Remove B303 (md5, sha1 for python<3.9) and
remove B311 (Standard pseudo-random generators are
not suitable for security/cryptographic purpose) from
the skip list of bandit execution.
Change-Id: I6e9e61e7f94dc9ca339942529af8997adef45e38
Update hacking to a more recent version, along with
flake8-import-order.
Remove N347 (import mock library) check as that is the
default with later hacking versions.
Update the builtins override of '_' to be the neutron.i18n
version due to the code triggering a false positive. This
is done in a couple of other projects as well.
Fix a number of new warnings it found.
Added some ignore directives for new whitespace issues
found in the test tree, can fix later.
TrivialFix
Change-Id: I5923255af86cf1fa11ab8e3b03bb9efac7dd7b58
All of these exceptions and constants have been in
neutron-lib for a while, start using them.
While looking for other things to consume found an old
neutron-lib TODO that did not apply anymore, so removed.
TrivialFix
Change-Id: I9431075a50ba05be872db422125e6af6266ccb99
Support is added to the OVN L3 service plugin for the router
flavors and service type framework
Partial-Bug: #2020823
Change-Id: If40d7b39e7b59a39ff7622bd823dbdb14bfc69d2
It's not necessary to get all port informations for the
floating IP port DB query. And the device_id and
device_owner is unique for the DB query.
Change-Id: If7ed1d1b1d9798c0df676bc8c452fb0fa9e288d1
[1] changed FIP OvO for QoS update, but it seems that
it introduced a regression when FIP is updated without
QoS policy in the request.
[1]: https://review.opendev.org/c/833667
Closes-Bug: #2041609
Change-Id: I254e1625c1a157e562df22ae2fd5c6e28971f812
Raise an error when deleting/changing the fixed IP
which is linked to a floating IP.
Closes-Bug: #1999209
Change-Id: I83a5b6c30d54435426f75f4cd1f80bf41822eec5
Currently, agents in DVR mode requesting a router update fetch all the
FIPs on a network from the DB rather than just the FIPs that are
relevant to the specific host requesting the update.
While not noticable in smaller networks with a limited number of
floating IPs, this can add significant overhead in larger networks
with many FIPs and hosts.
That overhead comes from Python mapping the responses from the DB into
objects, making extra DB calls per FIP returned and adding additional
iterations to the loop in _get_dvr_sync_data. These objects are mostly
discarded later on and not updated nor included in the RPC response.
This change ensures that we only fetch FIPs from the DB that are bound
to the host requesting the update or those which are in a pre-live
migration state (as they may be migrated to the host in question).
Closes-Bug: #2028185
Change-Id: I199b0b1456aa15dadcc24cafc89db1072d224efd
This patch effectively reverts old patch [1]. From now on it will be not
allowed to directly remove router ports which don't have fixed IPs
assigned. Such ports will be treated as any other ports connected to the
routers.
Originally [1] was introduced to allow cleanup of the router ports for
which subnets were deleted. But now it's not needed anymore as we
prevent deletion of subnet if there are any ports with IP allocated from
that subnet.
Closes-bug: #2025056
[1] https://review.opendev.org/c/openstack/neutron/+/20424
Change-Id: I1a3723ae999fefb5dcbe3a60cf1a4902da9f0265
After updating pylint, it started emitting additional "E"
warnings in some cases, fix them.
unsubscriptable-object,
unsupported-delete-operation
These were associated with the OVN AgentCache code. Instead
of using a subscript, create get/delete methods to do the
same thing.
used-before-assignment
Re-factor some code so it's clear to pylint variables are
being assigned properly.
Trivialfix
Change-Id: I4a5ccb7f33465705e59b5274c41db3c371862b1e
When a tenant user try to delete a port that has attached a FIP by
an admin user is getting a 500 ServerError.
This patch improves the error to 409 Conflict doing some additionals
checks on the delete_port method.
New exception has been included locally, but will be removed as soon
neutron-lib bumps to a newer release.
Closes-Bug: 2017680
Change-Id: Iab77c64c03fd0d44ff7a3fc1c556d85a8c480bb9
* Add a new API for adding/updating/removing multiple gateway ports
on routers;
* Implement the necessary backend changes.
Partial-Bug: #2002687
Depends-On: I2618475636b2bb9bfd743a62f5d4859d4f68a547
Change-Id: Id885565e88f6f1898ca5cfac709a24dd62605d1a
Some files are using strings access_as_shared or access_as_external
instead of using defined constants ACCESS_SHARED and ACCESS_EXTERNAL.
This commit is doing the cleaning it does not bring any functional
change.
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
Change-Id: Ib75326c762776c5259740cb2f0abc1163842f95d
The method ``get_router_for_floatingip`` query needs to define a join
clausule per table or column to be joined.
The expected query is the following one:
SELECT DISTINCT routerports.router_id AS routerports_router_id,
ipallocations.ip_address AS ipallocations_ip_address
FROM routerports
JOIN ports ON ports.id = routerports.port_id
JOIN ipallocations ON ports.id = ipallocations.port_id
JOIN ports AS gw_port ON gw_port.device_id = routerports.router_id
WHERE ports.network_id = ?
AND routerports.port_type IN (XXX)
AND ipallocations.subnet_id = ?
AND gw_port.network_id = ?
AND gw_port.device_owner = ?
The goal is to retrieve the router that matches the GW IP, that is in
the same subnet and network as provided.
Closes-Bug: #2012643
Change-Id: Id054ffaca17153ff470b6bc91f7c3da4f7bf0fdc
On a recent change [1], some additional checks was added to avoid
ports overlapping cidrs on a router. On this change was also added
a check to do not attach more than one port IPv6 from same network,
but this check need to allow multiple ports when a deployment is
done using ml2/ovs+xvlan+dvr and the router has an external gateway
configured, because two ports are added:
- one with device_owner as network:router_interface_distributed
- another one with device_owner as network:router_centralized_snat
Also an small improvement is done for just run this check over the
existing ports on the router for the same network_id.
[1] https://review.opendev.org/c/openstack/neutron/+/859143
Closes-Bug: #2002800
Change-Id: I765a7b41e7e84f42a3180dfd15e3a41a8e085284
A corner case of the fix done in [1] could happend if, as a race
scenario, parallel requests evaluate other ports that could be deleted
during the process if they had already determined a overlapping, in that
case a RouterInterfaceNotFound exception was raised and the request
finished with that exception and a 404 status code.
This patch removes the exception due to a port not found, because if the
port is not found, the related subnet should not participate in the
overlap evaluation, so it makes no sense to break the process for a port
that no longer exists. It also improves the previous validation to
perform the overlapping check, being performed only when we have
at least more than one subnet, as the overlapping check with only one
subnet did not make sense.
Closes-Bug: #1998226
[1] https://review.opendev.org/c/openstack/neutron/+/859143
Change-Id: If4afe6f525c46f9cf7f02d8aae27dfc56144fd62
The table "router_extra_attributes" is a child of "router" table.
Each register contains extra information that completes the router
description. When using ML2/OVS mechanism driver, the methods that
create and populate the "router_extra_attributes" register are always
called from the L3 DVR, L3 HA and availability zones extensions.
When using ML2/OVN, those extensions are not loaded and therefore the
"router_extra_attributes" register is not created.
Despite this register is currently not used in ML2/OVN (it will be in
future features), there are some project expecting the
"router_extra_attributes" register to be always created (for example,
neutron-dynamic-routing [1]).
This patch enforces the child register creating always when a router is
created. This register is populated with the default values. This new
register does not affect any current operation related to ML2/OVN nor
ML2/OVS.
There is a 1:1 relationship between "routers" and
"router_extra_attributes". The child register is deleted by the database
engine when the "routers" register is deleted (ondelete="CASCADE").
[1]https://review.opendev.org/c/openstack/neutron-dynamic-routing/+/863713
Closes-Bug: #1995974
Change-Id: Ic546e40513402fa101c9687acce382cd6b84356c
Running with a stricter .pylintrc generates a lot of
C0330 warnings (hanging/continued indentation). Fix
the ones in neutron/db.
Trivialfix
Change-Id: I9311cfe5efc51552008072d84aa238e5d0c9de60
When simultaneous attempts are made to add an interface
to the same router including overlapping networks in cidrs,
both attempts are successful. There is a check to avoid this
overlap but is performed when creating the network interface
and it is done over the ports already attached to the router,
so at this moment the check is not able to detect the
overlapping. Furthermore, the create_port operation over the
ML2 plugin must be executed in isolated transactions, so
trying to control the execution context or adding additional
steps to the transaction is not feasible.
This patch checks once the RouterPort is created on the
neutron database if there is more than one overlapping port,
triggering in that case the exception that will remove the
the culprit of overlapping.
Closes-Bug: #1987666
Change-Id: I7cec8b53e72e7abf34012906e6adfecf079525af
This will subnets from shared networks to be added on routers using:
$ openstack router add subnet router_id subnet_id
Without this, neutron user must use a multi-router solution, which is
not convenient at all.
Closes-Bug: #1975603
Related-Bug: #1757482
Signed-off-by: Arnaud Morin <arnaud.morin@ovhcloud.com>
Change-Id: I50f07d41428e57e6bed9be16980a6c605b7d130e
L3_NAT_dbonly_mixin.update_floatingip_status is called from methods
which are decoarted with retry decorator or from within a db context.
As update_floatingip_status also called from OVNL3RouterPlugin added a
utility method, update_floatingip_status_retry with decorator to avoid
retrying OVN methods, and added CONTEXT_WRITER here also as other calls
of update_floatingip_status from l3_rpc for example uses CONTEXT_WRITER.
