Adopt to latest VlanManager and oslo.db changes
The work for making routed networks work with multiple segments per host, introduced new signature for VlanManager.get, requesting segmentation_id, make neutron-fwaas code compatible with it. With oslo.db 12.1.0 some unit tests started to fail, with using the CONTEXT_R/W session we can fix it. Adopt dsvm-functional target name as [0] changed in Neutron, so the new name of the target is dsvm-functional-gate. [0]: https://review.opendev.org/c/openstack/neutron/+/856262 Change-Id: Ie7459974f6f2358c8d9c37e66aa9cda530ecefc0 Related-Bug: #1956435 Related-Bug: #1764738
This commit is contained in:
parent
965ac6bcdb
commit
553e6b6411
|
@ -354,7 +354,7 @@ class FirewallPluginDb(object):
|
||||||
|
|
||||||
def _process_rule_for_policy(self, context, firewall_policy_id,
|
def _process_rule_for_policy(self, context, firewall_policy_id,
|
||||||
firewall_rule_id, position, association_db):
|
firewall_rule_id, position, association_db):
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_READER.using(context):
|
||||||
fwp_query = context.session.query(
|
fwp_query = context.session.query(
|
||||||
FirewallPolicy).with_for_update()
|
FirewallPolicy).with_for_update()
|
||||||
fwp_db = fwp_query.filter_by(id=firewall_policy_id).one()
|
fwp_db = fwp_query.filter_by(id=firewall_policy_id).one()
|
||||||
|
@ -483,7 +483,7 @@ class FirewallPluginDb(object):
|
||||||
fwr['source_port'])
|
fwr['source_port'])
|
||||||
dst_port_min, dst_port_max = self._get_min_max_ports_from_range(
|
dst_port_min, dst_port_max = self._get_min_max_ports_from_range(
|
||||||
fwr['destination_port'])
|
fwr['destination_port'])
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_WRITER.using(context):
|
||||||
fwr_db = FirewallRuleV2(
|
fwr_db = FirewallRuleV2(
|
||||||
id=uuidutils.generate_uuid(),
|
id=uuidutils.generate_uuid(),
|
||||||
tenant_id=fwr['tenant_id'],
|
tenant_id=fwr['tenant_id'],
|
||||||
|
@ -523,7 +523,7 @@ class FirewallPluginDb(object):
|
||||||
fwr['destination_port_range_min'] = dst_port_min
|
fwr['destination_port_range_min'] = dst_port_min
|
||||||
fwr['destination_port_range_max'] = dst_port_max
|
fwr['destination_port_range_max'] = dst_port_max
|
||||||
del fwr['destination_port']
|
del fwr['destination_port']
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_WRITER.using(context):
|
||||||
fwr_db.update(fwr)
|
fwr_db.update(fwr)
|
||||||
# if the rule on a policy, fix audited flag
|
# if the rule on a policy, fix audited flag
|
||||||
fwp_ids = self.get_policies_with_rule(context, id)
|
fwp_ids = self.get_policies_with_rule(context, id)
|
||||||
|
@ -533,7 +533,7 @@ class FirewallPluginDb(object):
|
||||||
return self._make_firewall_rule_dict(fwr_db)
|
return self._make_firewall_rule_dict(fwr_db)
|
||||||
|
|
||||||
def delete_firewall_rule(self, context, id):
|
def delete_firewall_rule(self, context, id):
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_WRITER.using(context):
|
||||||
fwr = self._get_firewall_rule(context, id)
|
fwr = self._get_firewall_rule(context, id)
|
||||||
# make sure rule is not associated with any policy
|
# make sure rule is not associated with any policy
|
||||||
if self.get_policies_with_rule(context, id):
|
if self.get_policies_with_rule(context, id):
|
||||||
|
@ -552,7 +552,7 @@ class FirewallPluginDb(object):
