NSX|V: Configurable backend security group name
Adding a configuration for the format of the NSX security group created by openstack. The parameter is nsx_sg_name_format under the nsxv section, and the default format is '%(name)s (%(id)s)' (as it was before) Change-Id: I2081bdd3ca18ee62c178ae83baf5ed2cc87bc1da
This commit is contained in:
parent
fe04b5b770
commit
5e3e798938
@ -836,6 +836,10 @@ nsxv_opts = [
|
||||
default=False,
|
||||
help=_("Allow associating multiple IPs to VMs "
|
||||
"without spoofguard limitations")),
|
||||
cfg.StrOpt('nsx_sg_name_format',
|
||||
default='%(name)s (%(id)s)',
|
||||
help=_("(Optional) Format for the NSX name of an openstack "
|
||||
"security group")),
|
||||
]
|
||||
|
||||
# define the configuration of each NSX-V availability zone.
|
||||
|
@ -15,6 +15,7 @@
|
||||
|
||||
import xml.etree.ElementTree as et
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
|
||||
from vmware_nsx.common import utils
|
||||
@ -154,6 +155,12 @@ class NsxSecurityGroupUtils(object):
|
||||
return et.fromstring(xml_string)
|
||||
|
||||
def get_nsx_sg_name(self, sg_data):
|
||||
try:
|
||||
return cfg.CONF.nsxv.nsx_sg_name_format % sg_data
|
||||
except Exception as e:
|
||||
# Illegal format:
|
||||
LOG.error("get_nsx_sg_name failed due to invalid format %s: %s",
|
||||
cfg.CONF.nsxv.nsx_sg_name_format, e)
|
||||
return '%(name)s (%(id)s)' % sg_data
|
||||
|
||||
def get_nsx_section_name(self, sg_data):
|
||||
|
@ -15,6 +15,7 @@
|
||||
|
||||
import contextlib
|
||||
import copy
|
||||
import re
|
||||
|
||||
import decorator
|
||||
|
||||
@ -4103,6 +4104,35 @@ class NsxVTestSecurityGroup(ext_sg.TestSecurityGroups,
|
||||
sg = self._plugin_update_security_group(_context, sg['id'], True)
|
||||
self.assertTrue(sg['logging'])
|
||||
|
||||
def _create_default_sg(self, ctx):
|
||||
self.plugin._ensure_default_security_group(ctx, 'tenant_id')
|
||||
|
||||
def test_create_security_group_default_nsx_name(self):
|
||||
_context = context.get_admin_context()
|
||||
self._create_default_sg(_context)
|
||||
with mock.patch.object(self.plugin.nsx_v.vcns,
|
||||
'create_security_group',
|
||||
return_value=({}, '3')) as nsxv_create:
|
||||
self._plugin_create_security_group(_context)
|
||||
created_sg = nsxv_create.call_args[0]
|
||||
created_name = created_sg[0]['securitygroup']['name']
|
||||
self.assertTrue(re.match(r'SG \(.*\)', created_name))
|
||||
|
||||
def test_create_security_group_non_default_nsx_name(self):
|
||||
# Use non default nsx name format
|
||||
cfg.CONF.set_override('nsx_sg_name_format', '%(name)s [%(id)s]',
|
||||
group="nsxv")
|
||||
|
||||
_context = context.get_admin_context()
|
||||
self._create_default_sg(_context)
|
||||
with mock.patch.object(self.plugin.nsx_v.vcns,
|
||||
'create_security_group',
|
||||
return_value=({}, '3')) as nsxv_create:
|
||||
self._plugin_create_security_group(_context)
|
||||
created_sg = nsxv_create.call_args[0]
|
||||
created_name = created_sg[0]['securitygroup']['name']
|
||||
self.assertTrue(re.match(r'SG \[.*\]', created_name))
|
||||
|
||||
def test_create_security_group_rule_bulk(self):
|
||||
"""Verify that bulk rule create updates the backend section once"""
|
||||
fake_update_sect = self.fc2.update_section
|
||||
|
Loading…
Reference in New Issue
Block a user