Add new protocols in Firewalls

Firewall rules can now also filter DCCP and SCTP protocols. Partial-Bug: #1669956 Change-Id: Ib7334655be3506aa6573954b36059cd7f875b320
2017-04-11 00:08:42 +05:30
parent 044cdbe001
commit d136fd4c62
3 changed files with 16 additions and 12 deletions
--- a/neutron_lib/api/definitions/constants.py
+++ b/neutron_lib/api/definitions/constants.py
@@ -12,6 +12,8 @@
 #    under the License.

 # neutron-fwaas constants
+from neutron_lib import constants
+
 FIREWALL_GROUPS = 'firewall_groups'
 FIREWALL_POLICIES = 'firewall_policies'
 FIREWALL_RULES = 'firewall_rules'
@@ -21,3 +23,7 @@ FWAAS_ALLOW = "allow"
 FWAAS_DENY = "deny"
 FWAAS_REJECT = "reject"
 FW_VALID_ACTION_VALUES = [FWAAS_ALLOW, FWAAS_DENY, FWAAS_REJECT]
+
+# Firewall Protocol List
+
+FW_PROTOCOL_VALUES = list(constants.IPTABLES_PROTOCOL_MAP.keys()) + [None]
--- a/neutron_lib/api/definitions/firewall.py
+++ b/neutron_lib/api/definitions/firewall.py
@@ -12,7 +12,6 @@

 from neutron_lib.api import converters
 from neutron_lib.api.definitions import constants as api_const
-from neutron_lib import constants
 from neutron_lib.db import constants as db_const

 # The alias of the extension.
@@ -65,11 +64,11 @@ RESOURCE_ATTRIBUTE_MAP = {
                   'convert_to': converters.convert_to_boolean,
                   'is_visible': True, 'required_by_policy': True,
                   'enforce_policy': True},
-        'protocol': {'allow_post': True, 'allow_put': True,
-                     'is_visible': True, 'default': None,
-                     'convert_to': converters.convert_to_protocol,
-                     'validate': {'type:values':
-                                  constants.IPTABLES_PROTOCOL_MAP}},
+        'protocol': {
+            'allow_post': True, 'allow_put': True,
+            'is_visible': True, 'default': None,
+            'convert_to': converters.convert_to_protocol,
+            'validate': {'type:values': api_const.FW_PROTOCOL_VALUES}},
        'ip_version': {'allow_post': True, 'allow_put': True,
                       'default': 4, 'convert_to': converters.convert_to_int,
                       'validate': {'type:values': [4, 6]},
--- a/neutron_lib/api/definitions/firewall_v2.py
+++ b/neutron_lib/api/definitions/firewall_v2.py
@@ -12,7 +12,6 @@

 from neutron_lib.api import converters
 from neutron_lib.api.definitions import constants as api_const
-from neutron_lib import constants
 from neutron_lib.db import constants as db_const

 # The alias of the extension.
@@ -66,11 +65,11 @@ RESOURCE_ATTRIBUTE_MAP = {
                   'default': False, 'is_visible': True,
                   'convert_to': converters.convert_to_boolean,
                   'required_by_policy': True, 'enforce_policy': True},
-        'protocol': {'allow_post': True, 'allow_put': True,
-                     'is_visible': True, 'default': None,
-                     'convert_to': converters.convert_to_protocol,
-                     'validate': {'type:values':
-                                  constants.IPTABLES_PROTOCOL_MAP}},
+        'protocol': {
+            'allow_post': True, 'allow_put': True,
+            'is_visible': True, 'default': None,
+            'convert_to': converters.convert_to_protocol,
+            'validate': {'type:values': api_const.FW_PROTOCOL_VALUES}},
        'ip_version': {'allow_post': True, 'allow_put': True,
                       'default': 4, 'convert_to': converters.convert_to_int,
                       'validate': {'type:values': [4, 6]},