From: Claudiu Belu Date: Mon, 17 Mar 2014 20:53:55 +0000 (-0700) Subject: Fixes Hyper-V agent security groups enable issue X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=7026d96ce44522c95c785376178347d2b0a9d750;p=openstack-build%2Fneutron-build.git Fixes Hyper-V agent security groups enable issue Fixes the weight of the applied allow rules by ignoring the weight of the reject rules. Fixes the override allow rules issue by fixing the ACL filtering condition. Change-Id: I38ddd7142d0fa45f308460153d29580f276ce07e Closes-Bug: #1294368 --- diff --git a/neutron/plugins/hyperv/agent/utilsv2.py b/neutron/plugins/hyperv/agent/utilsv2.py index cc38db139..87ed8704c 100644 --- a/neutron/plugins/hyperv/agent/utilsv2.py +++ b/neutron/plugins/hyperv/agent/utilsv2.py @@ -366,11 +366,12 @@ class HyperVUtilsV2R2(HyperVUtilsV2): return [v for v in acls if v.Action == action and v.Direction == direction and - v.LocalPort in [str(local_port), self._ACL_DEFAULT] and - v.Protocol in [protocol] and + v.LocalPort == str(local_port) and + v.Protocol == protocol and v.RemoteIPAddress == remote_addr] def _get_new_weight(self, acls): + acls = [a for a in acls if a.Action is not self._ACL_ACTION_DENY] if not acls: return self._MAX_WEIGHT - 1 diff --git a/neutron/tests/unit/hyperv/test_hyperv_utilsv2.py b/neutron/tests/unit/hyperv/test_hyperv_utilsv2.py index 565368a24..0d7a59e72 100644 --- a/neutron/tests/unit/hyperv/test_hyperv_utilsv2.py +++ b/neutron/tests/unit/hyperv/test_hyperv_utilsv2.py @@ -352,14 +352,19 @@ class TestHyperVUtilsV2R2(base.BaseTestCase): default, default, self._FAKE_REMOTE_ADDR) def _test_filter_security_acls(self, local_port, protocol, remote_addr): - mock_acl = mock.MagicMock() - mock_acl.Action = self._utils._ACL_ACTION_ALLOW - mock_acl.Direction = self._FAKE_ACL_DIR - mock_acl.LocalPort = local_port - mock_acl.Protocol = protocol - mock_acl.RemoteIPAddress = remote_addr + acls = [] + default = self._utils._ACL_DEFAULT + for port, proto in [(default, default), (local_port, protocol)]: + mock_acl = mock.MagicMock() + mock_acl.Action = self._utils._ACL_ACTION_ALLOW + mock_acl.Direction = self._FAKE_ACL_DIR + mock_acl.LocalPort = port + mock_acl.Protocol = proto + mock_acl.RemoteIPAddress = remote_addr + acls.append(mock_acl) + + right_acls = [a for a in acls if a.LocalPort == local_port] - acls = [mock_acl, mock_acl] good_acls = self._utils._filter_security_acls( acls, mock_acl.Action, self._FAKE_ACL_DIR, self._FAKE_ACL_TYPE, local_port, protocol, remote_addr) @@ -367,7 +372,7 @@ class TestHyperVUtilsV2R2(base.BaseTestCase): acls, self._FAKE_ACL_ACT, self._FAKE_ACL_DIR, self._FAKE_ACL_TYPE, local_port, protocol, remote_addr) - self.assertEqual(acls, good_acls) + self.assertEqual(right_acls, good_acls) self.assertEqual([], bad_acls) def test_get_new_weight(self): @@ -381,3 +386,13 @@ class TestHyperVUtilsV2R2(base.BaseTestCase): def test_get_new_weight_no_acls(self): self.assertEqual(self._utils._MAX_WEIGHT - 1, self._utils._get_new_weight([])) + + def test_get_new_weight_default_acls(self): + mockacl1 = mock.MagicMock() + mockacl1.Weight = self._utils._MAX_WEIGHT - 1 + mockacl2 = mock.MagicMock() + mockacl2.Weight = self._utils._MAX_WEIGHT - 2 + mockacl2.Action = self._utils._ACL_ACTION_DENY + + self.assertEqual(self._utils._MAX_WEIGHT - 2, + self._utils._get_new_weight([mockacl1, mockacl2]))