Pass 'top' to remove_rule so that rule matching succeeds

When deleting a vpn-site-connection, deleting the nat rule would
fail because it was created with top=True, but top defaults to
'false' in remove_rule and was not being passed. This caused the
rule matching to fail and the rule to not be deleted.

Change-Id: I51012a783314c97e85b31fc8a73be4cbb8ee7dc5
Closes-Bug: #1331839

diff --git a/neutron/services/vpn/agent.py b/neutron/services/vpn/agent.py
index 8c666b497f69324f5a946b364fcca69926216568..771a67dce0a5b75c48d18442849db8366f2cfe60 100644 (file)
--- a/neutron/services/vpn/agent.py
+++ b/neutron/services/vpn/agent.py
@@ -98,7 +98,7 @@ class VPNAgent(l3_agent.L3NATAgentWithStateReport):
         if not router_info:
             return
         router_info.iptables_manager.ipv4['nat'].remove_rule(
-            chain, rule)
+            chain, rule, top=top)
 
     def iptables_apply(self, router_id):
         """Apply IPtables.

diff --git a/neutron/tests/unit/services/vpn/test_vpn_agent.py b/neutron/tests/unit/services/vpn/test_vpn_agent.py
index 09d7260625ced494065ffe92863112fb5333ed65..7b1cab5239aa48bd865a7136141a0dd20a78b70f 100644 (file)
--- a/neutron/tests/unit/services/vpn/test_vpn_agent.py
+++ b/neutron/tests/unit/services/vpn/test_vpn_agent.py
@@ -127,9 +127,9 @@ class TestVPNAgent(base.BaseTestCase):
         iptables = mock.Mock()
         ri.iptables_manager.ipv4['nat'] = iptables
         self.agent.router_info = {router_id: ri}
-        self.agent.remove_nat_rule(router_id, 'fake_chain', 'fake_rule')
+        self.agent.remove_nat_rule(router_id, 'fake_chain', 'fake_rule', True)
         iptables.remove_rule.assert_called_once_with(
-            'fake_chain', 'fake_rule')
+            'fake_chain', 'fake_rule', top=True)
 
     def test_remove_rule_with_no_router(self):
         self.agent.router_info = {}