FirewallDriver's defer_apply might need better exception handling
Bug #1706285 reported by
IWAMOTO Toshihiro
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
New
|
Undecided
|
Unassigned |
Bug Description
The current code is:
@contextlib
def defer_apply(self):
"""Defer apply context."""
try:
yield
finally:
This means filter_
Assuming the SG rules were consistent before this contextmanager call, it might make more sense to just discard deferred SG programming.
To post a comment you must log in.
The iptables defer_apply() code is a little better in that it catches the exception in defer_apply_off() and raises a consistent value.
But I think we need to always make the filter_ defer_apply_ off() call so that things like self._defer_apply are correctly set to False, else we could get in a state where the agent can't apply anything, right? Maybe a patch with your proposed change would be a better place to discuss?