|
||||||
# If insert_before is set, we will ignore insert_after.
|
# If insert_before is set, we will ignore insert_after.
|
||||||
ref_firewall_rule_id = rule_info['insert_after']
|
ref_firewall_rule_id = rule_info['insert_after']
|
||||||
insert_before = False
|
insert_before = False
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_WRITER.using(context):
|
||||||
fwr_db = self._get_firewall_rule(context, firewall_rule_id)
|
fwr_db = self._get_firewall_rule(context, firewall_rule_id)
|
||||||
fwp_db = self._get_firewall_policy(context, id)
|
fwp_db = self._get_firewall_policy(context, id)
|
||||||
self._check_firewall_rule_conflict(fwr_db, fwp_db)
|
self._check_firewall_rule_conflict(fwr_db, fwp_db)
|
||||||
|
@ -580,7 +580,7 @@ class FirewallPluginDb(object):
|
||||||
|
|
||||||
def remove_rule(self, context, id, rule_info):
|
def remove_rule(self, context, id, rule_info):
|
||||||
firewall_rule_id = rule_info['firewall_rule_id']
|
firewall_rule_id = rule_info['firewall_rule_id']
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_WRITER.using(context):
|
||||||
self._get_firewall_rule(context, firewall_rule_id)
|
self._get_firewall_rule(context, firewall_rule_id)
|
||||||
fwpra_db = self._get_policy_rule_association(context, id,
|
fwpra_db = self._get_policy_rule_association(context, id,
|
||||||
firewall_rule_id)
|
firewall_rule_id)
|
||||||
|
@ -599,7 +599,7 @@ class FirewallPluginDb(object):
|
||||||
|
|
||||||
def _get_rules_in_policy(self, context, fwpid):
|
def _get_rules_in_policy(self, context, fwpid):
|
||||||
"""Gets rules in a firewall policy"""
|
"""Gets rules in a firewall policy"""
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_READER.using(context):
|
||||||
fw_pol_rule_qry = context.session.query(
|
fw_pol_rule_qry = context.session.query(
|
||||||
FirewallPolicyRuleAssociation).filter_by(
|
FirewallPolicyRuleAssociation).filter_by(
|
||||||
firewall_policy_id=fwpid)
|
firewall_policy_id=fwpid)
|
||||||
|
@ -608,7 +608,7 @@ class FirewallPluginDb(object):
|
||||||
|
|
||||||
def get_policies_with_rule(self, context, fwrid):
|
def get_policies_with_rule(self, context, fwrid):
|
||||||
"""Gets rules in a firewall policy"""
|
"""Gets rules in a firewall policy"""
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_READER.using(context):
|
||||||
fw_pol_rule_qry = context.session.query(
|
fw_pol_rule_qry = context.session.query(
|
||||||
FirewallPolicyRuleAssociation).filter_by(
|
FirewallPolicyRuleAssociation).filter_by(
|
||||||
firewall_rule_id=fwrid)
|
firewall_rule_id=fwrid)
|
||||||
|
@ -623,7 +623,7 @@ class FirewallPluginDb(object):
|
||||||
if not rule_id_list:
|
if not rule_id_list:
|
||||||
return
|
return
|
||||||
position = 0
|
position = 0
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_WRITER.using(context):
|
||||||
for rule_id in rule_id_list:
|
for rule_id in rule_id_list:
|
||||||
fw_pol_rul_db = FirewallPolicyRuleAssociation(
|
fw_pol_rul_db = FirewallPolicyRuleAssociation(
|
||||||
firewall_policy_id=fwp_db['id'],
|
firewall_policy_id=fwp_db['id'],
|
||||||
|
@ -673,7 +673,7 @@ class FirewallPluginDb(object):
|
||||||
firewall_policy_id=fwp_db['id'])
|
firewall_policy_id=fwp_db['id'])
|
||||||
|
|
||||||
def get_fwgs_with_policy(self, context, fwp_id):
|
def get_fwgs_with_policy(self, context, fwp_id):
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_READER.using(context):
|
||||||
fwg_ing_pol_qry = context.session.query(
|
fwg_ing_pol_qry = context.session.query(
|
||||||
FirewallGroup).filter_by(
|
FirewallGroup).filter_by(
