diff --git a/neutron/agent/securitygroups_rpc.py b/neutron/agent/securitygroups_rpc.py index a08736773bb..e849b8b21f9 100644 --- a/neutron/agent/securitygroups_rpc.py +++ b/neutron/agent/securitygroups_rpc.py @@ -160,13 +160,13 @@ class SecurityGroupAgentRpc(object): self.context, list(device_ids)) with self.firewall.defer_apply(): - for device in devices.values(): - self.firewall.prepare_port_filter(device) if self.use_enhanced_rpc: LOG.debug("Update security group information for ports %s", devices.keys()) self._update_security_group_info( security_groups, security_group_member_ips) + for device in devices.values(): + self.firewall.prepare_port_filter(device) def _update_security_group_info(self, security_groups, security_group_member_ips): @@ -250,14 +250,14 @@ class SecurityGroupAgentRpc(object): self.context, device_ids) with self.firewall.defer_apply(): - for device in devices.values(): - LOG.debug("Update port filter for %s", device['device']) - self.firewall.update_port_filter(device) if self.use_enhanced_rpc: LOG.debug("Update security group information for ports %s", devices.keys()) self._update_security_group_info( security_groups, security_group_member_ips) + for device in devices.values(): + LOG.debug("Update port filter for %s", device['device']) + self.firewall.update_port_filter(device) def firewall_refresh_needed(self): return self.global_refresh_firewall or self.devices_to_refilter diff --git a/neutron/tests/unit/agent/test_securitygroups_rpc.py b/neutron/tests/unit/agent/test_securitygroups_rpc.py index 132b3aaacb0..954b73f0084 100644 --- a/neutron/tests/unit/agent/test_securitygroups_rpc.py +++ b/neutron/tests/unit/agent/test_securitygroups_rpc.py @@ -1292,12 +1292,12 @@ class SecurityGroupAgentEnhancedRpcTestCase( 'fake_sgid2', {'IPv4': [], 'IPv6': []}) # ignore device which is not filtered self.firewall.assert_has_calls([mock.call.defer_apply(), - mock.call.prepare_port_filter( - self.fake_device), mock.call.update_security_group_rules( 'fake_sgid2', []), tmp_mock1, tmp_mock2, + mock.call.prepare_port_filter( + self.fake_device), mock.call.defer_apply(), mock.call.remove_port_filter( self.fake_device), @@ -1348,39 +1348,40 @@ class SecurityGroupAgentEnhancedRpcTestCase( self.agent.prepare_devices_filter(['fake_port_id']) self.agent.refresh_firewall() calls = [mock.call.defer_apply(), - mock.call.prepare_port_filter(self.fake_device), mock.call.update_security_group_rules('fake_sgid2', []), mock.call.update_security_group_rules( 'fake_sgid1', [{'remote_group_id': 'fake_sgid2'}]), mock.call.update_security_group_members( 'fake_sgid2', {'IPv4': [], 'IPv6': []}), + mock.call.prepare_port_filter(self.fake_device), mock.call.defer_apply(), - mock.call.update_port_filter(self.fake_device), mock.call.update_security_group_rules('fake_sgid2', []), mock.call.update_security_group_rules( 'fake_sgid1', [{'remote_group_id': 'fake_sgid2'}]), mock.call.update_security_group_members( - 'fake_sgid2', {'IPv4': [], 'IPv6': []})] + 'fake_sgid2', {'IPv4': [], 'IPv6': []}), + mock.call.update_port_filter(self.fake_device)] + self.firewall.assert_has_calls(calls) def test_refresh_firewall_devices_enhanced_rpc(self): self.agent.prepare_devices_filter(['fake_device']) self.agent.refresh_firewall([self.fake_device]) calls = [mock.call.defer_apply(), - mock.call.prepare_port_filter(self.fake_device), mock.call.update_security_group_rules('fake_sgid2', []), mock.call.update_security_group_rules('fake_sgid1', [ {'remote_group_id': 'fake_sgid2'}]), mock.call.update_security_group_members('fake_sgid2', { 'IPv4': [], 'IPv6': [] }), + mock.call.prepare_port_filter(self.fake_device), mock.call.defer_apply(), - mock.call.update_port_filter(self.fake_device), mock.call.update_security_group_rules('fake_sgid2', []), mock.call.update_security_group_rules('fake_sgid1', [ {'remote_group_id': 'fake_sgid2'}]), mock.call.update_security_group_members('fake_sgid2', { - 'IPv4': [], 'IPv6': []}) + 'IPv4': [], 'IPv6': []}), + mock.call.update_port_filter(self.fake_device) ] self.firewall.assert_has_calls(calls)