diff --git a/neutron/agent/securitygroups_rpc.py b/neutron/agent/securitygroups_rpc.py index 48da746de43..36660287ca8 100644 --- a/neutron/agent/securitygroups_rpc.py +++ b/neutron/agent/securitygroups_rpc.py @@ -186,27 +186,6 @@ class SecurityGroupAgentRpc(object): else: self.refresh_firewall(devices) - def security_groups_provider_updated(self, port_ids_to_update): - LOG.info("Provider rule updated") - if port_ids_to_update is None: - # Update all devices - if self.defer_refresh_firewall: - self.global_refresh_firewall = True - else: - self.refresh_firewall() - else: - devices = [] - for device in self.firewall.ports.values(): - # neutron server will give port ids for update, However, L2 - # agent will use device name in firewall. Here change port id - # to device name, so that the L2 agent can consume it - if device['id'] in port_ids_to_update: - devices.append(device['device']) - if self.defer_refresh_firewall: - self.devices_to_refilter |= set(devices) - else: - self.refresh_firewall(devices) - def remove_devices_filter(self, device_ids): if not device_ids: return diff --git a/neutron/api/rpc/handlers/securitygroups_rpc.py b/neutron/api/rpc/handlers/securitygroups_rpc.py index 44d0ecf0474..ebf79ef06cf 100644 --- a/neutron/api/rpc/handlers/securitygroups_rpc.py +++ b/neutron/api/rpc/handlers/securitygroups_rpc.py @@ -158,25 +158,6 @@ class SecurityGroupAgentRpcApiMixin(object): cctxt.cast(context, 'security_groups_member_updated', security_groups=security_groups) - def security_groups_provider_updated(self, context, - devices_to_update=None): - """Notify provider updated security groups.""" - # TODO(kevinbenton): remove in Queens - # NOTE(ihrachys) the version here should really be 1.3, but since we - # don't support proper version pinning yet, we leave it intact to allow - # to work with older agents. The reason why we should not require the - # version here is that in rolling upgrade scenarios we always upgrade - # server first, and since the notification is directed from the newer - # server to older agents, and those agents don't have their RPC entry - # point bumped to 1.3 yet, we cannot safely enforce the minimal - # version. Newer payload works for older agents because agent handlers - # are written so that we silently ignore unknown parameters. - cctxt = self.client.prepare(version=self.SG_RPC_VERSION, - topic=self._get_security_group_topic(), - fanout=True) - cctxt.cast(context, 'security_groups_provider_updated', - devices_to_update=devices_to_update) - class SecurityGroupAgentRpcCallbackMixin(object): """A mix-in that enable SecurityGroup support in agent implementations. @@ -219,14 +200,6 @@ class SecurityGroupAgentRpcCallbackMixin(object): return self._security_groups_agent_not_set() self.sg_agent.security_groups_member_updated(security_groups) - def security_groups_provider_updated(self, context, **kwargs): - """Callback for security group provider update. - - This is now a NOOP since provider rules are static. The server just - generates the notification for agents running older versions that have - IP-specific rules. - """ - class SecurityGroupServerAPIShim(sg_rpc_base.SecurityGroupInfoAPIMixin): """Agent-side replacement for SecurityGroupServerRpcApi using local data. diff --git a/neutron/db/securitygroups_rpc_base.py b/neutron/db/securitygroups_rpc_base.py index 55406ed46a0..1bf5de27337 100644 --- a/neutron/db/securitygroups_rpc_base.py +++ b/neutron/db/securitygroups_rpc_base.py @@ -108,36 +108,16 @@ class SecurityGroupServerNotifierRpcMixin(sg_db.SecurityGroupDbMixin): ingress packet from the dhcp server (as a part of provider rules), so we need to notify an update of dhcp server ip address to the plugin agent. - security_groups_provider_updated() just notifies that an event - occurs and the plugin agent fetches the update provider - rule in the other RPC call (security_group_rules_for_devices). """ - sg_provider_updated_networks = set() sec_groups = set() for port in ports: - if port['device_owner'] == const.DEVICE_OWNER_DHCP: - sg_provider_updated_networks.add( - port['network_id']) - # For IPv6, provider rule need to be updated in case router - # interface is created or updated after VM port is created. # NOTE (Swami): ROUTER_INTERFACE_OWNERS check is required # since it includes the legacy router interface device owners # and DVR router interface device owners. - elif port['device_owner'] in const.ROUTER_INTERFACE_OWNERS: - if any(netaddr.IPAddress(fixed_ip['ip_address']).version == 6 - for fixed_ip in port['fixed_ips']): - sg_provider_updated_networks.add( - port['network_id']) - else: + if (port['device_owner'] not in + [const.DEVICE_OWNER_DHCP, const.ROUTER_INTERFACE_OWNERS]): sec_groups |= set(port.get(ext_sg.SECURITYGROUPS)) - if sg_provider_updated_networks: - ports_query = context.session.query(models_v2.Port.id).filter( - models_v2.Port.network_id.in_( - sg_provider_updated_networks)).all() - ports_to_update = [p.id for p in ports_query] - self.notifier.security_groups_provider_updated( - context, ports_to_update) if sec_groups: self.notifier.security_groups_member_updated( context, list(sec_groups)) diff --git a/neutron/plugins/ml2/drivers/agent/_agent_manager_base.py b/neutron/plugins/ml2/drivers/agent/_agent_manager_base.py index 7f8727ef70e..6248a8e8b56 100644 --- a/neutron/plugins/ml2/drivers/agent/_agent_manager_base.py +++ b/neutron/plugins/ml2/drivers/agent/_agent_manager_base.py @@ -59,10 +59,6 @@ class CommonAgentManagerRpcCallBackBase(object): :param security_groups: list of updated security_groups """ - @abc.abstractmethod - def security_groups_provider_updated(self, context, **kwargs): - """Callback for security group provider update.""" - def add_network(self, network_id, network_segment): """Add a network to the agent internal network list diff --git a/neutron/tests/unit/agent/test_securitygroups_rpc.py b/neutron/tests/unit/agent/test_securitygroups_rpc.py index ca3f324b297..b22f6986f62 100644 --- a/neutron/tests/unit/agent/test_securitygroups_rpc.py +++ b/neutron/tests/unit/agent/test_securitygroups_rpc.py @@ -192,60 +192,6 @@ class SGServerRpcCallBackTestCase(test_sg.SecurityGroupDBTestCase): req.get_response(self.api)) self._delete('ports', port_id) - def test_notify_security_group_ipv6_gateway_port_added(self): - self._test_security_group_port( - const.DEVICE_OWNER_ROUTER_INTF, - '2001:0db8::1', - '2001:0db8::/64', - 6, - '2001:0db8::1') - self.assertTrue(self.notifier.security_groups_provider_updated.called) - - def test_notify_security_group_dvr_ipv6_gateway_port_added(self): - self._test_security_group_port( - const.DEVICE_OWNER_DVR_INTERFACE, - '2001:0db8::1', - '2001:0db8::/64', - 6, - '2001:0db8::2') - self.assertTrue(self.notifier.security_groups_provider_updated.called) - - def test_notify_security_group_ipv6_normal_port_added(self): - self._test_security_group_port( - None, - '2001:0db8::1', - '2001:0db8::/64', - 6, - '2001:0db8::3') - self.assertFalse(self.notifier.security_groups_provider_updated.called) - - def test_notify_security_group_ipv4_dhcp_port_added(self): - self._test_security_group_port( - const.DEVICE_OWNER_DHCP, - '192.168.1.1', - '192.168.1.0/24', - 4, - '192.168.1.2') - self.assertTrue(self.notifier.security_groups_provider_updated.called) - - def test_notify_security_group_ipv4_gateway_port_added(self): - self._test_security_group_port( - const.DEVICE_OWNER_ROUTER_INTF, - '192.168.1.1', - '192.168.1.0/24', - 4, - '192.168.1.1') - self.assertFalse(self.notifier.security_groups_provider_updated.called) - - def