octavia 13.0.0__py3-none-any.whl → 13.0.1__py3-none-any.whl

octavia/controller/worker/v2/tasks/lifecycle_tasks.py

@@ -54,15 +54,22 @@ class HealthMonitorToErrorOnRevertTask(BaseLifecycleTask):
         pass
 
     def revert(self, health_mon, listeners, loadbalancer, *args, **kwargs):
-        self.task_utils.mark_health_mon_prov_status_error(
-            health_mon[constants.HEALTHMONITOR_ID])
-        self.task_utils.mark_pool_prov_status_active(
-            health_mon[constants.POOL_ID])
+        try:
+            self.task_utils.mark_health_mon_prov_status_error(
+                health_mon[constants.HEALTHMONITOR_ID])
+            self.task_utils.mark_pool_prov_status_active(
+                health_mon[constants.POOL_ID])
+            for listener in listeners:
+                self.task_utils.mark_listener_prov_status_active(
+                    listener[constants.LISTENER_ID])
+        except Exception:
+            # Catching and skipping, errors are already reported by task_utils
+            # and we want to ensure that mark_loadbalancer_prov_status_active
+            # is called to unlock the LB (it will pass or it will fail after a
+            # very long timeout)
+            pass
         self.task_utils.mark_loadbalancer_prov_status_active(
             loadbalancer[constants.LOADBALANCER_ID])
-        for listener in listeners:
-            self.task_utils.mark_listener_prov_status_active(
-                listener[constants.LISTENER_ID])
 
 
 class L7PolicyToErrorOnRevertTask(BaseLifecycleTask):
@@ -72,12 +79,19 @@ class L7PolicyToErrorOnRevertTask(BaseLifecycleTask):
         pass
 
     def revert(self, l7policy, listeners, loadbalancer_id, *args, **kwargs):
-        self.task_utils.mark_l7policy_prov_status_error(
-            l7policy[constants.L7POLICY_ID])
+        try:
+            self.task_utils.mark_l7policy_prov_status_error(
+                l7policy[constants.L7POLICY_ID])
+            for listener in listeners:
+                self.task_utils.mark_listener_prov_status_active(
+                    listener[constants.LISTENER_ID])
+        except Exception:
+            # Catching and skipping, errors are already reported by task_utils
+            # and we want to ensure that mark_loadbalancer_prov_status_active
+            # is called to unlock the LB (it will pass or it will fail after a
+            # very long timeout)
+            pass
         self.task_utils.mark_loadbalancer_prov_status_active(loadbalancer_id)
-        for listener in listeners:
-            self.task_utils.mark_listener_prov_status_active(
-                listener[constants.LISTENER_ID])
 
 
 class L7RuleToErrorOnRevertTask(BaseLifecycleTask):
@@ -88,14 +102,21 @@ class L7RuleToErrorOnRevertTask(BaseLifecycleTask):
 
     def revert(self, l7rule, l7policy_id, listeners, loadbalancer_id, *args,
                **kwargs):
-        self.task_utils.mark_l7rule_prov_status_error(
-            l7rule[constants.L7RULE_ID])
-        self.task_utils.mark_l7policy_prov_status_active(l7policy_id)
+        try:
+            self.task_utils.mark_l7rule_prov_status_error(
+                l7rule[constants.L7RULE_ID])
+            self.task_utils.mark_l7policy_prov_status_active(l7policy_id)
+            for listener in listeners:
+                self.task_utils.mark_listener_prov_status_active(
+                    listener[constants.LISTENER_ID])
+        except Exception:
+            # Catching and skipping, errors are already reported by task_utils
+            # and we want to ensure that mark_loadbalancer_prov_status_active
+            # is called to unlock the LB (it will pass or it will fail after a
+            # very long timeout)
+            pass
         self.task_utils.mark_loadbalancer_prov_status_active(
             loadbalancer_id)
-        for listener in listeners:
-            self.task_utils.mark_listener_prov_status_active(
-                listener[constants.LISTENER_ID])
 
 
 class ListenerToErrorOnRevertTask(BaseLifecycleTask):
@@ -105,8 +126,15 @@ class ListenerToErrorOnRevertTask(BaseLifecycleTask):
         pass
 
     def revert(self, listener, *args, **kwargs):
-        self.task_utils.mark_listener_prov_status_error(
-            listener[constants.LISTENER_ID])
+        try:
+            self.task_utils.mark_listener_prov_status_error(
+                listener[constants.LISTENER_ID])
+        except Exception:
+            # Catching and skipping, errors are already reported by task_utils
+            # and we want to ensure that mark_loadbalancer_prov_status_active
+            # is called to unlock the LB (it will pass or it will fail after a
+            # very long timeout)
+            pass
         self.task_utils.mark_loadbalancer_prov_status_active(
             listener[constants.LOADBALANCER_ID])
 
