Unblock security group update with same stateful data

Closes-Bug: #1866160 Blueprint: stateless-security-groups Change-Id: I46d80a2a4f114a6775827ab3caa61dee9f5f1361
2020-03-05 06:07:29 +00:00 · 2020-03-05 06:07:29 +00:00 · 2b56e60140
parent 230c25d209
commit 2b56e60140
2 changed files with 25 additions and 6 deletions
--- a/neutron/db/securitygroups_db.py
+++ b/neutron/db/securitygroups_db.py
@ -278,13 +278,16 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase,
    @db_api.retry_if_session_inactive()
    def update_security_group(self, context, id, security_group):
        s = security_group['security_group']
+
        if 'stateful' in s:
-            filters = {'security_group_id': [id]}
            with db_api.CONTEXT_READER.using(context):
-                ports = self._get_port_security_group_bindings(context,
-                                                               filters)
-                if ports:
-                    raise ext_sg.SecurityGroupInUse(id=id)
+                sg = self._get_security_group(context, id)
+                if s['stateful'] != sg['stateful']:
+                    filters = {'security_group_id': [id]}
+                    ports = self._get_port_security_group_bindings(context,
+                                                                   filters)
+                    if ports:
+                        raise ext_sg.SecurityGroupInUse(id=id)

        kwargs = {
            'context': context,
--- a/neutron/tests/unit/db/test_securitygroups_db.py
+++ b/neutron/tests/unit/db/test_securitygroups_db.py
@ -94,6 +94,18 @@ class SecurityGroupDbMixinTestCase(testlib_api.SqlTestCase):
            with testtools.ExpectedException(securitygroup.SecurityGroupInUse):
                self.mixin.delete_security_group(self.ctx, mock.ANY)

+    def test_update_security_group_statefulness_binded_conflict(self):
+        FAKE_SECGROUP['security_group']['stateful'] = mock.ANY
+        sg_dict = self.mixin.create_security_group(self.ctx, FAKE_SECGROUP)
+        FAKE_SECGROUP['security_group']['stateful'] = not sg_dict['stateful']
+        with mock.patch.object(self.mixin,
+                               '_get_port_security_group_bindings'), \
+                mock.patch.object(registry, "notify") as mock_notify:
+            mock_notify.side_effect = exceptions.CallbackFailure(Exception())
+            with testtools.ExpectedException(securitygroup.SecurityGroupInUse):
+                self.mixin.update_security_group(self.ctx, sg_dict['id'],
+                                                 FAKE_SECGROUP)
+
    def test_update_security_group_conflict(self):
        with mock.patch.object(registry, "notify") as mock_notify:
            mock_notify.side_effect = exceptions.CallbackFailure(Exception())
@ -325,12 +337,16 @@ class SecurityGroupDbMixinTestCase(testlib_api.SqlTestCase):
        self._test_security_group_precommit_create_event()

    def test_security_group_precommit_update_event(self):
+        FAKE_SECGROUP['security_group']['stateful'] = mock.ANY
        original_sg_dict = self.mixin.create_security_group(self.ctx,
                                                            FAKE_SECGROUP)
        sg_id = original_sg_dict['id']
-        with mock.patch.object(registry, "publish") as mock_notify:
+        with mock.patch.object(self.mixin,
+                               '_get_port_security_group_bindings'), \
+                mock.patch.object(registry, "publish") as mock_notify:
            fake_secgroup = copy.deepcopy(FAKE_SECGROUP)
            fake_secgroup['security_group']['name'] = 'updated_fake'
+            fake_secgroup['security_group']['stateful'] = mock.ANY
            sg_dict = self.mixin.update_security_group(
                    self.ctx, sg_id, fake_secgroup)