diff options
author | elajkat <lajos.katona@est.tech> | 2023-03-10 13:29:48 +0100 |
---|---|---|
committer | elajkat <lajos.katona@est.tech> | 2023-03-17 09:24:02 +0100 |
commit | 63584957203ec9f5ba165177978213c3909f81f0 (patch) | |
tree | f38c2ec424bc6148179bef40e10134dbfd71c521 /neutron/plugins | |
parent | 09a6d126ac306b2e8564732562c87d3831450f90 (diff) | |
download | neutron-63584957203ec9f5ba165177978213c3909f81f0.tar.gz |
Delete sg rule which remote is the deleted sg
Based on bug #2008712 if we have a security-group which
is the remote group of a 2nd security-group, the backend
never deletes the rule of the 2nd group which
remote_group_id is the original security-group.
By AFTER_DELETE event for each rule that has the
security_group_id as remote_group_id, we can make the
mech drivers do their work and delete these rules in the
backend.
Change-Id: I207ecf7954b06507e03cb16b502ceb6e2807e0e7
Closes-Bug: #2008712
Diffstat (limited to 'neutron/plugins')
-rw-r--r-- | neutron/plugins/ml2/drivers/ovn/mech_driver/mech_driver.py | 20 |
1 files changed, 9 insertions, 11 deletions
diff --git a/neutron/plugins/ml2/drivers/ovn/mech_driver/mech_driver.py b/neutron/plugins/ml2/drivers/ovn/mech_driver/mech_driver.py index ef16d06227..1ffb4059b5 100644 --- a/neutron/plugins/ml2/drivers/ovn/mech_driver/mech_driver.py +++ b/neutron/plugins/ml2/drivers/ovn/mech_driver/mech_driver.py @@ -265,9 +265,6 @@ class OVNMechanismDriver(api.MechanismDriver): registry.subscribe(self._create_security_group, resources.SECURITY_GROUP, events.AFTER_CREATE) - registry.subscribe(self._delete_security_group_precommit, - resources.SECURITY_GROUP, - events.PRECOMMIT_DELETE) registry.subscribe(self._delete_security_group, resources.SECURITY_GROUP, events.AFTER_DELETE) @@ -280,6 +277,9 @@ class OVNMechanismDriver(api.MechanismDriver): registry.subscribe(self._process_sg_rule_notification, resources.SECURITY_GROUP_RULE, events.BEFORE_DELETE) + registry.subscribe(self._process_sg_rule_after_del_notification, + resources.SECURITY_GROUP_RULE, + events.AFTER_DELETE) def _clean_hash_ring(self, *args, **kwargs): admin_context = n_context.get_admin_context() @@ -396,14 +396,6 @@ class OVNMechanismDriver(api.MechanismDriver): self._ovn_client.create_security_group(context, security_group) - def _delete_security_group_precommit(self, resource, event, trigger, - payload): - context = n_context.get_admin_context() - security_group_id = payload.resource_id - for sg_rule in self._plugin.get_security_group_rules( - context, filters={'remote_group_id': [security_group_id]}): - self._ovn_client.delete_security_group_rule(context, sg_rule) - def _delete_security_group(self, resource, event, trigger, payload): context = payload.context security_group_id = payload.resource_id @@ -461,6 +453,12 @@ class OVNMechanismDriver(api.MechanismDriver): context, sg_rule) + def _process_sg_rule_after_del_notification( + self, resource, event, trigger, payload): + context = payload.context + sg_rule = payload.metadata['rule'] + self._ovn_client.delete_security_group_rule(context, sg_rule) + def _sg_has_rules_with_same_normalized_cidr(self, sg_rule): compare_keys = [ 'ethertype', 'direction', 'protocol', |