From 775e3b02b2afbf101db22b87a1c3b189d68532e1 Mon Sep 17 00:00:00 2001 From: Kieran Spear Date: Mon, 18 Mar 2013 17:32:26 +1100 Subject: Pass project id in quantum driver secgroup list The quantum driver is always returning security groups from every tenant a user has access to, even when the "project" filter is supplied. Make sure we pass along the project value when we call quantum.list_security_groups() so it's properly filtered. Fixes bug 1155381. Change-Id: I682c66a1f3f9db18b5f9924a37b45c759ff259f7 --- nova/network/security_group/quantum_driver.py | 2 + nova/tests/network/security_group/__init__.py | 0 .../network/security_group/test_quantum_driver.py | 47 ++++++++++++++++++++++ 3 files changed, 49 insertions(+) create mode 100644 nova/tests/network/security_group/__init__.py create mode 100644 nova/tests/network/security_group/test_quantum_driver.py diff --git a/nova/network/security_group/quantum_driver.py b/nova/network/security_group/quantum_driver.py index e6f88e20c..1942d06ef 100644 --- a/nova/network/security_group/quantum_driver.py +++ b/nova/network/security_group/quantum_driver.py @@ -122,6 +122,8 @@ class SecurityGroupAPI(security_group_base.SecurityGroupBase): search_opts['name'] = names if ids: search_opts['id'] = ids + if project: + search_opts['tenant_id'] = project try: security_groups = quantum.list_security_groups(**search_opts).get( 'security_groups') diff --git a/nova/tests/network/security_group/__init__.py b/nova/tests/network/security_group/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/nova/tests/network/security_group/test_quantum_driver.py b/nova/tests/network/security_group/test_quantum_driver.py new file mode 100644 index 000000000..64170fe2c --- /dev/null +++ b/nova/tests/network/security_group/test_quantum_driver.py @@ -0,0 +1,47 @@ +# Copyright 2013 OpenStack Foundation +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +import mox +from quantumclient.v2_0 import client + +from nova import context +from nova.network import quantumv2 +from nova.network.security_group import quantum_driver +from nova import test + + +class TestQuantumDriver(test.TestCase): + def setUp(self): + super(TestQuantumDriver, self).setUp() + self.mox.StubOutWithMock(quantumv2, 'get_client') + self.moxed_client = self.mox.CreateMock(client.Client) + quantumv2.get_client(mox.IgnoreArg()).MultipleTimes().AndReturn( + self.moxed_client) + self.context = context.RequestContext('userid', 'my_tenantid') + setattr(self.context, + 'auth_token', + 'bff4a5a6b9eb4ea2a6efec6eefb77936') + + def test_list_with_project(self): + project_id = '0af70a4d22cf4652824ddc1f2435dd85' + security_groups_list = {'security_groups': []} + self.moxed_client.list_security_groups(tenant_id=project_id).AndReturn( + security_groups_list) + self.mox.ReplayAll() + + sg_api = quantum_driver.SecurityGroupAPI() + sg_api.list(self.context, project=project_id) -- cgit