Revert "Delete sg rule which remote is the deleted sg"
This reverts commit 6358495720
.
Reason for revert: This is generating a lot of
"SecurityGroupNotFound" errors in neutron-server.log in
the tempest-integrated-networking job.
Closes-Bug: #2019449
Related-Bug: #2008712
Change-Id: I077fe87435f61bd29d5c1efc979c2adebca26181
This commit is contained in:
parent
6358495720
commit
ebc0658d55
@ -251,12 +251,6 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase,
|
|||||||
if sg['name'] == 'default' and not context.is_admin:
|
if sg['name'] == 'default' and not context.is_admin:
|
||||||
raise ext_sg.SecurityGroupCannotRemoveDefault()
|
raise ext_sg.SecurityGroupCannotRemoveDefault()
|
||||||
|
|
||||||
# Check if there are rules with remote_group_id ponting to
|
|
||||||
# the security_group to be deleted
|
|
||||||
rules_ids_as_remote = self._get_security_group_rules_by_remote(
|
|
||||||
context=context, remote_id=id,
|
|
||||||
)
|
|
||||||
|
|
||||||
self._registry_publish(resources.SECURITY_GROUP,
|
self._registry_publish(resources.SECURITY_GROUP,
|
||||||
events.BEFORE_DELETE,
|
events.BEFORE_DELETE,
|
||||||
exc_cls=ext_sg.SecurityGroupInUse, id=id,
|
exc_cls=ext_sg.SecurityGroupInUse, id=id,
|
||||||
@ -285,20 +279,6 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase,
|
|||||||
context, resource_id=id, states=(sec_group,),
|
context, resource_id=id, states=(sec_group,),
|
||||||
metadata={'security_group_rule_ids': sgr_ids,
|
metadata={'security_group_rule_ids': sgr_ids,
|
||||||
'name': sg['name']}))
|
'name': sg['name']}))
|
||||||
for rule in rules_ids_as_remote:
|
|
||||||
registry.publish(
|
|
||||||
resources.SECURITY_GROUP_RULE,
|
|
||||||
events.AFTER_DELETE,
|
|
||||||
self,
|
|
||||||
payload=events.DBEventPayload(
|
|
||||||
context,
|
|
||||||
resource_id=rule['id'],
|
|
||||||
metadata={'security_group_id': rule['security_group_id'],
|
|
||||||
'remote_group_id': rule['remote_group_id'],
|
|
||||||
'rule': rule
|
|
||||||
}
|
|
||||||
)
|
|
||||||
)
|
|
||||||
|
|
||||||
@db_api.retry_if_session_inactive()
|
@db_api.retry_if_session_inactive()
|
||||||
def update_security_group(self, context, id, security_group):
|
def update_security_group(self, context, id, security_group):
|
||||||
@ -385,23 +365,6 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase,
|
|||||||
self._make_security_group_binding_dict,
|
self._make_security_group_binding_dict,
|
||||||
filters=filters, fields=fields)
|
filters=filters, fields=fields)
|
||||||
|
|
||||||
def _get_security_group_rules_by_remote(self, context, remote_id):
|
|
||||||
return model_query.get_collection(
|
|
||||||
context, sg_models.SecurityGroupRule,
|
|
||||||
self._make_security_group_rule_dict,
|
|
||||||
filters={'remote_group_id': [remote_id]},
|
|
||||||
fields=['id',
|
|
||||||
'remote_group_id',
|
|
||||||
'security_group_id',
|
|
||||||
'direction',
|
|
||||||
'ethertype',
|
|
||||||
'protocol',
|
|
||||||
'port_range_min',
|
|
||||||
'port_range_max',
|
|
||||||
'normalized_cidr'
|
|
||||||
]
|
|
||||||
)
|
|
||||||
|
|
||||||
@db_api.retry_if_session_inactive()
|
@db_api.retry_if_session_inactive()
|
||||||
def _delete_port_security_group_bindings(self, context, port_id):
|
def _delete_port_security_group_bindings(self, context, port_id):
|
||||||
with db_api.CONTEXT_WRITER.using(context):
|
with db_api.CONTEXT_WRITER.using(context):
|
||||||
|
@ -265,6 +265,9 @@ class OVNMechanismDriver(api.MechanismDriver):
|
|||||||
registry.subscribe(self._create_security_group,
|
registry.subscribe(self._create_security_group,
|
||||||
resources.SECURITY_GROUP,
|
resources.SECURITY_GROUP,
|
||||||
events.AFTER_CREATE)
|
events.AFTER_CREATE)
|
||||||
|
registry.subscribe(self._delete_security_group_precommit,
|
||||||
|
resources.SECURITY_GROUP,
|
||||||
|
events.PRECOMMIT_DELETE)
|
||||||
registry.subscribe(self._delete_security_group,
|
registry.subscribe(self._delete_security_group,
|
||||||
resources.SECURITY_GROUP,
|
resources.SECURITY_GROUP,
|
||||||
events.AFTER_DELETE)
|
events.AFTER_DELETE)
|
||||||
@ -277,9 +280,6 @@ class OVNMechanismDriver(api.MechanismDriver):
|
|||||||
registry.subscribe(self._process_sg_rule_notification,
|
registry.subscribe(self._process_sg_rule_notification,
|
||||||
resources.SECURITY_GROUP_RULE,
|
resources.SECURITY_GROUP_RULE,
|
||||||
events.BEFORE_DELETE)
