huawei & ctyun security group sync fix

2026-07-01 01:36:11 +08:00 · 2020-02-24 19:39:18 +08:00
parent dac8452cc9
commit 667a9985de
8 changed files with 12 additions and 56 deletions
--- a/pkg/compute/models/guests.go
+++ b/pkg/compute/models/guests.go
@@ -4378,8 +4378,8 @@ func (self *SGuest) getSecgroupExternalIds(provider *SCloudprovider) []string {
 	return externalIds
 }

-func (self *SGuest) getSecgroupByCache(provider *SCloudprovider, vpcId string, externalId string) (*SSecurityGroup, error) {
-	q := SecurityGroupCacheManager.Query().Equals("manager_id", provider.Id).Equals("external_id", externalId).Equals("vpc_id", vpcId)
+func (self *SGuest) getSecgroupByCache(provider *SCloudprovider, externalId string) (*SSecurityGroup, error) {
+	q := SecurityGroupCacheManager.Query().Equals("manager_id", provider.Id).Equals("external_id", externalId)
 	cache := SSecurityGroupCache{}
 	cache.SetModelManager(SecurityGroupCacheManager, &cache)
 	count, err := q.CountWithError()
@@ -4413,17 +4413,11 @@ func (self *SGuest) setSecgroupPublicScope(secgroup *SSecurityGroup) error {
 func (self *SGuest) SyncVMSecgroups(ctx context.Context, userCred mcclient.TokenCredential, provider *SCloudprovider, secgroupIds []string) compare.SyncResult {
 	syncResult := compare.SyncResult{}

-	vpc, err := self.GetVpc()
-	if err != nil {
-		syncResult.AddError(err)
-		return syncResult
-	}
-
 	secgroupExternalIds := self.getSecgroupExternalIds(provider)

 	_secgroupIds := []string{}
 	for _, secgroupId := range secgroupIds {
-		secgroup, err := self.getSecgroupByCache(provider, vpc.GetId(), secgroupId)
+		secgroup, err := self.getSecgroupByCache(provider, secgroupId)
 		if err != nil {
 			syncResult.AddError(err)
 			continue
--- a/pkg/compute/regiondrivers/ctyun.go
+++ b/pkg/compute/regiondrivers/ctyun.go
@@ -49,7 +49,3 @@ func (self *SCtyunRegionDriver) ValidateCreateLoadbalancerAclData(ctx context.Co
 func (self *SCtyunRegionDriver) ValidateCreateLoadbalancerCertificateData(ctx context.Context, userCred mcclient.TokenCredential, data *jsonutils.JSONDict) (*jsonutils.JSONDict, error) {
 	return nil, httperrors.NewNotImplementedError("%s does not currently support creating loadbalancer certificate", self.GetProvider())
 }
-
-func (self *SCtyunRegionDriver) IsSecurityGroupBelongVpc() bool {
-	return true
-}
--- a/pkg/compute/regiondrivers/huawei.go
+++ b/pkg/compute/regiondrivers/huawei.go
@@ -2124,10 +2124,6 @@ func (self *SHuaWeiRegionDriver) DealNatGatewaySpec(spec string) string {
 	return ""
 }

-func (self *SHuaWeiRegionDriver) IsSecurityGroupBelongVpc() bool {
-	return true
-}
-
 func (self *SHuaWeiRegionDriver) ValidateCreateDBInstanceData(ctx context.Context, userCred mcclient.TokenCredential, ownerId mcclient.IIdentityProvider, input api.DBInstanceCreateInput, skus []models.SDBInstanceSku, network *models.SNetwork) (api.DBInstanceCreateInput, error) {
 	if len(input.MasterInstanceId) > 0 && input.Engine == api.DBINSTANCE_TYPE_SQLSERVER {
 		return input, httperrors.NewInputParameterError("Not support create read-only dbinstance for %s", input.Engine)
--- a/pkg/multicloud/ctyun/securitygroup.go
+++ b/pkg/multicloud/ctyun/securitygroup.go
@@ -28,7 +28,6 @@ import (

 type SSecurityGroup struct {
 	region *SRegion
-	vpc    *SVpc

 	ResSecurityGroupID string `json:"resSecurityGroupId"`
 	Name               string `json:"name"`
@@ -354,7 +353,7 @@ func (self *SSecurityGroup) GetSecurityRule(remoteRule SSecurityGroupRule, withR

 func (self *SSecurityGroup) GetVpcId() string {
 	if len(self.VpcID) == 0 {
-		return "normal"
+		return "classic"
 	}

 	return self.VpcID
@@ -411,10 +410,13 @@ func (self *SRegion) GetSecurityGroups(vpcId string) ([]SSecurityGroup, error) {
 func (self *SRegion) CreateSecurityGroup(vpcId, name string) (*SSecurityGroup, error) {
 	params := map[string]jsonutils.JSONObject{
 		"regionId": jsonutils.NewString(self.GetId()),
-		"vpcId":    jsonutils.NewString(vpcId),
 		"name":     jsonutils.NewString(name),
 	}

