diff --git a/neutron_fwaas/common/fwaas_constants.py b/neutron_fwaas/common/fwaas_constants.py index 45e3a65ae..2e97ccb95 100644 --- a/neutron_fwaas/common/fwaas_constants.py +++ b/neutron_fwaas/common/fwaas_constants.py @@ -14,6 +14,7 @@ # under the License. FIREWALL = 'FIREWALL' +FIREWALL_V2 = 'FIREWALL_V2' # Constants for "topics" FIREWALL_PLUGIN = 'q-firewall-plugin' diff --git a/neutron_fwaas/extensions/firewall.py b/neutron_fwaas/extensions/firewall.py index bc85df5b5..8950ca676 100644 --- a/neutron_fwaas/extensions/firewall.py +++ b/neutron_fwaas/extensions/firewall.py @@ -16,13 +16,10 @@ import abc from debtcollector import moves - from neutron.api.v2 import resource_helper -from neutron_lib.api import converters +from neutron_lib.api.definitions import constants as api_const +from neutron_lib.api.definitions import firewall from neutron_lib.api import extensions -from neutron_lib.api import validators -from neutron_lib import constants -from neutron_lib.db import constants as db_const from neutron_lib.exceptions import firewall_v1 as f_exc from neutron_lib.services import base as service_base from oslo_config import cfg @@ -81,206 +78,6 @@ FirewallInternalDriverError = moves.moved_class( FirewallRuleConflict = moves.moved_class( f_exc.FirewallRuleConflict, 'FirewallRuleConflict', __name__) -# Firewall rule action -FWAAS_ALLOW = "allow" -FWAAS_DENY = "deny" -FWAAS_REJECT = "reject" - -# Firewall resource path prefix -FIREWALL_PREFIX = "/fw" - - -fw_valid_protocol_values = [None, constants.PROTO_NAME_TCP, - constants.PROTO_NAME_UDP, - constants.PROTO_NAME_ICMP] -fw_valid_action_values = [FWAAS_ALLOW, FWAAS_DENY, FWAAS_REJECT] - - -def convert_protocol(value): - if value is None: - return - if (isinstance(value, six.integer_types) or - (isinstance(value, six.string_types) and value.isdigit())): - val = int(value) - if 0 <= val <= 255: - return val - else: - raise f_exc.FirewallRuleInvalidProtocol( - protocol=value, values=fw_valid_protocol_values) - elif isinstance(value, six.string_types): - if value.lower() in fw_valid_protocol_values: - return value.lower() - raise f_exc.FirewallRuleInvalidProtocol( - protocol=value, values=fw_valid_protocol_values) - - -def convert_action_to_case_insensitive(value): - if value is None: - return - else: - return value.lower() - - -def convert_port_to_string(value): - if value is None: - return - else: - return str(value) - - -def _validate_port_range(data, key_specs=None): - if data is None: - return - data = str(data) - ports = data.split(':') - for p in ports: - try: - val = int(p) - except (ValueError, TypeError): - msg = _("Port '%s' is not a valid number") % p - LOG.debug(msg) - return msg - if val <= 0 or val > 65535: - msg = _("Invalid port '%s'") % p - LOG.debug(msg) - return msg - - -def _validate_ip_or_subnet_or_none(data, valid_values=None): - if data is None: - return None - msg_ip = validators.validate_ip_address(data, valid_values) - if not msg_ip: - return - msg_subnet = validators.validate_subnet(data, valid_values) - if not msg_subnet: - return - return _("%(msg_ip)s and %(msg_subnet)s") % {'msg_ip': msg_ip, - 'msg_subnet': msg_subnet} - - -validators.validators['type:port_range'] = _validate_port_range -validators.validators['type:ip_or_subnet_or_none'] = \ - _validate_ip_or_subnet_or_none - - -RESOURCE_ATTRIBUTE_MAP = { - 'firewall_rules': { - 'id': {'allow_post': False, 'allow_put': False, - 'validate': {'type:uuid': None}, - 'is_visible': True, 'primary_key': True}, - 'tenant_id': {'allow_post': True, 'allow_put': False, - 'required_by_policy': True, - 'is_visible': True}, - 'name': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': db_const.NAME_FIELD_SIZE}, - 'is_visible': True, 'default': ''}, - 'description': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': - db_const.DESCRIPTION_FIELD_SIZE}, - 'is_visible': True, 'default': ''}, - 'firewall_policy_id': {'allow_post': False, 'allow_put': False, - 'validate': {'type:uuid_or_none': None}, - 'is_visible': True}, - 'shared': {'allow_post': True, 'allow_put': True, - 'default': False, - 'convert_to': converters.convert_to_boolean, - 'is_visible': True, 'required_by_policy': True, - 'enforce_policy': True}, - 'protocol': {'allow_post': True, 'allow_put': True, - 'is_visible': True, 'default': None, - 'convert_to': convert_protocol, - 'validate': {'type:values': fw_valid_protocol_values}}, - 'ip_version': {'allow_post': True, 'allow_put': True, - 'default': 4, 'convert_to': converters.convert_to_int, - 'validate': {'type:values': [4, 6]}, - 'is_visible': True}, - 'source_ip_address': {'allow_post': True, 'allow_put': True, - 'validate': {'type:ip_or_subnet_or_none': None}, - 'is_visible': True, 'default': None}, - 'destination_ip_address': {'allow_post': True, 'allow_put': True, - 'validate': {'type:ip_or_subnet_or_none': - None}, - 'is_visible': True, 'default': None}, - 'source_port': {'allow_post': True, 'allow_put': True, - 'validate': {'type:port_range': None}, - 'convert_to': convert_port_to_string, - 'default': None, 'is_visible': True}, - 'destination_port': {'allow_post': True, 'allow_put': True, - 'validate': {'type:port_range': None}, - 'convert_to': convert_port_to_string, - 'default': None, 'is_visible': True}, - 'position': {'allow_post': False, 'allow_put': False, - 'default': None, 'is_visible': True}, - 'action': {'allow_post': True, 'allow_put': True, - 'convert_to': convert_action_to_case_insensitive, - 'validate': {'type:values': fw_valid_action_values}, - 'is_visible': True, 'default': 'deny'}, - 'enabled': {'allow_post': True, 'allow_put': True, - 'default': True, 'is_visible': True, - 'convert_to': converters.convert_to_boolean}, - }, - 'firewall_policies': { - 'id': {'allow_post': False, 'allow_put': False, - 'validate': {'type:uuid': None}, - 'is_visible': True, - 'primary_key': True}, - 'tenant_id': {'allow_post': True, 