pyupgrade changes for Python3.9+
As discussed at the Epoxy PTG meeting, run an automated upgrade tool to make code python 3.9+ compliant. Result of running: $ pyupgrade --py39-plus $(git ls-files | grep ".py$") Fixed PEP8 errors introduced by pyupgrade by running: $ autopep8 --select=E127,E128,E501 --max-line-length 79 -r \ --in-place neutron_fwaas Also did manual updates as necessary to fix other errors and warnings after above commands. Inspired by Octavia and Nova [0]. [0] https://review.opendev.org/c/openstack/nova/+/896986 Change-Id: I28003aa9e42479ac966a05edd174fc0435e57e3a
This commit is contained in:
elajkat
Lajos Katona
parent
bef88ac0eb
commit
070113c906
@ -43,7 +43,6 @@ disable=
|
|||||||
global-variable-not-assigned,
|
global-variable-not-assigned,
|
||||||
logging-not-lazy,
|
logging-not-lazy,
|
||||||
no-init,
|
no-init,
|
||||||
non-parent-init-called,
|
|
||||||
pointless-string-statement,
|
pointless-string-statement,
|
||||||
protected-access,
|
protected-access,
|
||||||
redefined-builtin,
|
redefined-builtin,
|
||||||
|
|||||||
@ -1,4 +1,3 @@
|
|||||||
# -*- coding: utf-8 -*-
|
|
||||||
# Copyright (c) 2010 OpenStack Foundation.
|
# Copyright (c) 2010 OpenStack Foundation.
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
|||||||
@ -82,8 +82,8 @@ class FirewallRouterAssociation(model_base.BASEV2):
|
|||||||
__tablename__ = 'firewall_router_associations'
|
__tablename__ = 'firewall_router_associations'
|
||||||
|
|
||||||
fw_id = sa.Column(sa.String(36),
|
fw_id = sa.Column(sa.String(36),
|
||||||
sa.ForeignKey('firewalls.id', ondelete="CASCADE"),
|
sa.ForeignKey('firewalls.id', ondelete="CASCADE"),
|
||||||
primary_key=True)
|
primary_key=True)
|
||||||
router_id = sa.Column(sa.String(36),
|
router_id = sa.Column(sa.String(36),
|
||||||
sa.ForeignKey('routers.id', ondelete="CASCADE"),
|
sa.ForeignKey('routers.id', ondelete="CASCADE"),
|
||||||
primary_key=True)
|
primary_key=True)
|
||||||
|
|||||||
@ -59,11 +59,11 @@ class FirewallDefaultObjectUpdateRestricted(FirewallDefaultParameterExists):
|
|||||||
"'%(resource_id)s' of type %(resource_type)s.")
|
"'%(resource_id)s' of type %(resource_type)s.")
|
||||||
|
|
||||||
|
|
||||||
class HasName(object):
|
class HasName:
|
||||||
name = sa.Column(sa.String(db_constants.NAME_FIELD_SIZE))
|
name = sa.Column(sa.String(db_constants.NAME_FIELD_SIZE))
|
||||||
|
|
||||||
|
|
||||||
class HasDescription(object):
|
class HasDescription:
|
||||||
description = sa.Column(
|
description = sa.Column(
|
||||||
sa.String(db_constants.LONG_DESCRIPTION_FIELD_SIZE))
|
sa.String(db_constants.LONG_DESCRIPTION_FIELD_SIZE))
|
||||||
|
|
||||||
@ -188,7 +188,7 @@ def _list_firewall_policies_result_filter_hook(query, filters):
|
|||||||
return query
|
return query
|
||||||
|
|
||||||
|
|
||||||
class FirewallPluginDb(object):
|
class FirewallPluginDb:
|
||||||
|
|
||||||
def __new__(cls, *args, **kwargs):
|
def __new__(cls, *args, **kwargs):
|
||||||
model_query.register_hook(
|
model_query.register_hook(
|
||||||
@ -204,7 +204,7 @@ class FirewallPluginDb(object):
|
|||||||
query_hook=None,
|
query_hook=None,
|
||||||
filter_hook=None,
|
filter_hook=None,
|
||||||
result_filters=_list_firewall_policies_result_filter_hook)
|
result_filters=_list_firewall_policies_result_filter_hook)
|
||||||
return super(FirewallPluginDb, cls).__new__(cls, *args, **kwargs)
|
return super().__new__(cls, *args, **kwargs)
|
||||||
|
|
||||||
def _get_firewall_group(self, context, id):
|
def _get_firewall_group(self, context, id):
|
||||||
try:
|
try:
|
||||||
@ -254,7 +254,7 @@ class FirewallPluginDb(object):
|
|||||||
|
|
||||||
def _validate_fwr_port_range(self, min_port, max_port):
|
def _validate_fwr_port_range(self, min_port, max_port):
|
||||||
if int(min_port) > int(max_port):
|
if int(min_port) > int(max_port):
|
||||||
port_range = '%s:%s' % (min_port, max_port)
|
port_range = '{}:{}'.format(min_port, max_port)
|
||||||
raise f_exc.FirewallRuleInvalidPortValue(port=port_range)
|
raise f_exc.FirewallRuleInvalidPortValue(port=port_range)
|
||||||
|
|
||||||
def _get_min_max_ports_from_range(self, port_range):
|
def _get_min_max_ports_from_range(self, port_range):
|
||||||
@ -272,7 +272,7 @@ class FirewallPluginDb(object):
|
|||||||
if min_port == max_port:
|
if min_port == max_port:
|
||||||
return str(min_port)
|
return str(min_port)
|
||||||
self._validate_fwr_port_range(min_port, max_port)
|
self._validate_fwr_port_range(min_port, max_port)
|
||||||
return '%s:%s' % (min_port, max_port)
|
return '{}:{}'.format(min_port, max_port)
|
||||||
|
|
||||||
def _make_firewall_rule_dict(self, firewall_rule, fields=None,
|
def _make_firewall_rule_dict(self, firewall_rule, fields=None,
|
||||||
policies=None):
|
policies=None):
|
||||||
@ -656,7 +656,7 @@ class FirewallPluginDb(object):
|
|||||||
rule_id_list, filters):
|
rule_id_list, filters):
|
||||||
rules_in_fwr_db = model_query.get_collection_query(
|
rules_in_fwr_db = model_query.get_collection_query(
|
||||||
context, FirewallRuleV2, filters=filters)
|
context, FirewallRuleV2, filters=filters)
|
||||||
rules_dict = dict((fwr_db['id'], fwr_db) for fwr_db in rules_in_fwr_db)
|
rules_dict = {fwr_db['id']: fwr_db for fwr_db in rules_in_fwr_db}
|
||||||
for fwrule_id in rule_id_list:
|
for fwrule_id in rule_id_list:
|
||||||
if fwrule_id not in rules_dict:
|
if fwrule_id not in rules_dict:
|
||||||
# Bail as soon as we find an invalid rule.
|
# Bail as soon as we find an invalid rule.
|
||||||
@ -710,7 +710,7 @@ class FirewallPluginDb(object):
|
|||||||
with db_api.CONTEXT_READER.using(context):
|
with db_api.CONTEXT_READER.using(context):
|
||||||
fwg_with_fwp_id_db = context.session.query(FirewallGroup).filter(
|
fwg_with_fwp_id_db = context.session.query(FirewallGroup).filter(
|
||||||
or_(FirewallGroup.ingress_firewall_policy_id == fwp_id,
|
or_(FirewallGroup.ingress_firewall_policy_id == fwp_id,
|
||||||
FirewallGroup.egress_firewall_policy_id == fwp_id))
|
FirewallGroup.egress_firewall_policy_id == fwp_id))
|
||||||
for entry in fwg_with_fwp_id_db:
|
for entry in fwg_with_fwp_id_db:
|
||||||
if entry.tenant_id != fwp_tenant_id:
|
if entry.tenant_id != fwp_tenant_id:
|
||||||
raise f_exc.FirewallPolicyInUse(
|
raise f_exc.FirewallPolicyInUse(
|
||||||
@ -742,7 +742,7 @@ class FirewallPluginDb(object):
|
|||||||
filters = {'firewall_rule_id': [r_id for r_id in rule_id_list]}
|
filters = {'firewall_rule_id': [r_id for r_id in rule_id_list]}
|
||||||
# Run a validation on the Firewall Rules table
|
# Run a validation on the Firewall Rules table
|
||||||
self._check_rules_for_policy_is_valid(context, fwp, fwp_db,
|
self._check_rules_for_policy_is_valid(context, fwp, fwp_db,
|
||||||
rule_id_list, filters)
|
rule_id_list, filters)
|
||||||
# new rules are valid, lets delete the old association
|
# new rules are valid, lets delete the old association
|
||||||
self._delete_all_rules_from_policy(context, fwp_db)
|
self._delete_all_rules_from_policy(context, fwp_db)
|
||||||
# and add in the new association
|
# and add in the new association
|
||||||
@ -754,8 +754,8 @@ class FirewallPluginDb(object):
|
|||||||
context,
|
context,
|
||||||
FirewallPolicyRuleAssociation,
|
FirewallPolicyRuleAssociation,
|
||||||
filters=filters)
|
filters=filters)
|
||||||
rules_dict = dict((fpol_rul_db['firewall_rule_id'], fpol_rul_db)
|
rules_dict = {fpol_rul_db['firewall_rule_id']: fpol_rul_db
|
||||||
for fpol_rul_db in rules_in_fpol_rul_db)
|
for fpol_rul_db in rules_in_fpol_rul_db}
|
||||||
fwp_db.rule_associations = []
|
fwp_db.rule_associations = []
|
||||||
for fwrule_id in rule_id_list:
|
for fwrule_id in rule_id_list:
|
||||||
fwp_db.rule_associations.append(rules_dict[fwrule_id])
|
fwp_db.rule_associations.append(rules_dict[fwrule_id])
|
||||||
@ -800,7 +800,7 @@ class FirewallPluginDb(object):
|
|||||||
with db_api.CONTEXT_WRITER.using(context):
|
with db_api.CONTEXT_WRITER.using(context):
|
||||||
fwp_db = self._get_firewall_policy(context, id)
|
fwp_db = self._get_firewall_policy(context, id)
|
||||||
self._ensure_not_default_resource(fwp_db, 'firewall_policy',
|
self._ensure_not_default_resource(fwp_db, 'firewall_policy',
|
||||||
action="update")
|
action="update")
|
||||||
if not fwp.get('shared', True):
|
if not fwp.get('shared', True):
|
||||||
# an update is setting shared to False, make sure associated
|
# an update is setting shared to False, make sure associated
|
||||||
# firewall groups are in the same project.
|
# firewall groups are in the same project.
|
||||||
|
|||||||
@ -41,14 +41,15 @@ SQL_STATEMENT = (
|
|||||||
|
|
||||||
def upgrade():
|
def upgrade():
|
||||||
op.create_table('firewall_router_associations',
|
op.create_table('firewall_router_associations',
|
||||||
sa.Column('fw_id', sa.String(length=36), nullable=False),
|
sa.Column('fw_id', sa.String(length=36), nullable=False),
|
||||||
sa.Column('router_id', sa.String(length=36), nullable=False),
|
sa.Column('router_id', sa.String(
|
||||||
sa.ForeignKeyConstraint(['fw_id'], ['firewalls.id'],
|
length=36), nullable=False),
|
||||||
ondelete='CASCADE'),
|
sa.ForeignKeyConstraint(['fw_id'], ['firewalls.id'],
|
||||||
sa.ForeignKeyConstraint(['router_id'], ['routers.id'],
|
ondelete='CASCADE'),
|
||||||
ondelete='CASCADE'),
|
sa.ForeignKeyConstraint(['router_id'], ['routers.id'],
|
||||||
sa.PrimaryKeyConstraint('fw_id', 'router_id'),
|
ondelete='CASCADE'),
|
||||||
)
|
sa.PrimaryKeyConstraint('fw_id', 'router_id'),
|
||||||
|
)
|
||||||
|
|
||||||
# Depending on when neutron-fwaas is installed with neutron, this script
|
# Depending on when neutron-fwaas is installed with neutron, this script
|
||||||
# may be run before or after the neutron core tables have had their
|
# may be run before or after the neutron core tables have had their
|
||||||
|
|||||||
@ -32,14 +32,16 @@ down_revision = '540142f314f4'
|
|||||||
def upgrade(active_plugins=None, options=None):
|
def upgrade(active_plugins=None, options=None):
|
||||||
|
|
||||||
op.create_table('cisco_firewall_associations',
|
op.create_table('cisco_firewall_associations',
|
||||||
sa.Column('fw_id', sa.String(length=36), nullable=False),
|
sa.Column('fw_id', sa.String(length=36), nullable=False),
|
||||||
sa.Column('port_id', sa.String(length=36), nullable=True),
|
sa.Column('port_id', sa.String(length=36), nullable=True),
|
||||||
sa.Column('direction', sa.String(length=16), nullable=True),
|
sa.Column('direction', sa.String(
|
||||||
sa.Column('acl_id', sa.String(length=36), nullable=True),
|
length=16), nullable=True),
|
||||||
sa.Column('router_id', sa.String(length=36), nullable=True),
|
sa.Column('acl_id', sa.String(length=36), nullable=True),
|
||||||
sa.ForeignKeyConstraint(['fw_id'], ['firewalls.id'],
|
sa.Column('router_id', sa.String(
|
||||||
ondelete='CASCADE'),
|
length=36), nullable=True),
|
||||||
sa.ForeignKeyConstraint(['port_id'], ['ports.id'],
|
sa.ForeignKeyConstraint(['fw_id'], ['firewalls.id'],
|
||||||
ondelete='CASCADE'),
|
ondelete='CASCADE'),
|
||||||
sa.PrimaryKeyConstraint('fw_id')
|
sa.ForeignKeyConstraint(['port_id'], ['ports.id'],
|
||||||
)
|
ondelete='CASCADE'),
|
||||||
|
sa.PrimaryKeyConstraint('fw_id')
|
||||||
|
)
|
||||||
|
|||||||
@ -171,7 +171,7 @@ def decode(nfa):
|
|||||||
'msg': encodeutils.safe_decode(msg)}
|
'msg': encodeutils.safe_decode(msg)}
|
||||||
|
|
||||||
|
|
||||||
class NFLogWrapper(object):
|
class NFLogWrapper:
|
||||||
"""A wrapper for libnetfilter_log api"""
|
"""A wrapper for libnetfilter_log api"""
|
||||||
|
|
||||||
_instance = None
|
_instance = None
|
||||||
@ -304,7 +304,7 @@ def run_nflog(namespace=None, group=0):
|
|||||||
return pid
|
return pid
|
||||||
|
|
||||||
|
|
||||||
class NFLogApp(object):
|
class NFLogApp:
|
||||||
"""Log application for handling nflog packets"""
|
"""Log application for handling nflog packets"""
|
||||||
|
|
||||||
callback = None
|
callback = None
|
||||||
|
|||||||
@ -123,7 +123,7 @@ class ConntrackOpenFailedExit(SystemExit):
|
|||||||
"""Raised if we fail to open a new conntrack or conntrack handler"""
|
"""Raised if we fail to open a new conntrack or conntrack handler"""
|
||||||
|
|
||||||
|
|
||||||
class ConntrackManager(object):
|
class ConntrackManager:
|
||||||
def __init__(self, family_socket=None):
|
def __init__(self, family_socket=None):
|
||||||
self.family_socket = family_socket
|
self.family_socket = family_socket
|
||||||
self.set_functions = {
|
self.set_functions = {
|
||||||
@ -147,14 +147,14 @@ class ConntrackManager(object):
|
|||||||
6: nfct.nfct_set_attr_u16}, }
|
6: nfct.nfct_set_attr_u16}, }
|
||||||
|
|
||||||
self.converters = {'src': bytes,
|
self.converters = {'src': bytes,
|
||||||
'dst': bytes,
|
'dst': bytes,
|
||||||
'ipversion': nl_constants.IPVERSION_SOCKET.get,
|
'ipversion': nl_constants.IPVERSION_SOCKET.get,
|
||||||
'protocol': constants.IP_PROTOCOL_MAP.get,
|
'protocol': constants.IP_PROTOCOL_MAP.get,
|
||||||
'code': int,
|
'code': int,
|
||||||
'type': int,
|
'type': int,
|
||||||
'id': libc.htons,
|
'id': libc.htons,
|
||||||
'sport': libc.htons,
|
'sport': libc.htons,
|
||||||
'dport': libc.htons, }
|
'dport': libc.htons, }
|
||||||
|
|
||||||
def list_entries(self):
|
def list_entries(self):
|
||||||
entries = []
|
entries = []
|
||||||
|
|||||||
@ -48,7 +48,7 @@ class FirewallPluginV2(Firewallv2PluginBase):
|
|||||||
path_prefix = firewall_v2.API_PREFIX
|
path_prefix = firewall_v2.API_PREFIX
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
super(FirewallPluginV2, self).__init__()
|
super().__init__()
|
||||||
"""Do the initialization for the firewall service plugin here."""
|
"""Do the initialization for the firewall service plugin here."""
|
||||||
# Initialize the Firewall v2 service plugin
|
# Initialize the Firewall v2 service plugin
|
||||||
service_type_manager = st_db.ServiceTypeManager.get_instance()
|
service_type_manager = st_db.ServiceTypeManager.get_instance()
|
||||||
|
|||||||
@ -31,7 +31,7 @@ from neutron_fwaas.services.firewall.service_drivers import driver_api
|
|||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
class FirewallAgentCallbacks(object):
|
class FirewallAgentCallbacks:
|
||||||
target = oslo_messaging.Target(version='1.0')
|
target = oslo_messaging.Target(version='1.0')
|
||||||
|
|
||||||
def __init__(self, firewall_db):
|
def __init__(self, firewall_db):
|
||||||
@ -106,7 +106,7 @@ class FirewallAgentCallbacks(object):
|
|||||||
"""Get all projects that have firewall_groups."""
|
"""Get all projects that have firewall_groups."""
|
||||||
ctx = neutron_context.get_admin_context()
|
ctx = neutron_context.get_admin_context()
|
||||||
fwg_list = self.firewall_db.get_firewall_groups(ctx)
|
fwg_list = self.firewall_db.get_firewall_groups(ctx)
|
||||||
fwg_project_list = list(set(fwg['tenant_id'] for fwg in fwg_list))
|
fwg_project_list = list({fwg['tenant_id'] for fwg in fwg_list})
|
||||||
return fwg_project_list
|
return fwg_project_list
|
||||||
|
|
||||||
@log_helpers.log_method_call
|
@log_helpers.log_method_call
|
||||||
@ -136,7 +136,7 @@ class FirewallAgentCallbacks(object):
|
|||||||
return fwg
|
return fwg
|
||||||
|
|
||||||
|
|
||||||
class FirewallAgentApi(object):
|
class FirewallAgentApi:
|
||||||
"""Plugin side of plugin to agent RPC API"""
|
"""Plugin side of plugin to agent RPC API"""
|
||||||
|
|
||||||
def __init__(self, topic, host):
|
def __init__(self, topic, host):
|
||||||
@ -169,7 +169,7 @@ class FirewallAgentDriver(driver_api.FirewallDriverDB,
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self, service_plugin):
|
def __init__(self, service_plugin):
|
||||||
super(FirewallAgentDriver, self).__init__(service_plugin)
|
super().__init__(service_plugin)
|
||||||
self.agent_rpc = FirewallAgentApi(constants.FW_AGENT, cfg.CONF.host)
|
self.agent_rpc = FirewallAgentApi(constants.FW_AGENT, cfg.CONF.host)
|
||||||
|
|
||||||
def is_supported_l2_port(self, port):
|
def is_supported_l2_port(self, port):
|
||||||
@ -250,7 +250,7 @@ class FirewallAgentDriver(driver_api.FirewallDriverDB,
|
|||||||
ports = firewall_group['ports']
|
ports = firewall_group['ports']
|
||||||
|
|
||||||
if (not ports or (not firewall_group['ingress_firewall_policy_id'] and
|
if (not ports or (not firewall_group['ingress_firewall_policy_id'] and
|
||||||
not firewall_group['egress_firewall_policy_id'])):
|
not firewall_group['egress_firewall_policy_id'])):
|
||||||
# no messaging to agent needed and fw needs to go to INACTIVE state
|
# no messaging to agent needed and fw needs to go to INACTIVE state
|
||||||
# as no associated ports and/or no policy configured.
|
# as no associated ports and/or no policy configured.
|
||||||
status = nl_constants.INACTIVE
|
status = nl_constants.INACTIVE
|
||||||
@ -317,9 +317,9 @@ class FirewallAgentDriver(driver_api.FirewallDriverDB,
|
|||||||
not new_firewall_group['ports'])
|
not new_firewall_group['ports'])
|
||||||
|
|
||||||
LOG.debug("update_firewall_group %s: Add Ports: %s, Del Ports: %s",
|
LOG.debug("update_firewall_group %s: Add Ports: %s, Del Ports: %s",
|
||||||
new_firewall_group['id'],
|
new_firewall_group['id'],
|
||||||
fwg_with_rules['add-port-ids'],
|
fwg_with_rules['add-port-ids'],
|
||||||
fwg_with_rules['del-port-ids'])
|
fwg_with_rules['del-port-ids'])
|
||||||
|
|
||||||
fwg_with_rules['port_details'] = self._get_fwg_port_details(
|
fwg_with_rules['port_details'] = self._get_fwg_port_details(
|
||||||
context, fwg_with_rules['del-port-ids'])
|
context, fwg_with_rules['del-port-ids'])
|
||||||
|
|||||||
@ -37,7 +37,7 @@ def load_and_init_conntrack_driver(*args, **kwargs):
|
|||||||
return conntrack_driver
|
return conntrack_driver
|
||||||
|
|
||||||
|
|
||||||
class ConntrackDriverBase(object, metaclass=abc.ABCMeta):
|
class ConntrackDriverBase(metaclass=abc.ABCMeta):
|
||||||
"""Base Driver for Conntrack"""
|
"""Base Driver for Conntrack"""
|
||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
|
|||||||
@ -16,7 +16,7 @@
|
|||||||
import abc
|
import abc
|
||||||
|
|
||||||
|
|
||||||
class FwaasDriverBase(object, metaclass=abc.ABCMeta):
|
class FwaasDriverBase(metaclass=abc.ABCMeta):
|
||||||
"""Firewall as a Service Driver base class.
|
"""Firewall as a Service Driver base class.
|
||||||
|
|
||||||
Using FwaasDriver Class, an instance of L3 perimeter Firewall
|
Using FwaasDriver Class, an instance of L3 perimeter Firewall
|
||||||
|
|||||||
@ -16,7 +16,7 @@
|
|||||||
import abc
|
import abc
|
||||||
|
|
||||||
|
|
||||||
class FwaasDriverBase(object, metaclass=abc.ABCMeta):
|
class FwaasDriverBase(metaclass=abc.ABCMeta):
|
||||||
"""Firewall as a Service Driver base class.
|
"""Firewall as a Service Driver base class.