Change-Id: Ifdb008c2402aa24766cbd30dd53458599076c955
Closes-Bug: #1980721
The goal of this series of patches is to make the Neutron code
compliant with SQLAlchemy 2.0.
This patch adds the missing database contexts in the execution of
some queries in the L3 code, reported in the following bugs. This
patch also refactors the ``neutron.db.l3_db`` methods, using the
method decorators instead of the inline context builders.
Closes-Bug: #1974144
Closes-Bug: #1974142
Related-Bug: #1964575
Change-Id: I7e18db7f1fa6b8878c13df09895c993704401815
The goal of this patch is to make the Neutron code compliant
with SQLAlchemy 2.0.
All SQL transactions must be executed inside an explicit
writer/reader context. SQLAlchemy no longer will create an
implicit transaction if the session has no active transaction.
A warning message, only available in debug mode, is added. When
an ORM session calls "do_orm_execute", if there is no active
transaction, a warning message with a traceback will be logged
to help to debug the regression introduced.
Related-Bug: #1964575
Change-Id: I3da37fee205b8d67d10673075b9130147d9eab5f
Since [1], "FloatingIP" OVO has the synthetic field "qos_policy_id",
linked to "QosPolicyFloatingIPBinding". This patch uses the OVO
implementation to bind the corresponding QoS policy to the floating
IP register.
Related-Bug: #1877404
[1]https://review.opendev.org/c/openstack/neutron/+/726208
Change-Id: I7071eb29c55fadcb3a87bd9c7f76e4c68c3ea217
When a router is deleted, the server checks first if there are ports
still attached. In this case, the exception "RouterInUse" is raised.
This patch adds the port IDs to the exception message.
Related-Bug: #1962167
Change-Id: I5b5e31677f81d7ba47a457044a6b58910ae41466
When I writing 'ndp_proxy' service plugin, I found I couldn't get enough
informations about router from the callback system (Such as: the origin
request body of user send). So, for write service plugin that related
router plugin more concisely I commit this patch.
This patch proposal two changes about router callback publish events:
1. Add 'request_body' parameter to some event's payload
2. add 'BEFORE_UPDATE' event for router gateway
Related-bug: #1877301
Change-Id: I5f6a4e6f0b7c5feb794ddb7efbd07d01bad91af8
Floating IP ports should not have a project_id assigned to them as they
are not managed by the owner of a project, but by OpenStack itself. With
a project_id assigned they also count towards the port quota of said
project, which they should not. Therefore, we do not set a project_id
anymore on Floating IP creation for the Floating IP port. This is in
line with the behaviour we currently have for gateway interfaces of
routers.
Change-Id: I053d48166141e5cdbd39a1235a43b06d64478bc1
Closes-Bug: #1949767
Reduce the object retrieval to one single field to improve the
collection count.
Bumped neutron-lib to 2.16.0. This version contains [1], needed for
this patch.
[1]https://review.opendev.org/c/openstack/neutron-lib/+/807686
Related-Bug: #1942863
Change-Id: I160e8084e97b23a2bacb49ceb40efbac2d0715be
Use same FIP field names for all notifications.
Move association_event field into Payload metadata.
Closes-Bug: #1933502
Change-Id: Ia462ca4b340cd3d9a27341632b24926c3290a4b2
Change FloatingIP AFTER_ notifications in l3_db to use publish calls.
Move association_event field into Payload metadata.
Closes-Bug: #1933502
Change-Id: Ie4c0f4a63a87c32026c49b03068e5f461deb38b6
This patch switches over to callback payloads for
FLOATING_IP PRECOMMIT_CREATE and PRECOMMIT_UPDATE events
Change-Id: I886a360b838c78b0596c042fb5650bc73848af31
This patch switches over to callback payloads for ROUTER
AFTER_CREATE, AFTER_UPDATE and AFTER_DELETE events.
Change-Id: Ie818ffbb1a291faa80501157b46ff6671d5c26ba
This patch switches over to callback payloads for ROUTER
BEFORE_CREATE, PRECOMMIT_CREATE, BEFORE_UPDATE and
PRECOMMIT_DELETE events.
Change-Id: I4a52c773d3f753c918df0986f1d261083156651c
This patch switches over to callback payloads for PORT
AFTER_DELETE events.
Some shims were removed.
Change-Id: If69e37b84fe1b027777b1d673b3d08a6651a979e
When the router GW interface is updated or deleted, the routes should
be checked in other to prove all of them have connectivity to any of
the router interface subnets.
In a router, all routes nexthops must have connectivity with one
interface subnet. If not, this route cannot send the packets to this
route gateway; therefore this route becomes invalid.
Closes-Bug: #1925368
Change-Id: I7ce93b863b0dc0d4a2376fcfd602d2facb6fb2d0