From: kayal2001 Date: Thu, 28 Nov 2024 06:26:49 +0000 (+0530) Subject: Feature 11046: Security Group Name as Ns Config Template - RO X-Git-Tag: v17.0.0~5 X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=refs%2Fchanges%2F66%2F14766%2F2;p=osm%2FRO.git Feature 11046: Security Group Name as Ns Config Template - RO Change-Id: I53f910669d1de5863afa151eb2d2a0a68cede53f Signed-off-by: kayal2001 --- diff --git a/NG-RO/osm_ng_ro/ns.py b/NG-RO/osm_ng_ro/ns.py index e7082d01..fe094f67 100644 --- a/NG-RO/osm_ng_ro/ns.py +++ b/NG-RO/osm_ng_ro/ns.py @@ -1834,12 +1834,19 @@ class Ns(object): target_vdu["vdu-name"], target_vdu.get("count-index") or 0, ) + security_group_name = None if additional_params := target_vdu.get("additionalParams"): if additional_params.get("OSM", {}).get("instance_name"): instance_name = additional_params.get("OSM", {}).get("instance_name") if count_index := target_vdu.get("count-index"): if count_index >= 1: instance_name = "{}-{}".format(instance_name, count_index) + if additional_params.get("OSM", {}).get("security-group-name"): + security_group_name = additional_params.get("OSM", {}).get( + "security-group-name" + ) + else: + security_group_name = None extra_dict["params"] = { "name": instance_name, @@ -1851,6 +1858,7 @@ class Ns(object): "net_list": net_list, "cloud_config": cloud_config or None, "disk_list": disk_list, + "security_group_name": security_group_name, "availability_zone_index": None, # TODO "availability_zone_list": None, # TODO } @@ -2082,6 +2090,12 @@ class Ns(object): if count_index := existing_vdu.get("count-index"): if count_index >= 1: instance_name = "{}-{}".format(instance_name, count_index) + if additional_params.get("OSM", {}).get("security-group-name"): + security_group_name = additional_params.get("OSM", {}).get( + "security-group-name" + ) + else: + security_group_name = None extra_dict["params"] = { "name": instance_name, @@ -2093,6 +2107,7 @@ class Ns(object): "net_list": net_list, "cloud_config": cloud_config or None, "disk_list": disk_list, + "security_group_name": security_group_name, "availability_zone_index": None, # TODO "availability_zone_list": None, # TODO } diff --git a/NG-RO/osm_ng_ro/tests/test_ns.py b/NG-RO/osm_ng_ro/tests/test_ns.py index 2288a605..2d1bf5fd 100644 --- a/NG-RO/osm_ng_ro/tests/test_ns.py +++ b/NG-RO/osm_ng_ro/tests/test_ns.py @@ -177,6 +177,7 @@ expected_extra_dict = { "availability_zone_index": None, "availability_zone_list": None, "cloud_config": None, + "security_group_name": None, "description": "several_volumes-VM", "disk_list": [], "flavor_id": f"TASK-{ns_preffix}:flavor.0", @@ -197,6 +198,7 @@ expected_extra_dict2 = { "availability_zone_index": None, "availability_zone_list": None, "cloud_config": None, + "security_group_name": None, "description": "without_volumes-VM", "disk_list": [], "flavor_id": f"TASK-{ns_preffix}:flavor.0", diff --git a/RO-VIM-openstack/osm_rovim_openstack/tests/test_vimconn_openstack.py b/RO-VIM-openstack/osm_rovim_openstack/tests/test_vimconn_openstack.py index 44b63d20..1dd1c6a2 100644 --- a/RO-VIM-openstack/osm_rovim_openstack/tests/test_vimconn_openstack.py +++ b/RO-VIM-openstack/osm_rovim_openstack/tests/test_vimconn_openstack.py @@ -60,6 +60,7 @@ disk_list2 = [ ] availability_zone_index = 0 availability_zone_list = ["nova"] +security_group_name = None floating_network_vim_id = "108b73-e9cc-5a6a-t270-82cc4811bd4a" net_id = "83372685-f67f-49fd-8722-eabb7692fc22" net2_id = "46472685-f67f-49fd-8722-eabb7692fc22" @@ -521,6 +522,7 @@ class TestNewVmInstance(unittest.TestCase): "name": "management", "admin_state_up": True, } + security_group_name = None new_port_result, port_result = self.vimconn._create_port( net, name, created_items @@ -529,7 +531,9 @@ class TestNewVmInstance(unittest.TestCase): self.assertDictEqual(new_port_result, new_port) self.assertDictEqual(port_result, expected_port) - mock_prepare_port_dict_security_groups.assert_called_once_with(net, port_dict) + mock_prepare_port_dict_security_groups.assert_called_once_with( + net, port_dict, security_group_name + ) mock_prepare_port_dict_binding.assert_called_once_with(net, port_dict) mock_prepare_port_dict_mac_ip_addr.assert_called_once_with(net, port_dict) mock_create_new_port.assert_called_once_with(port_dict, created_items, net) @@ -572,6 +576,7 @@ class TestNewVmInstance(unittest.TestCase): "admin_state_up": True, "name": name, } + security_group_name = None new_port_result, port_result = self.vimconn._create_port( net, name, created_items @@ -580,7 +585,9 @@ class TestNewVmInstance(unittest.TestCase): self.assertDictEqual(new_port_result, new_port) self.assertDictEqual(port_result, expected_port) - mock_prepare_port_dict_security_groups.assert_called_once_with(net, port_dict) + mock_prepare_port_dict_security_groups.assert_called_once_with( + net, port_dict, security_group_name + ) mock_prepare_port_dict_binding.assert_called_once_with(net, port_dict) mock_prepare_port_dict_mac_ip_addr.assert_called_once_with(net, port_dict) mock_create_new_port.assert_called_once_with(port_dict, created_items, net) @@ -623,6 +630,7 @@ class TestNewVmInstance(unittest.TestCase): "admin_state_up": True, "name": name, } + security_group_name = None new_port_result, port_result = self.vimconn._create_port( net, name, created_items @@ -631,7 +639,9 @@ class TestNewVmInstance(unittest.TestCase): self.assertDictEqual(new_port_result, new_port) self.assertDictEqual(port_result, expected_port) - mock_prepare_port_dict_security_groups.assert_called_once_with(net, port_dict) + mock_prepare_port_dict_security_groups.assert_called_once_with( + net, port_dict, security_group_name + ) mock_prepare_port_dict_binding.assert_called_once_with(net, port_dict) mock_prepare_port_dict_mac_ip_addr.assert_called_once_with(net, port_dict) mock_create_new_port.assert_called_once_with(port_dict, created_items, net) @@ -662,11 +672,14 @@ class TestNewVmInstance(unittest.TestCase): "admin_state_up": True, "name": name, } + security_group_name = None with self.assertRaises(Exception): self.vimconn._create_port(net, name, created_items) - mock_prepare_port_dict_security_groups.assert_called_once_with(net, port_dict) + mock_prepare_port_dict_security_groups.assert_called_once_with( + net, port_dict, security_group_name + ) mock_prepare_port_dict_binding.assert_called_once_with(net, port_dict) mock_prepare_port_dict_mac_ip_addr.assert_called_once_with(net, port_dict) mock_create_new_port.assert_called_once_with(port_dict, created_items, net) @@ -697,11 +710,14 @@ class TestNewVmInstance(unittest.TestCase): "admin_state_up": True, "name": name, } + security_group_name = None with self.assertRaises(Exception): self.vimconn._create_port(net, name, created_items) - mock_prepare_port_dict_security_groups.assert_called_once_with(net, port_dict) + mock_prepare_port_dict_security_groups.assert_called_once_with( + net, port_dict, security_group_name + ) mock_prepare_port_dict_binding.assert_not_called() mock_prepare_port_dict_mac_ip_addr.assert_not_called() @@ -734,11 +750,14 @@ class TestNewVmInstance(unittest.TestCase): "admin_state_up": True, "name": name, } + security_group_name = None with self.assertRaises(Exception): self.vimconn._create_port(net, name, created_items) - mock_prepare_port_dict_security_groups.assert_called_once_with(net, port_dict) + mock_prepare_port_dict_security_groups.assert_called_once_with( + net, port_dict, security_group_name + ) mock_prepare_port_dict_binding.assert_called_once_with(net, port_dict) @@ -771,11 +790,14 @@ class TestNewVmInstance(unittest.TestCase): "admin_state_up": True, "name": name, } + security_group_name = None with self.assertRaises(Exception): self.vimconn._create_port(net, name, created_items) - mock_prepare_port_dict_security_groups.assert_called_once_with(net, port_dict) + mock_prepare_port_dict_security_groups.assert_called_once_with( + net, port_dict, security_group_name + ) mock_prepare_port_dict_binding.assert_called_once_with(net, port_dict) mock_prepare_port_dict_mac_ip_addr.assert_called_once_with(net, port_dict) @@ -817,12 +839,15 @@ class TestNewVmInstance(unittest.TestCase): "fixed_ips": [{"ip_address": ip_addr1}], }, } + security_group_name = None mock_create_new_port.return_value = new_port with self.assertRaises(VimConnException): self.vimconn._create_port(net, name, created_items) - mock_prepare_port_dict_security_groups.assert_called_once_with(net, port_dict) + mock_prepare_port_dict_security_groups.assert_called_once_with( + net, port_dict, security_group_name + ) mock_prepare_port_dict_binding.assert_called_once_with(net, port_dict) mock_prepare_port_dict_mac_ip_addr.assert_called_once_with(net, port_dict) mock_create_new_port.assert_called_once_with(port_dict, created_items, net) @@ -938,6 +963,7 @@ class TestNewVmInstance(unittest.TestCase): self.assertEqual(external_network, expected_external_network) self.assertEqual(expected_no_secured_ports, no_secured_ports) + security_group_name = None mock_create_port.assert_called_once_with( { "net_id": net2_id, @@ -946,6 +972,7 @@ class TestNewVmInstance(unittest.TestCase): }, name, created_items, + security_group_name, ) @patch.object(vimconnector, "_reload_connection") @@ -1001,6 +1028,7 @@ class TestNewVmInstance(unittest.TestCase): self.assertEqual(external_network, expected_external_network) self.assertEqual(expected_no_secured_ports, no_secured_ports) + security_group_name = None mock_create_port.assert_called_once_with( { "net_id": net2_id, @@ -1009,6 +1037,7 @@ class TestNewVmInstance(unittest.TestCase): }, name, created_items, + security_group_name, ) @patch.object(vimconnector, "_reload_connection") @@ -1067,6 +1096,7 @@ class TestNewVmInstance(unittest.TestCase): no_secured_ports, ) + security_group_name = None mock_create_port.assert_called_once_with( { "net_id": net2_id, @@ -1077,6 +1107,7 @@ class TestNewVmInstance(unittest.TestCase): }, name, created_items, + security_group_name, ) self.assertEqual(expected_net_list_vim, net_list_vim) self.assertEqual(external_network, expected_external_network) @@ -1128,6 +1159,7 @@ class TestNewVmInstance(unittest.TestCase): no_secured_ports, ) + security_group_name = None mock_create_port.assert_called_once_with( { "net_id": net2_id, @@ -1137,6 +1169,7 @@ class TestNewVmInstance(unittest.TestCase): }, name, created_items, + security_group_name, ) self.assertEqual(expected_net_list_vim, net_list_vim) self.assertEqual(external_network, expected_external_network) @@ -1188,6 +1221,7 @@ class TestNewVmInstance(unittest.TestCase): no_secured_ports, ) + security_group_name = None mock_create_port.assert_called_once_with( { "net_id": net2_id, @@ -1197,6 +1231,7 @@ class TestNewVmInstance(unittest.TestCase): }, name, created_items, + security_group_name, ) self.assertEqual(expected_net_list_vim, net_list_vim) self.assertEqual(external_network, expected_external_network) @@ -1240,6 +1275,7 @@ class TestNewVmInstance(unittest.TestCase): self.assertEqual(type(err.exception), KeyError) + security_group_name = None mock_create_port.assert_called_once_with( { "net_id": net2_id, @@ -1249,6 +1285,7 @@ class TestNewVmInstance(unittest.TestCase): }, name, created_items, + security_group_name, ) self.assertEqual(expected_net_list_vim, net_list_vim) self.assertEqual(external_network, expected_external_network) @@ -3285,6 +3322,7 @@ class TestNewVmInstance(unittest.TestCase): disk_list2, availability_zone_index, availability_zone_list, + security_group_name, ) self.assertEqual(result, expected_result) @@ -3296,6 +3334,7 @@ class TestNewVmInstance(unittest.TestCase): net_list_vim=[], external_network=[], no_secured_ports=[], + security_group_name=security_group_name, ) mock_create_user_data.assert_called_once_with(cloud_config) mock_get_vm_availability_zone.assert_called_once_with( @@ -3385,6 +3424,7 @@ class TestNewVmInstance(unittest.TestCase): disk_list, availability_zone_index, availability_zone_list, + security_group_name, ) mock_reload_connection.assert_called_once() @@ -3395,6 +3435,7 @@ class TestNewVmInstance(unittest.TestCase): net_list_vim=[], external_network=[], no_secured_ports=[], + security_group_name=security_group_name, ) mock_create_user_data.assert_called_once_with(cloud_config) mock_get_vm_availability_zone.assert_not_called() @@ -3473,6 +3514,7 @@ class TestNewVmInstance(unittest.TestCase): net_list_vim=[], external_network=[], no_secured_ports=[], + security_group_name=security_group_name, ) mock_create_user_data.assert_called_once_with(cloud_config) mock_get_vm_availability_zone.assert_called_once_with( @@ -3560,6 +3602,7 @@ class TestNewVmInstance(unittest.TestCase): disk_list2, availability_zone_index, availability_zone_list, + security_group_name, ) self.assertEqual(result, expected_result) @@ -3571,6 +3614,7 @@ class TestNewVmInstance(unittest.TestCase): net_list_vim=[], external_network=[], no_secured_ports=[], + security_group_name=security_group_name, ) mock_create_user_data.assert_called_once_with(cloud_config) mock_get_vm_availability_zone.assert_called_once_with( @@ -3660,6 +3704,7 @@ class TestNewVmInstance(unittest.TestCase): disk_list2, availability_zone_index, availability_zone_list, + security_group_name, ) mock_reload_connection.assert_called_once() @@ -3670,6 +3715,7 @@ class TestNewVmInstance(unittest.TestCase): net_list_vim=[], external_network=[], no_secured_ports=[], + security_group_name=security_group_name, ) mock_create_user_data.assert_called_once_with(cloud_config) mock_get_vm_availability_zone.assert_called_once_with( diff --git a/RO-VIM-openstack/osm_rovim_openstack/vimconn_openstack.py b/RO-VIM-openstack/osm_rovim_openstack/vimconn_openstack.py index e9d40620..501c6924 100644 --- a/RO-VIM-openstack/osm_rovim_openstack/vimconn_openstack.py +++ b/RO-VIM-openstack/osm_rovim_openstack/vimconn_openstack.py @@ -637,7 +637,7 @@ class vimconnector(vimconn.VimConnector): type(exception).__name__ + ": " + message_error ) - def _get_ids_from_name(self): + def _get_ids_from_name(self, security_group_name=None): """ Obtain ids from name of tenant and security_groups. Store at self .security_groups_id" :return: None @@ -652,11 +652,15 @@ class vimconnector(vimconn.VimConnector): ) ) + neutron_sg_list = self.neutron.list_security_groups( + tenant_id=self.my_tenant_id + )["security_groups"] + if self.config.get("security_groups") and not self.security_groups_id: # convert from name to id - neutron_sg_list = self.neutron.list_security_groups( - tenant_id=self.my_tenant_id - )["security_groups"] + # neutron_sg_list = self.neutron.list_security_groups( + # tenant_id=self.my_tenant_id + # )["security_groups"] self.security_groups_id = [] for sg in self.config.get("security_groups"): @@ -671,6 +675,18 @@ class vimconnector(vimconn.VimConnector): "Not found security group {} for this tenant".format(sg) ) + if security_group_name is not None: + self.security_groups_id = [] + for neutron_sg in neutron_sg_list: + if security_group_name in (neutron_sg["id"], neutron_sg["name"]): + self.security_groups_id.append(neutron_sg["id"]) + break + else: + self.security_groups_id = None + raise vimconn.VimConnConnectionException( + "Not found security group {} for this tenant".format(sg) + ) + def _find_nova_server(self, vm_id): """ Returns the VM instance from Openstack and completes it with flavor ID @@ -1933,7 +1949,9 @@ class vimconnector(vimconn.VimConnector): "No enough availability zones at VIM for this deployment" ) - def _prepare_port_dict_security_groups(self, net: dict, port_dict: dict) -> None: + def _prepare_port_dict_security_groups( + self, net: dict, port_dict: dict, security_group_name=None + ) -> None: """Fill up the security_groups in the port_dict. Args: @@ -1951,6 +1969,10 @@ class vimconnector(vimconn.VimConnector): port_dict["security_groups"] = self.security_groups_id + if security_group_name is not None: + self._get_ids_from_name(security_group_name) + port_dict["security_groups"] = self.security_groups_id + def _prepare_port_dict_binding(self, net: dict, port_dict: dict) -> None: """Fill up the network binding depending on network type in the port_dict. @@ -2038,7 +2060,7 @@ class vimconnector(vimconn.VimConnector): return new_port def _create_port( - self, net: dict, name: str, created_items: dict + self, net: dict, name: str, created_items: dict, security_group_name=None ) -> Tuple[dict, dict]: """Create port using net details. @@ -2061,7 +2083,7 @@ class vimconnector(vimconn.VimConnector): if not port_dict["name"]: port_dict["name"] = name - self._prepare_port_dict_security_groups(net, port_dict) + self._prepare_port_dict_security_groups(net, port_dict, security_group_name) self._prepare_port_dict_binding(net, port_dict) @@ -2086,6 +2108,7 @@ class vimconnector(vimconn.VimConnector): net_list_vim: list, external_network: list, no_secured_ports: list, + security_group_name=None, ) -> None: """Create port and fill up net dictionary for new VM instance creation. @@ -2105,7 +2128,9 @@ class vimconnector(vimconn.VimConnector): if not net.get("net_id"): continue - new_port, port = self._create_port(net, name, created_items) + new_port, port = self._create_port( + net, name, created_items, security_group_name + ) net_list_vim.append(port) @@ -2760,6 +2785,7 @@ class vimconnector(vimconn.VimConnector): disk_list=None, availability_zone_index=None, availability_zone_list=None, + security_group_name=None, ) -> tuple: """Adds a VM instance to VIM. @@ -2842,6 +2868,7 @@ class vimconnector(vimconn.VimConnector): net_list_vim=net_list_vim, external_network=external_network, no_secured_ports=no_secured_ports, + security_group_name=security_group_name, ) # Cloud config diff --git a/releasenotes/notes/feature_11046_Security_Group_Name_as_Ns_Config_Template-168183679fb9ab6a.yaml b/releasenotes/notes/feature_11046_Security_Group_Name_as_Ns_Config_Template-168183679fb9ab6a.yaml new file mode 100644 index 00000000..20ee4ba0 --- /dev/null +++ b/releasenotes/notes/feature_11046_Security_Group_Name_as_Ns_Config_Template-168183679fb9ab6a.yaml @@ -0,0 +1,81 @@ +####################################################################################### +# Copyright ETSI Contributors and Others. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. +####################################################################################### +--- +prelude: > + Replace this text with content to appear at the top of the section for this + release. All of the prelude content is merged together and then rendered + separately from the items listed in other parts of the file, so the text + needs to be worded so that both the prelude and the other items make sense + when read independently. This may mean repeating some details. Not every + release note requires a prelude. Usually only notes describing major + features or adding release theme details should have a prelude. +features: + - | + List new features here, or remove this section. All of the list items in + this section are combined when the release notes are rendered, so the text + needs to be worded so that it does not depend on any information only + available in another section, such as the prelude. This may mean repeating + some details. +issues: + - | + List known issues here, or remove this section. All of the list items in + this section are combined when the release notes are rendered, so the text + needs to be worded so that it does not depend on any information only + available in another section, such as the prelude. This may mean repeating + some details. +upgrade: + - | + List upgrade notes here, or remove this section. All of the list items in + this section are combined when the release notes are rendered, so the text + needs to be worded so that it does not depend on any information only + available in another section, such as the prelude. This may mean repeating + some details. +deprecations: + - | + List deprecations notes here, or remove this section. All of the list + items in this section are combined when the release notes are rendered, so + the text needs to be worded so that it does not depend on any information + only available in another section, such as the prelude. This may mean + repeating some details. +critical: + - | + Add critical notes here, or remove this section. All of the list items in + this section are combined when the release notes are rendered, so the text + needs to be worded so that it does not depend on any information only + available in another section, such as the prelude. This may mean repeating + some details. +security: + - | + Add security notes here, or remove this section. All of the list items in + this section are combined when the release notes are rendered, so the text + needs to be worded so that it does not depend on any information only + available in another section, such as the prelude. This may mean repeating + some details. +fixes: + - | + Add normal bug fixes here, or remove this section. All of the list items + in this section are combined when the release notes are rendered, so the + text needs to be worded so that it does not depend on any information only + available in another section, such as the prelude. This may mean repeating + some details. +other: + - | + Add other notes here, or remove this section. All of the list items in + this section are combined when the release notes are rendered, so the text + needs to be worded so that it does not depend on any information only + available in another section, such as the prelude. This may mean repeating + some details.