[fwaas] _is_supported_by_fw_l2_driver method is hard linked to the default ML2/OVS core plugin implementation

Bug #1803723 reported by Édouard Thuleau on 2018-11-16
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Low
Édouard Thuleau

Bug Description

The Neutron FWaaS service plugin validate Neutron port properties before it allows to add a firewall group to it thanks to twhich does not allow other port type to works with the FWaaS.

IMO, that check needs to be done by the driver, furthermore for the ML2/OVS case by the agent driver.

[1] https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/services/firewall/fwaas_plugin_v2.py#L178

YAMAMOTO Takashi (yamamoto) wrote :

it surely seems like an abstraction violation.

Changed in neutron:
importance: Undecided → Low
status: New → Confirmed

Fix proposed to branch: master
Review: https://review.openstack.org/619286

Changed in neutron:
assignee: nobody → Édouard Thuleau (ethuleau)
status: Confirmed → In Progress

Reviewed: https://review.openstack.org/619286
Committed: https://git.openstack.org/cgit/openstack/neutron-fwaas/commit/?id=2a7994851cc0767e6a7b192a4101e8b43681ae6a
Submitter: Zuul
Branch: master

commit 2a7994851cc0767e6a7b192a4101e8b43681ae6a
Author: Édouard Thuleau <email address hidden>
Date: Wed Nov 21 16:56:07 2018 +0100

    Move port validation support into the driver

    Each firewall driver have specific checks to do on port validation (like
    checks if the VIF port type corresponds to a type supported by the driver
    (aka the SDN controller)). This patch adds two methods to the driver
    interface to validate if the VM or the router port is supported (just
    have to return a boolean).

    Change-Id: I8fdf0956ac5428558aae413e610d13c4a4a56273
    Closes-Bug: #1803723

Changed in neutron:
status: In Progress → Fix Released

Reviewed: https://review.openstack.org/621263
Committed: https://git.openstack.org/cgit/openstack/neutron-fwaas/commit/?id=5ece265b65247ee81a9335d5a685fa9f0a68b0fc
Submitter: Zuul
Branch: stable/rocky

commit 5ece265b65247ee81a9335d5a685fa9f0a68b0fc
Author: Édouard Thuleau <email address hidden>
Date: Wed Nov 21 16:56:07 2018 +0100

    Move port validation support into the driver

    Each firewall driver have specific checks to do on port validation (like
    checks if the VIF port type corresponds to a type supported by the driver
    (aka the SDN controller)). This patch adds two methods to the driver
    interface to validate if the VM or the router port is supported (just
    have to return a boolean).

    Change-Id: I8fdf0956ac5428558aae413e610d13c4a4a56273
    Closes-Bug: #1803723
    (cherry picked from commit 2a7994851cc0767e6a7b192a4101e8b43681ae6a)

tags: added: in-stable-rocky
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers