def test_create_delete_sg_rule_revision(self):
sg = self._test_create_security_group_revision()
r = {
'security_group_rule': {
'tenant_id': 'some_tenant',
'port_range_min': 80,
'protocol': 'tcp',
'port_range_max': 90,
'remote_ip_prefix': '0.0.0.0/0',
'ethertype': 'IPv4',
'remote_group_id': None,
'direction': 'ingress',
'security_group_id': sg['id']
}
}
rule = self.driver.create_security_group_rule(self.context, r)
new_sg = self.driver.get_security_group(self.context, sg['id'])
self.assertGreater(new_sg['revision_number'], sg['revision_number'])
self.nb_api.update.assert_called_with(
neutron_secgroups.security_group_from_neutron_obj(new_sg))
self.driver.delete_security_group_rule(self.context, rule['id'])
newer_sg = self.driver.get_security_group(self.context, sg['id'])
self.assertGreater(newer_sg['revision_number'],
new_sg['revision_number'])
self.nb_api.update.assert_called_with(
neutron_secgroups.security_group_from_neutron_obj(newer_sg))
def delete_security_group_rule(self, resource, event, trigger, **kwargs):
context = kwargs['context']
sgr_id = kwargs['security_group_rule_id']
sg_id = kwargs['security_group_id']
sg = self.core_plugin.get_security_group(context, sg_id)
sg_obj = neutron_secgroups.security_group_from_neutron_obj(sg)
self.nb_api.update(sg_obj)
LOG.info("DFMechDriver: delete security group rule %s", sgr_id)
def test_update_security_group_revision(self):
sg = self._test_create_security_group_revision()
data = {'security_group': {'name': 'updated'}}
new_sg = self.driver.update_security_group(self.context, sg['id'],
data)
self.assertGreater(new_sg['revision_number'], sg['revision_number'])
self.nb_api.update.assert_called_with(
neutron_secgroups.security_group_from_neutron_obj(new_sg))
def _test_create_security_group_revision(self):
s = {'security_group': {'tenant_id': 'some_tenant', 'name': '',
'description': 'des'}}
sg = self.driver.create_security_group(self.context, s)
self.assertGreater(sg['revision_number'], 0)
self.nb_api.create.assert_called_with(
neutron_secgroups.security_group_from_neutron_obj(sg))
return sg
def create_security_group_rule(self, resource, event, trigger, **kwargs):
sg_rule = kwargs['security_group_rule']
sg_id = sg_rule['security_group_id']
context = kwargs['context']
sg = self.core_plugin.get_security_group(context, sg_id)
sg_obj = neutron_secgroups.security_group_from_neutron_obj(sg)
self.nb_api.update(sg_obj)
LOG.info("DFMechDriver: create security group rule in group %s", sg_id)
return sg_rule
def update_security_group(self, resource, event, trigger, **kwargs):
sg = kwargs['security_group']
sg_name = sg.get('name', df_const.DF_SG_DEFAULT_NAME)
rules = sg.get('security_group_rules', [])
for rule in rules:
rule['topic'] = rule.get('tenant_id')
del rule['tenant_id']
sg_obj = neutron_secgroups.security_group_from_neutron_obj(sg)
if event == events.AFTER_CREATE:
self.nb_api.create(sg_obj)
LOG.info("DFMechDriver: create security group %s", sg_name)
elif event == events.AFTER_UPDATE:
self.nb_api.update(sg_obj)
LOG.info("DFMechDriver: update security group %s", sg_name)
return sg_obj
def update_security_group(self, resource, event, trigger, **kwargs):
sg = kwargs['security_group']
sg_name = sg.get('name')
rules = sg.get('security_group_rules', [])
for rule in rules:
try:
rule['topic'] = rule.pop('project_id')
except KeyError:
rule['topic'] = rule.pop('tenant_id', None)
sg_obj = neutron_secgroups.security_group_from_neutron_obj(sg)
if event == events.AFTER_CREATE:
self.nb_api.create(sg_obj)
LOG.info("DFMechDriver: create security group %s", sg_name)
elif event == events.AFTER_UPDATE:
self.nb_api.update(sg_obj)
LOG.info("DFMechDriver: update security group %s", sg_name)
return sg_obj
