Fixes: IPv6- allow all egress IPv6 rule should be added for newly cre…

…ated SG by default Create default IPv6 rule in a security group as in a IPv4 rule. Change-Id: Ic400a32458c93f0e79f30411e6bd9725094c3dc8 Closes-Bug: 1540772
Juniper · Apr 29, 2016 · 3e58118 · 3e58118
1 parent 03df02f
commit 3e58118
Showing 1 changed file with 25 additions and 10 deletions.
diff --git a/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py b/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py
@@ -3800,6 +3800,23 @@ def port_count(self, filters=None):
         return nports
     #end port_count
 
+    def populate_default_rule(self, ethertype = 'IPv4'):
+        def_rule = {}
+        def_rule['port_range_min'] = 0
+        def_rule['port_range_max'] = 65535
+        def_rule['direction'] = 'egress'
+        def_rule['remote_group_id'] = None
+        def_rule['protocol'] = 'any'
+
+        if ethertype == 'IPv4':
+            def_rule['ethertype'] = 'IPv4'
+            def_rule['remote_ip_prefix'] = '0.0.0.0/0'
+        else:
+            def_rule['ethertype'] = 'IPv6'
+            def_rule['remote_ip_prefix'] = '::/0'
+
+        return def_rule
+
     # security group api handlers
     @wait_for_api_server_connection
     def security_group_create(self, sg_q):
@@ -3812,15 +3829,13 @@ def security_group_create(self, sg_q):
 
         sg_uuid = self._resource_create('security_group', sg_obj)
 
-        #allow all egress traffic
-        def_rule = {}
-        def_rule['port_range_min'] = 0
-        def_rule['port_range_max'] = 65535
-        def_rule['direction'] = 'egress'
-        def_rule['remote_ip_prefix'] = '0.0.0.0/0'
-        def_rule['remote_group_id'] = None
-        def_rule['protocol'] = 'any'
-        def_rule['ethertype'] = 'IPv4'
+        #allow all IPv4 egress traffic
+        def_rule = self.populate_default_rule('IPv4')
+        rule = self._security_group_rule_neutron_to_vnc(def_rule, CREATE)
+        self._security_group_rule_create(sg_uuid, rule)
+
+        #allow all IPv6 egress traffic
+        def_rule = self.populate_default_rule('IPv6')
         rule = self._security_group_rule_neutron_to_vnc(def_rule, CREATE)
         self._security_group_rule_create(sg_uuid, rule)
 
@@ -4045,7 +4060,7 @@ def route_table_create(self, rt_q):
                 resource='route_table', msg=str(e))
         ret_rt_q = self._route_table_vnc_to_neutron(rt_obj)
         return ret_rt_q
-    #end security_group_create
+    #end route_table_create
 
     @wait_for_api_server_connection
     def route_table_read(self, rt_id):