diff --git a/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py b/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py index 75477e8399..f3158c2805 100644 --- a/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py +++ b/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py @@ -129,7 +129,10 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin): self.fwaas_driver.__getattribute__(func_name)( router_info_list, fw) - status = constants.ACTIVE + if fw['admin_state_up']: + status = constants.ACTIVE + else: + status = constants.DOWN except fw_ext.FirewallInternalDriverError: LOG.error(_("Firewall Driver Error for %(func_name)s " "for fw: %(fwid)s"), @@ -137,7 +140,7 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin): status = constants.ERROR # delete needs different handling if func_name == 'delete_firewall': - if status == constants.ACTIVE: + if status in [constants.ACTIVE, constants.DOWN]: self.fwplugin_rpc.firewall_deleted(context, fw['id']) else: self.fwplugin_rpc.set_firewall_status( @@ -174,7 +177,10 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin): # PENDING_UPDATE, PENDING_CREATE, ... try: self.fwaas_driver.update_firewall(router_info_list, fw) - status = constants.ACTIVE + if fw['admin_state_up']: + status = constants.ACTIVE + else: + status = constants.DOWN except fw_ext.FirewallInternalDriverError: LOG.error(_("Firewall Driver Error on fw state %(fwmsg)s " "for fw: %(fwid)s"), diff --git a/neutron/services/firewall/fwaas_plugin.py b/neutron/services/firewall/fwaas_plugin.py index b7b59bbf1d..74b889a28c 100644 --- a/neutron/services/firewall/fwaas_plugin.py +++ b/neutron/services/firewall/fwaas_plugin.py @@ -49,7 +49,9 @@ class FirewallCallbacks(object): LOG.debug(_("set_firewall_status() called")) with context.session.begin(subtransactions=True): fw_db = self.plugin._get_firewall(context, firewall_id) - if status in (const.ACTIVE, const.INACTIVE): + #TODO(xuhanp): Remove INACTIVE status and use DOWN to + # be consistent with other network resources + if status in (const.ACTIVE, const.INACTIVE, const.DOWN): fw_db.status = status return True else: diff --git a/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py b/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py index d9c6a640ce..77b0b48b01 100644 --- a/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py +++ b/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py @@ -98,7 +98,8 @@ class TestFwaasL3AgentRpcCallback(base.BaseTestCase): mock_driver.return_value) def test_invoke_driver_for_plugin_api(self): - fake_firewall = {'id': 0, 'tenant_id': 1} + fake_firewall = {'id': 0, 'tenant_id': 1, + 'admin_state_up': True} self.api.plugin_rpc = mock.Mock() with contextlib.nested( mock.patch.object(self.api.plugin_rpc, 'get_routers'), @@ -127,8 +128,43 @@ class TestFwaasL3AgentRpcCallback(base.BaseTestCase): fake_firewall['id'], 'ACTIVE') + def test_invoke_driver_for_plugin_api_admin_state_down(self): + fake_firewall = {'id': 0, 'tenant_id': 1, + 'admin_state_up': False} + self.api.plugin_rpc = mock.Mock() + with contextlib.nested( + mock.patch.object(self.api.plugin_rpc, 'get_routers'), + mock.patch.object(self.api, '_get_router_info_list_for_tenant'), + mock.patch.object(self.api.fwaas_driver, 'update_firewall'), + mock.patch.object(self.api.fwplugin_rpc, + 'get_firewalls_for_tenant'), + mock.patch.object(self.api.fwplugin_rpc, 'set_firewall_status') + ) as ( + mock_get_routers, + mock_get_router_info_list_for_tenant, + mock_driver_update_firewall, + mock_get_firewalls_for_tenant, + mock_set_firewall_status): + + mock_driver_update_firewall.return_value = True + self.api.update_firewall( + context=mock.sentinel.context, + firewall=fake_firewall, host='host') + + mock_get_routers.assert_called_once_with( + mock.sentinel.context) + + mock_get_router_info_list_for_tenant.assert_called_once_with( + mock_get_routers.return_value, fake_firewall['tenant_id']) + + mock_set_firewall_status.assert_called_once_with( + mock.sentinel.context, + fake_firewall['id'], + 'DOWN') + def test_invoke_driver_for_plugin_api_delete(self): - fake_firewall = {'id': 0, 'tenant_id': 1} + fake_firewall = {'id': 0, 'tenant_id': 1, + 'admin_state_up': True} self.api.plugin_rpc = mock.Mock() with contextlib.nested( mock.patch.object(self.api.plugin_rpc, 'get_routers'), @@ -185,7 +221,8 @@ class TestFwaasL3AgentRpcCallback(base.BaseTestCase): def test_process_router_add_fw_update(self): fake_firewall_list = [{'id': 0, 'tenant_id': 1, - 'status': constants.PENDING_UPDATE}] + 'status': constants.PENDING_UPDATE, + 'admin_state_up': True}] fake_router = {'id': 1111, 'tenant_id': 2} self.api.plugin_rpc = mock.Mock() ri = mock.Mock()