Use API Definitions from neutron-lib
API Definitions which have been moved to neutron-lib would now be used in FWaaS. This commit replaces referring API definitions from extensions to neutron-lib. NOTE: This patch also includes a Workaround for some helper methods due to bug 1706061. Co-Authored-By: Yushiro FURUKAWA <y.furukawa_2@jp.fujitsu.com> Related-Bug: #1706061 Change-Id: Ief048027c3cdf9733b6f96160f904efc4171865b
This commit is contained in:
parent
46972c1654
commit
9d9799f20c
|
@ -14,6 +14,7 @@
|
|||
# under the License.
|
||||
|
||||
FIREWALL = 'FIREWALL'
|
||||
FIREWALL_V2 = 'FIREWALL_V2'
|
||||
|
||||
# Constants for "topics"
|
||||
FIREWALL_PLUGIN = 'q-firewall-plugin'
|
||||
|
|
|
@ -16,13 +16,10 @@
|
|||
import abc
|
||||
|
||||
from debtcollector import moves
|
||||
|
||||
from neutron.api.v2 import resource_helper
|
||||
from neutron_lib.api import converters
|
||||
from neutron_lib.api.definitions import constants as api_const
|
||||
from neutron_lib.api.definitions import firewall
|
||||
from neutron_lib.api import extensions
|
||||
from neutron_lib.api import validators
|
||||
from neutron_lib import constants
|
||||
from neutron_lib.db import constants as db_const
|
||||
from neutron_lib.exceptions import firewall_v1 as f_exc
|
||||
from neutron_lib.services import base as service_base
|
||||
from oslo_config import cfg
|
||||
|
@ -81,206 +78,6 @@ FirewallInternalDriverError = moves.moved_class(
|
|||
FirewallRuleConflict = moves.moved_class(
|
||||
f_exc.FirewallRuleConflict, 'FirewallRuleConflict', __name__)
|
||||
|
||||
# Firewall rule action
|
||||
FWAAS_ALLOW = "allow"
|
||||
FWAAS_DENY = "deny"
|
||||
FWAAS_REJECT = "reject"
|
||||
|
||||
# Firewall resource path prefix
|
||||
FIREWALL_PREFIX = "/fw"
|
||||
|
||||
|
||||
fw_valid_protocol_values = [None, constants.PROTO_NAME_TCP,
|
||||
constants.PROTO_NAME_UDP,
|
||||
constants.PROTO_NAME_ICMP]
|
||||
fw_valid_action_values = [FWAAS_ALLOW, FWAAS_DENY, FWAAS_REJECT]
|
||||
|
||||
|
||||
def convert_protocol(value):
|
||||
if value is None:
|
||||
return
|
||||
if (isinstance(value, six.integer_types) or
|
||||
(isinstance(value, six.string_types) and value.isdigit())):
|
||||
val = int(value)
|
||||
if 0 <= val <= 255:
|
||||
return val
|
||||
else:
|
||||
raise f_exc.FirewallRuleInvalidProtocol(
|
||||
protocol=value, values=fw_valid_protocol_values)
|
||||
elif isinstance(value, six.string_types):
|
||||
if value.lower() in fw_valid_protocol_values:
|
||||
return value.lower()
|
||||
raise f_exc.FirewallRuleInvalidProtocol(
|
||||
protocol=value, values=fw_valid_protocol_values)
|
||||
|
||||
|
||||
def convert_action_to_case_insensitive(value):
|
||||
if value is None:
|
||||
return
|
||||
else:
|
||||
return value.lower()
|
||||
|
||||
|
||||
def convert_port_to_string(value):
|
||||
if value is None:
|
||||
return
|
||||
else:
|
||||
return str(value)
|
||||
|
||||
|
||||
def _validate_port_range(data, key_specs=None):
|
||||
if data is None:
|
||||
return
|
||||
data = str(data)
|
||||
ports = data.split(':')
|
||||
for p in ports:
|
||||
try:
|
||||
val = int(p)
|
||||
except (ValueError, TypeError):
|
||||
msg = _("Port '%s' is not a valid number") % p
|
||||
LOG.debug(msg)
|
||||
return msg
|
||||
if val <= 0 or val > 65535:
|
||||
msg = _("Invalid port '%s'") % p
|
||||
LOG.debug(msg)
|
||||
return msg
|
||||
|
||||
|
||||
def _validate_ip_or_subnet_or_none(data, valid_values=None):
|
||||
if data is None:
|
||||
return None
|
||||
msg_ip = validators.validate_ip_address(data, valid_values)
|
||||
if not msg_ip:
|
||||
return
|
||||
msg_subnet = validators.validate_subnet(data, valid_values)
|
||||
if not msg_subnet:
|
||||
return
|
||||
return _("%(msg_ip)s and %(msg_subnet)s") % {'msg_ip': msg_ip,
|
||||
'msg_subnet': msg_subnet}
|
||||
|
||||
|
||||
validators.validators['type:port_range'] = _validate_port_range
|
||||
validators.validators['type:ip_or_subnet_or_none'] = \
|
||||
_validate_ip_or_subnet_or_none
|
||||
|
||||
|
||||
RESOURCE_ATTRIBUTE_MAP = {
|
||||
'firewall_rules': {
|
||||
'id': {'allow_post': False, 'allow_put': False,
|
||||
'validate': {'type:uuid': None},
|
||||
'is_visible': True, 'primary_key': True},
|
||||
'tenant_id': {'allow_post': True, 'allow_put': False,
|
||||
'required_by_policy': True,
|
||||
'is_visible': True},
|
||||
'name': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string': db_const.NAME_FIELD_SIZE},
|
||||
'is_visible': True, 'default': ''},
|
||||
'description': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string':
|
||||
db_const.DESCRIPTION_FIELD_SIZE},
|
||||
'is_visible': True, 'default': ''},
|
||||
'firewall_policy_id': {'allow_post': False, 'allow_put': False,
|
||||
'validate': {'type:uuid_or_none': None},
|
||||
'is_visible': True},
|
||||
'shared': {'allow_post': True, 'allow_put': True,
|
||||
'default': False,
|
||||
'convert_to': converters.convert_to_boolean,
|
||||
'is_visible': True, 'required_by_policy': True,
|
||||
'enforce_policy': True},
|
||||
'protocol': {'allow_post': True, 'allow_put': True,
|
||||
'is_visible': True, 'default': None,
|
||||
'convert_to': convert_protocol,
|
||||
'validate': {'type:values': fw_valid_protocol_values}},
|
||||
'ip_version': {'allow_post': True, 'allow_put': True,
|
||||
'default': 4, 'convert_to': converters.convert_to_int,
|
||||
'validate': {'type:values': [4, 6]},
|
||||
'is_visible': True},
|
||||
'source_ip_address': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:ip_or_subnet_or_none': None},
|
||||
'is_visible': True, 'default': None},
|
||||
'destination_ip_address': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:ip_or_subnet_or_none':
|
||||
None},
|
||||
'is_visible': True, 'default': None},
|
||||
'source_port': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:port_range': None},
|
||||
'convert_to': convert_port_to_string,
|
||||
'default': None, 'is_visible': True},
|
||||
'destination_port': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:port_range': None},
|
||||
'convert_to': convert_port_to_string,
|
||||
'default': None, 'is_visible': True},
|
||||
'position': {'allow_post': False, 'allow_put': False,
