)]}'
{"doc/source/admin/ovn/refarch/refarch.rst":[{"author":{"_account_id":23804,"name":"Daniel Alvarez","email":"dalvarez@redhat.com","username":"dalvarez"},"change_message_id":"6ec246cdb0448c4b9636a892908b0e4ec19acd55","unresolved":false,"context_lines":[{"line_number":232,"context_line":"previously present."},{"line_number":233,"context_line":""},{"line_number":234,"context_line":"Every time a security group rule is created, instead of figuring out the ports"},{"line_number":235,"context_line":"affected by its SG and inserting an ACL row which will be referrenced by"},{"line_number":236,"context_line":"different Logical Switches, we just reference it from the associated"},{"line_number":237,"context_line":"Port Group."},{"line_number":238,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"ff570b3c_570203bc","line":235,"range":{"start_line":235,"start_character":58,"end_line":235,"end_character":69},"updated":"2020-06-08 15:14:09.000000000","message":"referenced ?","commit_id":"c82c5fe54379f9271f23525fe0cd870d3a485915"},{"author":{"_account_id":8655,"name":"Jakub Libosvar","email":"libosvar@redhat.com","username":"jlibosva"},"change_message_id":"8872171fc027bb0b090c84398142c23d0f3ab720","unresolved":false,"context_lines":[{"line_number":232,"context_line":"previously present."},{"line_number":233,"context_line":""},{"line_number":234,"context_line":"Every time a security group rule is created, instead of figuring out the ports"},{"line_number":235,"context_line":"affected by its SG and inserting an ACL row which will be referrenced by"},{"line_number":236,"context_line":"different Logical Switches, we just reference it from the associated"},{"line_number":237,"context_line":"Port Group."},{"line_number":238,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"ff570b3c_174d2bc4","line":235,"range":{"start_line":235,"start_character":58,"end_line":235,"end_character":69},"in_reply_to":"ff570b3c_570203bc","updated":"2020-06-08 15:21:30.000000000","message":"Done","commit_id":"c82c5fe54379f9271f23525fe0cd870d3a485915"},{"author":{"_account_id":23804,"name":"Daniel Alvarez","email":"dalvarez@redhat.com","username":"dalvarez"},"change_message_id":"8e7999d466a02d9ba1f732836311b633edcc2a3c","unresolved":false,"context_lines":[{"line_number":280,"context_line":"      severity            : []"},{"line_number":281,"context_line":""},{"line_number":282,"context_line":"Ports with no security groups"},{"line_number":283,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":284,"context_line":""},{"line_number":285,"context_line":"When a port doesn\u0027t belong to any Security Group and port security is enabled,"},{"line_number":286,"context_line":"we, by default, drop all the traffic to/from that port. In order to implement"}],"source_content_type":"text/x-rst","patch_set":4,"id":"ff570b3c_d9175354","line":283,"updated":"2020-06-09 13:01:45.000000000","message":"Do we miss a ~  here?","commit_id":"3e23b13a2eae94d44419193f10a7a0723801233e"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"2c7dc21e944f618d90eae6471281d87e095e2bf8","unresolved":false,"context_lines":[{"line_number":280,"context_line":"      severity            : []"},{"line_number":281,"context_line":""},{"line_number":282,"context_line":"Ports with no security groups"},{"line_number":283,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":284,"context_line":""},{"line_number":285,"context_line":"When a port doesn\u0027t belong to any Security Group and port security is enabled,"},{"line_number":286,"context_line":"we, by default, drop all the traffic to/from that port. In order to implement"}],"source_content_type":"text/x-rst","patch_set":4,"id":"ff570b3c_bf9d1fbd","line":283,"updated":"2020-06-09 13:52:24.000000000","message":"docs: Title underline too short.","commit_id":"3e23b13a2eae94d44419193f10a7a0723801233e"},{"author":{"_account_id":8655,"name":"Jakub Libosvar","email":"libosvar@redhat.com","username":"jlibosva"},"change_message_id":"2d29e0f0a95db31c025168d3aa20a0eaf78fff69","unresolved":false,"context_lines":[{"line_number":280,"context_line":"      severity            : []"},{"line_number":281,"context_line":""},{"line_number":282,"context_line":"Ports with no security groups"},{"line_number":283,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":284,"context_line":""},{"line_number":285,"context_line":"When a port doesn\u0027t belong to any Security Group and port security is enabled,"},{"line_number":286,"context_line":"we, by default, drop all the traffic to/from that port. In order to implement"}],"source_content_type":"text/x-rst","patch_set":4,"id":"ff570b3c_3f50ef5e","line":283,"in_reply_to":"ff570b3c_bf9d1fbd","updated":"2020-06-09 14:21:12.000000000","message":"Done","commit_id":"3e23b13a2eae94d44419193f10a7a0723801233e"},{"author":{"_account_id":6773,"name":"Lucas Alvares Gomes","email":"lucasagomes@gmail.com","username":"lucasagomes"},"change_message_id":"af835558831c563daa941dd98a0b5fac483ead30","unresolved":false,"context_lines":[{"line_number":288,"context_line":"(``neutron_pg_drop``) which holds the ACLs to drop all the traffic."},{"line_number":289,"context_line":""},{"line_number":290,"context_line":"This PG is created automatically once before neutron-server forks into workers."