Merge "NSX|v+v3: Allow multiple provider security groups per tenant"

2016-11-13 18:55:27 +00:00 · 2016-11-13 18:55:27 +00:00 · e8b840f769
commit e8b840f769
parent 82a12dec8a 7e1b1f1cf2
2 changed files with 8 additions and 10 deletions
--- a/vmware_nsx/db/extended_security_group.py
+++ b/vmware_nsx/db/extended_security_group.py
@ -30,7 +30,6 @@ from neutron.extensions import securitygroup as ext_sg
 from neutron_lib.api import validators
 from neutron_lib import constants as n_constants

-from vmware_nsx._i18n import _
 from vmware_nsx.extensions import providersecuritygroup as provider_sg
 from vmware_nsx.extensions import securitygrouplogging as sg_logging
 from vmware_nsx.extensions import securitygrouppolicy as sg_policy
@ -185,15 +184,6 @@ class ExtendedSecurityGroupPropertiesMixin(object):
        if default_sg:
            raise provider_sg.DefaultSecurityGroupIsNotProvider()

-        tenant_id = security_group['tenant_id']
-        ssg = self._get_tenant_provider_security_groups(context, tenant_id)
-        if ssg:
-            # REVISIT(roeyc): At the moment we only allow on provider
-            # security-group per tenant, this might change in the future.
-            raise Exception(_("Provider Security-group already exists"
-                              "(%(pvdsg)s) for tenant %(tenant_id)s.")
-                            % {'pvdsg': ssg, 'tenant_id': tenant_id})
-
    def _get_provider_security_groups_on_port(self, context, port):
        p = port['port']
        tenant_id = p['tenant_id']
--- a/vmware_nsx/tests/unit/extensions/test_provider_security_groups.py
+++ b/vmware_nsx/tests/unit/extensions/test_provider_security_groups.py
@ -155,6 +155,14 @@ class ProviderSecurityGroupExtTestCase(
        self.assertEqual(
            provider_secgroup['security_group']['security_group_rules'], [])

+    def test_create_provider_security_groups_same_tenant(self):
+        provider_secgroup = self._create_provider_security_group()
+        self.assertTrue(provider_secgroup['security_group']['provider'])
+
+        # Verify that another one can also be created for the same tenant
+        provider_secgroup2 = self._create_provider_security_group()
+        self.assertTrue(provider_secgroup2['security_group']['provider'])
+
    def test_create_port_gets_provider_sg(self):
        # need to create provider security group first.
        provider_secgroup = self._create_provider_security_group()