def acl_remote_group_id(r, ip_version):
if not r['remote_group_id']:
return ''
src_or_dst = 'src' if r['direction'] == const.INGRESS_DIRECTION else 'dst'
addrset_name = utils.ovn_pg_addrset_name(r['remote_group_id'], ip_version)
return ' && %s.%s == $%s' % (ip_version, src_or_dst, addrset_name)
def acl_remote_group_id(r, ip_version, ovn=None):
if not r['remote_group_id']:
return ''
src_or_dst = 'src' if r['direction'] == const.INGRESS_DIRECTION else 'dst'
if (ovn and ovn.is_port_groups_supported()):
addrset_name = utils.ovn_pg_addrset_name(r['remote_group_id'],
ip_version)
else:
addrset_name = utils.ovn_addrset_name(r['remote_group_id'],
ip_version)
return ' && %s.%s == $%s' % (ip_version, src_or_dst, addrset_name)
def test_acl_remote_group_id(self):
sg_rule = fakes.FakeSecurityGroupRule.create_one_security_group_rule({
'direction': 'ingress',
'remote_group_id': None
}).info()
ip_version = 'ip4'
sg_id = sg_rule['security_group_id']
pg_name = ovn_utils.ovn_pg_addrset_name(sg_id, ip_version)
match = ovn_acl.acl_remote_group_id(sg_rule, ip_version)
self.assertEqual('', match)
sg_rule['remote_group_id'] = sg_id
match = ovn_acl.acl_remote_group_id(sg_rule, ip_version)
self.assertEqual(' && ip4.src == $' + pg_name, match)
sg_rule['direction'] = 'egress'
match = ovn_acl.acl_remote_group_id(sg_rule, ip_version)
self.assertEqual(' && ip4.dst == $' + pg_name, match)