'allow_put': False, - 'required_by_policy': True, - 'is_visible': True}, - 'name': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': db_const.NAME_FIELD_SIZE}, - 'is_visible': True, 'default': ''}, - 'description': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': - db_const.DESCRIPTION_FIELD_SIZE}, - 'is_visible': True, 'default': ''}, - 'shared': {'allow_post': True, 'allow_put': True, - 'default': False, 'enforce_policy': True, - 'convert_to': converters.convert_to_boolean, - 'is_visible': True, 'required_by_policy': True}, - 'firewall_rules': {'allow_post': True, 'allow_put': True, - 'validate': {'type:uuid_list': None}, - 'convert_to': converters.convert_none_to_empty_list, - 'default': None, 'is_visible': True}, - 'audited': {'allow_post': True, 'allow_put': True, - 'default': False, 'is_visible': True, - 'convert_to': converters.convert_to_boolean}, - }, - 'firewalls': { - 'id': {'allow_post': False, 'allow_put': False, - 'validate': {'type:uuid': None}, - 'is_visible': True, - 'primary_key': True}, - 'tenant_id': {'allow_post': True, 'allow_put': False, - 'required_by_policy': True, - 'is_visible': True}, - 'name': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': db_const.NAME_FIELD_SIZE}, - 'is_visible': True, 'default': ''}, - 'description': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': - db_const.DESCRIPTION_FIELD_SIZE}, - 'is_visible': True, 'default': ''}, - 'admin_state_up': {'allow_post': True, 'allow_put': True, - 'default': True, 'is_visible': True, - 'convert_to': converters.convert_to_boolean}, - 'status': {'allow_post': False, 'allow_put': False, - 'is_visible': True}, - 'shared': {'allow_post': True, 'allow_put': True, - 'default': False, 'enforce_policy': True, - 'convert_to': converters.convert_to_boolean, - 'is_visible': False, 'required_by_policy': True}, - 'firewall_policy_id': {'allow_post': True, 'allow_put': True, - 'validate': {'type:uuid_or_none': None}, - 'is_visible': True}, - }, -} - -# A tenant may have a unique firewall and policy for each router -# when router insertion is used. -# Set default quotas to align with default l3 quota_router of 10 -# though keep as separately controllable. firewall_quota_opts = [ cfg.IntOpt('quota_firewall', @@ -299,51 +96,35 @@ firewall_quota_opts = [ cfg.CONF.register_opts(firewall_quota_opts, 'QUOTAS') -class Firewall(extensions.ExtensionDescriptor): +# TODO(Reedip): Remove the convert_to functionality after bug1706061 is fixed. +def convert_to_string(value): + if value is not None: + return str(value) + return None - @classmethod - def get_name(cls): - return "Firewall service" +firewall.RESOURCE_ATTRIBUTE_MAP[api_const.FIREWALL_RULES][ + 'source_port']['convert_to'] = convert_to_string +firewall.RESOURCE_ATTRIBUTE_MAP[api_const.FIREWALL_RULES][ + 'destination_port']['convert_to'] = convert_to_string - @classmethod - def get_alias(cls): - return "fwaas" - @classmethod - def get_description(cls): - return "Extension for Firewall service" - - @classmethod - def get_updated(cls): - return "2013-02-25T10:00:00-00:00" +class Firewall(extensions.APIExtensionDescriptor): + api_definition = firewall @classmethod def get_resources(cls): special_mappings = {'firewall_policies': 'firewall_policy'} plural_mappings = resource_helper.build_plural_mappings( - special_mappings, RESOURCE_ATTRIBUTE_MAP) - action_map = {'firewall_policy': {'insert_rule': 'PUT', - 'remove_rule': 'PUT'}} - return resource_helper.build_resource_info(plural_mappings, - RESOURCE_ATTRIBUTE_MAP, - fwaas_constants.FIREWALL, - action_map=action_map, - register_quota=True) + special_mappings, firewall.RESOURCE_ATTRIBUTE_MAP) + return resource_helper.build_resource_info( + plural_mappings, firewall.RESOURCE_ATTRIBUTE_MAP, + fwaas_constants.FIREWALL, action_map=firewall.ACTION_MAP, + register_quota=True) @classmethod def get_plugin_interface(cls): return FirewallPluginBase - def update_attributes_map(self, attributes): - super(Firewall, self).update_attributes_map( - attributes, extension_attrs_map=RESOURCE_ATTRIBUTE_MAP) - - def get_extended_resources(self, version): - if version == "2.0": - return RESOURCE_ATTRIBUTE_MAP - else: - return {} - @six.add_metaclass(abc.ABCMeta) class FirewallPluginBase(service_base.ServicePluginBase): diff --git a/neutron_fwaas/extensions/firewall_v2.py b/neutron_fwaas/extensions/firewall_v2.py index a8d95e2e0..49d4ab796 100644 --- a/neutron_fwaas/extensions/firewall_v2.py +++ b/neutron_fwaas/extensions/firewall_v2.py @@ -15,22 +15,16 @@ import abc from debtcollector import moves - from neutron.api.v2 import resource_helper -from neutron_lib.api import converters +from neutron_lib.api.definitions import constants as api_const +from neutron_lib.api.definitions import firewall_v2 from neutron_lib.api import extensions -from neutron_lib.db import constants as nl_db_constants from neutron_lib.exceptions import firewall_v2 as f_exc from neutron_lib.services import base as service_base import six -# Import firewall v1 API to get the validators -# TODO(shpadubi): pull the validators out of fwaas v1 into a separate file -from neutron_fwaas.extensions import firewall as fwaas_v1 +from neutron_fwaas.common import fwaas_constants -FIREWALL_PREFIX = '/fwaas' - -FIREWALL_CONST = 'FIREWALL_V2' FirewallGroupNotFound = moves.moved_class( f_exc.FirewallGroupNotFound, 'FirewallGroupNotFound', __name__) @@ -93,192 +87,44 @@ FirewallRuleAlreadyAssociated = moves.moved_class( __name__) -RESOURCE_ATTRIBUTE_MAP = { - 'firewall_rules': { - 'id': {'allow_post': False, 'allow_put': False, - 'validate': {'type:uuid': None}, - 'is_visible': True, 'primary_key': True}, - 'tenant_id': {'allow_post': True, 'allow_put': False, - 'required_by_policy': True, - 'validate': {'type:string': - nl_db_constants.UUID_FIELD_SIZE}, - 'is_visible': True}, - 'name': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': nl_db_constants.NAME_FIELD_SIZE}, - 