Merge "Firewall group associated with ports is not allowed to be deleted"

2023-09-12 14:20:58 +00:00 · 2023-09-12 14:20:58 +00:00 · 3fcf1b8246
parent 193d1e2766 5b56eaf3b0
commit 3fcf1b8246
3 changed files with 17 additions and 26 deletions
--- a/neutron_fwaas/services/firewall/fwaas_plugin_v2.py
+++ b/neutron_fwaas/services/firewall/fwaas_plugin_v2.py
@ -339,7 +339,7 @@ class FirewallPluginV2(Firewallv2PluginBase):
        except f_exc.FirewallGroupNotFound:
            return

-        if fwg['status'] == nl_constants.ACTIVE:
+        if fwg['ports']:
            raise f_exc.FirewallGroupInUse(firewall_id=id)

        self.driver.delete_firewall_group(context, id)
--- a/neutron_fwaas/services/firewall/service_drivers/agents/agents.py
+++ b/neutron_fwaas/services/firewall/service_drivers/agents/agents.py
@ -270,31 +270,6 @@ class FirewallAgentDriver(driver_api.FirewallDriverDB,
                context, firewall_group['ports'])
            self.agent_rpc.create_firewall_group(context, fwg_with_rules)

-    def delete_firewall_group_precommit(self, context, firewall_group):
-        if firewall_group['status'] == nl_constants.ACTIVE:
-            raise f_exc.FirewallGroupInUse(firewall_id=firewall_group['id'])
-        elif firewall_group['status'] != nl_constants.INACTIVE:
-            # Firewall group is in inconsistent state, remove it
-            return
-        if not firewall_group['ports']:
-            # No associated port, can safety remove it
-            return
-
-        # Need to prevent agent to delete the firewall group before delete it
-        self.firewall_db.update_firewall_group_status(
-            context, firewall_group['id'], nl_constants.PENDING_DELETE)
-        firewall_group['status'] = nl_constants.PENDING_DELETE
-
-        fwg_with_rules = self.firewall_db.make_firewall_group_dict_with_rules(
-            context, firewall_group['id'])
-        fwg_with_rules['del-port-ids'] = firewall_group['ports']
-        fwg_with_rules['add-port-ids'] = []
-        # Reflect state change in fwg_with_rules
-        fwg_with_rules['status'] = nl_constants.PENDING_DELETE
-        fwg_with_rules['port_details'] = self._get_fwg_port_details(
-            context, fwg_with_rules['del-port-ids'])
-        self.agent_rpc.delete_firewall_group(context, fwg_with_rules)
-
    def _need_pending_update(self, old_firewall_group, new_firewall_group):
        port_updated = (set(new_firewall_group['ports']) !=
                        set(old_firewall_group['ports']))
--- a/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin_v2.py
+++ b/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin_v2.py
@ -382,6 +382,22 @@ class FirewallPluginV2TestCase(test_db_plugin.NeutronDbPluginV2TestCase):
        firewall_group = self.deserialize(fmt or self.fmt, res)
        yield firewall_group
        if do_delete:
+            self.plugin.driver.firewall_db.update_firewall_group_status(
+                context.get_admin_context(),
+                firewall_group['firewall_group']['id'],
+                nl_constants.ACTIVE)
+            data = {
+                'firewall_group': {
+                    'ports': [],
+                },
+            }
+            req = self.new_update_request(
+                'firewall_groups',
+                data,
+                firewall_group['firewall_group']['id'],
+                as_admin=True,
+            )
+            req.get_response(self.ext_api)
            self._delete('firewall_groups',
                         firewall_group['firewall_group']['id'],
                         as_admin=True)