Prevent router_ha_interface port from being removed via API

If someone removes the port with device owner router_ha_interface,
then we can get unexpected router behavior like doubling
arp response packets. This patch prohibits removing such a port.

Closes-Bug: #2008270
Change-Id: Ief031801c1a3e3dd64e6cbf65e27f04f2bef9cba
(cherry picked from commit e68e416)

Author: antonkurbatov

neutron/db/l3_hamode_db.py

@@ -69,6 +69,10 @@ class L3_HA_NAT_db_mixin(l3_dvr_db.L3_NAT_with_dvr_db_mixin,
                          router_az_db.RouterAvailabilityZoneMixin):
     """Mixin class to add high availability capability to routers."""
 
+    router_device_owners = (
+        l3_dvr_db.L3_NAT_with_dvr_db_mixin.router_device_owners +
+        (constants.DEVICE_OWNER_ROUTER_HA_INTF, ))
+
     def _verify_configuration(self):
         self.ha_cidr = cfg.CONF.l3_ha_net_cidr
         try:

neutron/tests/unit/db/test_l3_hamode_db.py

@@ -667,6 +667,18 @@ def test_update_router_ha_interface_port_ip_not_allow(self):
                           self.admin_ctx, ports[0]['id'],
                           port)
 
+    def test_delete_router_ha_interface_port(self):
+        router = self._create_router()
+        network = self.plugin.get_ha_network(self.admin_ctx,
+                                             router['tenant_id'])
+        binding = self.plugin.add_ha_port(
+            self.admin_ctx, router['id'], network.network_id,
+            router['tenant_id'])
+
+        self.assertRaises(n_exc.ServicePortInUse,
+                          self.core_plugin.delete_port,
+                          self.admin_ctx, binding.port_id)
+
     def test_create_ha_network_tenant_binding_raises_duplicate(self):
         router = self._create_router()
         network = self.plugin.get_ha_network(self.admin_ctx,