API replay: post bulk sec group rule create by tenant

When doing bulk security group rule create, the API replay process
need to take into account that rules within a security group might
belong to different tenants, and all the rules submitted in a bulk
operation must belong to the same tenant.

Also, fix typo as datetime has no 'elapsed' member, we should have
called now()

Change-Id: I5a11e2b7eb1d07b4aafd0798533fc19c1463f868
This commit is contained in:
Salvatore Orlando 2021-07-19 12:15:42 -07:00
parent a25f9b246a
commit 600db3104c

View File

@ -415,7 +415,7 @@ class ApiReplayClient(utils.PrepareObjectForMigration):
dest_sec_group['security_group_rules']) dest_sec_group['security_group_rules'])
is False): is False):
try: try:
rule_start = datetime.elapsed() rule_start = datetime.now()
body = self.prepare_security_group_rule(sg_rule) body = self.prepare_security_group_rule(sg_rule)
self.dest_neutron.create_security_group_rule( self.dest_neutron.create_security_group_rule(
{'security_group_rule': body}) {'security_group_rule': body})
@ -456,7 +456,8 @@ class ApiReplayClient(utils.PrepareObjectForMigration):
# Use bulk rules creation for the rules of the SG # Use bulk rules creation for the rules of the SG
if not sg_rules: if not sg_rules:
continue continue
rules = [] # SG rules must be grouped per tenant
rules = {}
for sg_rule in sg_rules: for sg_rule in sg_rules:
# skip the default rules that were already created # skip the default rules that were already created
skip = False skip = False
@ -472,8 +473,10 @@ class ApiReplayClient(utils.PrepareObjectForMigration):
break break
if not skip: if not skip:
body = self.prepare_security_group_rule(sg_rule) body = self.prepare_security_group_rule(sg_rule)
rules.append({'security_group_rule': body}) tenant_id = sg_rule.get('tenant_id', 'default')
tenant_rules = rules.get(tenant_id, [])
tenant_rules.append({'security_group_rule': body})
rules[tenant_id] = tenant_rules
# save rules to create once all the sgs are created # save rules to create once all the sgs are created
if rules: if rules:
rules_dict[sg['id']] = rules rules_dict[sg['id']] = rules
@ -482,15 +485,17 @@ class ApiReplayClient(utils.PrepareObjectForMigration):
# Create the rules after all security groups are created to allow # Create the rules after all security groups are created to allow
# dependencies in remote_group_id # dependencies in remote_group_id
for sg_id, sg in rules_dict.items(): for sg_id, sg_rules in rules_dict.items():
try: try:
rule_start = datetime.now() rule_start = datetime.now()
rules = self.dest_neutron.create_security_group_rule( for tenant_id, tenant_rules in sg_rules.items():
{'security_group_rules': sg}) rules = self.dest_neutron.create_security_group_rule(
LOG.info("Created %d security group rules for SG %s: %s", {'security_group_rules': tenant_rules})
len(rules), sg_id, LOG.info("Created %d security group rules for "
",".join([rule.get('id') for rule in "SG %s and tenant %s: %s",
rules.get('security_group_rules', [])])) len(rules), sg_id, tenant_id,
",".join([rule.get('id') for rule in
rules.get('security_group_rules', [])]))
self._log_elapsed( self._log_elapsed(
rule_start, rule_start,
"Migrate security group rules for group %s" % sg_id) "Migrate security group rules for group %s" % sg_id)