def _test_fix_security_group_create(self, mock_bump, revision_number):
with db_api.CONTEXT_WRITER.using(self.ctx):
sg_name = utils.ovn_addrset_name('fake_id', 'ip4')
sg = self._make_security_group(self.fmt, sg_name,
'')['security_group']
ovn_revision_numbers_db.create_initial_revision(
self.ctx,
sg['id'],
constants.TYPE_SECURITY_GROUPS,
revision_number=revision_number)
row = ovn_revision_numbers_db.get_revision_row(self.ctx, sg['id'])
self.assertEqual(revision_number, row.revision_number)
if revision_number < 0:
self.fake_ovn_client._nb_idl.get_address_set.return_value = None
self.fake_ovn_client._nb_idl.get_port_group.return_value = None
else:
self.fake_ovn_client._nb_idl.get_address_set.return_value = (
mock.sentinel.AddressSet)
self.fake_ovn_client._plugin.get_security_group.return_value = sg
self.periodic._fix_create_update(self.ctx, row)
if revision_number < 0:
self.fake_ovn_client.create_security_group.assert_called_once_with(
self.ctx, sg)
else:
# If the object already exist let's make sure we just bump
# the revision number in the ovn_revision_numbers table
self.assertFalse(self.fake_ovn_client.create_security_group.called)
mock_bump.assert_called_once_with(self.ctx, sg,
constants.TYPE_SECURITY_GROUPS)
def get_address_set(self, addrset_id, ip_version='ip4'):
addr_name = utils.ovn_addrset_name(addrset_id, ip_version)
try:
return idlutils.row_by_value(self.idl, 'Address_Set', 'name',
addr_name)
except idlutils.RowNotFound:
return None
def acl_remote_group_id(r, ip_version, ovn=None):
if not r['remote_group_id']:
return ''
src_or_dst = 'src' if r['direction'] == const.INGRESS_DIRECTION else 'dst'
if (ovn and ovn.is_port_groups_supported()):
addrset_name = utils.ovn_pg_addrset_name(r['remote_group_id'],
ip_version)
else:
addrset_name = utils.ovn_addrset_name(r['remote_group_id'],
ip_version)
return ' && %s.%s == $%s' % (ip_version, src_or_dst, addrset_name)
def test_acl_remote_group_id(self):
sg_rule = fakes.FakeSecurityGroupRule.create_one_security_group_rule({
'direction':
'ingress',
'remote_group_id':
None
}).info()
ip_version = 'ip4'
sg_id = sg_rule['security_group_id']
addrset_name = ovn_utils.ovn_addrset_name(sg_id, ip_version)
match = ovn_acl.acl_remote_group_id(sg_rule, ip_version)
self.assertEqual('', match)
sg_rule['remote_group_id'] = sg_id
match = ovn_acl.acl_remote_group_id(sg_rule, ip_version)
self.assertEqual(' && ip4.src == $' + addrset_name, match)
sg_rule['direction'] = 'egress'
match = ovn_acl.acl_remote_group_id(sg_rule, ip_version)
self.assertEqual(' && ip4.dst == $' + addrset_name, match)