@@ -118,9 +146,16 @@ class ListenersToErrorOnRevertTask(BaseLifecycleTask):
         pass
 
     def revert(self, listeners, *args, **kwargs):
-        for listener in listeners:
-            self.task_utils.mark_listener_prov_status_error(
-                listener[constants.LISTENER_ID])
+        try:
+            for listener in listeners:
+                self.task_utils.mark_listener_prov_status_error(
+                    listener[constants.LISTENER_ID])
+        except Exception:
+            # Catching and skipping, errors are already reported by task_utils
+            # and we want to ensure that mark_loadbalancer_prov_status_active
+            # is called to unlock the LB (it will pass or it will fail after a
+            # very long timeout)
+            pass
         self.task_utils.mark_loadbalancer_prov_status_active(
             listeners[0][constants.LOADBALANCER_ID])
 
@@ -154,12 +189,19 @@ class MemberToErrorOnRevertTask(BaseLifecycleTask):
 
     def revert(self, member, listeners, loadbalancer, pool_id, *args,
                **kwargs):
-        self.task_utils.mark_member_prov_status_error(
-            member[constants.MEMBER_ID])
-        for listener in listeners:
-            self.task_utils.mark_listener_prov_status_active(
-                listener[constants.LISTENER_ID])
-        self.task_utils.mark_pool_prov_status_active(pool_id)
+        try:
+            self.task_utils.mark_member_prov_status_error(
+                member[constants.MEMBER_ID])
+            for listener in listeners:
+                self.task_utils.mark_listener_prov_status_active(
+                    listener[constants.LISTENER_ID])
+            self.task_utils.mark_pool_prov_status_active(pool_id)
+        except Exception:
+            # Catching and skipping, errors are already reported by task_utils
+            # and we want to ensure that mark_loadbalancer_prov_status_active
+            # is called to unlock the LB (it will pass or it will fail after a
+            # very long timeout)
+            pass
         self.task_utils.mark_loadbalancer_prov_status_active(
             loadbalancer[constants.LOADBALANCER_ID])
 
@@ -172,13 +214,20 @@ class MembersToErrorOnRevertTask(BaseLifecycleTask):
 
     def revert(self, members, listeners, loadbalancer, pool_id, *args,
                **kwargs):
-        for m in members:
-            self.task_utils.mark_member_prov_status_error(
-                m[constants.MEMBER_ID])
-        for listener in listeners:
-            self.task_utils.mark_listener_prov_status_active(
-                listener[constants.LISTENER_ID])
-        self.task_utils.mark_pool_prov_status_active(pool_id)
+        try:
+            for m in members:
+                self.task_utils.mark_member_prov_status_error(
+                    m[constants.MEMBER_ID])
+            for listener in listeners:
+                self.task_utils.mark_listener_prov_status_active(
+                    listener[constants.LISTENER_ID])
+            self.task_utils.mark_pool_prov_status_active(pool_id)
+        except Exception:
+            # Catching and skipping, errors are already reported by task_utils
+            # and we want to ensure that mark_loadbalancer_prov_status_active
+            # is called to unlock the LB (it will pass or it will fail after a
+            # very long timeout)
+            pass
         self.task_utils.mark_loadbalancer_prov_status_active(
             loadbalancer[constants.LOADBALANCER_ID])
 
@@ -190,9 +239,16 @@ class PoolToErrorOnRevertTask(BaseLifecycleTask):
         pass
 
     def revert(self, pool_id, listeners, loadbalancer, *args, **kwargs):
-        self.task_utils.mark_pool_prov_status_error(pool_id)
+        try:
+            self.task_utils.mark_pool_prov_status_error(pool_id)
+            for listener in listeners:
+                self.task_utils.mark_listener_prov_status_active(
+                    listener[constants.LISTENER_ID])
+        except Exception:
+            # Catching and skipping, errors are already reported by task_utils
+            # and we want to ensure that mark_loadbalancer_prov_status_active
+            # is called to unlock the LB (it will pass or it will fail after a
+            # very long timeout)
+            pass
         self.task_utils.mark_loadbalancer_prov_status_active(
             loadbalancer[constants.LOADBALANCER_ID])
-        for listener in listeners:
-            self.task_utils.mark_listener_prov_status_active(
-                listener[constants.LISTENER_ID])