},{"line_number":291,"context_line":""},{"line_number":292,"context_line":"Networks"},{"line_number":293,"context_line":"--------"},{"line_number":294,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"ff570b3c_1981cbc4","line":291,"updated":"2020-06-09 12:53:06.000000000","message":"Good stuff capturing those implementations details in a doc ++","commit_id":"3e23b13a2eae94d44419193f10a7a0723801233e"}],"doc/source/contributor/internals/ovn/acl_optimizations.rst":[{"author":{"_account_id":23804,"name":"Daniel Alvarez","email":"dalvarez@redhat.com","username":"dalvarez"},"change_message_id":"6ec246cdb0448c4b9636a892908b0e4ec19acd55","unresolved":false,"context_lines":[{"line_number":170,"context_line":"We should eventually remove the backwards compatibility and migration path. At"},{"line_number":171,"context_line":"that point we should require OVS \u003e\u003d 2.10 from neutron ovn driver."},{"line_number":172,"context_line":""},{"line_number":173,"context_line":"Special cases"},{"line_number":174,"context_line":"-------------"},{"line_number":175,"context_line":""},{"line_number":176,"context_line":"Ports with no security groups"},{"line_number":177,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":178,"context_line":""},{"line_number":179,"context_line":"When a port doesn\u0027t belong to any Security Group and port security is enabled,"},{"line_number":180,"context_line":"we, by default, drop all the traffic to/from that port. In order to implement"},{"line_number":181,"context_line":"this through Port Groups, we\u0027ll create a special Port Group with a fixed name"},{"line_number":182,"context_line":"(``neutron_pg_drop``) which holds the ACLs to drop all the traffic."},{"line_number":183,"context_line":""},{"line_number":184,"context_line":"This PG will be created automatically when we first need it, avoiding the need"},{"line_number":185,"context_line":"to create it beforehand or during deployment."},{"line_number":186,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"ff570b3c_d7cc538c","side":"PARENT","line":185,"range":{"start_line":173,"start_character":0,"end_line":185,"end_character":45},"updated":"2020-06-08 15:14:09.000000000","message":"I think it makes sense to drop this document but could we save this specific part (follow up?) and move it to design docs that you\u0027re also touching in this patch?","commit_id":"c6e5e119b84a7d55e539509050ce56236ebf57c6"},{"author":{"_account_id":8655,"name":"Jakub Libosvar","email":"libosvar@redhat.com","username":"jlibosva"},"change_message_id":"8872171fc027bb0b090c84398142c23d0f3ab720","unresolved":false,"context_lines":[{"line_number":170,"context_line":"We should eventually remove the backwards compatibility and migration path. At"},{"line_number":171,"context_line":"that point we should require OVS \u003e\u003d 2.10 from neutron ovn driver."},{"line_number":172,"context_line":""},{"line_number":173,"context_line":"Special cases"},{"line_number":174,"context_line":"-------------"},{"line_number":175,"context_line":""},{"line_number":176,"context_line":"Ports with no security groups"},{"line_number":177,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":178,"context_line":""},{"line_number":179,"context_line":"When a port doesn\u0027t belong to any Security Group and port security is enabled,"},{"line_number":180,"context_line":"we, by default, drop all the traffic to/from that port. In order to implement"},{"line_number":181,"context_line":"this through Port Groups, we\u0027ll create a special Port Group with a fixed name"},{"line_number":182,"context_line":"(``neutron_pg_drop``) which holds the ACLs to drop all the traffic."},{"line_number":183,"context_line":""},{"line_number":184,"context_line":"This PG will be created automatically when we first need it, avoiding the need"},{"line_number":185,"context_line":"to create it beforehand or during deployment."},{"line_number":186,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"ff570b3c_d769f326","side":"PARENT","line":185,"range":{"start_line":173,"start_character":0,"end_line":185,"end_character":45},"in_reply_to":"ff570b3c_d7cc538c","updated":"2020-06-08 15:21:30.000000000","message":"Sure, I see it\u0027s also outdated, my fault :)","commit_id":"c6e5e119b84a7d55e539509050ce56236ebf57c6"}],"neutron/common/ovn/acl.py":[{"author":{"_account_id":23804,"name":"Daniel Alvarez","email":"dalvarez@redhat.com","username":"dalvarez"},"change_message_id":"6ec246cdb0448c4b9636a892908b0e4ec19acd55","unresolved":false,"context_lines":[{"line_number":371,"context_line":"            check_error\u003dTrue)"},{"line_number":372,"context_line":""},{"line_number":373,"context_line":""},{"line_number":374,"context_line":"def add_acls(plugin, admin_context, port, sg_cache, subnet_cache, ovn):"},{"line_number":375,"context_line":"    acl_list \u003d []"},{"line_number":376,"context_line":""},{"line_number":377,"context_line":"    # Skip ACLs if security groups aren\u0027t enabled"},{"line_number":378,"context_line":"    if not is_sg_enabled():"},{"line_number":379,"context_line":"        return acl_list"},{"line_number":380,"context_line":""},{"line_number":381,"context_line":"    sec_groups \u003d utils.get_lsp_security_groups(port)"},{"line_number":382,"context_line":"    if not sec_groups:"},{"line_number":383,"context_line":"        # If it is a trusted port or port security is disabled, allow all"},{"line_number":384,"context_line":"        # traffic. So don\u0027t add any ACLs."},{"line_number":385,"context_line":"        if utils.is_lsp_trusted(port) or not utils.is_port_security_enabled("},{"line_number":386,"context_line":"                port):"},{"line_number":387,"context_line":"            return acl_list"},{"line_number":388,"context_line":""},{"line_number":389,"context_line":"        # if port security is enabled, drop all traffic."},{"line_number":390,"context_line":"        return drop_all_ip_traffic_for_port(port)"},{"line_number":391,"context_line":""},{"line_number":392,"context_line":"    # Drop all IP traffic to and from the logical port by default."