openstack
/
neutron
Code Issues Proposed changes

Merge "Remove security_groups_provider_updated rpc code"

This commit is contained in:
Jenkins 2017-09-22 22:30:25 +00:00 committed by Gerrit Code Review
parent 6994914d8e 40ef314590
commit b192ffe73d
8 changed files with 5 additions and 197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
neutron/agent/securitygroups_rpc.py
View File

@ -186,27 +186,6 @@ class SecurityGroupAgentRpc(object):
else: else:
self.refresh_firewall(devices) self.refresh_firewall(devices)
def security_groups_provider_updated(self, port_ids_to_update):
LOG.info("Provider rule updated")
if port_ids_to_update is None:
# Update all devices
if self.defer_refresh_firewall:
self.global_refresh_firewall = True
else:
self.refresh_firewall()
else:
devices = []
for device in self.firewall.ports.values():
# neutron server will give port ids for update, However, L2
# agent will use device name in firewall. Here change port id
# to device name, so that the L2 agent can consume it
if device['id'] in port_ids_to_update:
devices.append(device['device'])
if self.defer_refresh_firewall:
self.devices_to_refilter |= set(devices)
else:
self.refresh_firewall(devices)
def remove_devices_filter(self, device_ids): def remove_devices_filter(self, device_ids):
if not device_ids: if not device_ids:
return return

27
neutron/api/rpc/handlers/securitygroups_rpc.py
View File

@ -158,25 +158,6 @@ class SecurityGroupAgentRpcApiMixin(object):
cctxt.cast(context, 'security_groups_member_updated', cctxt.cast(context, 'security_groups_member_updated',
security_groups=security_groups) security_groups=security_groups)
def security_groups_provider_updated(self, context,
devices_to_update=None):
"""Notify provider updated security groups."""
# TODO(kevinbenton): remove in Queens
# NOTE(ihrachys) the version here should really be 1.3, but since we
# don't support proper version pinning yet, we leave it intact to allow
# to work with older agents. The reason why we should not require the
# version here is that in rolling upgrade scenarios we always upgrade
# server first, and since the notification is directed from the newer
# server to older agents, and those agents don't have their RPC entry
# point bumped to 1.3 yet, we cannot safely enforce the minimal
# version. Newer payload works for older agents because agent handlers
# are written so that we silently ignore unknown parameters.
cctxt = self.client.prepare(version=self.SG_RPC_VERSION,
topic=self._get_security_group_topic(),
fanout=True)
cctxt.cast(context, 'security_groups_provider_updated',
devices_to_update=devices_to_update)
class SecurityGroupAgentRpcCallbackMixin(object): class SecurityGroupAgentRpcCallbackMixin(object):
"""A mix-in that enable SecurityGroup support in agent implementations. """A mix-in that enable SecurityGroup support in agent implementations.
@ -219,14 +200,6 @@ class SecurityGroupAgentRpcCallbackMixin(object):
return self._security_groups_agent_not_set() return self._security_groups_agent_not_set()
self.sg_agent.security_groups_member_updated(security_groups) self.sg_agent.security_groups_member_updated(security_groups)
def security_groups_provider_updated(self, context, **kwargs):
"""Callback for security group provider update.
This is now a NOOP since provider rules are static. The server just
generates the notification for agents running older versions that have
IP-specific rules.
"""
class SecurityGroupServerAPIShim(sg_rpc_base.SecurityGroupInfoAPIMixin): class SecurityGroupServerAPIShim(sg_rpc_base.SecurityGroupInfoAPIMixin):
"""Agent-side replacement for SecurityGroupServerRpcApi using local data. """Agent-side replacement for SecurityGroupServerRpcApi using local data.

