From cc6141a1b2866c3830b9e2f9e1f5daee13d43f62 Mon Sep 17 00:00:00 2001 From: Ivar Lazzaro Date: Fri, 17 Jun 2016 15:16:10 -0700 Subject: [PATCH] Propagate allowed address pairs to head of the chain Closes-Bug: 1593891 Change-Id: I518d5f72c6bd4ed03c70a29a34ba2c500750f1b6 --- .../drivers/cisco/apic/apic_mapping.py | 6 ++++-- .../servicechain/ncp/test_tscp_apic_mapping.py | 17 ++++++++++++++--- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/apic_mapping.py b/gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/apic_mapping.py index 8281c015a..5eae9f795 100644 --- a/gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/apic_mapping.py +++ b/gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/apic_mapping.py @@ -432,7 +432,8 @@ class ApicMappingDriver(api.ResourceMappingDriver, context, ptg['proxied_group_id']) for port in self._get_ptg_ports(proxied): extra_map['extra_ips'].extend( - [x['ip_address'] for x in port['fixed_ips']]) + [x['ip_address'] for x in port['fixed_ips'] + + port.get('allowed_address_pairs', [])]) (fips, ipms, host_snat_ips) = ( self._get_ip_mapping_details( context, port['id'], l3_policy, @@ -546,7 +547,8 @@ class ApicMappingDriver(api.ResourceMappingDriver, for port in ports: # Whenever a owned address belongs to a port, steal its FIPs if owned_addresses & set([x['ip_address'] for x in - port['fixed_ips']]): + port['fixed_ips'] + port.get( + 'allowed_address_pairs', [])]): fips_filter.append(port['id']) fips = self._get_fips(context, filters={'port_id': fips_filter}) diff --git a/gbpservice/neutron/tests/unit/services/servicechain/ncp/test_tscp_apic_mapping.py b/gbpservice/neutron/tests/unit/services/servicechain/ncp/test_tscp_apic_mapping.py index e32f3d0d8..345c838d0 100644 --- a/gbpservice/neutron/tests/unit/services/servicechain/ncp/test_tscp_apic_mapping.py +++ b/gbpservice/neutron/tests/unit/services/servicechain/ncp/test_tscp_apic_mapping.py @@ -995,6 +995,15 @@ class TestProxyGroup(ApicMappingStitchingPlumberGBPTestCase): name="ptg1")['policy_target_group'] pt1 = self.create_policy_target( policy_target_group_id=ptg['id'])['policy_target'] + data = {'allowed_address_pairs': + [{'ip_address': '170.166.0.1'}, + {'ip_address': '170.166.0.2'}]} + # Create EP with bound port + port = self.driver._update_port(context.get_admin_context(), + pt1['port_id'], data) + self.assertEqual(['170.166.0.1', '170.166.0.2'], + [x['ip_address'] for x in + port['allowed_address_pairs']]) self._bind_port_to_host(pt1['port_id'], 'h1') pt2 = self.create_policy_target( policy_target_group_id=ptg['id'])['policy_target'] @@ -1043,7 +1052,8 @@ class TestProxyGroup(ApicMappingStitchingPlumberGBPTestCase): # Verify extra addresses ips = self._get_pts_addresses([pt1, pt2]) - self.assertEqual(set(ips), set(mapping['extra_ips'])) + self.assertEqual(set(ips + ['170.166.0.1', '170.166.0.2']), + set(mapping['extra_ips'])) self.assertEqual(ptg['tenant_id'], mapping['ptg_tenant']) self.assertEqual(1, len(mapping['ip_mapping'])) # No SNAT subnet @@ -1078,8 +1088,9 @@ class TestProxyGroup(ApicMappingStitchingPlumberGBPTestCase): context.get_admin_context(), device='tap%s' % proxy_gw_failover['port_id'], host='h2') self.assertEqual( - set(ips), set(mapping['extra_details'][master_port['mac_address']][ - 'extra_ips'])) + set(ips + ['170.166.0.1', '170.166.0.2']), + set(mapping['extra_details'][master_port['mac_address']][ + 'extra_ips'])) self.assertEqual( [{'mac_address': master_port['mac_address'], 'ip_address': master_port['fixed_ips'][0]['ip_address'],