},{"line_number":393,"context_line":"    acl_list +\u003d drop_all_ip_traffic_for_port(port)"},{"line_number":394,"context_line":""},{"line_number":395,"context_line":"    # Add DHCP ACLs."},{"line_number":396,"context_line":"    port_subnet_ids \u003d set()"},{"line_number":397,"context_line":"    for ip in port[\u0027fixed_ips\u0027]:"},{"line_number":398,"context_line":"        if netaddr.IPNetwork(ip[\u0027ip_address\u0027]).version !\u003d 4:"},{"line_number":399,"context_line":"            continue"},{"line_number":400,"context_line":"        subnet \u003d _get_subnet_from_cache(plugin,"},{"line_number":401,"context_line":"                                        admin_context,"},{"line_number":402,"context_line":"                                        subnet_cache,"},{"line_number":403,"context_line":"                                        ip[\u0027subnet_id\u0027])"},{"line_number":404,"context_line":"        # Ignore duplicate DHCP ACLs for the subnet."},{"line_number":405,"context_line":"        if subnet[\u0027id\u0027] not in port_subnet_ids:"},{"line_number":406,"context_line":"            acl_list +\u003d add_acl_dhcp(port, subnet, True)"},{"line_number":407,"context_line":"            port_subnet_ids.add(subnet[\u0027id\u0027])"},{"line_number":408,"context_line":""},{"line_number":409,"context_line":"    # We create an ACL entry for each rule on each security group applied"},{"line_number":410,"context_line":"    # to this port."},{"line_number":411,"context_line":"    for sg_id in sec_groups:"},{"line_number":412,"context_line":"        sg \u003d _get_sg_from_cache(plugin,"},{"line_number":413,"context_line":"                                admin_context,"},{"line_number":414,"context_line":"                                sg_cache,"},{"line_number":415,"context_line":"                                sg_id)"},{"line_number":416,"context_line":"        for r in sg[\u0027security_group_rules\u0027]:"},{"line_number":417,"context_line":"            acl \u003d _add_sg_rule_acl_for_port(port, r)"},{"line_number":418,"context_line":"            acl_list.append(acl)"},{"line_number":419,"context_line":""},{"line_number":420,"context_line":"    # Remove ACL log name and severity if not supported,"},{"line_number":421,"context_line":"    if not _acl_columns_name_severity_supported(ovn):"},{"line_number":422,"context_line":"        for acl in acl_list:"},{"line_number":423,"context_line":"            acl.pop(\u0027name\u0027)"},{"line_number":424,"context_line":"            acl.pop(\u0027severity\u0027)"},{"line_number":425,"context_line":""},{"line_number":426,"context_line":"    return acl_list"},{"line_number":427,"context_line":""},{"line_number":428,"context_line":""},{"line_number":429,"context_line":"def acl_port_ips(port):"}],"source_content_type":"text/x-python","patch_set":2,"id":"ff570b3c_17752b33","line":426,"range":{"start_line":374,"start_character":0,"end_line":426,"end_character":19},"updated":"2020-06-08 15:14:09.000000000","message":"I think that you can remove this and all its callees","commit_id":"c82c5fe54379f9271f23525fe0cd870d3a485915"},{"author":{"_account_id":8655,"name":"Jakub Libosvar","email":"libosvar@redhat.com","username":"jlibosva"},"change_message_id":"8872171fc027bb0b090c84398142c23d0f3ab720","unresolved":false,"context_lines":[{"line_number":371,"context_line":"            check_error\u003dTrue)"},{"line_number":372,"context_line":""},{"line_number":373,"context_line":""},{"line_number":374,"context_line":"def add_acls(plugin, admin_context, port, sg_cache, subnet_cache, ovn):"},{"line_number":375,"context_line":"    acl_list \u003d []"},{"line_number":376,"context_line":""},{"line_number":377,"context_line":"    # Skip ACLs if security groups aren\u0027t enabled"},{"line_number":378,"context_line":"    if not is_sg_enabled():"},{"line_number":379,"context_line":"        return acl_list"},{"line_number":380,"context_line":""},{"line_number":381,"context_line":"    sec_groups \u003d utils.get_lsp_security_groups(port)"},{"line_number":382,"context_line":"    if not sec_groups:"},{"line_number":383,"context_line":"        # If it is a trusted port or port security is disabled, allow all"},{"line_number":384,"context_line":"        # traffic. So don\u0027t add any ACLs."},{"line_number":385,"context_line":"        if utils.is_lsp_trusted(port) or not utils.is_port_security_enabled("},{"line_number":386,"context_line":"                port):"},{"line_number":387,"context_line":"            return acl_list"},{"line_number":388,"context_line":""},{"line_number":389,"context_line":"        # if port security is enabled, drop all traffic."},{"line_number":390,"context_line":"        return drop_all_ip_traffic_for_port(port)"},{"line_number":391,"context_line":""},{"line_number":392,"context_line":"    # Drop all IP traffic to and from the logical port by default."},{"line_number":393,"context_line":"    acl_list +\u003d drop_all_ip_traffic_for_port(port)"},{"line_number":394,"context_line":""},{"line_number":395,"context_line":"    # Add DHCP ACLs."},{"line_number":396,"context_line":"    port_subnet_ids \u003d set()"},{"line_number":397,"context_line":"    for ip in port[\u0027fixed_ips\u0027]:"},{"line_number":398,"context_line":"        if netaddr.IPNetwork(ip[\u0027ip_address\u0027]).version !\u003d 4:"},{"line_number":399,"context_line":"            continue"},{"line_number":400,"context_line":"        subnet \u003d _get_subnet_from_cache(plugin,"},{"line_number":401,"context_line":"                                        admin_context,"},{"line_number":402,"context_line":"                                        subnet_cache,"},{"line_number":403,"context_line":"                                        ip[\u0027subnet_id\u0027])"},{"line_number":404,"context_line":"        # Ignore duplicate DHCP ACLs for the subnet."