Parcourir la source

Merge "[OVS FW] Clean port rules if port not found in ovsdb" into stable/rocky

tags/13.0.6
Zuul Gerrit Code Review il y a 5 mois
Parent
révision
2a81f9879d
2 fichiers modifiés avec 13 ajouts et 0 suppressions
  1. +3
    -0
      neutron/agent/linux/openvswitch_firewall/firewall.py
  2. +10
    -0
      neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py

+ 3
- 0
neutron/agent/linux/openvswitch_firewall/firewall.py Voir le fichier

@@ -601,6 +601,9 @@ class OVSFirewallDriver(firewall.FirewallDriver):
LOG.info("port %(port_id)s does not exist in ovsdb: %(err)s.",
{'port_id': port['device'],
'err': not_found_error})
# If port doesn't exist in ovsdb, lets ensure that there are no
# leftovers
self.remove_port_filter(port)

def _set_port_filters(self, of_port):
self.initialize_port_flows(of_port)


+ 10
- 0
neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py Voir le fichier

@@ -643,6 +643,16 @@ class TestOVSFirewallDriver(base.BaseTestCase):
self.firewall.update_port_filter(port_dict)
self.assertEqual(2, self.mock_bridge.apply_flows.call_count)

def test_update_port_filter_clean_when_port_not_found(self):
"""Check flows are cleaned if port is not found in the bridge."""
port_dict = {'device': 'port-id',
'security_groups': [1]}
self._prepare_security_group()
self.firewall.prepare_port_filter(port_dict)
self.mock_bridge.br.get_vif_port_by_id.return_value = None
self.firewall.update_port_filter(port_dict)
self.assertTrue(self.mock_bridge.br.delete_flows.called)

def test_remove_port_filter(self):
port_dict = {'device': 'port-id',
'security_groups': [1]}


Chargement…
Annuler
Enregistrer