Merge "Firewall group associated with ports is not allowed to be deleted"
This commit is contained in:
commit
3fcf1b8246
@ -339,7 +339,7 @@ class FirewallPluginV2(Firewallv2PluginBase):
|
|||||||
except f_exc.FirewallGroupNotFound:
|
except f_exc.FirewallGroupNotFound:
|
||||||
return
|
return
|
||||||
|
|
||||||
if fwg['status'] == nl_constants.ACTIVE:
|
if fwg['ports']:
|
||||||
raise f_exc.FirewallGroupInUse(firewall_id=id)
|
raise f_exc.FirewallGroupInUse(firewall_id=id)
|
||||||
|
|
||||||
self.driver.delete_firewall_group(context, id)
|
self.driver.delete_firewall_group(context, id)
|
||||||
|
@ -270,31 +270,6 @@ class FirewallAgentDriver(driver_api.FirewallDriverDB,
|
|||||||
context, firewall_group['ports'])
|
context, firewall_group['ports'])
|
||||||
self.agent_rpc.create_firewall_group(context, fwg_with_rules)
|
self.agent_rpc.create_firewall_group(context, fwg_with_rules)
|
||||||
|
|
||||||
def delete_firewall_group_precommit(self, context, firewall_group):
|
|
||||||
if firewall_group['status'] == nl_constants.ACTIVE:
|
|
||||||
raise f_exc.FirewallGroupInUse(firewall_id=firewall_group['id'])
|
|
||||||
elif firewall_group['status'] != nl_constants.INACTIVE:
|
|
||||||
# Firewall group is in inconsistent state, remove it
|
|
||||||
return
|
|
||||||
if not firewall_group['ports']:
|
|
||||||
# No associated port, can safety remove it
|
|
||||||
return
|
|
||||||
|
|
||||||
# Need to prevent agent to delete the firewall group before delete it
|
|
||||||
self.firewall_db.update_firewall_group_status(
|
|
||||||
context, firewall_group['id'], nl_constants.PENDING_DELETE)
|
|
||||||
firewall_group['status'] = nl_constants.PENDING_DELETE
|
|
||||||
|
|
||||||
fwg_with_rules = self.firewall_db.make_firewall_group_dict_with_rules(
|
|
||||||
context, firewall_group['id'])
|
|
||||||
fwg_with_rules['del-port-ids'] = firewall_group['ports']
|
|
||||||
fwg_with_rules['add-port-ids'] = []
|
|
||||||
# Reflect state change in fwg_with_rules
|
|
||||||
fwg_with_rules['status'] = nl_constants.PENDING_DELETE
|
|
||||||
fwg_with_rules['port_details'] = self._get_fwg_port_details(
|
|
||||||
context, fwg_with_rules['del-port-ids'])
|
|
||||||
self.agent_rpc.delete_firewall_group(context, fwg_with_rules)
|
|
||||||
|
|
||||||
def _need_pending_update(self, old_firewall_group, new_firewall_group):
|
def _need_pending_update(self, old_firewall_group, new_firewall_group):
|
||||||
port_updated = (set(new_firewall_group['ports']) !=
|
port_updated = (set(new_firewall_group['ports']) !=
|
||||||
set(old_firewall_group['ports']))
|
set(old_firewall_group['ports']))
|
||||||
|
@ -382,6 +382,22 @@ class FirewallPluginV2TestCase(test_db_plugin.NeutronDbPluginV2TestCase):
|
|||||||
firewall_group = self.deserialize(fmt or self.fmt, res)
|
firewall_group = self.deserialize(fmt or self.fmt, res)
|
||||||
yield firewall_group
|
yield firewall_group
|
||||||
if do_delete:
|
if do_delete:
|
||||||
|
self.plugin.driver.firewall_db.update_firewall_group_status(
|
||||||
|
context.get_admin_context(),
|
||||||
|
firewall_group['firewall_group']['id'],
|
||||||
|
nl_constants.ACTIVE)
|
||||||
|
data = {
|
||||||
|
'firewall_group': {
|
||||||
|
'ports': [],
|
||||||
|
},
|
||||||
|
}
|
||||||
|
req = self.new_update_request(
|
||||||
|
'firewall_groups',
|
||||||
|
data,
|
||||||
|
firewall_group['firewall_group']['id'],
|
||||||
|
as_admin=True,
|
||||||
|
)
|
||||||
|
req.get_response(self.ext_api)
|
||||||
self._delete('firewall_groups',
|
self._delete('firewall_groups',
|
||||||
firewall_group['firewall_group']['id'],
|
firewall_group['firewall_group']['id'],
|
||||||
as_admin=True)
|
as_admin=True)
|
||||||
|
Loading…
Reference in New Issue
Block a user