},{"line_number":405,"context_line":"        if subnet[\u0027id\u0027] not in port_subnet_ids:"},{"line_number":406,"context_line":"            acl_list +\u003d add_acl_dhcp(port, subnet, True)"},{"line_number":407,"context_line":"            port_subnet_ids.add(subnet[\u0027id\u0027])"},{"line_number":408,"context_line":""},{"line_number":409,"context_line":"    # We create an ACL entry for each rule on each security group applied"},{"line_number":410,"context_line":"    # to this port."},{"line_number":411,"context_line":"    for sg_id in sec_groups:"},{"line_number":412,"context_line":"        sg \u003d _get_sg_from_cache(plugin,"},{"line_number":413,"context_line":"                                admin_context,"},{"line_number":414,"context_line":"                                sg_cache,"},{"line_number":415,"context_line":"                                sg_id)"},{"line_number":416,"context_line":"        for r in sg[\u0027security_group_rules\u0027]:"},{"line_number":417,"context_line":"            acl \u003d _add_sg_rule_acl_for_port(port, r)"},{"line_number":418,"context_line":"            acl_list.append(acl)"},{"line_number":419,"context_line":""},{"line_number":420,"context_line":"    # Remove ACL log name and severity if not supported,"},{"line_number":421,"context_line":"    if not _acl_columns_name_severity_supported(ovn):"},{"line_number":422,"context_line":"        for acl in acl_list:"},{"line_number":423,"context_line":"            acl.pop(\u0027name\u0027)"},{"line_number":424,"context_line":"            acl.pop(\u0027severity\u0027)"},{"line_number":425,"context_line":""},{"line_number":426,"context_line":"    return acl_list"},{"line_number":427,"context_line":""},{"line_number":428,"context_line":""},{"line_number":429,"context_line":"def acl_port_ips(port):"}],"source_content_type":"text/x-python","patch_set":2,"id":"ff570b3c_97ce5b2b","line":426,"range":{"start_line":374,"start_character":0,"end_line":426,"end_character":19},"in_reply_to":"ff570b3c_17752b33","updated":"2020-06-08 15:21:30.000000000","message":"Good catch! Done","commit_id":"c82c5fe54379f9271f23525fe0cd870d3a485915"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"2c7dc21e944f618d90eae6471281d87e095e2bf8","unresolved":false,"context_lines":[{"line_number":12,"context_line":"#    under the License."},{"line_number":13,"context_line":"#"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"import netaddr"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"from neutron_lib import constants as const"},{"line_number":18,"context_line":"from neutron_lib import exceptions as n_exceptions"}],"source_content_type":"text/x-python","patch_set":4,"id":"ff570b3c_1fa36b02","line":15,"updated":"2020-06-09 13:52:24.000000000","message":"pep8: F401 \u0027netaddr\u0027 imported but unused","commit_id":"3e23b13a2eae94d44419193f10a7a0723801233e"},{"author":{"_account_id":8655,"name":"Jakub Libosvar","email":"libosvar@redhat.com","username":"jlibosva"},"change_message_id":"2d29e0f0a95db31c025168d3aa20a0eaf78fff69","unresolved":false,"context_lines":[{"line_number":12,"context_line":"#    under the License."},{"line_number":13,"context_line":"#"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"import netaddr"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"from neutron_lib import constants as const"},{"line_number":18,"context_line":"from neutron_lib import exceptions as n_exceptions"}],"source_content_type":"text/x-python","patch_set":4,"id":"ff570b3c_5f53236d","line":15,"in_reply_to":"ff570b3c_1fa36b02","updated":"2020-06-09 14:21:12.000000000","message":"Done","commit_id":"3e23b13a2eae94d44419193f10a7a0723801233e"}],"neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/api.py":[{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"466da783653abe3ac54741c2dd970de1fe0690a6","unresolved":false,"context_lines":[{"line_number":256,"context_line":"        \"\"\""},{"line_number":257,"context_line":""},{"line_number":258,"context_line":"    @abc.abstractmethod"},{"line_number":259,"context_line":"    def delete_address_set(self, name, if_exists\u003dTrue):"},{"line_number":260,"context_line":"        \"\"\"Delete an address set"},{"line_number":261,"context_line":""},{"line_number":262,"context_line":"        :param name:        The name of the address set"}],"source_content_type":"text/x-python","patch_set":5,"id":"ff570b3c_67dbee4e","line":259,"updated":"2020-06-10 07:28:09.000000000","message":"just out of curiosity: why this one wasn\u0027t removed?","commit_id":"9cbbd8de53db18a5388d109174a464dcd96ab78b"},{"author":{"_account_id":23804,"name":"Daniel Alvarez","email":"dalvarez@redhat.com","username":"dalvarez"},"change_message_id":"69daf8fdb7cbd58e5fe675f1ed5e6c14fba39d81","unresolved":false,"context_lines":[{"line_number":256,"context_line":"        \"\"\""},{"line_number":257,"context_line":""},{"line_number":258,"context_line":"    @abc.abstractmethod"},{"line_number":259,"context_line":"    def delete_address_set(self, name, if_exists\u003dTrue):"},{"line_number":260,"context_line":"        \"\"\"Delete an address set"},{"line_number":261,"context_line":""},{"line_number":262,"context_line":"        :param name:        The name of the address set"}],"source_content_type":"text/x-python","patch_set":5,"id":"ff570b3c_cd02db0b","line":259,"in_reply_to":"ff570b3c_4d388b3c","updated":"2020-06-10 10:21:43.000000000","message":"Yes this is a good point, I can remove the -W if you want to add the TODO but I\u0027d vote for dropping the migration path soon (I left a comment in my previous