Merge "NSX|V policy: get SG description from the policy"

2016-11-10 16:07:16 +00:00 · 2016-11-10 16:07:16 +00:00 · af85ca3d4c
commit af85ca3d4c
parent 3090a51598 7417b3b18a
4 changed files with 44 additions and 6 deletions
--- a/vmware_nsx/plugins/nsx_v/plugin.py
+++ b/vmware_nsx/plugins/nsx_v/plugin.py
@ -3114,6 +3114,13 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
            if sg_with_policy and security_group.get(sg_logging.LOGGING):
                msg = _('Cannot support logging when using NSX policies')
                raise n_exc.InvalidInput(error_message=msg)
+
+            # Use the NSX policy description as the description of this
+            # security group if the description was not set by the user
+            # and the security group is new or policy was updated
+            if new_policy and not security_group.get('description'):
+                security_group['description'] = (
+                    self.nsx_sg_utils.get_nsx_policy_description(new_policy))
        else:
            # must not have a policy:
            if security_group.get(sg_policy.POLICY):
--- a/vmware_nsx/plugins/nsx_v/vshield/securitygroup_utils.py
+++ b/vmware_nsx/plugins/nsx_v/vshield/securitygroup_utils.py
@ -17,6 +17,8 @@ import xml.etree.ElementTree as et

 from oslo_log import log as logging

+from neutron.api.v2 import attributes
+
 from vmware_nsx.common import utils

 WAIT_INTERVAL = 2000
@ -202,3 +204,16 @@ class NsxSecurityGroupUtils(object):

        return self.nsxv_manager.vcns.update_security_policy(
            policy_id, et.tostring(policy))
+
+    def get_nsx_policy_description(self, policy_id):
+        if not policy_id:
+            return
+        # Get the policy configuration
+        policy = self.nsxv_manager.vcns.get_security_policy(policy_id)
+        policy = utils.normalize_xml(policy)
+        # If no description - use the name instead
+        description = policy.find('description').text
+        if not description:
+            description = policy.find('name').text
+        # use only the allowed length
+        return description[:attributes.DESCRIPTION_MAX_LEN]
--- a/vmware_nsx/tests/unit/extensions/test_security_group_policy.py
+++ b/vmware_nsx/tests/unit/extensions/test_security_group_policy.py
@ -53,11 +53,14 @@ class SecGroupPolicyExtensionTestCase(
        del attr.RESOURCE_ATTRIBUTE_MAP['security_groups']['policy']
        super(SecGroupPolicyExtensionTestCase, self).tearDown()

-    def _create_secgroup_with_policy(self, policy_id, logging=False):
-        body = {'security_group': {'name': 'sg-policy',
-                                   'tenant_id': self._tenant_id,
-                                   'policy': policy_id,
-                                   'logging': logging}}
+    def _create_secgroup_with_policy(self, policy_id, description=None,
+                                     logging=False):
+        body = {'security_group':
+            {'name': 'sg-policy',
+             'tenant_id': self._tenant_id,
+             'policy': policy_id,
+             'description': description if description else '',
+             'logging': logging}}
        security_group_req = self.new_create_request('security-groups', body)
        return security_group_req.get_response(self.ext_api)

@ -71,6 +74,15 @@ class SecGroupPolicyExtensionTestCase(
        res = self._create_secgroup_with_policy(policy_id)
        sg = self.deserialize(self.fmt, res)
        self.assertEqual(policy_id, sg['security_group']['policy'])
+        self.assertEqual('dummy', sg['security_group']['description'])
+
+    def test_secgroup_create_with_policyand_desc(self):
+        policy_id = 'policy-5'
+        desc = 'test'
+        res = self._create_secgroup_with_policy(policy_id, description=desc)
+        sg = self.deserialize(self.fmt, res)
+        self.assertEqual(policy_id, sg['security_group']['policy'])
+        self.assertEqual(desc, sg['security_group']['description'])

    def test_secgroup_create_without_policy(self):
        res = self._create_secgroup_with_policy(None)
@ -169,9 +181,11 @@ class SecGroupPolicyExtensionTestCaseWithRules(
    def test_secgroup_create_without_policy(self):
        # in case allow_tenant_rules_with_policy is True, it is allowed to
        # create a regular sg
-        res = self._create_secgroup_with_policy(None)
+        desc = 'test'
+        res = self._create_secgroup_with_policy(None, description=desc)
        sg = self.deserialize(self.fmt, res)
        self.assertIsNone(sg['security_group']['policy'])
+        self.assertEqual(desc, sg['security_group']['description'])

    def test_secgroup_create_without_policy_update_policy(self):
        # Create a regular security group. adding the policy later should fail
--- a/vmware_nsx/tests/unit/nsx_v/vshield/fake_vcns.py
+++ b/vmware_nsx/tests/unit/nsx_v/vshield/fake_vcns.py
@ -1346,6 +1346,8 @@ class FakeVcns(object):
        response_text = (
            "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
            "<securityPolicy><objectId>%s</objectId>"
+            "<name>pol1</name>"
+            "<description>dummy</description>"
            "</securityPolicy>") % policy_id
        return response_text