24
neutron/db/securitygroups_rpc_base.py
View File

@ -108,36 +108,16 @@ class SecurityGroupServerNotifierRpcMixin(sg_db.SecurityGroupDbMixin):
ingress packet from the dhcp server (as a part of provider rules), ingress packet from the dhcp server (as a part of provider rules),
so we need to notify an update of dhcp server ip so we need to notify an update of dhcp server ip
address to the plugin agent. address to the plugin agent.
security_groups_provider_updated() just notifies that an event
occurs and the plugin agent fetches the update provider
rule in the other RPC call (security_group_rules_for_devices).
""" """
sg_provider_updated_networks = set()
sec_groups = set() sec_groups = set()
for port in ports: for port in ports:
if port['device_owner'] == const.DEVICE_OWNER_DHCP:
sg_provider_updated_networks.add(
port['network_id'])
# For IPv6, provider rule need to be updated in case router
# interface is created or updated after VM port is created.
# NOTE (Swami): ROUTER_INTERFACE_OWNERS check is required # NOTE (Swami): ROUTER_INTERFACE_OWNERS check is required
# since it includes the legacy router interface device owners # since it includes the legacy router interface device owners
# and DVR router interface device owners. # and DVR router interface device owners.
elif port['device_owner'] in const.ROUTER_INTERFACE_OWNERS: if (port['device_owner'] not in
if any(netaddr.IPAddress(fixed_ip['ip_address']).version == 6 [const.DEVICE_OWNER_DHCP, const.ROUTER_INTERFACE_OWNERS]):
for fixed_ip in port['fixed_ips']):
sg_provider_updated_networks.add(
port['network_id'])
else:
sec_groups |= set(port.get(ext_sg.SECURITYGROUPS)) sec_groups |= set(port.get(ext_sg.SECURITYGROUPS))
if sg_provider_updated_networks:
ports_query = context.session.query(models_v2.Port.id).filter(
models_v2.Port.network_id.in_(
sg_provider_updated_networks)).all()
ports_to_update = [p.id for p in ports_query]
self.notifier.security_groups_provider_updated(
context, ports_to_update)
if sec_groups: if sec_groups:
self.notifier.security_groups_member_updated( self.notifier.security_groups_member_updated(
context, list(sec_groups)) context, list(sec_groups))

4
neutron/plugins/ml2/drivers/agent/_agent_manager_base.py
View File

@ -59,10 +59,6 @@ class CommonAgentManagerRpcCallBackBase(object):
:param security_groups: list of updated security_groups :param security_groups: list of updated security_groups
""" """
@abc.abstractmethod
def security_groups_provider_updated(self, context, **kwargs):
"""Callback for security group provider update."""
def add_network(self, network_id, network_segment): def add_network(self, network_id, network_segment):
"""Add a network to the agent internal network list """Add a network to the agent internal network list