|
||||
'default': None, 'is_visible': True},
|
||||
'action': {'allow_post': True, 'allow_put': True,
|
||||
'convert_to': convert_action_to_case_insensitive,
|
||||
'validate': {'type:values': fw_valid_action_values},
|
||||
'is_visible': True, 'default': 'deny'},
|
||||
'enabled': {'allow_post': True, 'allow_put': True,
|
||||
'default': True, 'is_visible': True,
|
||||
'convert_to': converters.convert_to_boolean},
|
||||
},
|
||||
'firewall_policies': {
|
||||
'id': {'allow_post': False, 'allow_put': False,
|
||||
'validate': {'type:uuid': None},
|
||||
'is_visible': True,
|
||||
'primary_key': True},
|
||||
'tenant_id': {'allow_post': True, 'allow_put': False,
|
||||
'required_by_policy': True,
|
||||
'is_visible': True},
|
||||
'name': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string': db_const.NAME_FIELD_SIZE},
|
||||
'is_visible': True, 'default': ''},
|
||||
'description': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string':
|
||||
db_const.DESCRIPTION_FIELD_SIZE},
|
||||
'is_visible': True, 'default': ''},
|
||||
'shared': {'allow_post': True, 'allow_put': True,
|
||||
'default': False, 'enforce_policy': True,
|
||||
'convert_to': converters.convert_to_boolean,
|
||||
'is_visible': True, 'required_by_policy': True},
|
||||
'firewall_rules': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:uuid_list': None},
|
||||
'convert_to': converters.convert_none_to_empty_list,
|
||||
'default': None, 'is_visible': True},
|
||||
'audited': {'allow_post': True, 'allow_put': True,
|
||||
'default': False, 'is_visible': True,
|
||||
'convert_to': converters.convert_to_boolean},
|
||||
},
|
||||
'firewalls': {
|
||||
'id': {'allow_post': False, 'allow_put': False,
|
||||
'validate': {'type:uuid': None},
|
||||
'is_visible': True,
|
||||
'primary_key': True},
|
||||
'tenant_id': {'allow_post': True, 'allow_put': False,
|
||||
'required_by_policy': True,
|
||||
'is_visible': True},
|
||||
'name': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string': db_const.NAME_FIELD_SIZE},
|
||||
'is_visible': True, 'default': ''},
|
||||
'description': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string':
|
||||
db_const.DESCRIPTION_FIELD_SIZE},
|
||||
'is_visible': True, 'default': ''},
|
||||
'admin_state_up': {'allow_post': True, 'allow_put': True,
|
||||
'default': True, 'is_visible': True,
|
||||
'convert_to': converters.convert_to_boolean},
|
||||
'status': {'allow_post': False, 'allow_put': False,
|
||||
'is_visible': True},
|
||||
'shared': {'allow_post': True, 'allow_put': True,
|
||||
'default': False, 'enforce_policy': True,
|
||||
'convert_to': converters.convert_to_boolean,
|
||||
'is_visible': False, 'required_by_policy': True},
|
||||
'firewall_policy_id': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:uuid_or_none': None},
|
||||
'is_visible': True},
|
||||
},
|
||||
}
|
||||
|
||||
# A tenant may have a unique firewall and policy for each router
|
||||
# when router insertion is used.
|
||||
# Set default quotas to align with default l3 quota_router of 10
|
||||
# though keep as separately controllable.
|
||||
|
||||
firewall_quota_opts = [
|
||||
cfg.IntOpt('quota_firewall',
|
||||
|
@ -299,51 +96,35 @@ firewall_quota_opts = [
|
|||
cfg.CONF.register_opts(firewall_quota_opts, 'QUOTAS')
|
||||
|
||||
|
||||
class Firewall(extensions.ExtensionDescriptor):
|
||||
# TODO(Reedip): Remove the convert_to functionality after bug1706061 is fixed.
|
||||
def convert_to_string(value):
|
||||
if value is not None:
|
||||
return str(value)
|
||||
return None
|
||||
|
||||
@classmethod
|
||||
def get_name(cls):
|
||||
return "Firewall service"
|
||||
firewall.RESOURCE_ATTRIBUTE_MAP[api_const.FIREWALL_RULES][
|
||||
'source_port']['convert_to'] = convert_to_string
|
||||
firewall.RESOURCE_ATTRIBUTE_MAP[api_const.FIREWALL_RULES][
|
||||
'destination_port']['convert_to'] = convert_to_string
|
||||
|
||||
@classmethod
|
||||
def get_alias(cls):
|
||||
return "fwaas"
|
||||
|
||||
@classmethod
|
||||
def get_description(cls):
|
||||
return "Extension for Firewall service"
|
||||
|
||||
@classmethod
|
||||
def get_updated(cls):
|
||||
return "2013-02-25T10:00:00-00:00"
|
||||
class Firewall(extensions.APIExtensionDescriptor):
|
||||
api_definition = firewall
|
||||
|
||||
@classmethod
|
||||
def get_resources(cls):
|
||||
special_mappings = {'firewall_policies': 'firewall_policy'}
|
||||
plural_mappings = resource_helper.build_plural_mappings(
|
||||
special_mappings, RESOURCE_ATTRIBUTE_MAP)
|
||||
action_map = {'firewall_policy': {'insert_rule': 'PUT',
|
||||
'remove_rule': 'PUT'}}
|
||||
return resource_helper.build_resource_info(plural_mappings,
|
||||
RESOURCE_ATTRIBUTE_MAP,
|
||||
fwaas_constants.FIREWALL,
|
||||
action_map=action_map,
|
||||
register_quota=True)
|
||||
special_mappings, firewall.RESOURCE_ATTRIBUTE_MAP)
|
||||
return resource_helper.build_resource_info(
|
||||
plural_mappings, firewall.RESOURCE_ATTRIBUTE_MAP,
|
||||
fwaas_constants.FIREWALL, action_map=firewall.ACTION_MAP,
|
||||
register_quota=True)
|
||||
|
||||
@classmethod
|
||||
def get_plugin_interface(cls):
|
||||
return FirewallPluginBase
|
||||
|
||||
def update_attributes_map(self, attributes):
|
||||
super(Firewall, self).update_attributes_map(
|
||||
attributes, extension_attrs_map=RESOURCE_ATTRIBUTE_MAP)
|
||||
|
||||
def get_extended_resources(self, version):
|
||||
if version == "2.0":
|
||||
return RESOURCE_ATTRIBUTE_MAP
|
||||
else:
|
||||
return {}
|
||||
|
||||
|
||||
@six.add_metaclass(abc.ABCMeta)
|
||||
class FirewallPluginBase(service_base.ServicePluginBase):
|
||||
|
|
|
@ -15,22 +15,16 @@
|
|||
import abc
|
||||
|
||||
from debtcollector import moves
|
||||
|
||||
from neutron.api.v2 import resource_helper
|
||||
from neutron_lib.api import converters
|
||||
from neutron_lib.api.definitions import constants as api_const
|
||||
from neutron_lib.api.definitions import firewall_v2
|
||||
from neutron_lib.api import extensions
|
||||
from neutron_lib.db import constants as nl_db_constants
|
||||
from neutron_lib.exceptions import firewall_v2 as f_exc
|
||||
from neutron_lib.services import base as service_base
