From 1f302508d0d7b9957d37de0f49168b2f410dba79 Mon Sep 17 00:00:00 2001 From: Boden R Date: Tue, 26 Mar 2019 11:40:52 -0600 Subject: [PATCH] use common constants from neutron-lib Almost all of neutron.common.constants now lives in neutron-lib. This patch switches over to use lib rather than neutron for them as eventually we'll be removing neutron.common.constants. Change-Id: I9d7c7fb3813e9bbd24d2067fac15f39ec683de0b --- .../l2/openvswitch_firewall/constants.py | 5 +-- .../linux/l2/openvswitch_firewall/firewall.py | 37 +++++++++---------- .../logapi/agents/drivers/iptables/log.py | 3 +- .../agents/drivers/iptables/test_log.py | 4 +- .../l2/openvswitch_firewall/test_firewall.py | 9 ++--- .../l2/openvswitch_firewall/test_rules.py | 13 +++---- 6 files changed, 33 insertions(+), 38 deletions(-) diff --git a/neutron_fwaas/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/constants.py b/neutron_fwaas/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/constants.py index 4d148e0c7..b901d1086 100644 --- a/neutron_fwaas/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/constants.py +++ b/neutron_fwaas/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/constants.py @@ -15,7 +15,6 @@ from neutron_lib import constants -from neutron.common import constants as n_const OF_STATE_NOT_TRACKED = "-trk" OF_STATE_TRACKED = "+trk" @@ -59,6 +58,6 @@ REVERSE_IP_PROTOCOL_MAP_WITH_PORTS = { PROTOCOLS_WITH_PORTS} ethertype_to_dl_type_map = { - constants.IPv4: n_const.ETHERTYPE_IP, - constants.IPv6: n_const.ETHERTYPE_IPV6, + constants.IPv4: constants.ETHERTYPE_IP, + constants.IPv6: constants.ETHERTYPE_IPV6, } diff --git a/neutron_fwaas/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/firewall.py b/neutron_fwaas/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/firewall.py index a593bd9d4..a317f9e4a 100644 --- a/neutron_fwaas/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/firewall.py +++ b/neutron_fwaas/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/firewall.py @@ -20,7 +20,6 @@ from oslo_log import log as logging from oslo_utils import netutils from neutron.agent import firewall -from neutron.common import constants from neutron.plugins.ml2.drivers.openvswitch.agent.common import constants \ as ovs_consts @@ -541,7 +540,7 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase): priority=95, in_port=port.ofport, reg_port=port.ofport, - dl_type=constants.ETHERTYPE_IPV6, + dl_type=lib_const.ETHERTYPE_IPV6, nw_proto=lib_const.PROTO_NUM_IPV6_ICMP, icmp_type=icmp_type, actions='normal') @@ -617,7 +616,7 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase): in_port=port.ofport, reg_port=port.ofport, dl_src=mac_addr, - dl_type=constants.ETHERTYPE_ARP, + dl_type=lib_const.ETHERTYPE_ARP, arp_spa=ip_addr, actions='normal' ) @@ -626,7 +625,7 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase): priority=65, reg_port=port.ofport, ct_state=fwaas_ovs_consts.OF_STATE_NOT_TRACKED, - dl_type=constants.ETHERTYPE_IP, + dl_type=lib_const.ETHERTYPE_IP, in_port=port.ofport, dl_src=mac_addr, nw_src=ip_addr, @@ -645,7 +644,7 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase): reg_port=port.ofport, in_port=port.ofport, ct_state=fwaas_ovs_consts.OF_STATE_NOT_TRACKED, - dl_type=constants.ETHERTYPE_IPV6, + dl_type=lib_const.ETHERTYPE_IPV6, dl_src=mac_addr, ipv6_src=ip_addr, actions='ct(table={:d},zone=NXM_NX_REG{:d}[0..15])'.format( @@ -658,8 +657,8 