'is_visible': True, 'default': ''}, - 'description': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': - nl_db_constants.DESCRIPTION_FIELD_SIZE}, - 'is_visible': True, 'default': ''}, - 'firewall_policy_id': {'allow_post': False, 'allow_put': False, - 'validate': {'type:uuid_or_none': None}, - 'is_visible': True}, - 'shared': {'allow_post': True, 'allow_put': True, - 'default': False, 'is_visible': True, - 'convert_to': converters.convert_to_boolean, - 'required_by_policy': True, 'enforce_policy': True}, - 'protocol': {'allow_post': True, 'allow_put': True, - 'is_visible': True, 'default': None, - 'convert_to': fwaas_v1.convert_protocol, - 'validate': {'type:values': - fwaas_v1.fw_valid_protocol_values}}, - 'ip_version': {'allow_post': True, 'allow_put': True, - 'default': 4, 'convert_to': converters.convert_to_int, - 'validate': {'type:values': [4, 6]}, - 'is_visible': True}, - 'source_ip_address': {'allow_post': True, 'allow_put': True, - 'validate': {'type:ip_or_subnet_or_none': None}, - 'is_visible': True, 'default': None}, - 'destination_ip_address': {'allow_post': True, 'allow_put': True, - 'validate': {'type:ip_or_subnet_or_none': - None}, - 'is_visible': True, 'default': None}, - 'source_port': {'allow_post': True, 'allow_put': True, - 'validate': {'type:port_range': None}, - 'convert_to': fwaas_v1.convert_port_to_string, - 'default': None, 'is_visible': True}, - 'destination_port': {'allow_post': True, 'allow_put': True, - 'validate': {'type:port_range': None}, - 'convert_to': fwaas_v1.convert_port_to_string, - 'default': None, 'is_visible': True}, - 'position': {'allow_post': False, 'allow_put': False, - 'default': None, 'is_visible': True}, - 'action': {'allow_post': True, 'allow_put': True, - 'convert_to': fwaas_v1.convert_action_to_case_insensitive, - 'validate': {'type:values': - fwaas_v1.fw_valid_action_values}, - 'is_visible': True, 'default': 'deny'}, - 'enabled': {'allow_post': True, 'allow_put': True, - 'convert_to': converters.convert_to_boolean, - 'default': True, 'is_visible': True}, - }, - 'firewall_groups': { - 'id': {'allow_post': False, 'allow_put': False, - 'validate': {'type:uuid': None}, - 'is_visible': True, - 'primary_key': True}, - 'name': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': nl_db_constants.NAME_FIELD_SIZE}, - 'is_visible': True, 'default': ''}, - 'description': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': - nl_db_constants.DESCRIPTION_FIELD_SIZE}, - 'is_visible': True, 'default': ''}, - 'admin_state_up': {'allow_post': True, 'allow_put': True, - 'default': True, 'is_visible': True, - 'convert_to': converters.convert_to_boolean}, - 'status': {'allow_post': False, 'allow_put': False, - 'is_visible': True}, - 'shared': {'allow_post': True, 'allow_put': True, 'default': False, - 'convert_to': converters.convert_to_boolean, - 'is_visible': True, 'required_by_policy': True, - 'enforce_policy': True}, - 'ports': {'allow_post': True, 'allow_put': True, - 'validate': {'type:uuid_list': None}, - 'convert_to': converters.convert_none_to_empty_list, - 'default': None, 'is_visible': True}, - 'tenant_id': {'allow_post': True, 'allow_put': False, - 'required_by_policy': True, - 'validate': {'type:string': - nl_db_constants.UUID_FIELD_SIZE}, - 'is_visible': True}, - 'ingress_firewall_policy_id': {'allow_post': True, - 'allow_put': True, - 'validate': {'type:uuid_or_none': - None}, - 'default': None, 'is_visible': True}, - 'egress_firewall_policy_id': {'allow_post': True, - 'allow_put': True, - 'validate': {'type:uuid_or_none': - None}, - 'default': None, 'is_visible': True}, - }, - 'firewall_policies': { - 'id': {'allow_post': False, 'allow_put': False, - 'validate': {'type:uuid': None}, - 'is_visible': True, - 'primary_key': True}, - 'tenant_id': {'allow_post': True, 'allow_put': False, - 'required_by_policy': True, - 'validate': {'type:string': - nl_db_constants.UUID_FIELD_SIZE}, - 'is_visible': True}, - 'name': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': nl_db_constants.NAME_FIELD_SIZE}, - 'is_visible': True, 'default': ''}, - 'description': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': - nl_db_constants.DESCRIPTION_FIELD_SIZE}, - 'is_visible': True, 'default': ''}, - 'shared': {'allow_post': True, 'allow_put': True, 'default': False, - 'convert_to': converters.convert_to_boolean, - 'is_visible': True, 'required_by_policy': True, - 'enforce_policy': True}, - 'firewall_rules': {'allow_post': True, 'allow_put': True, - 'validate': {'type:uuid_list': None}, - 'convert_to': converters.convert_none_to_empty_list, - 'default': None, 'is_visible': True}, - 'audited': {'allow_post': True, 'allow_put': True, 'default': False, - 'convert_to': converters.convert_to_boolean, - 'is_visible': True}, +# TODO(Reedip): Remove the convert_to functionality after bug1706061 is fixed. +def convert_to_string(value): + if value is not None: + return str(value) + return None - }, -} +firewall_v2.RESOURCE_ATTRIBUTE_MAP[api_const.FIREWALL_RULES][ + 'source_port']['convert_to'] = convert_to_string +firewall_v2.RESOURCE_ATTRIBUTE_MAP[api_const.FIREWALL_RULES][ + 'destination_port']['convert_to'] = convert_to_string -class Firewall_v2(extensions.ExtensionDescriptor): - - @classmethod - def get_name(cls): - return "Firewall service v2" - - @classmethod - def get_alias(cls): - return "fwaas_v2" - - @classmethod - def get_description(cls): - return "Extension for Firewall service v2" - - @classmethod - def get_updated(cls): - return "2016-08-16T00:00:00-00:00" +class Firewall_v2(extensions.APIExtensionDescriptor): + api_definition = firewall_v2 @classmethod def get_resources(cls): special_mappings = {'firewall_policies': 'firewall_policy'} plural_mappings = resource_helper.build_plural_mappings( - special_mappings, RESOURCE_ATTRIBUTE_MAP) - action_map = {'firewall_policy': {'insert_rule': 'PUT', - 