def update_security_group_on_port(self, context, id, port, original_port, updated_port): """Update security groups on port. This method returns a flag which indicates request notification is required and does not perform notification itself. It is because another changes for the port may require notification. """ need_notify = False port_updates = port['port'] if (ext_sg.SECURITYGROUPS in port_updates and not helpers.compare_elements( original_port.get(ext_sg.SECURITYGROUPS), port_updates[ext_sg.SECURITYGROUPS])): # delete the port binding and read it with the new rules sgs = self._get_security_groups_on_port(context, port) port_updates[ext_sg.SECURITYGROUPS] = [sg.id for sg in sgs] self._delete_port_security_group_bindings(context, id) self._process_port_create_security_group(context, updated_port, sgs) need_notify = True else: updated_port[ext_sg.SECURITYGROUPS] = ( original_port[ext_sg.SECURITYGROUPS]) return need_notify
def update_security_group_on_port(self, context, id, port, original_port, updated_port): """Update security groups on port. This method returns a flag which indicates request notification is required and does not perform notification itself. It is because another changes for the port may require notification. """ need_notify = False port_updates = port['port'] if (ext_sg.SECURITYGROUPS in port_updates and not helpers.compare_elements( original_port.get(ext_sg.SECURITYGROUPS), port_updates[ext_sg.SECURITYGROUPS])): # delete the port binding and read it with the new rules port_updates[ext_sg.SECURITYGROUPS] = ( self._get_security_groups_on_port(context, port)) self._delete_port_security_group_bindings(context, id) self._process_port_create_security_group( context, updated_port, port_updates[ext_sg.SECURITYGROUPS]) need_notify = True else: updated_port[ext_sg.SECURITYGROUPS] = ( original_port[ext_sg.SECURITYGROUPS]) return need_notify
def check_and_notify_security_group_member_changed( self, context, original_port, updated_port): sg_change = not helpers.compare_elements( original_port.get(ext_sg.SECURITYGROUPS), updated_port.get(ext_sg.SECURITYGROUPS)) if sg_change: self.notify_security_groups_member_updated_bulk( context, [original_port, updated_port]) elif original_port['fixed_ips'] != updated_port['fixed_ips']: self.notify_security_groups_member_updated(context, updated_port)
def test_compare_elements(self): self.assertFalse(helpers.compare_elements([], ['napoli'])) self.assertFalse(helpers.compare_elements(None, ['napoli'])) self.assertFalse(helpers.compare_elements(['napoli'], [])) self.assertFalse(helpers.compare_elements(['napoli'], None)) self.assertFalse(helpers.compare_elements(['napoli', 'juve'], ['juve'])) self.assertTrue( helpers.compare_elements(['napoli', 'juve'], ['napoli', 'juve'])) self.assertTrue( helpers.compare_elements(['napoli', 'juve'], ['juve', 'napoli']))
def test_compare_elements(self): self.assertFalse(helpers.compare_elements([], ['napoli'])) self.assertFalse(helpers.compare_elements(None, ['napoli'])) self.assertFalse(helpers.compare_elements(['napoli'], [])) self.assertFalse(helpers.compare_elements(['napoli'], None)) self.assertFalse(helpers.compare_elements(['napoli', 'juve'], ['juve'])) self.assertTrue(helpers.compare_elements(['napoli', 'juve'], ['napoli', 'juve'])) self.assertTrue(helpers.compare_elements(['napoli', 'juve'], ['juve', 'napoli']))
def is_security_group_member_updated(self, context, original_port, updated_port): """Check security group member updated or not. This method returns a flag which indicates request notification is required and does not perform notification itself. It is because another changes for the port may require notification. """ need_notify = False if (original_port['fixed_ips'] != updated_port['fixed_ips'] or original_port['mac_address'] != updated_port['mac_address'] or not helpers.compare_elements( original_port.get(ext_sg.SECURITYGROUPS), updated_port.get(ext_sg.SECURITYGROUPS))): need_notify = True return need_notify
def _process_port_update_provider_security_group(self, context, port, original_port, updated_port): p = port['port'] provider_sg_specified = (provider_sg.PROVIDER_SECURITYGROUPS in p and p[provider_sg.PROVIDER_SECURITYGROUPS] != n_constants.ATTR_NOT_SPECIFIED) provider_sg_changed = ( provider_sg_specified and not helpers.compare_elements( original_port[provider_sg.PROVIDER_SECURITYGROUPS], p[provider_sg.PROVIDER_SECURITYGROUPS])) sg_changed = ( set(original_port[ext_sg.SECURITYGROUPS]) != set(updated_port[ext_sg.SECURITYGROUPS])) if sg_changed or provider_sg_changed: self._check_invalid_security_groups_specified(context, p) if provider_sg_changed: port['port']['tenant_id'] = original_port['id'] port['port']['id'] = original_port['id'] updated_port[provider_sg.PROVIDER_SECURITYGROUPS] = ( self._get_provider_security_groups_on_port(context, port)) else: updated_port[provider_sg.PROVIDER_SECURITYGROUPS] = ( original_port[provider_sg.PROVIDER_SECURITYGROUPS]) if provider_sg_changed or sg_changed: if not sg_changed: query = context.session.query( securitygroups_db.SecurityGroupPortBinding) for sg in original_port[provider_sg.PROVIDER_SECURITYGROUPS]: binding = query.filter_by( port_id=p['id'], security_group_id=sg).one() context.session.delete(binding) self._process_port_create_provider_security_group( context, updated_port, updated_port[provider_sg.PROVIDER_SECURITYGROUPS]) return provider_sg_changed
def _process_port_update_provider_security_group(self, context, port, original_port, updated_port): p = port['port'] provider_sg_specified = (provider_sg.PROVIDER_SECURITYGROUPS in p and p[provider_sg.PROVIDER_SECURITYGROUPS] != n_constants.ATTR_NOT_SPECIFIED) provider_sg_changed = ( provider_sg_specified and not helpers.compare_elements( original_port.get(provider_sg.PROVIDER_SECURITYGROUPS, []), p[provider_sg.PROVIDER_SECURITYGROUPS])) sg_changed = ( set(original_port[ext_sg.SECURITYGROUPS]) != set(updated_port[ext_sg.SECURITYGROUPS])) if sg_changed or provider_sg_changed: self._check_invalid_security_groups_specified(context, p) if provider_sg_changed: port['port']['tenant_id'] = original_port['id'] port['port']['id'] = original_port['id'] updated_port[provider_sg.PROVIDER_SECURITYGROUPS] = ( self._get_provider_security_groups_on_port(context, port)) else: updated_port[provider_sg.PROVIDER_SECURITYGROUPS] = ( original_port.get(provider_sg.PROVIDER_SECURITYGROUPS, [])) if provider_sg_changed or sg_changed: if not sg_changed: query = context.session.query( securitygroups_db.SecurityGroupPortBinding) for sg in original_port[provider_sg.PROVIDER_SECURITYGROUPS]: binding = query.filter_by( port_id=p['id'], security_group_id=sg).one() context.session.delete(binding) self._process_port_create_provider_security_group( context, updated_port, updated_port[provider_sg.PROVIDER_SECURITYGROUPS]) return provider_sg_changed
def compare_elements(a, b): return helpers.compare_elements(a, b)