review).","commit_id":"9cbbd8de53db18a5388d109174a464dcd96ab78b"},{"author":{"_account_id":8655,"name":"Jakub Libosvar","email":"libosvar@redhat.com","username":"jlibosva"},"change_message_id":"8c2f6df0f03ea1805c6802dd3d2651289c34f542","unresolved":false,"context_lines":[{"line_number":256,"context_line":"        \"\"\""},{"line_number":257,"context_line":""},{"line_number":258,"context_line":"    @abc.abstractmethod"},{"line_number":259,"context_line":"    def delete_address_set(self, name, if_exists\u003dTrue):"},{"line_number":260,"context_line":"        \"\"\"Delete an address set"},{"line_number":261,"context_line":""},{"line_number":262,"context_line":"        :param name:        The name of the address set"}],"source_content_type":"text/x-python","patch_set":5,"id":"ff570b3c_87f44289","line":259,"in_reply_to":"ff570b3c_67dbee4e","updated":"2020-06-10 07:47:36.000000000","message":"It is still used in the migration from address sets to port groups here: https://github.com/openstack/neutron/blob/ef97c83e8753a668e0c0f405ef4beb027efa02cd/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py#L1119","commit_id":"9cbbd8de53db18a5388d109174a464dcd96ab78b"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"95b5981962a04f54c56a62ce632714bc90656f1b","unresolved":false,"context_lines":[{"line_number":256,"context_line":"        \"\"\""},{"line_number":257,"context_line":""},{"line_number":258,"context_line":"    @abc.abstractmethod"},{"line_number":259,"context_line":"    def delete_address_set(self, name, if_exists\u003dTrue):"},{"line_number":260,"context_line":"        \"\"\"Delete an address set"},{"line_number":261,"context_line":""},{"line_number":262,"context_line":"        :param name:        The name of the address set"}],"source_content_type":"text/x-python","patch_set":5,"id":"ff570b3c_4d388b3c","line":259,"in_reply_to":"ff570b3c_87f44289","updated":"2020-06-10 09:59:18.000000000","message":"Ok. Should we maybe mark it with some TODO to delete it later,  or will we support this migration from address sets to port groups forever?","commit_id":"9cbbd8de53db18a5388d109174a464dcd96ab78b"},{"author":{"_account_id":8655,"name":"Jakub Libosvar","email":"libosvar@redhat.com","username":"jlibosva"},"change_message_id":"8fece49d70a510ff3532943fcdc43e242c8feacc","unresolved":false,"context_lines":[{"line_number":256,"context_line":"        \"\"\""},{"line_number":257,"context_line":""},{"line_number":258,"context_line":"    @abc.abstractmethod"},{"line_number":259,"context_line":"    def delete_address_set(self, name, if_exists\u003dTrue):"},{"line_number":260,"context_line":"        \"\"\"Delete an address set"},{"line_number":261,"context_line":""},{"line_number":262,"context_line":"        :param name:        The name of the address set"}],"source_content_type":"text/x-python","patch_set":5,"id":"ff570b3c_f9f2016f","line":259,"in_reply_to":"ff570b3c_cd02db0b","updated":"2020-06-10 13:46:46.000000000","message":"I can send a followup patch to merge this one quickly as this patch conflicts with lot of other patches because of its size.","commit_id":"9cbbd8de53db18a5388d109174a464dcd96ab78b"},{"author":{"_account_id":8655,"name":"Jakub Libosvar","email":"libosvar@redhat.com","username":"jlibosva"},"change_message_id":"dfebc3fa8a23acc007b9858ce478b37282e0aeaa","unresolved":false,"context_lines":[{"line_number":256,"context_line":"        \"\"\""},{"line_number":257,"context_line":""},{"line_number":258,"context_line":"    @abc.abstractmethod"},{"line_number":259,"context_line":"    def delete_address_set(self, name, if_exists\u003dTrue):"},{"line_number":260,"context_line":"        \"\"\"Delete an address set"},{"line_number":261,"context_line":""},{"line_number":262,"context_line":"        :param name:        The name of the address set"}],"source_content_type":"text/x-python","patch_set":5,"id":"ff570b3c_f965e11e","line":259,"in_reply_to":"ff570b3c_f9f2016f","updated":"2020-06-10 13:49:48.000000000","message":"https://review.opendev.org/734845","commit_id":"9cbbd8de53db18a5388d109174a464dcd96ab78b"}],"neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/commands.py":[{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"466da783653abe3ac54741c2dd970de1fe0690a6","unresolved":false,"context_lines":[{"line_number":675,"context_line":"                break"},{"line_number":676,"context_line":""},{"line_number":677,"context_line":""},{"line_number":678,"context_line":"class DelAddrSetCommand(command.BaseCommand):"},{"line_number":679,"context_line":"    def __init__(self, api, name, if_exists):"},{"line_number":680,"context_line":"        super(DelAddrSetCommand, self).__init__(api)"},{"line_number":681,"context_line":"        self.name \u003d name"}],"source_content_type":"text/x-python","patch_set":5,"id":"ff570b3c_47e06afb","line":678,"updated":"2020-06-10 07:28:09.000000000","message":"and same here","commit_id":"9cbbd8de53db18a5388d109174a464dcd96ab78b"},{"author":{"_account_id":8655,"name":"Jakub Libosvar","email":"libosvar@redhat.com","username":"jlibosva"},"change_message_id":"8c2f6df0f03ea1805c6802dd3d2651289c34f542","unresolved":false,"context_lines":[{"line_number":675,"context_line":"                break"},{"line_number":676,"context_line":""},{"line_number":677,"context_line":""},{"line_number":678,"context_line":"class DelAddrSetCommand(command.BaseCommand):"},{"line_number":679,"context_line":"    def __init__(self, api, name, if_exists):"},{"line_number":680,"context_line":"        super(DelAddrSetCommand, self).