From a7127ffe863998f2c8b564a8ed16b9a288606663 Mon Sep 17 00:00:00 2001
From: Ihar Hrachyshka <ihrachys@redhat.com>
Date: Thu, 20 May 2021 12:49:21 -0400
Subject: [PATCH] ovn: support allow-stateless ACL verb

It was added in OVN 21.06. It is used to implement stateless
firewall.

Change-Id: I7343fb609fab91c20490842378747f7265241e82
---
 ovsdbapp/schema/ovn_northbound/api.py                       | 6 ++++--
 ovsdbapp/schema/ovn_northbound/commands.py                  | 6 ++++--
 .../notes/ovn-support-allow-stateless-01aed5acdcd1c0d1.yaml | 3 +++
 3 files changed, 11 insertions(+), 4 deletions(-)
 create mode 100644 releasenotes/notes/ovn-support-allow-stateless-01aed5acdcd1c0d1.yaml

diff --git a/ovsdbapp/schema/ovn_northbound/api.py b/ovsdbapp/schema/ovn_northbound/api.py
index 2b382836..841c4276 100644
--- a/ovsdbapp/schema/ovn_northbound/api.py
+++ b/ovsdbapp/schema/ovn_northbound/api.py
@@ -109,7 +109,8 @@ class API(api.API, metaclass=abc.ABCMeta):
         :param match:     The match rule
         :type match:      string
         :param action:    The action to take upon match
-        :type action:     'allow', 'allow-related', 'drop', or 'reject'
+        :type action:     'allow', 'allow-related', 'allow-stateless', 'drop',
+                          or 'reject'
         :param log:       If True, enable packet logging for the ACL
         :type log:        boolean
         :returns:         :class:`Command` with RowView result
@@ -159,7 +160,8 @@ class API(api.API, metaclass=abc.ABCMeta):
         :param match:        The match rule
         :type match:         string
         :param action:       The action to take upon match
-        :type action:        'allow', 'allow-related', 'drop', or 'reject'
+        :type action:        'allow', 'allow-related', 'allow-stateless',
+                             'drop', or 'reject'
         :param log:          If True, enable packet logging for the ACL
         :type log:           boolean
         :param may_exist:    If True, don't fail if the ACL already exists
diff --git a/ovsdbapp/schema/ovn_northbound/commands.py b/ovsdbapp/schema/ovn_northbound/commands.py
index 3f4d75c1..c826e622 100644
--- a/ovsdbapp/schema/ovn_northbound/commands.py
+++ b/ovsdbapp/schema/ovn_northbound/commands.py
@@ -91,8 +91,10 @@ class _AclAddHelper(cmd.AddCommand):
         if not 0 <= priority <= const.ACL_PRIORITY_MAX:
             raise ValueError("priority must be between 0 and %s, inclusive" % (
                              const.ACL_PRIORITY_MAX))
-        if action not in ('allow', 'allow-related', 'drop', 'reject'):
-            raise TypeError("action must be allow/allow-related/drop/reject")
+        if action not in ('allow', 'allow-related', 'allow-stateless',
+                          'drop', 'reject'):
+            raise TypeError("action must be allow/allow-related/"
+                            "allow-stateless/drop/reject")
         super().__init__(api)
         self.entity = entity
         self.direction = direction
diff --git a/releasenotes/notes/ovn-support-allow-stateless-01aed5acdcd1c0d1.yaml b/releasenotes/notes/ovn-support-allow-stateless-01aed5acdcd1c0d1.yaml
new file mode 100644
index 00000000..affa467d
--- /dev/null
+++ b/releasenotes/notes/ovn-support-allow-stateless-01aed5acdcd1c0d1.yaml
@@ -0,0 +1,3 @@
+---
+features:
+  - Support the new "allow-stateless" ACL action. It was added in OVN 21.06.