x/vmware-nsx
Code Issues Proposed changes

NSX|V: Configurable backend security group name

Browse Source 
Adding a configuration for the format of the NSX security group
created by openstack.
The parameter is nsx_sg_name_format under the nsxv section, and
the default format is '%(name)s (%(id)s)' (as it was before)

Change-Id: I2081bdd3ca18ee62c178ae83baf5ed2cc87bc1da
This commit is contained in:
Adit Sarfaty 2019-09-22 11:52:49 +03:00
parent fe04b5b770
commit 5e3e798938
3 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
vmware_nsx/common/config.py
View File

@ -836,6 +836,10 @@ nsxv_opts = [
default=False, default=False,
help=_("Allow associating multiple IPs to VMs " help=_("Allow associating multiple IPs to VMs "
"without spoofguard limitations")), "without spoofguard limitations")),
cfg.StrOpt('nsx_sg_name_format',
default='%(name)s (%(id)s)',
help=_("(Optional) Format for the NSX name of an openstack "
"security group")),
] ]
# define the configuration of each NSX-V availability zone. # define the configuration of each NSX-V availability zone.

7
vmware_nsx/plugins/nsx_v/vshield/securitygroup_utils.py
View File

@ -15,6 +15,7 @@
import xml.etree.ElementTree as et import xml.etree.ElementTree as et
from oslo_config import cfg
from oslo_log import log as logging from oslo_log import log as logging
from vmware_nsx.common import utils from vmware_nsx.common import utils
@ -154,6 +155,12 @@ class NsxSecurityGroupUtils(object):
return et.fromstring(xml_string) return et.fromstring(xml_string)
def get_nsx_sg_name(self, sg_data): def get_nsx_sg_name(self, sg_data):
try:
return cfg.CONF.nsxv.nsx_sg_name_format % sg_data
except Exception as e:
# Illegal format:
LOG.error("get_nsx_sg_name failed due to invalid format %s: %s",
cfg.CONF.nsxv.nsx_sg_name_format, e)
return '%(name)s (%(id)s)' % sg_data return '%(name)s (%(id)s)' % sg_data
def get_nsx_section_name(self, sg_data): def get_nsx_section_name(self, sg_data):

30
vmware_nsx/tests/unit/nsx_v/test_plugin.py
View File

@ -15,6 +15,7 @@
import contextlib import contextlib
import copy import copy
import re
import decorator import decorator
@ -4103,6 +4104,35 @@ class NsxVTestSecurityGroup(ext_sg.TestSecurityGroups,
sg = self._plugin_update_security_group(_context, sg['id'], True) sg = self._plugin_update_security_group(_context, sg['id'], True)
self.assertTrue(sg['logging']) self.assertTrue(sg['logging'])
def _create_default_sg(self, ctx):
self.plugin._ensure_default_security_group(ctx, 'tenant_id')
def test_create_security_group_default_nsx_name(self):
_context = context.get_admin_context()
self._create_default_sg(_context)
with mock.patch.object(self.plugin.nsx_v.vcns,
'create_security_group',
return_value=({}, '3')) as nsxv_create:
self._plugin_create_security_group(_context)
created_sg = nsxv_create.call_args[0]
created_name = created_sg[0]['securitygroup']['name']
self.assertTrue(re.match(r'SG \(.*\)', created_name))
def test_create_security_group_non_default_nsx_name(self):
# Use non default nsx name format
cfg.CONF.set_override('nsx_sg_name_format', '%(name)s [%(id)s]',
group="nsxv")
_context = context.get_admin_context()
self._create_default_sg(_context)
with mock.patch.object(self.plugin.nsx_v.vcns,
'create_security_group',
return_value=({}, '3')) as nsxv_create:
self._plugin_create_security_group(_context)
created_sg = nsxv_create.call_args[0]
created_name = created_sg[0]['securitygroup']['name']
self.assertTrue(re.match(r'SG \[.*\]', created_name))
def test_create_security_group_rule_bulk(self): def test_create_security_group_rule_bulk(self):
"""Verify that bulk rule create updates the backend section once""" """Verify that bulk rule create updates the backend section once"""
fake_update_sect = self.fc2.update_section fake_update_sect = self.fc2.update_section