diff options
| author | Jenkins <jenkins@review.openstack.org> | 2012-03-10 00:50:50 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2012-03-10 00:50:50 +0000 |
| commit | bd2d89dd567dc8544201042487ac23c2096a4b8d (patch) | |
| tree | 81b064e9c52a1ec45d84217faeeecfb2c873dab4 | |
| parent | 88b5e07717352d9ae7149a9d2cc6b56539991f31 (diff) | |
| parent | c919ba6602d3e99b23f133b68ec3a484aca3c78d (diff) | |
| download | nova-bd2d89dd567dc8544201042487ac23c2096a4b8d.tar.gz nova-bd2d89dd567dc8544201042487ac23c2096a4b8d.tar.xz nova-bd2d89dd567dc8544201042487ac23c2096a4b8d.zip | |
Merge "Since 'net' is of nova.network.model.VIF class and 'ips' is an empty list, net needs to be pulled from hydrated nw_info.fixed_ips(), and appended to ips."
| -rw-r--r-- | Authors | 1 | ||||
| -rw-r--r-- | nova/tests/test_libvirt.py | 24 | ||||
| -rw-r--r-- | nova/tests/test_xenapi.py | 23 | ||||
| -rw-r--r-- | nova/virt/firewall.py | 9 |
4 files changed, 26 insertions, 31 deletions
@@ -13,6 +13,7 @@ Andrey Brindeyev <abrindeyev@griddynamics.com> Andy Smith <code@term.ie> Andy Southgate <andy.southgate@citrix.com> Anne Gentle <anne@openstack.org> +Ante Karamatić <ivoks@ubuntu.com> Anthony Young <sleepsonthefloor@gmail.com> Antony Messerli <ant@openstack.org> Armando Migliaccio <Armando.Migliaccio@eu.citrix.com> diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py index d8a44eec9..7e861c04f 100644 --- a/nova/tests/test_libvirt.py +++ b/nova/tests/test_libvirt.py @@ -36,6 +36,7 @@ from nova import utils from nova.api.ec2 import cloud from nova.compute import instance_types from nova.compute import power_state +from nova.compute import utils as compute_utils from nova.compute import vm_states from nova.virt import images from nova.virt import driver @@ -60,6 +61,7 @@ FLAGS = flags.FLAGS LOG = logging.getLogger(__name__) _fake_network_info = fake_network.fake_get_instance_nw_info +_fake_stub_out_get_nw_info = fake_network.stub_out_nw_api_get_instance_nw_info _ipv4_like = fake_network.ipv4_like @@ -1491,22 +1493,14 @@ class IptablesFirewallTestCase(test.TestCase): return '', '' print cmd, kwargs - network_info = _fake_network_info(self.stubs, 1) - - def get_fixed_ips(*args, **kwargs): - ips = [] - for network, info in network_info: - ips.extend(info['ips']) - return [ip['ip'] for ip in ips] - - def nw_info(*args, **kwargs): - return network_info + network_model = _fake_network_info(self.stubs, 1, spectacular=True) from nova.network import linux_net linux_net.iptables_manager.execute = fake_iptables_execute - fake_network.stub_out_nw_api_get_instance_nw_info(self.stubs, - nw_info) + _fake_stub_out_get_nw_info(self.stubs, lambda *a, **kw: network_model) + + network_info = compute_utils.legacy_network_info(network_model) self.fw.prepare_instance_filter(instance_ref, network_info) self.fw.apply_instance_filter(instance_ref, network_info) @@ -1544,9 +1538,11 @@ class IptablesFirewallTestCase(test.TestCase): self.assertTrue(len(filter(regex.match, self.out_rules)) > 0, "ICMP Echo Request acceptance rule wasn't added") - for ip in get_fixed_ips(): + for ip in network_model.fixed_ips(): + if ip['version'] != 4: + continue regex = re.compile('-A .* -j ACCEPT -p tcp -m multiport ' - '--dports 80:81 -s %s' % ip) + '--dports 80:81 -s %s' % ip['address']) self.assertTrue(len(filter(regex.match, self.out_rules)) > 0, "TCP port 80/81 acceptance rule wasn't added") diff --git a/nova/tests/test_xenapi.py b/nova/tests/test_xenapi.py index dd8f143e9..f7d3b7903 100644 --- a/nova/tests/test_xenapi.py +++ b/nova/tests/test_xenapi.py @@ -32,6 +32,7 @@ from nova import utils from nova.compute import aggregate_states from nova.compute import instance_types from nova.compute import power_state +from nova.compute import utils as compute_utils from nova import exception from nova.virt import xenapi_conn from nova.virt.xenapi import fake as xenapi_fake @@ -1527,27 +1528,23 @@ class XenAPIDom0IptablesFirewallTestCase(test.TestCase): instance_ref = db.instance_get(admin_ctxt, instance_ref['id']) src_instance_ref = db.instance_get(admin_ctxt, src_instance_ref['id']) - network_info = fake_network.fake_get_instance_nw_info(self.stubs, 1) - - def get_fixed_ips(*args, **kwargs): - ips = [] - for _n, info in network_info: - ips.extend(info['ips']) - return [ip['ip'] for ip in ips] - - def nw_info(*args, **kwargs): - return network_info + network_model = fake_network.fake_get_instance_nw_info(self.stubs, + 1, spectacular=True) fake_network.stub_out_nw_api_get_instance_nw_info(self.stubs, - nw_info) + lambda *a, **kw: network_model) + + network_info = compute_utils.legacy_network_info(network_model) self.fw.prepare_instance_filter(instance_ref, network_info) self.fw.apply_instance_filter(instance_ref, network_info) self._validate_security_group() # Extra test for TCP acceptance rules - for ip in get_fixed_ips(): + for ip in network_model.fixed_ips(): + if ip['version'] != 4: + continue regex = re.compile('-A .* -j ACCEPT -p tcp' - ' --dport 80:81 -s %s' % ip) + ' --dport 80:81 -s %s' % ip['address']) self.assertTrue(len(filter(regex.match, self._out_rules)) > 0, "TCP port 80/81 acceptance rule wasn't added") diff --git a/nova/virt/firewall.py b/nova/virt/firewall.py index 9df036412..3ae12bcb0 100644 --- a/nova/virt/firewall.py +++ b/nova/virt/firewall.py @@ -327,15 +327,16 @@ class IptablesFirewallDriver(FirewallDriver): nw_api = nova.network.API() for instance in rule['grantee_group']['instances']: LOG.info('instance: %r', instance) - ips = [] nw_info = nw_api.get_instance_nw_info(ctxt, instance) - for net in nw_info: - ips.extend(net[1]['ips']) + + ips = [ip['address'] + for ip in nw_info.fixed_ips() + if ip['version'] == version] LOG.info('ips: %r', ips) for ip in ips: - subrule = args + ['-s %s' % ip['ip']] + subrule = args + ['-s %s' % ip] fw_rules += [' '.join(subrule)] LOG.info('Using fw_rules: %r', fw_rules) |