diff --git a/neutron_fwaas/services/firewall/fwaas_plugin.py b/neutron_fwaas/services/firewall/fwaas_plugin.py index f54647fe7..95d30c50c 100644 --- a/neutron_fwaas/services/firewall/fwaas_plugin.py +++ b/neutron_fwaas/services/firewall/fwaas_plugin.py @@ -171,6 +171,14 @@ class FirewallPlugin( f_const.FIREWALL_PLUGIN, self.endpoints, fanout=False) return self.conn.consume_in_threads() + def _check_dvr_extensions(self, l3plugin): + return ( + n_utils.is_extension_supported( + l3plugin, nl_constants.L3_AGENT_SCHEDULER_EXT_ALIAS) and + n_utils.is_extension_supported( + l3plugin, nl_constants.L3_DISTRIBUTED_EXT_ALIAS) and + getattr(l3plugin, '_get_dvr_hosts_for_router', False)) + def _get_hosts_to_notify(self, context, router_ids): """Returns all hosts to send notification about firewall update""" l3_plugin = directory.get_plugin(plugin_constants.L3) @@ -178,19 +186,24 @@ class FirewallPlugin( n_utils.is_extension_supported( l3_plugin, nl_constants.L3_AGENT_SCHEDULER_EXT_ALIAS) and getattr(l3_plugin, 'get_l3_agents_hosting_routers', False)) + scheduled_hosts = set() if no_broadcast: # This call checks for all scheduled routers to the network node agents = l3_plugin.get_l3_agents_hosting_routers( context, router_ids, admin_state_up=True, active=True) - scheduled_rtr_hosts = set([a.host for a in agents]) - # Now check for unscheduled DVR router on distributed compute hosts - unscheduled_dvr_hosts = set() + scheduled_hosts = set([a.host for a in agents]) + + # Now check for unscheduled DVR router on distributed compute hosts + unscheduled_dvr_hosts = set() + dvr_broadcast = self._check_dvr_extensions(l3_plugin) + if (dvr_broadcast): for router_id in router_ids: hosts = set(l3_plugin._get_dvr_hosts_for_router( context, router_id)) unscheduled_dvr_hosts |= hosts - total_hosts = scheduled_rtr_hosts.union(unscheduled_dvr_hosts) - return total_hosts + if no_broadcast or dvr_broadcast: + scheduled_hosts = scheduled_hosts.union(unscheduled_dvr_hosts) + return scheduled_hosts # NOTE(blallau): default: FirewallAgentAPI performs RPC broadcast return [None] diff --git a/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin.py b/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin.py index a992b4739..caba7a98c 100644 --- a/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin.py +++ b/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin.py @@ -381,6 +381,13 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase, ctx = context.get_admin_context() name = "user_fw" attrs = self._get_test_firewall_attrs(name) + check_attr1 = getattr(self.l3_plugin, + "get_l3_agents_hosting_routers", False) + check_attr2 = getattr(self.l3_plugin, + "_get_dvr_hosts_for_router", False) + # For third-party L3-service plugins do not run this test + if check_attr1 is False or check_attr2 is False: + return with self.router(name='router1', admin_state_up=True, tenant_id=self._tenant_id) as router1: with self.firewall_policy() as fwp: @@ -397,10 +404,14 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase, with mock.patch.object( self.l3_plugin, 'get_l3_agents_hosting_routers') as s_hosts, \ + mock.patch.object( + self.plugin, + '_check_dvr_extensions') as dvr_exts, \ mock.patch.object( self.l3_plugin, '_get_dvr_hosts_for_router') as u_hosts: self.plugin.update_firewall(ctx, fw_id, firewall) + dvr_exts.return_value = True self.assertTrue(u_hosts.called) self.assertTrue(s_hosts.called)