Delete bindings for provider SG only if needed
When provider security groups are removed, the corresponding bindings could have already been removed by _update_port_preprocess_security. This change ensures binding deletion is done only when needed, and avoids failures in case the bindings have already been removed. Change-Id: Iaccf4f3ddb9fef6d8dcb254bc978883b99c947f3
This commit is contained in:
parent
11fafef7cb
commit
5d4b75fc7d
|
@ -337,13 +337,25 @@ class ExtendedSecurityGroupPropertiesMixin(object):
|
|||
original_port.get(provider_sg.PROVIDER_SECURITYGROUPS, []))
|
||||
|
||||
if provider_sg_changed or sg_changed:
|
||||
if not sg_changed:
|
||||
has_security_groups = self._check_update_has_security_groups(port)
|
||||
del_security_groups = self._check_update_deletes_security_groups(
|
||||
port)
|
||||
if not (has_security_groups or del_security_groups):
|
||||
# In this case we need to delete the bindings
|
||||
query = context.session.query(
|
||||
securitygroups_db.SecurityGroupPortBinding)
|
||||
for sg in original_port[provider_sg.PROVIDER_SECURITYGROUPS]:
|
||||
# use one_or_none because we don't want to fail if the
|
||||
# binding does not exist
|
||||
binding = query.filter_by(
|
||||
port_id=p['id'], security_group_id=sg).one()
|
||||
context.session.delete(binding)
|
||||
port_id=p['id'], security_group_id=sg).one_or_none()
|
||||
if binding:
|
||||
context.session.delete(binding)
|
||||
else:
|
||||
LOG.debug("Security group binding for sg %s and "
|
||||
"port %s not found. Skipping",
|
||||
sg, p['id'])
|
||||
|
||||
self._process_port_create_provider_security_group(
|
||||
context, updated_port,
|
||||
updated_port[provider_sg.PROVIDER_SECURITYGROUPS])
|
||||
|
|
Loading…
Reference in New Issue