Merge "[OVS FW] Clean port rules if port not found in ovsdb" into stable/train

neutron/agent/linux/openvswitch_firewall/firewall.py

@@ -630,6 +630,9 @@ class OVSFirewallDriver(firewall.FirewallDriver):
             LOG.info("port %(port_id)s does not exist in ovsdb: %(err)s.",
                      {'port_id': port['device'],
                       'err': not_found_error})
+            # If port doesn't exist in ovsdb, lets ensure that there are no
+            # leftovers
+            self.remove_port_filter(port)
         except exceptions.OVSFWTagNotFound as tag_not_found:
             LOG.info("Tag was not found for port %(port_id)s: %(err)s.",
                      {'port_id': port['device'],

neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py

@@ -743,6 +743,16 @@ class TestOVSFirewallDriver(base.BaseTestCase):
             self.firewall.update_port_filter(port_dict)
         self.assertEqual(2, self.mock_bridge.apply_flows.call_count)
 
+    def test_update_port_filter_clean_when_port_not_found(self):
+        """Check flows are cleaned if port is not found in the bridge."""
+        port_dict = {'device': 'port-id',
+                     'security_groups': [1]}
+        self._prepare_security_group()
+        self.firewall.prepare_port_filter(port_dict)
+        self.mock_bridge.br.get_vif_port_by_id.return_value = None
+        self.firewall.update_port_filter(port_dict)
+        self.assertTrue(self.mock_bridge.br.delete_flows.called)
+
     def test_remove_port_filter(self):
         port_dict = {'device': 'port-id',
                      'security_groups': [1]}