|
||||||
|
|
||||||
Using FwaasDriver Class, an instance of L3 perimeter Firewall
|
Using FwaasDriver Class, an instance of L3 perimeter Firewall
|
||||||
|
|||||||
@ -69,7 +69,7 @@ class IptablesFwaasDriver(fwaas_base_v2.FwaasDriverBase):
|
|||||||
self.conntrack = conntrack_base.load_and_init_conntrack_driver()
|
self.conntrack = conntrack_base.load_and_init_conntrack_driver()
|
||||||
|
|
||||||
def _get_intf_name(self, if_prefix, port_id):
|
def _get_intf_name(self, if_prefix, port_id):
|
||||||
_name = "%s%s" % (if_prefix, port_id)
|
_name = "{}{}".format(if_prefix, port_id)
|
||||||
return _name[:MAX_INTF_NAME_LEN]
|
return _name[:MAX_INTF_NAME_LEN]
|
||||||
|
|
||||||
def create_firewall_group(self, agent_mode, apply_list, firewall):
|
def create_firewall_group(self, agent_mode, apply_list, firewall):
|
||||||
@ -140,11 +140,12 @@ class IptablesFwaasDriver(fwaas_base_v2.FwaasDriverBase):
|
|||||||
if firewall['admin_state_up']:
|
if firewall['admin_state_up']:
|
||||||
self._setup_firewall(agent_mode, apply_list, firewall)
|
self._setup_firewall(agent_mode, apply_list, firewall)
|
||||||
if self.pre_firewall:
|
if self.pre_firewall:
|
||||||
self._remove_conntrack_updated_firewall(agent_mode,
|
self._remove_conntrack_updated_firewall(
|
||||||
apply_list, self.pre_firewall, firewall)
|
agent_mode,
|
||||||
|
apply_list, self.pre_firewall, firewall)
|
||||||
else:
|
else:
|
||||||
self._remove_conntrack_new_firewall(agent_mode,
|
self._remove_conntrack_new_firewall(agent_mode,
|
||||||
apply_list, firewall)
|
apply_list, firewall)
|
||||||
else:
|
else:
|
||||||
self.apply_default_policy(agent_mode, apply_list, firewall)
|
self.apply_default_policy(agent_mode, apply_list, firewall)
|
||||||
self.pre_firewall = dict(firewall)
|
self.pre_firewall = dict(firewall)
|
||||||
@ -210,9 +211,9 @@ class IptablesFwaasDriver(fwaas_base_v2.FwaasDriverBase):
|
|||||||
ipt_mgr.defer_apply_off()
|
ipt_mgr.defer_apply_off()
|
||||||
|
|
||||||
def _get_chain_name(self, fwid, ver, direction):
|
def _get_chain_name(self, fwid, ver, direction):
|
||||||
return '%s%s%s' % (CHAIN_NAME_PREFIX[direction],
|
return '{}{}{}'.format(CHAIN_NAME_PREFIX[direction],
|
||||||
IP_VER_TAG[ver],
|
IP_VER_TAG[ver],
|
||||||
fwid)
|
fwid)
|
||||||
|
|
||||||
def _setup_chains(self, firewall, ipt_if_prefix, router_fw_ports):
|
def _setup_chains(self, firewall, ipt_if_prefix, router_fw_ports):
|
||||||
"""Create Fwaas chain using the rules in the policy
|
"""Create Fwaas chain using the rules in the policy
|
||||||
@ -293,7 +294,7 @@ class IptablesFwaasDriver(fwaas_base_v2.FwaasDriverBase):
|
|||||||
fw_rules = firewall[fw_rule_list]
|
fw_rules = firewall[fw_rule_list]
|
||||||
fw_rule_ids = [fw_rule['id'] for fw_rule in fw_rules]
|
fw_rule_ids = [fw_rule['id'] for fw_rule in fw_rules]
|
||||||
removed_rules.extend([pre_fw_rule for pre_fw_rule in pre_fw_rules
|
removed_rules.extend([pre_fw_rule for pre_fw_rule in pre_fw_rules
|
||||||
if pre_fw_rule['id'] not in fw_rule_ids])
|
if pre_fw_rule['id'] not in fw_rule_ids])
|
||||||
return removed_rules
|
return removed_rules
|
||||||
|
|
||||||
def _find_new_rules(self, pre_firewall, firewall):
|
def _find_new_rules(self, pre_firewall, firewall):
|
||||||
@ -301,7 +302,7 @@ class IptablesFwaasDriver(fwaas_base_v2.FwaasDriverBase):
|
|||||||
|
|
||||||
def _remove_conntrack_new_firewall(self, agent_mode, apply_list, firewall):
|
def _remove_conntrack_new_firewall(self, agent_mode, apply_list, firewall):
|
||||||
"""Remove conntrack when create new firewall"""
|
"""Remove conntrack when create new firewall"""
|
||||||
routers_list = list(set([apply_info[0] for apply_info in apply_list]))
|
routers_list = list({apply_info[0] for apply_info in apply_list})
|
||||||
for ri in routers_list:
|
for ri in routers_list:
|
||||||
ipt_if_prefix_list = self._get_ipt_mgrs_with_if_prefix(
|
ipt_if_prefix_list = self._get_ipt_mgrs_with_if_prefix(
|
||||||
agent_mode, ri)
|
agent_mode, ri)
|
||||||
@ -312,7 +313,7 @@ class IptablesFwaasDriver(fwaas_base_v2.FwaasDriverBase):
|
|||||||
def _remove_conntrack_updated_firewall(self, agent_mode,
|
def _remove_conntrack_updated_firewall(self, agent_mode,
|
||||||
apply_list, pre_firewall, firewall):
|
apply_list, pre_firewall, firewall):
|
||||||
"""Remove conntrack when updated firewall"""
|
"""Remove conntrack when updated firewall"""
|
||||||
routers_list = list(set([apply_info[0] for apply_info in apply_list]))
|
routers_list = list({apply_info[0] for apply_info in apply_list})
|
||||||
for ri in routers_list:
|
for ri in routers_list:
|
||||||
ipt_if_prefix_list = self._get_ipt_mgrs_with_if_prefix(
|
ipt_if_prefix_list = self._get_ipt_mgrs_with_if_prefix(
|
||||||
agent_mode, ri)
|
agent_mode, ri)
|
||||||
@ -418,7 +419,7 @@ class IptablesFwaasDriver(fwaas_base_v2.FwaasDriverBase):
|
|||||||
def _get_action_chain(self, name):
|
def _get_action_chain(self, name):
|
||||||
binary_name = iptables_manager.binary_name
|
binary_name = iptables_manager.binary_name
|
||||||
chain_name = iptables_manager.get_chain_name(name)
|
chain_name = iptables_manager.get_chain_name(name)
|
||||||
return '%s-%s' % (binary_name, chain_name)
|
return '{}-{}'.format(binary_name, chain_name)
|
||||||
|
|
||||||
def _enable_policy_chain(self, fwid, ipt_if_prefix, router_fw_ports):
|
def _enable_policy_chain(self, fwid, ipt_if_prefix, router_fw_ports):
|
||||||
bname = iptables_manager.binary_name
|
bname = iptables_manager.binary_name
|
||||||
@ -435,18 +436,18 @@ class IptablesFwaasDriver(fwaas_base_v2.FwaasDriverBase):
|
|||||||
for router_fw_port in router_fw_ports:
|
for router_fw_port in router_fw_ports:
|
||||||
intf_name = self._get_intf_name(if_prefix,
|
intf_name = self._get_intf_name(if_prefix,
|
||||||
router_fw_port)
|
router_fw_port)
|
||||||
jump_rule = ['%s %s -j %s-%s' % (
|
jump_rule = ['{} {} -j {}-{}'.format(
|
||||||
IPTABLES_DIR[direction], intf_name,
|
IPTABLES_DIR[direction], intf_name,
|
||||||
bname, chain_name)]
|
bname, chain_name)]
|
||||||
self._add_rules_to_chain(ipt_mgr, ver,
|
self._add_rules_to_chain(ipt_mgr, ver,
|
||||||
'FORWARD', jump_rule)
|
'FORWARD', jump_rule)
|
||||||
|
|
||||||
# jump to DROP_ALL policy
|
# jump to DROP_ALL policy
|
||||||
chain_name = iptables_manager.get_chain_name(FWAAS_DEFAULT_CHAIN)
|
chain_name = iptables_manager.get_chain_name(FWAAS_DEFAULT_CHAIN)
|
||||||
for router_fw_port in router_fw_ports:
|
for router_fw_port in router_fw_ports:
|
||||||
intf_name = self._get_intf_name(if_prefix,
|
intf_name = self._get_intf_name(if_prefix,
|
||||||
router_fw_port)
|
router_fw_port)
|
||||||
jump_rule = ['-o %s -j %s-%s' % (intf_name, bname, chain_name)]
|
jump_rule = ['-o {} -j {}-{}'.format(intf_name, bname, chain_name)]
|
||||||
self._add_rules_to_chain(ipt_mgr, IPV4, 'FORWARD', jump_rule)
|
self._add_rules_to_chain(ipt_mgr, IPV4, 'FORWARD', jump_rule)
|
||||||
self._add_rules_to_chain(ipt_mgr, IPV6, 'FORWARD', jump_rule)
|
self._add_rules_to_chain(ipt_mgr, IPV6, 'FORWARD', jump_rule)
|
||||||
|
|
||||||
@ -455,7 +456,7 @@ class IptablesFwaasDriver(fwaas_base_v2.FwaasDriverBase):
|
|||||||
for router_fw_port in router_fw_ports:
|
for router_fw_port in router_fw_ports:
|
||||||
intf_name = self._get_intf_name(if_prefix,
|
intf_name = self._get_intf_name(if_prefix,
|
||||||
router_fw_port)
|
router_fw_port)
|
||||||
jump_rule = ['-i %s -j %s-%s' % (intf_name, bname, chain_name)]
|
jump_rule = ['-i {} -j {}-{}'.format(intf_name, bname, chain_name)]
|
||||||
self._add_rules_to_chain(ipt_mgr, IPV4, 'FORWARD', jump_rule)
|
self._add_rules_to_chain(ipt_mgr, IPV4, 'FORWARD', jump_rule)
|
||||||
self._add_rules_to_chain(ipt_mgr, IPV6, 'FORWARD', jump_rule)
|
self._add_rules_to_chain(ipt_mgr, IPV6, 'FORWARD', jump_rule)
|
||||||
|
|
||||||
|
|||||||
@ -16,7 +16,7 @@ import abc
|
|||||||
import contextlib
|
import contextlib
|
||||||
|
|
||||||
|
|
||||||
class FirewallL2DriverBase(object, metaclass=abc.ABCMeta):
|
class FirewallL2DriverBase(metaclass=abc.ABCMeta):
|
||||||
"""Abstract firewall L2 driver base"""
|
"""Abstract firewall L2 driver base"""
|
||||||
|
|
||||||
def __init__(self, integration_bridge, sg_enabled=False):
|
def __init__(self, integration_bridge, sg_enabled=False):
|
||||||
|
|||||||
@ -51,7 +51,7 @@ def _replace_register(flow_params, register_number, register_value):
|
|||||||
try:
|
try:
|
||||||
reg_port = flow_params[register_value]
|
reg_port = flow_params[register_value]
|
||||||
del flow_params[register_value]
|
del flow_params[register_value]
|
||||||
flow_params['reg{:d}'.format(register_number)] = reg_port
|
flow_params[f'reg{register_number:d}'] = reg_port
|
||||||
except KeyError:
|
except KeyError:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@ -64,7 +64,7 @@ def create_reg_numbers(flow_params):
|
|||||||
_replace_register(flow_params, fwaas_ovs_consts.REG_NET, 'reg_net')
|
_replace_register(flow_params, fwaas_ovs_consts.REG_NET, 'reg_net')
|
||||||
|
|
||||||
|
|
||||||
class FirewallGroup(object):
|
class FirewallGroup:
|
||||||
def __init__(self, id_):
|
def __init__(self, id_):
|
||||||
self.id = id_
|
self.id = id_
|
||||||
self.ingress_rules = []
|
self.ingress_rules = []
|
||||||
@ -105,7 +105,7 @@ class FirewallGroup(object):
|
|||||||
|
|
||||||
# NOTE(ivasilevskaya) That's a copy-paste from neutron ovsfw driver that
|
# NOTE(ivasilevskaya) That's a copy-paste from neutron ovsfw driver that
|
||||||
# differs only in firewall groups list field name
|
# differs only in firewall groups list field name
|
||||||
class OFPort(object):
|
class OFPort:
|
||||||
def __init__(self, port_dict, ovs_port, vlan_tag):
|
def __init__(self, port_dict, ovs_port, vlan_tag):
|
||||||
self.id = port_dict['device']
|
self.id = port_dict['device']
|
||||||
self.vlan_tag = vlan_tag
|
self.vlan_tag = vlan_tag
|
||||||
@ -157,7 +157,7 @@ class OFPort(object):
|
|||||||
|
|
||||||
# NOTE(ivasilevskaya) That's a copy-paste from neutron ovsfw driver that
|
# NOTE(ivasilevskaya) That's a copy-paste from neutron ovsfw driver that
|
||||||
# differs in methods name [s/sg/fwg] and update_rules method.
|
# differs in methods name [s/sg/fwg] and update_rules method.
|
||||||
class FWGPortMap(object):
|
class FWGPortMap:
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self.ports = {}
|
self.ports = {}
|
||||||
self.fw_groups = {}
|
self.fw_groups = {}
|
||||||
@ -253,7 +253,7 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase):
|
|||||||
dl_type = kwargs.get('dl_type')
|
dl_type = kwargs.get('dl_type')
|
||||||
create_reg_numbers(kwargs)
|
create_reg_numbers(kwargs)
|
||||||
if isinstance(dl_type, int):
|
if isinstance(dl_type, int):
|
||||||
kwargs['dl_type'] = "0x{:04x}".format(dl_type)
|
kwargs['dl_type'] = f"0x{dl_type:04x}"
|
||||||
if self._deferred:
|
if self._deferred:
|
||||||
self.int_br.add_flow(**kwargs)
|
self.int_br.add_flow(**kwargs)
|
||||||
else:
|
else:
|
||||||
@ -667,7 +667,7 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase):
|
|||||||
nw_proto=lib_const.PROTO_NUM_UDP,
|
nw_proto=lib_const.PROTO_NUM_UDP,
|
||||||
tp_src=src_port,
|
tp_src=src_port,
|
||||||
tp_dst=dst_port,
|
tp_dst=dst_port,
|
||||||
actions='resubmit(,{:d})'.format(accept_or_ingress)
|
actions=f'resubmit(,{accept_or_ingress:d})'
|
||||||
)
|
)
|
||||||
# Ban dhcp service running on an instance
|
# Ban dhcp service running on an instance
|
||||||
for dl_type, src_port, dst_port in (
|
for dl_type, src_port, dst_port in (
|
||||||
@ -724,7 +724,7 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase):
|
|||||||
fwaas_ovs_consts.FW_BASE_INGRESS_TABLE),
|
fwaas_ovs_consts.FW_BASE_INGRESS_TABLE),
|
||||||
)
|
)
|
||||||
for ethertype in [lib_const.ETHERTYPE_IP,
|
for ethertype in [lib_const.ETHERTYPE_IP,
|
||||||
lib_const.ETHERTYPE_IPV6]:
|
lib_const.ETHERTYPE_IPV6]:
|
||||||
self._add_flow(
|
self._add_flow(
|
||||||
table=fwaas_ovs_consts.FW_ACCEPT_OR_INGRESS_TABLE,
|
table=fwaas_ovs_consts.FW_ACCEPT_OR_INGRESS_TABLE,
|
||||||
priority=90,
|
priority=90,
|
||||||
@ -807,7 +807,7 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase):
|
|||||||
dl_type=lib_const.ETHERTYPE_IPV6,
|
dl_type=lib_const.ETHERTYPE_IPV6,
|
||||||
nw_proto=lib_const.PROTO_NUM_IPV6_ICMP,
|
nw_proto=lib_const.PROTO_NUM_IPV6_ICMP,
|
||||||
icmp_type=icmp_type,
|
icmp_type=icmp_type,
|
||||||
actions='output:{:d}'.format(port.ofport)
|
actions=f'output:{port.ofport:d}'
|
||||||
)
|
)
|
||||||
|
|
||||||
# NOTE(ivasilevskaya) That's a copy-paste from neutron ovsfw driver
|
# NOTE(ivasilevskaya) That's a copy-paste from neutron ovsfw driver
|
||||||
@ -819,7 +819,7 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase):
|
|||||||
priority=100,
|
priority=100,
|
||||||
dl_type=lib_const.ETHERTYPE_ARP,
|
dl_type=lib_const.ETHERTYPE_ARP,
|
||||||
reg_port=port.ofport,
|
reg_port=port.ofport,
|
||||||
actions='output:{:d}'.format(port.ofport)
|
actions=f'output:{port.ofport:d}'
|
||||||
)
|
)
|
||||||
self._initialize_ingress_ipv6_icmp(port)
|
self._initialize_ingress_ipv6_icmp(port)
|
||||||
|
|
||||||
@ -835,7 +835,7 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase):
|
|||||||
nw_proto=lib_const.PROTO_NUM_UDP,
|
nw_proto=lib_const.PROTO_NUM_UDP,
|
||||||
tp_src=src_port,
|
tp_src=src_port,
|
||||||
tp_dst=dst_port,
|
tp_dst=dst_port,
|
||||||
actions='output:{:d}'.format(port.ofport)
|
actions=f'output:{port.ofport:d}'
|
||||||
)
|
)
|
||||||
|
|
||||||
# Track untracked
|
# Track untracked
|
||||||
@ -888,7 +888,7 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase):
|
|||||||
ct_state=state,
|
ct_state=state,
|
||||||
ct_mark=fwaas_ovs_consts.CT_MARK_NORMAL,
|
ct_mark=fwaas_ovs_consts.CT_MARK_NORMAL,
|
||||||
ct_zone=port.vlan_tag,
|
ct_zone=port.vlan_tag,
|
||||||
actions='output:{:d}'.format(port.ofport)
|
actions=f'output:{port.ofport:d}'
|
||||||
)
|
)
|
||||||
self._add_flow(
|
self._add_flow(
|
||||||
table=fwaas_ovs_consts.FW_RULES_INGRESS_TABLE,
|
table=fwaas_ovs_consts.FW_RULES_INGRESS_TABLE,
|
||||||
|
|||||||
@ -87,7 +87,7 @@ def populate_flow_common(direction, flow_template, port):
|
|||||||
"""Initialize common flow fields."""
|
"""Initialize common flow fields."""
|
||||||
if direction == n_consts.INGRESS_DIRECTION:
|
if direction == n_consts.INGRESS_DIRECTION:
|
||||||
flow_template['table'] = fwaas_ovs_consts.FW_RULES_INGRESS_TABLE
|
flow_template['table'] = fwaas_ovs_consts.FW_RULES_INGRESS_TABLE
|
||||||
flow_template['actions'] = "output:{:d}".format(port.ofport)
|
flow_template['actions'] = f"output:{port.ofport:d}"
|
||||||
elif direction == n_consts.EGRESS_DIRECTION:
|
elif direction == n_consts.EGRESS_DIRECTION:
|
||||||
flow_template['table'] = fwaas_ovs_consts.FW_RULES_EGRESS_TABLE
|
flow_template['table'] = fwaas_ovs_consts.FW_RULES_EGRESS_TABLE
|
||||||
# Traffic can be both ingress and egress, check that no ingress rules
|
# Traffic can be both ingress and egress, check that no ingress rules
|
||||||
@ -121,10 +121,10 @@ def create_port_range_flows(flow_template, rule):
|
|||||||
if protocol is None:
|
if protocol is None:
|
||||||
return []
|
return []
|
||||||
flows = []
|
flows = []
|
||||||
src_port_match = '{:s}_src'.format(protocol)
|
src_port_match = f'{protocol:s}_src'
|
||||||
src_port_min = rule.get('source_port_range_min')
|
src_port_min = rule.get('source_port_range_min')
|
||||||
src_port_max = rule.get('source_port_range_max')
|
src_port_max = rule.get('source_port_range_max')
|
||||||
dst_port_match = '{:s}_dst'.format(protocol)
|
dst_port_match = f'{protocol:s}_dst'
|
||||||
dst_port_min = rule.get('port_range_min')
|
dst_port_min = rule.get('port_range_min')
|
||||||
dst_port_max = rule.get('port_range_max')
|
dst_port_max = rule.get('port_range_max')
|
||||||
|
|
||||||
|
|||||||
@ -50,12 +50,12 @@ FWaaSOpts = [
|
|||||||
cfg.CONF.register_opts(FWaaSOpts, 'fwaas')
|
cfg.CONF.register_opts(FWaaSOpts, 'fwaas')
|
||||||
|
|
||||||
|
|
||||||
class FWaaSPluginApiMixin(object):
|
class FWaaSPluginApiMixin:
|
||||||
"""Agent side of the FWaaS agent to FWaaS Plugin RPC API."""
|
"""Agent side of the FWaaS agent to FWaaS Plugin RPC API."""
|
||||||
|
|
||||||
def __init__(self, topic, host):
|
def __init__(self, topic, host):
|
||||||
# NOTE(annp): Mixin class should call super
|
# NOTE(annp): Mixin class should call super
|
||||||
super(FWaaSPluginApiMixin, self).__init__()
|
super().__init__()
|
||||||
|
|
||||||
self.host = host
|
self.host = host
|
||||||
target = oslo_messaging.Target(topic=topic, version='1.0')
|
target = oslo_messaging.Target(topic=topic, version='1.0')
|
||||||
@ -74,12 +74,12 @@ class FWaaSPluginApiMixin(object):
|
|||||||
firewall_id=firewall_id)
|
firewall_id=firewall_id)
|
||||||
|
|
||||||
|
|
||||||
class FWaaSAgentRpcCallbackMixin(object):
|
class FWaaSAgentRpcCallbackMixin:
|
||||||
"""Mixin for FWaaS agent Implementations."""
|
"""Mixin for FWaaS agent Implementations."""
|
||||||
|
|
||||||
def __init__(self, host):
|
def __init__(self, host):
|
||||||
|
|
||||||
super(FWaaSAgentRpcCallbackMixin, self).__init__(host)
|
super().__init__(host)
|
||||||
|
|
||||||
def create_firewall(self, context, firewall, host):
|
def create_firewall(self, context, firewall, host):
|
||||||
"""Handle RPC cast from plugin to create a firewall."""
|
"""Handle RPC cast from plugin to create a firewall."""
|
||||||
|
|||||||
@ -25,7 +25,7 @@ LOG = logging.getLogger(__name__)
|
|||||||
FIREWALL_DRIVERS = 'firewall_drivers'
|
FIREWALL_DRIVERS = 'firewall_drivers'
|
||||||
|
|
||||||
|
|
||||||
class FirewallService(object):
|
class FirewallService:
|
||||||
"""Firewall Service observer."""
|
"""Firewall Service observer."""
|
||||||
|
|
||||||
def load_device_drivers(self):
|
def load_device_drivers(self):
|
||||||
|
|||||||
@ -409,7 +409,7 @@ class FWaaSV2AgentExtension(l2_extension.L2AgentExtension):
|
|||||||
self._send_fwg_status(context, fwg['id'], status, self.conf.host)
|
self._send_fwg_status(context, fwg['id'], status, self.conf.host)
|
||||||
|
|
||||||
|
|
||||||
class PortFirewallGroupMap(object):
|
class PortFirewallGroupMap:
|
||||||
"""Store relations between Port and Firewall Group and trusted port
|
"""Store relations between Port and Firewall Group and trusted port
|
||||||
|
|
||||||
This map is used in deleting firewall_group because the firewall_group has
|
This map is used in deleting firewall_group because the firewall_group has
|
||||||
|
|||||||
@ -37,14 +37,14 @@ LOG = logging.getLogger(__name__)
|
|||||||
class FWaaSL3PluginApi(api.FWaaSPluginApiMixin):
|
class FWaaSL3PluginApi(api.FWaaSPluginApiMixin):
|
||||||
"""Agent side of the FWaaS agent-to-plugin RPC API."""
|
"""Agent side of the FWaaS agent-to-plugin RPC API."""
|
||||||
def __init__(self, topic, host):
|
def __init__(self, topic, host):
|
||||||
super(FWaaSL3PluginApi, self).__init__(topic, host)
|
super().__init__(topic, host)
|
||||||
|
|
||||||
def get_firewall_groups_for_project(self, context, **kwargs):
|
def get_firewall_groups_for_project(self, context, **kwargs):
|
||||||
"""Fetches a project's firewall groups from the plugin."""
|
"""Fetches a project's firewall groups from the plugin."""
|
||||||
LOG.debug("Fetch firewall groups from plugin")
|
LOG.debug("Fetch firewall groups from plugin")
|
||||||
cctxt = self.client.prepare()
|
cctxt = self.client.prepare()
|
||||||
return cctxt.call(context, 'get_firewall_groups_for_project',
|
return cctxt.call(context, 'get_firewall_groups_for_project',
|
||||||
host=self.host)
|
host=self.host)
|
||||||
|
|
||||||
def get_projects_with_firewall_groups(self, context, **kwargs):
|
def get_projects_with_firewall_groups(self, context, **kwargs):
|
||||||
"""Fetches from the plugin all projects that have firewall groups
|
"""Fetches from the plugin all projects that have firewall groups
|
||||||
@ -61,14 +61,14 @@ class FWaaSL3PluginApi(api.FWaaSPluginApiMixin):
|
|||||||
LOG.debug("Notify plugin that firewall group has been deleted")
|
LOG.debug("Notify plugin that firewall group has been deleted")
|
||||||
cctxt = self.client.prepare()
|
cctxt = self.client.prepare()
|
||||||
return cctxt.call(context, 'firewall_group_deleted', fwg_id=fwg_id,
|
return cctxt.call(context, 'firewall_group_deleted', fwg_id=fwg_id,
|
||||||
host=self.host)
|
host=self.host)
|
||||||
|
|
||||||
def set_firewall_group_status(self, context, fwg_id, status, **kwargs):
|
def set_firewall_group_status(self, context, fwg_id, status, **kwargs):
|
||||||
"""Sets firewall group's status on the plugin."""
