Merge "Remove security_groups_provider_updated rpc code"
This commit is contained in:
commit
b192ffe73d
|
@ -186,27 +186,6 @@ class SecurityGroupAgentRpc(object):
|
||||||
else:
|
else:
|
||||||
self.refresh_firewall(devices)
|
self.refresh_firewall(devices)
|
||||||
|
|
||||||
def security_groups_provider_updated(self, port_ids_to_update):
|
|
||||||
LOG.info("Provider rule updated")
|
|
||||||
if port_ids_to_update is None:
|
|
||||||
# Update all devices
|
|
||||||
if self.defer_refresh_firewall:
|
|
||||||
self.global_refresh_firewall = True
|
|
||||||
else:
|
|
||||||
self.refresh_firewall()
|
|
||||||
else:
|
|
||||||
devices = []
|
|
||||||
for device in self.firewall.ports.values():
|
|
||||||
# neutron server will give port ids for update, However, L2
|
|
||||||
# agent will use device name in firewall. Here change port id
|
|
||||||
# to device name, so that the L2 agent can consume it
|
|
||||||
if device['id'] in port_ids_to_update:
|
|
||||||
devices.append(device['device'])
|
|
||||||
if self.defer_refresh_firewall:
|
|
||||||
self.devices_to_refilter |= set(devices)
|
|
||||||
else:
|
|
||||||
self.refresh_firewall(devices)
|
|
||||||
|
|
||||||
def remove_devices_filter(self, device_ids):
|
def remove_devices_filter(self, device_ids):
|
||||||
if not device_ids:
|
if not device_ids:
|
||||||
return
|
return
|
||||||
|
|
|
@ -158,25 +158,6 @@ class SecurityGroupAgentRpcApiMixin(object):
|
||||||
cctxt.cast(context, 'security_groups_member_updated',
|
cctxt.cast(context, 'security_groups_member_updated',
|
||||||
security_groups=security_groups)
|
security_groups=security_groups)
|
||||||
|
|
||||||
def security_groups_provider_updated(self, context,
|
|
||||||
devices_to_update=None):
|
|
||||||
"""Notify provider updated security groups."""
|
|
||||||
# TODO(kevinbenton): remove in Queens
|
|
||||||
# NOTE(ihrachys) the version here should really be 1.3, but since we
|
|
||||||
# don't support proper version pinning yet, we leave it intact to allow
|
|
||||||
# to work with older agents. The reason why we should not require the
|
|
||||||
# version here is that in rolling upgrade scenarios we always upgrade
|
|
||||||
# server first, and since the notification is directed from the newer
|
|
||||||
# server to older agents, and those agents don't have their RPC entry
|
|
||||||
# point bumped to 1.3 yet, we cannot safely enforce the minimal
|
|
||||||
# version. Newer payload works for older agents because agent handlers
|
|
||||||
# are written so that we silently ignore unknown parameters.
|
|
||||||
cctxt = self.client.prepare(version=self.SG_RPC_VERSION,
|
|
||||||
topic=self._get_security_group_topic(),
|
|
||||||
fanout=True)
|
|
||||||
cctxt.cast(context, 'security_groups_provider_updated',
|
|
||||||
devices_to_update=devices_to_update)
|
|
||||||
|
|
||||||
|
|
||||||
class SecurityGroupAgentRpcCallbackMixin(object):
|
class SecurityGroupAgentRpcCallbackMixin(object):
|
||||||
"""A mix-in that enable SecurityGroup support in agent implementations.
|
"""A mix-in that enable SecurityGroup support in agent implementations.
|
||||||
|
@ -219,14 +200,6 @@ class SecurityGroupAgentRpcCallbackMixin(object):
|
||||||
return self._security_groups_agent_not_set()
|
return self._security_groups_agent_not_set()
|
||||||
self.sg_agent.security_groups_member_updated(security_groups)
|
self.sg_agent.security_groups_member_updated(security_groups)
|
||||||
|
|
||||||
def security_groups_provider_updated(self, context, **kwargs):
|
|
||||||
"""Callback for security group provider update.
