[AIM] Fix handling of missing PortSecurityBinding
If a PortSecurityBinding record is not present for a port, which might be the case after migration from a plugin without the portsecurity extension driver configured, the GBP details RPC should return False instead of True for promiscuous_mode. Change-Id: Id33c488d890f15e9489c5a8cdbbffa5dc11387a7
This commit is contained in:
parent
a57850b5ee
commit
b559f6b25c
|
@ -1020,7 +1020,7 @@ class ApicRpcHandlerMixin(object):
|
|||
# applications use port_security_enabled=False?
|
||||
return (port_info.device_owner in constants.PROMISCUOUS_TYPES or
|
||||
port_info.port_name.endswith(constants.PROMISCUOUS_SUFFIX) or
|
||||
not port_info.psec_enabled)
|
||||
port_info.psec_enabled is False)
|
||||
|
||||
def _build_sg_details(self, info):
|
||||
return (
|
||||
|
|
|
@ -28,6 +28,7 @@ from neutron.api.rpc.agentnotifiers import dhcp_rpc_agent_api
|
|||
from neutron.common import utils as n_utils
|
||||
from neutron.db import api as db_api
|
||||
from neutron.db.models import securitygroup as sg_models
|
||||
from neutron.db.port_security import models as psec_models
|
||||
from neutron.extensions import dns
|
||||
from neutron.notifiers import nova
|
||||
from neutron.tests.unit.db import test_db_base_plugin_v2 as test_plugin
|
||||
|
@ -5698,6 +5699,30 @@ class TestNeutronPortOperation(AIMBaseTestCase):
|
|||
host='host1')
|
||||
self.assertTrue(details['promiscuous_mode'])
|
||||
|
||||
# Test RPC without a PortSecurityBinding record, which should
|
||||
# be equivalent to port_security_enabled being set to
|
||||
# True. This can occur when migrating to the unified plugin
|
||||
# from a configuration that did not include ML2's
|
||||
# port_security extension driver.
|
||||
with self.db_session.begin():
|
||||
psb = (self.db_session.query(psec_models.PortSecurityBinding).
|
||||
filter_by(port_id=p3['id']).
|
||||
one())
|
||||
self.db_session.delete(psb)
|
||||
details = self.mech_driver.get_gbp_details(
|
||||
self._neutron_admin_context, device='tap%s' % p3['id'],
|
||||
host='host1')
|
||||
self.assertFalse(details['promiscuous_mode'])
|
||||
|
||||
# Test that updating port_security_enabled restores
|
||||
# the missing PortSecurityBinding record.
|
||||
self._update(
|
||||
'ports', p3['id'], {'port': {'port_security_enabled': False}})
|
||||
details = self.mech_driver.get_gbp_details(
|
||||
self._neutron_admin_context, device='tap%s' % p3['id'],
|
||||
host='host1')
|
||||
self.assertTrue(details['promiscuous_mode'])
|
||||
|
||||
# REVISIT: Test port name ending with PROMISCUOUS_SUFFIX, or
|
||||
# is that deprecated?
|
||||
|
||||
|
|
Loading…
Reference in New Issue