x/group-based-policy
Code Issues Proposed changes

Fix port notifications when extension is updated

Browse Source 
The patch in [0] added support for the no-NAT CIDRs extension. This
covered the case where the agents would get extension details when a
network was created, as well as when a network was connected or
disconnected from a neutron router. However, it missed the case where
the extension on the ntwork itself was updated. This patch addresses
that gap.

The patch also adds UT coverage of the extension for AIM validation
(there is no mapping to an AIM resource, but the extension was added
to the UT for completeness).

[0]: https://review.opendev.org/c/x/group-based-policy/+/875317

Change-Id: Ibf3df8a0d48b9ba9a68c17ad70251a611aa40cab
This commit is contained in:
Thomas Bachman 2023-03-22 11:15:21 +00:00
parent b7a5445e7b
commit f9c7a63f7a
3 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/mechanism_driver.py
View File

@ -1060,6 +1060,18 @@ class ApicMechanismDriver(api_plus.MechanismDriver,
self.aim.update(
aim_ctx, epg, policy_enforcement_pref=curr_masters)
# Update no-NAT CIDRs if changed.
curr_cidrs = current[cisco_apic.NO_NAT_CIDRS]
orig_cidrs = original[cisco_apic.NO_NAT_CIDRS]
ports_to_notify = set()
if curr_cidrs != orig_cidrs:
port_ids = self._get_non_router_ports_in_networks(
session, [current['id']])
ports_to_notify.update(port_ids)
if ports_to_notify:
self._add_postcommit_port_notifications(context._plugin_context,
ports_to_notify)
if is_ext:
_, ext_net, ns = self._get_aim_nat_strategy(current)
if ext_net:
@ -1181,6 +1193,9 @@ class ApicMechanismDriver(api_plus.MechanismDriver,
self.aim.update(aim_ctx, l3out_ext_subnet_v6, scope=scope,
aggregate=aggregate)
def update_network_postcommit(self, context):
self._send_postcommit_notifications(context._plugin_context)
def delete_network_precommit(self, context):
current = context.current
LOG.debug("APIC AIM MD deleting network: %s", current)

23
gbpservice/neutron/tests/unit/plugins/ml2plus/test_apic_aim.py
View File

@ -12863,6 +12863,29 @@ class TestExtensionNoNatCidrsScenarios(TestOpflexRpc, ApicAimTestCase):
self.assertEqual(set(['10.0.1.0/24', '10.10.10.0/24']),
set(response['vrf_subnets']))
with mock.patch.object(
self.driver.notifier, 'port_update',
autospec=True) as notifier:
# Test update with no nat cidrs extension
net = self._update(
'networks', net_id,
{'network':
{'apic:no_nat_cidrs': ['20.20.20.0/24']}})['network']
self.assertItemsEqual(['20.20.20.0/24'],
net['apic:no_nat_cidrs'])
# The mechanism driver adds the bound drivers when
# it makes the call for the notification, so add those in.
port['binding:vif_details']['bound_drivers'] = {
'0': 'apic_aim', '1': 'apic_aim'}
notifier.assert_called_once_with(mock.ANY, port)
# Verify that the new CIDR is added, and the old one is
# deleted.
response = self.driver.request_endpoint_details(
n_context.get_admin_context(), request=request, host=host)
self.assertEqual(set(['10.0.1.0/24', '20.20.20.0/24']),
set(response['gbp_details']['vrf_subnets']))
def test_no_nat_cidrs_external_network(self):
# test no nat cidrs extension for external network
ext_net = self._make_ext_network('ext-net1',

1
gbpservice/neutron/tests/unit/services/grouppolicy/test_aim_validation.py
View File

@ -474,6 +474,7 @@ class TestNeutronMapping(AimValidationTestCase):
'name': 'ec3'},
{'app_profile_name': 'ap2',
'name': 'ec4'}],
'apic:no_nat_cidrs': ['10.10.10.0/24', '20.20.20.0/24'],
'apic:policy_enforcement_pref': 'unenforced'}
if preexisting_bd:
kwargs.update(