From be88521949fd488dd0a3b1eff214f82511f2a6d5 Mon Sep 17 00:00:00 2001 From: spisarski Date: Thu, 3 Aug 2017 09:14:20 -0600 Subject: Delete 'default' security group associated to new projects. OpenStack can create a security group named 'default' each time a new project/tenant has been created but is not cleaned up when the project has been deleted. This patch adds this functionality into OpenStackProject#clean() method. Also added similar routine to KeystoneUtilsTests#tearDown() method. JIRA: SNAPS-169 Change-Id: I29492ae2ddd82e7d59d09b9c4eb759be4835532a Signed-off-by: spisarski --- snaps/openstack/create_project.py | 15 ++++++++++++++- snaps/openstack/utils/neutron_utils.py | 7 +++++-- snaps/openstack/utils/tests/keystone_utils_tests.py | 15 +++++++++++++-- 3 files changed, 32 insertions(+), 5 deletions(-) diff --git a/snaps/openstack/create_project.py b/snaps/openstack/create_project.py index bc80789..6b06db4 100644 --- a/snaps/openstack/create_project.py +++ b/snaps/openstack/create_project.py @@ -15,7 +15,7 @@ import logging from keystoneclient.exceptions import NotFound -from snaps.openstack.utils import keystone_utils +from snaps.openstack.utils import keystone_utils, neutron_utils __author__ = 'spisarski' @@ -66,6 +66,19 @@ class OpenStackProject: :return: void """ if self.__project: + # Delete security group 'default' if exists + neutron = neutron_utils.neutron_client(self.__os_creds) + default_sec_grp = neutron_utils.get_security_group( + neutron, 'default', + tenant_id=self.__project.id) + if default_sec_grp: + try: + neutron_utils.delete_security_group( + neutron, default_sec_grp) + except: + pass + + # Delete Project try: keystone_utils.delete_project(self.__keystone, self.__project) except NotFound: diff --git a/snaps/openstack/utils/neutron_utils.py b/snaps/openstack/utils/neutron_utils.py index 061bc56..2de3586 100644 --- a/snaps/openstack/utils/neutron_utils.py +++ b/snaps/openstack/utils/neutron_utils.py @@ -347,7 +347,7 @@ def delete_security_group(neutron, sec_grp): neutron.delete_security_group(sec_grp.id) -def get_security_group(neutron, name): +def get_security_group(neutron, name, tenant_id=None): """ Returns the first security group object of the given name else None :param neutron: the client @@ -356,7 +356,10 @@ def get_security_group(neutron, name): """ logger.info('Retrieving security group with name - ' + name) - groups = neutron.list_security_groups(**{'name': name}) + filter = {'name': name} + if tenant_id: + filter['tenant_id'] = tenant_id + groups = neutron.list_security_groups(**filter) for group in groups['security_groups']: if group['name'] == name: return SecurityGroup(**group) diff --git a/snaps/openstack/utils/tests/keystone_utils_tests.py b/snaps/openstack/utils/tests/keystone_utils_tests.py index a46cbd1..29cd8af 100644 --- a/snaps/openstack/utils/tests/keystone_utils_tests.py +++ b/snaps/openstack/utils/tests/keystone_utils_tests.py @@ -17,7 +17,7 @@ import uuid from snaps.openstack.create_project import ProjectSettings from snaps.openstack.create_user import UserSettings from snaps.openstack.tests.os_source_file_test import OSComponentTestCase -from snaps.openstack.utils import keystone_utils +from snaps.openstack.utils import keystone_utils, neutron_utils __author__ = 'spisarski' @@ -73,7 +73,18 @@ class KeystoneUtilsTests(OSComponentTestCase): Cleans the remote OpenStack objects """ if self.project: - keystone_utils.delete_project(self.keystone, self.project) + neutron = neutron_utils.neutron_client(self.os_creds) + default_sec_grp = neutron_utils.get_security_group( + neutron, 'default', + tenant_id=self.project.id) + if default_sec_grp: + try: + neutron_utils.delete_security_group( + neutron, default_sec_grp) + except: + pass + + keystone_utils.delete_project(self.keystone, self.project) if self.user: keystone_utils.delete_user(self.keystone, self.user) -- cgit 1.2.3-korg