|
||||||
ingress_firewall_policy_id=fwp_id)
|
ingress_firewall_policy_id=fwp_id)
|
||||||
|
@ -687,7 +687,7 @@ class FirewallPluginDb(object):
|
||||||
def _check_fwgs_associated_with_policy_in_same_project(self, context,
|
def _check_fwgs_associated_with_policy_in_same_project(self, context,
|
||||||
fwp_id,
|
fwp_id,
|
||||||
fwp_tenant_id):
|
fwp_tenant_id):
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_READER.using(context):
|
||||||
fwg_with_fwp_id_db = context.session.query(FirewallGroup).filter(
|
fwg_with_fwp_id_db = context.session.query(FirewallGroup).filter(
|
||||||
or_(FirewallGroup.ingress_firewall_policy_id == fwp_id,
|
or_(FirewallGroup.ingress_firewall_policy_id == fwp_id,
|
||||||
FirewallGroup.egress_firewall_policy_id == fwp_id))
|
FirewallGroup.egress_firewall_policy_id == fwp_id))
|
||||||
|
@ -714,7 +714,7 @@ class FirewallPluginDb(object):
|
||||||
def _set_rules_for_policy(self, context, firewall_policy_db, fwp):
|
def _set_rules_for_policy(self, context, firewall_policy_db, fwp):
|
||||||
rule_id_list = fwp['firewall_rules']
|
rule_id_list = fwp['firewall_rules']
|
||||||
fwp_db = firewall_policy_db
|
fwp_db = firewall_policy_db
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_WRITER.using(context):
|
||||||
if not rule_id_list:
|
if not rule_id_list:
|
||||||
self._delete_all_rules_from_policy(context, fwp_db)
|
self._delete_all_rules_from_policy(context, fwp_db)
|
||||||
return
|
return
|
||||||
|
@ -759,7 +759,7 @@ class FirewallPluginDb(object):
|
||||||
|
|
||||||
def _do_create_firewall_policy(self, context, firewall_policy):
|
def _do_create_firewall_policy(self, context, firewall_policy):
|
||||||
fwp = firewall_policy
|
fwp = firewall_policy
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_WRITER.using(context):
|
||||||
fwp_db = FirewallPolicy(
|
fwp_db = FirewallPolicy(
|
||||||
id=uuidutils.generate_uuid(),
|
id=uuidutils.generate_uuid(),
|
||||||
tenant_id=fwp['tenant_id'],
|
tenant_id=fwp['tenant_id'],
|
||||||
|
@ -777,7 +777,7 @@ class FirewallPluginDb(object):
|
||||||
|
|
||||||
def update_firewall_policy(self, context, id, firewall_policy):
|
def update_firewall_policy(self, context, id, firewall_policy):
|
||||||
fwp = firewall_policy
|
fwp = firewall_policy
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_WRITER.using(context):
|
||||||
fwp_db = self._get_firewall_policy(context, id)
|
fwp_db = self._get_firewall_policy(context, id)
|
||||||
self._ensure_not_default_resource(fwp_db, 'firewall_policy',
|
self._ensure_not_default_resource(fwp_db, 'firewall_policy',
|
||||||
action="update")
|
action="update")
|
||||||
|
@ -798,7 +798,7 @@ class FirewallPluginDb(object):
|
||||||
return self._make_firewall_policy_dict(fwp_db)
|
return self._make_firewall_policy_dict(fwp_db)
|
||||||
|
|
||||||
def delete_firewall_policy(self, context, id):
|
def delete_firewall_policy(self, context, id):
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_WRITER.using(context):
|
||||||
fwp_db = self._get_firewall_policy(context, id)
|
fwp_db = self._get_firewall_policy(context, id)
|
||||||
# check if policy in use
|
# check if policy in use
|
||||||
qry = context.session.query(FirewallGroup)
|
qry = context.session.query(FirewallGroup)
|
||||||
|
@ -839,7 +839,7 @@ class FirewallPluginDb(object):
|
||||||
|
|
||||||
def get_ports_in_firewall_group(self, context, firewall_group_id):
|
def get_ports_in_firewall_group(self, context, firewall_group_id):
|
||||||
"""Get the Ports associated with the firewall group."""
