Merge "create default security group using an independent context"

This commit is contained in:
Zuul 2024-05-30 09:40:08 +00:00 committed by Gerrit Code Review
commit 8b47f3b03f

View File

@ -18,6 +18,7 @@ import copy
import netaddr import netaddr
from neutron_lib import constants as nl_constants from neutron_lib import constants as nl_constants
from neutron_lib import context as lib_context
from neutron_lib.db import api as db_api from neutron_lib.db import api as db_api
from neutron_lib.db import constants as db_constants from neutron_lib.db import constants as db_constants
from neutron_lib.db import model_base from neutron_lib.db import model_base
@ -874,11 +875,10 @@ class FirewallPluginDb(object):
firewall_group_id=firewall_group_id).delete() firewall_group_id=firewall_group_id).delete()
return return
@db_api.CONTEXT_WRITER
def _get_default_fwg_id(self, context, tenant_id): def _get_default_fwg_id(self, context, tenant_id):
"""Returns an id of default firewall group for given tenant or None""" """Returns an id of default firewall group for given tenant or None"""
default_fwg = model_query.query_with_hooks( default_fwg = model_query.query_with_hooks(
context, FirewallGroup).filter_by( context.elevated(), FirewallGroup).filter_by(
project_id=tenant_id, name=const.DEFAULT_FWG).first() project_id=tenant_id, name=const.DEFAULT_FWG).first()
if default_fwg: if default_fwg:
return default_fwg.id return default_fwg.id
@ -917,10 +917,11 @@ class FirewallPluginDb(object):
try: try:
# NOTE(cby): default fwg not created => we try to create it! # NOTE(cby): default fwg not created => we try to create it!
with db_api.CONTEXT_WRITER.using(context): ctx = lib_context.get_admin_context()
with db_api.CONTEXT_WRITER.using(ctx):
fwr_ids = self._create_default_firewall_rules( fwr_ids = self._create_default_firewall_rules(
context, tenant_id) ctx, tenant_id)
ingress_fwp = { ingress_fwp = {
'description': 'Ingress firewall policy', 'description': 'Ingress firewall policy',
'firewall_rules': [fwr_ids['in_ipv4'], 'firewall_rules': [fwr_ids['in_ipv4'],
@ -932,9 +933,9 @@ class FirewallPluginDb(object):
fwr_ids['eg_ipv6']], fwr_ids['eg_ipv6']],
} }
ingress_fwp_db = self._create_default_firewall_policy( ingress_fwp_db = self._create_default_firewall_policy(
context, tenant_id, 'ingress', **ingress_fwp) ctx, tenant_id, 'ingress', **ingress_fwp)
egress_fwp_db = self._create_default_firewall_policy( egress_fwp_db = self._create_default_firewall_policy(
context, tenant_id, 'egress', **egress_fwp) ctx, tenant_id, 'egress', **egress_fwp)
fwg = { fwg = {
'name': const.DEFAULT_FWG, 'name': const.DEFAULT_FWG,
@ -948,8 +949,8 @@ class FirewallPluginDb(object):
'description': 'Default firewall group', 'description': 'Default firewall group',
} }
fwg_db = self._create_firewall_group( fwg_db = self._create_firewall_group(
context, fwg, default_fwg=True) ctx, fwg, default_fwg=True)
context.session.add(DefaultFirewallGroup( ctx.session.add(DefaultFirewallGroup(
firewall_group_id=fwg_db['id'], firewall_group_id=fwg_db['id'],
project_id=tenant_id)) project_id=tenant_id))
return fwg_db['id'] return fwg_db['id']