'remove_rule': 'PUT'}} - return resource_helper.build_resource_info(plural_mappings, - RESOURCE_ATTRIBUTE_MAP, - FIREWALL_CONST, - action_map=action_map) + special_mappings, firewall_v2.RESOURCE_ATTRIBUTE_MAP) + return resource_helper.build_resource_info( + plural_mappings, firewall_v2.RESOURCE_ATTRIBUTE_MAP, + fwaas_constants.FIREWALL_V2, action_map=firewall_v2.ACTION_MAP, + register_quota=True) @classmethod def get_plugin_interface(cls): return Firewallv2PluginBase - def update_attributes_map(self, attributes): - super(Firewall_v2, self).update_attributes_map( - attributes, extension_attrs_map=RESOURCE_ATTRIBUTE_MAP) - - def get_extended_resources(self, version): - if version == "2.0": - return RESOURCE_ATTRIBUTE_MAP - else: - return {} - @six.add_metaclass(abc.ABCMeta) class Firewallv2PluginBase(service_base.ServicePluginBase): def get_plugin_name(self): - return FIREWALL_CONST + return fwaas_constants.FIREWALL_V2 def get_plugin_type(self): - return FIREWALL_CONST + return fwaas_constants.FIREWALL_V2 def get_plugin_description(self): return 'Firewall Service v2 Plugin' diff --git a/neutron_fwaas/extensions/firewallrouterinsertion.py b/neutron_fwaas/extensions/firewallrouterinsertion.py index a630c856e..e0ce9bc0b 100644 --- a/neutron_fwaas/extensions/firewallrouterinsertion.py +++ b/neutron_fwaas/extensions/firewallrouterinsertion.py @@ -13,20 +13,11 @@ # License for the specific language governing permissions and limitations # under the License. +from neutron_lib.api.definitions import firewallrouterinsertion from neutron_lib.api import extensions -from neutron_lib import constants -EXTENDED_ATTRIBUTES_2_0 = { - 'firewalls': { - 'router_ids': {'allow_post': True, 'allow_put': True, - 'validate': {'type:uuid_list': None}, - 'is_visible': True, 'default': constants.ATTR_NOT_SPECIFIED}, - } -} - - -class Firewallrouterinsertion(extensions.ExtensionDescriptor): +class Firewallrouterinsertion(extensions.APIExtensionDescriptor): """Extension class supporting Firewall and Router(s) association. The extension enables providing an option to specify router-ids of @@ -45,24 +36,4 @@ class Firewallrouterinsertion(extensions.ExtensionDescriptor): provided with a list of routers or an empty list - this drives the new set of routers that the firewall is associated with. """ - @classmethod - def get_name(cls): - return "Firewall Router insertion" - - @classmethod - def get_alias(cls): - return "fwaasrouterinsertion" - - @classmethod - def get_description(cls): - return "Firewall Router insertion on specified set of routers" - - @classmethod - def get_updated(cls): - return "2015-01-27T10:00:00-00:00" - - def get_extended_resources(self, version): - if version == "2.0": - return EXTENDED_ATTRIBUTES_2_0 - else: - return {} + api_definition = firewallrouterinsertion diff --git a/neutron_fwaas/services/firewall/agents/l3reference/firewall_l3_agent.py b/neutron_fwaas/services/firewall/agents/l3reference/firewall_l3_agent.py index 25d4149ff..0c682a6ad 100644 --- a/neutron_fwaas/services/firewall/agents/l3reference/firewall_l3_agent.py +++ b/neutron_fwaas/services/firewall/agents/l3reference/firewall_l3_agent.py @@ -14,6 +14,10 @@ # under the License. from neutron.common import rpc as n_rpc +from neutron_lib.agent import l3_extension +from neutron_lib.api.definitions import firewall as fw_ext +from neutron_lib import constants as nl_constants +from neutron_lib import context from oslo_config import cfg from oslo_log import helpers as log_helpers from oslo_log import log as logging @@ -21,12 +25,8 @@ from oslo_log import log as logging from neutron_fwaas._i18n import _, _LE from neutron_fwaas.common import fwaas_constants from neutron_fwaas.common import resources as f_resources -from neutron_fwaas.extensions import firewall as fw_ext from neutron_fwaas.services.firewall.agents import firewall_agent_api as api from neutron_fwaas.services.firewall.agents import firewall_service -from neutron_lib.agent import l3_extension -from neutron_lib import constants as nl_constants -from neutron_lib import context LOG = logging.getLogger(__name__) diff --git a/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py b/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py index 07c688887..ae3fd8a7f 100644 --- a/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py +++ b/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py @@ -15,11 +15,11 @@ from neutron.agent.linux import iptables_manager from neutron.agent.linux import utils as linux_utils +from neutron.common import utils +from neutron_lib.api.definitions import firewall as fw_ext from oslo_log import log as logging -from neutron.common import utils from neutron_fwaas._i18n import _LE -from neutron_fwaas.extensions import firewall as fw_ext from neutron_fwaas.services.firewall.drivers import fwaas_base_v2 LOG = logging.getLogger(__name__) diff --git a/neutron_fwaas/services/firewall/fwaas_plugin.py b/neutron_fwaas/services/firewall/fwaas_plugin.py index 0f73f4e91..2099e67ae 100644 --- a/neutron_fwaas/services/firewall/fwaas_plugin.py +++ b/neutron_fwaas/services/firewall/fwaas_plugin.py @@ -12,15 +12,15 @@ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. + +from neutron.common import rpc as n_rpc +from neutron.common import utils as n_utils +from neutron_lib.api.definitions import firewall as fw_ext from neutron_lib import constants as nl_constants from neutron_lib import context as neutron_context from neutron_lib.exceptions import firewall_v1 as f_exc from neutron_lib.plugins import constants as plugin_constants from neutron_lib.plugins import directory - -from neutron.common import rpc as n_rpc -from neutron.common import utils as n_utils - from oslo_config import cfg from oslo_log import log as logging import oslo_messaging @@ -29,7 +29,6 @@ from neutron_fwaas._i18n import _LI, _LW from neutron_fwaas.common import fwaas_constants