If one called get_security_groups() previously the default security
group would not be created until the tenant created a network. This
exposed a bug when an admin creates a shared network and a tenant tried
to boot a vm on it without having any networks.
Fixes bug
1171997
Change-Id: I899203424c03353a1ee6567c9ddbaecd7dc25001
def get_security_groups(self, context, filters=None, fields=None,
sorts=None, limit=None,
- marker=None, page_reverse=False):
+ marker=None, page_reverse=False, default_sg=False):
+
+ # If default_sg is True do not call _ensure_default_security_group()
+ # so this can be done recursively. Context.tenant_id is checked
+ # because all the unit tests do not explicitly set the context on
+ # GETS. TODO(arosen) context handling can probably be improved here.
+ if not default_sg and context.tenant_id:
+ self._ensure_default_security_group(context, context.tenant_id)
marker_obj = self._get_marker_obj(context, 'security_group', limit,
marker)
return self._get_collection(context,
:returns: the default security group id.
"""
filters = {'name': ['default'], 'tenant_id': [tenant_id]}
- default_group = self.get_security_groups(context, filters)
+ default_group = self.get_security_groups(context, filters,
+ default_sg=True)
if not default_group:
security_group = {'security_group': {'name': 'default',
'tenant_id': tenant_id,
return super(MidonetPluginV2, self).delete_security_group(
context, id)
- def get_security_groups(self, context, filters=None, fields=None):
+ def get_security_groups(self, context, filters=None, fields=None,
+ default_sg=False):
LOG.debug(_("MidonetPluginV2.get_security_groups called: "
"filters=%(filters)r fields=%(fields)r"),
{'filters': filters, 'fields': fields})
return super(MidonetPluginV2, self).get_security_groups(
- context, filters, fields)
+ context, filters, fields, default_sg=default_sg)
def get_security_group(self, context, id, fields=None, tenant_id=None):
LOG.debug(_("MidonetPluginV2.get_security_group called: id=%(id)s "
self._delete('security-groups', sg['security_groups'][0]['id'],
409, quantum_context=quantum_context)
+ def test_security_group_list_creates_default_security_group(self):
+ quantum_context = context.Context('', 'test-tenant')
+ sg = self._list('security-groups',
+ quantum_context=quantum_context).get('security_groups')
+ self.assertEqual(len(sg), 1)
+
def test_default_security_group_rules(self):
with self.network():
res = self.new_list_request('security-groups')
Code Review / openstack-build / neutron-build.git / commitdiff