octavia/controller/worker/v2/tasks/network_tasks.py

@@ -583,11 +583,10 @@ class PlugVIPAmphora(BaseNetworkTask):
         """Handle a failure to plumb a vip."""
         if isinstance(result, failure.Failure):
             return
+        lb_id = loadbalancer[constants.LOADBALANCER_ID]
         LOG.warning("Unable to plug VIP for amphora id %s "
                     "load balancer id %s",
-                    amphora.get(constants.ID),
-                    loadbalancer[constants.LOADBALANCER_ID])
-
+                    amphora.get(constants.ID), lb_id)
         try:
             session = db_apis.get_session()
             with session.begin():
@@ -597,15 +596,16 @@ class PlugVIPAmphora(BaseNetworkTask):
                 db_amp.ha_port_id = result[constants.HA_PORT_ID]
                 db_subnet = self.network_driver.get_subnet(
                     subnet[constants.ID])
-                db_lb = self.loadbalancer_repo.get(
-                    session,
-                    id=loadbalancer[constants.LOADBALANCER_ID])
-
+                db_lb = self.loadbalancer_repo.get(session, id=lb_id)
             self.network_driver.unplug_aap_port(db_lb.vip,
                                                 db_amp, db_subnet)
         except Exception as e:
-            LOG.error('Failed to unplug AAP port. Resources may still be in '
-                      'use for VIP: %s due to error: %s', db_lb.vip, str(e))
+            LOG.error(
+                'Failed to unplug AAP port for load balancer: %s. '
+                'Resources may still be in use for VRRP port: %s. '
+                'Due to error: %s',
+                lb_id, result[constants.VRRP_PORT_ID], str(e)
+            )
 
 
 class UnplugVIP(BaseNetworkTask):
@@ -1044,10 +1044,9 @@ class CreateVIPBasePort(BaseNetworkTask):
             return
         try:
             port_name = constants.AMP_BASE_PORT_PREFIX + amphora_id
-            for port in result:
-                self.network_driver.delete_port(port.id)
-                LOG.info('Deleted port %s with ID %s for amphora %s due to a '
-                         'revert.', port_name, port.id, amphora_id)
+            self.network_driver.delete_port(result[constants.ID])
+            LOG.info('Deleted port %s with ID %s for amphora %s due to a '
+                     'revert.', port_name, result[constants.ID], amphora_id)
         except Exception as e:
             LOG.error('Failed to delete port %s. Resources may still be in '
                       'use for a port intended for amphora %s due to error '

octavia/db/base_models.py

@@ -12,6 +12,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from wsme import types as wtypes
+
 from oslo_db.sqlalchemy import models
 from oslo_utils import strutils
 from oslo_utils import uuidutils
@@ -19,6 +21,8 @@ import sqlalchemy as sa
 from sqlalchemy.orm import collections
 from sqlalchemy.orm import declarative_base
 
+from octavia.common import constants
+
 
 class OctaviaBase(models.ModelBase):
 
@@ -112,12 +116,20 @@ class OctaviaBase(models.ModelBase):
 
     @staticmethod
     def apply_filter(query, model, filters):
+        # Convert boolean filters to proper type
+        for key in filters:
+            attr = getattr(model.__v2_wsme__, key, None)
+            if isinstance(attr, wtypes.wsattr) and attr.datatype == bool:
+                filters[key] = strutils.bool_from_string(filters[key])
+        # Special case for 'enabled', it's 'admin_state_up' in the WSME class
+        # definition and the attribute has already been renamed to 'enabled' by
+        # a previous pagination filter
+        if constants.ENABLED in filters:
+            filters[constants.ENABLED] = strutils.bool_from_string(
+                filters[constants.ENABLED])
+
         translated_filters = {}
         child_map = {}
-        # Convert enabled to proper type
-        if 'enabled' in filters:
-            filters['enabled'] = strutils.bool_from_string(
-                filters['enabled'])
         for attr, name_map in model.__v2_wsme__._child_map.items():
             for k, v in name_map.items():
                 if attr in filters and k in filters[attr]:

octavia/db/repositories.py

@@ -40,6 +40,7 @@ from octavia.common import constants as consts
 from octavia.common import data_models
 from octavia.common import exceptions
 from octavia.common import validate
+from octavia.db import api as db_api
 from octavia.db import models
 
 CONF = cfg.CONF
@@ -364,8 +365,7 @@ class Repositories(object):
                                  provisioning_status=lb_prov_status)
         return success
 
-    def check_quota_met(self, session, lock_session, _class, project_id,
-                        count=1):
+    def check_quota_met(self, session: Session, _class, project_id, count=1):
         """Checks and updates object quotas.
 
         This method makes sure the project has available quota
@@ -373,7 +373,6 @@ class Repositories(object):
         new ussage.
 