|
"""Sets firewall group's status on the plugin."""
|
||||||
LOG.debug("Set firewall groups from plugin")
|
LOG.debug("Set firewall groups from plugin")
|
||||||
cctxt = self.client.prepare()
|
cctxt = self.client.prepare()
|
||||||
return cctxt.call(context, 'set_firewall_group_status',
|
return cctxt.call(context, 'set_firewall_group_status',
|
||||||
fwg_id=fwg_id, status=status, host=self.host)
|
fwg_id=fwg_id, status=status, host=self.host)
|
||||||
|
|
||||||
|
|
||||||
class FWaaSL3AgentExtension(l3_extension.L3AgentExtension):
|
class FWaaSL3AgentExtension(l3_extension.L3AgentExtension):
|
||||||
@ -125,7 +125,7 @@ class FWaaSL3AgentExtension(l3_extension.L3AgentExtension):
|
|||||||
self.services_sync_needed = False
|
self.services_sync_needed = False
|
||||||
self.fwplugin_rpc = FWaaSL3PluginApi(fwaas_constants.FIREWALL_PLUGIN,
|
self.fwplugin_rpc = FWaaSL3PluginApi(fwaas_constants.FIREWALL_PLUGIN,
|
||||||
host)
|
host)
|
||||||
super(FWaaSL3AgentExtension, self).__init__()
|
super().__init__()
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def _local_namespaces(self):
|
def _local_namespaces(self):
|
||||||
@ -141,7 +141,7 @@ class FWaaSL3AgentExtension(l3_extension.L3AgentExtension):
|
|||||||
return 'add-port-ids' in firewall_group
|
return 'add-port-ids' in firewall_group
|
||||||
|
|
||||||
def _get_firewall_group_ports(self, context, firewall_group,
|
def _get_firewall_group_ports(self, context, firewall_group,
|
||||||
to_delete=False, require_new_plugin=False):
|
to_delete=False, require_new_plugin=False):
|
||||||
"""Returns in-namespace ports, either from firewall group dict if ports
|
"""Returns in-namespace ports, either from firewall group dict if ports
|
||||||
update or from project routers otherwise if only policies update.
|
update or from project routers otherwise if only policies update.
|
||||||
|
|
||||||
@ -160,7 +160,7 @@ class FWaaSL3AgentExtension(l3_extension.L3AgentExtension):
|
|||||||
for router in routers:
|
for router in routers:
|
||||||
if router.router['tenant_id'] == firewall_group['tenant_id']:
|
if router.router['tenant_id'] == firewall_group['tenant_id']:
|
||||||
fwg_port_ids.extend([p['id'] for p in
|
fwg_port_ids.extend([p['id'] for p in
|
||||||
router.internal_ports])
|
router.internal_ports])
|
||||||
|
|
||||||
# Return in-namespace port objects.
|
# Return in-namespace port objects.
|
||||||
return self._get_in_ns_ports(fwg_port_ids)
|
return self._get_in_ns_ports(fwg_port_ids)
|
||||||
@ -260,9 +260,9 @@ class FWaaSL3AgentExtension(l3_extension.L3AgentExtension):
|
|||||||
return
|
return
|
||||||
|
|
||||||
# Apply a firewall group, as requested, to ports on the new router.
|
# Apply a firewall group, as requested, to ports on the new router.
|
||||||
all_router_ports = set(
|
all_router_ports = {
|
||||||
p['id'] for p in updated_router[nl_constants.INTERFACE_KEY]
|
p['id'] for p in updated_router[nl_constants.INTERFACE_KEY]
|
||||||
)
|
}
|
||||||
processed_ports = set()
|
processed_ports = set()
|
||||||
for firewall_group in fwg_list:
|
for firewall_group in fwg_list:
|
||||||
if not self._has_port_insertion_fields(firewall_group):
|
if not self._has_port_insertion_fields(firewall_group):
|
||||||
@ -368,8 +368,8 @@ class FWaaSL3AgentExtension(l3_extension.L3AgentExtension):
|
|||||||
return
|
return
|
||||||
|
|
||||||
LOG.debug("Create firewall group %(fwg_id)s on ports: %(ports)s",
|
LOG.debug("Create firewall group %(fwg_id)s on ports: %(ports)s",
|
||||||
{'fwg_id': firewall_group['id'],
|
{'fwg_id': firewall_group['id'],
|
||||||
'ports': ', '.join([p for ri_ports in ports_for_fwg
|
'ports': ', '.join([p for ri_ports in ports_for_fwg
|
||||||
for p in ri_ports[1]])})
|
for p in ri_ports[1]])})
|
||||||
|
|
||||||
# Set firewall group status; will be overwritten if call to driver
|
# Set firewall group status; will be overwritten if call to driver
|
||||||
@ -392,8 +392,8 @@ class FWaaSL3AgentExtension(l3_extension.L3AgentExtension):
|
|||||||
|
|
||||||
# Send firewall group's status to plugin.
|
# Send firewall group's status to plugin.
|
||||||
try:
|
try:
|
||||||
self.fwplugin_rpc.set_firewall_group_status(context,
|
self.fwplugin_rpc.set_firewall_group_status(
|
||||||
firewall_group['id'], status)
|
context, firewall_group['id'], status)
|
||||||
except Exception:
|
except Exception:
|
||||||
msg = ("FWaaS RPC failure in create_firewall_group "
|
msg = ("FWaaS RPC failure in create_firewall_group "
|
||||||
"for firewall group: %(fwg_id)s")
|
"for firewall group: %(fwg_id)s")
|
||||||
@ -485,8 +485,8 @@ class FWaaSL3AgentExtension(l3_extension.L3AgentExtension):
|
|||||||
|
|
||||||
# Return status to plugin.
|
# Return status to plugin.
|
||||||
try:
|
try:
|
||||||
self.fwplugin_rpc.set_firewall_group_status(context,
|
self.fwplugin_rpc.set_firewall_group_status(
|
||||||
firewall_group['id'], status)
|
context, firewall_group['id'], status)
|
||||||
except Exception:
|
except Exception:
|
||||||
LOG.exception("FWaaS RPC failure in update_firewall_group "
|
LOG.exception("FWaaS RPC failure in update_firewall_group "
|
||||||
"for firewall group: %s", firewall_group['id'])
|
"for firewall group: %s", firewall_group['id'])
|
||||||
@ -528,11 +528,11 @@ class FWaaSL3AgentExtension(l3_extension.L3AgentExtension):
|
|||||||
# plugin, as appropriate.
|
# plugin, as appropriate.
|
||||||
try:
|
try:
|
||||||
if status in [nl_constants.ACTIVE, nl_constants.DOWN]:
|
if status in [nl_constants.ACTIVE, nl_constants.DOWN]:
|
||||||
self.fwplugin_rpc.firewall_group_deleted(context,
|
self.fwplugin_rpc.firewall_group_deleted(
|
||||||
firewall_group['id'])
|
context, firewall_group['id'])
|
||||||
else:
|
else:
|
||||||
self.fwplugin_rpc.set_firewall_group_status(context,
|
self.fwplugin_rpc.set_firewall_group_status(
|
||||||
firewall_group['id'], status)
|
context, firewall_group['id'], status)
|
||||||
except Exception:
|
except Exception:
|
||||||
LOG.exception("FWaaS RPC failure in delete_firewall_group "
|
LOG.exception("FWaaS RPC failure in delete_firewall_group "
|
||||||
"for firewall group: %s", firewall_group['id'])
|
"for firewall group: %s", firewall_group['id'])
|
||||||
@ -549,4 +549,4 @@ class L3WithFWaaS(FWaaSL3AgentExtension):
|
|||||||
self.conf = conf
|
self.conf = conf
|
||||||
else:
|
else:
|
||||||
self.conf = cfg.CONF
|
self.conf = cfg.CONF
|
||||||
super(L3WithFWaaS, self).__init__(host=self.conf.host, conf=self.conf)
|
super().__init__(host=self.conf.host, conf=self.conf)
|
||||||
|
|||||||
@ -31,7 +31,7 @@ from neutron_fwaas.db.firewall.v2 import firewall_db_v2
|
|||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
class FirewallDriver(object, metaclass=abc.ABCMeta):
|
class FirewallDriver(metaclass=abc.ABCMeta):
|
||||||
"""Firewall v2 interface for driver
|
"""Firewall v2 interface for driver
|
||||||
|
|
||||||
That driver interface does not persist Firewall v2 data in any database.
|
That driver interface does not persist Firewall v2 data in any database.
|
||||||
@ -131,7 +131,7 @@ class FirewallDriverDBMixin(FirewallDriver, metaclass=abc.ABCMeta):
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self, *args, **kwargs):
|
def __init__(self, *args, **kwargs):
|
||||||
super(FirewallDriverDBMixin, self).__init__(*args, **kwargs)
|
super().__init__(*args, **kwargs)
|
||||||
self.firewall_db = firewall_db_v2.FirewallPluginDb()
|
self.firewall_db = firewall_db_v2.FirewallPluginDb()
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
@ -517,7 +517,7 @@ class FirewallDriverDB(FirewallDriverDBMixin):
|
|||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
class FirewallDriverRPCMixin(object, metaclass=abc.ABCMeta):
|
class FirewallDriverRPCMixin(metaclass=abc.ABCMeta):
|
||||||
"""FirewallAgent interface for driver with rpc callback listener.
|
"""FirewallAgent interface for driver with rpc callback listener.
|
||||||
|
|
||||||
Each firewall backend driver that needs a rpc callback listener should
|
Each firewall backend driver that needs a rpc callback listener should
|
||||||
|
|||||||
@ -27,7 +27,7 @@ def acl_direction(direction, port_group=None):
|
|||||||
portdir = 'inport'
|
portdir = 'inport'
|
||||||
else:
|
else:
|
||||||
portdir = 'outport'
|
portdir = 'outport'
|
||||||
return '%s == @%s' % (portdir, port_group)
|
return '{} == @{}'.format(portdir, port_group)
|
||||||
|
|
||||||
|
|
||||||
def acl_ethertype(rule):
|
def acl_ethertype(rule):
|
||||||
@ -48,8 +48,8 @@ def acl_ethertype(rule):
|
|||||||
def acl_ip(rule, ip_version):
|
def acl_ip(rule, ip_version):
|
||||||
src_ip = rule.get('source_ip_address')
|
src_ip = rule.get('source_ip_address')
|
||||||
dst_ip = rule.get('destination_ip_address')
|
dst_ip = rule.get('destination_ip_address')
|
||||||
src = ' && %s.src == %s' % (ip_version, src_ip) if src_ip else ''
|
src = ' && {}.src == {}'.format(ip_version, src_ip) if src_ip else ''
|
||||||
dst = ' && %s.dst == %s' % (ip_version, dst_ip) if dst_ip else ''
|
dst = ' && {}.dst == {}'.format(ip_version, dst_ip) if dst_ip else ''
|
||||||
return src + dst
|
return src + dst
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -36,7 +36,7 @@ class OVNFwaasDriver(driver_api.FirewallDriverDB):
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self, service_plugin):
|
def __init__(self, service_plugin):
|
||||||
super(OVNFwaasDriver, self).__init__(service_plugin)
|
super().__init__(service_plugin)
|
||||||
self._mech = None
|
self._mech = None
|
||||||
|
|
||||||
def is_supported_l2_port(self, port):
|
def is_supported_l2_port(self, port):
|
||||||
|
|||||||
@ -64,7 +64,7 @@ def setup_logging():
|
|||||||
LOG.logger.addHandler(syslog_handler)
|
LOG.logger.addHandler(syslog_handler)
|
||||||
|
|
||||||
|
|
||||||
class LogPrefix(object):
|
class LogPrefix:
|
||||||
"""LogPrefix could be used as prefix in NFLOG rules
|
"""LogPrefix could be used as prefix in NFLOG rules
|
||||||
Each of a couple (port_id, event) has its own LogPrefix object
|
Each of a couple (port_id, event) has its own LogPrefix object
|
||||||
"""
|
"""
|
||||||
@ -99,7 +99,7 @@ class LogPrefix(object):
|
|||||||
return not self.log_object_refs
|
return not self.log_object_refs
|
||||||
|
|
||||||
|
|
||||||
class FWGPortLog(object):
|
class FWGPortLog:
|
||||||
"""A firewall group port log per log_object"""
|
"""A firewall group port log per log_object"""
|
||||||
|
|
||||||
def __init__(self, port_id, log_info):
|
def __init__(self, port_id, log_info):
|
||||||
@ -234,7 +234,7 @@ class IptablesLoggingDriver(log_ext.LoggingDriver):
|
|||||||
# Start libnetfilter_log after router starting up
|
# Start libnetfilter_log after router starting up
|
||||||
pid = libnflog.run_nflog(router_info.ns_name)
|
pid = libnflog.run_nflog(router_info.ns_name)
|
||||||
LOG.debug("NFLOG process ID %s for router %s has started",
|
LOG.debug("NFLOG process ID %s for router %s has started",
|
||||||
pid, router_info.router_id)
|
pid, router_info.router_id)
|
||||||
self.nflog_proc_map[router_id] = pid
|
self.nflog_proc_map[router_id] = pid
|
||||||
else:
|
else:
|
||||||
# Handle the log request
|
# Handle the log request
|
||||||
@ -502,7 +502,7 @@ class IptablesLoggingDriver(log_ext.LoggingDriver):
|
|||||||
def _generate_iptables_args(self, direction, device, prefix=None):
|
def _generate_iptables_args(self, direction, device, prefix=None):
|
||||||
|
|
||||||
direction_config = ['-%s %s' %
|
direction_config = ['-%s %s' %
|
||||||
(IPTABLES_DIRECTION_DEVICE[direction], device)]
|
(IPTABLES_DIRECTION_DEVICE[direction], device)]
|
||||||
match_rule = []
|
match_rule = []
|
||||||
if self.rate_limit:
|
if self.rate_limit:
|
||||||
match_rule += [
|
match_rule += [
|
||||||
|
|||||||
@ -23,7 +23,7 @@ FIREWALL_LOG_DRIVER_NAME = 'fwaas_v2_log'
|
|||||||
|
|
||||||
|
|
||||||
class FWaaSL3LoggingExtension(base.L3LoggingExtensionBase,
|
class FWaaSL3LoggingExtension(base.L3LoggingExtensionBase,
|
||||||
l3_extension.L3AgentExtension):
|
l3_extension.L3AgentExtension):
|
||||||
|
|
||||||
def initialize(self, connection, driver_type):
|
def initialize(self, connection, driver_type):
|
||||||
"""Initialize L3 logging agent extension"""
|
"""Initialize L3 logging agent extension"""
|
||||||
|
|||||||
@ -34,7 +34,7 @@ class BaseFullStackTestCase(testlib_api.MySQLTestCaseMixin,
|
|||||||
BUILD_WITH_MIGRATIONS = True
|
BUILD_WITH_MIGRATIONS = True
|
||||||
|
|
||||||
def setUp(self, environment):
|
def setUp(self, environment):
|
||||||
super(BaseFullStackTestCase, self).setUp()
|
super().setUp()
|
||||||
|
|
||||||
tests_base.setup_test_logging(
|
tests_base.setup_test_logging(
|
||||||
cfg.CONF, DEFAULT_LOG_DIR, '%s.txt' % self.get_name())
|
cfg.CONF, DEFAULT_LOG_DIR, '%s.txt' % self.get_name())
|
||||||
@ -66,4 +66,4 @@ class BaseFullStackTestCase(testlib_api.MySQLTestCaseMixin,
|
|||||||
|
|
||||||
def get_name(self):
|
def get_name(self):
|
||||||
class_name, test_name = self.id().split(".")[-2:]
|
class_name, test_name = self.id().split(".")[-2:]
|
||||||
return "%s.%s" % (class_name, test_name)
|
return "{}.{}".format(class_name, test_name)
|
||||||
|
|||||||
@ -38,7 +38,7 @@ class ClientFixture(fixtures.Fixture):
|
|||||||
"""Manage and cleanup neutron resources."""
|
"""Manage and cleanup neutron resources."""
|
||||||
|
|
||||||
def __init__(self, client):
|
def __init__(self, client):
|
||||||
super(ClientFixture, self).__init__()
|
super().__init__()
|
||||||
self.client = client
|
self.client = client
|
||||||
|
|
||||||
def _create_resource(self, resource_type, spec):
|
def _create_resource(self, resource_type, spec):
|
||||||
|
|||||||
@ -33,7 +33,7 @@ class ConfigFixture(fixtures.Fixture):
|
|||||||
is initializing a new instance of the class.
|
is initializing a new instance of the class.
|
||||||
"""
|
"""
|
||||||
def __init__(self, env_desc, host_desc, temp_dir, base_filename):
|
def __init__(self, env_desc, host_desc, temp_dir, base_filename):
|
||||||
super(ConfigFixture, self).__init__()
|
super().__init__()
|
||||||
self.config = config_fixtures.ConfigDict()
|
self.config = config_fixtures.ConfigDict()
|
||||||
self.env_desc = env_desc
|
self.env_desc = env_desc
|
||||||
self.host_desc = host_desc
|
self.host_desc = host_desc
|
||||||
@ -51,7 +51,7 @@ class NeutronConfigFixture(ConfigFixture):
|
|||||||
|
|
||||||
def __init__(self, env_desc, host_desc, temp_dir,
|
def __init__(self, env_desc, host_desc, temp_dir,
|
||||||
connection, rabbitmq_environment):
|
connection, rabbitmq_environment):
|
||||||
super(NeutronConfigFixture, self).__init__(
|
super().__init__(
|
||||||
env_desc, host_desc, temp_dir, base_filename='neutron.conf')
|
env_desc, host_desc, temp_dir, base_filename='neutron.conf')
|
||||||
|
|
||||||
service_plugins = ['router', 'trunk']
|
service_plugins = ['router', 'trunk']
|
||||||
@ -90,7 +90,7 @@ class NeutronConfigFixture(ConfigFixture):
|
|||||||
'bind_port': self.useFixture(
|
'bind_port': self.useFixture(
|
||||||
port.ExclusivePort(constants.PROTO_NAME_TCP)).port
|
port.ExclusivePort(constants.PROTO_NAME_TCP)).port
|
||||||
})
|
})
|
||||||
super(NeutronConfigFixture, self)._setUp()
|
super()._setUp()
|
||||||
|
|
||||||
def _generate_host(self):
|
def _generate_host(self):
|
||||||
return utils.get_rand_name(prefix='host-')
|
return utils.get_rand_name(prefix='host-')
|
||||||
@ -110,7 +110,7 @@ class NeutronConfigFixture(ConfigFixture):
|
|||||||
class ML2ConfigFixture(ConfigFixture):
|
class ML2ConfigFixture(ConfigFixture):
|
||||||
|
|
||||||
def __init__(self, env_desc, host_desc, temp_dir, tenant_network_types):
|
def __init__(self, env_desc, host_desc, temp_dir, tenant_network_types):
|
||||||
super(ML2ConfigFixture, self).__init__(
|
super().__init__(
|
||||||
env_desc, host_desc, temp_dir, base_filename='ml2_conf.ini')
|
env_desc, host_desc, temp_dir, base_filename='ml2_conf.ini')
|
||||||
|
|
||||||
mechanism_drivers = self.env_desc.mech_drivers
|
mechanism_drivers = self.env_desc.mech_drivers
|
||||||
@ -141,7 +141,7 @@ class ML2ConfigFixture(ConfigFixture):
|
|||||||
class OVSConfigFixture(ConfigFixture):
|
class OVSConfigFixture(ConfigFixture):
|
||||||
|
|
||||||
def __init__(self, env_desc, host_desc, temp_dir, local_ip):
|
def __init__(self, env_desc, host_desc, temp_dir, local_ip):
|
||||||
super(OVSConfigFixture, self).__init__(
|
super().__init__(
|
||||||
env_desc, host_desc, temp_dir,
|
env_desc, host_desc, temp_dir,
|
||||||
base_filename='openvswitch_agent.ini')
|
base_filename='openvswitch_agent.ini')
|
||||||
|
|
||||||
@ -182,7 +182,7 @@ class OVSConfigFixture(ConfigFixture):
|
|||||||
'of_listen_port': self.useFixture(
|
'of_listen_port': self.useFixture(
|
||||||
port.ExclusivePort(constants.PROTO_NAME_TCP)).port
|
port.ExclusivePort(constants.PROTO_NAME_TCP)).port
|
||||||
})
|
})
|
||||||
super(OVSConfigFixture, self)._setUp()
|
super()._setUp()
|
||||||
|
|
||||||
def _generate_bridge_mappings(self):
|
def _generate_bridge_mappings(self):
|
||||||
return 'physnet1:%s' % utils.get_rand_device_name(prefix='br-eth')
|
return 'physnet1:%s' % utils.get_rand_device_name(prefix='br-eth')
|
||||||
@ -213,7 +213,7 @@ class LinuxBridgeConfigFixture(ConfigFixture):
|
|||||||
|
|
||||||
def __init__(self, env_desc, host_desc, temp_dir, local_ip,
|
def __init__(self, env_desc, host_desc, temp_dir, local_ip,
|
||||||
physical_device_name):
|
physical_device_name):
|
||||||
super(LinuxBridgeConfigFixture, self).__init__(
|
super().__init__(
|
||||||
env_desc, host_desc, temp_dir,
|
env_desc, host_desc, temp_dir,
|
||||||
base_filename="linuxbridge_agent.ini"
|
base_filename="linuxbridge_agent.ini"
|
||||||
)
|
)
|
||||||
@ -255,7 +255,7 @@ class LinuxBridgeConfigFixture(ConfigFixture):
|
|||||||
class L3ConfigFixture(ConfigFixture):
|
class L3ConfigFixture(ConfigFixture):
|
||||||
|
|
||||||
def __init__(self, env_desc, host_desc, temp_dir, integration_bridge=None):
|
def __init__(self, env_desc, host_desc, temp_dir, integration_bridge=None):
|
||||||
super(L3ConfigFixture, self).__init__(
|
super().__init__(
|
||||||
env_desc, host_desc, temp_dir, base_filename='l3_agent.ini')
|
env_desc, host_desc, temp_dir, base_filename='l3_agent.ini')
|
||||||
if host_desc.l2_agent_type == constants.AGENT_TYPE_OVS:
|
if host_desc.l2_agent_type == constants.AGENT_TYPE_OVS:
|
||||||
self._prepare_config_with_ovs_agent(integration_bridge)
|
self._prepare_config_with_ovs_agent(integration_bridge)
|
||||||
|
|||||||
@ -28,7 +28,7 @@ from neutron.tests.fullstack.resources import config
|
|||||||
from neutron.tests.fullstack.resources import process
|
from neutron.tests.fullstack.resources import process
|
||||||
|
|
||||||
|
|
||||||
class EnvironmentDescription(object):
|
class EnvironmentDescription:
|
||||||
"""A set of characteristics of an environment setup.
|
"""A set of characteristics of an environment setup.
|
||||||
|
|
||||||
Does the setup, as a whole, support tunneling? How about l2pop?
|
Does the setup, as a whole, support tunneling? How about l2pop?
|
||||||
@ -47,7 +47,7 @@ class EnvironmentDescription(object):
|
|||||||
return self.network_type in ('vxlan', 'gre')
|
return self.network_type in ('vxlan', 'gre')
|
||||||
|
|
||||||
|
|
||||||
class HostDescription(object):
|
class HostDescription:
|
||||||
"""A set of characteristics of an environment Host.
|
"""A set of characteristics of an environment Host.
|
||||||
|
|
||||||
What agents should the host spawn? What mode should each agent operate
|
What agents should the host spawn? What mode should each agent operate
|
||||||
@ -275,7 +275,7 @@ class Environment(fixtures.Fixture):
|
|||||||
:param hosts_desc: A list of HostDescription instances.