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase): if self.sg_with_ovs: accept_or_ingress = ovs_consts.ACCEPT_OR_INGRESS_TABLE for dl_type, src_port, dst_port in ( - (constants.ETHERTYPE_IP, 68, 67), - (constants.ETHERTYPE_IPV6, 546, 547)): + (lib_const.ETHERTYPE_IP, 68, 67), + (lib_const.ETHERTYPE_IPV6, 546, 547)): self._add_flow( table=fwaas_ovs_consts.FW_BASE_EGRESS_TABLE, priority=80, @@ -673,8 +672,8 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase): ) # Ban dhcp service running on an instance for dl_type, src_port, dst_port in ( - (constants.ETHERTYPE_IP, 67, 68), - (constants.ETHERTYPE_IPV6, 547, 546)): + (lib_const.ETHERTYPE_IP, 67, 68), + (lib_const.ETHERTYPE_IPV6, 547, 546)): self._add_flow( table=fwaas_ovs_consts.FW_BASE_EGRESS_TABLE, priority=70, @@ -693,7 +692,7 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase): priority=70, in_port=port.ofport, reg_port=port.ofport, - dl_type=constants.ETHERTYPE_IPV6, + dl_type=lib_const.ETHERTYPE_IPV6, nw_proto=lib_const.PROTO_NUM_IPV6_ICMP, icmp_type=lib_const.ICMPV6_TYPE_RA, actions='resubmit(,%d)' % ovs_consts.DROPPED_TRAFFIC_TABLE @@ -725,8 +724,8 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase): fwaas_ovs_consts.REG_PORT, fwaas_ovs_consts.FW_BASE_INGRESS_TABLE), ) - for ethertype in [constants.ETHERTYPE_IP, - constants.ETHERTYPE_IPV6]: + for ethertype in [lib_const.ETHERTYPE_IP, + lib_const.ETHERTYPE_IPV6]: self._add_flow( table=fwaas_ovs_consts.FW_ACCEPT_OR_INGRESS_TABLE, priority=90, @@ -784,7 +783,7 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase): ct_state=fwaas_ovs_consts.OF_STATE_NOT_ESTABLISHED, actions='resubmit(,%d)' % ovs_consts.DROPPED_TRAFFIC_TABLE ) - for ethertype in [constants.ETHERTYPE_IP, constants.ETHERTYPE_IPV6]: + for ethertype in [lib_const.ETHERTYPE_IP, lib_const.ETHERTYPE_IPV6]: self._add_flow( table=fwaas_ovs_consts.FW_RULES_EGRESS_TABLE, priority=40, @@ -806,7 +805,7 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase): priority=100, reg_port=port.ofport, dl_dst=port.mac, - dl_type=constants.ETHERTYPE_IPV6, + dl_type=lib_const.ETHERTYPE_IPV6, nw_proto=lib_const.PROTO_NUM_IPV6_ICMP, icmp_type=icmp_type, actions='output:{:d}'.format(port.ofport) @@ -819,7 +818,7 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase): self._add_flow( table=fwaas_ovs_consts.FW_BASE_INGRESS_TABLE, priority=100, - dl_type=constants.ETHERTYPE_ARP, + dl_type=lib_const.ETHERTYPE_ARP, reg_port=port.ofport, actions='output:{:d}'.format(port.ofport) ) @@ -827,8 +826,8 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase): # DHCP offers for dl_type, src_port, dst_port in ( - (constants.ETHERTYPE_IP, 67, 68), - (constants.ETHERTYPE_IPV6, 547, 546)): + (lib_const.ETHERTYPE_IP, 67, 68), + (lib_const.ETHERTYPE_IPV6, 547, 546)): self._add_flow( table=fwaas_ovs_consts.FW_BASE_INGRESS_TABLE, priority=95, @@ -841,7 +840,7 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase): ) # Track untracked - for dl_type in (constants.ETHERTYPE_IP, constants.ETHERTYPE_IPV6): + for dl_type in (lib_const.ETHERTYPE_IP, lib_const.ETHERTYPE_IPV6): self._add_flow( table=fwaas_ovs_consts.FW_BASE_INGRESS_TABLE, priority=90, @@ -899,7 +898,7 @@ class OVSFirewallDriver(driver_base.FirewallL2DriverBase): ct_state=fwaas_ovs_consts.OF_STATE_NOT_ESTABLISHED, actions='resubmit(,%d)' % ovs_consts.DROPPED_TRAFFIC_TABLE ) - for ethertype in [constants.ETHERTYPE_IP, constants.ETHERTYPE_IPV6]: + for ethertype in [lib_const.ETHERTYPE_IP, lib_const.ETHERTYPE_IPV6]: self._add_flow( table=fwaas_ovs_consts.FW_RULES_INGRESS_TABLE, priority=40, diff --git a/neutron_fwaas/services/logapi/agents/drivers/iptables/log.py b/neutron_fwaas/services/logapi/agents/drivers/iptables/log.py index c1a44e60c..44e8d7bf9 100644 --- a/neutron_fwaas/services/logapi/agents/drivers/iptables/log.py +++ b/neutron_fwaas/services/logapi/agents/drivers/iptables/log.py @@ -18,7 +18,6 @@ import signal import uuid from neutron.agent.linux import utils -from neutron.common import constants as n_const from neutron.services.logapi.agent import log_extension as log_ext from neutron.services.logapi.common import constants as log_const from neutron_lib import constants @@ -370,7 +369,7 @@ class IptablesLoggingDriver(log_ext.LoggingDriver): agent_mode = self.conf.agent_mode router = self.agent_api.get_router_hosting_port(port_id) if_prefix = self._get_if_prefix(agent_mode, router) - return (if_prefix + port_id)[:n_const.LINUX_DEV_LEN] + return (if_prefix + port_id)[:constants.LINUX_DEV_LEN] def _get_ipt_mgr_by_port(self, port_id): diff --git a/neutron_fwaas/tests/functional/services/logapi/agents/drivers/iptables/test_log.py b/neutron_fwaas/tests/functional/services/logapi/agents/drivers/iptables/test_log.py index c46fb4778..91237980e 100644 --- a/neutron_fwaas/tests/functional/services/logapi/agents/drivers/iptables/test_log.py +++ b/neutron_fwaas/tests/functional/services/logapi/agents/drivers/iptables/test_log.py @@ -18,9 +18,9 @@ import time import mock from neutron.agent.l3 import l3_agent_extension_api as l3_ext_api from neutron.agent.linux import utils as linux_utils -from neutron.common import constants as n_const from neutron.services.logapi.common import constants as log_const from neutron.tests.functional.agent.l3 import framework +from neutron_lib import constants from neutron_lib import context as neutron_context from oslo_config import cfg from oslo_log import log as logging @@ -167,7 +167,7 @@ class FWLoggingTestBase(framework.L3AgentTestFramework): ports_log = log_info['ports_log'] for port_id in ports_log: - device = (if_prefix + port_id)[:n_const.LINUX_DEV_LEN] + device = (if_prefix + port_id)[:constants.LINUX_DEV_LEN] if event in [ACCEPT, ALL]: # Generate iptables rules for ACCEPT action prefix = self._get_log_prefix(port_id, ACCEPT) diff --git a/neutron_fwaas/tests/unit/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/test_firewall.py b/neutron_fwaas/tests/unit/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/test_firewall.py index 86d96b493..156f00e4d 100644 --- a/neutron_fwaas/tests/unit/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/test_firewall.py +++ b/neutron_fwaas/tests/unit/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/test_firewall.py @@ -17,7 +17,6 @@ from neutron_lib import constants import testtools from neutron.agent.common import ovs_lib -from neutron.common import constants as n_const from neutron.plugins.ml2.drivers.openvswitch.agent.common import constants \ as ovs_consts from neutron.plugins.ml2.drivers.openvswitch.agent import \ @@ -443,7 +442,7 @@ class TestOVSFirewallDriver(base.BaseTestCase): 'output:{:d},resubmit(,{:d})'.format( self.port_ofport, ovs_consts.ACCEPTED_INGRESS_TRAFFIC_TABLE), - dl_type="0x{:04x}".format(n_const.ETHERTYPE_IP), + dl_type="0x{:04x}".format(constants.ETHERTYPE_IP), nw_proto=constants.PROTO_NUM_TCP, priority=70, reg5=self.port_ofport, @@ -482,7 +481,7 @@ class TestOVSFirewallDriver(base.BaseTestCase): table=ovs_consts.TRANSIENT_TABLE) filter_rule = mock.call( actions='resubmit(,{:d})'.format(ovs_consts.RULES_INGRESS_TABLE), - dl_type="0x{:04x}".format(n_const.ETHERTYPE_IP), + dl_type="0x{:04x}".format(constants.ETHERTYPE_IP), nw_proto=constants.PROTO_NUM_TCP, priority=70, reg5=self.port_ofport, @@ -528,7 +527,7 @@ class TestOVSFirewallDriver(base.BaseTestCase): mock.call( actions='resubmit(,{:d})'.format( fwaas_ovs_consts.FW_ACCEPT_OR_INGRESS_TABLE), - dl_type="0x{:04x}".format(n_const.ETHERTYPE_IP), + dl_type="0x{:04x}".format(constants.ETHERTYPE_IP), nw_proto=constants.PROTO_NUM_UDP, priority=71, ct_state=fwaas_ovs_consts.OF_STATE_NEW_NOT_ESTABLISHED, @@ -566,7 +565,7 @@ class TestOVSFirewallDriver(base.BaseTestCase): mock.call( actions='resubmit(,{:d})'.format( ovs_consts.RULES_EGRESS_TABLE), - dl_type="0x{:04x}".format(n_const.ETHERTYPE_IP), + dl_type="0x{:04x}".format(constants.ETHERTYPE_IP), nw_proto=constants.PROTO_NUM_UDP, priority=71, ct_state=fwaas_ovs_consts.OF_STATE_NEW_NOT_ESTABLISHED, diff --git a/neutron_fwaas/tests/unit/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/test_rules.py b/neutron_fwaas/tests/unit/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/test_rules.py index 033256b62..a376b394b 100644 --- a/neutron_fwaas/tests/unit/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/test_rules.py +++ b/neutron_fwaas/tests/unit/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/test_rules.py @@ -15,7 +15,6 @@ import mock from neutron_lib import constants -from neutron.common import constants as n_const from neutron.tests import base from neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.l2.\ @@ -79,7 +78,7 @@ class TestCreateFlowsFromRuleAndPort(base.BaseTestCase): } expected_template = { 'priority': 70, - 'dl_type': n_const.ETHERTYPE_IP, + 'dl_type': constants.ETHERTYPE_IP, 'reg_port': self.port.ofport, } self._test_create_flows_from_rule_and_port_helper(rule, @@ -94,7 +93,7 @@ class TestCreateFlowsFromRuleAndPort(base.BaseTestCase): } expected_template = { 'priority': 70, - 'dl_type': n_const.ETHERTYPE_IP, + 'dl_type': constants.ETHERTYPE_IP, 'reg_port': self.port.ofport, 'nw_src': '192.168.0.0/24', 'nw_dst': '10.0.0.1/32', @@ -111,7 +110,7 @@ class TestCreateFlowsFromRuleAndPort(base.BaseTestCase): } expected_template = { 'priority': 70, - 'dl_type': n_const.ETHERTYPE_IP, + 'dl_type': constants.ETHERTYPE_IP, 'reg_port': self.port.ofport, 'nw_src': '192.168.0.0/24', } @@ -125,7 +124,7 @@ class TestCreateFlowsFromRuleAndPort(base.BaseTestCase): } expected_template = { 'priority': 70, - 'dl_type': n_const.ETHERTYPE_IPV6, + 'dl_type': constants.ETHERTYPE_IPV6, 'reg_port': self.port.ofport, } self._test_create_flows_from_rule_and_port_helper(rule, @@ -140,7 +139,7 @@ class TestCreateFlowsFromRuleAndPort(base.BaseTestCase): } expected_template = { 'priority': 70, - 'dl_type': n_const.ETHERTYPE_IPV6, + 'dl_type': constants.ETHERTYPE_IPV6, 'reg_port': self.port.ofport, 'ipv6_src': '2001:db8:bbbb::1/64', 'ipv6_dst': '2001:db8:aaaa::1/64', @@ -157,7 +156,7 @@ class TestCreateFlowsFromRuleAndPort(base.BaseTestCase): } expected_template = { 'priority': 70, - 'dl_type': n_const.ETHERTYPE_IPV6, + 'dl_type': constants.ETHERTYPE_IPV6, 'reg_port': self.port.ofport, 'ipv6_src': '2001:db8:bbbb::1/64', }