Add property "noopfirewall_or_firewall_disabled"

Added new property to "SecurityGroupAgentRpc" class, "noopfirewall_or_firewall_disabled". If the security group API is not enabled or the firewall configured is "NoopFirewallDriver", the property will return "True". Related-Bug: #1732067 Change-Id: I64db2f259462570e4c1d8df7396d188519071431
2020-10-07 10:43:48 +00:00 · 2020-10-07 10:43:48 +00:00 · 7842344a77
parent e789b18e72
commit 7842344a77
2 changed files with 8 additions and 7 deletions
--- a/neutron/agent/securitygroups_rpc.py
+++ b/neutron/agent/securitygroups_rpc.py
@ -63,6 +63,11 @@ class SecurityGroupAgentRpc(object):
        self.plugin_rpc = plugin_rpc
        self.init_firewall(defer_refresh_firewall, integration_bridge)

+    @property
+    def noopfirewall_or_firewall_disabled(self):
+        return (isinstance(self.firewall, firewall.NoopFirewallDriver) or
+                not is_firewall_enabled())
+
    def _get_trusted_devices(self, device_ids, devices):
        trusted_devices = []
        # Devices which are already added in firewall ports should
@ -117,8 +122,7 @@ class SecurityGroupAgentRpc(object):
    def skip_if_noopfirewall_or_firewall_disabled(func):
        @functools.wraps(func)
        def decorated_function(self, *args, **kwargs):
-            if (isinstance(self.firewall, firewall.NoopFirewallDriver) or
-                    not is_firewall_enabled()):
+            if self.noopfirewall_or_firewall_disabled:
                LOG.info("Skipping method %s as firewall is disabled "
                         "or configured as NoopFirewallDriver.",
                         func.__name__)
--- a/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py
+++ b/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py
@ -53,7 +53,6 @@ from neutron.agent.common import ip_lib
 from neutron.agent.common import ovs_lib
 from neutron.agent.common import polling
 from neutron.agent.common import utils
-from neutron.agent import firewall as agent_firewall
 from neutron.agent.l2 import l2_agent_extensions_manager as ext_manager
 from neutron.agent.linux import xenapi_root_helper
 from neutron.agent import rpc as agent_rpc
@ -2134,11 +2133,9 @@ class OVSNeutronAgent(l2population_rpc.L2populationRpcCallBackTunnelMixin,

    @property
    def direct_for_non_openflow_firewall(self):
-        return ((isinstance(self.sg_agent.firewall,
-                            agent_firewall.NoopFirewallDriver) or
+        return ((self.sg_agent.noopfirewall_or_firewall_disabled or
                 getattr(self.sg_agent.firewall,
-                         'OVS_HYBRID_PLUG_REQUIRED', False) or
-                 not agent_sg_rpc.is_firewall_enabled()) and
+                         'OVS_HYBRID_PLUG_REQUIRED', False)) and
                self.conf.AGENT.explicitly_egress_direct)

    def install_ingress_direct_goto_flows(self):