90
neutron/tests/unit/agent/test_securitygroups_rpc.py
View File

@ -192,60 +192,6 @@ class SGServerRpcCallBackTestCase(test_sg.SecurityGroupDBTestCase):
req.get_response(self.api)) req.get_response(self.api))
self._delete('ports', port_id) self._delete('ports', port_id)
def test_notify_security_group_ipv6_gateway_port_added(self):
self._test_security_group_port(
const.DEVICE_OWNER_ROUTER_INTF,
'2001:0db8::1',
'2001:0db8::/64',
6,
'2001:0db8::1')
self.assertTrue(self.notifier.security_groups_provider_updated.called)
def test_notify_security_group_dvr_ipv6_gateway_port_added(self):
self._test_security_group_port(
const.DEVICE_OWNER_DVR_INTERFACE,
'2001:0db8::1',
'2001:0db8::/64',
6,
'2001:0db8::2')
self.assertTrue(self.notifier.security_groups_provider_updated.called)
def test_notify_security_group_ipv6_normal_port_added(self):
self._test_security_group_port(
None,
'2001:0db8::1',
'2001:0db8::/64',
6,
'2001:0db8::3')
self.assertFalse(self.notifier.security_groups_provider_updated.called)
def test_notify_security_group_ipv4_dhcp_port_added(self):
self._test_security_group_port(
const.DEVICE_OWNER_DHCP,
'192.168.1.1',
'192.168.1.0/24',
4,
'192.168.1.2')
self.assertTrue(self.notifier.security_groups_provider_updated.called)
def test_notify_security_group_ipv4_gateway_port_added(self):
self._test_security_group_port(
const.DEVICE_OWNER_ROUTER_INTF,
'192.168.1.1',
'192.168.1.0/24',
4,
'192.168.1.1')
self.assertFalse(self.notifier.security_groups_provider_updated.called)
def test_notify_security_group_ipv4_normal_port_added(self):
self._test_security_group_port(
None,
'192.168.1.1',
'192.168.1.0/24',
4,
'192.168.1.3')
self.assertFalse(self.notifier.security_groups_provider_updated.called)
def _test_sg_rules_for_devices_ipv4_ingress_port_range( def _test_sg_rules_for_devices_ipv4_ingress_port_range(
self, min_port, max_port): self, min_port, max_port):
fake_prefix = FAKE_PREFIX[const.IPv4] fake_prefix = FAKE_PREFIX[const.IPv4]
@ -957,12 +903,6 @@ class SecurityGroupAgentRpcTestCase(BaseSecurityGroupAgentRpcTestCase):
self.assertFalse(self.agent.refresh_firewall.called) self.assertFalse(self.agent.refresh_firewall.called)
self.assertFalse(self.firewall.security_group_updated.called) self.assertFalse(self.firewall.security_group_updated.called)
def test_security_groups_provider_updated(self):
self.agent.refresh_firewall = mock.Mock()
self.agent.security_groups_provider_updated(None)
self.agent.refresh_firewall.assert_has_calls(
[mock.call.refresh_firewall()])
def test_refresh_firewall(self): def test_refresh_firewall(self):
self.agent.prepare_devices_filter(['fake_port_id']) self.agent.prepare_devices_filter(['fake_port_id'])
self.agent.refresh_firewall() self.agent.refresh_firewall()
@ -1086,12 +1026,6 @@ class SecurityGroupAgentEnhancedRpcTestCase(
self.assertFalse(self.agent.refresh_firewall.called) self.assertFalse(self.agent.refresh_firewall.called)
self.assertFalse(self.firewall.security_group_updated.called) self.assertFalse(self.firewall.security_group_updated.called)
def test_security_groups_provider_updated_enhanced_rpc(self):
self.agent.refresh_firewall = mock.Mock()
self.agent.security_groups_provider_updated(None)
self.agent.refresh_firewall.assert_has_calls(
[mock.call.refresh_firewall()])
def test_refresh_firewall_enhanced_rpc(self): def test_refresh_firewall_enhanced_rpc(self):
self.agent.prepare_devices_filter(['fake_port_id']) self.agent.prepare_devices_filter(['fake_port_id'])
self.agent.refresh_firewall() self.agent.refresh_firewall()
@ -1234,24 +1168,6 @@ class SecurityGroupAgentRpcWithDeferredRefreshTestCase(
self.assertIn('fake_device_2', self.agent.devices_to_refilter) self.assertIn('fake_device_2', self.agent.devices_to_refilter)
self.assertFalse(self.firewall.security_group_updated.called) self.assertFalse(self.firewall.security_group_updated.called)
def test_security_groups_provider_updated(self):
self.agent.security_groups_provider_updated(None)
self.assertTrue(self.agent.global_refresh_firewall)
def test_security_groups_provider_updated_devices_specified(self):
self.agent.firewall.ports = {
'fake_device_1': {
'id': 'fake_port_id_1',
'device': 'fake_device_1'},
'fake_device_2': {
'id': 'fake_port_id_2',
'device': 'fake_device_2'}}
self.agent.security_groups_provider_updated(
['fake_port_id_1', 'fake_port_id_2'])
self.assertFalse(self.agent.global_refresh_firewall)
self.assertIn('fake_device_1', self.agent.devices_to_refilter)
self.assertIn('fake_device_2', self.agent.devices_to_refilter)
def test_setup_port_filters_new_ports_only(self): def test_setup_port_filters_new_ports_only(self):
self.agent.prepare_devices_filter = mock.Mock() self.agent.prepare_devices_filter = mock.Mock()
self.agent.refresh_firewall = mock.Mock() self.agent.refresh_firewall = mock.Mock()
@ -1411,12 +1327,6 @@ class SecurityGroupAgentRpcApiTestCase(base.BaseTestCase):
self.mock_cast = mock.patch.object(self.notifier.client, self.mock_cast = mock.patch.object(self.notifier.client,
'cast').start() 'cast').start()
def test_security_groups_provider_updated(self):
self.notifier.security_groups_provider_updated(None)
self.mock_cast.assert_has_calls(
[mock.call(None, 'security_groups_provider_updated',
devices_to_update=None)])
def test_security_groups_rule_updated(self): def test_security_groups_rule_updated(self):
self.notifier.security_groups_rule_updated( self.notifier.security_groups_rule_updated(
None, security_groups=['fake_sgid']) None, security_groups=['fake_sgid'])

5
neutron/tests/unit/api/rpc/handlers/test_securitygroups_rpc.py
View File

@ -61,11 +61,6 @@ class SGAgentRpcCallBackMixinTestCase(base.BaseTestCase):
self.rpc.sg_agent.assert_has_calls( self.rpc.sg_agent.assert_has_calls(
[mock.call.security_groups_member_updated(['fake_sgid'])]) [mock.call.security_groups_member_updated(['fake_sgid'])])
def test_security_groups_provider_updated(self):
self.rpc.security_groups_provider_updated(None)
# this is now a NOOP on the agent side. provider rules don't change
self.assertFalse(self.rpc.sg_agent.called)
class SecurityGroupServerAPIShimTestCase(base.BaseTestCase): class SecurityGroupServerAPIShimTestCase(base.BaseTestCase):

3
neutron/tests/unit/plugins/ml2/drivers/agent/test__agent_manager_base.py
View File

@ -25,9 +25,6 @@ class RPCCallBackImpl(amb.CommonAgentManagerRpcCallBackBase):
def security_groups_member_updated(self, context, **kwargs): def security_groups_member_updated(self, context, **kwargs):
pass pass
def security_groups_provider_updated(self, context, **kwargs):
pass
class Test_CommonAgentManagerRpcCallBackBase(base.BaseTestCase): class Test_CommonAgentManagerRpcCallBackBase(base.BaseTestCase):
def setUp(self): def setUp(self):

