Delete 'default' security group associated to new projects.

OpenStack can create a security group named 'default' each time a
new project/tenant has been created but is not cleaned up when the
project has been deleted. This patch adds this functionality into
OpenStackProject#clean() method.

Also added similar routine to KeystoneUtilsTests#tearDown() method.

JIRA: SNAPS-169

Change-Id: I29492ae2ddd82e7d59d09b9c4eb759be4835532a
Signed-off-by: spisarski <s.pisarski@cablelabs.com>

diff --git a/snaps/openstack/create_project.py b/snaps/openstack/create_project.py
index bc80789..6b06db4 100644 (file)
--- a/snaps/openstack/create_project.py
+++ b/snaps/openstack/create_project.py
@@ -15,7 +15,7 @@
 import logging
 
 from keystoneclient.exceptions import NotFound
-from snaps.openstack.utils import keystone_utils
+from snaps.openstack.utils import keystone_utils, neutron_utils
 
 __author__ = 'spisarski'
 
@@ -66,6 +66,19 @@ class OpenStackProject:
         :return: void
         """
         if self.__project:
+            # Delete security group 'default' if exists
+            neutron = neutron_utils.neutron_client(self.__os_creds)
+            default_sec_grp = neutron_utils.get_security_group(
+                neutron, 'default',
+                tenant_id=self.__project.id)
+            if default_sec_grp:
+                try:
+                    neutron_utils.delete_security_group(
+                        neutron, default_sec_grp)
+                except:
+                    pass
+
+            # Delete Project
             try:
                 keystone_utils.delete_project(self.__keystone, self.__project)
             except NotFound:

diff --git a/snaps/openstack/utils/neutron_utils.py b/snaps/openstack/utils/neutron_utils.py
index 061bc56..2de3586 100644 (file)
--- a/snaps/openstack/utils/neutron_utils.py
+++ b/snaps/openstack/utils/neutron_utils.py
@@ -347,7 +347,7 @@ def delete_security_group(neutron, sec_grp):
     neutron.delete_security_group(sec_grp.id)
 
 
-def get_security_group(neutron, name):
+def get_security_group(neutron, name, tenant_id=None):
     """
     Returns the first security group object of the given name else None
     :param neutron: the client
@@ -356,7 +356,10 @@ def get_security_group(neutron, name):
     """
     logger.info('Retrieving security group with name - ' + name)
 
-    groups = neutron.list_security_groups(**{'name': name})
+    filter = {'name': name}
+    if tenant_id:
+        filter['tenant_id'] = tenant_id
+    groups = neutron.list_security_groups(**filter)
     for group in groups['security_groups']:
         if group['name'] == name:
             return SecurityGroup(**group)

diff --git a/snaps/openstack/utils/tests/keystone_utils_tests.py b/snaps/openstack/utils/tests/keystone_utils_tests.py
index a46cbd1..29cd8af 100644 (file)
--- a/snaps/openstack/utils/tests/keystone_utils_tests.py
+++ b/snaps/openstack/utils/tests/keystone_utils_tests.py
@@ -17,7 +17,7 @@ import uuid
 from snaps.openstack.create_project import ProjectSettings
 from snaps.openstack.create_user import UserSettings
 from snaps.openstack.tests.os_source_file_test import OSComponentTestCase
-from snaps.openstack.utils import keystone_utils
+from snaps.openstack.utils import keystone_utils, neutron_utils
 
 __author__ = 'spisarski'
 
@@ -73,7 +73,18 @@ class KeystoneUtilsTests(OSComponentTestCase):
         Cleans the remote OpenStack objects
         """
         if self.project:
-                keystone_utils.delete_project(self.keystone, self.project)
+            neutron = neutron_utils.neutron_client(self.os_creds)
+            default_sec_grp = neutron_utils.get_security_group(
+                neutron, 'default',
+                tenant_id=self.project.id)
+            if default_sec_grp:
+                try:
+                    neutron_utils.delete_security_group(
+                        neutron, default_sec_grp)
+                except:
+                    pass
+
+            keystone_utils.delete_project(self.keystone, self.project)
 
         if self.user:
             keystone_utils.delete_user(self.keystone, self.user)