__init__(api)"},{"line_number":681,"context_line":"        self.name \u003d name"}],"source_content_type":"text/x-python","patch_set":5,"id":"ff570b3c_c7ee3ab3","line":678,"in_reply_to":"ff570b3c_47e06afb","updated":"2020-06-10 07:47:36.000000000","message":"same answer :)","commit_id":"9cbbd8de53db18a5388d109174a464dcd96ab78b"}],"neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/impl_idl_ovn.py":[{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"466da783653abe3ac54741c2dd970de1fe0690a6","unresolved":false,"context_lines":[{"line_number":373,"context_line":"        return cmd.DelStaticRouteCommand(self, lrouter, ip_prefix, nexthop,"},{"line_number":374,"context_line":"                                         if_exists)"},{"line_number":375,"context_line":""},{"line_number":376,"context_line":"    def delete_address_set(self, name, if_exists\u003dTrue, **columns):"},{"line_number":377,"context_line":"        return cmd.DelAddrSetCommand(self, name, if_exists)"},{"line_number":378,"context_line":""},{"line_number":379,"context_line":"    def _get_logical_router_port_gateway_chassis(self, lrp):"}],"source_content_type":"text/x-python","patch_set":5,"id":"ff570b3c_87e1e2ff","line":376,"updated":"2020-06-10 07:28:09.000000000","message":"and here :)","commit_id":"9cbbd8de53db18a5388d109174a464dcd96ab78b"},{"author":{"_account_id":8655,"name":"Jakub Libosvar","email":"libosvar@redhat.com","username":"jlibosva"},"change_message_id":"8c2f6df0f03ea1805c6802dd3d2651289c34f542","unresolved":false,"context_lines":[{"line_number":373,"context_line":"        return cmd.DelStaticRouteCommand(self, lrouter, ip_prefix, nexthop,"},{"line_number":374,"context_line":"                                         if_exists)"},{"line_number":375,"context_line":""},{"line_number":376,"context_line":"    def delete_address_set(self, name, if_exists\u003dTrue, **columns):"},{"line_number":377,"context_line":"        return cmd.DelAddrSetCommand(self, name, if_exists)"},{"line_number":378,"context_line":""},{"line_number":379,"context_line":"    def _get_logical_router_port_gateway_chassis(self, lrp):"}],"source_content_type":"text/x-python","patch_set":5,"id":"ff570b3c_47386a3c","line":376,"in_reply_to":"ff570b3c_87e1e2ff","updated":"2020-06-10 07:47:36.000000000","message":"and here is also same answer :)","commit_id":"9cbbd8de53db18a5388d109174a464dcd96ab78b"}],"neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py":[{"author":{"_account_id":23804,"name":"Daniel Alvarez","email":"dalvarez@redhat.com","username":"dalvarez"},"change_message_id":"6ec246cdb0448c4b9636a892908b0e4ec19acd55","unresolved":false,"context_lines":[{"line_number":396,"context_line":"            # is dropped by default."},{"line_number":397,"context_line":"            if not utils.is_lsp_trusted(port) or port_info.port_security:"},{"line_number":398,"context_line":"                self._add_port_to_drop_port_group(port_cmd, txn)"},{"line_number":399,"context_line":"            # For SGs modelled as OVN Port Groups, just add the port to"},{"line_number":400,"context_line":"            # its Port Group."},{"line_number":401,"context_line":"            for sg in sg_ids:"},{"line_number":402,"context_line":"                txn.add(self._nb_idl.pg_add_ports("},{"line_number":403,"context_line":"                    utils.ovn_port_group_name(sg), port_cmd))"}],"source_content_type":"text/x-python","patch_set":2,"id":"ff570b3c_179c0b69","line":400,"range":{"start_line":399,"start_character":0,"end_line":400,"end_character":29},"updated":"2020-06-08 15:14:09.000000000","message":"Actually now all are modelled as port groups right?","commit_id":"c82c5fe54379f9271f23525fe0cd870d3a485915"},{"author":{"_account_id":8655,"name":"Jakub Libosvar","email":"libosvar@redhat.com","username":"jlibosva"},"change_message_id":"8872171fc027bb0b090c84398142c23d0f3ab720","unresolved":false,"context_lines":[{"line_number":396,"context_line":"            # is dropped by default."},{"line_number":397,"context_line":"            if not utils.is_lsp_trusted(port) or port_info.port_security:"},{"line_number":398,"context_line":"                self._add_port_to_drop_port_group(port_cmd, txn)"},{"line_number":399,"context_line":"            # For SGs modelled as OVN Port Groups, just add the port to"},{"line_number":400,"context_line":"            # its Port Group."},{"line_number":401,"context_line":"            for sg in sg_ids:"},{"line_number":402,"context_line":"                txn.add(self._nb_idl.pg_add_ports("},{"line_number":403,"context_line":"                    utils.ovn_port_group_name(sg), port_cmd))"}],"source_content_type":"text/x-python","patch_set":2,"id":"ff570b3c_37f2ef70","line":400,"range":{"start_line":399,"start_character":0,"end_line":400,"end_character":29},"in_reply_to":"ff570b3c_179c0b69","updated":"2020-06-08 15:21:30.000000000","message":"Done","commit_id":"c82c5fe54379f9271f23525fe0cd870d3a485915"}],"neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py":[{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"751de0cf4d681c83302acb5eb9f8a767528910cf","unresolved":false,"context_lines":[{"line_number":72,"context_line":"        self.l3_plugin \u003d directory.get_plugin(plugin_constants.L3)"},{"line_number":73,"context_line":"        self._ovn_client \u003d None"},{"line_number":74,"context_line":"        if sb_ovn:"},{"line_number":75,"context_line":"            self._ovn_client \u003d ovn_client.OVNClient(ovn_api, sb_ovn)"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"    def stop(self):"},{"line_number":78,"context_line":"        if utils.is_ovn_l3(self.l3_plugin):"}],"source_content_type":"text/x-python","patch_set":2,"id":"ff570b3c_a9d4e9bc","line":75,"updated":"2020-06-08 10:49:10.000000000","message":"I don\u0027t understand this change. Why do we need it?