Support manage_firewall during deprecation period

This is a follow-up on If83db978080b9c4e5d51ba50bbe8ed26e29abe83: allow
folks to use:

  [firewall]
  manage_firewall = False

to disable the (default) iptables driver during the deprecation period of
the [firewall] option group.  This effectively sets the pxe_filter.driver
to noop.

Change-Id: Idcbc457fffeb1c4bd7c1c747e870b53e2e167d55
This commit is contained in:
dparalen 2017-10-19 17:10:27 +02:00
parent 7b27585463
commit acb51f642d
2 changed files with 19 additions and 0 deletions

View File

@ -218,6 +218,11 @@ def _driver_manager():
global _DRIVER_MANAGER
name = CONF.pxe_filter.driver
# FIXME(milan): to be removed after the transition period of deprecating
# the firewall option group
if name == 'iptables' and not CONF.iptables.manage_firewall:
name = 'noop'
if _DRIVER_MANAGER is None:
_DRIVER_MANAGER = stevedore.driver.DriverManager(
_STEVEDORE_DRIVER_NAMESPACE,

View File

@ -64,6 +64,20 @@ class TestDriverManager(test_base.BaseTest):
self.stevedore_driver_mock.assert_not_called()
self.assertIs(pxe_filter._DRIVER_MANAGER, driver_manager)
def test_manage_firewall(self):
# FIXME(milan): to be removed after the transition period of
# deprecating the firewall option group
# NOTE(milan) the default filter driver is iptables
# this should revert it to noop
CONF.set_override('manage_firewall', False, 'iptables')
driver_manager = pxe_filter._driver_manager()
self.stevedore_driver_mock.assert_called_once_with(
pxe_filter._STEVEDORE_DRIVER_NAMESPACE,
name='noop',
invoke_on_load=True)
self.assertIsNotNone(driver_manager)
self.assertIs(pxe_filter._DRIVER_MANAGER, driver_manager)
class TestDriverManagerLoading(test_base.BaseTest):
def setUp(self):