diff options
author | tomsou <soth@intracom-telecom.com> | 2017-03-28 12:20:37 +0000 |
---|---|---|
committer | tomsou <soth@intracom-telecom.com> | 2017-03-28 12:39:15 +0000 |
commit | 0e26e7dfd4ff41ae7c8389218bca138346864922 (patch) | |
tree | 95a0ee4145749f322e95591eb64f250b10e7a93c /sdnvpn/lib/utils.py | |
parent | 5960fab7230bebbffc439457d5542d086cb3f8af (diff) |
Fix security group rule conflict
-open_icmp_ssh function, that creates security
group rules for icmp and http (here the name of
the function is misleading), is splitted into 2
new functions one for each rule (open_icmp() and
open_http_port()).
Test cases that used the old function have been
updated
-In the original implementation of open_icmp_ssh()
and open_bgp_port(), the direction parameter was
missing. This was leading to an error message
-A check for the existence of security group rule
has been added and used before the creation of each
security group rule. If a rule already exists,
an info message is printed and the testcase
continues
This change is strongly dependent on https://gerrit.opnfv.org/gerrit/#/c/31925
of Functest repo. NOT TO BE MERGED before
JIRA: SDNVPN-103
Change-Id: Icb96954556f6d7294cf3454f045dbca4b9be672d
Signed-off-by: tomsou <soth@intracom-telecom.com>
Diffstat (limited to 'sdnvpn/lib/utils.py')
-rw-r--r-- | sdnvpn/lib/utils.py | 61 |
1 files changed, 48 insertions, 13 deletions
diff --git a/sdnvpn/lib/utils.py b/sdnvpn/lib/utils.py index 90fce4a..eb59446 100644 --- a/sdnvpn/lib/utils.py +++ b/sdnvpn/lib/utils.py @@ -343,22 +343,57 @@ def assert_and_get_compute_nodes(nova_client, required_node_number=2): return compute_nodes -def open_icmp_ssh(neutron_client, security_group_id): - os_utils.create_secgroup_rule(neutron_client, - security_group_id, - 'ingress', - 'icmp') - os_utils.create_secgroup_rule(neutron_client, - security_group_id, - 'tcp', - 80, 80) +def open_icmp(neutron_client, security_group_id): + if os_utils.check_security_group_rules(neutron_client, + security_group_id, + 'ingress', + 'icmp'): + + if not os_utils.create_secgroup_rule(neutron_client, + security_group_id, + 'ingress', + 'icmp'): + logger.error("Failed to create icmp security group rule...") + else: + logger.info("This rule exists for security group: %s" + % security_group_id) + + +def open_http_port(neutron_client, security_group_id): + if os_utils.check_security_group_rules(neutron_client, + security_group_id, + 'ingress', + 'tcp', + 80, 80): + + if not os_utils.create_secgroup_rule(neutron_client, + security_group_id, + 'ingress', + 'tcp', + 80, 80): + + logger.error("Failed to create http security group rule...") + else: + logger.info("This rule exists for security group: %s" + % security_group_id) def open_bgp_port(neutron_client, security_group_id): - os_utils.create_secgroup_rule(neutron_client, - security_group_id, - 'tcp', - 179, 179) + if os_utils.check_security_group_rules(neutron_client, + security_group_id, + 'ingress', + 'tcp', + 179, 179): + + if not os_utils.create_secgroup_rule(neutron_client, + security_group_id, + 'ingress', + 'tcp', + 179, 179): + logger.error("Failed to create bgp security group rule...") + else: + logger.info("This rule exists for security group: %s" + % security_group_id) def exec_cmd(cmd, verbose): |