diff options
| author | Nguyen Thanh Cong <ntcong1705@gmail.com> | 2021-11-11 21:00:23 +0700 |
|---|---|---|
| committer | Nikhil Kshirsagar <nikhil.kshirsagar@canonical.com> | 2023-02-27 11:17:34 +0530 |
| commit | b01ad2fa0913b087a7e8151eca7417b1d9b978ab (patch) | |
| tree | 0b259313e74ddafe3fd206b720236f940c88cf75 | |
| parent | 168902f7ac22cefa0cc6a73f6a5801a8fb9763d4 (diff) | |
| download | neutron-b01ad2fa0913b087a7e8151eca7417b1d9b978ab.tar.gz | |
[OVN] Fix port disable security dead when run neutron-ovn-db-sync-util
Port disable security should not have been in acl neutron_pg_drop, but
when run neutron-ovn-db-sync-util, port disable security still added
to ACL neutron_pg_drop. It because port disable security is not
trusted port.
Co-authored-by: archiephan <chungphan7819@gmail.com>
Closes-Bug: #1939723
Change-Id: Iebce0929e3e68ac5be0acaf5cdac4f5833cb9f2f
(cherry picked from commit 4511290b726f605384285228a28ad7b32a4b8c43)
| -rw-r--r-- | neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py | 4 | ||||
| -rw-r--r-- | neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/test_mech_driver.py | 8 |
2 files changed, 9 insertions, 3 deletions
diff --git a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py index c8eccd6e29..6064576213 100644 --- a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py +++ b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py @@ -424,10 +424,10 @@ class OVNClient(object): **kwargs)) sg_ids = utils.get_lsp_security_groups(port) - # If this is not a trusted port or port security is enabled, + # If this is not a trusted port and port security is enabled, # add it to the default drop Port Group so that all traffic # is dropped by default. - if not utils.is_lsp_trusted(port) or port_info.port_security: + if not utils.is_lsp_trusted(port) and port_info.port_security: self._add_port_to_drop_port_group(port_cmd, txn) # Just add the port to its Port Group. for sg in sg_ids: diff --git a/neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/test_mech_driver.py b/neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/test_mech_driver.py index 73224455e2..38e04af7c1 100644 --- a/neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/test_mech_driver.py +++ b/neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/test_mech_driver.py @@ -3217,7 +3217,12 @@ class TestOVNMechanismDriverSecurityGroup( # test acl methods invoking. Content correctness of args of acl methods # is mainly guaranteed by acl_test.py. + _extension_drivers = ['port_security'] + def setUp(self): + cfg.CONF.set_override('extension_drivers', + self._extension_drivers, + group='ml2') cfg.CONF.set_override('mechanism_drivers', ['logger', 'ovn'], 'ml2') @@ -3416,8 +3421,9 @@ class TestOVNMechanismDriverSecurityGroup( req = self.new_update_request('ports', data, p['id']) req.get_response(self.api) + # Default neutron_pg_drop, 2 security group self.assertEqual( - 2, self.mech_driver._nb_ovn.pg_add_ports.call_count) + 3, self.mech_driver._nb_ovn.pg_add_ports.call_count) def test_update_sg_change_rule(self): with self.network() as n, self.subnet(n): |