x/vmware-nsx
Code Issues Proposed changes

All egress traffic allowed by default should be implied

Browse Source 
This commit removes the egress rules that were created by default
to align with the way security groups work in amazon VPC.
"By default, all egress is allowed from the security
group until you add outbound rules to the group (then only the egress you
specified is allowed)."

Change-Id: I63936fbf76ea9a2828c8923be6ec14aac46b21bd
This commit is contained in:
Aaron Rosen 2012-11-14 14:52:06 -08:00 committed by Akihiro MOTOKI
parent 453dd13738
commit ad742e1a51
2 changed files with 3 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
quantum/db/securitygroups_db.py
View File

@ -127,20 +127,13 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
context.session.add(security_group_db)
if s.get('name') == 'default':
for ethertype in self.sg_supported_ethertypes:
# Allow all egress traffic
db = SecurityGroupRule(
id=utils.str_uuid(), tenant_id=tenant_id,
security_group=security_group_db,
direction='egress',
ethertype=ethertype)
context.session.add(db)
# Allow intercommunication
db = SecurityGroupRule(
id=utils.str_uuid(), tenant_id=tenant_id,
security_group=security_group_db,
direction='ingress',
source_group=security_group_db,
ethertype=ethertype)
ethertype=ethertype,
source_group=security_group_db)
context.session.add(db)
return self._make_security_group_dict(security_group_db)

2
quantum/tests/unit/test_extension_security_group.py
View File

@ -367,7 +367,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
self.assertEquals(len(groups['security_groups']), 1)
res = self.new_list_request('security-group-rules')
rules = self.deserialize('json', res.get_response(self.ext_api))
self.assertEquals(len(rules['security_group_rules']), 4)
self.assertEquals(len(rules['security_group_rules']), 2)
# just generic rules to allow default egress and
# intergroup communicartion
for rule in rules['security_group_rules']: