Set security_groups when create internal ports for nova server

Make sure nova server be created in correct security groups if user specified subnet and security_groups when create/update server. Closes-Bug: #1571975 (cherry picked from commit 66b6490705affa7e11b4fce43f8f1face9e8767b) Conflicts: heat/engine/resources/openstack/nova/server_network_mixin.py heat/tests/nova/test_server.py heat_integrationtests/functional/test_nova_server_networks.py Change-Id: Ic93cad4def90f3da25390d871d6a8c14ffe1c5ae
author: huangtianhua <huangtianhua@huawei.com> 2016-05-09 19:01:23 +0800
committer: huangtianhua <huangtianhua@huawei.com> 2016-05-18 10:10:13 +0000
commit: c775afcd3d23d9ebe1172246f71a577a83aed387 (patch)
tree: 33bcef52cbc0b20eeaf094a81b1fd228432c140b /heat/engine
parent: 93c5a3a68a0c0da6c703f72940db7516fb34d619 (diff)
download: heat-c775afcd3d23d9ebe1172246f71a577a83aed387.tar.gz
2 files changed, 19 insertions, 8 deletions
diff --git a/heat/engine/resources/openstack/nova/server.py b/heat/engine/resources/openstack/nova/server.py
index cf63d2dce..9cfd5af27 100644
--- a/heat/engine/resources/openstack/nova/server.py
+++ b/heat/engine/resources/openstack/nova/server.py
@@ -750,7 +750,8 @@ class Server(stack_user.StackUser, sh.SchedulerHintsMixin,
         scheduler_hints = self._scheduler_hints(
             self.properties[self.SCHEDULER_HINTS])
 
-        nics = self._build_nics(self.properties[self.NETWORKS])
+        nics = self._build_nics(self.properties[self.NETWORKS],
+                                security_groups=security_groups)
         block_device_mapping = self._build_block_device_mapping(
             self.properties[self.BLOCK_DEVICE_MAPPING])
         block_device_mapping_v2 = self._build_block_device_mapping_v2(
@@ -1011,12 +1012,13 @@ class Server(stack_user.StackUser, sh.SchedulerHintsMixin,
         updaters = []
         new_networks = prop_diff.get(self.NETWORKS)
         old_networks = self.properties[self.NETWORKS]
+        security_groups = self.properties[self.SECURITY_GROUPS]
 
         if not server:
             server = self.client().servers.get(self.resource_id)
         interfaces = server.interface_list()
         remove_ports, add_nets = self.calculate_networks(
-            old_networks, new_networks, interfaces)
+            old_networks, new_networks, interfaces, security_groups)
 
         for port in remove_ports:
             updaters.append(
diff --git a/heat/engine/resources/openstack/nova/server_network_mixin.py b/heat/engine/resources/openstack/nova/server_network_mixin.py
index eac23d8ef..49af5abc2 100644
--- a/heat/engine/resources/openstack/nova/server_network_mixin.py
+++ b/heat/engine/resources/openstack/nova/server_network_mixin.py
@@ -88,7 +88,8 @@ class ServerNetworkMixin(object):
                         'network': net}
                     raise exception.StackValidationFailed(message=msg)
 
-    def _create_internal_port(self, net_data, net_number):
+    def _create_internal_port(self, net_data, net_number,
+                              security_groups=None):
         name = _('%(server)s-port-%(number)s') % {'server': self.name,
                                                   'number': net_number}
 
@@ -105,6 +106,11 @@ class ServerNetworkMixin(object):
         if body:
             kwargs.update({'fixed_ips': [body]})
 
+        if security_groups:
+            sec_uuids = self.client_plugin(
+                'neutron').get_secgroup_uuids(security_groups)
+            kwargs['security_groups'] = sec_uuids
+
         port = self.client('neutron').create_port({'port': kwargs})['port']
 
         # Store ids (used for floating_ip association, updating, etc.)
@@ -181,7 +187,7 @@ class ServerNetworkMixin(object):
         for port_id in new_ports:
             self._data_update_ports(port_id, 'add', port_type='external_ports')
 
-    def _build_nics(self, networks):
+    def _build_nics(self, networks, security_groups=None):
         if not networks:
             return None
 
@@ -193,7 +199,9 @@ class ServerNetworkMixin(object):
             if net.get(self.NETWORK_PORT):
                 nic_info['port-id'] = net[self.NETWORK_PORT]
             elif self.is_using_neutron() and net.get(self.NETWORK_SUBNET):
-                nic_info['port-id'] = self._create_internal_port(net, idx)
+                nic_info['port-id'] = self._create_internal_port(
+                    net, idx, security_groups)
+
             # if nic_info including 'port-id', do not set ip for nic
             if not nic_info.get('port-id'):
                 if net.get(self.NETWORK_FIXED_IP):
@@ -273,7 +281,8 @@ class ServerNetworkMixin(object):
             if net is not None:
                 net['port'] = props['port']
 
-    def calculate_networks(self, old_nets, new_nets, ifaces):
+    def calculate_networks(self, old_nets, new_nets, ifaces,
+                           security_groups=None):
         remove_ports = []
         add_nets = []
         attach_first_free_port = False
@@ -328,8 +337,8 @@ class ServerNetworkMixin(object):
             if net.get(self.NETWORK_PORT):
                 handler_kwargs['port_id'] = net.get(self.NETWORK_PORT)
             elif self.is_using_neutron() and net.get(self.NETWORK_SUBNET):
-                handler_kwargs['port_id'] = self._create_internal_port(net,
-                                                                       idx)
+                handler_kwargs['port_id'] = self._create_internal_port(
+                    net, idx, security_groups)
 
             add_nets.append(handler_kwargs)
author	huangtianhua <huangtianhua@huawei.com>	2016-05-09 19:01:23 +0800
committer	huangtianhua <huangtianhua@huawei.com>	2016-05-18 10:10:13 +0000
commit	c775afcd3d23d9ebe1172246f71a577a83aed387 (patch)
tree	33bcef52cbc0b20eeaf094a81b1fd228432c140b /heat/engine
parent	93c5a3a68a0c0da6c703f72940db7516fb34d619 (diff)
download	heat-c775afcd3d23d9ebe1172246f71a577a83aed387.tar.gz