|
||||
import six
|
||||
|
||||
# Import firewall v1 API to get the validators
|
||||
# TODO(shpadubi): pull the validators out of fwaas v1 into a separate file
|
||||
from neutron_fwaas.extensions import firewall as fwaas_v1
|
||||
from neutron_fwaas.common import fwaas_constants
|
||||
|
||||
FIREWALL_PREFIX = '/fwaas'
|
||||
|
||||
FIREWALL_CONST = 'FIREWALL_V2'
|
||||
|
||||
FirewallGroupNotFound = moves.moved_class(
|
||||
f_exc.FirewallGroupNotFound, 'FirewallGroupNotFound', __name__)
|
||||
|
@ -93,192 +87,44 @@ FirewallRuleAlreadyAssociated = moves.moved_class(
|
|||
__name__)
|
||||
|
||||
|
||||
RESOURCE_ATTRIBUTE_MAP = {
|
||||
'firewall_rules': {
|
||||
'id': {'allow_post': False, 'allow_put': False,
|
||||
'validate': {'type:uuid': None},
|
||||
'is_visible': True, 'primary_key': True},
|
||||
'tenant_id': {'allow_post': True, 'allow_put': False,
|
||||
'required_by_policy': True,
|
||||
'validate': {'type:string':
|
||||
nl_db_constants.UUID_FIELD_SIZE},
|
||||
'is_visible': True},
|
||||
'name': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string': nl_db_constants.NAME_FIELD_SIZE},
|
||||
'is_visible': True, 'default': ''},
|
||||
'description': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string':
|
||||
nl_db_constants.DESCRIPTION_FIELD_SIZE},
|
||||
'is_visible': True, 'default': ''},
|
||||
'firewall_policy_id': {'allow_post': False, 'allow_put': False,
|
||||
'validate': {'type:uuid_or_none': None},
|
||||
'is_visible': True},
|
||||
'shared': {'allow_post': True, 'allow_put': True,
|
||||
'default': False, 'is_visible': True,
|
||||
'convert_to': converters.convert_to_boolean,
|
||||
'required_by_policy': True, 'enforce_policy': True},
|
||||
'protocol': {'allow_post': True, 'allow_put': True,
|
||||
'is_visible': True, 'default': None,
|
||||
'convert_to': fwaas_v1.convert_protocol,
|
||||
'validate': {'type:values':
|
||||
fwaas_v1.fw_valid_protocol_values}},
|
||||
'ip_version': {'allow_post': True, 'allow_put': True,
|
||||
'default': 4, 'convert_to': converters.convert_to_int,
|
||||
'validate': {'type:values': [4, 6]},
|
||||
'is_visible': True},
|
||||
'source_ip_address': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:ip_or_subnet_or_none': None},
|
||||
'is_visible': True, 'default': None},
|
||||
'destination_ip_address': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:ip_or_subnet_or_none':
|
||||
None},
|
||||
'is_visible': True, 'default': None},
|
||||
'source_port': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:port_range': None},
|
||||
'convert_to': fwaas_v1.convert_port_to_string,
|
||||
'default': None, 'is_visible': True},
|
||||
'destination_port': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:port_range': None},
|
||||
'convert_to': fwaas_v1.convert_port_to_string,
|
||||
'default': None, 'is_visible': True},
|
||||
'position': {'allow_post': False, 'allow_put': False,
|
||||
'default': None, 'is_visible': True},
|
||||
'action': {'allow_post': True, 'allow_put': True,
|
||||
'convert_to': fwaas_v1.convert_action_to_case_insensitive,
|
||||
'validate': {'type:values':
|
||||
fwaas_v1.fw_valid_action_values},
|
||||
'is_visible': True, 'default': 'deny'},
|
||||
'enabled': {'allow_post': True, 'allow_put': True,
|
||||
'convert_to': converters.convert_to_boolean,
|
||||
'default': True, 'is_visible': True},
|
||||
},
|
||||
'firewall_groups': {
|
||||
'id': {'allow_post': False, 'allow_put': False,
|
||||
'validate': {'type:uuid': None},
|
||||
'is_visible': True,
|
||||
'primary_key': True},
|
||||
'name': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string': nl_db_constants.NAME_FIELD_SIZE},
|
||||
'is_visible': True, 'default': ''},
|
||||
'description': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string':
|
||||
nl_db_constants.DESCRIPTION_FIELD_SIZE},
|
||||
'is_visible': True, 'default': ''},
|
||||
'admin_state_up': {'allow_post': True, 'allow_put': True,
|
||||
'default': True, 'is_visible': True,
|
||||
'convert_to': converters.convert_to_boolean},
|
||||
'status': {'allow_post': False, 'allow_put': False,
|
||||
'is_visible': True},
|
||||
'shared': {'allow_post': True, 'allow_put': True, 'default': False,
|
||||
'convert_to': converters.convert_to_boolean,
|
||||
'is_visible': True, 'required_by_policy': True,
|
||||
'enforce_policy': True},
|
||||
'ports': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:uuid_list': None},
|
||||
'convert_to': converters.convert_none_to_empty_list,
|
||||
'default': None, 'is_visible': True},
|
||||
'tenant_id': {'allow_post': True, 'allow_put': False,
|
||||
'required_by_policy': True,
|
||||
'validate': {'type:string':
|
||||
nl_db_constants.UUID_FIELD_SIZE},
|
||||
'is_visible': True},
|
||||
'ingress_firewall_policy_id': {'allow_post': True,
|
||||
'allow_put': True,
|
||||
'validate': {'type:uuid_or_none':
|
||||
None},
|
||||
'default': None, 'is_visible': True},
|
||||
'egress_firewall_policy_id': {'allow_post': True,
|
||||
'allow_put': True,
|
||||
'validate': {'type:uuid_or_none':
|
||||
None},
|
||||
'default': None, 'is_visible': True},
|
||||
},
|
||||
'firewall_policies': {
|
||||
'id': {'allow_post': False, 'allow_put': False,
|
||||
'validate': {'type:uuid': None},
|
||||
'is_visible': True,
|
||||
'primary_key': True},
|
||||
'tenant_id': {'allow_post': True, 'allow_put': False,
|
||||
'required_by_policy': True,
|
||||
'validate': {'type:string':
|
||||
nl_db_constants.UUID_FIELD_SIZE},
|
||||
'is_visible': True},
|
||||
'name': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string': nl_db_constants.NAME_FIELD_SIZE},
|
||||
'is_visible': True, 'default': ''},
|
||||
'description': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string':
|
||||
nl_db_constants.DESCRIPTION_FIELD_SIZE},
|
||||
'is_visible': True, 'default': ''},
|
||||
'shared': {'allow_post': True, 'allow_put': True, 'default': False,
|
||||
'convert_to': converters.convert_to_boolean,
|
||||
'is_visible': True, 'required_by_policy': True,
|
||||
'enforce_policy': True},
|
||||
'firewall_rules': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:uuid_list': None},
