diff --git a/neutron/agent/securitygroups_rpc.py b/neutron/agent/securitygroups_rpc.py index 3239242033..e8dc68209b 100644 --- a/neutron/agent/securitygroups_rpc.py +++ b/neutron/agent/securitygroups_rpc.py @@ -44,12 +44,13 @@ cfg.CONF.register_opts(security_group_opts, 'SECURITYGROUP') #This is backward compatibility check for Havana def _is_valid_driver_combination(): return ((cfg.CONF.SECURITYGROUP.enable_security_group and - cfg.CONF.SECURITYGROUP.firewall_driver != - 'neutron.agent.firewall.NoopFirewallDriver') or + (cfg.CONF.SECURITYGROUP.firewall_driver and + cfg.CONF.SECURITYGROUP.firewall_driver != + 'neutron.agent.firewall.NoopFirewallDriver')) or (not cfg.CONF.SECURITYGROUP.enable_security_group and (cfg.CONF.SECURITYGROUP.firewall_driver == 'neutron.agent.firewall.NoopFirewallDriver' or - cfg.CONF.SECURITYGROUP.firewall_driver == None) + cfg.CONF.SECURITYGROUP.firewall_driver is None) )) @@ -137,6 +138,11 @@ class SecurityGroupAgentRpcMixin(object): def init_firewall(self, defer_refresh_firewall=False): firewall_driver = cfg.CONF.SECURITYGROUP.firewall_driver LOG.debug(_("Init firewall settings (driver=%s)"), firewall_driver) + if not _is_valid_driver_combination(): + LOG.warn("Driver configuration doesn't match " + "with enable_security_group") + if not firewall_driver: + firewall_driver = 'neutron.agent.firewall.NoopFirewallDriver' self.firewall = importutils.import_object(firewall_driver) # The following flag will be set to true if port filter must not be # applied as soon as a rule or membership notification is received diff --git a/neutron/tests/unit/test_security_groups_rpc.py b/neutron/tests/unit/test_security_groups_rpc.py index 4d1710dd4b..7057c8d251 100644 --- a/neutron/tests/unit/test_security_groups_rpc.py +++ b/neutron/tests/unit/test_security_groups_rpc.py @@ -773,6 +773,17 @@ class SGAgentRpcCallBackMixinTestCase(base.BaseTestCase): [call.security_groups_provider_updated()]) +class SecurityGroupAgentRpcTestCaseForNoneDriver(base.BaseTestCase): + def test_init_firewall_with_none_driver(self): + cfg.CONF.set_override( + 'enable_security_group', False, + group='SECURITYGROUP') + agent = sg_rpc.SecurityGroupAgentRpcMixin() + agent.init_firewall() + self.assertEqual(agent.firewall.__class__.__name__, + 'NoopFirewallDriver') + + class SecurityGroupAgentRpcTestCase(base.BaseTestCase): def setUp(self, defer_refresh_firewall=False): super(SecurityGroupAgentRpcTestCase, self).setUp() @@ -1986,6 +1997,15 @@ class TestSecurityGroupExtensionControl(base.BaseTestCase): group='SECURITYGROUP') self.assertFalse(sg_rpc._is_valid_driver_combination()) + def test_is_invalid_drvier_combination_sg_enabled_with_none(self): + cfg.CONF.set_override( + 'enable_security_group', True, + group='SECURITYGROUP') + cfg.CONF.set_override( + 'firewall_driver', None, + group='SECURITYGROUP') + self.assertFalse(sg_rpc._is_valid_driver_combination()) + def test_is_invalid_drvier_combination_sg_disabled(self): cfg.CONF.set_override( 'enable_security_group', False,