Introduce firewall l2 driver base

This patch introduces firewall l2 driver base class and also
implements noop driver.

Some unit tests added to make sure all methods are there and
a driver class can be loaded.

Change-Id: Ifd6758617ab8fd49e69ad1a0483fefa479d7b8e7
Co-Authored-By: Yushiro FURUKAWA <y.furukawa_2@jp.fujitsu.com>
Co-Authored-By: Inessa Vasilevskaya <ivasilevskaya@mirantis.com>

neutron_fwaas/services/firewall/drivers/linux/l2/driver_base.py

@@ -0,0 +1,63 @@
+# Copyright (C) 2017 Fujitsu Limited
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import abc
+import contextlib
+
+import six
+
+
+@six.add_metaclass(abc.ABCMeta)
+class FirewallL2DriverBase(object):
+    """Abstract firewall L2 driver base"""
+
+    def __init__(self, integration_bridge):
+        pass
+
+    def filter_defer_apply_on(self):
+        """Defer application of filtering rule."""
+        pass
+
+    def filter_defer_apply_off(self):
+        """Turn off deferral of rules and apply the rules now."""
+        pass
+
+    @property
+    def ports(self):
+        """Returns filtered ports."""
+        pass
+
+    @contextlib.contextmanager
+    def defer_apply(self):
+        """Defer apply context."""
+        self.filter_defer_apply_on()
+        try:
+            yield
+        finally:
+            self.filter_defer_apply_off()
+
+    def create_firewall_group(self, ports, firewall_group):
+        """Called when a firewall group is created.
+        """
+        raise NotImplementedError()
+
+    def update_firewall_group(self, ports, firewall_group):
+        """Called when a firewall group is updated.
+        """
+        raise NotImplementedError()
+
+    def delete_firewall_group(self, ports, firewall_group):
+        """Called when a firewall group is deleted.
+        """
+        raise NotImplementedError()

neutron_fwaas/services/firewall/drivers/linux/l2/noop/noop_driver.py

@@ -0,0 +1,32 @@
+# Copyright (C) 2017 Fujitsu Limited
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_log import helpers as log_helpers
+
+from neutron_fwaas.services.firewall.drivers.linux.l2 import driver_base
+
+
+class NoopFirewallL2Driver(driver_base.FirewallL2DriverBase):
+
+    @log_helpers.log_method_call
+    def create_firewall_group(self, ports, firewall_group):
+        pass
+
+    @log_helpers.log_method_call
+    def update_firewall_group(self, ports, firewall_group):
+        pass
+
+    @log_helpers.log_method_call
+    def delete_firewall_group(self, ports, firewall_group):
+        pass

neutron_fwaas/tests/unit/services/firewall/drivers/linux/l2/noop/test_noop_driver.py

@@ -0,0 +1,43 @@
+# Copyright 2017 Mirantis Inc.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import mock
+
+from neutron import manager
+from neutron_fwaas.services.firewall.drivers.linux.l2.noop import noop_driver
+from neutron_fwaas.tests import base
+
+
+class TestNoopDriver(base.BaseTestCase):
+    def setUp(self):
+        super(TestNoopDriver, self).setUp()
+        mock_br = mock.Mock()
+        self.firewall = noop_driver.NoopFirewallL2Driver(mock_br)
+
+    def test_basic_methods(self):
+        # just make sure it doesn't crash
+        fwg_mock = mock.Mock()
+        self.firewall.create_firewall_group(ports=[], firewall_group=fwg_mock)
+        self.firewall.update_firewall_group(ports=[], firewall_group=fwg_mock)
+        self.firewall.delete_firewall_group(ports=[], firewall_group=fwg_mock)
+        self.firewall.filter_defer_apply_on()
+        self.firewall.filter_defer_apply_off()
+        self.firewall.defer_apply()
+        self.firewall.ports
+
+    def test_load_firewall_class(self):
+        res = manager.NeutronManager.load_class_for_provider(
+            'neutron.agent.l2.firewall_drivers', 'noop')
+        self.assertEqual(res, noop_driver.NoopFirewallL2Driver)

setup.cfg

@@ -49,6 +49,8 @@ tempest.test_plugins =
 oslo.config.opts =
     neutron.fwaas = neutron_fwaas.opts:list_opts
     firewall.agent = neutron_fwaas.opts:list_agent_opts
+neutron.agent.l2.firewall_drivers =
+    noop = neutron_fwaas.services.firewall.drivers.linux.l2.noop.noop_driver:NoopFirewallL2Driver
 neutron.agent.l3.extensions =
     fwaas = neutron_fwaas.services.firewall.agents.l3reference.firewall_l3_agent:L3WithFWaaS
     fwaas_v2 = neutron_fwaas.services.firewall.agents.l3reference.firewall_l3_agent_v2:L3WithFWaaS