|
||||
'convert_to': converters.convert_none_to_empty_list,
|
||||
'default': None, 'is_visible': True},
|
||||
'audited': {'allow_post': True, 'allow_put': True, 'default': False,
|
||||
'convert_to': converters.convert_to_boolean,
|
||||
'is_visible': True},
|
||||
# TODO(Reedip): Remove the convert_to functionality after bug1706061 is fixed.
|
||||
def convert_to_string(value):
|
||||
if value is not None:
|
||||
return str(value)
|
||||
return None
|
||||
|
||||
},
|
||||
}
|
||||
firewall_v2.RESOURCE_ATTRIBUTE_MAP[api_const.FIREWALL_RULES][
|
||||
'source_port']['convert_to'] = convert_to_string
|
||||
firewall_v2.RESOURCE_ATTRIBUTE_MAP[api_const.FIREWALL_RULES][
|
||||
'destination_port']['convert_to'] = convert_to_string
|
||||
|
||||
|
||||
class Firewall_v2(extensions.ExtensionDescriptor):
|
||||
|
||||
@classmethod
|
||||
def get_name(cls):
|
||||
return "Firewall service v2"
|
||||
|
||||
@classmethod
|
||||
def get_alias(cls):
|
||||
return "fwaas_v2"
|
||||
|
||||
@classmethod
|
||||
def get_description(cls):
|
||||
return "Extension for Firewall service v2"
|
||||
|
||||
@classmethod
|
||||
def get_updated(cls):
|
||||
return "2016-08-16T00:00:00-00:00"
|
||||
class Firewall_v2(extensions.APIExtensionDescriptor):
|
||||
api_definition = firewall_v2
|
||||
|
||||
@classmethod
|
||||
def get_resources(cls):
|
||||
special_mappings = {'firewall_policies': 'firewall_policy'}
|
||||
plural_mappings = resource_helper.build_plural_mappings(
|
||||
special_mappings, RESOURCE_ATTRIBUTE_MAP)
|
||||
action_map = {'firewall_policy': {'insert_rule': 'PUT',
|
||||
'remove_rule': 'PUT'}}
|
||||
return resource_helper.build_resource_info(plural_mappings,
|
||||
RESOURCE_ATTRIBUTE_MAP,
|
||||
FIREWALL_CONST,
|
||||
action_map=action_map)
|
||||
special_mappings, firewall_v2.RESOURCE_ATTRIBUTE_MAP)
|
||||
return resource_helper.build_resource_info(
|
||||
plural_mappings, firewall_v2.RESOURCE_ATTRIBUTE_MAP,
|
||||
fwaas_constants.FIREWALL_V2, action_map=firewall_v2.ACTION_MAP,
|
||||
register_quota=True)
|
||||
|
||||
@classmethod
|
||||
def get_plugin_interface(cls):
|
||||
return Firewallv2PluginBase
|
||||
|
||||
def update_attributes_map(self, attributes):
|
||||
super(Firewall_v2, self).update_attributes_map(
|
||||
attributes, extension_attrs_map=RESOURCE_ATTRIBUTE_MAP)
|
||||
|
||||
def get_extended_resources(self, version):
|
||||
if version == "2.0":
|
||||
return RESOURCE_ATTRIBUTE_MAP
|
||||
else:
|
||||
return {}
|
||||
|
||||
|
||||
@six.add_metaclass(abc.ABCMeta)
|
||||
class Firewallv2PluginBase(service_base.ServicePluginBase):
|
||||
|
||||
def get_plugin_name(self):
|
||||
return FIREWALL_CONST
|
||||
return fwaas_constants.FIREWALL_V2
|
||||
|
||||
def get_plugin_type(self):
|
||||
return FIREWALL_CONST
|
||||
return fwaas_constants.FIREWALL_V2
|
||||
|
||||
def get_plugin_description(self):
|
||||
return 'Firewall Service v2 Plugin'
|
||||
|
|
|
@ -13,20 +13,11 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from neutron_lib.api.definitions import firewallrouterinsertion
|
||||
from neutron_lib.api import extensions
|
||||
from neutron_lib import constants
|
||||
|
||||
|
||||
EXTENDED_ATTRIBUTES_2_0 = {
|
||||
'firewalls': {
|
||||
'router_ids': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:uuid_list': None},
|
||||
'is_visible': True, 'default': constants.ATTR_NOT_SPECIFIED},
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
class Firewallrouterinsertion(extensions.ExtensionDescriptor):
|
||||
class Firewallrouterinsertion(extensions.APIExtensionDescriptor):
|
||||
"""Extension class supporting Firewall and Router(s) association.
|
||||
|
||||
The extension enables providing an option to specify router-ids of
|
||||
|
@ -45,24 +36,4 @@ class Firewallrouterinsertion(extensions.ExtensionDescriptor):
|
|||
provided with a list of routers or an empty list - this drives the new
|
||||
set of routers that the firewall is associated with.
|
||||
"""
|
||||
@classmethod
|
||||
def get_name(cls):
|
||||
return "Firewall Router insertion"
|
||||
|
||||
@classmethod
|
||||
def get_alias(cls):
|
||||
return "fwaasrouterinsertion"
|
||||
|
||||
@classmethod
|
||||
def get_description(cls):
|
||||
return "Firewall Router insertion on specified set of routers"
|
||||
|
||||
@classmethod
|
||||
def get_updated(cls):
|
||||
return "2015-01-27T10:00:00-00:00"
|
||||
|
||||
def get_extended_resources(self, version):
|
||||
if version == "2.0":
|
||||
return EXTENDED_ATTRIBUTES_2_0
|
||||
else:
|
||||
return {}
|
||||
api_definition = firewallrouterinsertion
|
||||
|
|
|
@ -14,6 +14,10 @@
|
|||
# under the License.
|
||||
|
||||
from neutron.common import rpc as n_rpc
|
||||
from neutron_lib.agent import l3_extension
|
||||
from neutron_lib.api.definitions import firewall as fw_ext
|
||||
from neutron_lib import constants as nl_constants
|
||||
from neutron_lib import context
|
||||
from oslo_config import cfg
|
||||
from oslo_log import helpers as log_helpers
|
||||
from oslo_log import log as logging
|
||||
|
@ -21,12 +25,8 @@ from oslo_log import log as logging
|
|||
from neutron_fwaas._i18n import _, _LE
|
||||
from neutron_fwaas.common import fwaas_constants
|
||||
from neutron_fwaas.common import resources as f_resources
|
||||
from neutron_fwaas.extensions import firewall as fw_ext
|
||||
from neutron_fwaas.services.firewall.agents import firewall_agent_api as api
|
||||
from neutron_fwaas.services.firewall.agents import firewall_service
|
||||
from neutron_lib.agent import l3_extension
|
||||
from neutron_lib import constants as nl_constants
|
||||
from neutron_lib import context
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
|
|
@ -15,11 +15,11 @@
|
|||
|
||||
from neutron.agent.linux import iptables_manager
|
||||
from neutron.agent.linux import utils as linux_utils
|
||||
from neutron.common import utils
|
||||
from neutron_lib.api.definitions import firewall as fw_ext
|
||||
from oslo_log import log as logging
|
||||
|
||||
from neutron.common import utils
|
||||
from neutron_fwaas._i18n import _LE
|
||||
from neutron_fwaas.extensions import firewall as fw_ext
|
||||
from neutron_fwaas.services.firewall.drivers import fwaas_base_v2
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
|
|
@ -12,15 +12,15 @@
|
|||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from neutron.common import rpc as n_rpc
|
||||
from neutron.common import utils as n_utils
|
||||
from neutron_lib.api.definitions import firewall as fw_ext
|
||||
from neutron_lib import constants as nl_constants
|
||||
from neutron_lib import context as neutron_context
|
||||
from neutron_lib.exceptions import firewall_v1 as f_exc
|
||||
from neutron_lib.plugins import constants as plugin_constants
|
||||
from neutron_lib.plugins import directory
|
||||
|
||||
from neutron.common import rpc as n_rpc
|
||||
from neutron.common import utils as n_utils
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
import oslo_messaging
|
||||
|
@ -29,7 +29,6 @@ from neutron_fwaas._i18n import _LI, _LW
|
|||
from neutron_fwaas.common import fwaas_constants as f_const
|
||||
from neutron_fwaas.db.firewall import firewall_db
|
||||
from neutron_fwaas.db.firewall import firewall_router_insertion_db
|
||||
from neutron_fwaas.extensions import firewall as fw_ext
|
||||
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
@ -153,7 +152,7 @@ class FirewallPlugin(
|
|||
firewall_db.Firewall_db_mixin.
|
||||
"""
|
||||
supported_extension_aliases = ["fwaas", "fwaasrouterinsertion"]
|
||||
path_prefix = fw_ext.FIREWALL_PREFIX
|
||||
path_prefix = fw_ext.API_PREFIX
|
||||
|
||||
def __init__(self):
|
||||
"""Do the initialization for the firewall service plugin here."""