         :param session: Context database session
-        :param lock_session: Locking database session (autocommit=False)
         :param _class: Data model object requesting quota
         :param project_id: Project ID requesting quota
         :param count: Number of objects we're going to create (default=1)
@@ -390,19 +389,14 @@ class Repositories(object):
         if not project_id:
             raise exceptions.MissingProjectID()
 
-        quotas = self.quotas.get(session, project_id=project_id)
-        if not quotas:
-            # Make sure we have a record to lock
-            self.quotas.update(
-                session,
-                project_id,
-                quota={})
+        self.quotas.ensure_project_exists(project_id)
+
         # Lock the project record in the database to block other quota checks
         #
         # Note: You cannot just use the current count as the in-use
         # value as we don't want to lock the whole resource table
         try:
-            quotas = (lock_session.query(models.Quotas)
+            quotas = (session.query(models.Quotas)
                       .filter_by(project_id=project_id)
                       .populate_existing()
                       .with_for_update()
@@ -1244,23 +1238,22 @@ class AmphoraRepository(BaseRepository):
         :param amphora_id: The amphora id to list the load balancers from
         :returns: [octavia.common.data_model]
         """
-        with session.begin():
-            db_lb = (
-                # Get LB records
-                session.query(models.LoadBalancer)
-                # Joined to amphora records
-                .filter(models.LoadBalancer.id ==
-                        models.Amphora.load_balancer_id)
-                # For just this amphora
-                .filter(models.Amphora.id == amphora_id)
-                # Where the amphora is not DELETED
-                .filter(models.Amphora.status != consts.DELETED)
-                # And the LB is also not DELETED
-                .filter(models.LoadBalancer.provisioning_status !=
-                        consts.DELETED)).first()
-            if db_lb:
-                return db_lb.to_data_model()
-            return None
+        db_lb = (
+            # Get LB records
+            session.query(models.LoadBalancer)
+            # Joined to amphora records
+            .filter(models.LoadBalancer.id ==
+                    models.Amphora.load_balancer_id)
+            # For just this amphora
+            .filter(models.Amphora.id == amphora_id)
+            # Where the amphora is not DELETED
+            .filter(models.Amphora.status != consts.DELETED)
+            # And the LB is also not DELETED
+            .filter(models.LoadBalancer.provisioning_status !=
+                    consts.DELETED)).first()
+        if db_lb:
+            return db_lb.to_data_model()
+        return None
 
     def get_cert_expiring_amphora(self, session):
         """Retrieves an amphora whose cert is close to expiring..
@@ -1884,11 +1877,6 @@ class L7PolicyRepository(BaseRepository):
 class QuotasRepository(BaseRepository):
     model_class = models.Quotas
 
-    # Since this is for the initial quota record creation it locks the table
-    # which can lead to recoverable deadlocks. Thus we use the deadlock
-    # retry wrapper here. This may not be appropriate for other sessions
-    # and or queries. Use with caution.
-    @oslo_db_api.wrap_db_retry(max_retries=5, retry_on_deadlock=True)
     def update(self, session, project_id, **model_kwargs):
         kwargs_quota = model_kwargs['quota']
         quotas = (
@@ -1905,6 +1893,19 @@ class QuotasRepository(BaseRepository):
         session.flush()
         return self.get(session, project_id=project_id)
 
+    # Since this is for the initial quota record creation it locks the table
+    # which can lead to recoverable deadlocks. Thus we use the deadlock
+    # retry wrapper here. This may not be appropriate for other sessions
+    # and or queries. Use with caution.
+    @oslo_db_api.wrap_db_retry(max_retries=5, retry_on_deadlock=True)
+    def ensure_project_exists(self, project_id):
+        with db_api.session().begin() as session:
+            quotas = self.get(session, project_id=project_id)
+            if not quotas:
+                # Make sure we have a record to lock
+                self.update(session, project_id, quota={})
+            session.commit()
+
     def delete(self, session, project_id):
         quotas = (
             session.query(self.model_class)

octavia/network/drivers/neutron/allowed_address_pairs.py

@@ -195,12 +195,13 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
             # Don't remove egress rules and don't confuse other protocols with
             # None ports with the egress rules.  VRRP uses protocol 51 and 112
             if (rule.get('direction') == 'egress' or
-                    rule.get('protocol').upper() not in
+                    rule.get('protocol') is None or
+                    rule['protocol'].upper() not in
                     [constants.PROTOCOL_TCP, constants.PROTOCOL_UDP,
                      lib_consts.PROTOCOL_SCTP]):
                 continue
             old_ports.append((rule.get('port_range_max'),
-                              rule.get('protocol').lower(),
+                              rule['protocol'].lower(),
                               rule.get('remote_ip_prefix')))
 
         add_ports = set(updated_ports) - set(old_ports)
@@ -364,12 +365,13 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
         """
         try:
             for amphora in vip.load_balancer.amphorae:
-                try:
-                    self.network_proxy.delete_port(amphora.vrrp_port_id)
-                except os_exceptions.ResourceNotFound:
-                    LOG.debug(
-                        'VIP instance port %s already deleted. Skipping.',
-                        amphora.vrrp_port_id)
+                if amphora.vrrp_port_id:
+                    try:
+                        self.network_proxy.delete_port(amphora.vrrp_port_id)
+                    except os_exceptions.ResourceNotFound:
+                        LOG.debug(
+                            'VIP instance port %s already deleted. Skipping.',
+                            amphora.vrrp_port_id)
         except AttributeError as ex:
             LOG.warning(f"Cannot delete port from amphorae. Object does not "
                         f"exist ({ex!r})")

