[fwaas] _is_supported_by_fw_l2_driver method is hard linked to the default ML2/OVS core plugin implementation

Bug #1803723 reported by Édouard Thuleau
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Low
Édouard Thuleau

Bug Description

The Neutron FWaaS service plugin validate Neutron port properties before it allows to add a firewall group to it thanks to twhich does not allow other port type to works with the FWaaS.

IMO, that check needs to be done by the driver, furthermore for the ML2/OVS case by the agent driver.

[1] https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/services/firewall/fwaas_plugin_v2.py#L178

Revision history for this message
YAMAMOTO Takashi (yamamoto) wrote :

it surely seems like an abstraction violation.

Changed in neutron:
importance: Undecided → Low
status: New → Confirmed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron-fwaas (master)

Fix proposed to branch: master
Review: https://review.openstack.org/619286

Changed in neutron:
assignee: nobody → Édouard Thuleau (ethuleau)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron-fwaas (master)

Reviewed: https://review.openstack.org/619286
Committed: https://git.openstack.org/cgit/openstack/neutron-fwaas/commit/?id=2a7994851cc0767e6a7b192a4101e8b43681ae6a
Submitter: Zuul
Branch: master

commit 2a7994851cc0767e6a7b192a4101e8b43681ae6a
Author: Édouard Thuleau <email address hidden>
Date: Wed Nov 21 16:56:07 2018 +0100

    Move port validation support into the driver

    Each firewall driver have specific checks to do on port validation (like
    checks if the VIF port type corresponds to a type supported by the driver
    (aka the SDN controller)). This patch adds two methods to the driver
    interface to validate if the VM or the router port is supported (just
    have to return a boolean).

    Change-Id: I8fdf0956ac5428558aae413e610d13c4a4a56273
    Closes-Bug: #1803723

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron-fwaas (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.openstack.org/621263

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron-fwaas (stable/rocky)

Reviewed: https://review.openstack.org/621263
Committed: https://git.openstack.org/cgit/openstack/neutron-fwaas/commit/?id=5ece265b65247ee81a9335d5a685fa9f0a68b0fc
Submitter: Zuul
Branch: stable/rocky

commit 5ece265b65247ee81a9335d5a685fa9f0a68b0fc
Author: Édouard Thuleau <email address hidden>
Date: Wed Nov 21 16:56:07 2018 +0100

    Move port validation support into the driver

    Each firewall driver have specific checks to do on port validation (like
    checks if the VIF port type corresponds to a type supported by the driver
    (aka the SDN controller)). This patch adds two methods to the driver
    interface to validate if the VM or the router port is supported (just
    have to return a boolean).

    Change-Id: I8fdf0956ac5428558aae413e610d13c4a4a56273
    Closes-Bug: #1803723
    (cherry picked from commit 2a7994851cc0767e6a7b192a4101e8b43681ae6a)

tags: added: in-stable-rocky
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron-fwaas 13.0.2

This issue was fixed in the openstack/neutron-fwaas 13.0.2 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.