|
||||
|
|
|
@ -12,24 +12,22 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from neutron.common import rpc as n_rpc
|
||||
from neutron.db import servicetype_db as st_db
|
||||
from neutron.services import provider_configuration as provider_conf
|
||||
from neutron_lib.api.definitions import firewall_v2
|
||||
from neutron_lib import constants as nl_constants
|
||||
from neutron_lib import context as neutron_context
|
||||
from neutron_lib.exceptions import firewall_v2 as f_exc
|
||||
from neutron_lib.plugins import directory
|
||||
|
||||
from neutron.common import rpc as n_rpc
|
||||
from neutron_lib import constants as nl_constants
|
||||
from neutron_lib.plugins import constants as plugin_const
|
||||
from neutron_lib.plugins import directory
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
import oslo_messaging
|
||||
|
||||
from neutron.db import servicetype_db as st_db
|
||||
from neutron.services import provider_configuration as provider_conf
|
||||
|
||||
from neutron_fwaas._i18n import _LI
|
||||
from neutron_fwaas.common import fwaas_constants
|
||||
from neutron_fwaas.db.firewall.v2 import firewall_db_v2
|
||||
from neutron_fwaas.extensions import firewall_v2 as fw_ext
|
||||
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
@ -155,7 +153,7 @@ class FirewallPluginV2(
|
|||
firewall_db_v2.Firewall_db_mixin_v2.
|
||||
"""
|
||||
supported_extension_aliases = ["fwaas_v2"]
|
||||
path_prefix = fw_ext.FIREWALL_PREFIX
|
||||
path_prefix = firewall_v2.API_PREFIX
|
||||
|
||||
def __init__(self):
|
||||
"""Do the initialization for the firewall service plugin here."""
|
||||
|
|
|
@ -18,6 +18,12 @@ import contextlib
|
|||
import mock
|
||||
from neutron.api import extensions as api_ext
|
||||
from neutron.common import config
|
||||
from neutron_lib.api.definitions import firewall
|
||||
from neutron_lib import constants as nl_constants
|
||||
from neutron_lib import context
|
||||
from neutron_lib.exceptions import firewall_v1 as f_exc
|
||||
from neutron_lib.exceptions import l3
|
||||
from neutron_lib.plugins import directory
|
||||
from oslo_config import cfg
|
||||
from oslo_utils import importutils
|
||||
from oslo_utils import uuidutils
|
||||
|
@ -26,14 +32,9 @@ import webob.exc
|
|||
|
||||
from neutron_fwaas.db.firewall import firewall_db as fdb
|
||||
from neutron_fwaas import extensions
|
||||
from neutron_fwaas.extensions import firewall
|
||||
from neutron_fwaas.services.firewall import fwaas_plugin
|
||||
from neutron_fwaas.tests import base
|
||||
from neutron_lib import constants as nl_constants
|
||||
from neutron_lib import context
|
||||
from neutron_lib.exceptions import firewall_v1 as f_exc
|
||||
from neutron_lib.exceptions import l3
|
||||
from neutron_lib.plugins import directory
|
||||
|
||||
|
||||
DB_FW_PLUGIN_KLASS = (
|
||||
"neutron_fwaas.db.firewall.firewall_db.Firewall_db_mixin"
|
||||
|
@ -74,7 +75,7 @@ class FakeAgentApi(fwaas_plugin.FirewallCallbacks):
|
|||
|
||||
class FirewallPluginDbTestCase(base.NeutronDbPluginV2TestCase):
|
||||
resource_prefix_map = dict(
|
||||
(k, firewall.FIREWALL_PREFIX)
|
||||
(k, firewall.API_PREFIX)
|
||||
for k in firewall.RESOURCE_ATTRIBUTE_MAP.keys()
|
||||
)
|
||||
|
||||
|
@ -87,7 +88,7 @@ class FirewallPluginDbTestCase(base.NeutronDbPluginV2TestCase):
|
|||
service_plugins = {'fw_plugin_name': fw_plugin}
|
||||
|
||||
fdb.Firewall_db_mixin.supported_extension_aliases = ["fwaas"]
|
||||
fdb.Firewall_db_mixin.path_prefix = firewall.FIREWALL_PREFIX
|
||||
fdb.Firewall_db_mixin.path_prefix = firewall.API_PREFIX
|
||||
super(FirewallPluginDbTestCase, self).setUp(
|
||||
ext_mgr=ext_mgr,
|
||||
service_plugins=service_plugins
|
||||
|
|
|
@ -18,10 +18,14 @@ import contextlib
|
|||
import mock
|
||||
from neutron.api import extensions as api_ext
|
||||
from neutron.common import config
|
||||
from neutron_lib.api.definitions import firewall_v2
|
||||
from neutron_lib import constants as nl_constants
|
||||
from neutron_lib import context
|
||||
from neutron_lib.exceptions import firewall_v2 as f_exc
|
||||
from neutron_lib.plugins import directory
|
||||
from oslo_config import cfg
|
||||
from oslo_utils import importutils
|
||||
from oslo_utils import uuidutils
|
||||
|
||||
import six
|
||||
import testtools
|
||||
import webob.exc
|
||||
|
@ -29,13 +33,9 @@ import webob.exc
|
|||
from neutron_fwaas._i18n import _
|
||||
from neutron_fwaas.db.firewall.v2 import firewall_db_v2 as fdb
|
||||
from neutron_fwaas import extensions
|
||||
from neutron_fwaas.extensions import firewall_v2 as firewall
|
||||
from neutron_fwaas.services.firewall import fwaas_plugin_v2
|
||||
from neutron_fwaas.tests import base
|
||||
from neutron_lib import constants as nl_constants
|
||||
from neutron_lib import context
|
||||
from neutron_lib.exceptions import firewall_v2 as f_exc
|
||||
from neutron_lib.plugins import directory
|
||||
|
||||
|
||||
DB_FW_PLUGIN_KLASS = (
|
||||
"neutron_fwaas.db.firewall.v2.firewall_db_v2.Firewall_db_mixin_v2"
|
||||
|
@ -76,8 +76,8 @@ class FakeAgentApi(fwaas_plugin_v2.FirewallCallbacks):
|
|||
|
||||
class FirewallPluginV2DbTestCase(base.NeutronDbPluginV2TestCase):
|
||||
resource_prefix_map = dict(
|
||||
(k, firewall.FIREWALL_PREFIX)
|
||||
for k in firewall.RESOURCE_ATTRIBUTE_MAP.keys()
|
||||
(k, firewall_v2.API_PREFIX)
|
||||
for k in firewall_v2.RESOURCE_ATTRIBUTE_MAP.keys()
|
||||
)
|
||||
|
||||
def setUp(self, core_plugin=None, fw_plugin=None, ext_mgr=None):
|
||||
|
@ -90,7 +90,7 @@ class FirewallPluginV2DbTestCase(base.NeutronDbPluginV2TestCase):
|
|||
service_plugins = {'fw_plugin_name': fw_plugin}
|
||||
|
||||
fdb.Firewall_db_mixin_v2.supported_extension_aliases = ["fwaas_v2"]
|
||||
fdb.Firewall_db_mixin_v2.path_prefix = firewall.FIREWALL_PREFIX
|
||||
fdb.Firewall_db_mixin_v2.path_prefix = firewall_v2.API_PREFIX
|
||||
super(FirewallPluginV2DbTestCase, self).setUp(
|
||||
ext_mgr=ext_mgr,
|
||||
service_plugins=service_plugins
|
||||
|
|
|
@ -1,419 +0,0 @@
|
|||
# Copyright 2013 Big Switch Networks, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import copy
|
||||
|
||||
import mock
|
||||
from neutron.tests.unit.api.v2 import test_base as test_api_v2
