]> review.fuel-infra Code Review - openstack-build/neutron-build.git/commitdiff
Code Review / openstack-build / neutron-build.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: fe2a6fe)
Prevent direct port-delete of FIP Agent GW and CSNAT
authorSwaminathan Vasudevan <swaminathan.vasudevan@hp.com>
Thu, 26 Feb 2015 21:29:26 +0000 (13:29 -0800)
committerSwaminathan Vasudevan <swaminathan.vasudevan@hp.com>
Mon, 2 Mar 2015 18:52:50 +0000 (10:52 -0800)
FloatingIP Agent GW Port and Centralized SNAT port
that are currently used by DVR in FloatingIP and
SNAT Namespaces respectively should not be allowed
to delete directly using the Port-delete command by
an admin.

This patch fixes the above stated issue by adding the
respective device-owners to the router_device_owners
list in l3_dvr_db.py

Change-Id: Ibdddf2af348907d2ec7513693d546739e16437dc
Closes-Bug: #1425504

neutron/db/l3_dvr_db.py patch | blob | history
neutron/tests/unit/db/test_l3_dvr_db.py patch | blob | history

diff --git a/neutron/db/l3_dvr_db.py b/neutron/db/l3_dvr_db.py
index 6b76d479d90b448d7f9e3b33a64838ef3fa5b500..facbbc20bfef919d10a61ee600f07cbf296be953 100644 (file)
--- a/neutron/db/l3_dvr_db.py
+++ b/neutron/db/l3_dvr_db.py
@@ -54,7 +54,9 @@ class L3_NAT_with_dvr_db_mixin(l3_db.L3_NAT_db_mixin,
 
     router_device_owners = (
         l3_db.L3_NAT_db_mixin.router_device_owners +
-        (DEVICE_OWNER_DVR_INTERFACE,))
+        (DEVICE_OWNER_DVR_INTERFACE,
+         DEVICE_OWNER_DVR_SNAT,
+         DEVICE_OWNER_AGENT_GW))
 
     extra_attributes = (
         l3_attrs_db.ExtraAttributesMixin.extra_attributes + [{
diff --git a/neutron/tests/unit/db/test_l3_dvr_db.py b/neutron/tests/unit/db/test_l3_dvr_db.py
index 65d908935150eab64147981e6e61f45a3e7b4c48..103e100cfa4d13d45135940f93c65367e358224a 100644 (file)
--- a/neutron/tests/unit/db/test_l3_dvr_db.py
+++ b/neutron/tests/unit/db/test_l3_dvr_db.py
@@ -155,6 +155,30 @@ class L3DvrTestCase(testlib_api.SqlTestCase):
             'device_id': ['agent_id'],
             'device_owner': [l3_const.DEVICE_OWNER_AGENT_GW]})
 
+    def _test_prepare_direct_delete_dvr_internal_ports(self, port):
+        with mock.patch.object(manager.NeutronManager, 'get_plugin') as gp:
+            plugin = mock.Mock()
+            gp.return_value = plugin
+            plugin.get_ports.return_value = [port]
+        plugin.assertRaises(l3.L3PortInUse,
+                            plugin.delete_port,
+                            self.ctx,
+                            'my_port_id')
+
+    def test_prevent_delete_floatingip_agent_gateway_port(self):
+        port = {
+            'id': 'my_port_id',
+            'device_owner': l3_const.DEVICE_OWNER_AGENT_GW
+        }
+        self._test_prepare_direct_delete_dvr_internal_ports(port)
+
+    def test_prevent_delete_csnat_port(self):
+        port = {
+            'id': 'my_port_id',
+            'device_owner': l3_const.DEVICE_OWNER_ROUTER_SNAT
+        }
+        self._test_prepare_direct_delete_dvr_internal_ports(port)
+
     def test__create_gw_port_with_no_gateway(self):
         router = {
             'name': 'foo_router',