diff options
| author | Eldar Nugaev <enugaev@griddynamics.com> | 2011-05-17 16:28:44 +0000 |
|---|---|---|
| committer | Tarmac <> | 2011-05-17 16:28:44 +0000 |
| commit | d159c3d670beb5208542e73445b7c6a3f86d3b53 (patch) | |
| tree | f8f55bf07e5f94df9888b23b7e6e2e3ee37ac1bd | |
| parent | 0ac734f1387510042527c047feca5fa16a0beb3a (diff) | |
| parent | ad3f578a37001957361014c7400dbe2e8ddd0baf (diff) | |
| download | nova-d159c3d670beb5208542e73445b7c6a3f86d3b53.tar.gz nova-d159c3d670beb5208542e73445b7c6a3f86d3b53.tar.xz nova-d159c3d670beb5208542e73445b7c6a3f86d3b53.zip | |
Added network_info into refresh_security_group_rules
That fixs https://bugs.launchpad.net/nova/+bug/773308
| -rw-r--r-- | nova/tests/test_virt.py | 12 | ||||
| -rw-r--r-- | nova/virt/libvirt_conn.py | 20 |
2 files changed, 25 insertions, 7 deletions
diff --git a/nova/tests/test_virt.py b/nova/tests/test_virt.py index d743f94f7..1bec9caca 100644 --- a/nova/tests/test_virt.py +++ b/nova/tests/test_virt.py @@ -849,7 +849,7 @@ class IptablesFirewallTestCase(test.TestCase): self.assertEquals(len(rulesv4), 2) self.assertEquals(len(rulesv6), 0) - def multinic_iptables_test(self): + def test_multinic_iptables(self): ipv4_rules_per_network = 2 ipv6_rules_per_network = 3 networks_count = 5 @@ -869,6 +869,16 @@ class IptablesFirewallTestCase(test.TestCase): self.assertEquals(ipv6_network_rules, ipv6_rules_per_network * networks_count) + def test_do_refresh_security_group_rules(self): + instance_ref = self._create_instance_ref() + self.mox.StubOutWithMock(self.fw, + 'add_filters_for_instance', + use_mock_anything=True) + self.fw.add_filters_for_instance(instance_ref, mox.IgnoreArg()) + self.fw.instances[instance_ref['id']] = instance_ref + self.mox.ReplayAll() + self.fw.do_refresh_security_group_rules("fake") + class NWFilterTestCase(test.TestCase): def setUp(self): diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py index 6ee23d1df..fa918b0a3 100644 --- a/nova/virt/libvirt_conn.py +++ b/nova/virt/libvirt_conn.py @@ -1614,7 +1614,9 @@ class FirewallDriver(object): """ raise NotImplementedError() - def refresh_security_group_rules(self, security_group_id): + def refresh_security_group_rules(self, + security_group_id, + network_info=None): """Refresh security group rules from data store Gets called when a rule has been added to or removed from @@ -1913,7 +1915,9 @@ class NWFilterFirewall(FirewallDriver): self._define_filter(self._filter_container(filter_name, filter_children)) - def refresh_security_group_rules(self, security_group_id): + def refresh_security_group_rules(self, + security_group_id, + network_info=None): return self._define_filter( self.security_group_to_nwfilter_xml(security_group_id)) @@ -2171,15 +2175,19 @@ class IptablesFirewallDriver(FirewallDriver): def refresh_security_group_members(self, security_group): pass - def refresh_security_group_rules(self, security_group): - self.do_refresh_security_group_rules(security_group) + def refresh_security_group_rules(self, security_group, network_info=None): + self.do_refresh_security_group_rules(security_group, network_info) self.iptables.apply() @utils.synchronized('iptables', external=True) - def do_refresh_security_group_rules(self, security_group): + def do_refresh_security_group_rules(self, + security_group, + network_info=None): for instance in self.instances.values(): self.remove_filters_for_instance(instance) - self.add_filters_for_instance(instance) + if not network_info: + network_info = _get_network_info(instance) + self.add_filters_for_instance(instance, network_info) def _security_group_chain_name(self, security_group_id): return 'nova-sg-%s' % (security_group_id,) |