|
events.BEFORE_DELETE)
|
||||||
registry.subscribe(self._process_sg_rule_after_del_notification,
|
|
||||||
resources.SECURITY_GROUP_RULE,
|
|
||||||
events.AFTER_DELETE)
|
|
||||||
|
|
||||||
def _clean_hash_ring(self, *args, **kwargs):
|
def _clean_hash_ring(self, *args, **kwargs):
|
||||||
admin_context = n_context.get_admin_context()
|
admin_context = n_context.get_admin_context()
|
||||||
@ -396,6 +396,14 @@ class OVNMechanismDriver(api.MechanismDriver):
|
|||||||
self._ovn_client.create_security_group(context,
|
self._ovn_client.create_security_group(context,
|
||||||
security_group)
|
security_group)
|
||||||
|
|
||||||
|
def _delete_security_group_precommit(self, resource, event, trigger,
|
||||||
|
payload):
|
||||||
|
context = n_context.get_admin_context()
|
||||||
|
security_group_id = payload.resource_id
|
||||||
|
for sg_rule in self._plugin.get_security_group_rules(
|
||||||
|
context, filters={'remote_group_id': [security_group_id]}):
|
||||||
|
self._ovn_client.delete_security_group_rule(context, sg_rule)
|
||||||
|
|
||||||
def _delete_security_group(self, resource, event, trigger, payload):
|
def _delete_security_group(self, resource, event, trigger, payload):
|
||||||
context = payload.context
|
context = payload.context
|
||||||
security_group_id = payload.resource_id
|
security_group_id = payload.resource_id
|
||||||
@ -453,12 +461,6 @@ class OVNMechanismDriver(api.MechanismDriver):
|
|||||||
context,
|
context,
|
||||||
sg_rule)
|
sg_rule)
|
||||||
|
|
||||||
def _process_sg_rule_after_del_notification(
|
|
||||||
self, resource, event, trigger, payload):
|
|
||||||
context = payload.context
|
|
||||||
sg_rule = payload.metadata['rule']
|
|
||||||
self._ovn_client.delete_security_group_rule(context, sg_rule)
|
|
||||||
|
|
||||||
def _sg_has_rules_with_same_normalized_cidr(self, sg_rule):
|
def _sg_has_rules_with_same_normalized_cidr(self, sg_rule):
|
||||||
compare_keys = [
|
compare_keys = [
|
||||||
'ethertype', 'direction', 'protocol',
|
'ethertype', 'direction', 'protocol',
|
||||||
|
@ -404,38 +404,6 @@ class SecurityGroupDbMixinTestCase(testlib_api.SqlTestCase):
|
|||||||
self.assertEqual([mock.ANY, mock.ANY],
|
self.assertEqual([mock.ANY, mock.ANY],
|
||||||
payload.metadata.get('security_group_rule_ids'))
|
payload.metadata.get('security_group_rule_ids'))
|
||||||
|
|
||||||
def test_security_group_rule_after_delete_event_for_remot_group(self):
|
|
||||||
sg1_dict = self.mixin.create_security_group(self.ctx, FAKE_SECGROUP)
|
|
||||||
sg2_dict = self.mixin.create_security_group(self.ctx, FAKE_SECGROUP)
|
|
||||||
|
|
||||||
fake_rule = copy.deepcopy(FAKE_SECGROUP_RULE)
|
|
||||||
fake_rule['security_group_rule']['security_group_id'] = sg1_dict['id']
|
|
||||||
fake_rule['security_group_rule']['remote_group_id'] = sg2_dict['id']
|
|
||||||
fake_rule['security_group_rule']['remote_ip_prefix'] = None
|
|
||||||
remote_rule = self.mixin.create_security_group_rule(
|
|
||||||
self.ctx, fake_rule)
|
|
||||||
|
|
||||||
with mock.patch.object(registry, "publish") as mock_publish:
|
|
||||||
self.mixin.delete_security_group(self.ctx, sg2_dict['id'])
|
|
||||||
mock_publish.assert_has_calls(
|
|
||||||
[mock.call('security_group', 'before_delete',
|
|
||||||
mock.ANY, payload=mock.ANY),
|
|
||||||
mock.call('security_group', 'precommit_delete',
|
|
||||||
mock.ANY,
|
|
||||||
payload=mock.ANY),
|
|
||||||
mock.call('security_group', 'after_delete',
|
|
||||||
mock.ANY,
|
|
||||||
payload=mock.ANY),
|
|
||||||
mock.call('security_group_rule', 'after_delete',
|
|
||||||
mock.ANY,
|
|
||||||
payload=mock.ANY)])
|
|
||||||
rule_payload = mock_publish.mock_calls[3][2]['payload']
|
|
||||||
self.assertEqual(remote_rule['id'], rule_payload.resource_id)
|
|
||||||
self.assertEqual(sg1_dict['id'],
|
|
||||||
rule_payload.metadata['security_group_id'])
|
|
||||||
self.assertEqual(sg2_dict['id'],
|
|
||||||
rule_payload.metadata['remote_group_id'])
|
|
||||||
|
|
||||||
def test_security_group_rule_precommit_create_event_fail(self):
|
def test_security_group_rule_precommit_create_event_fail(self):
|
||||||
registry.subscribe(fake_callback, resources.SECURITY_GROUP_RULE,
|
registry.subscribe(fake_callback, resources.SECURITY_GROUP_RULE,
|
||||||
events.PRECOMMIT_CREATE)
|
events.PRECOMMIT_CREATE)
|
||||||
|
Loading…
Reference in New Issue
Block a user