octavia/network/drivers/noop_driver/driver.py

@@ -204,8 +204,7 @@ class NoopManager(object):
                 return len(self.known_subnets) + 1
 
             def __iter__(self):
-                for subnet_id in self.known_subnets:
-                    yield subnet_id
+                yield from self.known_subnets
                 subnet = network_models.Subnet(id=uuidutils.generate_uuid(),
                                                network_id=self.network.id)
                 self.known_subnets[subnet.id] = subnet

octavia/tests/common/sample_certs.py

@@ -872,3 +872,118 @@ phYuPfZekoNbsOIPDTiPFniuP2saOF4TSRCW4KnpgblRkds6c8X+1ExdlSo5GjNa
 PftOKlYtE7T7Kw4CI9+O2H38IUOYjDt/c2twy954K4pKe4x9Ud8mImpS/oEzOsoz
 /Mn++bjO55LdaAUKQ3wa8LZ5WFB+Gs6b2kmBfzGarWEiX64=
 -----END X509 CRL-----"""
+
+# An invalid certificate due to no subject and no subjectAltName
+NOCN_NOSUBALT_CRT = b"""-----BEGIN CERTIFICATE-----
+MIIE4zCCAsugAwIBAgIUTo7POpWDLecy0B7fY2OAbLztmswwDQYJKoZIhvcNAQEL
+BQAwADAgFw0yMzExMjIyMjE4MzBaGA8yMTIzMTAyOTIyMTgzMFowADCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAPClqkTqRyjlp+LXE4oElYGvg7y710yZ
+pR96TNqgugXxNLmIgzx2A3wWJ77z6qn3XoTFEXNnT6f4WrVr1Eh5/Zd1ioyj1r0G
+hIuEWMkm42UsTv+bId6BkXrr4wTgXgU+ss82dmRsYArV1b+c+89oYlEjQorhQ6eT
+2aWnt1XJbtpgRYCy5DsBKg1Iq63QRXp5svEr4iX+jAiDCQnBBLhrkfMUf8zuMCev
+Ij5119OGY5ihLuopIZi6OurA0fyN9e2MFlnYmWcxSZu49+6yBnXGmhmev3qzWj1+
+9DA50Pqu+NS9rVpYBNhhKuBTBxaTeZPDAl67DC2Mc8TFI1OfpiOwb+w/ewRYznry
+ZceASFovPFsAlUddwu/94sxgUSCmSE81Op+VlXS0LRgg8o/OZHp/eFsG2NM0OGAH
+v2uJly4OTPTd/kT50zViX3wJlRYIH+4szSjpbNXE0aF+cqQ56PBrGEe6j+SaGZEV
+6k4N9WMHNipffkq10N2d6fkRQjAD9B7gHOB6AAQ1mxoZtgchCKL7E8FuA803Yx8B
+a7h9J65SJq9nbr0z4eTscFZPulW8wMZT/ZeooQJJWqvA+g2FZf0dExk46gqU3F2F
+IRMvfGzSbIQF7bp/Yj4fLMUwLVaYv6NNdzhI+/eC0wVDWwbQ2rZkkvcvysSteGT4
+IDuFKuIWt4UnAgMBAAGjUzBRMB0GA1UdDgQWBBSEDhho9+R5JhsAZlQ0wU4Rjbqn
+OjAfBgNVHSMEGDAWgBSEDhho9+R5JhsAZlQ0wU4RjbqnOjAPBgNVHRMBAf8EBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAZ8E7l2H56z08yJiAa5DFmT8jmBHUCoJlM
+HiZSn04mtzZEfho/21Zdnb2Pa2SDrRkVXmrO+DebO5sK1Kn/EFC9P3SAOeZ3LB+m
+bJUX4WGEJ+7fv9uVRwSRfF21Lxo9QFgSVfQlQAhmXcKCE/8VtKB34oOZRhR8tAxH
+I4VvHUPyCT8ZwNhofP2TYHEjRi/4fsXueBH4kBHDy0/pyHMy1b5crWQAjlOhFXhW
++qauSXkbIXNXd+wX23UF2uQ8YH819V7cHAidx9ikwn6HC5hxXjzMjViDwI451V6Q
+eAgrVuKTgx6cdnd2mgra8k7Bd2S+uTxwcrzVVzNfF+D2Al43xgeFF02M8Wp6ZDsh
+3/mJ7NOJGTJbXLRP+u73PEh1mGGU8H2QoGvaRO7R599sbmU4LedWX/VJc2GXojzF
+ibPWaMkKtX31QiOeNiLTMSkUWiyDTvzFW2ErqyzARv/yYFcEixEFl1GV8Bqb+ujj
+cxO5/y9cK6aM+qPb/FrXivXQsNArrpE3T1C54RvhUWOi+kyCiV/mDIG+oOp7sfZ5
+tBPenwWB2/LGS4rS67jZdwyIC5UbVySaVxtqJrdQXTRNjGfj2m963CHbiaQLSoSF
+2Zh2e8W4ixo6k6mhih2YjZVtpHrXyzNEtHT9HpPHDeElVcWteIceZMI2Ah0C6Ggj
