Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Fix AdoptResources for nova networking #7962
Conversation
|
The test ended up being kind of bonkers, but... yes, this now tests that |
jameinel
approved these changes
Oct 26, 2017
Clearly someone incorporated logic about Juju into goose, which shouldn't be there. "goose" is supposed to just be about bringing Openstack ideas into Go.
However, you didn't make that mistake and I think your filtering is correct.
A bit of a comment to help understand what, specifically, the test is testing for.
Also, did you make sure the test fails without your patch?
| + )) | ||
| + | ||
| + firewaller := openstack.GetFirewaller(s.env) | ||
| + err = firewaller.UpdateGroupController("aabbccdd-eeee-ffff-0000-0123456789ab") |
jameinel
Oct 26, 2017
Owner
One thing that this clearly indicates to me, is that we messed up our layering, but it isn't your fault.
goose should never have a constant with 'juju' in the name.
babbageclunk
Oct 26, 2017
Member
Oh, it's not called out (I'll add a comment) but those juju- groups are added by the bootstrapEnv call - nothing in goose is creating them.
| + "default", | ||
| + "unrelated", | ||
| + "juju-aabbccdd-eeee-ffff-0000-0123456789ab-deadbeef-0bad-400d-8000-4b1d0d06f00d", | ||
| + "juju-aabbccdd-eeee-ffff-0000-0123456789ab-deadbeef-0bad-400d-8000-4b1d0d06f00d-0", |
jameinel
Oct 26, 2017
Owner
so is the idea that without the regex we used to fail to UpgradeGroup, or that we were modifying the old groups somehow? (I'm guessing the former).
maybe a comment in the test to clarify the specific reasons for this test.
// ensure that when Juju updates the security groups when we don't have
// Neutron networking, that we don't get confused by security groups
// that are not part of this model.
I also wonder if it would be useful to mix in Juju-* security groups which aren't the model we are updating. To make sure we don't touch those either (eg, the rule isn't just juju-.*)
babbageclunk
Oct 26, 2017
Member
The former, yes - I'll add the comment. Also, other juju- groups for a different model is a good call, I'll add those too.
|
Thanks for the thoughtful review (as always)! Yes, I checked that the test fails in the expected way if the filtering is removed. |
|
$$merge$$ |
|
Status: merge request accepted. Url: http://ci.jujucharms.com/job/github-merge-juju |
babbageclunk commentedOct 25, 2017
Description of change
legacyNovaFirewaller.UpdateGroupController wasn't filtering the groups
to those that matched its regex, so it was failing in the replace
step. This would prevent migrations from finishing on Canonistack or any
other Openstack using nova networking - the model would be running fine
on the target controller (and the machine and unit agents would be talking to
the model on the target), but would not be removed from the source.
QA steps
Bug reference
Fixes https://bugs.launchpad.net/juju/+bug/1717860