diff options
author | George Paraskevopoulos <geopar@intracom-telecom.com> | 2017-03-15 12:06:39 +0200 |
---|---|---|
committer | George Paraskevopoulos <geopar@intracom-telecom.com> | 2017-03-15 13:58:21 +0200 |
commit | 4585d8fe2a4b40f62b96bdd38dc1a14f32510c93 (patch) | |
tree | d6aa6018b6ddf2b99db285a0d51bc8aea9b5e505 | |
parent | 4b082d08b46941da06630926a117054881a8aa1b (diff) |
Remove security group exists error logs
We copied the create_secgroup_rule function from
functest.openstack_utils and removed the logger.exception("Security
group exists") line.
This is very ugly and we should investigate an upstream fix after D
release.
Change-Id: I1674a77ebc3b3e3132b2b9e1f16a84106b2350eb
Signed-off-by: George Paraskevopoulos <geopar@intracom-telecom.com>
-rw-r--r-- | sfc/lib/utils.py | 64 |
1 files changed, 56 insertions, 8 deletions
diff --git a/sfc/lib/utils.py b/sfc/lib/utils.py index 4b5e91f5..4b72cbe5 100644 --- a/sfc/lib/utils.py +++ b/sfc/lib/utils.py @@ -119,18 +119,66 @@ def setup_neutron(neutron_client, net, subnet, router, subnet_cidr): return n_dict["net_id"] +def create_secgroup_rule(neutron_client, sg_id, direction, protocol, + port_range_min=None, port_range_max=None): + # We create a security group in 2 steps + # 1 - we check the format and set the json body accordingly + # 2 - we call neturon client to create the security group + + # Format check + json_body = {'security_group_rule': {'direction': direction, + 'security_group_id': sg_id, + 'protocol': protocol}} + # parameters may be + # - both None => we do nothing + # - both Not None => we add them to the json description + # but one cannot be None is the other is not None + if (port_range_min is not None and port_range_max is not None): + # add port_range in json description + json_body['security_group_rule']['port_range_min'] = port_range_min + json_body['security_group_rule']['port_range_max'] = port_range_max + logger.debug("Security_group format set (port range included)") + else: + # either both port range are set to None => do nothing + # or one is set but not the other => log it and return False + if port_range_min is None and port_range_max is None: + logger.debug("Security_group format set (no port range mentioned)") + else: + logger.error("Bad security group format." + "One of the port range is not properly set:" + "range min: {}," + "range max: {}".format(port_range_min, + port_range_max)) + return False + + # Create security group using neutron client + try: + neutron_client.create_security_group_rule(json_body) + return True + except: + return False + + def setup_ingress_egress_secgroup(neutron_client, protocol, min_port=None, max_port=None): secgroups = os_utils.get_security_groups(neutron_client) for sg in secgroups: - os_utils.create_secgroup_rule(neutron_client, sg['id'], - 'ingress', protocol, - port_range_min=min_port, - port_range_max=max_port) - os_utils.create_secgroup_rule(neutron_client, sg['id'], - 'egress', protocol, - port_range_min=min_port, - port_range_max=max_port) + # TODO: the version of the create_secgroup_rule function in + # functest swallows the exception thrown when a secgroup rule + # already exists and prints a ton of noise in the test output. + # Instead of making changes in functest code this late in the + # release cycle, we keep our own version without the exception + # logging. We must find a way to properly cleanup sec group + # rules using "functest openstack clean" or pretty printing the + # specific exception in the next release + create_secgroup_rule(neutron_client, sg['id'], + 'ingress', protocol, + port_range_min=min_port, + port_range_max=max_port) + create_secgroup_rule(neutron_client, sg['id'], + 'egress', protocol, + port_range_min=min_port, + port_range_max=max_port) def create_security_groups(neutron_client, secgroup_name, secgroup_descr): |