\n\nShould we implement something like a \"ovn_client\" property to lazy instantiate the OVNClient?","commit_id":"c82c5fe54379f9271f23525fe0cd870d3a485915"},{"author":{"_account_id":8655,"name":"Jakub Libosvar","email":"libosvar@redhat.com","username":"jlibosva"},"change_message_id":"4c5ae935aa687b5fb29807c9a6d8a75d9e01f5b7","unresolved":false,"context_lines":[{"line_number":72,"context_line":"        self.l3_plugin \u003d directory.get_plugin(plugin_constants.L3)"},{"line_number":73,"context_line":"        self._ovn_client \u003d None"},{"line_number":74,"context_line":"        if sb_ovn:"},{"line_number":75,"context_line":"            self._ovn_client \u003d ovn_client.OVNClient(ovn_api, sb_ovn)"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"    def stop(self):"},{"line_number":78,"context_line":"        if utils.is_ovn_l3(self.l3_plugin):"}],"source_content_type":"text/x-python","patch_set":2,"id":"ff570b3c_b43a80c1","line":75,"in_reply_to":"ff570b3c_a9d4e9bc","updated":"2020-06-08 11:07:43.000000000","message":"Good catch! I don\u0027t think this is needed in this change. I moved the migration from the maintenance task to the pre-commit of mech driver and I needed an instance of this class to call migrate_to_port_groups() but it doesn\u0027t require sb_ovn, so I made this change, I can remove it. Thanks for catching this.","commit_id":"c82c5fe54379f9271f23525fe0cd870d3a485915"},{"author":{"_account_id":11952,"name":"Flavio Fernandes","email":"flavio@flaviof.com","username":"ffernand"},"change_message_id":"fc4547ab477dcfe6b3f15c1a08f2e57905fa08d9","unresolved":false,"context_lines":[{"line_number":1126,"context_line":"                # all the ACLs belonging to that Logical Switch."},{"line_number":1127,"context_line":"                txn.add(self.ovn_api.acl_del(utils.ovn_name(net[\u0027id\u0027])))"},{"line_number":1128,"context_line":""},{"line_number":1129,"context_line":"    def _create_default_drop_port_group(self, db_ports):"},{"line_number":1130,"context_line":"        with self.ovn_api.transaction(check_error\u003dTrue) as txn:"},{"line_number":1131,"context_line":"            pg_name \u003d ovn_const.OVN_DROP_PORT_GROUP_NAME"},{"line_number":1132,"context_line":"            if not self.ovn_api.get_port_group(pg_name):"},{"line_number":1133,"context_line":"                # If drop Port Group doesn\u0027t exist yet, create it."},{"line_number":1134,"context_line":"                txn.add(self.ovn_api.pg_add(pg_name, acls\u003d[]))"},{"line_number":1135,"context_line":"                # Add ACLs to this Port Group so that all traffic is dropped."},{"line_number":1136,"context_line":"                acls \u003d acl_utils.add_acls_for_drop_port_group(pg_name)"},{"line_number":1137,"context_line":"                for acl in acls:"},{"line_number":1138,"context_line":"                    txn.add(self.ovn_api.pg_acl_add(**acl))"},{"line_number":1139,"context_line":"            ports_ids \u003d [port[\u0027id\u0027] for port in db_ports]"},{"line_number":1140,"context_line":"            # Add the ports to the default Port Group"},{"line_number":1141,"context_line":"            txn.add(self.ovn_api.pg_add_ports(pg_name, ports_ids))"},{"line_number":1142,"context_line":""},{"line_number":1143,"context_line":"    def _create_sg_port_groups_and_acls(self, ctx, db_ports):"},{"line_number":1144,"context_line":"        # Create a Port Group per Neutron Security Group"}],"source_content_type":"text/x-python","patch_set":5,"id":"ff570b3c_f3ca079f","side":"PARENT","line":1141,"range":{"start_line":1129,"start_character":1,"end_line":1141,"end_character":66},"updated":"2020-06-11 13:47:11.000000000","message":"Any reason why this is not needed anymore? It is a pg, right?","commit_id":"c6e5e119b84a7d55e539509050ce56236ebf57c6"},{"author":{"_account_id":11952,"name":"Flavio Fernandes","email":"flavio@flaviof.com","username":"ffernand"},"change_message_id":"2472e89641eb24f98be3d2377a82d3b94b5009b5","unresolved":false,"context_lines":[{"line_number":1126,"context_line":"                # all the ACLs belonging to that Logical Switch."},{"line_number":1127,"context_line":"                txn.add(self.ovn_api.acl_del(utils.ovn_name(net[\u0027id\u0027])))"},{"line_number":1128,"context_line":""},{"line_number":1129,"context_line":"    def _create_default_drop_port_group(self, db_ports):"},{"line_number":1130,"context_line":"        with self.ovn_api.transaction(check_error\u003dTrue) as txn:"},{"line_number":1131,"context_line":"            pg_name \u003d ovn_const.OVN_DROP_PORT_GROUP_NAME"},{"line_number":1132,"context_line":"            if not self.ovn_api.get_port_group(pg_name):"},{"line_number":1133,"context_line":"                # If drop Port Group doesn\u0027t exist yet, create it."},{"line_number":1134,"context_line":"                txn.add(self.ovn_api.pg_add(pg_name, acls\u003d[]))"},{"line_number":1135,"context_line":"                # Add ACLs to this Port Group so that all traffic is dropped."},{"line_number":1136,"context_line":"                acls \u003d acl_utils.add_acls_for_drop_port_group(pg_name)"},{"line_number":1137,"context_line":"                for acl in acls:"},{"line_number":1138,"context_line":"                    txn.add(self.ovn_api.pg_acl_add(**acl))"},{"line_number":1139,"context_line":"            ports_ids \u003d [port[\u0027id\u0027] for port in db_ports]"},{"line_number":1140,"context_line":"            # Add the ports to the default Port Group"},{"line_number":1141,"context_line":"            txn.add(self.ovn_api.pg_add_ports(pg_name, ports_ids))"},{"line_number":1142,"context_line":""},{"line_number":1143,"context_line":"    def _create_sg_port_groups_and_acls(self, ctx, db_ports):"},{"line_number":1144,"context_line":"        # Create a Port Group per Neutron Security Group"}],"source_content_type":"text/x-python","patch_set":5,"id":"ff570b3c_f3a96790","side":"PARENT","line":1141,"range":{"start_line":1129,"start_character":1,"end_line":1141,"end_character":66},"in_reply_to":"ff570b3c_d35b83f3","updated":"2020-06-11 13:55:42.000000000","message":"Ack! TY","commit_id":"c6e5e119b84a7d55e539509050ce56236ebf57c6"},{"author":{"_account_id":8655,"name":"Jakub Libosvar","email":"libosvar@redhat.com","username":"jlibosva"},"change_message_id":"8d94bfeb3a2c55d5b488457d19319324f36d194b","unresolved":false,"context_lines":[{"line_number":1126,"context_line":"                # all the ACLs belonging to that Logical Switch."