Avoid refreshing firewall rules unnecessarily.
Adds a parameter to refresh_firewall allowing an array of ports to be passed. If an array is passed then the firewall will be refreshed only for those ports. If not passed, it will still refresh all ports as it did before. Change-Id: I539a135dbc3861e31cbb5c69cef0ff8c0f834527 Fixes: Bug #1202328
This commit is contained in:
parent
d168530fd1
commit
abdf01a5a0
@ -125,13 +125,14 @@ class SecurityGroupAgentRpcMixin(object):
|
|||||||
'security_group_source_groups')
|
'security_group_source_groups')
|
||||||
|
|
||||||
def _security_group_updated(self, security_groups, attribute):
|
def _security_group_updated(self, security_groups, attribute):
|
||||||
#check need update or not
|
devices = []
|
||||||
|
sec_grp_set = set(security_groups)
|
||||||
for device in self.firewall.ports.values():
|
for device in self.firewall.ports.values():
|
||||||
if set(device.get(attribute,
|
if sec_grp_set & set(device.get(attribute, [])):
|
||||||
[])).intersection(
|
devices.append(device)
|
||||||
set(security_groups)):
|
|
||||||
self.refresh_firewall()
|
if devices:
|
||||||
return
|
self.refresh_firewall(devices)
|
||||||
|
|
||||||
def security_groups_provider_updated(self):
|
def security_groups_provider_updated(self):
|
||||||
LOG.info(_("Provider rule updated"))
|
LOG.info(_("Provider rule updated"))
|
||||||
@ -148,10 +149,15 @@ class SecurityGroupAgentRpcMixin(object):
|
|||||||
continue
|
continue
|
||||||
self.firewall.remove_port_filter(device)
|
self.firewall.remove_port_filter(device)
|
||||||
|
|
||||||
def refresh_firewall(self):
|
def refresh_firewall(self, devices=None):
|
||||||
LOG.info(_("Refresh firewall rules"))
|
LOG.info(_("Refresh firewall rules"))
|
||||||
|
|
||||||
|
if devices:
|
||||||
|
device_ids = [d['device'] for d in devices]
|
||||||
|
else:
|
||||||
device_ids = self.firewall.ports.keys()
|
device_ids = self.firewall.ports.keys()
|
||||||
if not device_ids:
|
if not device_ids:
|
||||||
|
LOG.info(_("No ports here to refresh firewall"))
|
||||||
return
|
return
|
||||||
devices = self.plugin_rpc.security_group_rules_for_devices(
|
devices = self.plugin_rpc.security_group_rules_for_devices(
|
||||||
self.context, device_ids)
|
self.context, device_ids)
|
||||||
|
@ -465,7 +465,7 @@ class SecurityGroupAgentRpcTestCase(base.BaseTestCase):
|
|||||||
self.agent.prepare_devices_filter(['fake_port_id'])
|
self.agent.prepare_devices_filter(['fake_port_id'])
|
||||||
self.agent.security_groups_rule_updated(['fake_sgid1', 'fake_sgid3'])
|
self.agent.security_groups_rule_updated(['fake_sgid1', 'fake_sgid3'])
|
||||||
self.agent.refresh_firewall.assert_has_calls(
|
self.agent.refresh_firewall.assert_has_calls(
|
||||||
[call.refresh_firewall()])
|
[call.refresh_firewall([self.fake_device])])
|
||||||
|
|
||||||
def test_security_groups_rule_not_updated(self):
|
def test_security_groups_rule_not_updated(self):
|
||||||
self.agent.refresh_firewall = mock.Mock()
|
self.agent.refresh_firewall = mock.Mock()
|
||||||
@ -478,7 +478,7 @@ class SecurityGroupAgentRpcTestCase(base.BaseTestCase):
|
|||||||
self.agent.prepare_devices_filter(['fake_port_id'])
|
self.agent.prepare_devices_filter(['fake_port_id'])
|
||||||
self.agent.security_groups_member_updated(['fake_sgid2', 'fake_sgid3'])
|
self.agent.security_groups_member_updated(['fake_sgid2', 'fake_sgid3'])
|
||||||
self.agent.refresh_firewall.assert_has_calls(
|
self.agent.refresh_firewall.assert_has_calls(
|
||||||
[call.refresh_firewall()])
|
[call.refresh_firewall([self.fake_device])])
|
||||||
|
|
||||||
def test_security_groups_member_not_updated(self):
|
def test_security_groups_member_not_updated(self):
|
||||||
self.agent.refresh_firewall = mock.Mock()
|
self.agent.refresh_firewall = mock.Mock()
|
||||||
@ -501,6 +501,19 @@ class SecurityGroupAgentRpcTestCase(base.BaseTestCase):
|
|||||||
call.update_port_filter(self.fake_device)]
|
call.update_port_filter(self.fake_device)]
|
||||||
self.firewall.assert_has_calls(calls)
|
self.firewall.assert_has_calls(calls)
|
||||||
|
|
||||||
|
def test_refresh_firewall_devices(self):
|
||||||
|
self.agent.prepare_devices_filter(['fake_port_id'])
|
||||||
|
self.agent.refresh_firewall([self.fake_device])
|
||||||
|
calls = [call.defer_apply(),
|
||||||
|
call.prepare_port_filter(self.fake_device),
|
||||||
|
call.defer_apply(),
|
||||||
|
call.update_port_filter(self.fake_device)]
|
||||||
|
self.firewall.assert_has_calls(calls)
|
||||||
|
|
||||||
|
def test_refresh_firewall_none(self):
|
||||||
|
self.agent.refresh_firewall([])
|
||||||
|
self.firewall.assert_has_calls([])
|
||||||
|
|
||||||
|
|
||||||
class FakeSGRpcApi(agent_rpc.PluginApi,
|
class FakeSGRpcApi(agent_rpc.PluginApi,
|
||||||
sg_rpc.SecurityGroupServerRpcApiMixin):
|
sg_rpc.SecurityGroupServerRpcApiMixin):
|
||||||
|
Loading…
x
Reference in New Issue
Block a user