|
||||
from neutron.tests.unit.extensions import base as test_api_v2_extension
|
||||
from neutron_lib.db import constants as db_const
|
||||
from oslo_utils import uuidutils
|
||||
from webob import exc
|
||||
import webtest
|
||||
|
||||
from neutron_fwaas.extensions import firewall_v2
|
||||
|
||||
_uuid = uuidutils.generate_uuid
|
||||
_get_path = test_api_v2._get_path
|
||||
_long_name = 'x' * (db_const.NAME_FIELD_SIZE + 1)
|
||||
_long_description = 'y' * (db_const.DESCRIPTION_FIELD_SIZE + 1)
|
||||
_long_tenant = 'z' * (db_const.PROJECT_ID_FIELD_SIZE + 1)
|
||||
|
||||
FIREWALL_CONST = 'FIREWALL_V2'
|
||||
|
||||
|
||||
class FirewallExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
|
||||
fmt = 'json'
|
||||
|
||||
def setUp(self):
|
||||
super(FirewallExtensionTestCase, self).setUp()
|
||||
plural_mappings = {'firewall_policy': 'firewall_policies'}
|
||||
self._setUpExtension(
|
||||
'neutron_fwaas.extensions.firewall_v2.Firewallv2PluginBase',
|
||||
FIREWALL_CONST, firewall_v2.RESOURCE_ATTRIBUTE_MAP,
|
||||
firewall_v2.Firewall_v2, 'fwaas', plural_mappings=plural_mappings)
|
||||
|
||||
def _test_create_firewall_rule(self, src_port, dst_port):
|
||||
rule_id = _uuid()
|
||||
project_id = _uuid()
|
||||
data = {'firewall_rule': {'description': 'descr_firewall_rule1',
|
||||
'name': 'rule1',
|
||||
'protocol': 'tcp',
|
||||
'ip_version': 4,
|
||||
'source_ip_address': '192.168.0.1',
|
||||
'destination_ip_address': '127.0.0.1',
|
||||
'source_port': src_port,
|
||||
'destination_port': dst_port,
|
||||
'action': 'allow',
|
||||
'enabled': True,
|
||||
'tenant_id': project_id,
|
||||
'shared': False}}
|
||||
expected_ret_val = copy.copy(data['firewall_rule'])
|
||||
expected_ret_val['source_port'] = str(src_port)
|
||||
expected_ret_val['destination_port'] = str(dst_port)
|
||||
expected_ret_val['id'] = rule_id
|
||||
instance = self.plugin.return_value
|
||||
instance.create_firewall_rule.return_value = expected_ret_val
|
||||
res = self.api.post(_get_path('fwaas/firewall_rules', fmt=self.fmt),
|
||||
self.serialize(data),
|
||||
content_type='application/%s' % self.fmt)
|
||||
data['firewall_rule'].update({'project_id': project_id})
|
||||
self.assertEqual(exc.HTTPCreated.code, res.status_int)
|
||||
res = self.deserialize(res)
|
||||
self.assertIn('firewall_rule', res)
|
||||
self.assertEqual(expected_ret_val, res['firewall_rule'])
|
||||
|
||||
def test_create_firewall_rule_with_integer_ports(self):
|
||||
self._test_create_firewall_rule(1, 10)
|
||||
|
||||
def test_create_firewall_rule_with_string_ports(self):
|
||||
self._test_create_firewall_rule('1', '10')
|
||||
|
||||
def test_create_firewall_rule_with_port_range(self):
|
||||
self._test_create_firewall_rule('1:20', '30:40')
|
||||
|
||||
def test_create_firewall_rule_invalid_long_name(self):
|
||||
data = {'firewall_rule': {'description': 'descr_firewall_rule1',
|
||||
'name': _long_name,
|
||||
'protocol': 'tcp',
|
||||
'ip_version': 4,
|
||||
'source_ip_address': '192.168.0.1',
|
||||
'destination_ip_address': '127.0.0.1',
|
||||
'source_port': 1,
|
||||
'destination_port': 1,
|
||||
'action': 'allow',
|
||||
'enabled': True,
|
||||
'tenant_id': _uuid(),
|
||||
'shared': False}}
|
||||
res = self.api.post(_get_path('fwaas/firewall_rules', fmt=self.fmt),
|
||||
self.serialize(data),
|
||||
content_type='application/%s' % self.fmt,
|
||||
status=exc.HTTPBadRequest.code)
|
||||
self.assertIn('Invalid input for name', res.body.decode('utf-8'))
|
||||
|
||||
def test_create_firewall_rule_invalid_long_description(self):
|
||||
data = {'firewall_rule': {'description': _long_description,
|
||||
'name': 'rule1',
|
||||
'protocol': 'tcp',
|
||||
'ip_version': 4,
|
||||
'source_ip_address': '192.168.0.1',
|
||||
'destination_ip_address': '127.0.0.1',
|
||||
'source_port': 1,
|
||||
'destination_port': 1,
|
||||
'action': 'allow',
|
||||
'enabled': True,
|
||||
'tenant_id': _uuid(),
|
||||
'shared': False}}
|
||||
res = self.api.post(_get_path('fwaas/firewall_rules', fmt=self.fmt),
|
||||
self.serialize(data),
|
||||
content_type='application/%s' % self.fmt,
|
||||
status=exc.HTTPBadRequest.code)
|
||||
self.assertIn('Invalid input for description',
|
||||
res.body.decode('utf-8'))
|
||||
|
||||
def test_create_firewall_rule_invalid_long_tenant_id(self):
|
||||
data = {'firewall_rule': {'description': 'desc',
|
||||
'name': 'rule1',
|
||||
'protocol': 'tcp',
|
||||
'ip_version': 4,
|
||||
'source_ip_address': '192.168.0.1',
|
||||
'destination_ip_address': '127.0.0.1',
|
||||
'source_port': 1,
|
||||
'destination_port': 1,
|
||||
'action': 'allow',
|
||||
'enabled': True,
|
||||
'tenant_id': _long_tenant,
|
||||
'shared': False}}
|
||||
res = self.api.post(_get_path('fwaas/firewall_rules', fmt=self.fmt),
|
||||
self.serialize(data),
|
||||
content_type='application/%s' % self.fmt,
|
||||
status=exc.HTTPBadRequest.code)
|
||||
self.assertIn('Invalid input for ', res.body.decode('utf-8'))
|
||||
|
||||
def test_firewall_rule_list(self):
|
||||
rule_id = _uuid()
|
||||
return_value = [{'tenant_id': _uuid(),
|
||||
'id': rule_id}]
|
||||
|
||||
instance = self.plugin.return_value
|
||||
instance.get_firewall_rules.return_value = return_value
|
||||
|
||||
res = self.api.get(_get_path('fwaas/firewall_rules', fmt=self.fmt))
|
||||
|
||||
instance.get_firewall_rules.assert_called_with(mock.ANY,
|
||||
fields=mock.ANY,
|
||||
filters=mock.ANY)
|
||||
self.assertEqual(exc.HTTPOk.code, res.status_int)
|
||||
|
||||
def test_firewall_rule_get(self):
|
||||
rule_id = _uuid()
|
||||
return_value = {'tenant_id': _uuid(),
|
||||
'id': rule_id}
|
||||
|
||||
instance = self.plugin.return_value
|
||||
instance.get_firewall_rule.return_value = return_value
|
||||
|
||||
res = self.api.get(_get_path('fwaas/firewall_rules',
|
||||
id=rule_id, fmt=self.fmt))
|
||||
|
||||
instance.get_firewall_rule.assert_called_with(mock.ANY,
|
||||
rule_id,
|
||||
fields=mock.ANY)
|
||||
self.assertEqual(exc.HTTPOk.code, res.status_int)
|
||||
res = self.deserialize(res)
|
||||
self.assertIn('firewall_rule', res)
|
||||
self.assertEqual(return_value, res['firewall_rule'])
|
||||
|
||||
def test_firewall_rule_update(self):
|