28
neutron/tests/unit/plugins/ml2/test_plugin.py
View File

@ -966,9 +966,7 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
plugin = directory.get_plugin() plugin = directory.get_plugin()
with self.network() as net,\ with self.network() as net,\
mock.patch.object(plugin.notifier, mock.patch.object(plugin.notifier,
'security_groups_member_updated') as m_upd,\ 'security_groups_member_updated') as m_upd:
mock.patch.object(plugin.notifier,
'security_groups_provider_updated') as p_upd:
res = self._create_port_bulk(self.fmt, 3, net['network']['id'], res = self._create_port_bulk(self.fmt, 3, net['network']['id'],
'test', True, context=ctx) 'test', True, context=ctx)
@ -976,25 +974,13 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
used_sg = ports['ports'][0]['security_groups'] used_sg = ports['ports'][0]['security_groups']
m_upd.assert_has_calls( m_upd.assert_has_calls(
[mock.call(ctx, [sg]) for sg in used_sg], any_order=True) [mock.call(ctx, [sg]) for sg in used_sg], any_order=True)
self.assertFalse(p_upd.called)
def _check_security_groups_provider_updated_args(self, p_upd_mock, net_id):
query_params = "network_id=%s" % net_id
network_ports = self._list('ports', query_params=query_params)
network_ports_ids = [port['id'] for port in network_ports['ports']]
self.assertTrue(p_upd_mock.called)
p_upd_args = p_upd_mock.call_args
ports_ids = p_upd_args[0][1]
self.assertEqual(sorted(network_ports_ids), sorted(ports_ids))
def test_create_ports_bulk_with_sec_grp_member_provider_update(self): def test_create_ports_bulk_with_sec_grp_member_provider_update(self):
ctx = context.get_admin_context() ctx = context.get_admin_context()
plugin = directory.get_plugin() plugin = directory.get_plugin()
with self.network() as net,\ with self.network() as net,\
mock.patch.object(plugin.notifier, mock.patch.object(plugin.notifier,
'security_groups_member_updated') as m_upd,\ 'security_groups_member_updated') as m_upd:
mock.patch.object(plugin.notifier,
'security_groups_provider_updated') as p_upd:
net_id = net['network']['id'] net_id = net['network']['id']
data = [{ data = [{
@ -1013,14 +999,11 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
ports = self.deserialize(self.fmt, res) ports = self.deserialize(self.fmt, res)
used_sg = ports['ports'][0]['security_groups'] used_sg = ports['ports'][0]['security_groups']
m_upd.assert_called_once_with(ctx, used_sg) m_upd.assert_called_once_with(ctx, used_sg)
self._check_security_groups_provider_updated_args(p_upd, net_id)
m_upd.reset_mock() m_upd.reset_mock()
p_upd.reset_mock()
data[0]['device_owner'] = constants.DEVICE_OWNER_DHCP data[0]['device_owner'] = constants.DEVICE_OWNER_DHCP
self._create_bulk_from_list(self.fmt, 'port', self._create_bulk_from_list(self.fmt, 'port',
data, context=ctx) data, context=ctx)
self.assertFalse(m_upd.called) self.assertFalse(m_upd.called)
self._check_security_groups_provider_updated_args(p_upd, net_id)
def test_create_ports_bulk_with_sec_grp_provider_update_ipv6(self): def test_create_ports_bulk_with_sec_grp_provider_update_ipv6(self):
ctx = context.get_admin_context() ctx = context.get_admin_context()
@ -1034,10 +1017,7 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
ip_version=6) as snet_v6,\ ip_version=6) as snet_v6,\
mock.patch.object( mock.patch.object(
plugin.notifier, plugin.notifier,
'security_groups_member_updated') as m_upd,\ 'security_groups_member_updated') as m_upd:
mock.patch.object(
plugin.notifier,
'security_groups_provider_updated') as p_upd:
net_id = net['network']['id'] net_id = net['network']['id']
data = [{ data = [{
@ -1050,8 +1030,6 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
self._create_bulk_from_list(self.fmt, 'port', self._create_bulk_from_list(self.fmt, 'port',
data, context=ctx) data, context=ctx)
self.assertFalse(m_upd.called) self.assertFalse(m_upd.called)
self._check_security_groups_provider_updated_args(
p_upd, net_id)
def test_delete_port_no_notify_in_disassociate_floatingips(self): def test_delete_port_no_notify_in_disassociate_floatingips(self):
ctx = context.get_admin_context() ctx = context.get_admin_context()