From f92b685ae8dd1d40f041f9c75753f9115000e344 Mon Sep 17 00:00:00 2001 From: Numan Siddique Date: Tue, 25 Aug 2015 15:55:44 +0530 Subject: [PATCH] Fix few issues related to SG and SG rules. 1. Use obj_uuids to filter SGs instead of prune phase. security-group-rule-list was applying the 'id' filter for the sg instead of sg rule. This patch also fixes this bug. (partially cherry picked from I9ce41d519795ded195e4773d84dbd09b5cf40541 of vnc_openstack) 2. Avoid trace when listing SG with non-existing tenant_id (cherry-picked from I5521c7630036ed28f6c87ed542204800086e50bc of vnc_openstack) Change-Id: I493bd2a9e3820318747e5c4f351181d2b7e41047 Partial-Bug: #1480901 --- .../opencontrail/vnc_client/sg_res_handler.py | 26 +++++++++++-------- .../vnc_client/sgrule_res_handler.py | 14 +++++++--- 2 files changed, 25 insertions(+), 15 deletions(-) diff --git a/neutron_plugin_contrail/plugins/opencontrail/vnc_client/sg_res_handler.py b/neutron_plugin_contrail/plugins/opencontrail/vnc_client/sg_res_handler.py index 1ec7b82..060f721 100644 --- a/neutron_plugin_contrail/plugins/opencontrail/vnc_client/sg_res_handler.py +++ b/neutron_plugin_contrail/plugins/opencontrail/vnc_client/sg_res_handler.py @@ -150,19 +150,23 @@ def resource_get(self, context, sg_id, fields=None): return self._security_group_vnc_to_neutron( sg_obj, contrail_extensions_enabled, fields=fields) - def resource_list_by_project(self, project_id): + def resource_list_by_project(self, project_id, filters=None): if project_id: try: project_uuid = self._project_id_neutron_to_vnc(project_id) # Trigger a project read to ensure project sync self._project_read(proj_id=project_uuid) - except Exception: - raise + except vnc_exc.NoIdError: + return [] else: project_uuid = None + obj_uuids=None + if filters and 'id' in filters: + obj_uuids = filters['id'] + sg_objs = self._resource_list(parent_id=project_uuid, - detail=True) + detail=True, obj_uuids=obj_uuids) return sg_objs def resource_list(self, context, filters=None, fields=None): @@ -176,17 +180,20 @@ def resource_list(self, context, filters=None, fields=None): all_sgs = [] # all sgs in all projects if context and not context['is_admin']: project_sgs = self.resource_list_by_project( - self._project_id_neutron_to_vnc(context['tenant'])) + self._project_id_neutron_to_vnc(context['tenant']), + filters=filters) all_sgs.append(project_sgs) else: # admin context if filters and 'tenant_id' in filters: project_ids = self._validate_project_ids( context, filters['tenant_id']) for p_id in project_ids: - project_sgs = self.resource_list_by_project(p_id) + project_sgs = self.resource_list_by_project(p_id, + filters=filters) all_sgs.append(project_sgs) - else: # no filters - all_sgs.append(self.resource_list_by_project(None)) + else: # no tenant id filter + all_sgs.append(self.resource_list_by_project(None, + filters=filters)) # prune phase no_rule = res_handler.SGHandler( @@ -195,9 +202,6 @@ def resource_list(self, context, filters=None, fields=None): for sg_obj in project_sgs: if no_rule and sg_obj.uuid == no_rule.uuid: continue - if not self._filters_is_present( - filters, 'id', sg_obj.uuid): - continue if not self._filters_is_present( filters, 'name', sg_obj.get_display_name() or sg_obj.name): diff --git a/neutron_plugin_contrail/plugins/opencontrail/vnc_client/sgrule_res_handler.py b/neutron_plugin_contrail/plugins/opencontrail/vnc_client/sgrule_res_handler.py index 7a400f0..29d8fb7 100644 --- a/neutron_plugin_contrail/plugins/opencontrail/vnc_client/sgrule_res_handler.py +++ b/neutron_plugin_contrail/plugins/opencontrail/vnc_client/sgrule_res_handler.py @@ -140,13 +140,20 @@ def resource_get(self, context, sgr_id, fields=None): self._raise_contrail_exception('SecurityGroupRuleNotFound', id=sgr_id, resource='security_group_rule') - def security_group_rules_read(self, sg_obj, fields=None): + def security_group_rules_read(self, sg_obj, fields=None, filters=None): sgr_entries = sg_obj.get_security_group_entries() sg_rules = [] if sgr_entries is None: return + if filters: + filter_ids = [id for id in filters.get('id', []) if filters] + else: + filter_ids = None for sg_rule in sgr_entries.get_policy_rule(): + if filter_ids and sg_rule.get_rule_uuid() not in filter_ids: + continue + sg_info = self._security_group_rule_vnc_to_neutron(sg_obj.uuid, sg_rule, sg_obj, @@ -182,10 +189,9 @@ def resource_list(self, context, filters=None, fields=None): for project_sgs in all_sgs: for sg_obj in project_sgs: # TODO() implement same for name specified in filter - if not self._filters_is_present(filters, 'id', sg_obj.uuid): - continue sgr_info = self.security_group_rules_read(sg_obj, - fields=fields) + fields=fields, + filters=filters) if sgr_info: ret_list.extend(sgr_info)