Ensure LB sg update is retried when NP is enforced
In case an endpoint is not yet annotated with the lbaas state, when a Network Policy enforcement is triggered, the update of the lbaas SG is ignored, causing a security breach. This commit fixes the issue by retrying the update of the sg. Closes-bug: 1856842 Change-Id: I4ebb8d5da52ff2cee8970b061e31b3f391cacc1b
This commit is contained in:
parent
a047f20bf2
commit
4c34068b2f
|
@ -965,7 +965,8 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
|||
|
||||
lbaas = utils.get_lbaas_state(endpoint)
|
||||
if not lbaas:
|
||||
return
|
||||
LOG.debug('Endpoint not yet annotated with lbaas state.')
|
||||
raise k_exc.ResourceNotReady(svc_name)
|
||||
|
||||
lbaas_obj = lbaas.loadbalancer
|
||||
lbaas_obj.security_groups = sgs
|
||||
|
|
Loading…
Reference in New Issue