as f_const from neutron_fwaas.db.firewall import firewall_db from neutron_fwaas.db.firewall import firewall_router_insertion_db -from neutron_fwaas.extensions import firewall as fw_ext LOG = logging.getLogger(__name__) @@ -153,7 +152,7 @@ class FirewallPlugin( firewall_db.Firewall_db_mixin. """ supported_extension_aliases = ["fwaas", "fwaasrouterinsertion"] - path_prefix = fw_ext.FIREWALL_PREFIX + path_prefix = fw_ext.API_PREFIX def __init__(self): """Do the initialization for the firewall service plugin here.""" diff --git a/neutron_fwaas/services/firewall/fwaas_plugin_v2.py b/neutron_fwaas/services/firewall/fwaas_plugin_v2.py index 6f8b07ae6..a369efdb7 100644 --- a/neutron_fwaas/services/firewall/fwaas_plugin_v2.py +++ b/neutron_fwaas/services/firewall/fwaas_plugin_v2.py @@ -12,24 +12,22 @@ # License for the specific language governing permissions and limitations # under the License. +from neutron.common import rpc as n_rpc +from neutron.db import servicetype_db as st_db +from neutron.services import provider_configuration as provider_conf +from neutron_lib.api.definitions import firewall_v2 +from neutron_lib import constants as nl_constants from neutron_lib import context as neutron_context from neutron_lib.exceptions import firewall_v2 as f_exc -from neutron_lib.plugins import directory - -from neutron.common import rpc as n_rpc -from neutron_lib import constants as nl_constants from neutron_lib.plugins import constants as plugin_const +from neutron_lib.plugins import directory from oslo_config import cfg from oslo_log import log as logging import oslo_messaging -from neutron.db import servicetype_db as st_db -from neutron.services import provider_configuration as provider_conf - from neutron_fwaas._i18n import _LI from neutron_fwaas.common import fwaas_constants from neutron_fwaas.db.firewall.v2 import firewall_db_v2 -from neutron_fwaas.extensions import firewall_v2 as fw_ext LOG = logging.getLogger(__name__) @@ -155,7 +153,7 @@ class FirewallPluginV2( firewall_db_v2.Firewall_db_mixin_v2. """ supported_extension_aliases = ["fwaas_v2"] - path_prefix = fw_ext.FIREWALL_PREFIX + path_prefix = firewall_v2.API_PREFIX def __init__(self): """Do the initialization for the firewall service plugin here.""" diff --git a/neutron_fwaas/tests/unit/db/firewall/test_firewall_db.py b/neutron_fwaas/tests/unit/db/firewall/test_firewall_db.py index 94f701d20..45c7871ec 100644 --- a/neutron_fwaas/tests/unit/db/firewall/test_firewall_db.py +++ b/neutron_fwaas/tests/unit/db/firewall/test_firewall_db.py @@ -18,6 +18,12 @@ import contextlib import mock from neutron.api import extensions as api_ext from neutron.common import config +from neutron_lib.api.definitions import firewall +from neutron_lib import constants as nl_constants +from neutron_lib import context +from neutron_lib.exceptions import firewall_v1 as f_exc +from neutron_lib.exceptions import l3 +from neutron_lib.plugins import directory from oslo_config import cfg from oslo_utils import importutils from oslo_utils import uuidutils @@ -26,14 +32,9 @@ import webob.exc from neutron_fwaas.db.firewall import firewall_db as fdb from neutron_fwaas import extensions -from neutron_fwaas.extensions import firewall from neutron_fwaas.services.firewall import fwaas_plugin from neutron_fwaas.tests import base -from neutron_lib import constants as nl_constants -from neutron_lib import context -from neutron_lib.exceptions import firewall_v1 as f_exc -from neutron_lib.exceptions import l3 -from neutron_lib.plugins import directory + DB_FW_PLUGIN_KLASS = ( "neutron_fwaas.db.firewall.firewall_db.Firewall_db_mixin" @@ -74,7 +75,7 @@ class FakeAgentApi(fwaas_plugin.FirewallCallbacks): class FirewallPluginDbTestCase(base.NeutronDbPluginV2TestCase): resource_prefix_map = dict( - (k, firewall.FIREWALL_PREFIX) + (k, firewall.API_PREFIX) for k in firewall.RESOURCE_ATTRIBUTE_MAP.keys() ) @@ -87,7 +88,7 @@ class FirewallPluginDbTestCase(base.NeutronDbPluginV2TestCase): service_plugins = {'fw_plugin_name': fw_plugin} fdb.Firewall_db_mixin.supported_extension_aliases = ["fwaas"] - fdb.Firewall_db_mixin.path_prefix = firewall.FIREWALL_PREFIX + fdb.Firewall_db_mixin.path_prefix = firewall.API_PREFIX super(FirewallPluginDbTestCase, self).setUp( ext_mgr=ext_mgr, service_plugins=service_plugins diff --git a/neutron_fwaas/tests/unit/db/firewall/v2/test_firewall_db_v2.py b/neutron_fwaas/tests/unit/db/firewall/v2/test_firewall_db_v2.py index 7dac54c21..e4d4ede0d 100644 --- a/neutron_fwaas/tests/unit/db/firewall/v2/test_firewall_db_v2.py +++ b/neutron_fwaas/tests/unit/db/firewall/v2/test_firewall_db_v2.py @@ -18,10 +18,14 @@ import contextlib import mock from neutron.api import extensions as api_ext from neutron.common import config +from neutron_lib.api.definitions import firewall_v2 +from neutron_lib import constants as nl_constants +from neutron_lib import context +from neutron_lib.exceptions import firewall_v2 as f_exc +from neutron_lib.plugins import directory from oslo_config import cfg from oslo_utils import importutils from oslo_utils import uuidutils - import six import testtools import webob.exc @@ -29,13 +33,9 @@ import webob.exc from neutron_fwaas._i18n import _ from neutron_fwaas.db.firewall.v2 import firewall_db_v2 as fdb from neutron_fwaas import extensions -from neutron_fwaas.extensions import firewall_v2 as firewall from neutron_fwaas.services.firewall import fwaas_plugin_v2 from neutron_fwaas.tests import base -from neutron_lib import constants as nl_constants -from neutron_lib import context -from neutron_lib.exceptions import firewall_v2 as f_exc -from neutron_lib.plugins import directory + DB_FW_PLUGIN_KLASS = ( "neutron_fwaas.db.firewall.v2.firewall_db_v2.Firewall_db_mixin_v2" @@ -76,8 +76,8 @@ class FakeAgentApi(fwaas_plugin_v2.FirewallCallbacks): class FirewallPluginV2DbTestCase(base.NeutronDbPluginV2TestCase): resource_prefix_map = dict( - (k, firewall.FIREWALL_PREFIX) - for k in firewall.RESOURCE_ATTRIBUTE_MAP.keys() + (k, firewall_v2.API_PREFIX) + for k in firewall_v2.RESOURCE_ATTRIBUTE_MAP.keys() ) def setUp(self, core_plugin=None, fw_plugin=None, ext_mgr=None): @@ -90,7 +90,7 @@ class FirewallPluginV2DbTestCase(base.NeutronDbPluginV2TestCase): service_plugins = {'fw_plugin_name': fw_plugin} fdb.Firewall_db_mixin_v2.supported_extension_aliases = ["fwaas_v2"] - fdb.Firewall_db_mixin_v2.path_prefix = firewall.FIREWALL_PREFIX + fdb.Firewall_db_mixin_v2.path_prefix = firewall_v2.API_PREFIX super(FirewallPluginV2DbTestCase, self).setUp( ext_mgr=ext_mgr, service_plugins=service_plugins diff --git a/neutron_fwaas/tests/unit/extensions/__init__.py b/neutron_fwaas/tests/unit/extensions/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/neutron_fwaas/tests/unit/extensions/test_firewall_v2.py b/neutron_fwaas/tests/unit/extensions/test_firewall_v2.py deleted file mode 100644 index f2ccfd621..000000000 --- a/neutron_fwaas/tests/unit/extensions/test_firewall_v2.py +++ /dev/null @@ -1,419 +0,0 @@ -# Copyright 2013 Big Switch Networks, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import copy - -import mock -from neutron.tests.unit.api.v2 import test_base as test_api_v2 -from neutron.tests.unit.extensions import base as test_api_v2_extension -from neutron_lib.db import constants as db_const -from oslo_utils import uuidutils -from webob import exc -import webtest - -from neutron_fwaas.extensions import firewall_v2 - -_uuid = uuidutils.generate_uuid -_get_path = test_api_v2._get_path -_long_name = 'x' * (db_const.NAME_FIELD_SIZE + 1) -_long_description = 'y' * (db_const.DESCRIPTION_FIELD_SIZE + 1) -_long_tenant = 'z' * (db_const.PROJECT_ID_FIELD_SIZE + 1) - -FIREWALL_CONST = 'FIREWALL_V2' - - -class FirewallExtensionTestCase(test_api_v2_extension.ExtensionTestCase): - fmt = 'json' - - def setUp(self): - super(FirewallExtensionTestCase, self).setUp() - plural_mappings = {'firewall_policy': 'firewall_policies'} - self._setUpExtension( - 'neutron_fwaas.extensions.firewall_v2.Firewallv2PluginBase', - FIREWALL_CONST, firewall_v2.RESOURCE_ATTRIBUTE_MAP, - firewall_v2.Firewall_v2, 'fwaas', plural_mappings=plural_mappings) - - def _test_create_firewall_rule(self, src_port, dst_port): - rule_id = _uuid() - project_id = _uuid() - data = {'firewall_rule': {'description': 'descr_firewall_rule1', - 'name': 'rule1', - 'protocol': 'tcp', - 'ip_version': 4, - 'source_ip_address': '192.168.0.1', - 'destination_ip_address': '127.0.0.1', - 'source_port': src_port, - 'destination_port': dst_port, - 'action': 'allow', - 'enabled': True, - 'tenant_id': project_id, - 'shared': False}} - expected_ret_val = copy.copy(data['firewall_rule']) - expected_ret_val['source_port'] = str(src_port) - expected_ret_val['destination_port'] = str(dst_port) - expected_ret_val['id'] = rule_id - instance = self.plugin.return_value - instance.create_firewall_rule.return_value = expected_ret_val - res = self.api.post(_get_path('fwaas/firewall_rules', fmt=self.fmt), - self.serialize(data), - content_type='application/%s' % self.fmt) - data['firewall_rule'].update({'project_id': project_id}) - self.assertEqual(exc.HTTPCreated.code, res.status_int) - res = self.deserialize(res) - self.assertIn('firewall_rule', res) - self.assertEqual(expected_ret_val, res['firewall_rule']) - - def test_create_firewall_rule_with_integer_ports(self): - self._test_create_firewall_rule(1, 10) - - def test_create_firewall_rule_with_string_ports(self): - self._test_create_firewall_rule('1', '10') - - def test_create_firewall_rule_with_port_range(self): - self._test_create_firewall_rule('1:20', '30:40') - - def test_create_firewall_rule_invalid_long_name(self): - data = {'firewall_rule': {'description': 'descr_firewall_rule1', - 'name': _long_name, - 'protocol': 'tcp', - 'ip_version': 4, - 'source_ip_address': '192.168.0.1', - 'destination_ip_address': '127.0.0.1', - 'source_port': 1, - 'destination_port': 1, - 'action': 'allow', - 'enabled': True, - 'tenant_id': _uuid(), - 'shared': False}} - res = self.api.post(_get_path('fwaas/firewall_rules', fmt=self.fmt), - self.serialize(data), - content_type='application/%s' % self.fmt, - status=exc.HTTPBadRequest.code) - self.assertIn('Invalid input for name', res.body.decode('utf-8')) - - def test_create_firewall_rule_invalid_long_description(self): - data = {'firewall_rule': {'description': _long_description, - 'name': 'rule1', - 'protocol': 'tcp', - 'ip_version': 4, - 'source_ip_address': '192.168.0.1', - 'destination_ip_address': '127.0.0.1', - 'source_port': 1, - 'destination_port': 1, - 'action': 'allow', - 'enabled': True, - 'tenant_id': _uuid(), - 'shared': False}} - res = self.api.post(_get_path('fwaas/firewall_rules', fmt=self.fmt), - self.serialize(data), - content_type='application/%s' % self.fmt, - status=exc.HTTPBadRequest.code) - self.assertIn('Invalid input for description', - res.body.decode('utf-8')) - - def test_create_firewall_rule_invalid_long_tenant_id(self): - data = {'firewall_rule': {'description': 'desc', - 'name': 'rule1', - 'protocol': 'tcp', - 'ip_version': 4, - 'source_ip_address': '192.168.0.1', - 'destination_ip_address': '127.0.0.1', - 'source_port': 1, - 'destination_port': 1, - 'action': 'allow', - 'enabled': True, - 'tenant_id': _long_tenant, - 'shared': False}} - res = self.api.post(_get_path('fwaas/firewall_rules', fmt=self.fmt), - self.serialize(data), - content_type='application/%s' % self.fmt, - status=exc.HTTPBadRequest.code) - self.assertIn('Invalid input for ', res.body.decode('utf-8')) - - def test_firewall_rule_list(self): - rule_id = _uuid() - return_value = [{'tenant_id': _uuid(), - 'id': rule_id}] - - instance = self.plugin.return_value - instance.get_firewall_rules.return_value = return_value - - res = self.api.get(_get_path('fwaas/firewall_rules', fmt=self.fmt)) - - instance.get_firewall_rules.assert_called_with(mock.ANY, - fields=mock.ANY, - filters=mock.ANY) - self.assertEqual(exc.HTTPOk.code, res.status_int) - - def test_firewall_rule_get(self): - rule_id = _uuid() - return_value = {'tenant_id': _uuid(), - 'id': rule_id} - - instance = self.plugin.return_value - instance.get_firewall_rule.return_value = return_value - - res = self.api.get(_get_path('fwaas/firewall_rules', - id=rule_id, fmt=self.fmt)) - - instance.get_firewall_rule.assert_called_with(mock.ANY, - rule_id, - fields=mock.ANY) - self.assertEqual(exc.HTTPOk.code, res.status_int) - res = self.deserialize(res) - self.assertIn('firewall_rule', res) - self.assertEqual(return_value, res['firewall_rule']) - - def test_firewall_rule_update(self): - rule_id = _uuid() - update_data = {'firewall_rule': {'action': 'deny'}} - return_value = {'tenant_id': _uuid(), - 'id': rule_id} - - instance = self.plugin.return_value - instance.update_firewall_rule.return_value = return_value - - res = self.api.put(_get_path('fwaas/firewall_rules', id=rule_id, - fmt=self.fmt), - self.serialize(update_data)) - - instance.update_firewall_rule.assert_called_with( - mock.ANY, - rule_id, - firewall_rule=update_data) - self.assertEqual(exc.HTTPOk.code, res.status_int) - res = self.deserialize(res) - self.assertIn('firewall_rule', res) - self.assertEqual(return_value, res['firewall_rule']) - - def test_firewall_rule_delete(self): - self._test_entity_delete('firewall_rule') - - def test_create_firewall_policy(self): - policy_id = _uuid() - project_id = _uuid() - data = {'firewall_policy': {'description': 'descr_firewall_policy1', - 'name': 'new_fw_policy1', - 'firewall_rules': [_uuid(), _uuid()], - 'audited': False, - 'tenant_id': project_id, - 'shared': False}} - return_value = copy.copy(data['firewall_policy']) - return_value.update({'id': policy_id}) - - instance = self.plugin.return_value - instance.create_firewall_policy.return_value = return_value - res = self.api.post(_get_path('fwaas/firewall_policies', - fmt=self.fmt), - self.serialize(data), - content_type='application/%s' % self.fmt) - data['firewall_policy'].update({'project_id': project_id}) - self.assertEqual(exc.HTTPCreated.code, res.status_int) - res = self.deserialize(res) - self.assertIn('firewall_policy', res) - self.assertEqual(return_value, res['firewall_policy']) - - def test_create_firewall_policy_invalid_long_name(self): - data = {'firewall_policy': {'description': 'descr_firewall_policy1', - 'name': _long_name, - 'firewall_rules': [_uuid(), _uuid()], - 'audited': False, - 'tenant_id': _uuid(), - 'shared': False}} - res = self.api.post(_get_path('fwaas/firewall_policies', - fmt=self.fmt), - self.serialize(data), - content_type='application/%s' % self.fmt, - status=exc.HTTPBadRequest.code) - self.assertIn('Invalid input for name', res.body.decode('utf-8')) - - def test_create_firewall_policy_invalid_long_description(self): - data = {'firewall_policy': {'description': _long_description, - 'name': 'new_fw_policy1', - 'firewall_rules': [_uuid(), _uuid()], - 'audited': False, - 'tenant_id': _uuid(), - 'shared': False}} - res = self.api.post(_get_path('fwaas/firewall_policies', - fmt=self.fmt), - self.serialize(data), - content_type='application/%s' % self.fmt, - status=exc.HTTPBadRequest.code) - self.assertIn('Invalid input for description', - res.body.decode('utf-8')) - - def test_create_firewall_policy_invalid_long_tenant_id(self): - data = {'firewall_policy': {'description': 'desc', - 'name': 'new_fw_policy1', - 'firewall_rules': [_uuid(), _uuid()], - 'audited': False, - 'tenant_id': _long_tenant, - 'shared': False}} - res = self.api.post(_get_path('fwaas/firewall_policies', - fmt=self.fmt), - self.serialize(data), - content_type='application/%s' % self.fmt, - status=exc.HTTPBadRequest.code) - self.assertIn('Invalid input for ', res.body.decode('utf-8')) - - def test_firewall_policy_list(self): - policy_id = _uuid() - return_value = [{'tenant_id': _uuid(), - 'id': policy_id}] - - instance = self.plugin.return_value - instance.get_firewall_policies.return_value = return_value - - res = self.api.get(_get_path('fwaas/firewall_policies', - fmt=self.fmt)) - - instance.get_firewall_policies.assert_called_with(mock.ANY, - fields=mock.ANY, - filters=mock.ANY) - self.assertEqual(exc.HTTPOk.code, res.status_int) - - def test_firewall_policy_get(self): - policy_id = _uuid() - return_value = {'tenant_id': _uuid(), - 'id': policy_id} - - instance = self.plugin.return_value - instance.get_firewall_policy.return_value = return_value - - res = self.api.get(_get_path('fwaas/firewall_policies', - id=policy_id, fmt=self.fmt)) - - instance.get_firewall_policy.assert_called_with(mock.ANY, - policy_id, - fields=mock.ANY) - self.assertEqual(exc.HTTPOk.code, res.status_int) - res = self.deserialize(res) - self.assertIn('firewall_policy', res) - self.assertEqual(return_value, res['firewall_policy']) - - def test_firewall_policy_update(self): - policy_id = _uuid() - update_data = {'firewall_policy': {'audited': True}} - return_value = {'tenant_id': _uuid(), - 'id': policy_id} - - instance = self.plugin.return_value - instance.update_firewall_policy.return_value = return_value - - res = self.api.put(_get_path('fwaas/firewall_policies', - id=policy_id, - fmt=self.fmt), - self.serialize(update_data)) - - instance.update_firewall_policy.assert_called_with( - mock.ANY, - policy_id, - firewall_policy=update_data) - self.assertEqual(exc.HTTPOk.code, res.status_int) - res = self.deserialize(res) - self.assertIn('firewall_policy', res) - self.assertEqual(return_value, res['firewall_policy']) - - def test_firewall_policy_update_malformed_rules(self): - # emulating client request when no rule uuids are provided for - # --firewall_rules parameter - update_data = {'firewall_policy': {'firewall_rules': True}} - # have to check for generic AppError - self.assertRaises( - webtest.AppError, - self.api.put, - _get_path('fwaas/firewall_policies', id=_uuid(), fmt=self.fmt), - self.serialize(update_data)) - - def test_firewall_policy_delete(self): - self._test_entity_delete('firewall_policy') - - def test_firewall_policy_insert_rule(self): - firewall_policy_id = _uuid() - firewall_rule_id = _uuid() - ref_firewall_rule_id = _uuid() - - insert_data = {'firewall_rule_id': firewall_rule_id, - 'insert_before': ref_firewall_rule_id, - 'insert_after': None} - return_value = {'firewall_policy': - {'tenant_id': _uuid(), - 'id': firewall_policy_id, - 'firewall_rules': [ref_firewall_rule_id, - firewall_rule_id]}} - - instance = self.plugin.return_value - instance.insert_rule.return_value = return_value - - path = _get_path('fwaas/firewall_policies', id=firewall_policy_id, - action="insert_rule", - fmt=self.fmt) - res = self.api.put(path, self.serialize(insert_data)) - instance.insert_rule.assert_called_with(mock.ANY, firewall_policy_id, - insert_data) - self.assertEqual(exc.HTTPOk.code, res.status_int) - res = self.deserialize(res) - self.assertEqual(return_value, res) - - def test_firewall_policy_remove_rule(self): - firewall_policy_id = _uuid() - firewall_rule_id = _uuid() - - remove_data = {'firewall_rule_id': firewall_rule_id} - return_value = {'firewall_policy': - {'tenant_id': _uuid(), - 'id': firewall_policy_id, - 'firewall_rules': []}} - - instance = self.plugin.return_value - instance.remove_rule.return_value = return_value - - path = _get_path('fwaas/firewall_policies', id=firewall_policy_id, - action="remove_rule", - fmt=self.fmt) - res = self.api.put(path, self.serialize(remove_data)) - instance.remove_rule.assert_called_with(mock.ANY, firewall_policy_id, - remove_data) - self.assertEqual(exc.HTTPOk.code, res.status_int) - res = self.deserialize(res) - self.assertEqual(return_value, res) - - def test_create_firewall_group_invalid_long_attributes(self): - long_targets = [{'name': _long_name}, - {'description': _long_description}, - {'tenant_id': _long_tenant}] - - for target in long_targets: - data = {'firewall_group': {'description': 'fake_description', - 'name': 'fake_name', - 'tenant_id': 'fake-tenant_id', - 'ingress_firewall_policy_id': None, - 'egress_firewall_policy_id': None, - 'admin_state_up': True, - 'ports': [], - 'shared': False}} - data['firewall_group'].update(target) - res = self.api.post(_get_path('fwaas/firewall_groups', - fmt=self.fmt), - self.serialize(data), - content_type='application/%s' % self.fmt, - status=exc.HTTPBadRequest.code) - #TODO(njohnston): Remove this when neutron starts returning - # project_id in a dependable fashion, as opposed to tenant_id. - target_attr_name = list(target)[0] - if target_attr_name == 'tenant_id': - target_attr_name = '' - self.assertIn('Invalid input for %s' % target_attr_name, - res.body.decode('utf-8')) diff --git a/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin.py b/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin.py index 426513eec..08f5ec5b2 100644 --- a/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin.py +++ b/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin.py @@ -23,6 +23,8 @@ from neutron.tests import fake_notifier from neutron.tests.unit.extensions import test_agent from neutron.tests.unit.extensions import test_l3 as test_l3_plugin from neutron_lib.api import attributes as attr +from neutron_lib.api.definitions import firewall as fwaas_def +from neutron_lib.api.definitions import firewallrouterinsertion from neutron_lib import constants as nl_constants from neutron_lib import context from neutron_lib.exceptions import firewall_v1 as f_exc @@ -36,7 +38,6 @@ from webob import exc from neutron_fwaas.db.firewall import firewall_db as fdb import neutron_fwaas.extensions from neutron_fwaas.extensions import firewall -from neutron_fwaas.extensions import firewallrouterinsertion from neutron_fwaas.services.firewall import fwaas_plugin from neutron_fwaas.tests import base from neutron_fwaas.tests.unit.db.firewall import ( @@ -53,8 +54,8 @@ class FirewallTestExtensionManager(test_l3_plugin.L3TestExtensionManager): def get_resources(self): res = super(FirewallTestExtensionManager, self).get_resources() - firewall.RESOURCE_ATTRIBUTE_MAP['firewalls'].update( - firewallrouterinsertion.EXTENDED_ATTRIBUTES_2_0['firewalls']) + fwaas_def.RESOURCE_ATTRIBUTE_MAP['firewalls'].update( + firewallrouterinsertion.RESOURCE_ATTRIBUTE_MAP['firewalls']) return res + firewall.Firewall.get_resources() def get_actions(self): @@ -82,7 +83,6 @@ class TestFirewallRouterInsertionBase( self.saved_attr_map = {} for resource, attrs in six.iteritems(attr.RESOURCES): self.saved_attr_map[resource] = attrs.copy() - self.addCleanup(self.restore_attribute_map) if not fw_plugin: fw_plugin = FW_PLUGIN_KLASS service_plugins = {'l3_plugin_name': l3_plugin, @@ -93,6 +93,7 @@ class TestFirewallRouterInsertionBase( super(test_db_firewall.FirewallPluginDbTestCase, self).setUp( plugin=plugin, service_plugins=service_plugins, ext_mgr=ext_mgr) + self.addCleanup(self.restore_attribute_map) self.setup_notification_driver() self.l3_plugin = directory.get_plugin(plugin_constants.L3) @@ -101,7 +102,7 @@ class TestFirewallRouterInsertionBase( def restore_attribute_map(self): # Remove the fwaasrouterinsertion extension - firewall.RESOURCE_ATTRIBUTE_MAP['firewalls'].pop('router_ids') + fwaas_def.RESOURCE_ATTRIBUTE_MAP['firewalls'].pop('router_ids') # Restore the original RESOURCE_ATTRIBUTE_MAP attr.RESOURCES = self.saved_attr_map @@ -737,7 +738,7 @@ class TestFirewallRouterPluginBase(test_db_firewall.FirewallPluginDbTestCase, fdb.Firewall_db_mixin.\ supported_extension_aliases = ["fwaas", "fwaasrouterinsertion"] - fdb.Firewall_db_mixin.path_prefix = firewall.FIREWALL_PREFIX + fdb.Firewall_db_mixin.path_prefix = fwaas_def.API_PREFIX super(test_db_firewall.FirewallPluginDbTestCase, self).setUp( ext_mgr=ext_mgr,