||||
rule_id = _uuid()
|
||||
update_data = {'firewall_rule': {'action': 'deny'}}
|
||||
return_value = {'tenant_id': _uuid(),
|
||||
'id': rule_id}
|
||||
|
||||
instance = self.plugin.return_value
|
||||
instance.update_firewall_rule.return_value = return_value
|
||||
|
||||
res = self.api.put(_get_path('fwaas/firewall_rules', id=rule_id,
|
||||
fmt=self.fmt),
|
||||
self.serialize(update_data))
|
||||
|
||||
instance.update_firewall_rule.assert_called_with(
|
||||
mock.ANY,
|
||||
rule_id,
|
||||
firewall_rule=update_data)
|
||||
self.assertEqual(exc.HTTPOk.code, res.status_int)
|
||||
res = self.deserialize(res)
|
||||
self.assertIn('firewall_rule', res)
|
||||
self.assertEqual(return_value, res['firewall_rule'])
|
||||
|
||||
def test_firewall_rule_delete(self):
|
||||
self._test_entity_delete('firewall_rule')
|
||||
|
||||
def test_create_firewall_policy(self):
|
||||
policy_id = _uuid()
|
||||
project_id = _uuid()
|
||||
data = {'firewall_policy': {'description': 'descr_firewall_policy1',
|
||||
'name': 'new_fw_policy1',
|
||||
'firewall_rules': [_uuid(), _uuid()],
|
||||
'audited': False,
|
||||
'tenant_id': project_id,
|
||||
'shared': False}}
|
||||
return_value = copy.copy(data['firewall_policy'])
|
||||
return_value.update({'id': policy_id})
|
||||
|
||||
instance = self.plugin.return_value
|
||||
instance.create_firewall_policy.return_value = return_value
|
||||
res = self.api.post(_get_path('fwaas/firewall_policies',
|
||||
fmt=self.fmt),
|
||||
self.serialize(data),
|
||||
content_type='application/%s' % self.fmt)
|
||||
data['firewall_policy'].update({'project_id': project_id})
|
||||
self.assertEqual(exc.HTTPCreated.code, res.status_int)
|
||||
res = self.deserialize(res)
|
||||
self.assertIn('firewall_policy', res)
|
||||
self.assertEqual(return_value, res['firewall_policy'])
|
||||
|
||||
def test_create_firewall_policy_invalid_long_name(self):
|
||||
data = {'firewall_policy': {'description': 'descr_firewall_policy1',
|
||||
'name': _long_name,
|
||||
'firewall_rules': [_uuid(), _uuid()],
|
||||
'audited': False,
|
||||
'tenant_id': _uuid(),
|
||||
'shared': False}}
|
||||
res = self.api.post(_get_path('fwaas/firewall_policies',
|
||||
fmt=self.fmt),
|
||||
self.serialize(data),
|
||||
content_type='application/%s' % self.fmt,
|
||||
status=exc.HTTPBadRequest.code)
|
||||
self.assertIn('Invalid input for name', res.body.decode('utf-8'))
|
||||
|
||||
def test_create_firewall_policy_invalid_long_description(self):
|
||||
data = {'firewall_policy': {'description': _long_description,
|
||||
'name': 'new_fw_policy1',
|
||||
'firewall_rules': [_uuid(), _uuid()],
|
||||
'audited': False,
|
||||
'tenant_id': _uuid(),
|
||||
'shared': False}}
|
||||
res = self.api.post(_get_path('fwaas/firewall_policies',
|
||||
fmt=self.fmt),
|
||||
self.serialize(data),
|
||||
content_type='application/%s' % self.fmt,
|
||||
status=exc.HTTPBadRequest.code)
|
||||
self.assertIn('Invalid input for description',
|
||||
res.body.decode('utf-8'))
|
||||
|
||||
def test_create_firewall_policy_invalid_long_tenant_id(self):
|
||||
data = {'firewall_policy': {'description': 'desc',
|
||||
'name': 'new_fw_policy1',
|
||||
'firewall_rules': [_uuid(), _uuid()],
|
||||
'audited': False,
|
||||
'tenant_id': _long_tenant,
|
||||
'shared': False}}
|
||||
res = self.api.post(_get_path('fwaas/firewall_policies',
|
||||
fmt=self.fmt),
|
||||
self.serialize(data),
|
||||
content_type='application/%s' % self.fmt,
|
||||
status=exc.HTTPBadRequest.code)
|
||||
self.assertIn('Invalid input for ', res.body.decode('utf-8'))
|
||||
|
||||
def test_firewall_policy_list(self):
|
||||
policy_id = _uuid()
|
||||
return_value = [{'tenant_id': _uuid(),
|
||||
'id': policy_id}]
|
||||
|
||||
instance = self.plugin.return_value
|
||||
instance.get_firewall_policies.return_value = return_value
|
||||
|
||||
res = self.api.get(_get_path('fwaas/firewall_policies',
|
||||
fmt=self.fmt))
|
||||
|
||||
instance.get_firewall_policies.assert_called_with(mock.ANY,
|
||||
fields=mock.ANY,
|
||||
filters=mock.ANY)
|
||||
self.assertEqual(exc.HTTPOk.code, res.status_int)
|
||||
|
||||
def test_firewall_policy_get(self):
|
||||
policy_id = _uuid()
|
||||
return_value = {'tenant_id': _uuid(),
|
||||
'id': policy_id}
|
||||
|
||||
instance = self.plugin.return_value
|
||||
instance.get_firewall_policy.return_value = return_value
|
||||
|
||||
res = self.api.get(_get_path('fwaas/firewall_policies',
|
||||
id=policy_id, fmt=self.fmt))
|
||||
|
||||
instance.get_firewall_policy.assert_called_with(mock.ANY,
|
||||
policy_id,
|
||||
fields=mock.ANY)
|
||||
self.assertEqual(exc.HTTPOk.code, res.status_int)
|
||||
res = self.deserialize(res)
|
||||
self.assertIn('firewall_policy', res)
|
||||
self.assertEqual(return_value, res['firewall_policy'])
|
||||
|
||||
def test_firewall_policy_update(self):
|
||||
policy_id = _uuid()
|
||||
update_data = {'firewall_policy': {'audited': True}}
|
||||
return_value = {'tenant_id': _uuid(),
|
||||
'id': policy_id}
|
||||
|
||||
instance = self.plugin.return_value
|
||||
instance.update_firewall_policy.return_value = return_value
|
||||
|
||||
res = self.api.put(_get_path('fwaas/firewall_policies',
|
||||
id=policy_id,
|
||||
fmt=self.fmt),
|
||||
self.serialize(update_data))
|
||||
|
||||
instance.update_firewall_policy.assert_called_with(
|
||||
mock.ANY,
|
||||
policy_id,
|
||||
firewall_policy=update_data)
|
||||
self.assertEqual(exc.HTTPOk.code, res.status_int)
|
||||
res = self.deserialize(res)
|
||||
self.assertIn('firewall_policy', res)
|
||||
self.assertEqual(return_value, res['firewall_policy'])
|
||||
|
||||
def test_firewall_policy_update_malformed_rules(self):
|
||||
# emulating client request when no rule uuids are provided for
|
||||
# --firewall_rules parameter
|
||||
update_data = {'firewall_policy': {'firewall_rules': True}}
|
||||
# have to check for generic AppError
|
||||
self.assertRaises(
|
||||
webtest.AppError,
|
||||
self.api.put,
|
||||
_get_path('fwaas/firewall_policies', id=_uuid(), fmt=self.fmt),
|
||||
self.serialize(update_data))
|
||||
|
||||
def test_firewall_policy_delete(self):
|
||||
self._test_entity_delete('firewall_policy')
|
||||
|
||||
