Merge "create default security group using an independent context"
This commit is contained in:
commit
8b47f3b03f
@ -18,6 +18,7 @@ import copy
|
|||||||
import netaddr
|
import netaddr
|
||||||
|
|
||||||
from neutron_lib import constants as nl_constants
|
from neutron_lib import constants as nl_constants
|
||||||
|
from neutron_lib import context as lib_context
|
||||||
from neutron_lib.db import api as db_api
|
from neutron_lib.db import api as db_api
|
||||||
from neutron_lib.db import constants as db_constants
|
from neutron_lib.db import constants as db_constants
|
||||||
from neutron_lib.db import model_base
|
from neutron_lib.db import model_base
|
||||||
@ -874,11 +875,10 @@ class FirewallPluginDb(object):
|
|||||||
firewall_group_id=firewall_group_id).delete()
|
firewall_group_id=firewall_group_id).delete()
|
||||||
return
|
return
|
||||||
|
|
||||||
@db_api.CONTEXT_WRITER
|
|
||||||
def _get_default_fwg_id(self, context, tenant_id):
|
def _get_default_fwg_id(self, context, tenant_id):
|
||||||
"""Returns an id of default firewall group for given tenant or None"""
|
"""Returns an id of default firewall group for given tenant or None"""
|
||||||
default_fwg = model_query.query_with_hooks(
|
default_fwg = model_query.query_with_hooks(
|
||||||
context, FirewallGroup).filter_by(
|
context.elevated(), FirewallGroup).filter_by(
|
||||||
project_id=tenant_id, name=const.DEFAULT_FWG).first()
|
project_id=tenant_id, name=const.DEFAULT_FWG).first()
|
||||||
if default_fwg:
|
if default_fwg:
|
||||||
return default_fwg.id
|
return default_fwg.id
|
||||||
@ -917,10 +917,11 @@ class FirewallPluginDb(object):
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
# NOTE(cby): default fwg not created => we try to create it!
|
# NOTE(cby): default fwg not created => we try to create it!
|
||||||
with db_api.CONTEXT_WRITER.using(context):
|
ctx = lib_context.get_admin_context()
|
||||||
|
with db_api.CONTEXT_WRITER.using(ctx):
|
||||||
|
|
||||||
fwr_ids = self._create_default_firewall_rules(
|
fwr_ids = self._create_default_firewall_rules(
|
||||||
context, tenant_id)
|
ctx, tenant_id)
|
||||||
ingress_fwp = {
|
ingress_fwp = {
|
||||||
'description': 'Ingress firewall policy',
|
'description': 'Ingress firewall policy',
|
||||||
'firewall_rules': [fwr_ids['in_ipv4'],
|
'firewall_rules': [fwr_ids['in_ipv4'],
|
||||||
@ -932,9 +933,9 @@ class FirewallPluginDb(object):
|
|||||||
fwr_ids['eg_ipv6']],
|
fwr_ids['eg_ipv6']],
|
||||||
}
|
}
|
||||||
ingress_fwp_db = self._create_default_firewall_policy(
|
ingress_fwp_db = self._create_default_firewall_policy(
|
||||||
context, tenant_id, 'ingress', **ingress_fwp)
|
ctx, tenant_id, 'ingress', **ingress_fwp)
|
||||||
egress_fwp_db = self._create_default_firewall_policy(
|
egress_fwp_db = self._create_default_firewall_policy(
|
||||||
context, tenant_id, 'egress', **egress_fwp)
|
ctx, tenant_id, 'egress', **egress_fwp)
|
||||||
|
|
||||||
fwg = {
|
fwg = {
|
||||||
'name': const.DEFAULT_FWG,
|
'name': const.DEFAULT_FWG,
|
||||||
@ -948,8 +949,8 @@ class FirewallPluginDb(object):
|
|||||||
'description': 'Default firewall group',
|
'description': 'Default firewall group',
|
||||||
}
|
}
|
||||||
fwg_db = self._create_firewall_group(
|
fwg_db = self._create_firewall_group(
|
||||||
context, fwg, default_fwg=True)
|
ctx, fwg, default_fwg=True)
|
||||||
context.session.add(DefaultFirewallGroup(
|
ctx.session.add(DefaultFirewallGroup(
|
||||||
firewall_group_id=fwg_db['id'],
|
firewall_group_id=fwg_db['id'],
|
||||||
project_id=tenant_id))
|
project_id=tenant_id))
|
||||||
return fwg_db['id']
|
return fwg_db['id']
|
||||||
|
Loading…
Reference in New Issue
Block a user