From acf44dba26ca8dca47bfb5fb2916807f9f4e2060 Mon Sep 17 00:00:00 2001 From: Aaron Rosen Date: Mon, 29 Apr 2013 19:49:36 -0700 Subject: [PATCH] get_security_groups now creates default security group If one called get_security_groups() previously the default security group would not be created until the tenant created a network. This exposed a bug when an admin creates a shared network and a tenant tried to boot a vm on it without having any networks. Fixes bug 1171997 Change-Id: I899203424c03353a1ee6567c9ddbaecd7dc25001 --- quantum/db/securitygroups_db.py | 12 ++++++++++-- quantum/plugins/midonet/plugin.py | 5 +++-- quantum/tests/unit/test_extension_security_group.py | 6 ++++++ 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/quantum/db/securitygroups_db.py b/quantum/db/securitygroups_db.py index f54ba9ad4a..f5cd11e15c 100644 --- a/quantum/db/securitygroups_db.py +++ b/quantum/db/securitygroups_db.py @@ -136,7 +136,14 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase): def get_security_groups(self, context, filters=None, fields=None, sorts=None, limit=None, - marker=None, page_reverse=False): + marker=None, page_reverse=False, default_sg=False): + + # If default_sg is True do not call _ensure_default_security_group() + # so this can be done recursively. Context.tenant_id is checked + # because all the unit tests do not explicitly set the context on + # GETS. TODO(arosen) context handling can probably be improved here. + if not default_sg and context.tenant_id: + self._ensure_default_security_group(context, context.tenant_id) marker_obj = self._get_marker_obj(context, 'security_group', limit, marker) return self._get_collection(context, @@ -423,7 +430,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase): :returns: the default security group id. """ filters = {'name': ['default'], 'tenant_id': [tenant_id]} - default_group = self.get_security_groups(context, filters) + default_group = self.get_security_groups(context, filters, + default_sg=True) if not default_group: security_group = {'security_group': {'name': 'default', 'tenant_id': tenant_id, diff --git a/quantum/plugins/midonet/plugin.py b/quantum/plugins/midonet/plugin.py index e9656c273d..2c158f2b02 100644 --- a/quantum/plugins/midonet/plugin.py +++ b/quantum/plugins/midonet/plugin.py @@ -1032,12 +1032,13 @@ class MidonetPluginV2(db_base_plugin_v2.QuantumDbPluginV2, return super(MidonetPluginV2, self).delete_security_group( context, id) - def get_security_groups(self, context, filters=None, fields=None): + def get_security_groups(self, context, filters=None, fields=None, + default_sg=False): LOG.debug(_("MidonetPluginV2.get_security_groups called: " "filters=%(filters)r fields=%(fields)r"), {'filters': filters, 'fields': fields}) return super(MidonetPluginV2, self).get_security_groups( - context, filters, fields) + context, filters, fields, default_sg=default_sg) def get_security_group(self, context, id, fields=None, tenant_id=None): LOG.debug(_("MidonetPluginV2.get_security_group called: id=%(id)s " diff --git a/quantum/tests/unit/test_extension_security_group.py b/quantum/tests/unit/test_extension_security_group.py index cbff55f022..6f627310a2 100644 --- a/quantum/tests/unit/test_extension_security_group.py +++ b/quantum/tests/unit/test_extension_security_group.py @@ -445,6 +445,12 @@ class TestSecurityGroups(SecurityGroupDBTestCase): self._delete('security-groups', sg['security_groups'][0]['id'], 409, quantum_context=quantum_context) + def test_security_group_list_creates_default_security_group(self): + quantum_context = context.Context('', 'test-tenant') + sg = self._list('security-groups', + quantum_context=quantum_context).get('security_groups') + self.assertEqual(len(sg), 1) + def test_default_security_group_rules(self): with self.network(): res = self.new_list_request('security-groups')