|
"""Get the Ports associated with the firewall group."""
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_READER.using(context):
|
||||||
fw_group_port_qry = context.session.query(
|
fw_group_port_qry = context.session.query(
|
||||||
FirewallGroupPortAssociation)
|
FirewallGroupPortAssociation)
|
||||||
fw_group_port_rows = fw_group_port_qry.filter_by(
|
fw_group_port_rows = fw_group_port_qry.filter_by(
|
||||||
|
@ -849,7 +849,7 @@ class FirewallPluginDb(object):
|
||||||
|
|
||||||
def _delete_ports_in_firewall_group(self, context, firewall_group_id):
|
def _delete_ports_in_firewall_group(self, context, firewall_group_id):
|
||||||
"""Delete the Ports associated with the firewall group."""
|
"""Delete the Ports associated with the firewall group."""
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_WRITER.using(context):
|
||||||
fw_group_port_qry = context.session.query(
|
fw_group_port_qry = context.session.query(
|
||||||
FirewallGroupPortAssociation)
|
FirewallGroupPortAssociation)
|
||||||
fw_group_port_qry.filter_by(
|
fw_group_port_qry.filter_by(
|
||||||
|
@ -878,7 +878,7 @@ class FirewallPluginDb(object):
|
||||||
"""Return a list of ports under a given tenant"""
|
"""Return a list of ports under a given tenant"""
|
||||||
try:
|
try:
|
||||||
fwg_id = FirewallGroupPortAssociation.firewall_group_id
|
fwg_id = FirewallGroupPortAssociation.firewall_group_id
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_READER.using(context):
|
||||||
port_qry = context.session.query(
|
port_qry = context.session.query(
|
||||||
FirewallGroupPortAssociation.port_id).join(
|
FirewallGroupPortAssociation.port_id).join(
|
||||||
FirewallGroup, FirewallGroup.id == fwg_id).filter(
|
FirewallGroup, FirewallGroup.id == fwg_id).filter(
|
||||||
|
@ -963,7 +963,7 @@ class FirewallPluginDb(object):
|
||||||
# that a default firewall group for given tenant exists
|
# that a default firewall group for given tenant exists
|
||||||
self._ensure_default_firewall_group(context, tenant_id)
|
self._ensure_default_firewall_group(context, tenant_id)
|
||||||
|
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_WRITER.using(context):
|
||||||
fwg_db = FirewallGroup(
|
fwg_db = FirewallGroup(
|
||||||
id=uuidutils.generate_uuid(),
|
id=uuidutils.generate_uuid(),
|
||||||
tenant_id=tenant_id,
|
tenant_id=tenant_id,
|
||||||
|
@ -986,7 +986,7 @@ class FirewallPluginDb(object):
|
||||||
fwg = firewall_group
|
fwg = firewall_group
|
||||||
# make sure that no group can be updated to have name=default
|
# make sure that no group can be updated to have name=default
|
||||||
self._ensure_not_default_resource(fwg, 'firewall_group')
|
self._ensure_not_default_resource(fwg, 'firewall_group')
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_WRITER.using(context):
|
||||||
fwg_db = self.get_firewall_group(context, id)
|
fwg_db = self.get_firewall_group(context, id)
|
||||||
if _is_default(fwg_db):
|
if _is_default(fwg_db):
|
||||||
attrs = [
|
attrs = [
|
||||||
|
@ -1020,7 +1020,7 @@ class FirewallPluginDb(object):
|
||||||
"""
|
"""
|
||||||
# filter in_ wants iterable objects, None isn't.
|
# filter in_ wants iterable objects, None isn't.
|
||||||
not_in = not_in or []
|
not_in = not_in or []
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_WRITER.using(context):
|
||||||
return (context.session.query(FirewallGroup).
