From: Terry Wilson <twilson@redhat.com>
Date: Wed, 18 Jun 2014 03:32:56 +0000 (-0500)
Subject: Pass 'top' to remove_rule so that rule matching succeeds
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=79f6ccd1b5b67c23d438332e9d8641d07426a9a1;p=openstack-build%2Fneutron-build.git

Pass 'top' to remove_rule so that rule matching succeeds

When deleting a vpn-site-connection, deleting the nat rule would
fail because it was created with top=True, but top defaults to
'false' in remove_rule and was not being passed. This caused the
rule matching to fail and the rule to not be deleted.

Change-Id: I51012a783314c97e85b31fc8a73be4cbb8ee7dc5
Closes-Bug: #1331839
---

diff --git a/neutron/services/vpn/agent.py b/neutron/services/vpn/agent.py
index 8c666b497..771a67dce 100644
--- a/neutron/services/vpn/agent.py
+++ b/neutron/services/vpn/agent.py
@@ -98,7 +98,7 @@ class VPNAgent(l3_agent.L3NATAgentWithStateReport):
         if not router_info:
             return
         router_info.iptables_manager.ipv4['nat'].remove_rule(
-            chain, rule)
+            chain, rule, top=top)
 
     def iptables_apply(self, router_id):
         """Apply IPtables.
diff --git a/neutron/tests/unit/services/vpn/test_vpn_agent.py b/neutron/tests/unit/services/vpn/test_vpn_agent.py
index 09d726062..7b1cab523 100644
--- a/neutron/tests/unit/services/vpn/test_vpn_agent.py
+++ b/neutron/tests/unit/services/vpn/test_vpn_agent.py
@@ -127,9 +127,9 @@ class TestVPNAgent(base.BaseTestCase):
         iptables = mock.Mock()
         ri.iptables_manager.ipv4['nat'] = iptables
         self.agent.router_info = {router_id: ri}
-        self.agent.remove_nat_rule(router_id, 'fake_chain', 'fake_rule')
+        self.agent.remove_nat_rule(router_id, 'fake_chain', 'fake_rule', True)
         iptables.remove_rule.assert_called_once_with(
-            'fake_chain', 'fake_rule')
+            'fake_chain', 'fake_rule', top=True)
 
     def test_remove_rule_with_no_router(self):
         self.agent.router_info = {}