|
:param hosts_desc: A list of HostDescription instances.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
super(Environment, self).__init__()
|
super().__init__()
|
||||||
self.env_desc = env_desc
|
self.env_desc = env_desc
|
||||||
self.hosts_desc = hosts_desc
|
self.hosts_desc = hosts_desc
|
||||||
self.hosts = []
|
self.hosts = []
|
||||||
|
|||||||
@ -44,7 +44,7 @@ class FakeFullstackMachine(machine_fixtures.FakeMachineBase):
|
|||||||
|
|
||||||
def __init__(self, host, network_id, tenant_id, safe_client,
|
def __init__(self, host, network_id, tenant_id, safe_client,
|
||||||
neutron_port=None, bridge_name=None):
|
neutron_port=None, bridge_name=None):
|
||||||
super(FakeFullstackMachine, self).__init__()
|
super().__init__()
|
||||||
self.host = host
|
self.host = host
|
||||||
self.tenant_id = tenant_id
|
self.tenant_id = tenant_id
|
||||||
self.network_id = network_id
|
self.network_id = network_id
|
||||||
@ -53,7 +53,7 @@ class FakeFullstackMachine(machine_fixtures.FakeMachineBase):
|
|||||||
self.bridge_name = bridge_name
|
self.bridge_name = bridge_name
|
||||||
|
|
||||||
def _setUp(self):
|
def _setUp(self):
|
||||||
super(FakeFullstackMachine, self)._setUp()
|
super()._setUp()
|
||||||
|
|
||||||
self.bridge = self._get_bridge()
|
self.bridge = self._get_bridge()
|
||||||
|
|
||||||
@ -81,8 +81,8 @@ class FakeFullstackMachine(machine_fixtures.FakeMachineBase):
|
|||||||
self.neutron_port['id'],
|
self.neutron_port['id'],
|
||||||
{'port': {pbs.HOST_ID: self.host.hostname}})
|
{'port': {pbs.HOST_ID: self.host.hostname}})
|
||||||
self.addCleanup(self.safe_client.client.update_port,
|
self.addCleanup(self.safe_client.client.update_port,
|
||||||
self.neutron_port['id'],
|
self.neutron_port['id'],
|
||||||
{'port': {pbs.HOST_ID: ''}})
|
{'port': {pbs.HOST_ID: ''}})
|
||||||
|
|
||||||
def _get_bridge(self):
|
def _get_bridge(self):
|
||||||
if self.bridge_name is None:
|
if self.bridge_name is None:
|
||||||
@ -107,7 +107,7 @@ class FakeFullstackMachine(machine_fixtures.FakeMachineBase):
|
|||||||
subnet_id = fixed_ip['subnet_id']
|
subnet_id = fixed_ip['subnet_id']
|
||||||
subnet = self.safe_client.client.show_subnet(subnet_id)
|
subnet = self.safe_client.client.show_subnet(subnet_id)
|
||||||
prefixlen = netaddr.IPNetwork(subnet['subnet']['cidr']).prefixlen
|
prefixlen = netaddr.IPNetwork(subnet['subnet']['cidr']).prefixlen
|
||||||
self._ip_cidr = '%s/%s' % (self._ip, prefixlen)
|
self._ip_cidr = '{}/{}'.format(self._ip, prefixlen)
|
||||||
|
|
||||||
# TODO(amuller): Support DHCP
|
# TODO(amuller): Support DHCP
|
||||||
self.port.addr.add(self.ip_cidr)
|
self.port.addr.add(self.ip_cidr)
|
||||||
@ -152,7 +152,7 @@ class FakeFullstackMachine(machine_fixtures.FakeMachineBase):
|
|||||||
|
|
||||||
class FakeFullstackTrunkMachine(FakeFullstackMachine):
|
class FakeFullstackTrunkMachine(FakeFullstackMachine):
|
||||||
def __init__(self, trunk, *args, **kwargs):
|
def __init__(self, trunk, *args, **kwargs):
|
||||||
super(FakeFullstackTrunkMachine, self).__init__(*args, **kwargs)
|
super().__init__(*args, **kwargs)
|
||||||
self.trunk = trunk
|
self.trunk = trunk
|
||||||
|
|
||||||
def add_vlan_interface(self, mac_address, ip_address, segmentation_id):
|
def add_vlan_interface(self, mac_address, ip_address, segmentation_id):
|
||||||
|
|||||||
@ -32,7 +32,7 @@ from neutron.tests.fullstack import base as fullstack_base
|
|||||||
class ProcessFixture(fixtures.Fixture):
|
class ProcessFixture(fixtures.Fixture):
|
||||||
def __init__(self, test_name, process_name, exec_name, config_filenames,
|
def __init__(self, test_name, process_name, exec_name, config_filenames,
|
||||||
namespace=None, kill_signal=signal.SIGKILL):
|
namespace=None, kill_signal=signal.SIGKILL):
|
||||||
super(ProcessFixture, self).__init__()
|
super().__init__()
|
||||||
self.test_name = test_name
|
self.test_name = test_name
|
||||||
self.process_name = process_name
|
self.process_name = process_name
|
||||||
self.exec_name = exec_name
|
self.exec_name = exec_name
|
||||||
@ -52,7 +52,7 @@ class ProcessFixture(fixtures.Fixture):
|
|||||||
common_utils.ensure_dir(log_dir)
|
common_utils.ensure_dir(log_dir)
|
||||||
|
|
||||||
timestamp = datetime.datetime.now().strftime("%Y-%m-%d--%H-%M-%S-%f")
|
timestamp = datetime.datetime.now().strftime("%Y-%m-%d--%H-%M-%S-%f")
|
||||||
log_file = "%s--%s.log" % (self.process_name, timestamp)
|
log_file = "{}--{}.log".format(self.process_name, timestamp)
|
||||||
cmd = [shutil.which(self.exec_name),
|
cmd = [shutil.which(self.exec_name),
|
||||||
'--log-dir', log_dir,
|
'--log-dir', log_dir,
|
||||||
'--log-file', log_file]
|
'--log-file', log_file]
|
||||||
@ -71,7 +71,7 @@ class ProcessFixture(fixtures.Fixture):
|
|||||||
class RabbitmqEnvironmentFixture(fixtures.Fixture):
|
class RabbitmqEnvironmentFixture(fixtures.Fixture):
|
||||||
|
|
||||||
def __init__(self, host="127.0.0.1"):
|
def __init__(self, host="127.0.0.1"):
|
||||||
super(RabbitmqEnvironmentFixture, self).__init__()
|
super().__init__()
|
||||||
self.host = host
|
self.host = host
|
||||||
|
|
||||||
def _setUp(self):
|
def _setUp(self):
|
||||||
@ -100,7 +100,7 @@ class NeutronServerFixture(fixtures.Fixture):
|
|||||||
|
|
||||||
def __init__(self, env_desc, host_desc,
|
def __init__(self, env_desc, host_desc,
|
||||||
test_name, neutron_cfg_fixture, plugin_cfg_fixture):
|
test_name, neutron_cfg_fixture, plugin_cfg_fixture):
|
||||||
super(NeutronServerFixture, self).__init__()
|
super().__init__()
|
||||||
self.env_desc = env_desc
|
self.env_desc = env_desc
|
||||||
self.host_desc = host_desc
|
self.host_desc = host_desc
|
||||||
self.test_name = test_name
|
self.test_name = test_name
|
||||||
@ -140,7 +140,7 @@ class OVSAgentFixture(fixtures.Fixture):
|
|||||||
|
|
||||||
def __init__(self, env_desc, host_desc,
|
def __init__(self, env_desc, host_desc,
|
||||||
test_name, neutron_cfg_fixture, agent_cfg_fixture):
|
test_name, neutron_cfg_fixture, agent_cfg_fixture):
|
||||||
super(OVSAgentFixture, self).__init__()
|
super().__init__()
|
||||||
self.env_desc = env_desc
|
self.env_desc = env_desc
|
||||||
self.host_desc = host_desc
|
self.host_desc = host_desc
|
||||||
self.test_name = test_name
|
self.test_name = test_name
|
||||||
@ -174,7 +174,7 @@ class LinuxBridgeAgentFixture(fixtures.Fixture):
|
|||||||
def __init__(self, env_desc, host_desc, test_name,
|
def __init__(self, env_desc, host_desc, test_name,
|
||||||
neutron_cfg_fixture, agent_cfg_fixture,
|
neutron_cfg_fixture, agent_cfg_fixture,
|
||||||
namespace=None):
|
namespace=None):
|
||||||
super(LinuxBridgeAgentFixture, self).__init__()
|
super().__init__()
|
||||||
self.env_desc = env_desc
|
self.env_desc = env_desc
|
||||||
self.host_desc = host_desc
|
self.host_desc = host_desc
|
||||||
self.test_name = test_name
|
self.test_name = test_name
|
||||||
@ -206,7 +206,7 @@ class L3AgentFixture(fixtures.Fixture):
|
|||||||
def __init__(self, env_desc, host_desc, test_name,
|
def __init__(self, env_desc, host_desc, test_name,
|
||||||
neutron_cfg_fixture, l3_agent_cfg_fixture,
|
neutron_cfg_fixture, l3_agent_cfg_fixture,
|
||||||
namespace=None):
|
namespace=None):
|
||||||
super(L3AgentFixture, self).__init__()
|
super().__init__()
|
||||||
self.env_desc = env_desc
|
self.env_desc = env_desc
|
||||||
self.host_desc = host_desc
|
self.host_desc = host_desc
|
||||||
self.test_name = test_name
|
self.test_name = test_name
|
||||||
|
|||||||
@ -57,7 +57,7 @@ class TestL3Agent(base.BaseFullStackTestCase):
|
|||||||
for cidr in subnet_cidrs:
|
for cidr in subnet_cidrs:
|
||||||
# For IPv6 subnets, enable_dhcp should be set to true.
|
# For IPv6 subnets, enable_dhcp should be set to true.
|
||||||
enable_dhcp = (netaddr.IPNetwork(cidr).version ==
|
enable_dhcp = (netaddr.IPNetwork(cidr).version ==
|
||||||
constants.IP_VERSION_6)
|
constants.IP_VERSION_6)
|
||||||
subnet = self.safe_client.create_subnet(
|
subnet = self.safe_client.create_subnet(
|
||||||
tenant_id, network['id'], cidr, enable_dhcp=enable_dhcp)
|
tenant_id, network['id'], cidr, enable_dhcp=enable_dhcp)
|
||||||
|
|
||||||
@ -83,7 +83,7 @@ class TestLegacyL3Agent(TestL3Agent):
|
|||||||
environment.EnvironmentDescription(
|
environment.EnvironmentDescription(
|
||||||
network_type='vlan', l2_pop=False),
|
network_type='vlan', l2_pop=False),
|
||||||
host_descriptions)
|
host_descriptions)
|
||||||
super(TestLegacyL3Agent, self).setUp(env)
|
super().setUp(env)
|
||||||
|
|
||||||
def _get_namespace(self, router_id):
|
def _get_namespace(self, router_id):
|
||||||
return namespaces.build_ns_name(l3_agent.NS_PREFIX, router_id)
|
return namespaces.build_ns_name(l3_agent.NS_PREFIX, router_id)
|
||||||
@ -101,9 +101,9 @@ class TestLegacyL3Agent(TestL3Agent):
|
|||||||
tenant_id, network['id'], '20.0.0.0/24', gateway_ip='20.0.0.1')
|
tenant_id, network['id'], '20.0.0.0/24', gateway_ip='20.0.0.1')
|
||||||
self.safe_client.add_router_interface(router['id'], subnet['id'])
|
self.safe_client.add_router_interface(router['id'], subnet['id'])
|
||||||
|
|
||||||
namespace = "%s@%s" % (
|
namespace = "{}@{}".format(
|
||||||
self._get_namespace(router['id']),
|
self._get_namespace(router['id']),
|
||||||
self.environment.hosts[0].l3_agent.get_namespace_suffix(), )
|
self.environment.hosts[0].l3_agent.get_namespace_suffix())
|
||||||
self._assert_namespace_exists(namespace)
|
self._assert_namespace_exists(namespace)
|
||||||
|
|
||||||
def test_east_west_traffic(self):
|
def test_east_west_traffic(self):
|
||||||
@ -159,7 +159,7 @@ class TestHAL3Agent(base.BaseFullStackTestCase):
|
|||||||
environment.EnvironmentDescription(
|
environment.EnvironmentDescription(
|
||||||
network_type='vxlan', l2_pop=True),
|
network_type='vxlan', l2_pop=True),
|
||||||
host_descriptions)
|
host_descriptions)
|
||||||
super(TestHAL3Agent, self).setUp(env)
|
super().setUp(env)
|
||||||
|
|
||||||
def _is_ha_router_active_on_one_agent(self, router_id):
|
def _is_ha_router_active_on_one_agent(self, router_id):
|
||||||
agents = self.client.list_l3_agent_hosting_routers(router_id)
|
agents = self.client.list_l3_agent_hosting_routers(router_id)
|
||||||
|
|||||||
@ -61,7 +61,7 @@ class TestSanityCheck(testlib_api.SqlTestCaseLight):
|
|||||||
BUILD_SCHEMA = False
|
BUILD_SCHEMA = False
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestSanityCheck, self).setUp()
|
super().setUp()
|
||||||
|
|
||||||
for conf in migration.get_alembic_configs():
|
for conf in migration.get_alembic_configs():
|
||||||
self.alembic_config = conf
|
self.alembic_config = conf
|
||||||
|
|||||||
@ -148,7 +148,7 @@ class NetlinkLibTestCaseIPv6(functional_base.BaseSudoTestCase):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(NetlinkLibTestCaseIPv6, self).setUp()
|
super().setUp()
|
||||||
if not check_nf_conntrack_ipv6_is_loaded():
|
if not check_nf_conntrack_ipv6_is_loaded():
|
||||||
self.skipTest(
|
self.skipTest(
|
||||||
"nf_conntrack_ipv6 module wasn't loaded. Please load"
|
"nf_conntrack_ipv6 module wasn't loaded. Please load"
|
||||||
|
|||||||
@ -24,7 +24,7 @@ from neutron_fwaas.privileged.tests.functional import utils
|
|||||||
class InNamespaceTest(base.BaseSudoTestCase):
|
class InNamespaceTest(base.BaseSudoTestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(InNamespaceTest, self).setUp()
|
super().setUp()
|
||||||
self.namespace = self.useFixture(net_helpers.NamespaceFixture()).name
|
self.namespace = self.useFixture(net_helpers.NamespaceFixture()).name
|
||||||
|
|
||||||
ip = ip_lib.IPWrapper()
|
ip = ip_lib.IPWrapper()
|
||||||
|
|||||||
@ -63,7 +63,7 @@ AGENT_MODE_OPTS = [
|
|||||||
class FWLoggingTestBase(framework.L3AgentTestFramework):
|
class FWLoggingTestBase(framework.L3AgentTestFramework):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(FWLoggingTestBase, self).setUp()
|
super().setUp()
|
||||||
self.conf.register_opts(FWAAS_V2_LOG_OPTS, 'fwaas')
|
self.conf.register_opts(FWAAS_V2_LOG_OPTS, 'fwaas')
|
||||||
self.conf.register_opts(AGENT_MODE_OPTS, group='DEFAULT')
|
self.conf.register_opts(AGENT_MODE_OPTS, group='DEFAULT')
|
||||||
self._set_agent_mode(self.conf)
|
self._set_agent_mode(self.conf)
|
||||||
@ -123,7 +123,8 @@ class FWLoggingTestBase(framework.L3AgentTestFramework):
|
|||||||
if not v4rules_in_chain:
|
if not v4rules_in_chain:
|
||||||
ipt_mgr.ipv4['filter'].add_chain(chain)
|
ipt_mgr.ipv4['filter'].add_chain(chain)
|
||||||
if action == 'REJECT':
|
if action == 'REJECT':
|
||||||
ipt_mgr.ipv4['filter'].add_rule(chain,
|
ipt_mgr.ipv4['filter'].add_rule(
|
||||||
|
chain,
|
||||||
'-j REJECT --reject-with icmp-port-unreachable')
|
'-j REJECT --reject-with icmp-port-unreachable')
|
||||||
else:
|
else:
|
||||||
ipt_mgr.ipv4['filter'].add_rule(chain, '-j %s' % action)
|
ipt_mgr.ipv4['filter'].add_rule(chain, '-j %s' % action)
|
||||||
@ -133,7 +134,8 @@ class FWLoggingTestBase(framework.L3AgentTestFramework):
|
|||||||
if not v6rules_in_chain:
|
if not v6rules_in_chain:
|
||||||
ipt_mgr.ipv6['filter'].add_chain(chain)
|
ipt_mgr.ipv6['filter'].add_chain(chain)
|
||||||
if action == 'REJECT':
|
if action == 'REJECT':
|
||||||
ipt_mgr.ipv6['filter'].add_rule(chain,
|
ipt_mgr.ipv6['filter'].add_rule(
|
||||||
|
chain,
|
||||||
'-j REJECT --reject-with icmp6-port-unreachable')
|
'-j REJECT --reject-with icmp6-port-unreachable')
|
||||||
else:
|
else:
|
||||||
ipt_mgr.ipv6['filter'].add_rule(chain, '-j %s' % action)
|
ipt_mgr.ipv6['filter'].add_rule(chain, '-j %s' % action)
|
||||||
|
|||||||
@ -24,7 +24,7 @@ from neutron_fwaas.tests import base
|
|||||||
class TestChecks(base.BaseTestCase):
|
class TestChecks(base.BaseTestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestChecks, self).setUp()
|
super().setUp()
|
||||||
self.checks = checks.Checks()
|
self.checks = checks.Checks()
|
||||||
|
|
||||||
def test_get_checks_list(self):
|
def test_get_checks_list(self):
|
||||||
|
|||||||
@ -30,7 +30,7 @@ from neutron_fwaas.tests.unit.services.firewall import test_fwaas_plugin_v2
|
|||||||
class TestFirewallDBPluginV2(test_fwaas_plugin_v2.FirewallPluginV2TestCase):
|
class TestFirewallDBPluginV2(test_fwaas_plugin_v2.FirewallPluginV2TestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestFirewallDBPluginV2, self).setUp()
|
super().setUp()
|
||||||
self.db = self.plugin.driver.firewall_db
|
self.db = self.plugin.driver.firewall_db
|
||||||
|
|
||||||
def test_get_policy_ordered_rules(self):
|
def test_get_policy_ordered_rules(self):
|
||||||
@ -877,8 +877,8 @@ class TestFirewallDBPluginV2(test_fwaas_plugin_v2.FirewallPluginV2TestCase):
|
|||||||
# make sure that admin can see default groups for admin and non-admin
|
# make sure that admin can see default groups for admin and non-admin
|
||||||
res = self._list_req('firewall_groups', ctx=ctx_admin, as_admin=True)
|
res = self._list_req('firewall_groups', ctx=ctx_admin, as_admin=True)
|
||||||
self.assertEqual(2, len(res))
|
self.assertEqual(2, len(res))
|
||||||
self.assertEqual(set([ctx_admin.tenant_id, ctx.tenant_id]),
|
self.assertEqual({ctx_admin.tenant_id, ctx.tenant_id},
|
||||||
set([r['tenant_id'] for r in res]))
|
{r['tenant_id'] for r in res})
|
||||||
|
|
||||||
def test_create_default_firewall_group_from_config(self):
|
def test_create_default_firewall_group_from_config(self):
|
||||||
group = 'default_fwg_rules'
|
group = 'default_fwg_rules'
|
||||||
@ -1026,10 +1026,10 @@ class TestFirewallDBPluginV2(test_fwaas_plugin_v2.FirewallPluginV2TestCase):
|
|||||||
description = "my_firewall1"
|
description = "my_firewall1"
|
||||||
not_found_fwp_id = uuidutils.generate_uuid()
|
not_found_fwp_id = uuidutils.generate_uuid()
|
||||||
self._create_firewall_group(fmt, fwg_name,
|
self._create_firewall_group(fmt, fwg_name,
|
||||||
description, not_found_fwp_id,
|
description, not_found_fwp_id,
|
||||||
not_found_fwp_id, ports=None,
|
not_found_fwp_id, ports=None,
|
||||||
admin_state_up=self.ADMIN_STATE_UP,
|
admin_state_up=self.ADMIN_STATE_UP,
|
||||||
expected_res_status=404)
|
expected_res_status=404)
|
||||||
|
|
||||||
def test_create_firewall_group_with_fwp_on_different_tenant(self):
|
def test_create_firewall_group_with_fwp_on_different_tenant(self):
|
||||||
fmt = self.fmt
|
fmt = self.fmt
|
||||||
@ -1041,9 +1041,9 @@ class TestFirewallDBPluginV2(test_fwaas_plugin_v2.FirewallPluginV2TestCase):
|
|||||||
ctx = self._get_nonadmin_context()
|
ctx = self._get_nonadmin_context()
|
||||||
self._create_firewall_group(fmt, fwg_name,
|
self._create_firewall_group(fmt, fwg_name,
|
||||||
description,
|
description,
|
||||||
ingress_firewall_policy_id=fwp_id,
|
ingress_firewall_policy_id=fwp_id,
|
||||||
egress_firewall_policy_id=fwp_id,
|
egress_firewall_policy_id=fwp_id,
|
||||||
context=ctx,
|
context=ctx,
|
||||||
expected_res_status=404)
|
expected_res_status=404)
|
||||||
|
|
||||||
def test_create_firewall_group_with_admin_and_fwp_different_tenant(self):
|
def test_create_firewall_group_with_admin_and_fwp_different_tenant(self):
|
||||||
@ -1685,8 +1685,8 @@ class TestFirewallDBPluginV2(test_fwaas_plugin_v2.FirewallPluginV2TestCase):
|
|||||||
as_admin=True) as fwp:
|
as_admin=True) as fwp:
|
||||||
fwp_id = fwp['firewall_policy']['id']
|
fwp_id = fwp['firewall_policy']['id']
|
||||||
fwr_id = fwr['firewall_rule']['id']
|
fwr_id = fwr['firewall_rule']['id']
|
||||||
msg = "Firewall rule {0} is not associated with " \
|
msg = "Firewall rule {} is not associated with " \
|
||||||
"firewall policy {1}.".format(fwr_id, fwp_id)
|
"firewall policy {}.".format(fwr_id, fwp_id)
|
||||||
result = self._rule_action(
|
result = self._rule_action(
|
||||||
'remove', fwp_id, fwr_id,
|
'remove', fwp_id, fwr_id,
|
||||||
insert_before=None,
|
insert_before=None,
|
||||||
|
|||||||
@ -35,7 +35,7 @@ class NFLogAppTestCase(base.BaseTestCase):
|
|||||||
|
|
||||||
self.nflog_app = lib_log.NFLogApp()
|
self.nflog_app = lib_log.NFLogApp()
|
||||||
self.spawn = mock.patch('eventlet.spawn').start()
|
self.spawn = mock.patch('eventlet.spawn').start()
|
||||||
super(NFLogAppTestCase, self).setUp()
|
super().setUp()
|
||||||
|
|
||||||
def test_register_packet_handler(self):
|
def test_register_packet_handler(self):
|
||||||
def fake_method():
|
def fake_method():
|
||||||
@ -55,7 +55,7 @@ class NFLogAppTestCase(base.BaseTestCase):
|
|||||||
class NFLogWrapper(base.BaseTestCase):
|
class NFLogWrapper(base.BaseTestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(NFLogWrapper, self).setUp()
|
super().setUp()
|
||||||
lib_log.libnflog = mock.Mock()
|
lib_log.libnflog = mock.Mock()
|
||||||
lib_log.ffi = mock.Mock()
|
lib_log.ffi = mock.Mock()
|
||||||
|
|
||||||
|
|||||||
@ -40,7 +40,7 @@ FAKE_ICMPV6_ENTRY = {'ipversion': 6, 'protocol': 'ipv6-icmp',
|
|||||||
|
|
||||||
class NetlinkLibTestCase(base.BaseTestCase):
|
class NetlinkLibTestCase(base.BaseTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(NetlinkLibTestCase, self).setUp()
|
super().setUp()
|
||||||
nl_lib.nfct = mock.Mock()
|
nl_lib.nfct = mock.Mock()
|
||||||
nl_lib.libc = mock.Mock()
|
nl_lib.libc = mock.Mock()
|
||||||
|
|
||||||
@ -250,8 +250,8 @@ class NetlinkLibTestCase(base.BaseTestCase):
|
|||||||
with nl_lib.ConntrackManager() as conntrack:
|
with nl_lib.ConntrackManager() as conntrack:
|
||||||
nl_lib.nfct.nfct_open.assert_called_once()
|
nl_lib.nfct.nfct_open.assert_called_once()
|
||||||
conntrack.delete_entries([FAKE_ENTRY,
|
conntrack.delete_entries([FAKE_ENTRY,
|
||||||
FAKE_TCP_ENTRY,
|
FAKE_TCP_ENTRY,
|
||||||