},{"line_number":1127,"context_line":"                txn.add(self.ovn_api.acl_del(utils.ovn_name(net[\u0027id\u0027])))"},{"line_number":1128,"context_line":""},{"line_number":1129,"context_line":"    def _create_default_drop_port_group(self, db_ports):"},{"line_number":1130,"context_line":"        with self.ovn_api.transaction(check_error\u003dTrue) as txn:"},{"line_number":1131,"context_line":"            pg_name \u003d ovn_const.OVN_DROP_PORT_GROUP_NAME"},{"line_number":1132,"context_line":"            if not self.ovn_api.get_port_group(pg_name):"},{"line_number":1133,"context_line":"                # If drop Port Group doesn\u0027t exist yet, create it."},{"line_number":1134,"context_line":"                txn.add(self.ovn_api.pg_add(pg_name, acls\u003d[]))"},{"line_number":1135,"context_line":"                # Add ACLs to this Port Group so that all traffic is dropped."},{"line_number":1136,"context_line":"                acls \u003d acl_utils.add_acls_for_drop_port_group(pg_name)"},{"line_number":1137,"context_line":"                for acl in acls:"},{"line_number":1138,"context_line":"                    txn.add(self.ovn_api.pg_acl_add(**acl))"},{"line_number":1139,"context_line":"            ports_ids \u003d [port[\u0027id\u0027] for port in db_ports]"},{"line_number":1140,"context_line":"            # Add the ports to the default Port Group"},{"line_number":1141,"context_line":"            txn.add(self.ovn_api.pg_add_ports(pg_name, ports_ids))"},{"line_number":1142,"context_line":""},{"line_number":1143,"context_line":"    def _create_sg_port_groups_and_acls(self, ctx, db_ports):"},{"line_number":1144,"context_line":"        # Create a Port Group per Neutron Security Group"}],"source_content_type":"text/x-python","patch_set":5,"id":"ff570b3c_d35b83f3","side":"PARENT","line":1141,"range":{"start_line":1129,"start_character":1,"end_line":1141,"end_character":66},"in_reply_to":"ff570b3c_f3ca079f","updated":"2020-06-11 13:49:35.000000000","message":"It is not needed anymore because we no longer create default drop on demand but when neutron-server starts:\nhttps://review.opendev.org/#/c/711404/","commit_id":"c6e5e119b84a7d55e539509050ce56236ebf57c6"},{"author":{"_account_id":11952,"name":"Flavio Fernandes","email":"flavio@flaviof.com","username":"ffernand"},"change_message_id":"fc4547ab477dcfe6b3f15c1a08f2e57905fa08d9","unresolved":false,"context_lines":[{"line_number":1182,"context_line":"                    utils.is_lsp_trusted(port) and"},{"line_number":1183,"context_line":"                    utils.is_port_security_enabled(port)]"},{"line_number":1184,"context_line":""},{"line_number":1185,"context_line":"        self._create_default_drop_port_group(db_ports)"},{"line_number":1186,"context_line":"        self._create_sg_port_groups_and_acls(ctx, db_ports)"},{"line_number":1187,"context_line":"        self._delete_address_sets(ctx)"},{"line_number":1188,"context_line":"        self._delete_acls_from_lswitches(ctx)"}],"source_content_type":"text/x-python","patch_set":5,"id":"ff570b3c_33c47f92","side":"PARENT","line":1185,"range":{"start_line":1185,"start_character":1,"end_line":1185,"end_character":54},"updated":"2020-06-11 13:47:11.000000000","message":"related to comment above ;)","commit_id":"c6e5e119b84a7d55e539509050ce56236ebf57c6"}],"neutron/tests/unit/common/ovn/test_acl.py":[{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"2c7dc21e944f618d90eae6471281d87e095e2bf8","unresolved":false,"context_lines":[{"line_number":15,"context_line":"from unittest import mock"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"from neutron_lib import constants as const"},{"line_number":18,"context_line":"from oslo_config import cfg"},{"line_number":19,"context_line":"from ovsdbapp.backend.ovs_idl import idlutils"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"from neutron.common.ovn import acl as ovn_acl"}],"source_content_type":"text/x-python","patch_set":4,"id":"ff570b3c_ffa7970a","line":18,"updated":"2020-06-09 13:52:24.000000000","message":"pep8: F401 \u0027oslo_config.cfg\u0027 imported but unused","commit_id":"3e23b13a2eae94d44419193f10a7a0723801233e"},{"author":{"_account_id":8655,"name":"Jakub Libosvar","email":"libosvar@redhat.com","username":"jlibosva"},"change_message_id":"2d29e0f0a95db31c025168d3aa20a0eaf78fff69","unresolved":false,"context_lines":[{"line_number":15,"context_line":"from unittest import mock"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"from neutron_lib import constants as const"},{"line_number":18,"context_line":"from oslo_config import cfg"},{"line_number":19,"context_line":"from ovsdbapp.backend.ovs_idl import idlutils"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"from neutron.common.ovn import acl as ovn_acl"}],"source_content_type":"text/x-python","patch_set":4,"id":"ff570b3c_dfc45311","line":18,"in_reply_to":"ff570b3c_ffa7970a","updated":"2020-06-09 14:21:12.000000000","message":"Done","commit_id":"3e23b13a2eae94d44419193f10a7a0723801233e"}]}