Use the port tenant instead of the EPG tenant as the SG tenant
Neither port nor the SG can be created as a shared resource so when a SG is assigned to a VM port, that SG must be from the same tenant of that VM port. Change-Id: Id1607e6f274a2529c4ce841ff7602dd75cf4f603
This commit is contained in:
parent
5beb9c92f5
commit
6c2ac9b022
@ -256,9 +256,12 @@ class AIMMappingRPCMixin(ha_ip_db.HAIPOwnerDbMixin):
|
|||||||
vif_details.get('ovs_hybrid_plug')):
|
vif_details.get('ovs_hybrid_plug')):
|
||||||
return
|
return
|
||||||
details['security_group'] = []
|
details['security_group'] = []
|
||||||
|
|
||||||
|
tenant_aname = self.aim_mech_driver.name_mapper.project(
|
||||||
|
context.session, port['tenant_id'])
|
||||||
for sg_id in port['security_groups']:
|
for sg_id in port['security_groups']:
|
||||||
details['security_group'].append(
|
details['security_group'].append(
|
||||||
{'policy-space': details['ptg_tenant'],
|
{'policy-space': tenant_aname,
|
||||||
'name': sg_id})
|
'name': sg_id})
|
||||||
# Always include this SG which has the default arp & dhcp rules
|
# Always include this SG which has the default arp & dhcp rules
|
||||||
details['security_group'].append(
|
details['security_group'].append(
|
||||||
|
@ -3094,10 +3094,11 @@ class TestPolicyTarget(AIMBaseTestCase):
|
|||||||
self.assertEqual(100, mapping['dhcp_lease_time'])
|
self.assertEqual(100, mapping['dhcp_lease_time'])
|
||||||
|
|
||||||
port = self._plugin.get_port(self._context, pt2['port_id'])
|
port = self._plugin.get_port(self._context, pt2['port_id'])
|
||||||
|
port_tenant = self.name_mapper.project(None, port['tenant_id'])
|
||||||
sg_list = []
|
sg_list = []
|
||||||
for sg_id in port['security_groups']:
|
for sg_id in port['security_groups']:
|
||||||
sg_list.append(
|
sg_list.append(
|
||||||
{'policy-space': mapping['ptg_tenant'],
|
{'policy-space': port_tenant,
|
||||||
'name': sg_id})
|
'name': sg_id})
|
||||||
sg_list.append({'policy-space': 'common',
|
sg_list.append({'policy-space': 'common',
|
||||||
'name': self.driver.aim_mech_driver.apic_system_id +
|
'name': self.driver.aim_mech_driver.apic_system_id +
|
||||||
|
Loading…
Reference in New Issue
Block a user