exception.TroveError(uuid=instance_id) + return find_server class Instances(object): - DEFAULT_LIMIT = CONF.instances_page_size @staticmethod @@ -709,7 +716,6 @@ class ServiceImage(dbmodels.DatabaseModelBase): class InstanceServiceStatus(dbmodels.DatabaseModelBase): - _data_fields = ['instance_id', 'status_id', 'status_description'] def __init__(self, status, **kwargs): diff --git a/trove/tests/api/instances.py b/trove/tests/api/instances.py index 167bac0e3e..7e33e207c4 100644 --- a/trove/tests/api/instances.py +++ b/trove/tests/api/instances.py @@ -196,7 +196,8 @@ class InstanceSetup(object): else: flavor_name = CONFIG.values.get('instance_flavor_name', 'm1.tiny') flavors = dbaas.find_flavors_by_name(flavor_name) - assert_equal(len(flavors), 1, "Number of flavors with name '%s' " + assert_equal(len(flavors), 1, + "Number of flavors with name '%s' " "found was '%d'." % (flavor_name, len(flavors))) flavor = flavors[0] assert_true(flavor is not None, "Flavor '%s' not found!" % flavor_name) @@ -547,6 +548,9 @@ class SecurityGroupsTest(object): runs_after_groups=[tests.PRE_INSTANCES]) class SecurityGroupsRulesTest(object): + # Security group already have default rule + # that is why 'delete'-test is not needed anymore + @before_class def setUp(self): self.testSecurityGroup = dbaas.security_groups.get( @@ -556,28 +560,32 @@ class SecurityGroupsRulesTest(object): @test def test_create_security_group_rule(self): - self.testSecurityGroupRule = dbaas.security_group_rules.create( - group_id=self.testSecurityGroup.id, - protocol="tcp", - from_port=3306, - to_port=3306, - cidr="0.0.0.0/0") - assert_is_not_none(self.testSecurityGroupRule) - with TypeCheck('SecurityGroupRule', - self.testSecurityGroupRule) as secGrpRule: - secGrpRule.has_field('id', basestring) - secGrpRule.has_field('security_group_id', basestring) - secGrpRule.has_field('protocol', basestring) - secGrpRule.has_field('cidr', basestring) - secGrpRule.has_field('from_port', int) - secGrpRule.has_field('to_port', int) - secGrpRule.has_field('created', basestring) - assert_equal(self.testSecurityGroupRule.security_group_id, - self.testSecurityGroup.id) - assert_equal(self.testSecurityGroupRule.protocol, "tcp") - assert_equal(int(self.testSecurityGroupRule.from_port), 3306) - assert_equal(int(self.testSecurityGroupRule.to_port), 3306) - assert_equal(self.testSecurityGroupRule.cidr, "0.0.0.0/0") + if len(self.testSecurityGroup.rules) == 0: + self.testSecurityGroupRule = \ + dbaas.security_group_rules.create( + group_id=self.testSecurityGroup.id, + protocol="tcp", + from_port=3306, + to_port=3306, + cidr="0.0.0.0/0") + assert_is_not_none(self.testSecurityGroupRule) + with TypeCheck('SecurityGroupRule', + self.testSecurityGroupRule) as secGrpRule: + secGrpRule.has_field('id', basestring) + secGrpRule.has_field('security_group_id', basestring) + secGrpRule.has_field('protocol', basestring) + secGrpRule.has_field('cidr', basestring) + secGrpRule.has_field('from_port', int) + secGrpRule.has_field('to_port', int) + secGrpRule.has_field('created', basestring) + assert_equal(self.testSecurityGroupRule.security_group_id, + self.testSecurityGroup.id) + assert_equal(self.testSecurityGroupRule.protocol, "tcp") + assert_equal(int(self.testSecurityGroupRule.from_port), 3306) + assert_equal(int(self.testSecurityGroupRule.to_port), 3306) + assert_equal(self.testSecurityGroupRule.cidr, "0.0.0.0/0") + else: + assert_not_equal(len(self.testSecurityGroup.rules), 0) @test def test_deep_list_security_group_with_rules(self): @@ -586,17 +594,7 @@ class SecurityGroupsRulesTest(object): securityGroup = [x for x in securityGroupList if x.name in self.secGroupName] assert_is_not_none(securityGroup[0]) - assert_equal(len(securityGroup[0].rules), 1) - - @test - def test_delete_security_group_rule(self): - dbaas.security_group_rules.delete(self.testSecurityGroupRule.id) - securityGroupList = dbaas.security_groups.list() - assert_is_not_none(securityGroupList) - securityGroup = [x for x in securityGroupList - if x.name in self.secGroupName] - assert_is_not_none(securityGroup[0]) - assert_equal(len(securityGroup[0].rules), 0) + assert_not_equal(len(securityGroup[0].rules), 0) @test(depends_on_classes=[CreateInstance],