From 90a2707ccffd2175d76e0e2ac5a4cd87e5faa7ef Mon Sep 17 00:00:00 2001 From: zhanghao2 Date: Fri, 12 Jul 2019 07:08:28 -0400 Subject: [PATCH] Fix bug when removing a port from the firewall group When removing a port from the firewall group, the last port is detected as true or false based on the old port and the new port, but it ignores the specific number of ports, which causes the fwg status to be inactive regardless of whether there is a port after the firewall group is reset. Change-Id: I887e06893f3e11031548767272e95afee40462d8 Closes-Bug: #1817455 --- .../services/firewall/service_drivers/agents/agents.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/neutron_fwaas/services/firewall/service_drivers/agents/agents.py b/neutron_fwaas/services/firewall/service_drivers/agents/agents.py index 3d40f5655..de7a9652e 100644 --- a/neutron_fwaas/services/firewall/service_drivers/agents/agents.py +++ b/neutron_fwaas/services/firewall/service_drivers/agents/agents.py @@ -326,9 +326,10 @@ class FirewallAgentDriver(driver_api.FirewallDriverDB, ) # last-port drives agent to ack with status to set state to INACTIVE - # Set last-port to True if there are no ports in the new group, - # but the old group had ports - fwg_with_rules['last-port'] = (old_firewall_group['ports'] and + # Set last-port to True if there are no ports in the new group and + # the old group had the same number of ports that need to be deleted. + fwg_with_rules['last-port'] = (len(old_firewall_group['ports']) == len( + fwg_with_rules['del-port-ids']) and not(new_firewall_group['ports'])) LOG.debug("update_firewall_group %s: Add Ports: %s, Del Ports: %s",