Merge pull request #1173 from rackerlabs/stop-managing-outside-network

chore: sync_keystone: Stop managing OUTSIDE networks for tenants

Author: stevekeay

python/understack-workflows/tests/test_sync_keystone.py

@@ -117,9 +117,6 @@ def test_handle_project_delete(
         tenant_obj if tenant_exists else None
     )
 
-    mock_delete_network = mocker.patch(
-        "understack_workflows.main.sync_keystone._delete_outside_network"
-    )
     mock_unmap_devices = mocker.patch(
         "understack_workflows.main.sync_keystone._unmap_tenant_from_devices"
     )
@@ -130,12 +127,10 @@ def test_handle_project_delete(
     mock_pynautobot_api.tenancy.tenants.get.assert_called_once_with(id=project_id)
 
     if tenant_exists:
-        mock_delete_network.assert_called_once_with(conn_mock, project_id)
         mock_unmap_devices.assert_called_once_with(
             tenant_id=project_id, nautobot=mock_pynautobot_api
         )
         tenant_obj.delete.assert_called_once()
     else:
-        mock_delete_network.assert_not_called()
         mock_unmap_devices.assert_not_called()
         tenant_obj.delete.assert_not_called()

python/understack-workflows/understack_workflows/main/sync_keystone.py

@@ -21,8 +21,6 @@
 _EXIT_API_ERROR = 1
 _EXIT_EVENT_UNKNOWN = 2
 
-OUTSIDE_NETWORK_NAME = "OUTSIDE"
-
 
 class Event(StrEnum):
     ProjectCreate = "identity.project.created"
@@ -50,55 +48,7 @@ def argument_parser():
     return parser
 
 
-def _create_outside_network(conn: Connection, project_id: uuid.UUID):
-    network = _find_outside_network(conn, project_id.hex)
-    if network:
-        logger.info(
-            "%s Network %s already exists for this tenant",
-            OUTSIDE_NETWORK_NAME,
-            network.id,
-        )
-    else:
-        payload = {
-            "project_id": project_id.hex,
-            "name": OUTSIDE_NETWORK_NAME,
-            "router:external": False,
-        }
-        network = conn.network.create_network(**payload)  # type: ignore
-        logger.info(
-            "Created %s Network %s for tenant", OUTSIDE_NETWORK_NAME, network.id
-        )
-        conn.network.create_rbac_policy(  # type: ignore
-            object_type="network",
-            object_id=network.id,
-            action="access_as_external",
-            target_project_id=project_id.hex,
-        )
-        conn.network.create_rbac_policy(  # type: ignore
-            object_type="network",
-            object_id=network.id,
-            action="access_as_shared",
-            target_project_id=project_id.hex,
-        )
-
-
-def _delete_outside_network(conn: Connection, project_id: uuid.UUID):
-    network = _find_outside_network(conn, project_id.hex)
-    if network:
-        conn.delete_network(network.id)
-        logger.info(
-            "Deleted %s Network %s for this tenant", OUTSIDE_NETWORK_NAME, network.id
-        )
-
-
-def _find_outside_network(conn: Connection, project_id: str):
-    return conn.network.find_network(  # type: ignore
-        project_id=project_id,
-        name_or_id=OUTSIDE_NETWORK_NAME,
-    )
-
-
-def _tenant_attrs(conn: Connection, project_id: uuid.UUID) -> tuple[str, str, bool]:
+def _tenant_attrs(conn: Connection, project_id: uuid.UUID) -> tuple[str, str]:
     project = conn.identity.get_project(project_id.hex)  # type: ignore
     domain_id = project.domain_id
     is_default_domain = domain_id == "default"
@@ -110,7 +60,7 @@ def _tenant_attrs(conn: Connection, project_id: uuid.UUID) -> tuple[str, str, bo
         domain_name = domain.name
 
     tenant_name = f"{domain_name}:{project.name}"
-    return tenant_name, str(project.description), is_default_domain
+    return tenant_name, str(project.description)
 
 
 def _unmap_tenant_from_devices(
@@ -127,14 +77,12 @@ def handle_project_create(
     conn: Connection, nautobot: pynautobot.api, project_id: uuid.UUID
 ) -> int:
     logger.info("got request to create tenant %s", project_id.hex)
-    tenant_name, tenant_description, is_default_domain = _tenant_attrs(conn, project_id)
+    tenant_name, tenant_description = _tenant_attrs(conn, project_id)
 
     try:
         tenant = nautobot.tenancy.tenants.create(
             id=str(project_id), name=tenant_name, description=tenant_description
         )
-        if is_default_domain:
-            _create_outside_network(conn, project_id)
     except Exception:
         logger.exception(
             "Unable to create project %s / %s", str(project_id), tenant_name
@@ -149,7 +97,7 @@ def handle_project_update(
     conn: Connection, nautobot: pynautobot.api, project_id: uuid.UUID
 ) -> int:
     logger.info("got request to update tenant %s", project_id.hex)
-    tenant_name, tenant_description, is_default_domain = _tenant_attrs(conn, project_id)
+    tenant_name, tenant_description = _tenant_attrs(conn, project_id)
 
     existing_tenant = nautobot.tenancy.tenants.get(id=project_id)
     logger.info("existing_tenant: %s", existing_tenant)
@@ -170,8 +118,6 @@ def handle_project_update(
                 existing_tenant.last_updated,  # type: ignore
             )
 
-        if is_default_domain:
-            _create_outside_network(conn, project_id)
     except Exception:
         logger.exception(
             "Unable to update project %s / %s", str(project_id), tenant_name
@@ -189,7 +135,6 @@ def handle_project_delete(
         logger.warning("tenant %s does not exist, nothing to delete", project_id)
         return _EXIT_SUCCESS
 
-    _delete_outside_network(conn, project_id)
     _unmap_tenant_from_devices(tenant_id=project_id, nautobot=nautobot)
 
     tenant = cast(Record, tenant)