neutron/neutron/tests/unit/agent/linux
Rodolfo Alonso Hernandez abeda5aece [OVS][FW] Remote SG IDs left behind when a SG is removed
When any port in the OVS agent is using a security groups (SG) and
this SG is removed, is marked to be deleted. This deletion process
is done in [1].

The SG deletion process consists on removing any reference of this SG
from the firewall and the SG port map. The firewall removes this SG in
[2].

The information of a SG is stored in:
* ConjIPFlowManager.conj_id_map = ConjIdMap(). This class stores the
  conjunction IDS (conj_ids) in a dictionary using the following keys:

    ConjIdMap.id_map[(sg_id, remote_sg_id, direction, ethertype,
      conj_ids)] = conj_id_XXX

* ConjIPFlowManager.conj_ids is a nested dictionary, built in the
  following way:

    self.conj_ids[vlan_tag][(direction, ethertype)][remote_sg_id] = \
      set([conj_id_1, conj_id_2, ...])

This patch stores all conjuntion IDs generated and assigned to the
tuple (sg_id, remote_sg_id, direction, ethertype). When a SG is
removed, the deletion method will look for this SG in the new storage
variable created, ConjIdMap.id_map_group, and will mark all the
conjuntion IDs related to be removed. That will cleanup those rules
left in the OVS matching:
  action=conjunction(conj_id, 1/2)

[1]118930f03d/neutron/agent/linux/openvswitch_firewall/firewall.py (L731)
[2]118930f03d/neutron/agent/linux/openvswitch_firewall/firewall.py (L399)

Conflicts:
      neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py

Change-Id: I63e446a30cf10e7bcd34a6f0d6ba1711301efcbe
Related-Bug: #1881157
(cherry picked from commit 0eebd002cc)
(cherry picked from commit ed22f7a2ff)
(cherry picked from commit 6615f248e2)
2020-08-21 09:56:18 +00:00
..
openvswitch_firewall [OVS][FW] Remote SG IDs left behind when a SG is removed 2020-08-21 09:56:18 +00:00
__init__.py Empty files should not contain copyright or license 2014-10-20 00:50:32 +00:00
failing_process.py Keep reading stdout/stderr until after kill 2015-11-19 19:14:13 +02:00
test_async_process.py Add kill_timeout to AsyncProcess 2019-01-04 11:44:23 +01:00
test_bridge_lib.py Fix UT BridgeLibTest when IPv6 is disabled 2018-06-05 12:02:26 +02:00
test_daemon.py Use bytes for python3 friendly os.write 2017-02-02 18:59:03 -08:00
test_dhcp.py Check dnsmasq process is active when spawned 2020-04-07 20:09:41 +00:00
test_external_process.py Check dnsmasq process is active when spawned 2020-04-07 20:09:41 +00:00
test_interface.py Allow usage of legacy 3rd-party interface drivers 2020-05-21 08:42:25 +00:00
test_ip_conntrack.py Move conntrack zones to IPTablesFirewall 2017-03-30 14:54:51 -07:00
test_ip_lib.py Switch isolated metadata proxy to bind to 169.254.169.254 2019-02-12 10:30:25 +00:00
test_ip_link_support.py sriov: implement spoofchecking configuration 2015-07-29 19:38:25 +02:00
test_ip_monitor.py Fix W605 warnings 2018-05-17 16:20:59 +09:00
test_ipset_manager.py [Security] fix allowed-address-pair 0.0.0.0/0 issue 2020-07-31 11:23:18 +00:00
test_iptables_firewall.py [Security] fix allowed-address-pair 0.0.0.0/0 issue 2020-07-31 11:23:18 +00:00
test_iptables_manager.py Fix neutron-openvswitch-agent Windows support 2018-08-28 06:53:11 +00:00
test_keepalived.py [L3 HA] Add "no_track" option to VIPs in keepalived config 2020-04-23 07:15:09 +00:00
test_l3_tc_lib.py Support iproute2 4.15 in l3_tc_lib 2020-04-14 07:40:42 +00:00
test_ovsdb_monitor.py Ensure ovsdb_connection enabled before calling monitor 2017-03-06 22:19:18 +00:00
test_pd.py Fix errors in PrefixDelegation.remove_stale_ri_ifname 2017-05-02 16:46:56 +00:00
test_polling.py Ensure ovsdb_connection enabled before calling monitor 2017-03-06 22:19:18 +00:00
test_tc_lib.py Fix ingress bw limit for OVS DPDK ports 2018-01-15 13:19:14 +00:00
test_utils.py Fix race condition when getting cmdline 2019-11-24 14:33:32 +00:00
test_xenapi_root_helper.py Use os-xenapi for neutron when XenServer as hypervisor 2017-03-30 18:33:37 +00:00