Example #1
0
    def update_security_group_on_port(self, context, id, port,
                                      original_port, updated_port):
        """Update security groups on port.

        This method returns a flag which indicates request notification
        is required and does not perform notification itself.
        It is because another changes for the port may require notification.
        """
        need_notify = False
        port_updates = port['port']
        if (ext_sg.SECURITYGROUPS in port_updates and
            not helpers.compare_elements(
                original_port.get(ext_sg.SECURITYGROUPS),
                port_updates[ext_sg.SECURITYGROUPS])):
            # delete the port binding and read it with the new rules
            port_updates[ext_sg.SECURITYGROUPS] = (
                self._get_security_groups_on_port(context, port))
            self._delete_port_security_group_bindings(context, id)
            self._process_port_create_security_group(
                context,
                updated_port,
                port_updates[ext_sg.SECURITYGROUPS])
            need_notify = True
        else:
            updated_port[ext_sg.SECURITYGROUPS] = (
                original_port[ext_sg.SECURITYGROUPS])
        return need_notify
 def check_and_notify_security_group_member_changed(
         self, context, original_port, updated_port):
     sg_change = not helpers.compare_elements(
         original_port.get(ext_sg.SECURITYGROUPS),
         updated_port.get(ext_sg.SECURITYGROUPS))
     if sg_change:
         self.notify_security_groups_member_updated_bulk(
             context, [original_port, updated_port])
     elif original_port['fixed_ips'] != updated_port['fixed_ips']:
         self.notify_security_groups_member_updated(context, updated_port)
Example #3
0
 def test_compare_elements(self):
     self.assertFalse(helpers.compare_elements([], ['napoli']))
     self.assertFalse(helpers.compare_elements(None, ['napoli']))
     self.assertFalse(helpers.compare_elements(['napoli'], []))
     self.assertFalse(helpers.compare_elements(['napoli'], None))
     self.assertFalse(helpers.compare_elements(['napoli', 'juve'],
                                               ['juve']))
     self.assertTrue(helpers.compare_elements(['napoli', 'juve'],
                                              ['napoli', 'juve']))
     self.assertTrue(helpers.compare_elements(['napoli', 'juve'],
                                              ['juve', 'napoli']))
    def is_security_group_member_updated(self, context,
                                         original_port, updated_port):
        """Check security group member updated or not.

        This method returns a flag which indicates request notification
        is required and does not perform notification itself.
        It is because another changes for the port may require notification.
        """
        need_notify = False
        if (original_port['fixed_ips'] != updated_port['fixed_ips'] or
            original_port['mac_address'] != updated_port['mac_address'] or
            not helpers.compare_elements(
                original_port.get(ext_sg.SECURITYGROUPS),
                updated_port.get(ext_sg.SECURITYGROUPS))):
            need_notify = True
        return need_notify
    def _process_port_update_provider_security_group(self, context, port,
                                                     original_port,
                                                     updated_port):
        p = port['port']
        provider_sg_specified = (provider_sg.PROVIDER_SECURITYGROUPS in p and
                                 p[provider_sg.PROVIDER_SECURITYGROUPS] !=
                                 n_constants.ATTR_NOT_SPECIFIED)
        provider_sg_changed = (
            provider_sg_specified and not helpers.compare_elements(
                original_port.get(provider_sg.PROVIDER_SECURITYGROUPS, []),
                p[provider_sg.PROVIDER_SECURITYGROUPS]))
        sg_changed = (
            set(original_port[ext_sg.SECURITYGROUPS]) !=
            set(updated_port[ext_sg.SECURITYGROUPS]))
        if sg_changed or provider_sg_changed:
            self._check_invalid_security_groups_specified(context, p)

        if provider_sg_changed:
            port['port']['tenant_id'] = original_port['id']
            port['port']['id'] = original_port['id']
            updated_port[provider_sg.PROVIDER_SECURITYGROUPS] = (
                self._get_provider_security_groups_on_port(context, port))
        else:
            updated_port[provider_sg.PROVIDER_SECURITYGROUPS] = (
                original_port.get(provider_sg.PROVIDER_SECURITYGROUPS, []))

        if provider_sg_changed or sg_changed:
            if not sg_changed:
                query = context.session.query(
                    securitygroups_db.SecurityGroupPortBinding)
                for sg in original_port[provider_sg.PROVIDER_SECURITYGROUPS]:
                    binding = query.filter_by(
                        port_id=p['id'], security_group_id=sg).one()
                    context.session.delete(binding)
            self._process_port_create_provider_security_group(
                context, updated_port,
                updated_port[provider_sg.PROVIDER_SECURITYGROUPS])
        return provider_sg_changed
Example #6
0
def compare_elements(a, b):
    return helpers.compare_elements(a, b)