FAKE_UDP_ENTRY])
|
FAKE_UDP_ENTRY])
|
||||||
calls = [
|
calls = [
|
||||||
mock.call(conntrack_filter,
|
mock.call(conntrack_filter,
|
||||||
nl_constants.ATTR_L3PROTO,
|
nl_constants.ATTR_L3PROTO,
|
||||||
|
|||||||
@ -27,7 +27,7 @@ class InNamespaceTest(base.BaseTestCase):
|
|||||||
NEW_NETNS = 'newns'
|
NEW_NETNS = 'newns'
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(InNamespaceTest, self).setUp()
|
super().setUp()
|
||||||
|
|
||||||
# NOTE(cby): we should unmock os.open/close as early as possible
|
# NOTE(cby): we should unmock os.open/close as early as possible
|
||||||
# because there are used in cleanups
|
# because there are used in cleanups
|
||||||
|
|||||||
@ -23,7 +23,7 @@ from neutron_fwaas.tests import base
|
|||||||
|
|
||||||
class TestNoopDriver(base.BaseTestCase):
|
class TestNoopDriver(base.BaseTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestNoopDriver, self).setUp()
|
super().setUp()
|
||||||
mock_br = mock.Mock()
|
mock_br = mock.Mock()
|
||||||
self.firewall = noop_driver.NoopFirewallL2Driver(mock_br)
|
self.firewall = noop_driver.NoopFirewallL2Driver(mock_br)
|
||||||
|
|
||||||
|
|||||||
@ -48,15 +48,15 @@ class TestCreateRegNumbers(base.BaseTestCase):
|
|||||||
def test_both_registers_defined(self):
|
def test_both_registers_defined(self):
|
||||||
flow = {'foo': 'bar', 'reg_port': 1, 'reg_net': 2}
|
flow = {'foo': 'bar', 'reg_port': 1, 'reg_net': 2}
|
||||||
expected_flow = {'foo': 'bar',
|
expected_flow = {'foo': 'bar',
|
||||||
'reg{:d}'.format(fwaas_ovs_consts.REG_PORT): 1,
|
f'reg{fwaas_ovs_consts.REG_PORT:d}': 1,
|
||||||
'reg{:d}'.format(fwaas_ovs_consts.REG_NET): 2}
|
f'reg{fwaas_ovs_consts.REG_NET:d}': 2}
|
||||||
ovsfw.create_reg_numbers(flow)
|
ovsfw.create_reg_numbers(flow)
|
||||||
self.assertEqual(expected_flow, flow)
|
self.assertEqual(expected_flow, flow)
|
||||||
|
|
||||||
|
|
||||||
class TestFirewallGroup(base.BaseTestCase):
|
class TestFirewallGroup(base.BaseTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestFirewallGroup, self).setUp()
|
super().setUp()
|
||||||
self.fwg = ovsfw.FirewallGroup('123')
|
self.fwg = ovsfw.FirewallGroup('123')
|
||||||
self.fwg.members = {'type': [1, 2, 3, 4]}
|
self.fwg.members = {'type': [1, 2, 3, 4]}
|
||||||
|
|
||||||
@ -103,7 +103,7 @@ class TestFirewallGroup(base.BaseTestCase):
|
|||||||
|
|
||||||
class TestOFPort(base.BaseTestCase):
|
class TestOFPort(base.BaseTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestOFPort, self).setUp()
|
super().setUp()
|
||||||
self.ipv4_addresses = ['10.0.0.1', '192.168.0.1']
|
self.ipv4_addresses = ['10.0.0.1', '192.168.0.1']
|
||||||
self.ipv6_addresses = ['fe80::f816:3eff:fe2e:1']
|
self.ipv6_addresses = ['fe80::f816:3eff:fe2e:1']
|
||||||
port_dict = {'device': 1,
|
port_dict = {'device': 1,
|
||||||
@ -165,7 +165,7 @@ class TestOFPort(base.BaseTestCase):
|
|||||||
|
|
||||||
class TestFWGPortMap(base.BaseTestCase):
|
class TestFWGPortMap(base.BaseTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestFWGPortMap, self).setUp()
|
super().setUp()
|
||||||
self.map = ovsfw.FWGPortMap()
|
self.map = ovsfw.FWGPortMap()
|
||||||
|
|
||||||
def test_get_or_create_fwg_existing_fwg(self):
|
def test_get_or_create_fwg_existing_fwg(self):
|
||||||
@ -250,7 +250,7 @@ class TestFWGPortMap(base.BaseTestCase):
|
|||||||
self.map.update_members(42, [])
|
self.map.update_members(42, [])
|
||||||
|
|
||||||
|
|
||||||
class FakeOVSPort(object):
|
class FakeOVSPort:
|
||||||
def __init__(self, name, port, mac):
|
def __init__(self, name, port, mac):
|
||||||
self.port_name = name
|
self.port_name = name
|
||||||
self.ofport = port
|
self.ofport = port
|
||||||
@ -259,7 +259,7 @@ class FakeOVSPort(object):
|
|||||||
|
|
||||||
class TestOVSFirewallDriver(base.BaseTestCase):
|
class TestOVSFirewallDriver(base.BaseTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestOVSFirewallDriver, self).setUp()
|
super().setUp()
|
||||||
self._mock_ovs_br = mock.patch.object(
|
self._mock_ovs_br = mock.patch.object(
|
||||||
ovs_lib, 'OVSBridge', autospec=True)
|
ovs_lib, 'OVSBridge', autospec=True)
|
||||||
mock_bridge = self._mock_ovs_br.start()
|
mock_bridge = self._mock_ovs_br.start()
|
||||||
@ -319,8 +319,8 @@ class TestOVSFirewallDriver(base.BaseTestCase):
|
|||||||
def test__add_flow_registers_are_replaced(self):
|
def test__add_flow_registers_are_replaced(self):
|
||||||
self.firewall._add_flow(in_port=1, reg_port=1, reg_net=2)
|
self.firewall._add_flow(in_port=1, reg_port=1, reg_net=2)
|
||||||
expected_calls = {'in_port': 1,
|
expected_calls = {'in_port': 1,
|
||||||
'reg{:d}'.format(fwaas_ovs_consts.REG_PORT): 1,
|
f'reg{fwaas_ovs_consts.REG_PORT:d}': 1,
|
||||||
'reg{:d}'.format(fwaas_ovs_consts.REG_NET): 2}
|
f'reg{fwaas_ovs_consts.REG_NET:d}': 2}
|
||||||
self.mock_bridge.br.add_flow.assert_called_once_with(
|
self.mock_bridge.br.add_flow.assert_called_once_with(
|
||||||
**expected_calls)
|
**expected_calls)
|
||||||
|
|
||||||
@ -444,7 +444,7 @@ class TestOVSFirewallDriver(base.BaseTestCase):
|
|||||||
'output:{:d},resubmit(,{:d})'.format(
|
'output:{:d},resubmit(,{:d})'.format(
|
||||||
self.port_ofport,
|
self.port_ofport,
|
||||||
ovs_consts.ACCEPTED_INGRESS_TRAFFIC_TABLE),
|
ovs_consts.ACCEPTED_INGRESS_TRAFFIC_TABLE),
|
||||||
dl_type="0x{:04x}".format(constants.ETHERTYPE_IP),
|
dl_type=f"0x{constants.ETHERTYPE_IP:04x}",
|
||||||
nw_proto=constants.PROTO_NUM_TCP,
|
nw_proto=constants.PROTO_NUM_TCP,
|
||||||
priority=70,
|
priority=70,
|
||||||
reg5=self.port_ofport,
|
reg5=self.port_ofport,
|
||||||
@ -482,8 +482,8 @@ class TestOVSFirewallDriver(base.BaseTestCase):
|
|||||||
priority=95,
|
priority=95,
|
||||||
table=ovs_consts.TRANSIENT_TABLE)
|
table=ovs_consts.TRANSIENT_TABLE)
|
||||||
filter_rule = mock.call(
|
filter_rule = mock.call(
|
||||||
actions='resubmit(,{:d})'.format(ovs_consts.RULES_INGRESS_TABLE),
|
actions=f'resubmit(,{ovs_consts.RULES_INGRESS_TABLE:d})',
|
||||||
dl_type="0x{:04x}".format(constants.ETHERTYPE_IP),
|
dl_type=f"0x{constants.ETHERTYPE_IP:04x}",
|
||||||
nw_proto=constants.PROTO_NUM_TCP,
|
nw_proto=constants.PROTO_NUM_TCP,
|
||||||
priority=70,
|
priority=70,
|
||||||
reg5=self.port_ofport,
|
reg5=self.port_ofport,
|
||||||
@ -529,7 +529,7 @@ class TestOVSFirewallDriver(base.BaseTestCase):
|
|||||||
mock.call(
|
mock.call(
|
||||||
actions='resubmit(,{:d})'.format(
|
actions='resubmit(,{:d})'.format(
|
||||||
fwaas_ovs_consts.FW_ACCEPT_OR_INGRESS_TABLE),
|
fwaas_ovs_consts.FW_ACCEPT_OR_INGRESS_TABLE),
|
||||||
dl_type="0x{:04x}".format(constants.ETHERTYPE_IP),
|
dl_type=f"0x{constants.ETHERTYPE_IP:04x}",
|
||||||
nw_proto=constants.PROTO_NUM_UDP,
|
nw_proto=constants.PROTO_NUM_UDP,
|
||||||
priority=71,
|
priority=71,
|
||||||
ct_state=fwaas_ovs_consts.OF_STATE_NEW_NOT_ESTABLISHED,
|
ct_state=fwaas_ovs_consts.OF_STATE_NEW_NOT_ESTABLISHED,
|
||||||
@ -567,7 +567,7 @@ class TestOVSFirewallDriver(base.BaseTestCase):
|
|||||||
mock.call(
|
mock.call(
|
||||||
actions='resubmit(,{:d})'.format(
|
actions='resubmit(,{:d})'.format(
|
||||||
ovs_consts.RULES_EGRESS_TABLE),
|
ovs_consts.RULES_EGRESS_TABLE),
|
||||||
dl_type="0x{:04x}".format(constants.ETHERTYPE_IP),
|
dl_type=f"0x{constants.ETHERTYPE_IP:04x}",
|
||||||
nw_proto=constants.PROTO_NUM_UDP,
|
nw_proto=constants.PROTO_NUM_UDP,
|
||||||
priority=71,
|
priority=71,
|
||||||
ct_state=fwaas_ovs_consts.OF_STATE_NEW_NOT_ESTABLISHED,
|
ct_state=fwaas_ovs_consts.OF_STATE_NEW_NOT_ESTABLISHED,
|
||||||
@ -638,7 +638,7 @@ class TestOVSFirewallDriver(base.BaseTestCase):
|
|||||||
self._prepare_firewall_group()
|
self._prepare_firewall_group()
|
||||||
self.firewall.fwg_to_delete = {1}
|
self.firewall.fwg_to_delete = {1}
|
||||||
with mock.patch.object(self.firewall.fwg_port_map,
|
with mock.patch.object(self.firewall.fwg_port_map,
|
||||||
'delete_fwg') as delete_fwg_mock:
|
'delete_fwg') as delete_fwg_mock:
|
||||||
self.firewall._cleanup_stale_fwg()
|
self.firewall._cleanup_stale_fwg()
|
||||||
delete_fwg_mock.assert_called_once_with(1)
|
delete_fwg_mock.assert_called_once_with(1)
|
||||||
|
|
||||||
|
|||||||
@ -52,7 +52,7 @@ class TestIsValidPrefix(base.BaseTestCase):
|
|||||||
|
|
||||||
class TestCreateFlowsFromRuleAndPort(base.BaseTestCase):
|
class TestCreateFlowsFromRuleAndPort(base.BaseTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestCreateFlowsFromRuleAndPort, self).setUp()
|
super().setUp()
|
||||||
ovs_port = mock.Mock(vif_mac='00:00:00:00:00:00')
|
ovs_port = mock.Mock(vif_mac='00:00:00:00:00:00')
|
||||||
ovs_port.ofport = 1
|
ovs_port.ofport = 1
|
||||||
port_dict = {'device': 'port_id'}
|
port_dict = {'device': 'port_id'}
|
||||||
@ -169,7 +169,7 @@ class TestCreateFlowsFromRuleAndPort(base.BaseTestCase):
|
|||||||
|
|
||||||
class TestCreateProtocolFlows(base.BaseTestCase):
|
class TestCreateProtocolFlows(base.BaseTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestCreateProtocolFlows, self).setUp()
|
super().setUp()
|
||||||
ovs_port = mock.Mock(vif_mac='00:00:00:00:00:00')
|
ovs_port = mock.Mock(vif_mac='00:00:00:00:00:00')
|
||||||
ovs_port.ofport = 1
|
ovs_port.ofport = 1
|
||||||
port_dict = {'device': 'port_id'}
|
port_dict = {'device': 'port_id'}
|
||||||
|
|||||||
@ -38,7 +38,7 @@ MAX_INTF_NAME_LEN = 14
|
|||||||
|
|
||||||
class IptablesFwaasTestCase(base.BaseTestCase):
|
class IptablesFwaasTestCase(base.BaseTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(IptablesFwaasTestCase, self).setUp()
|
super().setUp()
|
||||||
self.iptables_cls_p = mock.patch(
|
self.iptables_cls_p = mock.patch(
|
||||||
'neutron.agent.linux.iptables_manager.IptablesManager')
|
'neutron.agent.linux.iptables_manager.IptablesManager')
|
||||||
self.iptables_cls_p.start()
|
self.iptables_cls_p.start()
|
||||||
@ -124,7 +124,7 @@ class IptablesFwaasTestCase(base.BaseTestCase):
|
|||||||
return fw_inst
|
return fw_inst
|
||||||
|
|
||||||
def _fake_apply_list(self, router_count=1, distributed=False,
|
def _fake_apply_list(self, router_count=1, distributed=False,
|
||||||
distributed_mode=None):
|
distributed_mode=None):
|
||||||
apply_list = []
|
apply_list = []
|
||||||
while router_count > 0:
|
while router_count > 0:
|
||||||
iptables_inst = mock.Mock()
|
iptables_inst = mock.Mock()
|
||||||
@ -149,12 +149,13 @@ class IptablesFwaasTestCase(base.BaseTestCase):
|
|||||||
return apply_list
|
return apply_list
|
||||||
|
|
||||||
def _get_intf_name(self, if_prefix, port_id):
|
def _get_intf_name(self, if_prefix, port_id):
|
||||||
_name = "%s%s" % (if_prefix, port_id)
|
_name = "{}{}".format(if_prefix, port_id)
|
||||||
return _name[:MAX_INTF_NAME_LEN]
|
return _name[:MAX_INTF_NAME_LEN]
|
||||||
|
|
||||||
def _setup_firewall_with_rules(self, func, router_count=1,
|
def _setup_firewall_with_rules(self, func, router_count=1,
|
||||||
distributed=False, distributed_mode=None):
|
distributed=False, distributed_mode=None):
|
||||||
apply_list = self._fake_apply_list(router_count=router_count,
|
apply_list = self._fake_apply_list(
|
||||||
|
router_count=router_count,
|
||||||
distributed=distributed, distributed_mode=distributed_mode)
|
distributed=distributed, distributed_mode=distributed_mode)
|
||||||
rule_list = self._fake_rules_v4(FAKE_FW_ID, apply_list)
|
rule_list = self._fake_rules_v4(FAKE_FW_ID, apply_list)
|
||||||
firewall = self._fake_firewall(rule_list)
|
firewall = self._fake_firewall(rule_list)
|
||||||
@ -178,8 +179,8 @@ class IptablesFwaasTestCase(base.BaseTestCase):
|
|||||||
rule3 = '-p tcp -m tcp --dport 23 -j %s' % rejected
|
rule3 = '-p tcp -m tcp --dport 23 -j %s' % rejected
|
||||||
ingress_chain = 'iv4%s' % firewall['id']
|
ingress_chain = 'iv4%s' % firewall['id']
|
||||||
egress_chain = 'ov4%s' % firewall['id']
|
egress_chain = 'ov4%s' % firewall['id']
|
||||||
ipt_mgr_ichain = '%s-%s' % (binary_name, ingress_chain[:11])
|
ipt_mgr_ichain = '{}-{}'.format(binary_name, ingress_chain[:11])
|
||||||
ipt_mgr_echain = '%s-%s' % (binary_name, egress_chain[:11])
|
ipt_mgr_echain = '{}-{}'.format(binary_name, egress_chain[:11])
|
||||||
for router_info_inst, port_ids in apply_list:
|
for router_info_inst, port_ids in apply_list:
|
||||||
v4filter_inst = router_info_inst.iptables_manager.ipv4['filter']
|
v4filter_inst = router_info_inst.iptables_manager.ipv4['filter']
|
||||||
calls = [mock.call.remove_chain('iv4fake-fw-uuid'),
|
calls = [mock.call.remove_chain('iv4fake-fw-uuid'),
|
||||||
@ -204,24 +205,29 @@ class IptablesFwaasTestCase(base.BaseTestCase):
|
|||||||
|
|
||||||
for port in FAKE_PORT_IDS:
|
for port in FAKE_PORT_IDS:
|
||||||
intf_name = self._get_intf_name(if_prefix, port)
|
intf_name = self._get_intf_name(if_prefix, port)
|
||||||
calls.append(mock.call.add_rule('FORWARD',
|
calls.append(mock.call.add_rule(
|
||||||
'-o %s -j %s' % (intf_name, ipt_mgr_ichain)))
|
'FORWARD',
|
||||||
|
'-o {} -j {}'.format(intf_name, ipt_mgr_ichain)))
|
||||||
for port in FAKE_PORT_IDS:
|
for port in FAKE_PORT_IDS:
|
||||||
intf_name = self._get_intf_name(if_prefix, port)
|
intf_name = self._get_intf_name(if_prefix, port)
|
||||||
calls.append(mock.call.add_rule('FORWARD',
|
calls.append(mock.call.add_rule(
|
||||||
'-i %s -j %s' % (intf_name, ipt_mgr_echain)))
|
'FORWARD',
|
||||||
|
'-i {} -j {}'.format(intf_name, ipt_mgr_echain)))
|
||||||
|
|
||||||
for direction in ['o', 'i']:
|
for direction in ['o', 'i']:
|
||||||
for port_id in FAKE_PORT_IDS:
|
for port_id in FAKE_PORT_IDS:
|
||||||
intf_name = self._get_intf_name(if_prefix, port_id)
|
intf_name = self._get_intf_name(if_prefix, port_id)
|
||||||
calls.append(mock.call.add_rule('FORWARD',
|
calls.append(mock.call.add_rule(
|
||||||
'-%s %s -j %s-fwaas-defau' % (direction,
|
'FORWARD',
|
||||||
intf_name, binary_name)))
|
'-{} {} -j {}-fwaas-defau'.format(
|
||||||
|
direction, intf_name, binary_name)))
|
||||||
v4filter_inst.assert_has_calls(calls)
|
v4filter_inst.assert_has_calls(calls)
|
||||||
|
|
||||||
def _setup_firewall_with_rules_v6(self, func, router_count=1,
|
def _setup_firewall_with_rules_v6(
|
||||||
|
self, func, router_count=1,
|
||||||
distributed=False, distributed_mode=None):
|
distributed=False, distributed_mode=None):
|
||||||
apply_list = self._fake_apply_list(router_count=router_count,
|
apply_list = self._fake_apply_list(
|
||||||
|
router_count=router_count,
|
||||||
distributed=distributed, distributed_mode=distributed_mode)
|
distributed=distributed, distributed_mode=distributed_mode)
|
||||||
rule_list = self._fake_rules_v6(FAKE_FW_ID, apply_list)
|
rule_list = self._fake_rules_v6(FAKE_FW_ID, apply_list)
|
||||||
firewall = self._fake_firewall(rule_list)
|
firewall = self._fake_firewall(rule_list)
|
||||||
@ -242,8 +248,8 @@ class IptablesFwaasTestCase(base.BaseTestCase):
|
|||||||
rule1 = '-p ipv6-icmp -d 2001:db8::2/128 -j %s' % accepted
|
rule1 = '-p ipv6-icmp -d 2001:db8::2/128 -j %s' % accepted
|
||||||
ingress_chain = 'iv6%s' % firewall['id']
|
ingress_chain = 'iv6%s' % firewall['id']
|
||||||
egress_chain = 'ov6%s' % firewall['id']
|
egress_chain = 'ov6%s' % firewall['id']
|
||||||
ipt_mgr_ichain = '%s-%s' % (binary_name, ingress_chain[:11])
|
ipt_mgr_ichain = '{}-{}'.format(binary_name, ingress_chain[:11])
|
||||||
ipt_mgr_echain = '%s-%s' % (binary_name, egress_chain[:11])
|
ipt_mgr_echain = '{}-{}'.format(binary_name, egress_chain[:11])
|
||||||
for router_info_inst, port_ids in apply_list:
|
for router_info_inst, port_ids in apply_list:
|
||||||
v6filter_inst = router_info_inst.iptables_manager.ipv6['filter']
|
v6filter_inst = router_info_inst.iptables_manager.ipv6['filter']
|
||||||
calls = [mock.call.remove_chain('iv6fake-fw-uuid'),
|
calls = [mock.call.remove_chain('iv6fake-fw-uuid'),
|
||||||
@ -263,19 +269,23 @@ class IptablesFwaasTestCase(base.BaseTestCase):
|
|||||||
]
|
]
|
||||||
for port in FAKE_PORT_IDS:
|
for port in FAKE_PORT_IDS:
|
||||||
intf_name = self._get_intf_name(if_prefix, port)
|
intf_name = self._get_intf_name(if_prefix, port)
|
||||||
calls.append(mock.call.add_rule('FORWARD',
|
calls.append(mock.call.add_rule(
|
||||||
'-o %s -j %s' % (intf_name, ipt_mgr_ichain)))
|
'FORWARD',
|
||||||
|
'-o {} -j {}'.format(intf_name, ipt_mgr_ichain)))
|
||||||
for port in FAKE_PORT_IDS:
|
for port in FAKE_PORT_IDS:
|
||||||
intf_name = self._get_intf_name(if_prefix, port)
|
intf_name = self._get_intf_name(if_prefix, port)
|
||||||
calls.append(mock.call.add_rule('FORWARD',
|
calls.append(mock.call.add_rule(
|
||||||
'-i %s -j %s' % (intf_name, ipt_mgr_echain)))
|
'FORWARD',
|
||||||
|
'-i {} -j {}'.format(intf_name, ipt_mgr_echain)))
|
||||||
|
|
||||||
for direction in ['o', 'i']:
|
for direction in ['o', 'i']:
|
||||||
for port_id in FAKE_PORT_IDS:
|
for port_id in FAKE_PORT_IDS:
|
||||||
intf_name = self._get_intf_name(if_prefix, port_id)
|
intf_name = self._get_intf_name(if_prefix, port_id)
|
||||||
calls.append(mock.call.add_rule('FORWARD',
|
calls.append(mock.call.add_rule(
|
||||||
'-%s %s -j %s-fwaas-defau' % (direction,
|
'FORWARD',
|
||||||
intf_name, binary_name)))
|
'-{} {} -j {}-fwaas-defau'.format(direction,
|
||||||
|
intf_name,
|
||||||
|
binary_name)))
|
||||||
|
|
||||||
v6filter_inst.assert_has_calls(calls)
|
v6filter_inst.assert_has_calls(calls)
|
||||||
|
|
||||||
@ -289,8 +299,8 @@ class IptablesFwaasTestCase(base.BaseTestCase):
|
|||||||
invalid_rule = '-m state --state INVALID -j %s' % dropped
|
invalid_rule = '-m state --state INVALID -j %s' % dropped
|
||||||
est_rule = '-m state --state RELATED,ESTABLISHED -j ACCEPT'
|
est_rule = '-m state --state RELATED,ESTABLISHED -j ACCEPT'
|
||||||
for ip_version in (4, 6):
|
for ip_version in (4, 6):
|
||||||
ingress_chain = ('iv%s%s' % (ip_version, firewall['id']))
|
ingress_chain = ('iv{}{}'.format(ip_version, firewall['id']))
|
||||||
egress_chain = ('ov%s%s' % (ip_version, firewall['id']))
|
egress_chain = ('ov{}{}'.format(ip_version, firewall['id']))
|
||||||
calls = [mock.call.remove_chain(
|
calls = [mock.call.remove_chain(
|
||||||
'iv%sfake-fw-uuid' % ip_version),
|
'iv%sfake-fw-uuid' % ip_version),
|
||||||
mock.call.remove_chain(
|
mock.call.remove_chain(
|
||||||
@ -308,10 +318,11 @@ class IptablesFwaasTestCase(base.BaseTestCase):
|
|||||||
|
|
||||||
for port_id in FAKE_PORT_IDS:
|
for port_id in FAKE_PORT_IDS:
|
||||||
for direction in ['o', 'i']:
|
for direction in ['o', 'i']:
|
||||||
mock.call.add_rule('FORWARD',
|
mock.call.add_rule(
|
||||||
'-%s qr-%s -j %s-fwaas-defau' % (port_id,
|
'FORWARD',
|
||||||
direction,
|
'-{} qr-{} -j {}-fwaas-defau'.format(port_id,
|
||||||
binary_name))
|
direction,
|
||||||
|
binary_name))
|
||||||
if ip_version == 4:
|
if ip_version == 4:
|
||||||
v4filter_inst = first_ri.iptables_manager.ipv4['filter']
|
v4filter_inst = first_ri.iptables_manager.ipv4['filter']
|
||||||
v4filter_inst.assert_has_calls(calls)
|
v4filter_inst.assert_has_calls(calls)
|
||||||
@ -377,19 +388,23 @@ class IptablesFwaasTestCase(base.BaseTestCase):
|
|||||||
first_ri.iptables_manager.ipv4['filter'].assert_has_calls(calls)
|
first_ri.iptables_manager.ipv4['filter'].assert_has_calls(calls)
|
||||||
|
|
||||||
def test_create_firewall_group_with_rules_dvr_snat(self):
|
def test_create_firewall_group_with_rules_dvr_snat(self):
|
||||||
self._setup_firewall_with_rules(self.firewall.create_firewall_group,
|
self._setup_firewall_with_rules(
|
||||||
|
self.firewall.create_firewall_group,
|
||||||
distributed=True, distributed_mode='dvr_snat')
|
distributed=True, distributed_mode='dvr_snat')
|
||||||
|
|
