[OVN] Do not fail when processing SG rule deletion

When a security group rule deletion command is issued, before executing the database operations, a "BEFORE_DELETE" event is raised. The OVN handler attending to this event should not fail if the security group rule does not exist; the database transaction [1] will in case of not finding it, raising the correct exception and HTTP 404 error: Jun 29 16:58:28 dev20 neutron-server[8820]: INFO neutron.wsgi [None \ req-1821ec9f-2439-420b-80eb-1138896de865 demo admin] 192.168.10.70 \ "GET /v2.0/security-group-rules/missing_sg_rule_example HTTP/1.1" \ status: 404 len: 348 time: 0.0352871 [1]6196c0873b/neutron/db/securitygroups_db.py (L858-L868) Conflicts: neutron/plugins/ml2/drivers/ovn/mech_driver/mech_driver.py Change-Id: I58f6e5b309e089f6681d2c4bbff4ff7fda96435f Closes-Bug: #1933638 (cherry picked from commit 6a74cd76fd)
2021-06-29 16:48:26 +00:00 · 2021-06-29 16:48:26 +00:00 · 84ed85c7f1
parent e0748a58ef
commit 84ed85c7f1
1 changed files with 7 additions and 2 deletions
--- a/neutron/plugins/ml2/drivers/ovn/mech_driver/mech_driver.py
+++ b/neutron/plugins/ml2/drivers/ovn/mech_driver/mech_driver.py
@ -47,6 +47,7 @@ from neutron.conf.plugins.ml2.drivers.ovn import ovn_conf
 from neutron.db import ovn_hash_ring_db
 from neutron.db import ovn_revision_numbers_db
 from neutron.db import provisioning_blocks
+from neutron.extensions import securitygroup as ext_sg
 from neutron.plugins.ml2 import db as ml2_db
 from neutron.plugins.ml2.drivers.ovn.agent import neutron_agent as n_agent
 from neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb import impl_idl_ovn
@ -326,8 +327,12 @@ class OVNMechanismDriver(api.MechanismDriver):
            self._ovn_client.create_security_group_rule(
                kwargs['context'], kwargs.get('security_group_rule'))
        elif event == events.BEFORE_DELETE:
-            sg_rule = self._plugin.get_security_group_rule(
-                kwargs['context'], kwargs.get('security_group_rule_id'))
+            try:
+                sg_rule = self._plugin.get_security_group_rule(
+                    kwargs['context'], kwargs.get('security_group_rule_id'))
+            except ext_sg.SecurityGroupRuleNotFound:
+                return
+
            if sg_rule.get('remote_ip_prefix') is not None:
                if self._sg_has_rules_with_same_normalized_cidr(sg_rule):
                    return