+uTbEBYW85Q==
+-----END CERTIFICATE-----"""
+
+# A certificate with no subject but with Subject Alternative Name
+NOCN_SUBALT_CRT = b"""-----BEGIN CERTIFICATE-----
+MIIFAjCCAuqgAwIBAgIUNjJqSdaJ9FsivfRHbXpdmcZgJR4wDQYJKoZIhvcNAQEL
+BQAwADAgFw0yMzExMzAyMTQyNTVaGA8yMTIzMTEwNjIxNDI1NVowADCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKA8+0iJzx51kTufmIpxGCM/KUFWdJ0U
+MmOPN1NmySNaj6nGI/Ix6m13A5SaezhbRlJvEwN7Hqg+tl+fqu0RgtQOXfBDMiJm
++kAl0CQiOH7XU41P6fyk/QL8WF3VVGBtawTWn3x9Jw7Itd/zFr+aepQOj5LIwcx1
+ncHXreWdMLqDa7PpW1Ru6BW0FKVxX6WYQr2PI08nEIxu6DzLcaLHktRyNYg7r9X9
+a0tLZcp5MCBG3h3EtVgUkL9qw8q6acJpDGBF7ssRTNDf3QUSg0jrfzkD9WJCi631
+tefdAkDNIZXGZggbWsDGPseX4JG9p7WGzPx5QY2DkMqDJqi6FoS35tT+WNcY0n9V
+oBQXtXFV/AqOC070NwrhxsNA3cBbpRqEQYJsIDaXq0cmFR4aoDWk4OXqs7I+dpyi
+MFeRHEU7h4DpwzaOmOyaSmzsZqEMG2lsdJZmC+fIFkyKtP0BQv/movWY25oJSpF5
+4Q/PdwKn6PFO2bRVSLStlrhpuqXw2+CzlQT6YCAz+ajqDnn/w8NIrT6y+DiFd+kt
+WCed/o4ZBzsxOexRph+t0bdkTmR8PNpnHwcxzVN33gCSc6Q5DW1/M2V8VGYqnPd/
+taEaMlHm/wQ3y2/aH/tkyq85PM5tqCbUscD4TUZ7R6kb0k83Ak2iZOM5RHb4zc4p
+mreNKLPfgrQ7AgMBAAGjcjBwMB0GA1UdDgQWBBT6/yXwr+5BhORB3cUkrrSgnreq
+NTAfBgNVHSMEGDAWgBT6/yXwr+5BhORB3cUkrrSgnreqNTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdEQEB/wQTMBGCD3d3dy5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsF
+AAOCAgEAjxrBZ3v6wK7oZWvrzFV+aCs+KkoUkK0Y61TM4SCbWIT8oinN68nweha5
+p48Jp+hSBHEsj9h0opHezihduKh5IVM7KtbcXn1GSeN2hmyAAPm/MbxyD+l+UEfB
+G/behQcsYdVXXog7nwD2NXINvra8KGPqA7n/BnQ7RsxBXHVa9+IHF2L4LpbcvG7G
+Ci/jmLSBk7Gi/75TsFphHAhfomovfnnNykfJ0u99ew14MxVmRWbZ+rbpMsUL/AhV
+h8VujkfUs1hFbdxePTVyHwplqH65yjzzQ18q8CX7kMGi9sz2k8xJS04Nz0x1l7xQ
+JDuhFMDDrcyb7vAqG7BHQ9zXWJ3IkTg9WrbfkOyTqQsJeInToWQybmr/7lY3PmC2
+e/X0zNABF+ypX29RrKzWL+KfpbslysZIEPLEW28qAh3KOyml1du+lbDSNtcHxQcT
+bnvz2rQlAYE70Ds3znLLuMXbq8GtS+h8EYH1jxcjZD9DAPhxi37v8QSY/ABIBGE2
+lfbhbzZ5OWQLMA0L1tbTg7bG5JGoi/GmPl4oA+Dbz3+8Yd/v8XJUzQgI221tx+T+
+isog5o96m62pW6hd1R+eZjVAOVMT/OxecJ9eIVva8EiZwu1Ja9arBkuhIBVK2htm
+PVi6J1iFUrPZG+QrK/ZePo4xE06Lm31dr8pxdZ7Y860owwIuHfA=
+-----END CERTIFICATE-----"""
+
+NOCN_SUBALT_KEY = b"""-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCgPPtIic8edZE7
+n5iKcRgjPylBVnSdFDJjjzdTZskjWo+pxiPyMeptdwOUmns4W0ZSbxMDex6oPrZf
+n6rtEYLUDl3wQzIiZvpAJdAkIjh+11ONT+n8pP0C/Fhd1VRgbWsE1p98fScOyLXf
+8xa/mnqUDo+SyMHMdZ3B163lnTC6g2uz6VtUbugVtBSlcV+lmEK9jyNPJxCMbug8
+y3Gix5LUcjWIO6/V/WtLS2XKeTAgRt4dxLVYFJC/asPKumnCaQxgRe7LEUzQ390F
+EoNI6385A/ViQout9bXn3QJAzSGVxmYIG1rAxj7Hl+CRvae1hsz8eUGNg5DKgyao
+uhaEt+bU/ljXGNJ/VaAUF7VxVfwKjgtO9DcK4cbDQN3AW6UahEGCbCA2l6tHJhUe
+GqA1pODl6rOyPnacojBXkRxFO4eA6cM2jpjsmkps7GahDBtpbHSWZgvnyBZMirT9
+AUL/5qL1mNuaCUqReeEPz3cCp+jxTtm0VUi0rZa4abql8Nvgs5UE+mAgM/mo6g55
+/8PDSK0+svg4hXfpLVgnnf6OGQc7MTnsUaYfrdG3ZE5kfDzaZx8HMc1Td94AknOk
