Fix removing non-last port from the group

When a firewall group has few ports, and some of those are removed the status of the firewall group should not become INACTIVE Change-Id: Ie3c0538ca31af9abb1b8c1cc5e4f6c3df9b16a1c Closes-Bug: #1832450
2019-06-12 11:18:39 +03:00 · 2019-06-12 11:18:39 +03:00 · fbea371e65
parent 45a36b8ba8
commit fbea371e65
3 changed files with 27 additions and 4 deletions
--- a/neutron_fwaas/services/firewall/service_drivers/agents/agents.py
+++ b/neutron_fwaas/services/firewall/service_drivers/agents/agents.py
@ -326,9 +326,10 @@ class FirewallAgentDriver(driver_api.FirewallDriverDB,
        )

        # last-port drives agent to ack with status to set state to INACTIVE
-        fwg_with_rules['last-port'] = not (
-            set(new_firewall_group['ports']) - set(old_firewall_group['ports'])
-        )
+        # Set last-port to True if there are no ports in the new group,
+        # but the old group had ports
+        fwg_with_rules['last-port'] = (old_firewall_group['ports'] and
+                                       not(new_firewall_group['ports']))

        LOG.debug("update_firewall_group %s: Add Ports: %s, Del Ports: %s",
            new_firewall_group['id'],
--- a/neutron_fwaas/services/firewall/service_drivers/agents/l3reference/firewall_l3_agent_v2.py
+++ b/neutron_fwaas/services/firewall/service_drivers/agents/l3reference/firewall_l3_agent_v2.py
@ -473,7 +473,8 @@ class FWaaSL3AgentExtension(l3_extension.L3AgentExtension):
                           "for firewall group: %s")
                    LOG.exception(msg, firewall_group['id'])
                    status = nl_constants.ERROR
-            else:
+            elif not status:
+                # if status not set by now, set it to INACTIVE
                status = nl_constants.INACTIVE

        # Return status to plugin.
--- a/neutron_fwaas/tests/unit/services/firewall/service_drivers/agents/l3reference/test_firewall_l3_agent_v2.py
+++ b/neutron_fwaas/tests/unit/services/firewall/service_drivers/agents/l3reference/test_firewall_l3_agent_v2.py
@ -278,6 +278,27 @@ class TestFWaaSL3AgentExtension(base.BaseTestCase):
        self.api.update_firewall_group(self.context, firewall_group,
                                       host='host')

+    def test_update_firewall_group_with_only_ports_removed(self):
+        firewall_group = {'id': 0, 'project_id': 1,
+                          'admin_state_up': True,
+                          'ports': [1, 2],
+                          'add-port-ids': [],
+                          'del-port-ids': ['1'],
+                          'last-port': False
+                          }
+        self.api.plugin_rpc = mock.Mock()
+        with mock.patch.object(self.api.fwaas_driver, 'update_firewall_group'
+                               ) as mock_driver_update_firewall_group, \
+                mock.patch.object(self.api.fwplugin_rpc,
+                                  'set_firewall_group_status'
+                                  ) as mock_set_firewall_group_status:
+
+            mock_driver_update_firewall_group.return_value = True
+            self.api.update_firewall_group(self.context, firewall_group,
+                                           host='host')
+            mock_set_firewall_group_status.assert_called_once_with(
+                    self.context, firewall_group['id'], 'ACTIVE')
+
    def test_delete_firewall_group(self):
        firewall_group = {'id': 0, 'project_id': 1,
                          'admin_state_up': True,