+	if len(vpcId) > 0 && (vpcId != "classic" && vpcId != "normal") {
+		params["vpcId"] = jsonutils.NewString(vpcId)
+	}
+
 	resp, err := self.client.DoPost("/apiproxy/v3/createSecurityGroup", params)
 	if err != nil {
 		return nil, errors.Wrap(err, "SRegion.CreateSecurityGroup.DoPost")
@@ -430,12 +432,6 @@ func (self *SRegion) CreateSecurityGroup(vpcId, name string) (*SSecurityGroup, e
 		return nil, errors.Wrap(err, "SRegion.CreateSecurityGroup.GetISecurityGroupById")
 	}

-	vpc, err := self.GetVpc(vpcId)
-	if err != nil {
-		return nil, errors.Wrap(err, "SRegion.CreateSecurityGroup.GetVpc")
-	}
-
-	secgroup.vpc = vpc
 	secgroup.region = self
 	return secgroup, nil
 }
--- a/pkg/multicloud/ctyun/vpc.go
+++ b/pkg/multicloud/ctyun/vpc.go
@@ -149,7 +149,6 @@ func (self *SVpc) fetchSecurityGroups() error {

 	self.secgroups = make([]cloudprovider.ICloudSecurityGroup, len(secgroups))
 	for i := 0; i < len(secgroups); i++ {
-		secgroups[i].vpc = self
 		self.secgroups[i] = &secgroups[i]
 	}

--- a/pkg/multicloud/huawei/region.go
+++ b/pkg/multicloud/huawei/region.go
@@ -724,7 +724,7 @@ func (self *SRegion) CreateSecurityGroup(vpcId string, name string, desc string)
 	params := jsonutils.NewDict()
 	secgroupObj := jsonutils.NewDict()
 	secgroupObj.Add(jsonutils.NewString(name), "name")
-	if len(vpcId) > 0 {
+	if len(vpcId) > 0 && (vpcId != "classic" && vpcId != "normal") {
 		secgroupObj.Add(jsonutils.NewString(vpcId), "vpc_id")
 	}
 	params.Add(secgroupObj, "security_group")
--- a/pkg/multicloud/huawei/securitygroup.go
+++ b/pkg/multicloud/huawei/securitygroup.go
@@ -59,7 +59,6 @@ type SecurityGroupRuleDetail struct {
 // https://support.huaweicloud.com/api-vpc/zh-cn_topic_0020090615.html
 type SSecurityGroup struct {
 	region *SRegion
-	vpc    *SVpc // 安全组对应的vpc可能为空

 	ID                  string              `json:"id"`
 	Name                string              `json:"name"`
@@ -129,9 +128,9 @@ func (self *SSecurityGroup) GetId() string {
 }

 func (self *SSecurityGroup) GetVpcId() string {
-	// 无vpc关联的安全组统一返回normal
+	// 无vpc关联的安全组统一返回classic
 	if len(self.VpcID) == 0 {
-		return "normal"
+		return "classic"
 	}

 	return self.VpcID
@@ -286,10 +285,6 @@ func (self *SRegion) GetSecurityGroupDetails(secGroupId string) (*SSecurityGroup
 	}

 	securitygroup.region = self
-	if len(securitygroup.VpcID) > 0 && securitygroup.VpcID != "default" {
-		securitygroup.vpc, err = self.getVpc(securitygroup.VpcID)
-	}
-
 	return &securitygroup, err
 }

@@ -306,27 +301,10 @@ func (self *SRegion) GetSecurityGroups(vpcId string, name string) ([]SSecurityGr
 		return nil, err
 	}

-	vpcCache := map[string]*SVpc{}
+	// security 中的vpc字段只是一个标识，实际可以跨vpc使用
 	for i := range securitygroups {
 		securitygroup := &securitygroups[i]
 		securitygroup.region = self
-		// 未绑定VPC的安全组
-		// todo:确认 vpc_id  = default的安全组有什么含义？
-		if len(securitygroup.VpcID) == 0 || securitygroup.VpcID == "default" {
-			continue
-		}
-
-		if vpc, exists := vpcCache[securitygroup.VpcID]; exists {
-			securitygroup.vpc = vpc
-		} else {
-			vpc, err := self.getVpc(securitygroup.VpcID)
-			if err != nil {
-				return nil, err
-			}
-
-			vpcCache[securitygroup.VpcID] = vpc
-			securitygroup.vpc = vpc
-		}
 	}

 	result := []SSecurityGroup{}
--- a/pkg/multicloud/huawei/vpc.go
+++ b/pkg/multicloud/huawei/vpc.go
@@ -87,16 +87,13 @@ func (self *SVpc) fetchNetworks() error {

 // 华为云安全组可以被同region的VPC使用
 func (self *SVpc) fetchSecurityGroups() error {
-	// todo： vpc 和 安全组的关联关系还需要进一步确认。
 	secgroups, err := self.region.GetSecurityGroups("", "")
 	if err != nil {
 		return err
 	}

 	self.secgroups = make([]cloudprovider.ICloudSecurityGroup, len(secgroups))
-	// 这里已经填充了vpc。 所以是不是不需要在GetSecurityGroups方法中填充vpc和region了？
 	for i := 0; i < len(secgroups); i++ {
-		secgroups[i].vpc = self
 		self.secgroups[i] = &secgroups[i]
 	}
 	return nil