|
|
||||||
|
|
||||||
This is now a NOOP since provider rules are static. The server just
|
|
||||||
generates the notification for agents running older versions that have
|
|
||||||
IP-specific rules.
|
|
||||||
"""
|
|
||||||
|
|
||||||
|
|
||||||
class SecurityGroupServerAPIShim(sg_rpc_base.SecurityGroupInfoAPIMixin):
|
class SecurityGroupServerAPIShim(sg_rpc_base.SecurityGroupInfoAPIMixin):
|
||||||
"""Agent-side replacement for SecurityGroupServerRpcApi using local data.
|
"""Agent-side replacement for SecurityGroupServerRpcApi using local data.
|
||||||
|
|
|
@ -108,36 +108,16 @@ class SecurityGroupServerNotifierRpcMixin(sg_db.SecurityGroupDbMixin):
|
||||||
ingress packet from the dhcp server (as a part of provider rules),
|
ingress packet from the dhcp server (as a part of provider rules),
|
||||||
so we need to notify an update of dhcp server ip
|
so we need to notify an update of dhcp server ip
|
||||||
address to the plugin agent.
|
address to the plugin agent.
|
||||||
security_groups_provider_updated() just notifies that an event
|
|
||||||
occurs and the plugin agent fetches the update provider
|
|
||||||
rule in the other RPC call (security_group_rules_for_devices).
|
|
||||||
"""
|
"""
|
||||||
sg_provider_updated_networks = set()
|
|
||||||
sec_groups = set()
|
sec_groups = set()
|
||||||
for port in ports:
|
for port in ports:
|
||||||
if port['device_owner'] == const.DEVICE_OWNER_DHCP:
|
|
||||||
sg_provider_updated_networks.add(
|
|
||||||
port['network_id'])
|
|
||||||
# For IPv6, provider rule need to be updated in case router
|
|
||||||
# interface is created or updated after VM port is created.
|
|
||||||
# NOTE (Swami): ROUTER_INTERFACE_OWNERS check is required
|
# NOTE (Swami): ROUTER_INTERFACE_OWNERS check is required
|
||||||
# since it includes the legacy router interface device owners
|
# since it includes the legacy router interface device owners
|
||||||
# and DVR router interface device owners.
|
# and DVR router interface device owners.
|
||||||
elif port['device_owner'] in const.ROUTER_INTERFACE_OWNERS:
|
if (port['device_owner'] not in
|
||||||
if any(netaddr.IPAddress(fixed_ip['ip_address']).version == 6
|
[const.DEVICE_OWNER_DHCP, const.ROUTER_INTERFACE_OWNERS]):
|
||||||
for fixed_ip in port['fixed_ips']):
|
|
||||||
sg_provider_updated_networks.add(
|
|
||||||
port['network_id'])
|
|
||||||
else:
|
|
||||||
sec_groups |= set(port.get(ext_sg.SECURITYGROUPS))
|
sec_groups |= set(port.get(ext_sg.SECURITYGROUPS))
|
||||||
|
|
||||||
if sg_provider_updated_networks:
|
|
||||||
ports_query = context.session.query(models_v2.Port.id).filter(
|
|
||||||
models_v2.Port.network_id.in_(
|
|
||||||
sg_provider_updated_networks)).all()
|
|
||||||
ports_to_update = [p.id for p in ports_query]
|
|
||||||
self.notifier.security_groups_provider_updated(
|
|
||||||
context, ports_to_update)
|
|
||||||
if sec_groups:
|
if sec_groups:
|
||||||
self.notifier.security_groups_member_updated(
|
self.notifier.security_groups_member_updated(
|
||||||
context, list(sec_groups))
|
context, list(sec_groups))
|
||||||
|
|
|
@ -59,10 +59,6 @@ class CommonAgentManagerRpcCallBackBase(object):
|
||||||
:param security_groups: list of updated security_groups
|
:param security_groups: list of updated security_groups
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@abc.abstractmethod
|
|
||||||
def security_groups_provider_updated(self, context, **kwargs):
|
|
||||||
"""Callback for security group provider update."""
