diff options
authorDaniel Alvarez <>2018-11-12 13:21:41 +0100
committerDaniel Alvarez <>2018-11-12 13:27:30 +0100
commit605ad27f053a1ef9ffb3601c6023987ddb6a22e1 (patch)
parentc6a5543f9e7252cf20e9596ac7c850d0fcafcc96 (diff)
Fix Tempest and Unit tests
This patch is a squash of two commits that fix both tempest and unit tests: 1. Port Groups: Fix bug when updating a port to trusted When a normal port with port security enabled (ie. belonging to default drop Port Group) gets updated to a trusted port (ie. router port), the existing code won't remove the port from the Port Group so all traffic gets dropped. This patch fixes the issue by checking this condition in the update_port method of the ovn_client module. 2. UT: Fix unit tests failures After 3316b45665a99b0f61e45a8c7facf538618861bf got merged in Neutron, our gate is blocked due to unit tests failing. After some debugging, it looks like no longer importing neutron.db.api is the culprit. This patch is importing it from our unit tests to unbreak the gate while the actual root case is determined. Change-Id: I3d30ec18f0c9df256c8f5846b52ab619835b5e32 Closes-Bug: #1802373 Partial-Bug: #1802369 Signed-off-by: Daniel Alvarez <>
Notes (review): Code-Review+2: Lucas Alvares Gomes <> Code-Review+2: Miguel Angel Ajo <> Workflow+1: Lucas Alvares Gomes <> Code-Review+1: Daniel Alvarez <> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Tue, 13 Nov 2018 23:40:37 +0000 Reviewed-on: Project: openstack/networking-ovn Branch: refs/heads/master
2 files changed, 6 insertions, 3 deletions
diff --git a/networking_ovn/common/ b/networking_ovn/common/
index c56fb2e..3476227 100644
--- a/networking_ovn/common/
+++ b/networking_ovn/common/
@@ -453,9 +453,11 @@ class OVNClient(object):
453 utils.is_port_security_enabled(port)): 453 utils.is_port_security_enabled(port)):
454 self._add_port_to_drop_port_group(port['id'], txn) 454 self._add_port_to_drop_port_group(port['id'], txn)
455 # If the port doesn't belong to any security group and 455 # If the port doesn't belong to any security group and
456 # port_security is disabled, allow all traffic 456 # port_security is disabled, or it's a trusted port, then
457 elif (not new_sg_ids and 457 # allow all traffic.
458 not utils.is_port_security_enabled(port)): 458 elif ((not new_sg_ids and
459 not utils.is_port_security_enabled(port)) or
460 utils.is_lsp_trusted(port)):
459 self._del_port_from_drop_port_group(port['id'], txn) 461 self._del_port_from_drop_port_group(port['id'], txn)
460 else: 462 else:
461 # Refresh ACLs for changed security groups or fixed IPs. 463 # Refresh ACLs for changed security groups or fixed IPs.
diff --git a/networking_ovn/tests/unit/ml2/ b/networking_ovn/tests/unit/ml2/
index 80bd142..9ee6380 100644
--- a/networking_ovn/tests/unit/ml2/
+++ b/networking_ovn/tests/unit/ml2/
@@ -34,6 +34,7 @@ from oslo_db import exception as os_db_exc
34from oslo_serialization import jsonutils 34from oslo_serialization import jsonutils
35from oslo_utils import timeutils 35from oslo_utils import timeutils
36 36
37from neutron.db import api # noqa
37from neutron.db import provisioning_blocks 38from neutron.db import provisioning_blocks
38from neutron.plugins.ml2.drivers import type_geneve # noqa 39from neutron.plugins.ml2.drivers import type_geneve # noqa
39from neutron.tests import tools 40from neutron.tests import tools