Merge "Apply security group when attach network"

2017-12-14 01:36:30 +00:00 · 2017-12-14 01:36:30 +00:00 · 0ae1dba428
commit 0ae1dba428
parent c806a6ccbd 7fb703a03e
2 changed files with 28 additions and 1 deletions
--- a/zun/container/docker/driver.py
+++ b/zun/container/docker/driver.py
@ -904,6 +904,10 @@ class DockerDriver(driver.ContainerDriver):

    def network_attach(self, context, container, network):
        with docker_utils.docker_client() as docker:
+            security_group_ids = None
+            if container.security_groups:
+                security_group_ids = utils.get_security_group_ids(
+                    context, container.security_groups)
            network_api = zun_network.api(context,
                                          docker_api=docker)
            if network in container.addresses:
@ -920,7 +924,7 @@ class DockerDriver(driver.ContainerDriver):
            docker_net_name = self._get_docker_network_name(context, network)
            addrs = network_api.connect_container_to_network(
                container, docker_net_name, requested_network,
-                security_groups=None)
+                security_groups=security_group_ids)
            if addrs is None:
                raise exception.ZunException(_(
                    'Unexpected missing of addresses'))
--- a/zun/tests/unit/container/docker/test_docker_driver.py
+++ b/zun/tests/unit/container/docker/test_docker_driver.py
@ -590,6 +590,29 @@ class TestDockerDriver(base.DriverTestCase):
                                             requested_network[0],
                                             security_groups=None)

+    @mock.patch('zun.common.utils.get_security_group_ids')
+    @mock.patch('zun.network.kuryr_network.KuryrNetwork'
+                '.connect_container_to_network')
+    @mock.patch('zun.network.kuryr_network.KuryrNetwork'
+                '.list_networks')
+    def test_network_attach_with_security_group(self, mock_list,
+                                                mock_connect,
+                                                mock_get_sec_group_id):
+        test_sec_group_id = '84e3a4c1-c8cd-46b1-a0d9-c8c35f6a32a4'
+        mock_container = mock.MagicMock()
+        mock_container.security_groups = ['test_sec_group']
+        mock_list.return_value = {'network': 'network'}
+        mock_get_sec_group_id.return_value = test_sec_group_id
+        requested_network = [{'network': 'network',
+                              'port': '',
+                              'v4-fixed-ip': '',
+                              'v6-fixed-ip': ''}]
+        self.driver.network_attach(self.context, mock_container, 'network')
+        mock_connect.assert_called_once_with(mock_container,
+                                             'network-fake_project',
+                                             requested_network[0],
+                                             security_groups=test_sec_group_id)
+
    @mock.patch('oslo_concurrency.processutils.execute')
    @mock.patch('zun.container.driver.ContainerDriver.get_host_mem')
    @mock.patch(