From 4aa41464a3f0eab704e61b5b2386e5a2feab0ccb Mon Sep 17 00:00:00 2001 From: Gary Kotton Date: Thu, 9 Mar 2017 09:35:13 -0800 Subject: [PATCH] Fix subnet-deletion issue Commit 31fa23d84c9054fb4cfebccef953bf6839698a1d changed the way that subnet deletion worked. This broke the plugin due to the fact that port was updated when a subnet is deleted. This results in an exception for port security validations. So here we have a dodgy way of finding out that we need to skip this validation Change-Id: Idf703cb8d5618799306c6e3b4ab144abb0caa665 --- vmware_nsx/plugins/nsx_v3/plugin.py | 16 +++++++++++++--- vmware_nsx/tests/unit/nsx_v3/test_plugin.py | 3 --- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py index b89f2fed24..df142350b9 100644 --- a/vmware_nsx/plugins/nsx_v3/plugin.py +++ b/vmware_nsx/plugins/nsx_v3/plugin.py @@ -2158,7 +2158,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, super(NsxV3Plugin, self).delete_port(context, port_id) def _update_port_preprocess_security( - self, context, port, id, updated_port): + self, context, port, id, updated_port, validate_port_sec=True): delete_addr_pairs = self._check_update_deletes_allowed_address_pairs( port) has_addr_pairs = self._check_update_has_allowed_address_pairs(port) @@ -2194,7 +2194,8 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, # checks if security groups were updated adding/modifying # security groups, port security is set and port has ip - if not (has_ip and updated_port[psec.PORTSECURITY]): + if (validate_port_sec and + not (has_ip and updated_port[psec.PORTSECURITY])): if has_security_groups: raise psec.PortSecurityAndIPRequiredForSecurityGroups() # Update did not have security groups passed in. Check @@ -2365,6 +2366,15 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, def update_port(self, context, id, port): switch_profile_ids = None + # Need to determine if we skip validations for port security. + # This is the edge case when the subnet is deleted. + validate_port_sec = True + fixed_ips = port['port'].get('fixed_ips', []) + for fixed_ip in fixed_ips: + if 'delete_subnet' in fixed_ip: + validate_port_sec = False + break + with context.session.begin(subtransactions=True): original_port = super(NsxV3Plugin, self).get_port(context, id) nsx_lswitch_id, nsx_lport_id = nsx_db.get_nsx_switch_and_port_id( @@ -2394,7 +2404,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, updated_port.update(port['port']) updated_port = self._update_port_preprocess_security( - context, port, id, updated_port) + context, port, id, updated_port, validate_port_sec) self._update_extra_dhcp_opts_on_port(context, id, port, updated_port) diff --git a/vmware_nsx/tests/unit/nsx_v3/test_plugin.py b/vmware_nsx/tests/unit/nsx_v3/test_plugin.py index eff2a4f436..1738ff94ff 100644 --- a/vmware_nsx/tests/unit/nsx_v3/test_plugin.py +++ b/vmware_nsx/tests/unit/nsx_v3/test_plugin.py @@ -235,9 +235,6 @@ class TestNetworksV2(test_plugin.TestNetworksV2, NsxV3PluginTestCaseMixin): class TestSubnetsV2(test_plugin.TestSubnetsV2, NsxV3PluginTestCaseMixin): - def test_delete_subnet_ipv6_slaac_port_exists(self): - self.skipTest('No DHCP v6 Support yet') - def test_create_subnet_with_shared_address_space(self): with self.network() as network: data = {'subnet': {'network_id': network['network']['id'],