|
|
||||||
|
|
||||||
def add_network(self, network_id, network_segment):
|
def add_network(self, network_id, network_segment):
|
||||||
"""Add a network to the agent internal network list
|
"""Add a network to the agent internal network list
|
||||||
|
|
||||||
|
|
|
@ -192,60 +192,6 @@ class SGServerRpcCallBackTestCase(test_sg.SecurityGroupDBTestCase):
|
||||||
req.get_response(self.api))
|
req.get_response(self.api))
|
||||||
self._delete('ports', port_id)
|
self._delete('ports', port_id)
|
||||||
|
|
||||||
def test_notify_security_group_ipv6_gateway_port_added(self):
|
|
||||||
self._test_security_group_port(
|
|
||||||
const.DEVICE_OWNER_ROUTER_INTF,
|
|
||||||
'2001:0db8::1',
|
|
||||||
'2001:0db8::/64',
|
|
||||||
6,
|
|
||||||
'2001:0db8::1')
|
|
||||||
self.assertTrue(self.notifier.security_groups_provider_updated.called)
|
|
||||||
|
|
||||||
def test_notify_security_group_dvr_ipv6_gateway_port_added(self):
|
|
||||||
self._test_security_group_port(
|
|
||||||
const.DEVICE_OWNER_DVR_INTERFACE,
|
|
||||||
'2001:0db8::1',
|
|
||||||
'2001:0db8::/64',
|
|
||||||
6,
|
|
||||||
'2001:0db8::2')
|
|
||||||
self.assertTrue(self.notifier.security_groups_provider_updated.called)
|
|
||||||
|
|
||||||
def test_notify_security_group_ipv6_normal_port_added(self):
|
|
||||||
self._test_security_group_port(
|
|
||||||
None,
|
|
||||||
'2001:0db8::1',
|
|
||||||
'2001:0db8::/64',
|
|
||||||
6,
|
|
||||||
'2001:0db8::3')
|
|
||||||
self.assertFalse(self.notifier.security_groups_provider_updated.called)
|
|
||||||
|
|
||||||
def test_notify_security_group_ipv4_dhcp_port_added(self):
|
|
||||||
self._test_security_group_port(
|
|
||||||
const.DEVICE_OWNER_DHCP,
|
|
||||||
'192.168.1.1',
|
|
||||||
'192.168.1.0/24',
|
|
||||||
4,
|
|
||||||
'192.168.1.2')
|
|
||||||
self.assertTrue(self.notifier.security_groups_provider_updated.called)
|
|
||||||
|
|
||||||
def test_notify_security_group_ipv4_gateway_port_added(self):
|
|
||||||
self._test_security_group_port(
|
|
||||||
const.DEVICE_OWNER_ROUTER_INTF,
|
|
||||||
'192.168.1.1',
|
|
||||||
'192.168.1.0/24',
|
|
||||||
4,
|
|
||||||
'192.168.1.1')
|
|
||||||
self.assertFalse(self.notifier.security_groups_provider_updated.called)
|
|
||||||
|
|
||||||
def test_notify_security_group_ipv4_normal_port_added(self):
|
|
||||||
self._test_security_group_port(
|
|
||||||
None,
|
|
||||||
'192.168.1.1',
|
|
||||||
'192.168.1.0/24',
|
|
||||||
4,
|
|
||||||
'192.168.1.3')
|
|
||||||
self.assertFalse(self.notifier.security_groups_provider_updated.called)
|
|
||||||
|
|
||||||
def _test_sg_rules_for_devices_ipv4_ingress_port_range(
|
def _test_sg_rules_for_devices_ipv4_ingress_port_range(
|
||||||
self, min_port, max_port):
|
self, min_port, max_port):
|
||||||
fake_prefix = FAKE_PREFIX[const.IPv4]
|
fake_prefix = FAKE_PREFIX[const.IPv4]
|
||||||
|
@ -957,12 +903,6 @@ class SecurityGroupAgentRpcTestCase(BaseSecurityGroupAgentRpcTestCase):
|
||||||
self.assertFalse(self.agent.refresh_firewall.called)
|
self.assertFalse(self.agent.refresh_firewall.called)
|
||||||
self.assertFalse(self.firewall.security_group_updated.called)
|
self.assertFalse(self.firewall.security_group_updated.called)
|
||||||
|
|
||||||
def test_security_groups_provider_updated(self):
|
|
||||||
self.agent.refresh_firewall = mock.Mock()
|
|
