Prevent duplicate SG rules in 'concurrent requests' case

Problem: The process of transaction is too short. In case of concurrent requests, both requests can pass all tests and going to write to database. Sometimes the transaction of first request closed before the transaction of the second request has been open, because of the above problem. So both of them can access the latest data (revision number), then passing the StaleDataError and writing to database successfully. This patch moved the _check_for_duplicate_rules_in_db into transaction to prevent race condition. Change-Id: I9ff2bf830c0c9d1114833d33603622f447ee7ca2 Closes-bug: #1532696
2016-07-22 17:59:03 +07:00 · 2016-07-22 17:59:03 +07:00 · fb375bd7a4
parent 4478987fbd
commit fb375bd7a4
1 changed files with 3 additions and 2 deletions
--- a/neutron/db/securitygroups_db.py
+++ b/neutron/db/securitygroups_db.py
@ -305,8 +305,6 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
                                    validate=True):
        if validate:
            self._validate_security_group_rule(context, security_group_rule)
-            self._check_for_duplicate_rules_in_db(context, security_group_rule)
-
        rule_dict = security_group_rule['security_group_rule']
        kwargs = {
            'context': context,
@ -317,6 +315,9 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
                              exc_cls=ext_sg.SecurityGroupConflict, **kwargs)

        with context.session.begin(subtransactions=True):
+            if validate:
+                self._check_for_duplicate_rules_in_db(context,
+                                                      security_group_rule)
            db = sg_models.SecurityGroupRule(
                id=(rule_dict.get('id') or uuidutils.generate_uuid()),
                tenant_id=rule_dict['tenant_id'],