openstack
/
kuryr-kubernetes
Code Issues Proposed changes

Ensure LB sg update is retried when NP is enforced 

In case an endpoint is not yet annotated with the lbaas
state, when a Network Policy enforcement is triggered,
the update of the lbaas SG is ignored, causing a security breach.
This commit fixes the issue by retrying the update of the sg.

Closes-bug: 1856842

Change-Id: I4ebb8d5da52ff2cee8970b061e31b3f391cacc1b
This commit is contained in:
Maysa Macedo 2019-12-17 23:41:05 +00:00 committed by Maysa de Macedo Souza
parent a047f20bf2
commit 4c34068b2f
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
kuryr_kubernetes/controller/drivers/lbaasv2.py
View File

@ -965,7 +965,8 @@ class LBaaSv2Driver(base.LBaaSDriver):
lbaas = utils.get_lbaas_state(endpoint)
if not lbaas:
return
LOG.debug('Endpoint not yet annotated with lbaas state.')
raise k_exc.ResourceNotReady(svc_name)
lbaas_obj = lbaas.loadbalancer
lbaas_obj.security_groups = sgs