+OQ1tfzNlfFRmKpz3f7WhGjJR5v8EN8tv2h/7ZMqvOTzObagm1LHA+E1Ge0epG9JP
+NwJNomTjOUR2+M3OKZq3jSiz34K0OwIDAQABAoICABC+7r/g7w1O2hOyFR36vbwJ
+QMV8RImZ774p3G1R45lXQIZMl7sa7lXsRyqDjncQSuQYiZMmjcilbSfHJvTJjLOe
+oMCYNSgVPPfxO7RbAy52UFwHSvvFPk/OkWmU/tFo/fMuftJive80mJVD8U+q1D6e
+2vBLHL3CWO9GG/1QFSSY0Wum6o2DXavO+w1jMMy8gdUPnXALNBaJDKo11LVfR//9
+w4xuOG0To9/ljEjBq37kCRhxU0ZWN95ZSQbpvl273rg89rywHSgDDTUXfzLisZQC
+zuUq8TAH6q/FkBO3nFfruQQF39EfprXzMFvqxxkYclm8TlZ8tmgDlsmxUOMj2PKl
+H9kWDC5YkynfkxltKgiEJ9Kc3pZnfaScABnz0GySsZN71bUbr7fBqwH0LhbZiQqa
+b9pWcbyKuGFJ56gVsokVHcpKnKmKHedtmL33oJzI3iWYZls/mPejmkwIWt1i3F7c
+ZnhDJJp3gWgzZzSyV5OjZ05SIrM9er9r+WqS75ns7vKEzhgzpHdZuUR2jNNVu/EA
+rCnsebUtemr0tDYxhI5BcPgj3fzq02u7plJUFIwlPrpMxZ8VBJgoSwT7Di5qpHnt
+LmiGoqRM+vVXiWshops1I7q7zLCgvP+Difi4KNjap/lBsj7hiB7alZTrMVVAXiBr
+Ia++3L38ga5DJ+SHDzjBAoIBAQDNUG4URQD/j0E3pS4zn4wezSp0wOTKKIw2Z6oU
+02reZq9uFLIt+/74DVy3NZm3tBgeSakYUZeDB8zpog3mGpkPAHpwObB/fPbMYmst
+cCnXYDf9Uvb7k287a0GIbCOXwkHSrgRwznAZ4EQp6E0nZSoLbyZiC+uhYEVZgQQo
+JswsjKCSaL7o/4XXQOi6Mdsd4BX7aVVKjYrQZ8TkkCsMYFdQMSL1fB8DW4Q+Ixco
+6BGXPoaav/2XOb0HGBmrXX/yqllA8rw0U7RNLgsE7gZIlltGeTsQMeo/+w5+LJKt
+HOhhEUHITJkRZ7P/S8OdXXoVCNiUzCxGy/LrHW/AWu0t1WWbAoIBAQDHy9Allaod
+WDxdbe5G5ke03WFcPoVAxOWu0mloaFdbd7Ec39y4vr1hxRZz+SEUdouCie1nVB3P
+sj2lPJ44qKS8triqNCuEalpMHaTBdIyjItqh1l66fLA1/FYxAM7cxcz5rBVK2zvf
+KrT3LNmzVpbltl3nPQhvAKEV8zEdSVze6Z0K6QbZP8WfPtCiQYMAjeNu48AIp/+t
+pxJbkcmWLIYixfiJbHfe0LUu/P3rk0WDCHnheVzOTSE8XzGqnIxyv6w4rYOl9IeT
+SnYublICJHOTp6gKuiIieGD7TC14DB8vYbSc0+opIvYYItcS//laLOD+eLUgZx5K
+Wb4ubbosnyXhAoIBAFGzQsqgFuCbQemBupviTmDnZZCmPaTQc9Mmd0DoTGuJ0x9r
+7udrkq9kqdNh6fR3Hu3WhApgVXlXvkvuJ7e8N9IHb7F+02Q39wGn3FxteMjyyfTt
+ccj0h1vOt3oxBgzayVSr2KqHC4bQfm9quGEH2a5JIa38blx+MbqHI39SyQalQzRf
+qDCRldHtS27kbfw6cqTj6oPLRUTfNjN5xxeassP/eZjUNocggMQ1NH8bsfxMbkXg
+RmpKGJVdGsHdaA/Jh9DXhtsPv/zCaLIiga+a3WFy1nUAV+Xz4nWFCS0IBtSxiErL
+aFHLwY3CuWnCi9UY+w5jHO9jMxwqT5Ds3drSQycCggEBALoewFEy4d0iRGGYtb6w
+aJ4xGLBwwXt7sKcx9eXARZi8oG5QkHI9pXg9vFPfAZTpdb7uNAzszDSeS1TxakdH
+uubdpJtRrDRXSrTbbI6Wvyh9oIPgijBZVWGFJtnRceMyFGeFifRI1LZpN1mHG2o4
+QKvPPhzau0+Em4syGE+69tvlblkqiSm6gaN+RabRNnM+ul6jpVGrBsBDAhPxdIQE
+CBS+rW9/bw9PB2m1XemlML0HGVsUzoKUUWDHISJZYXDH42yNHzVq3R014XARby31
+vQEQzrbnfEL2NwoChdzuFeLytujddKZLnksPsaFOeYAqjJIh6kE8Lnh+r27a4vMM
+cqECggEAAx1DVI43AMBfSbAs5C41vjRdjMrZtxfKIpFjj1whGj/JzLKdMdqqH+Ai
++R6NI7IB88pGHlCOmdEpfbr4Cq1ZnizA3yLV9sluMz1bpHlIDsCIp+1VkQYKfsEv
+upZy82MtfGtG3BSLn+GCTzLJcTN6KINg98Xivp/WsRAEvwT/w1o4iJMgzKmTET2I
+UGJfZcF0WeSVo34FNArfXyfXPvPV7mi08Z6fQuUnFvH9tGZs5Y9mUUSgXXEDSjKY
+ZHliqmDNGub7rMy6/0wDOWiS4pi/w8FeCyBvbx23rj6i+FLO6GK+5B7TaCxjOVbk
+SYVTfCHpvJIgjRkRMP2yZCk3g6T4XA==
+-----END PRIVATE KEY-----"""