||||||
def test_update_firewall_group_with_rules_dvr_snat(self):
|
def test_update_firewall_group_with_rules_dvr_snat(self):
|
||||||
self._setup_firewall_with_rules(self.firewall.update_firewall_group,
|
self._setup_firewall_with_rules(
|
||||||
|
self.firewall.update_firewall_group,
|
||||||
distributed=True, distributed_mode='dvr_snat')
|
distributed=True, distributed_mode='dvr_snat')
|
||||||
|
|
||||||
def test_create_firewall_group_with_rules_dvr(self):
|
def test_create_firewall_group_with_rules_dvr(self):
|
||||||
self._setup_firewall_with_rules(self.firewall.create_firewall_group,
|
self._setup_firewall_with_rules(
|
||||||
|
self.firewall.create_firewall_group,
|
||||||
distributed=True, distributed_mode='dvr')
|
distributed=True, distributed_mode='dvr')
|
||||||
|
|
||||||
def test_update_firewall_group_with_rules_dvr(self):
|
def test_update_firewall_group_with_rules_dvr(self):
|
||||||
self._setup_firewall_with_rules(self.firewall.update_firewall_group,
|
self._setup_firewall_with_rules(
|
||||||
|
self.firewall.update_firewall_group,
|
||||||
distributed=True, distributed_mode='dvr')
|
distributed=True, distributed_mode='dvr')
|
||||||
|
|
||||||
def test_remove_conntrack_new_firewall(self):
|
def test_remove_conntrack_new_firewall(self):
|
||||||
@ -408,10 +423,10 @@ class IptablesFwaasTestCase(base.BaseTestCase):
|
|||||||
self.firewall.create_firewall_group(FW_LEGACY, apply_list, firewall)
|
self.firewall.create_firewall_group(FW_LEGACY, apply_list, firewall)
|
||||||
self.firewall.pre_firewall = dict(firewall)
|
self.firewall.pre_firewall = dict(firewall)
|
||||||
insert_rule = {'enabled': True,
|
insert_rule = {'enabled': True,
|
||||||
'action': 'deny',
|
'action': 'deny',
|
||||||
'ip_version': 4,
|
'ip_version': 4,
|
||||||
'protocol': 'icmp',
|
'protocol': 'icmp',
|
||||||
'id': 'fake-fw-rule'}
|
'id': 'fake-fw-rule'}
|
||||||
rule_list.insert(2, insert_rule)
|
rule_list.insert(2, insert_rule)
|
||||||
firewall = self._fake_firewall(rule_list)
|
firewall = self._fake_firewall(rule_list)
|
||||||
self.firewall.update_firewall_group(FW_LEGACY, apply_list, firewall)
|
self.firewall.update_firewall_group(FW_LEGACY, apply_list, firewall)
|
||||||
@ -492,10 +507,10 @@ class IptablesFwaasTestCase(base.BaseTestCase):
|
|||||||
firewall = self._fake_firewall(rule_list)
|
firewall = self._fake_firewall(rule_list)
|
||||||
self.firewall.create_firewall_group(FW_LEGACY, apply_list, firewall)
|
self.firewall.create_firewall_group(FW_LEGACY, apply_list, firewall)
|
||||||
income_rule = {'enabled': True,
|
income_rule = {'enabled': True,
|
||||||
'action': 'deny',
|
'action': 'deny',
|
||||||
'ip_version': 4,
|
'ip_version': 4,
|
||||||
'protocol': 'tcp',
|
'protocol': 'tcp',
|
||||||
'id': 'fake-fw-rule3'}
|
'id': 'fake-fw-rule3'}
|
||||||
rule_list[2] = income_rule
|
rule_list[2] = income_rule
|
||||||
firewall = self._fake_firewall(rule_list)
|
firewall = self._fake_firewall(rule_list)
|
||||||
self.firewall.update_firewall_group(FW_LEGACY, apply_list, firewall)
|
self.firewall.update_firewall_group(FW_LEGACY, apply_list, firewall)
|
||||||
|
|||||||
@ -96,7 +96,7 @@ ROUTER_NAMESPACE = 'qrouter-fake-namespace'
|
|||||||
|
|
||||||
class ConntrackLegacyTestCase(base.BaseTestCase):
|
class ConntrackLegacyTestCase(base.BaseTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(ConntrackLegacyTestCase, self).setUp()
|
super().setUp()
|
||||||
self.utils_exec = mock.Mock()
|
self.utils_exec = mock.Mock()
|
||||||
self.conntrack_driver = legacy_conntrack.ConntrackLegacy()
|
self.conntrack_driver = legacy_conntrack.ConntrackLegacy()
|
||||||
self.conntrack_driver.initialize(execute=self.utils_exec)
|
self.conntrack_driver.initialize(execute=self.utils_exec)
|
||||||
@ -135,7 +135,7 @@ class ConntrackLegacyTestCase(base.BaseTestCase):
|
|||||||
self.conntrack_driver._execute_command = mock.Mock(
|
self.conntrack_driver._execute_command = mock.Mock(
|
||||||
side_effect=get_contrack_entries)
|
side_effect=get_contrack_entries)
|
||||||
entries = self.conntrack_driver.list_entries(ROUTER_NAMESPACE)
|
entries = self.conntrack_driver.list_entries(ROUTER_NAMESPACE)
|
||||||
protocols = set([entry[1] for entry in entries])
|
protocols = {entry[1] for entry in entries}
|
||||||
supported_protocols = set(legacy_conntrack.ATTR_POSITIONS.keys())
|
supported_protocols = set(legacy_conntrack.ATTR_POSITIONS.keys())
|
||||||
self.assertTrue(protocols.issubset(supported_protocols))
|
self.assertTrue(protocols.issubset(supported_protocols))
|
||||||
|
|
||||||
|
|||||||
@ -69,7 +69,7 @@ ROUTER_NAMESPACE = 'qrouter-fake-namespace'
|
|||||||
|
|
||||||
class ConntrackNetlinkTestCase(base.BaseTestCase):
|
class ConntrackNetlinkTestCase(base.BaseTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(ConntrackNetlinkTestCase, self).setUp()
|
super().setUp()
|
||||||
self.conntrack_driver = netlink_conntrack.ConntrackNetlink()
|
self.conntrack_driver = netlink_conntrack.ConntrackNetlink()
|
||||||
self.conntrack_driver.initialize()
|
self.conntrack_driver.initialize()
|
||||||
nl_flush_entries = mock.patch('neutron_fwaas.privileged.'
|
nl_flush_entries = mock.patch('neutron_fwaas.privileged.'
|
||||||
@ -79,7 +79,7 @@ class ConntrackNetlinkTestCase(base.BaseTestCase):
|
|||||||
'netlink_lib.list_entries')
|
'netlink_lib.list_entries')
|
||||||
self.list_entries = nl_list_entries.start()
|
self.list_entries = nl_list_entries.start()
|
||||||
nl_delete_entries = mock.patch('neutron_fwaas.privileged.'
|
nl_delete_entries = mock.patch('neutron_fwaas.privileged.'
|
||||||
'netlink_lib.delete_entries')
|
'netlink_lib.delete_entries')
|
||||||
self.delete_entries = nl_delete_entries.start()
|
self.delete_entries = nl_delete_entries.start()
|
||||||
|
|
||||||
def test_flush_entries(self):
|
def test_flush_entries(self):
|
||||||
|
|||||||
@ -34,10 +34,10 @@ PORT4 = uuidutils.generate_uuid()
|
|||||||
HOST = 'fake_host'
|
HOST = 'fake_host'
|
||||||
|
|
||||||
|
|
||||||
class FakeFWaaSL2Agent(object):
|
class FakeFWaaSL2Agent:
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
super(FakeFWaaSL2Agent, self).__init__()
|
super().__init__()
|
||||||
|
|
||||||
def create(self, resource, attrs=None, minimal=False):
|
def create(self, resource, attrs=None, minimal=False):
|
||||||
"""Create a fake fwaas v2 resources
|
"""Create a fake fwaas v2 resources
|
||||||
|
|||||||
@ -31,7 +31,7 @@ from neutron_fwaas.tests.unit.services.firewall.service_drivers.agents.l2\
|
|||||||
class TestFWaasV2AgentExtensionBase(base.BaseTestCase):
|
class TestFWaasV2AgentExtensionBase(base.BaseTestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestFWaasV2AgentExtensionBase, self).setUp()
|
super().setUp()
|
||||||
|
|
||||||
self.fake = fake_data.FakeFWaaSL2Agent()
|
self.fake = fake_data.FakeFWaaSL2Agent()
|
||||||
self.port = self.fake.create('port')
|
self.port = self.fake.create('port')
|
||||||
@ -60,7 +60,7 @@ class TestFWaasV2AgentExtensionBase(base.BaseTestCase):
|
|||||||
class TestFWaasV2AgentExtension(TestFWaasV2AgentExtensionBase):
|
class TestFWaasV2AgentExtension(TestFWaasV2AgentExtensionBase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestFWaasV2AgentExtension, self).setUp()
|
super().setUp()
|
||||||
cfg.CONF.set_override('firewall_l2_driver', 'ovs', group='fwaas')
|
cfg.CONF.set_override('firewall_l2_driver', 'ovs', group='fwaas')
|
||||||
|
|
||||||
def test_initialize(self):
|
def test_initialize(self):
|
||||||
@ -77,7 +77,7 @@ class TestFWaasV2AgentExtension(TestFWaasV2AgentExtensionBase):
|
|||||||
class TestHandlePort(TestFWaasV2AgentExtensionBase):
|
class TestHandlePort(TestFWaasV2AgentExtensionBase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestHandlePort, self).setUp()
|
super().setUp()
|
||||||
self.rpc.get_firewall_group_for_port = mock.Mock(
|
self.rpc.get_firewall_group_for_port = mock.Mock(
|
||||||
return_value=self.fwg)
|
return_value=self.fwg)
|
||||||
self.l2._compute_status = mock.Mock(return_value=nl_consts.ACTIVE)
|
self.l2._compute_status = mock.Mock(return_value=nl_consts.ACTIVE)
|
||||||
@ -154,7 +154,7 @@ class TestHandlePort(TestFWaasV2AgentExtensionBase):
|
|||||||
class TestDeletePort(TestFWaasV2AgentExtensionBase):
|
class TestDeletePort(TestFWaasV2AgentExtensionBase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestDeletePort, self).setUp()
|
super().setUp()
|
||||||
self.l2._compute_status = mock.Mock(return_value=nl_consts.ACTIVE)
|
self.l2._compute_status = mock.Mock(return_value=nl_consts.ACTIVE)
|
||||||
self.l2._apply_fwg_rules = mock.Mock(return_value=True)
|
self.l2._apply_fwg_rules = mock.Mock(return_value=True)
|
||||||
self.l2._send_fwg_status = mock.Mock()
|
self.l2._send_fwg_status = mock.Mock()
|
||||||
@ -222,7 +222,7 @@ class TestDeletePort(TestFWaasV2AgentExtensionBase):
|
|||||||
class TestCreateFirewallGroup(TestFWaasV2AgentExtensionBase):
|
class TestCreateFirewallGroup(TestFWaasV2AgentExtensionBase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestCreateFirewallGroup, self).setUp()
|
super().setUp()
|
||||||
self.l2._apply_fwg_rules = mock.Mock(return_value=True)
|
self.l2._apply_fwg_rules = mock.Mock(return_value=True)
|
||||||
self.l2._compute_status = mock.Mock(return_value='ACTIVE')
|
self.l2._compute_status = mock.Mock(return_value='ACTIVE')
|
||||||
self.l2._send_fwg_status = mock.Mock()
|
self.l2._send_fwg_status = mock.Mock()
|
||||||
@ -304,7 +304,7 @@ class TestCreateFirewallGroup(TestFWaasV2AgentExtensionBase):
|
|||||||
class TestDeleteFirewallGroup(TestFWaasV2AgentExtensionBase):
|
class TestDeleteFirewallGroup(TestFWaasV2AgentExtensionBase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestDeleteFirewallGroup, self).setUp()
|
super().setUp()
|
||||||
self.l2._apply_fwg_rules = mock.Mock(return_value=True)
|
self.l2._apply_fwg_rules = mock.Mock(return_value=True)
|
||||||
self.l2._compute_status = mock.Mock(return_value='ACTIVE')
|
self.l2._compute_status = mock.Mock(return_value='ACTIVE')
|
||||||
self.l2._send_fwg_status = mock.Mock()
|
self.l2._send_fwg_status = mock.Mock()
|
||||||
@ -360,7 +360,7 @@ class TestDeleteFirewallGroup(TestFWaasV2AgentExtensionBase):
|
|||||||
class TestUpdateFirewallGroup(TestFWaasV2AgentExtensionBase):
|
class TestUpdateFirewallGroup(TestFWaasV2AgentExtensionBase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestUpdateFirewallGroup, self).setUp()
|
super().setUp()
|
||||||
self.l2._delete_firewall_group = mock.Mock()
|
self.l2._delete_firewall_group = mock.Mock()
|
||||||
self.l2._create_firewall_group = mock.Mock()
|
self.l2._create_firewall_group = mock.Mock()
|
||||||
self.l2._send_fwg_status = mock.Mock()
|
self.l2._send_fwg_status = mock.Mock()
|
||||||
@ -394,20 +394,20 @@ class TestUpdateFirewallGroup(TestFWaasV2AgentExtensionBase):
|
|||||||
class TestIsPortLayer2(TestFWaasV2AgentExtensionBase):
|
class TestIsPortLayer2(TestFWaasV2AgentExtensionBase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestIsPortLayer2, self).setUp()
|
super().setUp()
|
||||||
|
|
||||||
def test_vm_port(self):
|
def test_vm_port(self):
|
||||||
self.assertTrue(self.l2._is_port_layer2(self.port))
|
self.assertTrue(self.l2._is_port_layer2(self.port))
|
||||||
|
|
||||||
def test_not_vm_port(self):
|
def test_not_vm_port(self):
|
||||||
for device_owner in [nl_consts.DEVICE_OWNER_ROUTER_INTF,
|
for device_owner in [nl_consts.DEVICE_OWNER_ROUTER_INTF,
|
||||||
nl_consts.DEVICE_OWNER_ROUTER_GW,
|
nl_consts.DEVICE_OWNER_ROUTER_GW,
|
||||||
nl_consts.DEVICE_OWNER_DHCP,
|
nl_consts.DEVICE_OWNER_DHCP,
|
||||||
nl_consts.DEVICE_OWNER_DVR_INTERFACE,
|
nl_consts.DEVICE_OWNER_DVR_INTERFACE,
|
||||||
nl_consts.DEVICE_OWNER_AGENT_GW,
|
nl_consts.DEVICE_OWNER_AGENT_GW,
|
||||||
nl_consts.DEVICE_OWNER_ROUTER_SNAT,
|
nl_consts.DEVICE_OWNER_ROUTER_SNAT,
|
||||||
'unknown device_owner',
|
'unknown device_owner',
|
||||||
'']:
|
'']:
|
||||||
self.port['device_owner'] = device_owner
|
self.port['device_owner'] = device_owner
|
||||||
self.assertFalse(self.l2._is_port_layer2(self.port))
|
self.assertFalse(self.l2._is_port_layer2(self.port))
|
||||||
|
|
||||||
@ -419,7 +419,7 @@ class TestIsPortLayer2(TestFWaasV2AgentExtensionBase):
|
|||||||
class TestComputeStatus(TestFWaasV2AgentExtensionBase):
|
class TestComputeStatus(TestFWaasV2AgentExtensionBase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestComputeStatus, self).setUp()
|
super().setUp()
|
||||||
self.ports = list(self.fwg_with_rule['port_details'].values())
|
self.ports = list(self.fwg_with_rule['port_details'].values())
|
||||||
|
|
||||||
def test_normal(self):
|
def test_normal(self):
|
||||||
@ -530,9 +530,9 @@ class TestComputeStatus(TestFWaasV2AgentExtensionBase):
|
|||||||
class TestApplyFwgRules(TestFWaasV2AgentExtensionBase):
|
class TestApplyFwgRules(TestFWaasV2AgentExtensionBase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestApplyFwgRules, self).setUp()
|
super().setUp()
|
||||||
|
|
||||||
class DummyVlan(object):
|
class DummyVlan:
|
||||||
|
|
||||||
def __init__(self, vlan=None):
|
def __init__(self, vlan=None):
|
||||||
self.vlan = vlan
|
self.vlan = vlan
|
||||||
@ -591,7 +591,7 @@ class TestApplyFwgRules(TestFWaasV2AgentExtensionBase):
|
|||||||
class TestSendFwgStatus(TestFWaasV2AgentExtensionBase):
|
class TestSendFwgStatus(TestFWaasV2AgentExtensionBase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestSendFwgStatus, self).setUp()
|
super().setUp()
|
||||||
self.rpc.set_firewall_group_status = mock.Mock()
|
self.rpc.set_firewall_group_status = mock.Mock()
|
||||||
|
|
||||||
def test_success(self):
|
def test_success(self):
|
||||||
@ -607,9 +607,9 @@ class TestSendFwgStatus(TestFWaasV2AgentExtensionBase):
|
|||||||
class TestAddLocalVlanToPorts(TestFWaasV2AgentExtensionBase):
|
class TestAddLocalVlanToPorts(TestFWaasV2AgentExtensionBase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestAddLocalVlanToPorts, self).setUp()
|
super().setUp()
|
||||||
|
|
||||||
class DummyVlan(object):
|
class DummyVlan:
|
||||||
|
|
||||||
def __init__(self, vlan=None):
|
def __init__(self, vlan=None):
|
||||||
self.vlan = vlan
|
self.vlan = vlan
|
||||||
@ -671,7 +671,7 @@ class TestAddLocalVlanToPorts(TestFWaasV2AgentExtensionBase):
|
|||||||
class TestFWaaSL2PluginApi(TestFWaasV2AgentExtensionBase):
|
class TestFWaaSL2PluginApi(TestFWaasV2AgentExtensionBase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestFWaaSL2PluginApi, self).setUp()
|
super().setUp()
|
||||||
|
|
||||||
self.plugin = fwaas_v2.FWaaSL2PluginApi(
|
self.plugin = fwaas_v2.FWaaSL2PluginApi(
|
||||||
consts.FIREWALL_PLUGIN, self.host)
|
consts.FIREWALL_PLUGIN, self.host)
|
||||||
@ -710,7 +710,7 @@ class TestFWaaSL2PluginApi(TestFWaasV2AgentExtensionBase):
|
|||||||
class TestPortFirewallGroupMap(base.BaseTestCase):
|
class TestPortFirewallGroupMap(base.BaseTestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestPortFirewallGroupMap, self).setUp()
|
super().setUp()
|
||||||
self.fake = fake_data.FakeFWaaSL2Agent()
|
self.fake = fake_data.FakeFWaaSL2Agent()
|
||||||
self.map = fwaas_v2.PortFirewallGroupMap()
|
self.map = fwaas_v2.PortFirewallGroupMap()
|
||||||
self.fwg = self.fake.create('fwg')
|
self.fwg = self.fake.create('fwg')
|
||||||
|
|||||||
@ -35,7 +35,7 @@ from neutron_fwaas.tests.unit.services.firewall.service_drivers.agents \
|
|||||||
import test_firewall_agent_api
|
import test_firewall_agent_api
|
||||||
|
|
||||||
|
|
||||||
class FWaasHelper(object):
|
class FWaasHelper:
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@ -62,7 +62,7 @@ def _setup_test_agent_class(service_plugins):
|
|||||||
self.event_observers = mock.Mock()
|
self.event_observers = mock.Mock()
|
||||||
self.conf = conf
|
self.conf = conf
|
||||||
firewall_agent_api._check_required_agent_extension = mock.Mock()
|
firewall_agent_api._check_required_agent_extension = mock.Mock()
|
||||||
super(FWaasTestAgent, self).__init__(conf)
|
super().__init__(conf)
|
||||||
|
|
||||||
def delete_router(self, context, data):
|
def delete_router(self, context, data):
|
||||||
pass
|
pass
|
||||||
@ -72,7 +72,7 @@ def _setup_test_agent_class(service_plugins):
|
|||||||
|
|
||||||
class TestFWaaSL3AgentExtension(base.BaseTestCase):
|
class TestFWaaSL3AgentExtension(base.BaseTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestFWaaSL3AgentExtension, self).setUp()
|
super().setUp()
|
||||||
|
|
||||||
self.conf = cfg.ConfigOpts()
|
self.conf = cfg.ConfigOpts()
|
||||||
self.conf.register_opts(l3_config.OPTS)
|
self.conf.register_opts(l3_config.OPTS)
|
||||||
@ -129,10 +129,10 @@ class TestFWaaSL3AgentExtension(base.BaseTestCase):
|
|||||||
mock_driver_create_firewall_group.return_value = True
|
mock_driver_create_firewall_group.return_value = True
|
||||||
|
|
||||||
self.api.create_firewall_group(self.context, firewall_group,
|
self.api.create_firewall_group(self.context, firewall_group,
|
||||||
host='host')
|
host='host')
|
||||||
|
|
||||||
mock_get_firewall_group_ports.assert_called_once_with(self.context,
|
mock_get_firewall_group_ports.assert_called_once_with(
|
||||||
firewall_group)
|
self.context, firewall_group)
|
||||||
mock_get_in_ns_ports.assert_called
|
mock_get_in_ns_ports.assert_called
|
||||||
assert mock_get_in_ns_ports
|
assert mock_get_in_ns_ports
|
||||||
mock_set_firewall_group_status.assert_called_once_with(
|
mock_set_firewall_group_status.assert_called_once_with(
|
||||||
@ -145,7 +145,7 @@ class TestFWaaSL3AgentExtension(base.BaseTestCase):
|
|||||||
'add-port-ids': [1, 2],
|
'add-port-ids': [1, 2],
|
||||||
'del-port-ids': [3, 4],
|
'del-port-ids': [3, 4],
|
||||||
'router_ids': [],
|
'router_ids': [],
|
||||||
'last-port': False}
|
'last-port': False}
|
||||||
|
|
||||||
self.api.plugin_rpc = mock.Mock()
|
self.api.plugin_rpc = mock.Mock()
|
||||||
with mock.patch.object(self.api, '_get_firewall_group_ports'
|
with mock.patch.object(self.api, '_get_firewall_group_ports'
|
||||||
@ -170,10 +170,10 @@ class TestFWaaSL3AgentExtension(base.BaseTestCase):
|
|||||||
mock.call(self.context, firewall_group)]
|
mock.call(self.context, firewall_group)]
|
||||||
|
|
||||||
self.api.update_firewall_group(self.context, firewall_group,
|
self.api.update_firewall_group(self.context, firewall_group,
|
||||||
host='host')
|
host='host')
|
||||||
|
|
||||||
self.assertEqual(mock_get_firewall_group_ports.call_args_list,
|
self.assertEqual(mock_get_firewall_group_ports.call_args_list,
|
||||||
calls)
|
calls)
|
||||||
mock_get_in_ns_ports.assert_called
|
mock_get_in_ns_ports.assert_called
|
||||||
mock_set_firewall_group_status.assert_called_once_with(
|
mock_set_firewall_group_status.assert_called_once_with(
|
||||||
self.context, firewall_group['id'], 'ACTIVE')
|
self.context, firewall_group['id'], 'ACTIVE')
|
||||||
@ -202,7 +202,7 @@ class TestFWaaSL3AgentExtension(base.BaseTestCase):
|
|||||||
mock_driver_update_firewall_group.return_value = True
|
mock_driver_update_firewall_group.return_value = True
|
||||||
|
|
||||||
self.api.update_firewall_group(self.context, firewall_group,
|
self.api.update_firewall_group(self.context, firewall_group,
|
||||||
host='host')
|
host='host')
|
||||||
|
|
||||||
mock_get_firewall_group_ports.assert_called
|
mock_get_firewall_group_ports.assert_called
|
||||||
mock_get_in_ns_ports.assert_called
|
mock_get_in_ns_ports.assert_called
|
||||||
@ -232,7 +232,7 @@ class TestFWaaSL3AgentExtension(base.BaseTestCase):
|
|||||||
mock_driver_delete_firewall_group.return_value = True
|
