diff options
-rw-r--r-- | sfc/lib/utils.py | 64 |
1 files changed, 56 insertions, 8 deletions
diff --git a/sfc/lib/utils.py b/sfc/lib/utils.py index 26789868..8623f859 100644 --- a/sfc/lib/utils.py +++ b/sfc/lib/utils.py @@ -119,18 +119,66 @@ def setup_neutron(neutron_client, net, subnet, router, subnet_cidr): return n_dict["net_id"] +def create_secgroup_rule(neutron_client, sg_id, direction, protocol, + port_range_min=None, port_range_max=None): + # We create a security group in 2 steps + # 1 - we check the format and set the json body accordingly + # 2 - we call neturon client to create the security group + + # Format check + json_body = {'security_group_rule': {'direction': direction, + 'security_group_id': sg_id, + 'protocol': protocol}} + # parameters may be + # - both None => we do nothing + # - both Not None => we add them to the json description + # but one cannot be None is the other is not None + if (port_range_min is not None and port_range_max is not None): + # add port_range in json description + json_body['security_group_rule']['port_range_min'] = port_range_min + json_body['security_group_rule']['port_range_max'] = port_range_max + logger.debug("Security_group format set (port range included)") + else: + # either both port range are set to None => do nothing + # or one is set but not the other => log it and return False + if port_range_min is None and port_range_max is None: + logger.debug("Security_group format set (no port range mentioned)") + else: + logger.error("Bad security group format." + "One of the port range is not properly set:" + "range min: {}," + "range max: {}".format(port_range_min, + port_range_max)) + return False + + # Create security group using neutron client + try: + neutron_client.create_security_group_rule(json_body) + return True + except: + return False + + def setup_ingress_egress_secgroup(neutron_client, protocol, min_port=None, max_port=None): secgroups = os_utils.get_security_groups(neutron_client) for sg in secgroups: - os_utils.create_secgroup_rule(neutron_client, sg['id'], - 'ingress', protocol, - port_range_min=min_port, - port_range_max=max_port) - os_utils.create_secgroup_rule(neutron_client, sg['id'], - 'egress', protocol, - port_range_min=min_port, - port_range_max=max_port) + # TODO: the version of the create_secgroup_rule function in + # functest swallows the exception thrown when a secgroup rule + # already exists and prints a ton of noise in the test output. + # Instead of making changes in functest code this late in the + # release cycle, we keep our own version without the exception + # logging. We must find a way to properly cleanup sec group + # rules using "functest openstack clean" or pretty printing the + # specific exception in the next release + create_secgroup_rule(neutron_client, sg['id'], + 'ingress', protocol, + port_range_min=min_port, + port_range_max=max_port) + create_secgroup_rule(neutron_client, sg['id'], + 'egress', protocol, + port_range_min=min_port, + port_range_max=max_port) def create_security_groups(neutron_client, secgroup_name, secgroup_descr): |