||||||
self.agent.security_groups_provider_updated(None)
|
|
||||||
self.agent.refresh_firewall.assert_has_calls(
|
|
||||||
[mock.call.refresh_firewall()])
|
|
||||||
|
|
||||||
def test_refresh_firewall(self):
|
def test_refresh_firewall(self):
|
||||||
self.agent.prepare_devices_filter(['fake_port_id'])
|
self.agent.prepare_devices_filter(['fake_port_id'])
|
||||||
self.agent.refresh_firewall()
|
self.agent.refresh_firewall()
|
||||||
|
@ -1086,12 +1026,6 @@ class SecurityGroupAgentEnhancedRpcTestCase(
|
||||||
self.assertFalse(self.agent.refresh_firewall.called)
|
self.assertFalse(self.agent.refresh_firewall.called)
|
||||||
self.assertFalse(self.firewall.security_group_updated.called)
|
self.assertFalse(self.firewall.security_group_updated.called)
|
||||||
|
|
||||||
def test_security_groups_provider_updated_enhanced_rpc(self):
|
|
||||||
self.agent.refresh_firewall = mock.Mock()
|
|
||||||
self.agent.security_groups_provider_updated(None)
|
|
||||||
self.agent.refresh_firewall.assert_has_calls(
|
|
||||||
[mock.call.refresh_firewall()])
|
|
||||||
|
|
||||||
def test_refresh_firewall_enhanced_rpc(self):
|
def test_refresh_firewall_enhanced_rpc(self):
|
||||||
self.agent.prepare_devices_filter(['fake_port_id'])
|
self.agent.prepare_devices_filter(['fake_port_id'])
|
||||||
self.agent.refresh_firewall()
|
self.agent.refresh_firewall()
|
||||||
|
@ -1234,24 +1168,6 @@ class SecurityGroupAgentRpcWithDeferredRefreshTestCase(
|
||||||
self.assertIn('fake_device_2', self.agent.devices_to_refilter)
|
self.assertIn('fake_device_2', self.agent.devices_to_refilter)
|
||||||
self.assertFalse(self.firewall.security_group_updated.called)
|
self.assertFalse(self.firewall.security_group_updated.called)
|
||||||
|
|
||||||
def test_security_groups_provider_updated(self):
|
|
||||||
self.agent.security_groups_provider_updated(None)
|
|
||||||
self.assertTrue(self.agent.global_refresh_firewall)
|
|
||||||
|
|
||||||
def test_security_groups_provider_updated_devices_specified(self):
|
|
||||||
self.agent.firewall.ports = {
|
|
||||||
'fake_device_1': {
|
|
||||||
'id': 'fake_port_id_1',
|
|
||||||
'device': 'fake_device_1'},
|
|
||||||
'fake_device_2': {
|
|
||||||
'id': 'fake_port_id_2',
|
|
||||||
'device': 'fake_device_2'}}
|
|
||||||
self.agent.security_groups_provider_updated(
|
|
||||||
['fake_port_id_1', 'fake_port_id_2'])
|
|
||||||
self.assertFalse(self.agent.global_refresh_firewall)
|
|
||||||
self.assertIn('fake_device_1', self.agent.devices_to_refilter)
|
|
||||||
self.assertIn('fake_device_2', self.agent.devices_to_refilter)
|
|
||||||
|
|
||||||
def test_setup_port_filters_new_ports_only(self):
|
def test_setup_port_filters_new_ports_only(self):
|
||||||
self.agent.prepare_devices_filter = mock.Mock()
|
self.agent.prepare_devices_filter = mock.Mock()
|
||||||
self.agent.refresh_firewall = mock.Mock()
|
self.agent.refresh_firewall = mock.Mock()
|
||||||
|
@ -1411,12 +1327,6 @@ class SecurityGroupAgentRpcApiTestCase(base.BaseTestCase):
|
||||||
self.mock_cast = mock.patch.object(self.notifier.client,
|
self.mock_cast = mock.patch.object(self.notifier.client,
|
||||||
'cast').start()
|
'cast').start()
|
||||||
|
|
||||||
def test_security_groups_provider_updated(self):
|
|
||||||
self.notifier.security_groups_provider_updated(None)
|
|
||||||
