ml2-plugin: update security group option

In Icehouse, security group configuration is enabled from the plugin and should be enabled by a boolean value instead of a firewall_driver like before. If security group is enable, we should ensure firewall_driver is true or a specific driver. If security group is disabled, we should use Noop firewall driver. Patch in Icehouse: http://git.io/Bb-PHQ Change-Id: I0d0ca2fb80d21a439c5e096dcd978e956e6662fd Signed-off-by: Emilien Macchi <[email protected]>
redhat-openstack · Apr 9, 2014 · 1821b02 · 1821b02
1 parent 2b310c2
commit 1821b02
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 7 deletions.
diff --git a/manifests/plugins/ml2.pp b/manifests/plugins/ml2.pp
@@ -89,6 +89,12 @@
 #   mechanisms) with different configurations, we need to set something to the
 #   firewall_driver flag to enable security group API.
 #   Defaults to false.
+#
+# [*firewall_driver*]
+#   (optionnal) Set a firewall driver value.
+#   If enable_security_group is enabled, it should be either true or a custom
+#   firewall driver.
+#   Defaults to true.
 
 class neutron::plugins::ml2 (
   $type_drivers          = ['local', 'flat', 'vlan', 'gre', 'vxlan'],
@@ -99,7 +105,8 @@
   $tunnel_id_ranges      = ['20:100'],
   $vxlan_group           = '224.0.0.1',
   $vni_ranges            = ['10:100'],
-  $enable_security_group = false
+  $enable_security_group = false,
+  $firewall_driver       = true
 ) {
 
   include neutron::params
@@ -142,9 +149,10 @@
 
   # Configure ml2_conf.ini
   neutron_plugin_ml2 {
-    'ml2/type_drivers':         value => join($type_drivers, ',');
-    'ml2/tenant_network_types': value => join($tenant_network_types, ',');
-    'ml2/mechanism_drivers':    value => join($mechanism_drivers, ',');
+    'ml2/type_drivers':                     value => join($type_drivers, ',');
+    'ml2/tenant_network_types':             value => join($tenant_network_types, ',');
+    'ml2/mechanism_drivers':                value => join($mechanism_drivers, ',');
+    'securitygroup/enable_security_group':  value => $enable_security_group;
   }
 
   # Specific plugin configuration
@@ -188,7 +196,7 @@
 
   if $enable_security_group {
     neutron_plugin_ml2 {
-      'securitygroup/firewall_driver': value => $enable_security_group;
+      'securitygroup/firewall_driver': value => $firewall_driver;
     }
   } else {
     neutron_plugin_ml2 {

diff --git a/spec/classes/neutron_plugins_ml2_spec.rb b/spec/classes/neutron_plugins_ml2_spec.rb
@@ -37,7 +37,8 @@
       :tunnel_id_ranges      => ['20:100'],
       :vxlan_group           => '224.0.0.1',
       :vni_ranges            => ['10:100'],
-      :enable_security_group => false }
+      :enable_security_group => false,
+      :firewall_driver       => true }
   end
 
   let :params do
@@ -59,6 +60,7 @@
       should contain_neutron_plugin_ml2('ml2/type_drivers').with_value(p[:type_drivers].join(','))
       should contain_neutron_plugin_ml2('ml2/tenant_network_types').with_value(p[:tenant_network_types].join(','))
       should contain_neutron_plugin_ml2('ml2/mechanism_drivers').with_value(p[:mechanism_drivers].join(','))
+      should contain_neutron_plugin_ml2('securitygroup/enable_security_group').with_value('false')
       should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_value('neutron.agent.firewall.NoopFirewallDriver')
     end
 
@@ -202,7 +204,8 @@
        before :each do
          params.merge!(:enable_security_group => true)
        end
-       it 'should set firewall_driver to true' do
+       it 'should set enable_security_group to true' do
+         should contain_neutron_plugin_ml2('securitygroup/enable_security_group').with('value' => true)
          should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with('value' => true)
        end
      end