|
return (context.session.query(FirewallGroup).
|
||||||
filter(FirewallGroup.id == id).
|
filter(FirewallGroup.id == id).
|
||||||
filter(~FirewallGroup.status.in_(not_in)).
|
filter(~FirewallGroup.status.in_(not_in)).
|
||||||
|
@ -1030,7 +1030,7 @@ class FirewallPluginDb(object):
|
||||||
# Note: Plugin should ensure that it's okay to delete if the
|
# Note: Plugin should ensure that it's okay to delete if the
|
||||||
# firewall is active
|
# firewall is active
|
||||||
|
|
||||||
with context.session.begin(subtransactions=True):
|
with db_api.CONTEXT_WRITER.using(context):
|
||||||
# if no such group exists -> don't raise an exception according to
|
# if no such group exists -> don't raise an exception according to
|
||||||
# 80fe2ba1, return None
|
# 80fe2ba1, return None
|
||||||
try:
|
try:
|
||||||
|
|
|
@ -169,17 +169,17 @@ class FWaaSV2AgentExtension(l2_extension.L2AgentExtension):
|
||||||
|
|
||||||
return nl_const.INACTIVE
|
return nl_const.INACTIVE
|
||||||
|
|
||||||
def _get_network_id(self, fwg_port):
|
def _get_network_and_segmentation_id(self, fwg_port):
|
||||||
port_id = fwg_port.get('port_id', fwg_port.get('id'))
|
port_id = fwg_port.get('port_id', fwg_port.get('id'))
|
||||||
port_details = fwg_port.get('port_details')
|
port_details = fwg_port.get('port_details')
|
||||||
|
|
||||||
if port_details:
|
if port_details:
|
||||||
target = port_details.get(port_id)
|
target = port_details.get(port_id)
|
||||||
if target:
|
if target:
|
||||||
return target.get('network_id')
|
return target.get('network_id'), target.get('segmentation_id')
|
||||||
return
|
return
|
||||||
|
|
||||||
return fwg_port.get('network_id')
|
return fwg_port.get('network_id'), fwg_port.get('segmentation_id')
|
||||||
|
|
||||||
def _add_local_vlan_to_ports(self, fwg_ports):
|
def _add_local_vlan_to_ports(self, fwg_ports):
|
||||||
"""Add local VLAN to ports if found
|
"""Add local VLAN to ports if found
|
||||||
|
@ -190,8 +190,9 @@ class FWaaSV2AgentExtension(l2_extension.L2AgentExtension):
|
||||||
ports_with_lvlan = []
|
ports_with_lvlan = []
|
||||||
for fwg_port in fwg_ports:
|
for fwg_port in fwg_ports:
|
||||||
try:
|
try:
|
||||||
network_id = self._get_network_id(fwg_port)
|
network_id, segm_id = self._get_network_and_segmentation_id(
|
||||||
l_vlan = self.vlan_manager.get(network_id).vlan
|
fwg_port)
|
||||||
|
l_vlan = self.vlan_manager.get(network_id, segm_id).vlan
|
||||||
fwg_port['lvlan'] = int(l_vlan)
|
fwg_port['lvlan'] = int(l_vlan)
|
||||||
except vlanmanager.MappingNotFound:
|
except vlanmanager.MappingNotFound:
|
||||||
LOG.warning("No Local VLAN found in network %s", network_id)
|
LOG.warning("No Local VLAN found in network %s", network_id)
|
||||||
|
|
|
@ -620,6 +620,7 @@ class TestAddLocalVlanToPorts(TestFWaasV2AgentExtensionBase):