self.mock_cast.assert_has_calls(
|
|
||||||
[mock.call(None, 'security_groups_provider_updated',
|
|
||||||
devices_to_update=None)])
|
|
||||||
|
|
||||||
def test_security_groups_rule_updated(self):
|
def test_security_groups_rule_updated(self):
|
||||||
self.notifier.security_groups_rule_updated(
|
self.notifier.security_groups_rule_updated(
|
||||||
None, security_groups=['fake_sgid'])
|
None, security_groups=['fake_sgid'])
|
||||||
|
|
|
@ -61,11 +61,6 @@ class SGAgentRpcCallBackMixinTestCase(base.BaseTestCase):
|
||||||
self.rpc.sg_agent.assert_has_calls(
|
self.rpc.sg_agent.assert_has_calls(
|
||||||
[mock.call.security_groups_member_updated(['fake_sgid'])])
|
[mock.call.security_groups_member_updated(['fake_sgid'])])
|
||||||
|
|
||||||
def test_security_groups_provider_updated(self):
|
|
||||||
self.rpc.security_groups_provider_updated(None)
|
|
||||||
# this is now a NOOP on the agent side. provider rules don't change
|
|
||||||
self.assertFalse(self.rpc.sg_agent.called)
|
|
||||||
|
|
||||||
|
|
||||||
class SecurityGroupServerAPIShimTestCase(base.BaseTestCase):
|
class SecurityGroupServerAPIShimTestCase(base.BaseTestCase):
|
||||||
|
|
||||||
|
|
|
@ -25,9 +25,6 @@ class RPCCallBackImpl(amb.CommonAgentManagerRpcCallBackBase):
|
||||||
def security_groups_member_updated(self, context, **kwargs):
|
def security_groups_member_updated(self, context, **kwargs):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
def security_groups_provider_updated(self, context, **kwargs):
|
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class Test_CommonAgentManagerRpcCallBackBase(base.BaseTestCase):
|
class Test_CommonAgentManagerRpcCallBackBase(base.BaseTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
|
|
|
@ -966,9 +966,7 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
|
||||||
plugin = directory.get_plugin()
|
plugin = directory.get_plugin()
|
||||||
with self.network() as net,\
|
with self.network() as net,\
|
||||||
mock.patch.object(plugin.notifier,
|
mock.patch.object(plugin.notifier,
|
||||||
'security_groups_member_updated') as m_upd,\
|
'security_groups_member_updated') as m_upd:
|
||||||
mock.patch.object(plugin.notifier,
|
|
||||||
'security_groups_provider_updated') as p_upd:
|
|
||||||
|
|
||||||
res = self._create_port_bulk(self.fmt, 3, net['network']['id'],
|
res = self._create_port_bulk(self.fmt, 3, net['network']['id'],
|
||||||
'test', True, context=ctx)
|
'test', True, context=ctx)
|
||||||
|
@ -976,25 +974,13 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
|
||||||
used_sg = ports['ports'][0]['security_groups']
|
used_sg = ports['ports'][0]['security_groups']
|
||||||
m_upd.assert_has_calls(
|
m_upd.assert_has_calls(
|
||||||
[mock.call(ctx, [sg]) for sg in used_sg], any_order=True)
|
[mock.call(ctx, [sg]) for sg in used_sg], any_order=True)
|
||||||
self.assertFalse(p_upd.called)
|
|
||||||
|
|
||||||
def _check_security_groups_provider_updated_args(self, p_upd_mock, net_id):
|
|
||||||
query_params = "network_id=%s" % net_id
|
|
||||||
network_ports = self._list('ports', query_params=query_params)
|
|
||||||
network_ports_ids = [port['id'] for port in network_ports['ports']]
|
|
||||||
self.assertTrue(p_upd_mock.called)
|
|
||||||
p_upd_args = p_upd_mock.call_args
|
|
||||||
ports_ids = p_upd_args[0][1]
