Change firewall to DOWN when admin state down

Currently firewall remains in status "ACTIVE" after admin state
is changed to DOWN.

This fix sets firewall status to "DOWN" if admin state is updated
from "UP" to "DOWN". "DOWN" status is used by other network resources
so use "DOWN" to keep consistent.

Change-Id: If316b114c4df78368b43c2a15a820bb1177b3a54
Closes-Bug: 1279213

diff --git a/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py b/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py
index 75477e839984f953e7cd949f6cf7483365883330..f3158c28059cd7fb0ff895ff730313fee8736f4e 100644 (file)
--- a/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py
+++ b/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py
@@ -129,7 +129,10 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
                 self.fwaas_driver.__getattribute__(func_name)(
                     router_info_list,
                     fw)
-                status = constants.ACTIVE
+                if fw['admin_state_up']:
+                    status = constants.ACTIVE
+                else:
+                    status = constants.DOWN
             except fw_ext.FirewallInternalDriverError:
                 LOG.error(_("Firewall Driver Error for %(func_name)s "
                             "for fw: %(fwid)s"),
@@ -137,7 +140,7 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
                 status = constants.ERROR
             # delete needs different handling
             if func_name == 'delete_firewall':
-                if status == constants.ACTIVE:
+                if status in [constants.ACTIVE, constants.DOWN]:
                     self.fwplugin_rpc.firewall_deleted(context, fw['id'])
             else:
                 self.fwplugin_rpc.set_firewall_status(
@@ -174,7 +177,10 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
             # PENDING_UPDATE, PENDING_CREATE, ...
             try:
                 self.fwaas_driver.update_firewall(router_info_list, fw)
-                status = constants.ACTIVE
+                if fw['admin_state_up']:
+                    status = constants.ACTIVE
+                else:
+                    status = constants.DOWN
             except fw_ext.FirewallInternalDriverError:
                 LOG.error(_("Firewall Driver Error on fw state %(fwmsg)s "
                             "for fw: %(fwid)s"),

diff --git a/neutron/services/firewall/fwaas_plugin.py b/neutron/services/firewall/fwaas_plugin.py
index b7b59bbf1d6e3cd55f3cbc22567aa1ec5087be24..74b889a28cb81051089972e7df4c8ab0664b05a2 100644 (file)
--- a/neutron/services/firewall/fwaas_plugin.py
+++ b/neutron/services/firewall/fwaas_plugin.py
@@ -49,7 +49,9 @@ class FirewallCallbacks(object):
         LOG.debug(_("set_firewall_status() called"))
         with context.session.begin(subtransactions=True):
             fw_db = self.plugin._get_firewall(context, firewall_id)
-            if status in (const.ACTIVE, const.INACTIVE):
+            #TODO(xuhanp): Remove INACTIVE status and use DOWN to
+            # be consistent with other network resources
+            if status in (const.ACTIVE, const.INACTIVE, const.DOWN):
                 fw_db.status = status
                 return True
             else:

diff --git a/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py b/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py
index 7933a34973639ae4834288e8f8e0a4f1fcac1712..9d7f4079b89a0c0213608522de4268d3725294ca 100644 (file)
--- a/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py
+++ b/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py
@@ -99,7 +99,8 @@ class TestFwaasL3AgentRpcCallback(base.BaseTestCase):
                 mock_driver.return_value)
 
     def test_invoke_driver_for_plugin_api(self):
-        fake_firewall = {'id': 0, 'tenant_id': 1}
+        fake_firewall = {'id': 0, 'tenant_id': 1,
+                         'admin_state_up': True}
         self.api.plugin_rpc = mock.Mock()
         with contextlib.nested(
             mock.patch.object(self.api.plugin_rpc, 'get_routers'),
@@ -128,8 +129,43 @@ class TestFwaasL3AgentRpcCallback(base.BaseTestCase):
                 fake_firewall['id'],
                 'ACTIVE')
 
+    def test_invoke_driver_for_plugin_api_admin_state_down(self):
+        fake_firewall = {'id': 0, 'tenant_id': 1,
+                         'admin_state_up': False}
+        self.api.plugin_rpc = mock.Mock()
+        with contextlib.nested(
+            mock.patch.object(self.api.plugin_rpc, 'get_routers'),
+            mock.patch.object(self.api, '_get_router_info_list_for_tenant'),
+            mock.patch.object(self.api.fwaas_driver, 'update_firewall'),
+            mock.patch.object(self.api.fwplugin_rpc,
+                              'get_firewalls_for_tenant'),
+            mock.patch.object(self.api.fwplugin_rpc, 'set_firewall_status')
+        ) as (
+            mock_get_routers,
+            mock_get_router_info_list_for_tenant,
+            mock_driver_update_firewall,
+            mock_get_firewalls_for_tenant,
+            mock_set_firewall_status):
+
+            mock_driver_update_firewall.return_value = True
+            self.api.update_firewall(
+                context=mock.sentinel.context,
+                firewall=fake_firewall, host='host')
+
+            mock_get_routers.assert_called_once_with(
+                mock.sentinel.context)
+
+            mock_get_router_info_list_for_tenant.assert_called_once_with(
+                mock_get_routers.return_value, fake_firewall['tenant_id'])
+
+            mock_set_firewall_status.assert_called_once_with(
+                mock.sentinel.context,
+                fake_firewall['id'],
+                'DOWN')
+
     def test_invoke_driver_for_plugin_api_delete(self):
-        fake_firewall = {'id': 0, 'tenant_id': 1}
+        fake_firewall = {'id': 0, 'tenant_id': 1,
+                         'admin_state_up': True}
         self.api.plugin_rpc = mock.Mock()
         with contextlib.nested(
             mock.patch.object(self.api.plugin_rpc, 'get_routers'),
@@ -186,7 +222,8 @@ class TestFwaasL3AgentRpcCallback(base.BaseTestCase):
 
     def test_process_router_add_fw_update(self):
         fake_firewall_list = [{'id': 0, 'tenant_id': 1,
-                               'status': constants.PENDING_UPDATE}]
+                               'status': constants.PENDING_UPDATE,
+                               'admin_state_up': True}]
         fake_router = {'id': 1111, 'tenant_id': 2}
         self.api.plugin_rpc = mock.Mock()
         ri = mock.Mock()