octavia/tests/functional/api/v2/base.py

@@ -140,7 +140,7 @@ class BaseAPITest(base_db_test.OctaviaDBTestBase):
         self.addCleanup(reset_pecan)
 
     def start_quota_mock(self, object_type):
-        def mock_quota(session, lock_session, _class, project_id, count=1):
+        def mock_quota(session, _class, project_id, count=1):
             return _class == object_type
         check_quota_met_true_mock = mock.patch(
             'octavia.db.repositories.Repositories.check_quota_met',

octavia/tests/functional/api/v2/test_health_monitor.py

@@ -1782,6 +1782,24 @@ class TestHealthMonitor(base.BaseAPITest):
             pool_prov_status=constants.PENDING_UPDATE,
             hm_prov_status=constants.PENDING_UPDATE)
 
+    def test_update_udp_case_with_udp_hm(self):
+        api_hm = self.create_health_monitor(
+            self.udp_pool_with_listener_id,
+            constants.HEALTH_MONITOR_UDP_CONNECT, 3, 1, 1, 1).get(
+            self.root_tag)
+        self.set_lb_status(self.udp_lb_id)
+        new_hm = {'timeout': 2}
+        self.put(
+            self.HM_PATH.format(healthmonitor_id=api_hm.get('id')),
+            self._build_body(new_hm))
+        self.assert_correct_status(
+            lb_id=self.udp_lb_id, listener_id=self.udp_listener_id,
+            pool_id=self.udp_pool_with_listener_id, hm_id=api_hm.get('id'),
+            lb_prov_status=constants.PENDING_UPDATE,
+            listener_prov_status=constants.PENDING_UPDATE,
+            pool_prov_status=constants.PENDING_UPDATE,
+            hm_prov_status=constants.PENDING_UPDATE)
+
     def test_negative_update_udp_case(self):
         api_hm = self.create_health_monitor(
             self.udp_pool_with_listener_id,