From 050c41a1458cb816392de2569a6971f382f520e5 Mon Sep 17 00:00:00 2001
From: armando-migliaccio <armamig@gmail.com>
Date: Fri, 22 Aug 2014 13:11:18 -0700
Subject: [PATCH] Set firewall state to CREATED when dealing with DVR

When DVR is enabled as a default option for creating routers, firewall
resources will need to have a new initial state, so that reconciliation
can be done once all L3 agents have processed the firewall rules.

The new state has been introduced to preserve API bw compatibility
with centralized routers.

Partial-bug: #1360351
Supports-blueprint: neutron-dvr-fwaas

Change-Id: I53122570dd3a2311eedb24ccd925bcdc9ad4f70c
---
 neutron/db/firewall/firewall_db.py            |  9 +++++++-
 neutron/plugins/common/constants.py           |  1 +
 .../unit/db/firewall/test_db_firewall.py      | 23 +++++++++++++------
 3 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/neutron/db/firewall/firewall_db.py b/neutron/db/firewall/firewall_db.py
index 3460ea01be8..cdd05d2f59b 100644
--- a/neutron/db/firewall/firewall_db.py
+++ b/neutron/db/firewall/firewall_db.py
@@ -15,6 +15,8 @@
 #
 # @author: Sumit Naiksatam, sumitnaiksatam@gmail.com, Big Switch Networks, Inc.
 
+from oslo.config import cfg
+
 import sqlalchemy as sa
 from sqlalchemy.ext.orderinglist import ordering_list
 from sqlalchemy import orm
@@ -239,6 +241,11 @@ class Firewall_db_mixin(firewall.FirewallPluginBase, base_db.CommonDbMixin):
         LOG.debug(_("create_firewall() called"))
         fw = firewall['firewall']
         tenant_id = self._get_tenant_id_for_create(context, fw)
+        # distributed routers may required a more complex state machine;
+        # the introduction of a new 'CREATED' state allows this, whilst
+        # keeping a backward compatible behavior of the logical resource.
+        status = (const.CREATED
+            if cfg.CONF.router_distributed else const.PENDING_CREATE)
         with context.session.begin(subtransactions=True):
             firewall_db = Firewall(id=uuidutils.generate_uuid(),
                                    tenant_id=tenant_id,
@@ -247,7 +254,7 @@ class Firewall_db_mixin(firewall.FirewallPluginBase, base_db.CommonDbMixin):
                                    firewall_policy_id=
                                    fw['firewall_policy_id'],
                                    admin_state_up=fw['admin_state_up'],
-                                   status=const.PENDING_CREATE)
+                                   status=status)
             context.session.add(firewall_db)
         return self._make_firewall_dict(firewall_db)
 
diff --git a/neutron/plugins/common/constants.py b/neutron/plugins/common/constants.py
index 4cd1440996a..1e56ed1de75 100644
--- a/neutron/plugins/common/constants.py
+++ b/neutron/plugins/common/constants.py
@@ -50,6 +50,7 @@ COMMON_PREFIXES = {
 # Service operation status constants
 ACTIVE = "ACTIVE"
 DOWN = "DOWN"
+CREATED = "CREATED"
 PENDING_CREATE = "PENDING_CREATE"
 PENDING_UPDATE = "PENDING_UPDATE"
 PENDING_DELETE = "PENDING_DELETE"
diff --git a/neutron/tests/unit/db/firewall/test_db_firewall.py b/neutron/tests/unit/db/firewall/test_db_firewall.py
index 816d2271800..5e27f5fc46c 100644
--- a/neutron/tests/unit/db/firewall/test_db_firewall.py
+++ b/neutron/tests/unit/db/firewall/test_db_firewall.py
@@ -15,6 +15,8 @@
 #
 # @author: Sumit Naiksatam, sumitnaiksatam@gmail.com, Big Switch Networks, Inc.
 
+from oslo.config import cfg
+
 import contextlib
 
 import mock
@@ -139,11 +141,12 @@ class FirewallPluginDbTestCase(test_db_plugin.NeutronDbPluginV2TestCase):
                  'audited': audited}
         return attrs
 
-    def _get_test_firewall_attrs(self, name='firewall_1'):
+    def _get_test_firewall_attrs(
+        self, name='firewall_1', status='PENDING_CREATE'):
         attrs = {'name': name,
                  'tenant_id': self._tenant_id,
                  'admin_state_up': ADMIN_STATE_UP,
-                 'status': 'PENDING_CREATE'}
+                 'status': status}
 
         return attrs
 
@@ -761,20 +764,26 @@ class TestFirewallDBPlugin(FirewallPluginDbTestCase):
                 res = req.get_response(self.ext_api)
                 self.assertEqual(res.status_int, 409)
 
-    def test_create_firewall(self):
-        name = "firewall1"
-        attrs = self._get_test_firewall_attrs(name)
-
+    def _test_create_firewall(self, attrs):
         with self.firewall_policy() as fwp:
             fwp_id = fwp['firewall_policy']['id']
             attrs['firewall_policy_id'] = fwp_id
-            with self.firewall(name=name,
+            with self.firewall(name=attrs['name'],
                                firewall_policy_id=fwp_id,
                                admin_state_up=
                                ADMIN_STATE_UP) as firewall:
                 for k, v in attrs.iteritems():
                     self.assertEqual(firewall['firewall'][k], v)
 
+    def test_create_firewall(self):
+        attrs = self._get_test_firewall_attrs("firewall1")
+        self._test_create_firewall(attrs)
+
+    def test_create_firewall_with_dvr(self):
+        cfg.CONF.set_override('router_distributed', True)
+        attrs = self._get_test_firewall_attrs("firewall1", "CREATED")
+        self._test_create_firewall(attrs)
+
     def test_show_firewall(self):
         name = "firewall1"
         attrs = self._get_test_firewall_attrs(name)