openstack/neutron
Code Issues Proposed changes

Merge "Rule, member updates are missed with enhanced rpc"

Browse Source
This commit is contained in:
Jenkins
2016-01-23 01:27:52 +00:00
committed by Gerrit Code Review
parent 84b1af0e78 a8e9cc848b
commit 9aa91b12b6
2 changed files with 14 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
neutron/agent/securitygroups_rpc.py
View File

@@ -160,13 +160,13 @@ class SecurityGroupAgentRpc(object):
self.context, list(device_ids)) self.context, list(device_ids))
with self.firewall.defer_apply(): with self.firewall.defer_apply():
for device in devices.values():
self.firewall.prepare_port_filter(device)
if self.use_enhanced_rpc: if self.use_enhanced_rpc:
LOG.debug("Update security group information for ports %s", LOG.debug("Update security group information for ports %s",
devices.keys()) devices.keys())
self._update_security_group_info( self._update_security_group_info(
security_groups, security_group_member_ips) security_groups, security_group_member_ips)
for device in devices.values():
self.firewall.prepare_port_filter(device)
def _update_security_group_info(self, security_groups, def _update_security_group_info(self, security_groups,
security_group_member_ips): security_group_member_ips):
@@ -250,14 +250,14 @@ class SecurityGroupAgentRpc(object):
self.context, device_ids) self.context, device_ids)
with self.firewall.defer_apply(): with self.firewall.defer_apply():
for device in devices.values():
LOG.debug("Update port filter for %s", device['device'])
self.firewall.update_port_filter(device)
if self.use_enhanced_rpc: if self.use_enhanced_rpc:
LOG.debug("Update security group information for ports %s", LOG.debug("Update security group information for ports %s",
devices.keys()) devices.keys())
self._update_security_group_info( self._update_security_group_info(
security_groups, security_group_member_ips) security_groups, security_group_member_ips)
for device in devices.values():
LOG.debug("Update port filter for %s", device['device'])
self.firewall.update_port_filter(device)
def firewall_refresh_needed(self): def firewall_refresh_needed(self):
return self.global_refresh_firewall or self.devices_to_refilter return self.global_refresh_firewall or self.devices_to_refilter

17
neutron/tests/unit/agent/test_securitygroups_rpc.py
View File

@@ -1292,12 +1292,12 @@ class SecurityGroupAgentEnhancedRpcTestCase(
'fake_sgid2', {'IPv4': [], 'IPv6': []}) 'fake_sgid2', {'IPv4': [], 'IPv6': []})
# ignore device which is not filtered # ignore device which is not filtered
self.firewall.assert_has_calls([mock.call.defer_apply(), self.firewall.assert_has_calls([mock.call.defer_apply(),
mock.call.prepare_port_filter(
self.fake_device),
mock.call.update_security_group_rules( mock.call.update_security_group_rules(
'fake_sgid2', []), 'fake_sgid2', []),
tmp_mock1, tmp_mock1,
tmp_mock2, tmp_mock2,
mock.call.prepare_port_filter(
self.fake_device),
mock.call.defer_apply(), mock.call.defer_apply(),
mock.call.remove_port_filter( mock.call.remove_port_filter(
self.fake_device), self.fake_device),
@@ -1348,39 +1348,40 @@ class SecurityGroupAgentEnhancedRpcTestCase(
self.agent.prepare_devices_filter(['fake_port_id']) self.agent.prepare_devices_filter(['fake_port_id'])
self.agent.refresh_firewall() self.agent.refresh_firewall()
calls = [mock.call.defer_apply(), calls = [mock.call.defer_apply(),
mock.call.prepare_port_filter(self.fake_device),
mock.call.update_security_group_rules('fake_sgid2', []), mock.call.update_security_group_rules('fake_sgid2', []),
mock.call.update_security_group_rules( mock.call.update_security_group_rules(
'fake_sgid1', [{'remote_group_id': 'fake_sgid2'}]), 'fake_sgid1', [{'remote_group_id': 'fake_sgid2'}]),
mock.call.update_security_group_members( mock.call.update_security_group_members(
'fake_sgid2', {'IPv4': [], 'IPv6': []}), 'fake_sgid2', {'IPv4': [], 'IPv6': []}),
mock.call.prepare_port_filter(self.fake_device),
mock.call.defer_apply(), mock.call.defer_apply(),
mock.call.update_port_filter(self.fake_device),
mock.call.update_security_group_rules('fake_sgid2', []), mock.call.update_security_group_rules('fake_sgid2', []),
mock.call.update_security_group_rules( mock.call.update_security_group_rules(
'fake_sgid1', [{'remote_group_id': 'fake_sgid2'}]), 'fake_sgid1', [{'remote_group_id': 'fake_sgid2'}]),
mock.call.update_security_group_members( mock.call.update_security_group_members(
'fake_sgid2', {'IPv4': [], 'IPv6': []})] 'fake_sgid2', {'IPv4': [], 'IPv6': []}),
mock.call.update_port_filter(self.fake_device)]
self.firewall.assert_has_calls(calls) self.firewall.assert_has_calls(calls)
def test_refresh_firewall_devices_enhanced_rpc(self): def test_refresh_firewall_devices_enhanced_rpc(self):
self.agent.prepare_devices_filter(['fake_device']) self.agent.prepare_devices_filter(['fake_device'])
self.agent.refresh_firewall([self.fake_device]) self.agent.refresh_firewall([self.fake_device])
calls = [mock.call.defer_apply(), calls = [mock.call.defer_apply(),
mock.call.prepare_port_filter(self.fake_device),
mock.call.update_security_group_rules('fake_sgid2', []), mock.call.update_security_group_rules('fake_sgid2', []),
mock.call.update_security_group_rules('fake_sgid1', [ mock.call.update_security_group_rules('fake_sgid1', [
{'remote_group_id': 'fake_sgid2'}]), {'remote_group_id': 'fake_sgid2'}]),
mock.call.update_security_group_members('fake_sgid2', { mock.call.update_security_group_members('fake_sgid2', {
'IPv4': [], 'IPv6': [] 'IPv4': [], 'IPv6': []
}), }),
mock.call.prepare_port_filter(self.fake_device),
mock.call.defer_apply(), mock.call.defer_apply(),
mock.call.update_port_filter(self.fake_device),
mock.call.update_security_group_rules('fake_sgid2', []), mock.call.update_security_group_rules('fake_sgid2', []),
mock.call.update_security_group_rules('fake_sgid1', [ mock.call.update_security_group_rules('fake_sgid1', [
{'remote_group_id': 'fake_sgid2'}]), {'remote_group_id': 'fake_sgid2'}]),
mock.call.update_security_group_members('fake_sgid2', { mock.call.update_security_group_members('fake_sgid2', {
'IPv4': [], 'IPv6': []}) 'IPv4': [], 'IPv6': []}),
mock.call.update_port_filter(self.fake_device)
] ]
self.firewall.assert_has_calls(calls) self.firewall.assert_has_calls(calls)