|
||||||
'port_id': fake_data.PORT1,
|
'port_id': fake_data.PORT1,
|
||||||
'id': fake_data.PORT1,
|
'id': fake_data.PORT1,
|
||||||
'network_id': fake_data.NETWORK_ID,
|
'network_id': fake_data.NETWORK_ID,
|
||||||
|
'segmentation_id': 101,
|
||||||
'port_details': {
|
'port_details': {
|
||||||
fake_data.PORT1: {
|
fake_data.PORT1: {
|
||||||
'device': 'c12e5c1e-d68e-45bd-a2d3-1f2f32604e41',
|
'device': 'c12e5c1e-d68e-45bd-a2d3-1f2f32604e41',
|
||||||
|
@ -643,7 +644,7 @@ class TestAddLocalVlanToPorts(TestFWaasV2AgentExtensionBase):
|
||||||
actual = self.l2._add_local_vlan_to_ports([self.port_with_detail])
|
actual = self.l2._add_local_vlan_to_ports([self.port_with_detail])
|
||||||
|
|
||||||
self.l2.vlan_manager.get.assert_called_once_with(
|
self.l2.vlan_manager.get.assert_called_once_with(
|
||||||
self.port_with_detail['network_id'])
|
self.port_with_detail['network_id'], None)
|
||||||
self.assertEqual(expect, actual)
|
self.assertEqual(expect, actual)
|
||||||
|
|
||||||
def test_port_has_detail_and_id(self):
|
def test_port_has_detail_and_id(self):
|
||||||
|
@ -653,7 +654,7 @@ class TestAddLocalVlanToPorts(TestFWaasV2AgentExtensionBase):
|
||||||
actual = self.l2._add_local_vlan_to_ports([self.port_with_detail])
|
actual = self.l2._add_local_vlan_to_ports([self.port_with_detail])
|
||||||
|
|
||||||
self.l2.vlan_manager.get.assert_called_once_with(
|
self.l2.vlan_manager.get.assert_called_once_with(
|
||||||
self.port_with_detail['network_id'])
|
self.port_with_detail['network_id'], None)
|
||||||
self.assertEqual(expect, actual)
|
self.assertEqual(expect, actual)
|
||||||
|
|
||||||
def test_port_has_no_detail(self):
|
def test_port_has_no_detail(self):
|
||||||
|
@ -663,7 +664,8 @@ class TestAddLocalVlanToPorts(TestFWaasV2AgentExtensionBase):
|
||||||
actual = self.l2._add_local_vlan_to_ports([self.port_with_detail])
|
actual = self.l2._add_local_vlan_to_ports([self.port_with_detail])
|
||||||
|
|
||||||
self.l2.vlan_manager.get.assert_called_once_with(
|
self.l2.vlan_manager.get.assert_called_once_with(
|
||||||
self.port_with_detail['network_id'])
|
self.port_with_detail['network_id'],
|
||||||
|
self.port_with_detail['segmentation_id'])
|
||||||
self.assertEqual(expect, actual)
|
self.assertEqual(expect, actual)
|
||||||
|
|
||||||
|
|
||||||
|
|
2
tox.ini
2
tox.ini
|
@ -75,7 +75,7 @@ setenv =
|
||||||
commands =
|
commands =
|
||||||
stestr run {posargs}
|
stestr run {posargs}
|
||||||
|
|
||||||
[testenv:dsvm-functional]
|
[testenv:dsvm-functional-gate]
|
||||||
setenv =
|
setenv =
|
||||||
OS_TEST_PATH=./neutron_fwaas/tests/functional
|
OS_TEST_PATH=./neutron_fwaas/tests/functional
|
||||||
OS_SUDO_TESTING=1
|
OS_SUDO_TESTING=1
|
||||||
|
|
Loading…
Reference in New Issue