create default security group using an independent context

The current method of creating a default security group may be under
an upper level context. If there is an exception of creating a
duplicate primary key for the default security group, it will cause
the context to need to be rolled back, but not rolled back, which
will affect subsequent database operations.

Through the submission of patch8, a default security group was
created every time. Upon reviewing the [1] log "Default FWG
was concurrently created", it was determined that duplicate primary keys
were actually triggered and the issue(#2061883) was fixed.

Closes-Bug: #2061883

[1] https://storage.bhs.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_94a/916968/8/check/neutron-tempest-plugin-fwaas/94a09c8/controller/logs/screen-q-svc.txt

Change-Id: Ib2e412ed5e5d4c4fcb4f0abe71d4750fb78bce27

neutron_fwaas/db/firewall/v2/firewall_db_v2.py

@@ -18,6 +18,7 @@ import copy
 import netaddr
 
 from neutron_lib import constants as nl_constants
+from neutron_lib import context as lib_context
 from neutron_lib.db import api as db_api
 from neutron_lib.db import constants as db_constants
 from neutron_lib.db import model_base
@@ -874,11 +875,10 @@ class FirewallPluginDb(object):
                 firewall_group_id=firewall_group_id).delete()
         return
 
-    @db_api.CONTEXT_WRITER
     def _get_default_fwg_id(self, context, tenant_id):
         """Returns an id of default firewall group for given tenant or None"""
         default_fwg = model_query.query_with_hooks(
-            context, FirewallGroup).filter_by(
+            context.elevated(), FirewallGroup).filter_by(
             project_id=tenant_id, name=const.DEFAULT_FWG).first()
         if default_fwg:
             return default_fwg.id
@@ -917,10 +917,11 @@ class FirewallPluginDb(object):
 
         try:
             # NOTE(cby): default fwg not created => we try to create it!
-            with db_api.CONTEXT_WRITER.using(context):
+            ctx = lib_context.get_admin_context()
+            with db_api.CONTEXT_WRITER.using(ctx):
 
                 fwr_ids = self._create_default_firewall_rules(
-                    context, tenant_id)
+                    ctx, tenant_id)
                 ingress_fwp = {
                     'description': 'Ingress firewall policy',
                     'firewall_rules': [fwr_ids['in_ipv4'],
@@ -932,9 +933,9 @@ class FirewallPluginDb(object):
                                        fwr_ids['eg_ipv6']],
                 }
                 ingress_fwp_db = self._create_default_firewall_policy(
-                    context, tenant_id, 'ingress', **ingress_fwp)
+                    ctx, tenant_id, 'ingress', **ingress_fwp)
                 egress_fwp_db = self._create_default_firewall_policy(
-                    context, tenant_id, 'egress', **egress_fwp)
+                    ctx, tenant_id, 'egress', **egress_fwp)
 
                 fwg = {
                     'name': const.DEFAULT_FWG,
@@ -948,8 +949,8 @@ class FirewallPluginDb(object):
                     'description': 'Default firewall group',
                 }
                 fwg_db = self._create_firewall_group(
-                    context, fwg, default_fwg=True)
+                    ctx, fwg, default_fwg=True)
-                context.session.add(DefaultFirewallGroup(
+                ctx.session.add(DefaultFirewallGroup(
                     firewall_group_id=fwg_db['id'],
                     project_id=tenant_id))
                 return fwg_db['id']