Merge "Minor changes to neutron security groups code"

2016-11-24 13:15:57 +00:00 · 2016-11-24 13:15:57 +00:00 · 50726dbcb0
commit 50726dbcb0
parent b42da0b0d8 49e65b968b
2 changed files with 32 additions and 7 deletions
--- a/ironic/common/neutron.py
+++ b/ironic/common/neutron.py
@ -69,13 +69,21 @@ def get_client(token=None):


 def _verify_security_groups(security_groups, client):
+    """Verify that the security groups exist.
+
+    :param security_groups: a list of security group UUIDs; may be None or
+        empty
+    :param client: Neutron client
+    :raises: NetworkError
+    """
+
    if not security_groups:
        return
    try:
        neutron_sec_groups = (
-            client.list_security_groups().get('security_groups') or [])
+            client.list_security_groups().get('security_groups', []))
    except neutron_exceptions.NeutronClientException as e:
-        msg = (_("Could not retrieve neutron security groups %(exc)s") %
+        msg = (_("Could not retrieve security groups from neutron: %(exc)s") %
               {'exc': e})
        LOG.exception(msg)
        raise exception.NetworkError(msg)
@ -83,10 +91,10 @@ def _verify_security_groups(security_groups, client):
    existing_sec_groups = [sec_group['id'] for sec_group in neutron_sec_groups]
    missing_sec_groups = set(security_groups) - set(existing_sec_groups)
    if missing_sec_groups:
-        msg = (_('Security Groups specified in Ironic config '
-                 '%(ir-sg)s are not found') %
-               {'ir-sg': list(missing_sec_groups)})
-        LOG.exception(msg)
+        msg = (_('Could not find these security groups (specified via ironic '
+                 'config) in neutron: %(ir-sg)s')
+               % {'ir-sg': list(missing_sec_groups)})
+        LOG.error(msg)
        raise exception.NetworkError(msg)


--- a/ironic/tests/unit/common/test_neutron.py
+++ b/ironic/tests/unit/common/test_neutron.py
@ -208,6 +208,7 @@ class TestNeutronNetworkActions(db_base.DbTestCase):

        self.assertIsNone(
            neutron._verify_security_groups(sg_ids, client))
+        client.list_security_groups.assert_called_once_with()

    def test_verify_sec_groups_less_than_configured(self):
        sg_ids = []
@ -223,6 +224,7 @@ class TestNeutronNetworkActions(db_base.DbTestCase):

        self.assertIsNone(
            neutron._verify_security_groups(sg_ids[:1], client))
+        client.list_security_groups.assert_called_once_with()

    def test_verify_sec_groups_more_than_configured(self):
        sg_ids = []
@ -236,6 +238,20 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
        self.assertRaises(
            exception.NetworkError,
            neutron._verify_security_groups, sg_ids, client)
+        client.list_security_groups.assert_called_once_with()
+
+    def test_verify_sec_groups_no_sg_from_neutron(self):
+        sg_ids = []
+        for i in range(1):
+            sg_ids.append(uuidutils.generate_uuid())
+
+        client = mock.MagicMock()
+        client.list_security_groups.return_value = {}
+
+        self.assertRaises(
+            exception.NetworkError,
+            neutron._verify_security_groups, sg_ids, client)
+        client.list_security_groups.assert_called_once_with()

    def test_verify_sec_groups_exception_by_neutronclient(self):
        sg_ids = []
@ -248,8 +264,9 @@ class TestNeutronNetworkActions(db_base.DbTestCase):

        self.assertRaisesRegex(
            exception.NetworkError,
-            "Could not retrieve neutron security groups",
+            "Could not retrieve security groups",
            neutron._verify_security_groups, sg_ids, client)
+        client.list_security_groups.assert_called_once_with()

    def test_add_ports_with_client_id_to_vlan_network(self):
        self._test_add_ports_to_vlan_network(is_client_id=True)