mock_driver_delete_firewall_group.return_value = True
|
||||||
|
|
||||||
self.api.update_firewall_group(self.context, firewall_group,
|
self.api.update_firewall_group(self.context, firewall_group,
|
||||||
host='host')
|
host='host')
|
||||||
calls = [
|
calls = [
|
||||||
mock.call._get_firewall_group_ports(
|
mock.call._get_firewall_group_ports(
|
||||||
self.context, firewall_group, require_new_plugin=True,
|
self.context, firewall_group, require_new_plugin=True,
|
||||||
@ -268,7 +268,7 @@ class TestFWaaSL3AgentExtension(base.BaseTestCase):
|
|||||||
mock_driver_update_firewall_group.return_value = True
|
mock_driver_update_firewall_group.return_value = True
|
||||||
|
|
||||||
self.api.update_firewall_group(self.context, firewall_group,
|
self.api.update_firewall_group(self.context, firewall_group,
|
||||||
host='host')
|
host='host')
|
||||||
calls = [
|
calls = [
|
||||||
mock.call._get_firewall_group_ports(
|
mock.call._get_firewall_group_ports(
|
||||||
self.context, firewall_group, require_new_plugin=True,
|
self.context, firewall_group, require_new_plugin=True,
|
||||||
@ -304,7 +304,7 @@ class TestFWaaSL3AgentExtension(base.BaseTestCase):
|
|||||||
mock_driver_update_firewall_group.return_value = True
|
mock_driver_update_firewall_group.return_value = True
|
||||||
|
|
||||||
self.api.update_firewall_group(self.context, firewall_group,
|
self.api.update_firewall_group(self.context, firewall_group,
|
||||||
host='host')
|
host='host')
|
||||||
calls = [
|
calls = [
|
||||||
mock.call._get_firewall_group_ports(
|
mock.call._get_firewall_group_ports(
|
||||||
self.context, firewall_group, require_new_plugin=True,
|
self.context, firewall_group, require_new_plugin=True,
|
||||||
@ -413,13 +413,13 @@ class TestFWaaSL3AgentExtension(base.BaseTestCase):
|
|||||||
mock_driver_delete_firewall_group.return_value = True
|
mock_driver_delete_firewall_group.return_value = True
|
||||||
|
|
||||||
self.api.delete_firewall_group(self.context, firewall_group,
|
self.api.delete_firewall_group(self.context, firewall_group,
|
||||||
host='host')
|
host='host')
|
||||||
|
|
||||||
mock_get_firewall_group_ports.assert_called_once_with(
|
mock_get_firewall_group_ports.assert_called_once_with(
|
||||||
self.context, firewall_group, to_delete=True)
|
self.context, firewall_group, to_delete=True)
|
||||||
mock_get_in_ns_ports.assert_called
|
mock_get_in_ns_ports.assert_called
|
||||||
mock_firewall_group_deleted.assert_called_once_with(self.context,
|
mock_firewall_group_deleted.assert_called_once_with(
|
||||||
firewall_group['id'])
|
self.context, firewall_group['id'])
|
||||||
|
|
||||||
def _prepare_router_data(self):
|
def _prepare_router_data(self):
|
||||||
return router_info.RouterInfo(self.api,
|
return router_info.RouterInfo(self.api,
|
||||||
|
|||||||
@ -60,7 +60,7 @@ class FakeAgentApi(agents.FirewallAgentCallbacks):
|
|||||||
|
|
||||||
class TestFirewallAgentApi(base.BaseTestCase):
|
class TestFirewallAgentApi(base.BaseTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestFirewallAgentApi, self).setUp()
|
super().setUp()
|
||||||
|
|
||||||
self.api = agents.FirewallAgentApi('topic', 'host')
|
self.api = agents.FirewallAgentApi('topic', 'host')
|
||||||
|
|
||||||
@ -109,7 +109,7 @@ class TestAgentDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
'TestL3NatServicePlugin')
|
'TestL3NatServicePlugin')
|
||||||
l3_plugin = {'l3_plugin_name': l3_plugin_str}
|
l3_plugin = {'l3_plugin_name': l3_plugin_str}
|
||||||
common_conf.register_core_common_config_opts(cfg=cfg.CONF)
|
common_conf.register_core_common_config_opts(cfg=cfg.CONF)
|
||||||
super(TestAgentDriver, self).setUp(
|
super().setUp(
|
||||||
service_provider=FIREWALL_AGENT_PLUGIN_KLASS,
|
service_provider=FIREWALL_AGENT_PLUGIN_KLASS,
|
||||||
extra_service_plugins=l3_plugin,
|
extra_service_plugins=l3_plugin,
|
||||||
extra_extension_paths=neutron_extensions.__path__)
|
extra_extension_paths=neutron_extensions.__path__)
|
||||||
@ -132,7 +132,7 @@ class TestAgentDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
|
|
||||||
def _get_test_firewall_group_attrs(self, name,
|
def _get_test_firewall_group_attrs(self, name,
|
||||||
status=nl_constants.INACTIVE):
|
status=nl_constants.INACTIVE):
|
||||||
return super(TestAgentDriver, self)._get_test_firewall_group_attrs(
|
return super()._get_test_firewall_group_attrs(
|
||||||
name, status=status)
|
name, status=status)
|
||||||
|
|
||||||
def test_set_firewall_group_status(self):
|
def test_set_firewall_group_status(self):
|
||||||
@ -144,13 +144,13 @@ class TestAgentDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
admin_state_up=self.ADMIN_STATE_UP
|
admin_state_up=self.ADMIN_STATE_UP
|
||||||
) as fwg:
|
) as fwg:
|
||||||
fwg_id = fwg['firewall_group']['id']
|
fwg_id = fwg['firewall_group']['id']
|
||||||
res = self.callbacks.set_firewall_group_status(ctx, fwg_id,
|
res = self.callbacks.set_firewall_group_status(
|
||||||
nl_constants.ACTIVE)
|
ctx, fwg_id, nl_constants.ACTIVE)
|
||||||
fwg_db = self.plugin.get_firewall_group(ctx, fwg_id)
|
fwg_db = self.plugin.get_firewall_group(ctx, fwg_id)
|
||||||
self.assertEqual(nl_constants.ACTIVE, fwg_db['status'])
|
self.assertEqual(nl_constants.ACTIVE, fwg_db['status'])
|
||||||
self.assertTrue(res)
|
self.assertTrue(res)
|
||||||
res = self.callbacks.set_firewall_group_status(ctx, fwg_id,
|
res = self.callbacks.set_firewall_group_status(
|
||||||
nl_constants.ERROR)
|
ctx, fwg_id, nl_constants.ERROR)
|
||||||
fwg_db = self.plugin.get_firewall_group(ctx, fwg_id)
|
fwg_db = self.plugin.get_firewall_group(ctx, fwg_id)
|
||||||
self.assertEqual(nl_constants.ERROR, fwg_db['status'])
|
self.assertEqual(nl_constants.ERROR, fwg_db['status'])
|
||||||
self.assertFalse(res)
|
self.assertFalse(res)
|
||||||
@ -247,12 +247,12 @@ class TestAgentDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
egress_firewall_policy_id=fwp_id,
|
egress_firewall_policy_id=fwp_id,
|
||||||
admin_state_up=True) as fwg1:
|
admin_state_up=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.INACTIVE,
|
self.assertEqual(nl_constants.INACTIVE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
|
|
||||||
def test_create_firewall_group_with_ports(self):
|
def test_create_firewall_group_with_ports(self):
|
||||||
"""neutron firewall_group create test-policy """
|
"""neutron firewall_group create test-policy """
|
||||||
with self.router(name='router1', admin_state_up=True,
|
with self.router(name='router1', admin_state_up=True,
|
||||||
tenant_id=self._tenant_id) as r, \
|
tenant_id=self._tenant_id) as r, \
|
||||||
self.subnet() as s1, \
|
self.subnet() as s1, \
|
||||||
self.subnet(cidr='20.0.0.0/24') as s2:
|
self.subnet(cidr='20.0.0.0/24') as s2:
|
||||||
|
|
||||||
@ -278,12 +278,12 @@ class TestAgentDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
egress_firewall_policy_id=fwp_id, ports=fwg_ports,
|
egress_firewall_policy_id=fwp_id, ports=fwg_ports,
|
||||||
admin_state_up=True) as fwg1:
|
admin_state_up=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.PENDING_CREATE,
|
self.assertEqual(nl_constants.PENDING_CREATE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
|
|
||||||
def test_create_firewall_group_with_ports_on_diff_routers(self):
|
def test_create_firewall_group_with_ports_on_diff_routers(self):
|
||||||
"""neutron firewall_group create test-policy """
|
"""neutron firewall_group create test-policy """
|
||||||
with self.router(name='router1', admin_state_up=True,
|
with self.router(name='router1', admin_state_up=True,
|
||||||
tenant_id=self._tenant_id) as r, \
|
tenant_id=self._tenant_id) as r, \
|
||||||
self.subnet() as s1, \
|
self.subnet() as s1, \
|
||||||
self.subnet(cidr='20.0.0.0/24') as s2:
|
self.subnet(cidr='20.0.0.0/24') as s2:
|
||||||
body = self._router_interface_action(
|
body = self._router_interface_action(
|
||||||
@ -300,7 +300,7 @@ class TestAgentDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
port_id2 = body['port_id']
|
port_id2 = body['port_id']
|
||||||
|
|
||||||
with self.router(name='router1', admin_state_up=True,
|
with self.router(name='router1', admin_state_up=True,
|
||||||
tenant_id=self._tenant_id) as r2, \
|
tenant_id=self._tenant_id) as r2, \
|
||||||
self.subnet() as s3:
|
self.subnet() as s3:
|
||||||
|
|
||||||
body = self._router_interface_action(
|
body = self._router_interface_action(
|
||||||
@ -320,12 +320,12 @@ class TestAgentDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
ports=fwg_ports,
|
ports=fwg_ports,
|
||||||
admin_state_up=True) as fwg1:
|
admin_state_up=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.PENDING_CREATE,
|
self.assertEqual(nl_constants.PENDING_CREATE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
|
|
||||||
def test_create_firewall_group_with_ports_no_policy(self):
|
def test_create_firewall_group_with_ports_no_policy(self):
|
||||||
"""neutron firewall_group create test-policy """
|
"""neutron firewall_group create test-policy """
|
||||||
with self.router(name='router1', admin_state_up=True,
|
with self.router(name='router1', admin_state_up=True,
|
||||||
tenant_id=self._tenant_id) as r, \
|
tenant_id=self._tenant_id) as r, \
|
||||||
self.subnet() as s1, \
|
self.subnet() as s1, \
|
||||||
self.subnet(cidr='20.0.0.0/24') as s2:
|
self.subnet(cidr='20.0.0.0/24') as s2:
|
||||||
|
|
||||||
@ -349,12 +349,12 @@ class TestAgentDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
ports=fwg_ports,
|
ports=fwg_ports,
|
||||||
admin_state_up=True) as fwg1:
|
admin_state_up=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.INACTIVE,
|
self.assertEqual(nl_constants.INACTIVE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
|
|
||||||
def test_update_firewall_group_with_new_ports_no_policy(self):
|
def test_update_firewall_group_with_new_ports_no_policy(self):
|
||||||
"""neutron firewall_group create test-policy """
|
"""neutron firewall_group create test-policy """
|
||||||
with self.router(name='router1', admin_state_up=True,
|
with self.router(name='router1', admin_state_up=True,
|
||||||
tenant_id=self._tenant_id) as r, \
|
tenant_id=self._tenant_id) as r, \
|
||||||
self.subnet() as s1, \
|
self.subnet() as s1, \
|
||||||
self.subnet(cidr='20.0.0.0/24') as s2, \
|
self.subnet(cidr='20.0.0.0/24') as s2, \
|
||||||
self.subnet(cidr='30.0.0.0/24') as s3:
|
self.subnet(cidr='30.0.0.0/24') as s3:
|
||||||
@ -387,7 +387,7 @@ class TestAgentDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
ports=fwg_ports,
|
ports=fwg_ports,
|
||||||
admin_state_up=True) as fwg1:
|
admin_state_up=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.INACTIVE,
|
self.assertEqual(nl_constants.INACTIVE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
data = {'firewall_group': {'ports': [port_id2, port_id3]}}
|
data = {'firewall_group': {'ports': [port_id2, port_id3]}}
|
||||||
req = self.new_update_request('firewall_groups', data,
|
req = self.new_update_request('firewall_groups', data,
|
||||||
fwg1['firewall_group']['id'],
|
fwg1['firewall_group']['id'],
|
||||||
@ -404,7 +404,7 @@ class TestAgentDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
def test_update_firewall_group_with_new_ports_status_pending(self):
|
def test_update_firewall_group_with_new_ports_status_pending(self):
|
||||||
"""neutron firewall_group create test-policy """
|
"""neutron firewall_group create test-policy """
|
||||||
with self.router(name='router1', admin_state_up=True,
|
with self.router(name='router1', admin_state_up=True,
|
||||||
tenant_id=self._tenant_id) as r, \
|
tenant_id=self._tenant_id) as r, \
|
||||||
self.subnet() as s1, \
|
self.subnet() as s1, \
|
||||||
self.subnet(cidr='20.0.0.0/24') as s2, \
|
self.subnet(cidr='20.0.0.0/24') as s2, \
|
||||||
self.subnet(cidr='30.0.0.0/24') as s3:
|
self.subnet(cidr='30.0.0.0/24') as s3:
|
||||||
@ -439,7 +439,7 @@ class TestAgentDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
egress_firewall_policy_id=fwp_id, ports=fwg_ports,
|
egress_firewall_policy_id=fwp_id, ports=fwg_ports,
|
||||||
admin_state_up=True) as fwg1:
|
admin_state_up=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.PENDING_CREATE,
|
self.assertEqual(nl_constants.PENDING_CREATE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
data = {'firewall_group': {'ports': [port_id2, port_id3]}}
|
data = {'firewall_group': {'ports': [port_id2, port_id3]}}
|
||||||
req = self.new_update_request('firewall_groups', data,
|
req = self.new_update_request('firewall_groups', data,
|
||||||
fwg1['firewall_group']['id'])
|
fwg1['firewall_group']['id'])
|
||||||
@ -449,7 +449,7 @@ class TestAgentDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
def test_update_firewall_group_with_new_ports_status_active(self):
|
def test_update_firewall_group_with_new_ports_status_active(self):
|
||||||
"""neutron firewall_group create test-policy """
|
"""neutron firewall_group create test-policy """
|
||||||
with self.router(name='router1', admin_state_up=True,
|
with self.router(name='router1', admin_state_up=True,
|
||||||
tenant_id=self._tenant_id) as r, \
|
tenant_id=self._tenant_id) as r, \
|
||||||
self.subnet() as s1, \
|
self.subnet() as s1, \
|
||||||
self.subnet(cidr='20.0.0.0/24') as s2, \
|
self.subnet(cidr='20.0.0.0/24') as s2, \
|
||||||
self.subnet(cidr='30.0.0.0/24') as s3:
|
self.subnet(cidr='30.0.0.0/24') as s3:
|
||||||
@ -484,10 +484,11 @@ class TestAgentDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
egress_firewall_policy_id=fwp_id, ports=fwg_ports,
|
egress_firewall_policy_id=fwp_id, ports=fwg_ports,
|
||||||
admin_state_up=True) as fwg1:
|
admin_state_up=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.PENDING_CREATE,
|
self.assertEqual(nl_constants.PENDING_CREATE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
|
|
||||||
ctx = context.get_admin_context()
|
ctx = context.get_admin_context()
|
||||||
self.callbacks.set_firewall_group_status(ctx,
|
self.callbacks.set_firewall_group_status(
|
||||||
|
ctx,
|
||||||
fwg1['firewall_group']['id'], nl_constants.ACTIVE)
|
fwg1['firewall_group']['id'], nl_constants.ACTIVE)
|
||||||
data = {'firewall_group': {'ports': [port_id2, port_id3]}}
|
data = {'firewall_group': {'ports': [port_id2, port_id3]}}
|
||||||
req = self.new_update_request('firewall_groups', data,
|
req = self.new_update_request('firewall_groups', data,
|
||||||
@ -502,7 +503,7 @@ class TestAgentDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
name = "new_firewall_rule1"
|
name = "new_firewall_rule1"
|
||||||
attrs = self._get_test_firewall_rule_attrs(name)
|
attrs = self._get_test_firewall_rule_attrs(name)
|
||||||
with self.router(name='router1', admin_state_up=True,
|
with self.router(name='router1', admin_state_up=True,
|
||||||
tenant_id=self._tenant_id) as r, \
|
tenant_id=self._tenant_id) as r, \
|
||||||
self.subnet() as s1:
|
self.subnet() as s1:
|
||||||
|
|
||||||
body = self._router_interface_action(
|
body = self._router_interface_action(
|
||||||
@ -522,14 +523,16 @@ class TestAgentDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
egress_firewall_policy_id=fwp_id, ports=[port_id1],
|
egress_firewall_policy_id=fwp_id, ports=[port_id1],
|
||||||
admin_state_up=True) as fwg1:
|
admin_state_up=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.PENDING_CREATE,
|
self.assertEqual(nl_constants.PENDING_CREATE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
|
|
||||||
ctx = context.get_admin_context()
|
ctx = context.get_admin_context()
|
||||||
self.callbacks.set_firewall_group_status(ctx,
|
self.callbacks.set_firewall_group_status(
|
||||||
|
ctx,
|
||||||
fwg1['firewall_group']['id'], nl_constants.ACTIVE)
|
fwg1['firewall_group']['id'], nl_constants.ACTIVE)
|
||||||
data = {'firewall_rule': {'name': name}}
|
data = {'firewall_rule': {'name': name}}
|
||||||
req = self.new_update_request('firewall_rules', data,
|
req = self.new_update_request(
|
||||||
fwr['firewall_rule']['id'])
|
'firewall_rules',
|
||||||
|
data, fwr['firewall_rule']['id'])
|
||||||
res = self.deserialize(self.fmt,
|
res = self.deserialize(self.fmt,
|
||||||
req.get_response(self.ext_api))
|
req.get_response(self.ext_api))
|
||||||
for k, v in attrs.items():
|
for k, v in attrs.items():
|
||||||
@ -539,7 +542,7 @@ class TestAgentDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
"""update should fail"""
|
"""update should fail"""
|
||||||
name = "new_firewall_rule1"
|
name = "new_firewall_rule1"
|
||||||
with self.router(name='router1', admin_state_up=True,
|
with self.router(name='router1', admin_state_up=True,
|
||||||
tenant_id=self._tenant_id) as r, \
|
tenant_id=self._tenant_id) as r, \
|
||||||
self.subnet() as s1:
|
self.subnet() as s1:
|
||||||
|
|
||||||
body = self._router_interface_action(
|
body = self._router_interface_action(
|
||||||
@ -559,11 +562,12 @@ class TestAgentDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
egress_firewall_policy_id=fwp_id, ports=[port_id1],
|
egress_firewall_policy_id=fwp_id, ports=[port_id1],
|
||||||
admin_state_up=True) as fwg1:
|
admin_state_up=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.PENDING_CREATE,
|
self.assertEqual(nl_constants.PENDING_CREATE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
|
|
||||||
data = {'firewall_rule': {'name': name}}
|
data = {'firewall_rule': {'name': name}}
|
||||||
req = self.new_update_request('firewall_rules', data,
|
req = self.new_update_request(
|
||||||
fwr['firewall_rule']['id'])
|
'firewall_rules',
|
||||||
|
data, fwr['firewall_rule']['id'])
|
||||||
res = req.get_response(self.ext_api)
|
res = req.get_response(self.ext_api)
|
||||||
self.assertEqual(409, res.status_int)
|
self.assertEqual(409, res.status_int)
|
||||||
|
|
||||||
@ -627,7 +631,7 @@ class TestAgentDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
ports=fwg_ports,
|
ports=fwg_ports,
|
||||||
admin_state_up=True) as fwg1:
|
admin_state_up=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.INACTIVE,
|
self.assertEqual(nl_constants.INACTIVE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
fwp_id = fwp["firewall_policy"]["id"]
|
fwp_id = fwp["firewall_policy"]["id"]
|
||||||
|
|
||||||
data = {'firewall_group': {'ports': fwg_ports}}
|
data = {'firewall_group': {'ports': fwg_ports}}
|
||||||
|
|||||||
@ -66,7 +66,7 @@ class NoopFwaasDriverV2(fwaas_base_v2.FwaasDriverBase):
|
|||||||
|
|
||||||
class TestFWaaSAgentApi(base.BaseTestCase):
|
class TestFWaaSAgentApi(base.BaseTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestFWaaSAgentApi, self).setUp()
|
super().setUp()
|
||||||
|
|
||||||
self.api = api.FWaaSPluginApiMixin(
|
self.api = api.FWaaSPluginApiMixin(
|
||||||
'topic',
|
'topic',
|
||||||
|
|||||||
@ -27,7 +27,7 @@ FWAAS_NOP_DEVICE = ('neutron_fwaas.tests.unit.services.firewall.'
|
|||||||
class TestFirewallDeviceDriverLoading(base.BaseTestCase):
|
class TestFirewallDeviceDriverLoading(base.BaseTestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestFirewallDeviceDriverLoading, self).setUp()
|
super().setUp()
|
||||||
self.service = firewall_service.FirewallService()
|
self.service = firewall_service.FirewallService()
|
||||||
|
|
||||||
def test_loading_firewall_device_driver(self):
|
def test_loading_firewall_device_driver(self):
|
||||||
|
|||||||
@ -38,7 +38,7 @@ class TestOVNFwaasDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
l3_plugin_str = ('neutron.tests.unit.extensions.test_l3.'
|
l3_plugin_str = ('neutron.tests.unit.extensions.test_l3.'
