a9f26b81e2
This reverts commit caae7b6a6f.
Reason for revert:
Many users still need L3 firewalls and Inspur team wants to maintain
this project.
Neutron drivers team discussed the topic of the maintenance of
neutron-fwaas, and agreed to include neutron-fwaas again to Neutron
stadium[1].
Some updates have been made:
Remove use "autonested_transaction" method, see more [2]
Replace "neutron_lib.callbacks.registry.notify" with "registry.publish"
Replace rootwrap execution with privsep context execution.
Ensure db Models and migration scripts are sync, set table
firewall_group_port_associations_v2's two columns nullable=False
[1] https://meetings.opendev.org/meetings/neutron_drivers/2022/neutron_drivers.2022-01-28-14.00.log.html#l-14
[2] https://review.opendev.org/c/openstack/neutron-lib/+/761728
Change-Id: I14f551c199d9badcf25b9e65c954c012326d27cd
11 lines
447 B
YAML
11 lines
447 B
YAML
---
|
|
prelude: >
|
|
Taking security for VM instance into consideration, we've removed an option
|
|
to disable automatic association with default firewall group feature.
|
|
Therefore, `auto_associate_default_firewall_group` has been removed.
|
|
fixes:
|
|
- |
|
|
There is no validation to check if an updated port is for VM or not so far.
|
|
After this fix, default firewall group association is called only for
|
|
VM ports which are newly created.
|