From 5745fbe5f3ba95153c022a1b22b856474649337b Mon Sep 17 00:00:00 2001 From: Adit Sarfaty Date: Sun, 22 Sep 2019 11:52:49 +0300 Subject: [PATCH] NSX|V: Configurable backend security group name Adding a configuration for the format of the NSX security group created by openstack. The parameter is nsx_sg_name_format under the nsxv section, and the default format is '%(name)s (%(id)s)' (as it was before) Change-Id: I2081bdd3ca18ee62c178ae83baf5ed2cc87bc1da --- vmware_nsx/common/config.py | 4 +++ .../nsx_v/vshield/securitygroup_utils.py | 9 +++++- vmware_nsx/tests/unit/nsx_v/test_plugin.py | 30 +++++++++++++++++++ 3 files changed, 42 insertions(+), 1 deletion(-) diff --git a/vmware_nsx/common/config.py b/vmware_nsx/common/config.py index c45de69998..eebbf9384f 100644 --- a/vmware_nsx/common/config.py +++ b/vmware_nsx/common/config.py @@ -837,6 +837,10 @@ nsxv_opts = [ default=False, help=_("Allow associating multiple IPs to VMs " "without spoofguard limitations")), + cfg.StrOpt('nsx_sg_name_format', + default='%(name)s (%(id)s)', + help=_("(Optional) Format for the NSX name of an openstack " + "security group")), ] # define the configuration of each NSX-V availability zone. diff --git a/vmware_nsx/plugins/nsx_v/vshield/securitygroup_utils.py b/vmware_nsx/plugins/nsx_v/vshield/securitygroup_utils.py index ee4d319dc5..16ae05d3b5 100644 --- a/vmware_nsx/plugins/nsx_v/vshield/securitygroup_utils.py +++ b/vmware_nsx/plugins/nsx_v/vshield/securitygroup_utils.py @@ -15,6 +15,7 @@ import xml.etree.ElementTree as et +from oslo_config import cfg from oslo_log import log as logging from vmware_nsx.common import utils @@ -154,7 +155,13 @@ class NsxSecurityGroupUtils(object): return et.fromstring(xml_string) def get_nsx_sg_name(self, sg_data): - return '%(name)s (%(id)s)' % sg_data + try: + return cfg.CONF.nsxv.nsx_sg_name_format % sg_data + except Exception as e: + # Illegal format: + LOG.error("get_nsx_sg_name failed due to invalid format %s: %s", + cfg.CONF.nsxv.nsx_sg_name_format, e) + return '%(name)s (%(id)s)' % sg_data def get_nsx_section_name(self, sg_data): return 'SG Section: %s' % self.get_nsx_sg_name(sg_data) diff --git a/vmware_nsx/tests/unit/nsx_v/test_plugin.py b/vmware_nsx/tests/unit/nsx_v/test_plugin.py index fa725ef974..9e0a855387 100644 --- a/vmware_nsx/tests/unit/nsx_v/test_plugin.py +++ b/vmware_nsx/tests/unit/nsx_v/test_plugin.py @@ -15,6 +15,7 @@ import contextlib import copy +import re import decorator @@ -4102,6 +4103,35 @@ class NsxVTestSecurityGroup(ext_sg.TestSecurityGroups, sg = self._plugin_update_security_group(_context, sg['id'], True) self.assertTrue(sg['logging']) + def _create_default_sg(self, ctx): + self.plugin._ensure_default_security_group(ctx, 'tenant_id') + + def test_create_security_group_default_nsx_name(self): + _context = context.get_admin_context() + self._create_default_sg(_context) + with mock.patch.object(self.plugin.nsx_v.vcns, + 'create_security_group', + return_value=({}, '3')) as nsxv_create: + self._plugin_create_security_group(_context) + created_sg = nsxv_create.call_args[0] + created_name = created_sg[0]['securitygroup']['name'] + self.assertTrue(re.match(r'SG \(.*\)', created_name)) + + def test_create_security_group_non_default_nsx_name(self): + # Use non default nsx name format + cfg.CONF.set_override('nsx_sg_name_format', '%(name)s [%(id)s]', + group="nsxv") + + _context = context.get_admin_context() + self._create_default_sg(_context) + with mock.patch.object(self.plugin.nsx_v.vcns, + 'create_security_group', + return_value=({}, '3')) as nsxv_create: + self._plugin_create_security_group(_context) + created_sg = nsxv_create.call_args[0] + created_name = created_sg[0]['securitygroup']['name'] + self.assertTrue(re.match(r'SG \[.*\]', created_name)) + def test_create_security_group_rule_bulk(self): """Verify that bulk rule create updates the backend section once""" fake_update_sect = self.fc2.update_section