def test_firewall_policy_insert_rule(self):
|
||||
firewall_policy_id = _uuid()
|
||||
firewall_rule_id = _uuid()
|
||||
ref_firewall_rule_id = _uuid()
|
||||
|
||||
insert_data = {'firewall_rule_id': firewall_rule_id,
|
||||
'insert_before': ref_firewall_rule_id,
|
||||
'insert_after': None}
|
||||
return_value = {'firewall_policy':
|
||||
{'tenant_id': _uuid(),
|
||||
'id': firewall_policy_id,
|
||||
'firewall_rules': [ref_firewall_rule_id,
|
||||
firewall_rule_id]}}
|
||||
|
||||
instance = self.plugin.return_value
|
||||
instance.insert_rule.return_value = return_value
|
||||
|
||||
path = _get_path('fwaas/firewall_policies', id=firewall_policy_id,
|
||||
action="insert_rule",
|
||||
fmt=self.fmt)
|
||||
res = self.api.put(path, self.serialize(insert_data))
|
||||
instance.insert_rule.assert_called_with(mock.ANY, firewall_policy_id,
|
||||
insert_data)
|
||||
self.assertEqual(exc.HTTPOk.code, res.status_int)
|
||||
res = self.deserialize(res)
|
||||
self.assertEqual(return_value, res)
|
||||
|
||||
def test_firewall_policy_remove_rule(self):
|
||||
firewall_policy_id = _uuid()
|
||||
firewall_rule_id = _uuid()
|
||||
|
||||
remove_data = {'firewall_rule_id': firewall_rule_id}
|
||||
return_value = {'firewall_policy':
|
||||
{'tenant_id': _uuid(),
|
||||
'id': firewall_policy_id,
|
||||
'firewall_rules': []}}
|
||||
|
||||
instance = self.plugin.return_value
|
||||
instance.remove_rule.return_value = return_value
|
||||
|
||||
path = _get_path('fwaas/firewall_policies', id=firewall_policy_id,
|
||||
action="remove_rule",
|
||||
fmt=self.fmt)
|
||||
res = self.api.put(path, self.serialize(remove_data))
|
||||
instance.remove_rule.assert_called_with(mock.ANY, firewall_policy_id,
|
||||
remove_data)
|
||||
self.assertEqual(exc.HTTPOk.code, res.status_int)
|
||||
res = self.deserialize(res)
|
||||
self.assertEqual(return_value, res)
|
||||
|
||||
def test_create_firewall_group_invalid_long_attributes(self):
|
||||
long_targets = [{'name': _long_name},
|
||||
{'description': _long_description},
|
||||
{'tenant_id': _long_tenant}]
|
||||
|
||||
for target in long_targets:
|
||||
data = {'firewall_group': {'description': 'fake_description',
|
||||
'name': 'fake_name',
|
||||
'tenant_id': 'fake-tenant_id',
|
||||
'ingress_firewall_policy_id': None,
|
||||
'egress_firewall_policy_id': None,
|
||||
'admin_state_up': True,
|
||||
'ports': [],
|
||||
'shared': False}}
|
||||
data['firewall_group'].update(target)
|
||||
res = self.api.post(_get_path('fwaas/firewall_groups',
|
||||
fmt=self.fmt),
|
||||
self.serialize(data),
|
||||
content_type='application/%s' % self.fmt,
|
||||
status=exc.HTTPBadRequest.code)
|
||||
#TODO(njohnston): Remove this when neutron starts returning
|
||||
# project_id in a dependable fashion, as opposed to tenant_id.
|
||||
target_attr_name = list(target)[0]
|
||||
if target_attr_name == 'tenant_id':
|
||||
target_attr_name = ''
|
||||
self.assertIn('Invalid input for %s' % target_attr_name,
|
||||
res.body.decode('utf-8'))
|
|
@ -23,6 +23,8 @@ from neutron.tests import fake_notifier
|
|||
from neutron.tests.unit.extensions import test_agent
|
||||
from neutron.tests.unit.extensions import test_l3 as test_l3_plugin
|
||||
from neutron_lib.api import attributes as attr
|
||||
from neutron_lib.api.definitions import firewall as fwaas_def
|
||||
from neutron_lib.api.definitions import firewallrouterinsertion
|
||||
from neutron_lib import constants as nl_constants
|
||||
from neutron_lib import context
|
||||
from neutron_lib.exceptions import firewall_v1 as f_exc
|
||||
|
@ -36,7 +38,6 @@ from webob import exc
|
|||
from neutron_fwaas.db.firewall import firewall_db as fdb
|
||||
import neutron_fwaas.extensions
|
||||
from neutron_fwaas.extensions import firewall
|
||||
from neutron_fwaas.extensions import firewallrouterinsertion
|
||||
from neutron_fwaas.services.firewall import fwaas_plugin
|
||||
from neutron_fwaas.tests import base
|
||||
from neutron_fwaas.tests.unit.db.firewall import (
|
||||
|
@ -53,8 +54,8 @@ class FirewallTestExtensionManager(test_l3_plugin.L3TestExtensionManager):
|
|||
|
||||
def get_resources(self):
|
||||
res = super(FirewallTestExtensionManager, self).get_resources()
|
||||
firewall.RESOURCE_ATTRIBUTE_MAP['firewalls'].update(
|
||||
firewallrouterinsertion.EXTENDED_ATTRIBUTES_2_0['firewalls'])
|
||||
fwaas_def.RESOURCE_ATTRIBUTE_MAP['firewalls'].update(
|
||||
firewallrouterinsertion.RESOURCE_ATTRIBUTE_MAP['firewalls'])
|
||||
return res + firewall.Firewall.get_resources()
|
||||
|
||||
def get_actions(self):
|
||||
|
@ -82,7 +83,6 @@ class TestFirewallRouterInsertionBase(
|
|||
self.saved_attr_map = {}
|
||||
for resource, attrs in six.iteritems(attr.RESOURCES):
|
||||
self.saved_attr_map[resource] = attrs.copy()
|
||||
self.addCleanup(self.restore_attribute_map)
|
||||
if not fw_plugin:
|
||||
fw_plugin = FW_PLUGIN_KLASS
|
||||
service_plugins = {'l3_plugin_name': l3_plugin,
|
||||
|
@ -93,6 +93,7 @@ class TestFirewallRouterInsertionBase(
|
|||
super(test_db_firewall.FirewallPluginDbTestCase, self).setUp(
|
||||
plugin=plugin, service_plugins=service_plugins, ext_mgr=ext_mgr)
|
||||
|
||||
self.addCleanup(self.restore_attribute_map)
|
||||
self.setup_notification_driver()
|
||||
|
||||
self.l3_plugin = directory.get_plugin(plugin_constants.L3)
|
||||
|
@ -101,7 +102,7 @@ class TestFirewallRouterInsertionBase(
|
|||
|
||||
def restore_attribute_map(self):
|
||||
# Remove the fwaasrouterinsertion extension
|
||||
firewall.RESOURCE_ATTRIBUTE_MAP['firewalls'].pop('router_ids')
|
||||
fwaas_def.RESOURCE_ATTRIBUTE_MAP['firewalls'].pop('router_ids')
|
||||
# Restore the original RESOURCE_ATTRIBUTE_MAP
|
||||
attr.RESOURCES = self.saved_attr_map
|
||||
|
||||
|
@ -737,7 +738,7 @@ class TestFirewallRouterPluginBase(test_db_firewall.FirewallPluginDbTestCase,
|
|||
fdb.Firewall_db_mixin.\
|
||||
supported_extension_aliases = ["fwaas",
|
||||
"fwaasrouterinsertion"]
|
||||
fdb.Firewall_db_mixin.path_prefix = firewall.FIREWALL_PREFIX
|
||||
fdb.Firewall_db_mixin.path_prefix = fwaas_def.API_PREFIX
|
||||
|
||||
super(test_db_firewall.FirewallPluginDbTestCase, self).setUp(
|
||||
ext_mgr=ext_mgr,
|
||||
|
|
Loading…
Reference in New Issue