|
|
||||||
self.assertEqual(sorted(network_ports_ids), sorted(ports_ids))
|
|
||||||
|
|
||||||
def test_create_ports_bulk_with_sec_grp_member_provider_update(self):
|
def test_create_ports_bulk_with_sec_grp_member_provider_update(self):
|
||||||
ctx = context.get_admin_context()
|
ctx = context.get_admin_context()
|
||||||
plugin = directory.get_plugin()
|
plugin = directory.get_plugin()
|
||||||
with self.network() as net,\
|
with self.network() as net,\
|
||||||
mock.patch.object(plugin.notifier,
|
mock.patch.object(plugin.notifier,
|
||||||
'security_groups_member_updated') as m_upd,\
|
'security_groups_member_updated') as m_upd:
|
||||||
mock.patch.object(plugin.notifier,
|
|
||||||
'security_groups_provider_updated') as p_upd:
|
|
||||||
|
|
||||||
net_id = net['network']['id']
|
net_id = net['network']['id']
|
||||||
data = [{
|
data = [{
|
||||||
|
@ -1013,14 +999,11 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
|
||||||
ports = self.deserialize(self.fmt, res)
|
ports = self.deserialize(self.fmt, res)
|
||||||
used_sg = ports['ports'][0]['security_groups']
|
used_sg = ports['ports'][0]['security_groups']
|
||||||
m_upd.assert_called_once_with(ctx, used_sg)
|
m_upd.assert_called_once_with(ctx, used_sg)
|
||||||
self._check_security_groups_provider_updated_args(p_upd, net_id)
|
|
||||||
m_upd.reset_mock()
|
m_upd.reset_mock()
|
||||||
p_upd.reset_mock()
|
|
||||||
data[0]['device_owner'] = constants.DEVICE_OWNER_DHCP
|
data[0]['device_owner'] = constants.DEVICE_OWNER_DHCP
|
||||||
self._create_bulk_from_list(self.fmt, 'port',
|
self._create_bulk_from_list(self.fmt, 'port',
|
||||||
data, context=ctx)
|
data, context=ctx)
|
||||||
self.assertFalse(m_upd.called)
|
self.assertFalse(m_upd.called)
|
||||||
self._check_security_groups_provider_updated_args(p_upd, net_id)
|
|
||||||
|
|
||||||
def test_create_ports_bulk_with_sec_grp_provider_update_ipv6(self):
|
def test_create_ports_bulk_with_sec_grp_provider_update_ipv6(self):
|
||||||
ctx = context.get_admin_context()
|
ctx = context.get_admin_context()
|
||||||
|
@ -1034,10 +1017,7 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
|
||||||
ip_version=6) as snet_v6,\
|
ip_version=6) as snet_v6,\
|
||||||
mock.patch.object(
|
mock.patch.object(
|
||||||
plugin.notifier,
|
plugin.notifier,
|
||||||
'security_groups_member_updated') as m_upd,\
|
'security_groups_member_updated') as m_upd:
|
||||||
mock.patch.object(
|
|
||||||
plugin.notifier,
|
|
||||||
'security_groups_provider_updated') as p_upd:
|
|
||||||
|
|
||||||
net_id = net['network']['id']
|
net_id = net['network']['id']
|
||||||
data = [{
|
data = [{
|
||||||
|
@ -1050,8 +1030,6 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
|
||||||
self._create_bulk_from_list(self.fmt, 'port',
|
self._create_bulk_from_list(self.fmt, 'port',
|
||||||
data, context=ctx)
|
data, context=ctx)
|
||||||
self.assertFalse(m_upd.called)
|
self.assertFalse(m_upd.called)
|
||||||
self._check_security_groups_provider_updated_args(
|
|
||||||
p_upd, net_id)
|
|
||||||
|
|
||||||
def test_delete_port_no_notify_in_disassociate_floatingips(self):
|
def test_delete_port_no_notify_in_disassociate_floatingips(self):
|
||||||
ctx = context.get_admin_context()
|
ctx = context.get_admin_context()
|
||||||
|
|
Loading…
Reference in New Issue