Procházet zdrojové kódy

Fix AttributeError with third-party L3 service plugins

A recent patch fix for the Rocky branch from
commit 20fd026116 have introduced an
AttributeError on Third Party Plugins that does not implement
certain extensions.

This is just related to FWaaSv1 and only applicable to Rocky and below
releases.

This change fixes an issue where in the course of sending firewall
update notifications to the appropriate agents an AttributeError
is encountered due to unsafe assumption of the availability of L3
extensions on the l3_plugin.

This change puts protections in place to avoid this issue.

Change-Id: If5fde4fc9475f468860b0c1fb29db66f1c44f74e
Closes-Bug: #1847019
(cherry picked from commit fc59b08ff7)
tags/12.0.2^0
Ryan Tidwell Swaminathan Vasudevan před 7 měsíci
rodič
revize
4c05f1f661
2 změnil soubory, kde provedl 29 přidání a 5 odebrání
  1. +18
    -5
      neutron_fwaas/services/firewall/fwaas_plugin.py
  2. +11
    -0
      neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin.py

+ 18
- 5
neutron_fwaas/services/firewall/fwaas_plugin.py Zobrazit soubor

@@ -171,6 +171,14 @@ class FirewallPlugin(
f_const.FIREWALL_PLUGIN, self.endpoints, fanout=False)
return self.conn.consume_in_threads()

def _check_dvr_extensions(self, l3plugin):
return (
n_utils.is_extension_supported(
l3plugin, nl_constants.L3_AGENT_SCHEDULER_EXT_ALIAS) and
n_utils.is_extension_supported(
l3plugin, nl_constants.L3_DISTRIBUTED_EXT_ALIAS) and
getattr(l3plugin, '_get_dvr_hosts_for_router', False))

def _get_hosts_to_notify(self, context, router_ids):
"""Returns all hosts to send notification about firewall update"""
l3_plugin = directory.get_plugin(plugin_constants.L3)
@@ -178,19 +186,24 @@ class FirewallPlugin(
n_utils.is_extension_supported(
l3_plugin, nl_constants.L3_AGENT_SCHEDULER_EXT_ALIAS) and
getattr(l3_plugin, 'get_l3_agents_hosting_routers', False))
scheduled_hosts = set()
if no_broadcast:
# This call checks for all scheduled routers to the network node
agents = l3_plugin.get_l3_agents_hosting_routers(
context, router_ids, admin_state_up=True, active=True)
scheduled_rtr_hosts = set([a.host for a in agents])
# Now check for unscheduled DVR router on distributed compute hosts
unscheduled_dvr_hosts = set()
scheduled_hosts = set([a.host for a in agents])

# Now check for unscheduled DVR router on distributed compute hosts
unscheduled_dvr_hosts = set()
dvr_broadcast = self._check_dvr_extensions(l3_plugin)
if (dvr_broadcast):
for router_id in router_ids:
hosts = set(l3_plugin._get_dvr_hosts_for_router(
context, router_id))
unscheduled_dvr_hosts |= hosts
total_hosts = scheduled_rtr_hosts.union(unscheduled_dvr_hosts)
return total_hosts
if no_broadcast or dvr_broadcast:
scheduled_hosts = scheduled_hosts.union(unscheduled_dvr_hosts)
return scheduled_hosts

# NOTE(blallau): default: FirewallAgentAPI performs RPC broadcast
return [None]


+ 11
- 0
neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin.py Zobrazit soubor

@@ -381,6 +381,13 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase,
ctx = context.get_admin_context()
name = "user_fw"
attrs = self._get_test_firewall_attrs(name)
check_attr1 = getattr(self.l3_plugin,
"get_l3_agents_hosting_routers", False)
check_attr2 = getattr(self.l3_plugin,
"_get_dvr_hosts_for_router", False)
# For third-party L3-service plugins do not run this test
if check_attr1 is False or check_attr2 is False:
return
with self.router(name='router1', admin_state_up=True,
tenant_id=self._tenant_id) as router1:
with self.firewall_policy() as fwp:
@@ -397,10 +404,14 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase,
with mock.patch.object(
self.l3_plugin,
'get_l3_agents_hosting_routers') as s_hosts, \
mock.patch.object(
self.plugin,
'_check_dvr_extensions') as dvr_exts, \
mock.patch.object(
self.l3_plugin,
'_get_dvr_hosts_for_router') as u_hosts:
self.plugin.update_firewall(ctx, fw_id, firewall)
dvr_exts.return_value = True
self.assertTrue(u_hosts.called)
self.assertTrue(s_hosts.called)



Načítá se…
Zrušit
Uložit