|
||||||
'TestL3NatServicePlugin')
|
'TestL3NatServicePlugin')
|
||||||
l3_plugin = {'l3_plugin_name': l3_plugin_str}
|
l3_plugin = {'l3_plugin_name': l3_plugin_str}
|
||||||
super(TestOVNFwaasDriver, self).setUp(
|
super().setUp(
|
||||||
service_provider=OVN_FWAAS_DRIVER,
|
service_provider=OVN_FWAAS_DRIVER,
|
||||||
extra_service_plugins=l3_plugin,
|
extra_service_plugins=l3_plugin,
|
||||||
extra_extension_paths=neutron_extensions.__path__)
|
extra_extension_paths=neutron_extensions.__path__)
|
||||||
@ -68,11 +68,11 @@ class TestOVNFwaasDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
admin_state_up=True,
|
admin_state_up=True,
|
||||||
as_admin=True) as fwg1:
|
as_admin=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.INACTIVE,
|
self.assertEqual(nl_constants.INACTIVE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
|
|
||||||
def test_create_firewall_group_with_ports(self):
|
def test_create_firewall_group_with_ports(self):
|
||||||
with self.router(name='router1', admin_state_up=True,
|
with self.router(name='router1', admin_state_up=True,
|
||||||
tenant_id=self._tenant_id, as_admin=True) as r, \
|
tenant_id=self._tenant_id, as_admin=True) as r, \
|
||||||
self.subnet(as_admin=True) as s1, \
|
self.subnet(as_admin=True) as s1, \
|
||||||
self.subnet(cidr='20.0.0.0/24', as_admin=True) as s2:
|
self.subnet(cidr='20.0.0.0/24', as_admin=True) as s2:
|
||||||
body = self._router_interface_action(
|
body = self._router_interface_action(
|
||||||
@ -108,7 +108,7 @@ class TestOVNFwaasDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
|
|
||||||
def test_update_firewall_group_with_new_ports(self):
|
def test_update_firewall_group_with_new_ports(self):
|
||||||
with self.router(name='router1', admin_state_up=True,
|
with self.router(name='router1', admin_state_up=True,
|
||||||
tenant_id=self._tenant_id, as_admin=True) as r, \
|
tenant_id=self._tenant_id, as_admin=True) as r, \
|
||||||
self.subnet(as_admin=True) as s1, \
|
self.subnet(as_admin=True) as s1, \
|
||||||
self.subnet(cidr='20.0.0.0/24', as_admin=True) as s2, \
|
self.subnet(cidr='20.0.0.0/24', as_admin=True) as s2, \
|
||||||
self.subnet(cidr='30.0.0.0/24', as_admin=True) as s3:
|
self.subnet(cidr='30.0.0.0/24', as_admin=True) as s3:
|
||||||
@ -149,7 +149,7 @@ class TestOVNFwaasDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
ports=fwg_ports, admin_state_up=True,
|
ports=fwg_ports, admin_state_up=True,
|
||||||
do_delete=False, as_admin=True) as fwg1:
|
do_delete=False, as_admin=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.ACTIVE,
|
self.assertEqual(nl_constants.ACTIVE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
data = {'firewall_group': {'ports': [port_id2, port_id3]}}
|
data = {'firewall_group': {'ports': [port_id2, port_id3]}}
|
||||||
req = self.new_update_request('firewall_groups', data,
|
req = self.new_update_request('firewall_groups', data,
|
||||||
fwg1['firewall_group']['id'],
|
fwg1['firewall_group']['id'],
|
||||||
@ -202,7 +202,7 @@ class TestOVNFwaasDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
do_delete=False,
|
do_delete=False,
|
||||||
as_admin=True) as fwg1:
|
as_admin=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.ACTIVE,
|
self.assertEqual(nl_constants.ACTIVE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
|
|
||||||
fwp_id = fwp["firewall_policy"]["id"]
|
fwp_id = fwp["firewall_policy"]["id"]
|
||||||
data = {'firewall_group': {'ports': fwg_ports}}
|
data = {'firewall_group': {'ports': fwg_ports}}
|
||||||
@ -254,7 +254,7 @@ class TestOVNFwaasDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
do_delete=False,
|
do_delete=False,
|
||||||
as_admin=True) as fwg1:
|
as_admin=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.INACTIVE,
|
self.assertEqual(nl_constants.INACTIVE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
|
|
||||||
new_rules = [fwr_id, fwr2_id, fwr3_id]
|
new_rules = [fwr_id, fwr2_id, fwr3_id]
|
||||||
data = {'firewall_policy': {'firewall_rules':
|
data = {'firewall_policy': {'firewall_rules':
|
||||||
@ -290,7 +290,7 @@ class TestOVNFwaasDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
do_delete=False,
|
do_delete=False,
|
||||||
as_admin=True) as fwg1:
|
as_admin=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.INACTIVE,
|
self.assertEqual(nl_constants.INACTIVE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
|
|
||||||
data = {'firewall_rule': {'enabled': False}}
|
data = {'firewall_rule': {'enabled': False}}
|
||||||
req = (self.
|
req = (self.
|
||||||
@ -325,7 +325,7 @@ class TestOVNFwaasDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
do_delete=False,
|
do_delete=False,
|
||||||
as_admin=True) as fwg1:
|
as_admin=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.INACTIVE,
|
self.assertEqual(nl_constants.INACTIVE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
|
|
||||||
data = {'firewall_rule': {'enabled': True}}
|
data = {'firewall_rule': {'enabled': True}}
|
||||||
req = (self.
|
req = (self.
|
||||||
@ -361,7 +361,7 @@ class TestOVNFwaasDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
do_delete=False,
|
do_delete=False,
|
||||||
as_admin=True) as fwg1:
|
as_admin=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.INACTIVE,
|
self.assertEqual(nl_constants.INACTIVE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
|
|
||||||
data = {'firewall_rule': {'action': 'deny'}}
|
data = {'firewall_rule': {'action': 'deny'}}
|
||||||
req = (self.
|
req = (self.
|
||||||
@ -398,7 +398,7 @@ class TestOVNFwaasDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
do_delete=False,
|
do_delete=False,
|
||||||
as_admin=True) as fwg1:
|
as_admin=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.INACTIVE,
|
self.assertEqual(nl_constants.INACTIVE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
|
|
||||||
data = {'firewall_rule_id': fwr2_id,
|
data = {'firewall_rule_id': fwr2_id,
|
||||||
'insert_after': fwr_id}
|
'insert_after': fwr_id}
|
||||||
@ -436,7 +436,7 @@ class TestOVNFwaasDriver(test_fwaas_plugin_v2.FirewallPluginV2TestCase,
|
|||||||
do_delete=False,
|
do_delete=False,
|
||||||
as_admin=True) as fwg1:
|
as_admin=True) as fwg1:
|
||||||
self.assertEqual(nl_constants.INACTIVE,
|
self.assertEqual(nl_constants.INACTIVE,
|
||||||
fwg1['firewall_group']['status'])
|
fwg1['firewall_group']['status'])
|
||||||
|
|
||||||
data = {'firewall_rule_id': fwr2_id}
|
data = {'firewall_rule_id': fwr2_id}
|
||||||
req = (self.
|
req = (self.
|
||||||
|
|||||||
@ -30,7 +30,7 @@ class FireWallDriverDBMixinTestCase(test_fwaas_plugin_v2.
|
|||||||
def setUp(self):
|
def setUp(self):
|
||||||
provider = ('neutron_fwaas.services.firewall.service_drivers.'
|
provider = ('neutron_fwaas.services.firewall.service_drivers.'
|
||||||
'driver_api.FirewallDriverDB')
|
'driver_api.FirewallDriverDB')
|
||||||
super(FireWallDriverDBMixinTestCase, self).setUp(
|
super().setUp(
|
||||||
service_provider=provider)
|
service_provider=provider)
|
||||||
self._mp_registry_publish = mock.patch(
|
self._mp_registry_publish = mock.patch(
|
||||||
'neutron_lib.callbacks.registry.publish')
|
'neutron_lib.callbacks.registry.publish')
|
||||||
|
|||||||
@ -37,8 +37,8 @@ from neutron_fwaas.services.firewall.service_drivers.driver_api import \
|
|||||||
|
|
||||||
|
|
||||||
def http_client_error(req, res):
|
def http_client_error(req, res):
|
||||||
explanation = "Request '%s %s %s' failed: %s" % (req.method, req.url,
|
explanation = "Request '{} {} {}' failed: {}".format(req.method, req.url,
|
||||||
req.body, res.body)
|
req.body, res.body)
|
||||||
return webob.exc.HTTPClientError(code=res.status_int,
|
return webob.exc.HTTPClientError(code=res.status_int,
|
||||||
explanation=explanation)
|
explanation=explanation)
|
||||||
|
|
||||||
@ -65,10 +65,10 @@ class FirewallPluginV2TestCase(test_db_plugin.NeutronDbPluginV2TestCase):
|
|||||||
ADMIN_STATE_UP = True
|
ADMIN_STATE_UP = True
|
||||||
SHARED = True
|
SHARED = True
|
||||||
|
|
||||||
resource_prefix_map = dict(
|
resource_prefix_map = {
|
||||||
(k, firewall_v2.API_PREFIX)
|
k: firewall_v2.API_PREFIX
|
||||||
for k in firewall_v2.RESOURCE_ATTRIBUTE_MAP.keys()
|
for k in firewall_v2.RESOURCE_ATTRIBUTE_MAP.keys()
|
||||||
)
|
}
|
||||||
|
|
||||||
def setUp(self, service_provider=None, core_plugin=None,
|
def setUp(self, service_provider=None, core_plugin=None,
|
||||||
extra_service_plugins=None, extra_extension_paths=None):
|
extra_service_plugins=None, extra_extension_paths=None):
|
||||||
@ -109,7 +109,7 @@ class FirewallPluginV2TestCase(test_db_plugin.NeutronDbPluginV2TestCase):
|
|||||||
plugins,
|
plugins,
|
||||||
)
|
)
|
||||||
|
|
||||||
super(FirewallPluginV2TestCase, self).setUp(
|
super().setUp(
|
||||||
plugin=core_plugin,
|
plugin=core_plugin,
|
||||||
service_plugins=service_plugins,
|
service_plugins=service_plugins,
|
||||||
ext_mgr=ext_mgr,
|
ext_mgr=ext_mgr,
|
||||||
@ -339,11 +339,12 @@ class FirewallPluginV2TestCase(test_db_plugin.NeutronDbPluginV2TestCase):
|
|||||||
firewall_policy = self.deserialize(fmt or self.fmt, res)
|
firewall_policy = self.deserialize(fmt or self.fmt, res)
|
||||||
fwp_id = firewall_policy["firewall_policy"]["id"]
|
fwp_id = firewall_policy["firewall_policy"]["id"]
|
||||||
ingress_firewall_policy_id = fwp_id
|
ingress_firewall_policy_id = fwp_id
|
||||||
data = {'firewall_group': {'name': name,
|
data = {'firewall_group': {
|
||||||
'description': description,
|
'name': name,
|
||||||
'ingress_firewall_policy_id': ingress_firewall_policy_id,
|
'description': description,
|
||||||
'egress_firewall_policy_id': egress_firewall_policy_id,
|
'ingress_firewall_policy_id': ingress_firewall_policy_id,
|
||||||
'admin_state_up': admin_state_up}}
|
'egress_firewall_policy_id': egress_firewall_policy_id,
|
||||||
|
'admin_state_up': admin_state_up}}
|
||||||
ctx = kwargs.get('context', None)
|
ctx = kwargs.get('context', None)
|
||||||
if ctx is None or ctx.is_admin:
|
if ctx is None or ctx.is_admin:
|
||||||
tenant_id = kwargs.get('tenant_id', self._tenant_id)
|
tenant_id = kwargs.get('tenant_id', self._tenant_id)
|
||||||
@ -663,7 +664,7 @@ class TestAutomaticAssociation(TestFirewallPluginBasev2):
|
|||||||
def setUp(self):
|
def setUp(self):
|
||||||
# TODO(yushiro): Replace constant value for this test class
|
# TODO(yushiro): Replace constant value for this test class
|
||||||
# Set auto association fwg
|
# Set auto association fwg
|
||||||
super(TestAutomaticAssociation, self).setUp()
|
super().setUp()
|
||||||
|
|
||||||
def test_vm_port(self):
|
def test_vm_port(self):
|
||||||
port = {
|
port = {
|
||||||
|
|||||||
@ -35,7 +35,7 @@ class FakeDriver(log_base_driver.DriverBase):
|
|||||||
class TestDriverBase(base.BaseTestCase):
|
class TestDriverBase(base.BaseTestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestDriverBase, self).setUp()
|
super().setUp()
|
||||||
self.driver = FakeDriver.create()
|
self.driver = FakeDriver.create()
|
||||||
|
|
||||||
def test_is_vif_type_compatible(self):
|
def test_is_vif_type_compatible(self):
|
||||||
|
|||||||
@ -37,15 +37,15 @@ FAKE_BURST = 25
|
|||||||
class TestLogPrefix(base.BaseTestCase):
|
class TestLogPrefix(base.BaseTestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestLogPrefix, self).setUp()
|
super().setUp()
|
||||||
self.log_prefix = log.LogPrefix(FAKE_PORT_ID,
|
self.log_prefix = log.LogPrefix(FAKE_PORT_ID,
|
||||||
'fake_event',
|
'fake_event',
|
||||||
FAKE_PROJECT_ID)
|
FAKE_PROJECT_ID)
|
||||||
self.log_prefix.log_object_refs = set([FAKE_LOG_ID])
|
self.log_prefix.log_object_refs = {FAKE_LOG_ID}
|
||||||
|
|
||||||
def test_add_log_obj_ref(self):
|
def test_add_log_obj_ref(self):
|
||||||
added_log_id = test_base._uuid
|
added_log_id = test_base._uuid
|
||||||
expected_log_obj_ref = set([FAKE_LOG_ID, added_log_id])
|
expected_log_obj_ref = {FAKE_LOG_ID, added_log_id}
|
||||||
self.log_prefix.add_log_obj_ref(added_log_id)
|
self.log_prefix.add_log_obj_ref(added_log_id)
|
||||||
self.assertEqual(expected_log_obj_ref, self.log_prefix.log_object_refs)
|
self.assertEqual(expected_log_obj_ref, self.log_prefix.log_object_refs)
|
||||||
|
|
||||||
@ -63,7 +63,7 @@ class TestLogPrefix(base.BaseTestCase):
|
|||||||
class BaseIptablesLogTestCase(base.BaseTestCase):
|
class BaseIptablesLogTestCase(base.BaseTestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(BaseIptablesLogTestCase, self).setUp()
|
super().setUp()
|
||||||
self.iptables_manager_patch = mock.patch(
|
self.iptables_manager_patch = mock.patch(
|
||||||
'neutron.agent.linux.iptables_manager.IptablesManager')
|
'neutron.agent.linux.iptables_manager.IptablesManager')
|
||||||
self.iptables_manager_mock = self.iptables_manager_patch.start()
|
self.iptables_manager_mock = self.iptables_manager_patch.start()
|
||||||
@ -135,13 +135,13 @@ class BaseIptablesLogTestCase(base.BaseTestCase):
|
|||||||
self.log_driver.ipt_mgr_list = self._fake_ipt_mgr_list(f_router_ids)
|
self.log_driver.ipt_mgr_list = self._fake_ipt_mgr_list(f_router_ids)
|
||||||
|
|
||||||
# Test with a port is delete from router
|
# Test with a port is delete from router
|
||||||
self.log_driver.unused_port_ids = set(['r1_port1'])
|
self.log_driver.unused_port_ids = {'r1_port1'}
|
||||||
self.log_driver._cleanup_unused_ipt_mgrs()
|
self.log_driver._cleanup_unused_ipt_mgrs()
|
||||||
self.assertEqual(set(), self.log_driver.unused_port_ids)
|
self.assertEqual(set(), self.log_driver.unused_port_ids)
|
||||||
self.assertIsNone(self.log_driver.ipt_mgr_list['r1'].get('r1_port1'))
|
self.assertIsNone(self.log_driver.ipt_mgr_list['r1'].get('r1_port1'))
|
||||||
|
|
||||||
# Test with all ports are deleted from router
|
# Test with all ports are deleted from router
|
||||||
self.log_driver.unused_port_ids = set(['r2_port1', 'r2_port2'])
|
self.log_driver.unused_port_ids = {'r2_port1', 'r2_port2'}
|
||||||
self.log_driver._cleanup_unused_ipt_mgrs()
|
self.log_driver._cleanup_unused_ipt_mgrs()
|
||||||
self.assertEqual(set(), self.log_driver.unused_port_ids)
|
self.assertEqual(set(), self.log_driver.unused_port_ids)
|
||||||
self.assertIsNone(self.log_driver.ipt_mgr_list.get('r2'))
|
self.assertIsNone(self.log_driver.ipt_mgr_list.get('r2'))
|
||||||
@ -245,7 +245,7 @@ class BaseIptablesLogTestCase(base.BaseTestCase):
|
|||||||
# Test with prefix already added into prefixes_table
|
# Test with prefix already added into prefixes_table
|
||||||
self.log_driver._add_nflog_rules_accepted(ipt_mgr, f_port_log)
|
self.log_driver._add_nflog_rules_accepted(ipt_mgr, f_port_log)
|
||||||
self.log_driver._add_rules_to_chain_v4v6.assert_not_called()
|
self.log_driver._add_rules_to_chain_v4v6.assert_not_called()
|
||||||
self.assertEqual(set(['fake_log_id']),
|
self.assertEqual({'fake_log_id'},
|
||||||
f_accept_prefix.log_object_refs)
|
f_accept_prefix.log_object_refs)
|
||||||
|
|
||||||
# Test with prefixes_tables does not include the prefix
|
# Test with prefixes_tables does not include the prefix
|
||||||
@ -260,7 +260,7 @@ class BaseIptablesLogTestCase(base.BaseTestCase):
|
|||||||
assert_called_once_with(ipt_mgr, 'accepted',
|
assert_called_once_with(ipt_mgr, 'accepted',
|
||||||
v4_rules, v6_rules,
|
v4_rules, v6_rules,
|
||||||
wrap=True, top=True, tag=prefix.id)
|
wrap=True, top=True, tag=prefix.id)
|
||||||
self.assertEqual(set(['fake_log_id']),
|
self.assertEqual({'fake_log_id'},
|
||||||
prefix.log_object_refs)
|
prefix.log_object_refs)
|
||||||
|
|
||||||
def test_add_nflog_rules_dropped(self):
|
def test_add_nflog_rules_dropped(self):
|
||||||
@ -283,7 +283,7 @@ class BaseIptablesLogTestCase(base.BaseTestCase):
|
|||||||
# Test with prefix already added into prefixes_table
|
# Test with prefix already added into prefixes_table
|
||||||
self.log_driver._add_log_rules_dropped(ipt_mgr, f_port_log)
|
self.log_driver._add_log_rules_dropped(ipt_mgr, f_port_log)
|
||||||
self.log_driver._add_rules_to_chain_v4v6.assert_not_called()
|
self.log_driver._add_rules_to_chain_v4v6.assert_not_called()
|
||||||
self.assertEqual(set(['fake_log_id']),
|
self.assertEqual({'fake_log_id'},
|
||||||
f_drop_prefix.log_object_refs)
|
f_drop_prefix.log_object_refs)
|
||||||
|
|
||||||
# Test with prefixes_tables does not include the prefix
|
# Test with prefixes_tables does not include the prefix
|
||||||
@ -302,7 +302,7 @@ class BaseIptablesLogTestCase(base.BaseTestCase):
|
|||||||
]
|
]
|
||||||
self.log_driver._add_rules_to_chain_v4v6.\
|
self.log_driver._add_rules_to_chain_v4v6.\
|
||||||
assert_has_calls(calls)
|
assert_has_calls(calls)
|
||||||
self.assertEqual(set(['fake_log_id']),
|
self.assertEqual({'fake_log_id'},
|
||||||
prefix.log_object_refs)
|
prefix.log_object_refs)
|
||||||
|
|
||||||
def _fake_port_log(self, log_id, event, port_id):
|
def _fake_port_log(self, log_id, event, port_id):
|
||||||
@ -318,8 +318,8 @@ class BaseIptablesLogTestCase(base.BaseTestCase):
|
|||||||
'-j NFLOG --nflog-prefix %s'
|
'-j NFLOG --nflog-prefix %s'
|
||||||
% (device, FAKE_RATE, FAKE_BURST, tag)]
|
% (device, FAKE_RATE, FAKE_BURST, tag)]
|
||||||
v4_nflog_rule += ['-o %s -m limit --limit %s/sec --limit-burst %s '
|
v4_nflog_rule += ['-o %s -m limit --limit %s/sec --limit-burst %s '
|
||||||
'-j NFLOG --nflog-prefix %s'
|
'-j NFLOG --nflog-prefix %s'
|
||||||
% (device, FAKE_RATE, FAKE_BURST, tag)]
|
% (device, FAKE_RATE, FAKE_BURST, tag)]
|
||||||
v6_nflog_rule = ['-i %s -m limit --limit %s/sec --limit-burst %s '
|
v6_nflog_rule = ['-i %s -m limit --limit %s/sec --limit-burst %s '
|
||||||
'-j NFLOG --nflog-prefix %s'
|
'-j NFLOG --nflog-prefix %s'
|
||||||
% (device, FAKE_RATE, FAKE_BURST, tag)]
|
% (device, FAKE_RATE, FAKE_BURST, tag)]
|
||||||
|
|||||||
@ -27,7 +27,7 @@ from neutron_fwaas.services.logapi.agents.l3 import fwg_log
|
|||||||
class FWaaSL3LoggingExtensionInitializeTestCase(base.L3LoggingExtBaseTestCase):
|
class FWaaSL3LoggingExtensionInitializeTestCase(base.L3LoggingExtBaseTestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(FWaaSL3LoggingExtensionInitializeTestCase, self).setUp()
|
super().setUp()
|
||||||
self.fw_l3_log_ext = fwg_log.FWaaSL3LoggingExtension()
|
self.fw_l3_log_ext = fwg_log.FWaaSL3LoggingExtension()
|
||||||
self.fw_l3_log_ext.consume_api(self.agent_api)
|
self.fw_l3_log_ext.consume_api(self.agent_api)
|
||||||
|
|
||||||
|
|||||||
@ -20,7 +20,7 @@ from neutron.tests.unit import testlib_api
|
|||||||
|
|
||||||
class BaseLogTestCase(testlib_api.SqlTestCase):
|
class BaseLogTestCase(testlib_api.SqlTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(BaseLogTestCase, self).setUp()
|
super().setUp()
|
||||||
|
|
||||||
with mock.patch.object(
|
with mock.patch.object(
|
||||||
resource_manager.ResourceCallbacksManager, '_singleton',
|
resource_manager.ResourceCallbacksManager, '_singleton',
|
||||||
|
|||||||
@ -54,7 +54,7 @@ def fake_register():
|
|||||||
class TestFirewallGroupRuleCallback(base.BaseTestCase):
|
class TestFirewallGroupRuleCallback(base.BaseTestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestFirewallGroupRuleCallback, self).setUp()
|
super().setUp()
|
||||||
self.driver_manager = driver_mgr.LoggingServiceDriverManager()
|
self.driver_manager = driver_mgr.LoggingServiceDriverManager()
|
||||||
self.fwg_callback = fwg_callback.FirewallGroupCallBack(mock.Mock(),
|
self.fwg_callback = fwg_callback.FirewallGroupCallBack(mock.Mock(),
|
||||||
mock.Mock())
|
mock.Mock())
|
||||||
|
|||||||
@ -70,7 +70,7 @@ def _fake_port_object(port_id, device_owner, status,
|
|||||||
class LoggingRpcCallbackTestCase(base.BaseTestCase):
|
class LoggingRpcCallbackTestCase(base.BaseTestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(LoggingRpcCallbackTestCase, self).setUp()
|
super().setUp()
|
||||||
self.context = mock.Mock()
|
self.context = mock.Mock()
|
||||||
self.rpc_callback = server_rpc.LoggingApiSkeleton()
|
self.rpc_callback = server_rpc.LoggingApiSkeleton()
|
||||||
|
|
||||||
@ -282,7 +282,7 @@ class LoggingRpcCallbackTestCase(base.BaseTestCase):
|
|||||||
unbound_resource = uuidutils.generate_uuid()
|
unbound_resource = uuidutils.generate_uuid()
|
||||||
resource_log = _create_log_object(tenant_id, unbound_resource)
|
resource_log = _create_log_object(tenant_id, unbound_resource)
|
||||||
target_log = _create_log_object(tenant_id, unbound_resource,
|
target_log = _create_log_object(tenant_id, unbound_resource,
|
||||||
target_id)
|
target_id)
|
||||||
log_objs = [log, target_log, resource_log]
|
log_objs = [log, target_log, resource_log]
|
||||||
|
|
||||||
with mock.patch.object(log_object.Log, 'get_objects',
|
with mock.patch.object(log_object.Log, 'get_objects',
|
||||||
|
|||||||
@ -54,7 +54,7 @@ def fake_register():
|
|||||||
class TestFirewallGroupRuleCallback(base.BaseTestCase):
|
class TestFirewallGroupRuleCallback(base.BaseTestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestFirewallGroupRuleCallback, self).setUp()
|
super().setUp()
|
||||||
self.driver_manager = driver_mgr.LoggingServiceDriverManager()
|
self.driver_manager = driver_mgr.LoggingServiceDriverManager()
|
||||||
self.port_callback = port_callback.NeutronPortCallBack(mock.Mock(),
|
self.port_callback = port_callback.NeutronPortCallBack(mock.Mock(),
|
||||||
mock.Mock())
|
mock.Mock())
|
||||||
|
|||||||
@ -30,7 +30,7 @@ class TestFWGLogRequestValidations(base.BaseTestCase):
|
|||||||
"""Test validator for a log creation request"""
|
"""Test validator for a log creation request"""
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestFWGLogRequestValidations, self).setUp()
|
super().setUp()
|
||||||
fwg_validate.fwg_plugin = mock.Mock()
|
fwg_validate.fwg_plugin = mock.Mock()
|
||||||
fwg_validate.fwg_plugin.driver = mock.Mock()
|
fwg_validate.fwg_plugin.driver = mock.Mock()
|
||||||
fwg_validate.fwg_plugin.driver.firewall_db = mock.Mock()
|
fwg_validate.fwg_plugin.driver.firewall_db = mock.Mock()
|
||||||
|
|||||||
@ -1,4 +1,3 @@
|
|||||||
# -*- coding: utf-8 -*-
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
# you may not use this file except in compliance with the License.
|
# you may not use this file except in compliance with the License.
|
||||||
# You may obtain a copy of the License at
|
# You may obtain a copy of the License at
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user