test_notify_security_group_ipv4_normal_port_added(self): - self._test_security_group_port( - None, - '192.168.1.1', - '192.168.1.0/24', - 4, - '192.168.1.3') - self.assertFalse(self.notifier.security_groups_provider_updated.called) - def _test_sg_rules_for_devices_ipv4_ingress_port_range( self, min_port, max_port): fake_prefix = FAKE_PREFIX[const.IPv4] @@ -957,12 +903,6 @@ class SecurityGroupAgentRpcTestCase(BaseSecurityGroupAgentRpcTestCase): self.assertFalse(self.agent.refresh_firewall.called) self.assertFalse(self.firewall.security_group_updated.called) - def test_security_groups_provider_updated(self): - self.agent.refresh_firewall = mock.Mock() - self.agent.security_groups_provider_updated(None) - self.agent.refresh_firewall.assert_has_calls( - [mock.call.refresh_firewall()]) - def test_refresh_firewall(self): self.agent.prepare_devices_filter(['fake_port_id']) self.agent.refresh_firewall() @@ -1086,12 +1026,6 @@ class SecurityGroupAgentEnhancedRpcTestCase( self.assertFalse(self.agent.refresh_firewall.called) self.assertFalse(self.firewall.security_group_updated.called) - def test_security_groups_provider_updated_enhanced_rpc(self): - self.agent.refresh_firewall = mock.Mock() - self.agent.security_groups_provider_updated(None) - self.agent.refresh_firewall.assert_has_calls( - [mock.call.refresh_firewall()]) - def test_refresh_firewall_enhanced_rpc(self): self.agent.prepare_devices_filter(['fake_port_id']) self.agent.refresh_firewall() @@ -1234,24 +1168,6 @@ class SecurityGroupAgentRpcWithDeferredRefreshTestCase( self.assertIn('fake_device_2', self.agent.devices_to_refilter) self.assertFalse(self.firewall.security_group_updated.called) - def test_security_groups_provider_updated(self): - self.agent.security_groups_provider_updated(None) - self.assertTrue(self.agent.global_refresh_firewall) - - def test_security_groups_provider_updated_devices_specified(self): - self.agent.firewall.ports = { - 'fake_device_1': { - 'id': 'fake_port_id_1', - 'device': 'fake_device_1'}, - 'fake_device_2': { - 'id': 'fake_port_id_2', - 'device': 'fake_device_2'}} - self.agent.security_groups_provider_updated( - ['fake_port_id_1', 'fake_port_id_2']) - self.assertFalse(self.agent.global_refresh_firewall) - self.assertIn('fake_device_1', self.agent.devices_to_refilter) - self.assertIn('fake_device_2', self.agent.devices_to_refilter) - def test_setup_port_filters_new_ports_only(self): self.agent.prepare_devices_filter = mock.Mock() self.agent.refresh_firewall = mock.Mock() @@ -1411,12 +1327,6 @@ class SecurityGroupAgentRpcApiTestCase(base.BaseTestCase): self.mock_cast = mock.patch.object(self.notifier.client, 'cast').start() - def test_security_groups_provider_updated(self): - self.notifier.security_groups_provider_updated(None) - self.mock_cast.assert_has_calls( - [mock.call(None, 'security_groups_provider_updated', - devices_to_update=None)]) - def test_security_groups_rule_updated(self): self.notifier.security_groups_rule_updated( None, security_groups=['fake_sgid']) diff --git a/neutron/tests/unit/api/rpc/handlers/test_securitygroups_rpc.py b/neutron/tests/unit/api/rpc/handlers/test_securitygroups_rpc.py index 41cdc1272e1..d7ea4e8887f 100644 --- a/neutron/tests/unit/api/rpc/handlers/test_securitygroups_rpc.py +++ b/neutron/tests/unit/api/rpc/handlers/test_securitygroups_rpc.py @@ -61,11 +61,6 @@ class SGAgentRpcCallBackMixinTestCase(base.BaseTestCase): self.rpc.sg_agent.assert_has_calls( [mock.call.security_groups_member_updated(['fake_sgid'])]) - def test_security_groups_provider_updated(self): - self.rpc.security_groups_provider_updated(None) - # this is now a NOOP on the agent side. provider rules don't change - self.assertFalse(self.rpc.sg_agent.called) - class SecurityGroupServerAPIShimTestCase(base.BaseTestCase): diff --git a/neutron/tests/unit/plugins/ml2/drivers/agent/test__agent_manager_base.py b/neutron/tests/unit/plugins/ml2/drivers/agent/test__agent_manager_base.py index 49f4cb8790f..000ac6057ec 100644 --- a/neutron/tests/unit/plugins/ml2/drivers/agent/test__agent_manager_base.py +++ b/neutron/tests/unit/plugins/ml2/drivers/agent/test__agent_manager_base.py @@ -25,9 +25,6 @@ class RPCCallBackImpl(amb.CommonAgentManagerRpcCallBackBase): def security_groups_member_updated(self, context, **kwargs): pass - def security_groups_provider_updated(self, context, **kwargs): - pass - class Test_CommonAgentManagerRpcCallBackBase(base.BaseTestCase): def setUp(self): diff --git a/neutron/tests/unit/plugins/ml2/test_plugin.py b/neutron/tests/unit/plugins/ml2/test_plugin.py index 00051f1b82b..d4b5f5e9643 100644 --- a/neutron/tests/unit/plugins/ml2/test_plugin.py +++ b/neutron/tests/unit/plugins/ml2/test_plugin.py @@ -966,9 +966,7 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase): plugin = directory.get_plugin() with self.network() as net,\ mock.patch.object(plugin.notifier, - 'security_groups_member_updated') as m_upd,\ - mock.patch.object(plugin.notifier, - 'security_groups_provider_updated') as p_upd: + 'security_groups_member_updated') as m_upd: res = self._create_port_bulk(self.fmt, 3, net['network']['id'], 'test', True, context=ctx) @@ -976,25 +974,13 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase): used_sg = ports['ports'][0]['security_groups'] m_upd.assert_has_calls( [mock.call(ctx, [sg]) for sg in used_sg], any_order=True) - self.assertFalse(p_upd.called) - - def _check_security_groups_provider_updated_args(self, p_upd_mock, net_id): - query_params = "network_id=%s" % net_id - network_ports = self._list('ports', query_params=query_params) - network_ports_ids = [port['id'] for port in network_ports['ports']] - self.assertTrue(p_upd_mock.called) - p_upd_args = p_upd_mock.call_args - ports_ids = p_upd_args[0][1] - self.assertEqual(sorted(network_ports_ids), sorted(ports_ids)) def test_create_ports_bulk_with_sec_grp_member_provider_update(self): ctx = context.get_admin_context() plugin = directory.get_plugin() with self.network() as net,\ mock.patch.object(plugin.notifier, - 'security_groups_member_updated') as m_upd,\ - mock.patch.object(plugin.notifier, - 'security_groups_provider_updated') as p_upd: + 'security_groups_member_updated') as m_upd: net_id = net['network']['id'] data = [{ @@ -1013,14 +999,11 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase): ports = self.deserialize(self.fmt, res) used_sg = ports['ports'][0]['security_groups'] m_upd.assert_called_once_with(ctx, used_sg) - self._check_security_groups_provider_updated_args(p_upd, net_id) m_upd.reset_mock() - p_upd.reset_mock() data[0]['device_owner'] = constants.DEVICE_OWNER_DHCP self._create_bulk_from_list(self.fmt, 'port', data, context=ctx) self.assertFalse(m_upd.called) - self._check_security_groups_provider_updated_args(p_upd, net_id) def test_create_ports_bulk_with_sec_grp_provider_update_ipv6(self): ctx = context.get_admin_context() @@ -1034,10 +1017,7 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase): ip_version=6) as snet_v6,\ mock.patch.object( plugin.notifier, - 'security_groups_member_updated') as m_upd,\ - mock.patch.object( - plugin.notifier, - 'security_groups_provider_updated') as p_upd: + 'security_groups_member_updated') as m_upd: net_id = net['network']['id'] data = [{ @@ -1050,8 +1030,6 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase): self._create_bulk_from_list(self.fmt, 'port', data, context=ctx) self.assertFalse(m_upd.called) - self._check_security_groups_provider_updated_args( - p_upd, net_id) def test_delete_port_no_notify_in_disassociate_floatingips(self): ctx = context.get_admin_context()