From c4b16ec5a35ec8724311f1b44907f10d1a3265b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89douard=20Thuleau?= Date: Tue, 2 Aug 2016 10:57:30 +0200 Subject: [PATCH] Remove stale security group rules When a security group is deleted all security group rules which reference it as 'remote_group_id' should be deleted. As the contrail data model does not permit to easy found that rules, that fix propose to hide that stale rules only when they are listed or read. [1] https://github.com/openstack/tempest/search?utf8=%E2%9C%93&q=test_security_group_rules_delete_when_peer_group_deleted&type=Code Change-Id: I219f4127785ab300302f2b7454321de83770a4a9 Closes-Bug: #1591976 --- .../vnc_client/sgrule_res_handler.py | 38 ++++++++++--------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/neutron_plugin_contrail/plugins/opencontrail/vnc_client/sgrule_res_handler.py b/neutron_plugin_contrail/plugins/opencontrail/vnc_client/sgrule_res_handler.py index 56030d0..ff8f7c8 100644 --- a/neutron_plugin_contrail/plugins/opencontrail/vnc_client/sgrule_res_handler.py +++ b/neutron_plugin_contrail/plugins/opencontrail/vnc_client/sgrule_res_handler.py @@ -60,15 +60,16 @@ def _security_group_rule_vnc_to_neutron(self, sg_id, sg_rule, if addr.get_security_group() != 'any' and ( addr.get_security_group() != 'local'): remote_sg = addr.get_security_group() - try: - if remote_sg != ':'.join(sg_obj.get_fq_name()): - remote_sg_obj = sg_handler.SecurityGroupHandler( - self._vnc_lib).get_sg_obj(fq_name_str=remote_sg) - else: - remote_sg_obj = sg_obj - remote_sg_uuid = remote_sg_obj.uuid - except vnc_exc.NoIdError: - pass + if remote_sg != ':'.join(sg_obj.get_fq_name()): + try: + remote_sg_uuid = self._vnc_lib.fq_name_to_id( + 'security-group', remote_sg.split(':')) + except vnc_exc.NoIdError: + # Filter rule out as the remote security group does not + # exist anymore + return sgr_q_dict + else: + remote_sg_uuid = sg_obj.uuid sgr_q_dict['id'] = sg_rule.get_rule_uuid() sgr_q_dict['tenant_id'] = self._project_id_vnc_to_neutron( @@ -131,9 +132,11 @@ def resource_get(self, context, sgr_id, fields=None): sg_obj, sg_rule = self._security_group_rule_find(sgr_id, project_uuid) if sg_obj and sg_rule: - return self._security_group_rule_vnc_to_neutron(sg_obj.uuid, - sg_rule, sg_obj, - fields=fields) + sgr_info = self._security_group_rule_vnc_to_neutron(sg_obj.uuid, + sg_rule, sg_obj, + fields=fields) + if sgr_info: + return sgr_info self._raise_contrail_exception('SecurityGroupRuleNotFound', id=sgr_id, resource='security_group_rule') @@ -152,11 +155,12 @@ def security_group_rules_read(self, sg_obj, fields=None, filters=None): if filter_ids and sg_rule.get_rule_uuid() not in filter_ids: continue - sg_info = self._security_group_rule_vnc_to_neutron(sg_obj.uuid, - sg_rule, - sg_obj, - fields=fields) - sg_rules.append(sg_info) + sgr_info = self._security_group_rule_vnc_to_neutron(sg_obj.uuid, + sg_rule, + sg_obj, + fields=fields) + if sgr_info: + sg_rules.append(sgr_info) return sg_rules # end security_group_rules_read