From 3c015c1fa12a261207da160800482d7f426ceb1f Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Fri, 16 Aug 2024 14:31:34 +0100 Subject: [PATCH] Pass revision_id when assigning/removing SGs Signed-off-by: Stephen Finucane Closes: #2630 --- pkg/openstack/loadbalancer_sg.go | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/pkg/openstack/loadbalancer_sg.go b/pkg/openstack/loadbalancer_sg.go index 875de31e32..b757a619c3 100644 --- a/pkg/openstack/loadbalancer_sg.go +++ b/pkg/openstack/loadbalancer_sg.go @@ -86,11 +86,8 @@ func applyNodeSecurityGroupIDForLB(network *gophercloud.ServiceClient, svcConf * } // Add the SG to the port - // TODO(dulek): This isn't an atomic operation. In order to protect from lost update issues we should use - // `revision_number` handling to make sure our update to `security_groups` field wasn't preceded - // by a different one. Same applies to a removal of the SG. newSGs := append(port.SecurityGroups, sg) - updateOpts := neutronports.UpdateOpts{SecurityGroups: &newSGs} + updateOpts := neutronports.UpdateOpts{SecurityGroups: &newSGs, RevisionNumber: &port.RevisionNumber} mc := metrics.NewMetricContext("port", "update") res := neutronports.Update(context.TODO(), network, port.ID, updateOpts) if mc.ObserveRequest(res.Err) != nil { @@ -121,9 +118,7 @@ func disassociateSecurityGroupForLB(network *gophercloud.ServiceClient, sg strin // Update port security groups newSGs := existingSGs.List() - // TODO(dulek): This should be done using Neutron's revision_number to make sure - // we don't trigger a lost update issue. - updateOpts := neutronports.UpdateOpts{SecurityGroups: &newSGs} + updateOpts := neutronports.UpdateOpts{SecurityGroups: &newSGs, RevisionNumber: &port.RevisionNumber} mc := metrics.NewMetricContext("port", "update") res := neutronports.Update(context.TODO(), network, port.ID, updateOpts) if mc.ObserveRequest(res.Err) != nil {